IDEAS home Printed from https://ideas.repec.org/a/eee/reensy/v175y2018icp24-37.html
   My bibliography  Save this article

A Monte Carlo-based exploration framework for identifying components vulnerable to cyber threats in nuclear power plants

Author

Listed:
  • Wang, Wei
  • Cammi, Antonio
  • Di Maio, Francesco
  • Lorenzi, Stefano
  • Zio, Enrico

Abstract

With the extensive use of digital Instrumentation and Control (I&C) systems, Nuclear Power Plants (NPPs) are becoming Cyber-Physical Systems (CPSs). Their integrity can, then, be compromised also by security breaches (such as cyber attacks). Multiple failure modes (such as bias, drift and freezing) can occur, both due to random failures or induced by malicious external attacks. In this paper, we illustrate an exploration approach that, based on safety margins estimation, allows identifying the most vulnerable components to malicious external attacks. For demonstration, we apply the approach to the Advanced Lead-cooled Fast Reactor European Demonstrator (ALFRED). Its object-oriented model is embedded within a Monte Carlo (MC)-driven engine that injects different types of cyber attacks at random times and magnitudes. Safety margins are, then, calculated and used for identifying the most vulnerable CPS components. This allows selecting protections to make ALFRED resilient towards maliciously induced failures.

Suggested Citation

  • Wang, Wei & Cammi, Antonio & Di Maio, Francesco & Lorenzi, Stefano & Zio, Enrico, 2018. "A Monte Carlo-based exploration framework for identifying components vulnerable to cyber threats in nuclear power plants," Reliability Engineering and System Safety, Elsevier, vol. 175(C), pages 24-37.
    • Handle: RePEc:eee:reensy:v:175:y:2018:i:c:p:24-37
    DOI: 10.1016/j.ress.2018.03.005
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S0951832017308621
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.ress.2018.03.005?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Yuan, Wei & Zhao, Long & Zeng, Bo, 2014. "Optimal power grid protection through a defender–attacker–defender model," Reliability Engineering and System Safety, Elsevier, vol. 121(C), pages 83-89.
    2. Nai Fovino, Igor & Masera, Marcelo & De Cian, Alessio, 2009. "Integrating cyber attacks within fault trees," Reliability Engineering and System Safety, Elsevier, vol. 94(9), pages 1394-1402.
    3. Huang, Yu-Lun & Cárdenas, Alvaro A. & Amin, Saurabh & Lin, Zong-Syun & Tsai, Hsin-Yi & Sastry, Shankar, 2009. "Understanding the physical and economic consequences of attacks on control systems," International Journal of Critical Infrastructure Protection, Elsevier, vol. 2(3), pages 73-83.
    4. Di Maio, Francesco & Rai, Ajit & Zio, Enrico, 2016. "A dynamic probabilistic safety margin characterization approach in support of Integrated Deterministic and Probabilistic Safety Analysis," Reliability Engineering and System Safety, Elsevier, vol. 145(C), pages 9-18.
    5. Zio, Enrico & Di Maio, Francesco & Tong, Jiejuan, 2010. "Safety margins confidence estimation for a passive residual heat removal system," Reliability Engineering and System Safety, Elsevier, vol. 95(8), pages 828-836.
    6. Zio, Enrico, 2016. "Challenges in the vulnerability and risk analysis of critical infrastructures," Reliability Engineering and System Safety, Elsevier, vol. 152(C), pages 137-150.
    7. Elisabeth Paté‐Cornell, 2002. "Finding and Fixing Systems Weaknesses: Probabilistic Methods and Applications of Engineering Risk Analysis," Risk Analysis, John Wiley & Sons, vol. 22(2), pages 319-334, April.
    8. Kriaa, Siwar & Pietre-Cambacedes, Ludovic & Bouissou, Marc & Halgand, Yoran, 2015. "A survey of approaches combining safety and security for industrial control systems," Reliability Engineering and System Safety, Elsevier, vol. 139(C), pages 156-178.
    9. Turati, Pietro & Pedroni, Nicola & Zio, Enrico, 2017. "Simulation-based exploration of high-dimensional system models for identifying unexpected events," Reliability Engineering and System Safety, Elsevier, vol. 165(C), pages 317-330.
