A quantitative assessment framework for cyber-attack scenarios on nuclear power plants using relative difficulty and consequence

Digital instrumentation and control (I&C) systems have been replacing analog I&C systems in nuclear power plants (NPPs) on account of the beneficial functions digital systems provide. As a result, NPP risks have been centralized into the digital I&C systems, with the issue of cyber-attack thus emerging as one of the new threats. To achieve more effective cyber security, it is necessary to evaluate the risk of cyber-attack quantitatively. This work proposes a quantitative assessment framework to evaluate NPP risk due to cyber-attack scenarios. This framework evaluates the risk by defining the difficulty and consequence of a cyber-attack, for which the assessment methods are based on Bayesian belief network and probabilistic safety assessment methods, respectively. Application of the framework to several possible cyber-attack scenarios quantitatively assessed the difficulty and consequence of the scenarios, thereby providing risk information. It is expected that application of the proposed framework can enhance cyber security. (C) 2020 Elsevier Ltd. All rights reserved.