A Practical Analysis of Cyber-Physical Attacks Against Nuclear Reactors

A year ago, shortly after presenting the Chernobyl research, I was kind of surprised to find out that a plethora of brand-new Teleperm XS (2nd generation) components were available on eBay.  

Framatome’s Teleperm XS (TXS) is a digital Instrumentation & Control platform designed specifically for use in safety systems in Nuclear power plants, as a replacement for, or upgrades to their analog counterparts. It is one of the most widely used digital safety I&C platforms, sustaining the main defense line (Reactor Protection System, Engineered Safety Features Actuation System) in dozens of nuclear reactors globally, including Europe, USA, Russia, and China.

Obviously, that was a good opportunity to dig deeper into the, usually, closed world of nuclear digital safety I&C systems, so I bought some of the most important TXS modules. 

That was the starting point for the research I'm releasing today: "A Practical Analysis of Cyber-Physical Attacks Against Nuclear Reactors".

 

This research paper aims to provide a comprehensive technical analysis of hypothetical cyber-physical attacks targeting the safety systems of nuclear reactors (PWRs), such as the Reactor Protection System (RPS) and the Engineered Safety Features Actuation System (ESFAS).

The paper is structured to facilitate reading and understanding, making this analysis accessible to readers with varying levels of technical expertise. 

- The “Introduction” describes the nuclear engineering and nuclear physics concepts behind nuclear fission, Pressurized Water Reactors (PWRs) and NPPs, which are required to follow the subsequent cyber-physical attack scenarios. Prior knowledge of nuclear physics or reactor engineering is not assumed, making it accessible to those without a formal background in these fields.

- “Actors and motivations” describes the background of certain real-world operations involving cyber-physical attacks and nuclear facilities.

- “Teleperm XS” introduces the commercial Instrumentation and Control (I&C) platform, including a detailed description of the hardware, software architecture, attack surface, and eventually those characteristics that could potentially be leveraged by malicious actors.

- “Cyber-Physical Attacks” details an approach to analyzing the design of specific nuclear reactors in order to characterize a series of feasible cyber-physical attacks against their safety systems (e.g. RPS, ESFAS), according to the level of damage sought by the attackers

This research should be interpreted primarily as an informative endeavor rather than an alarmist one. Hopefully, it can help dispel myths and foster a greater public understanding of nuclear energy, a vital tool for a sustainable future. 

A more informed community, equipped with a nuanced understanding of both the risks and the robust safety measures in place, will be better prepared to identify and deal with potential nuclear-related incidents.

A Practical Analysis of Cyber-Physical Attacks Against Nuclear Reactors (PDF)