    10. Di Maio, Francesco & Bandini, Alessandro & Zio, Enrico & Alberola, Sofia Carlos & Sanchez-Saez, Francisco & Martorell, Sebastián, 2016. "Bootstrapped-ensemble-based Sensitivity Analysis of a trace thermal-hydraulic model based on a limited number of PWR large break loca simulations," Reliability Engineering and System Safety, Elsevier, vol. 153(C), pages 122-134.
    11. Alan Hutson, 1999. "Calculating nonparametric confidence intervals for quantiles using fractional order statistics," Journal of Applied Statistics, Taylor & Francis Journals, vol. 26(3), pages 343-353.
    12. Wang, Wei & Maio, Francesco Di & Zio, Enrico, 2017. "Three-loop Monte Carlo simulation approach to Multi-State Physics Modeling for system reliability assessment," Reliability Engineering and System Safety, Elsevier, vol. 167(C), pages 276-289.
    13. Fang, Yiping & Sansavini, Giovanni, 2017. "Optimizing power system investments and resilience against attacks," Reliability Engineering and System Safety, Elsevier, vol. 159(C), pages 161-173.
    14. Aven, Terje, 2016. "Ignoring scenarios in risk assessments: Understanding the issue and improving current practice," Reliability Engineering and System Safety, Elsevier, vol. 145(C), pages 215-220.
    15. Hu, Xiaoxiao & Xu, Maochao & Xu, Shouhuai & Zhao, Peng, 2017. "Multiple cyber attacks against a target with observation errors and dependent outcomes: Characterization and optimization," Reliability Engineering and System Safety, Elsevier, vol. 159(C), pages 119-133.
    16. Piètre-Cambacédès, L. & Bouissou, M., 2013. "Cross-fertilization between safety and security engineering," Reliability Engineering and System Safety, Elsevier, vol. 110(C), pages 110-126.
    17. Aven, Terje & Krohn, Bodil S., 2014. "A new perspective on how to understand, assess and manage risk and the unforeseen," Reliability Engineering and System Safety, Elsevier, vol. 121(C), pages 1-10.
    18. Di Maio, Francesco & Picoco, Claudia & Zio, Enrico & Rychkov, Valentin, 2017. "Safety margin sensitivity analysis for model selection in nuclear power plant probabilistic safety assessment," Reliability Engineering and System Safety, Elsevier, vol. 162(C), pages 122-138.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Hou, Tianfeng & Nuyens, Dirk & Roels, Staf & Janssen, Hans, 2019. "Quasi-Monte Carlo based uncertainty analysis: Sampling efficiency and error estimation in engineering applications," Reliability Engineering and System Safety, Elsevier, vol. 191(C).
    2. Bolbot, Victor & Theotokatos, Gerasimos & Bujorianu, Luminita Manuela & Boulougouris, Evangelos & Vassalos, Dracos, 2019. "Vulnerabilities and safety assurance methods in Cyber-Physical Systems: A comprehensive review," Reliability Engineering and System Safety, Elsevier, vol. 182(C), pages 179-193.
    3. Wei Wang & Francesco Di Maio & Enrico Zio, 2019. "Adversarial Risk Analysis to Allocate Optimal Defense Resources for Protecting Cyber–Physical Systems from Cyber Attacks," Risk Analysis, John Wiley & Sons, vol. 39(12), pages 2766-2785, December.
    4. Hao, Yucheng & Jia, Limin & Zio, Enrico & Wang, Yanhui & He, Zhichao, 2023. "A multi-objective optimization model for identifying groups of critical elements in a high-speed train," Reliability Engineering and System Safety, Elsevier, vol. 235(C).
    5. Hao, Zhaojun & Di Maio, Francesco & Zio, Enrico, 2023. "A sequential decision problem formulation and deep reinforcement learning solution of the optimization of O&M of cyber-physical energy systems (CPESs) for reliable and safe power production and supply," Reliability Engineering and System Safety, Elsevier, vol. 235(C).
    6. Zhaojun Hao & Francesco Di Maio & Enrico Zio, 2021. "Multi-State Reliability Assessment Model of Base-Load Cyber-Physical Energy Systems (CPES) during Flexible Operation Considering the Aging of Cyber Components," Energies, MDPI, vol. 14(11), pages 1-18, June.
    7. Wang, Wei & Cova, Gregorio & Zio, Enrico, 2022. "A clustering-based framework for searching vulnerabilities in the operation dynamics of Cyber-Physical Energy Systems," Reliability Engineering and System Safety, Elsevier, vol. 222(C).
    8. Wang, Wei & Di Maio, Francesco & Zio, Enrico, 2020. "Considering the human operator cognitive process for the interpretation of diagnostic outcomes related to component failures and cyber security attacks," Reliability Engineering and System Safety, Elsevier, vol. 202(C).

