Abstract Most nuclear power plants (NPPs) are looking deploying digital instrumentation and control (IC a false data injection attack on key equipment is the focus of this research due to the potential severe consequences associated with such an attack. In false data injection, the attackers may alter the reading of control sensors or commands to change the operation of an NPP. Current cybersecurity efforts focus on intrusion prevention by firewalls or data-flow direction control and use commercial intrusion detection systems, which usually focus on monitoring Internet Protocol (IP) addresses, ports, and payload length. However, attention should be given to conditions where these approaches can fail, such as an insider attack. Previous research based on process data shows the potential of a last defenseâ, line using online monitoring of the process data in concern with cyber data analysis. However, existing models involve different subsystems across the whole NPP, which has a wide attack surface and may require high computing cost. This holistic approach may not meet the time-sensitive requirements imposed upon I&C systems. This paper proposes a localized kit for key equipment in a process as a complementary detection method to improve the robustness of key equipment under cyber-attacks. Compared to existing models, this reduces the number of variables used in the model and significantly improves the computational speed. It also reduces the attack surface by limiting the data acquisition locally. This localized kit includes a cyber-attack detection model to detect anomalies within key components, such as the control system actuator, and an inference model to potentially reconstruct a compromised signal to allow the safe shut down. To develop and demonstrate the localized cybersecurity kit, a hardware-in-the-loop (HIL) testbed was built with a pressurized water reactor (PWR) simulator and a programmable logical controller (PLC). The PLC was programmed to control the steam generator (SG) water level at a specified set point, and the PWR simulator was utilized to simulate the nuclear system and response for parameters outside of the SG. Three false data injection attacks were conducted towards the testbed to generate the data needed for the localized kit development and evaluation. The results show the cyber-attack detection model is effective under false data injection scenarios and the inference model is promising as a signal reconstruction method.

中文翻译：

---

对核电厂关键设备进行稳健的本地化网络攻击检测

在线使用与网络数据分析相关的过程数据在线监控。然而，现有模型涉及整个核电厂的不同子系统，其攻击面广，可能需要较高的计算成本。这种整体方法可能无法满足对 I&C 系统施加的时间敏感要求。本文提出了一种过程中关键设备的本地化套件，作为一种补充检测方法，以提高关键设备在网络攻击下的鲁棒性。与现有模型相比，这减少了模型中使用的变量数量，并显着提高了计算速度。它还通过在本地限制数据采集来减少攻击面。该本地化套件包括一个网络攻击检测模型，用于检测关键组件（例如控制系统执行器、以及一个推理模型，以潜在地重建受损信号以允许安全关闭。为了开发和演示本地化网络安全套件，使用压水反应堆 (PWR) 模拟器和可编程逻辑控制器 (PLC) 构建了一个硬件在环 (HIL) 测试台。PLC 被编程以将蒸汽发生器 (SG) 水位控制在指定的设定点，PWR 模拟器用于模拟核系统和 SG 外部参数的响应。对测试平台进行了三个虚假数据注入攻击，以生成本地化套件开发和评估所需的数据。结果表明，网络攻击检测模型在虚假数据注入场景下是有效的，推理模型作为一种信号重建方法很有前景。