# Topic and Description Modern control systems are integrating more and more digital technologies. These technologies can be more efficient, and easier to update and maintain than an analog counterpart. With this flexibility, however, digital control systems are more vulnerable than analog control systems as control dynamics can be augmented through cyberattacks. I would like to dig in to how the nuclear industry will face regulating digital control systems and ensure robustness of critical NPP safety systems from cyberattacks. # ChatGPT Outline Ideas ## Outline **1. Introduction (1 page)** - Background on nuclear power plants and the criticality of safety systems. - Increasing integration of digital control systems in NPPs. - Thesis: While digital technologies improve efficiency and maintainability, they introduce cybersecurity vulnerabilities that must be regulated to ensure robust safety. **2. Overview of Digital vs. Analog Control Systems (1–1.5 pages)** - Benefits of digital systems: flexibility, ease of updates, better diagnostics. - Risks of digital systems: cyber vulnerabilities, increased attack surface. - Comparison with analog systems: inherent stability and isolation. **3. Cybersecurity Threats to NPP Safety Systems (1–2 pages)** - Common attack vectors: malware, insider threats, supply chain vulnerabilities. - Case studies or examples (e.g., Stuxnet attack on nuclear facilities). - Potential impacts: compromised reactor safety, economic losses, public trust. **4. Regulatory Challenges in Digital Systems (1–1.5 pages)** - Existing frameworks (e.g., NRC guidelines, IEC standards for industrial systems). - Gaps in regulations specific to cybersecurity in NPPs. - Role of international cooperation and harmonized standards. **5. Strategies for Ensuring Robustness (1.5–2 pages)** - Cybersecurity best practices: secure coding, regular audits, redundant safety systems. - Emerging technologies: AI for anomaly detection, blockchain for secure communication. - Human factors: training, insider threat mitigation. **6. Conclusion (0.5–1 page)** - Recap key points: benefits and risks of digital systems, regulatory needs, and solutions. - Emphasize importance of proactive measures to protect NPPs. **7. References (1+ pages)** - Include at least one technical journal article, industry report, and a credible secondary source. ## Key Areas to Research 1. **Cybersecurity in Critical Infrastructure** - Look into how cybersecurity frameworks (e.g., NIST CSF) are applied in critical systems. 2. **Nuclear-Specific Standards** - Research NRC regulatory guides (RGs) and standards like IEEE 7-4.3.2 or IAEA guidelines on safety-critical systems. 3. **Case Studies and Incidents** - Stuxnet, Triton/Trisis attacks on industrial control systems, or hypothetical scenarios in nuclear contexts. 4. **Technical Methods for Cybersecurity** - Intrusion detection systems, physical and network segmentation, fail-safe mechanisms. 5. **Policy Challenges** - Balancing innovation with regulation, cross-border cybersecurity cooperation. ## Resources to Start - Journals like _Nuclear Engineering and Design_, _Cybersecurity in Critical Infrastructure_, and _IEEE Transactions on Nuclear Science_. - Reports from the NRC, IAEA, or the DOE. - Books on cybersecurity in industrial control systems. # My Outline ## Introduction ## Digital vs. Analog Control Systems The fundamental reason cybersecurity is a concern for nuclear power is the introduction of digital control ### How is control done now? - Most safety systems (and other controls) are analog - There are actual wires or air lines running to everything - Bone simple to understand - Difficult to maintain and adjust. Have to manually shim devices in electrical circuits or pressure systems for example. - Security is a matter of restricting access. Humans have been doing physical defense for thousands of years. We're good at that. ### What is the future of control? - Digital controllers (computers) - Can be more efficient, more involved control solutions - Can easily update systems as components age and wear to ensure optimality. - Can easily update to new technology in pieces or in whole system - Remote monitoring is a thing - Security is much more complex than restricting access. Instead, cyberattacks are a whole new frontier of vulnerabilities ## Cybersecurity Threats to Digital Control Systems - Cybersecurity threats on digital control systems happen all the time and are a big deal. - talk about what cyberphysical systems are - CPS is important because a cyber attack on a cps translates digital harm into physical consequences. - On less critical systems this has been an issue. - German Steel Mill was an attack that caused severe financial losses to a german steel mill and blew open a blast furnace - What about nuclear? As far as we know no attacks on NPP but there has been cyberattacks in the nuclear industry. - Stuxnet was specifically designed to target Iran's nuclear enrichment program, and destroyed a lot of their progress. - Their control systems weren't iranian made however, they're industry standard. (CHECK!) - Digital control systems introduce vulnerbailities by their nature because they can carry vulnerabilities that are not easily traceable from the supply chain too. - Pager attack is a supply chain example. How can you check code correctness? ## Regulatory Challenges in Digital Systems - Huge problem with digital control systems. You really can't know because the onus of cybersecurity right now is on the user (THIS IS CITEABLE) - This is a push for regulators to instead put the blame of vulnerability removal onto the manufacturers. - This is one thing that has to happen ## Strategies for Robustness to Cyberattacks ## Conclusion