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Zio, E., 2018. "The future of risk assessment," Reliability Engineering and System Safety, Elsevier, vol. 177(C), pages 176-190.
    2. Wei Wang & Francesco Di Maio & Enrico Zio, 2019. "Adversarial Risk Analysis to Allocate Optimal Defense Resources for Protecting Cyber–Physical Systems from Cyber Attacks," Risk Analysis, John Wiley & Sons, vol. 39(12), pages 2766-2785, December.
    3. Kim, Hee Eun & Son, Han Seong & Kim, Jonghyun & Kang, Hyun Gook, 2017. "Systematic development of scenarios caused by cyber-attack-induced human errors in nuclear power plants," Reliability Engineering and System Safety, Elsevier, vol. 167(C), pages 290-301.
    4. SICARD, Franck & ZAMAI, Éric & FLAUS, Jean-Marie, 2019. "An approach based on behavioral models and critical states distance notion for improving cybersecurity of industrial control systems," Reliability Engineering and System Safety, Elsevier, vol. 188(C), pages 584-603.
    5. Georgios Kavallieratos & Sokratis Katsikas & Vasileios Gkioulos, 2020. "Cybersecurity and Safety Co-Engineering of Cyberphysical Systems—A Comprehensive Survey," Future Internet, MDPI, vol. 12(4), pages 1-17, April.
    6. Sanchez-Saez, F. & Sánchez, A.I. & Villanueva, J.F. & Carlos, S. & Martorell, S., 2018. "Uncertainty analysis of a large break loss of coolant accident in a pressurized water reactor using non-parametric methods," Reliability Engineering and System Safety, Elsevier, vol. 174(C), pages 19-28.
    7. Francesco Di Maio & Nicola Pedroni & Barnabás Tóth & Luciano Burgazzi & Enrico Zio, 2021. "Reliability Assessment of Passive Safety Systems for Nuclear Energy Applications: State-of-the-Art and Open Issues," Energies, MDPI, vol. 14(15), pages 1-17, August.
    8. Matteo Vagnoli & Francesco Di Maio & Enrico Zio, 2018. "Ensembles of climate change models for risk assessment of nuclear power plants," Journal of Risk and Reliability, , vol. 232(2), pages 185-200, April.
    9. Fang, Yi-Ping & Sansavini, Giovanni, 2019. "Optimum post-disruption restoration under uncertainty for enhancing critical infrastructure resilience," Reliability Engineering and System Safety, Elsevier, vol. 185(C), pages 1-11.
    10. Yi‐Ping Fang & Giovanni Sansavini & Enrico Zio, 2019. "An Optimization‐Based Framework for the Identification of Vulnerabilities in Electric Power Grids Exposed to Natural Hazards," Risk Analysis, John Wiley & Sons, vol. 39(9), pages 1949-1969, September.
    11. París, C. & Queral, C. & Mula, J. & Gómez-Magán, J. & Sánchez-Perea, M. & Meléndez, E. & Gil, J., 2019. "Quantitative risk reduction by means of recovery strategies," Reliability Engineering and System Safety, Elsevier, vol. 182(C), pages 13-32.
    12. Turati, Pietro & Pedroni, Nicola & Zio, Enrico, 2017. "Simulation-based exploration of high-dimensional system models for identifying unexpected events," Reliability Engineering and System Safety, Elsevier, vol. 165(C), pages 317-330.
    13. Sperstad, Iver Bakken & Kjølle, Gerd H. & Gjerde, Oddbjørn, 2020. "A comprehensive framework for vulnerability analysis of extraordinary events in power systems," Reliability Engineering and System Safety, Elsevier, vol. 196(C).
    14. Tianlei Zang & Zian Wang & Xiaoguang Wei & Yi Zhou & Jiale Wu & Buxiang Zhou, 2023. "Current Status and Perspective of Vulnerability Assessment of Cyber-Physical Power Systems Based on Complex Network Theory," Energies, MDPI, vol. 16(18), pages 1-38, September.
    15. Nikolaos P Ventikos & Konstantinos Louzis, 2023. "Developing next generation marine risk analysis for ships: Bio-inspiration for building immunity," Journal of Risk and Reliability, , vol. 237(2), pages 405-424, April.
    16. Bolbot, Victor & Theotokatos, Gerasimos & Bujorianu, Luminita Manuela & Boulougouris, Evangelos & Vassalos, Dracos, 2019. "Vulnerabilities and safety assurance methods in Cyber-Physical Systems: A comprehensive review," Reliability Engineering and System Safety, Elsevier, vol. 182(C), pages 179-193.
    17. Rocchetta, Roberto, 2022. "Enhancing the resilience of critical infrastructures: Statistical analysis of power grid spectral clustering and post-contingency vulnerability metrics," Renewable and Sustainable Energy Reviews, Elsevier, vol. 159(C).
    18. Liu, Xing & Fang, Yi-Ping & Zio, Enrico, 2021. "A Hierarchical Resilience Enhancement Framework for Interdependent Critical Infrastructures," Reliability Engineering and System Safety, Elsevier, vol. 215(C).
    19. Kriaa, Siwar & Pietre-Cambacedes, Ludovic & Bouissou, Marc & Halgand, Yoran, 2015. "A survey of approaches combining safety and security for industrial control systems," Reliability Engineering and System Safety, Elsevier, vol. 139(C), pages 156-178.
    20. Chiou, Suh-Wen, 2018. "A traffic-responsive signal control to enhance road network resilience with hazmat transportation in multiple periods," Reliability Engineering and System Safety, Elsevier, vol. 175(C), pages 105-118.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:reensy:v:175:y:2018:i:c:p:24-37. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/reliability-engineering-and-system-safety .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.