Security Hardened Cyber Components for Nuclear Power Plants

Period of Performance: 06/08/2015 - 03/07/2016


Phase 1 SBIR

Recipient Firm

6645 Woodwell Street
Pittsburgh, PA 15217
Firm POC
Principal Investigator


There is an escalating asymmetry between cybersecurity and cyber-attacks, where growing numbers of sophisticated attacks push the limits of current security technology. Cybersecurity is a particularly daunting challenge in complex cyber-physical systems like nuclear power plants. The quantity and diversity of connected processors, ranging from workstations to small embedded devices, assembled from a variety of sources during multiple upgrade phases over several years, provides a target rich environment that demands not only a strong outer-layer defense, but also an inner-layer defense that accounts for the possibility of successful intrusion. Recent high-profile incidents have shown that current cybersecurity technology is not completely adequate to protect against intrusion and that the deficiencies must be addressed as soon as possible. However, strategies for enhancing nuclear power plant cybersecurity must be compatible with regulatory requirements and the need to keep those plants operational. This project will adapt high-assurance cyber-technologies developed for complex military systems to provide new inner layers of defense against cyber-attacks in nuclear power plants, where high assurance is defined to mean functionally correct and satisfying appropriate safety and security properties. The project will employ formal methods to specify and generate provably-correct software components for controls, monitors, and sensor fusion that are resistant to attacks and malfunctions, while efficiently and accurately performing their primary function of controlling plant processes. The new technology will be deployable in phases that are compatible with the regulatory requirements and normal outage schedules of nuclear power plants. Phase I of this project will produce an end-to-end proof of concept implementation of a high-assurance subsystem of a nuclear power feedwater control, along with a first version of the toolkit for specifying and building such components. The demonstration subsystem will run in a software test environment that will include a user interface for controlling test input to the subsystem and monitoring its response to various combinations of simulated attacks and malfunctions. The products of Phase I will be directly applicable to continued development in Phase II. The toolkits and components from this project will make formally-defined and automatically-generated high- assurance control systems practical for nuclear power and other critical infrastructure. Not only will this provide missing inner layers of cybersecurity, but it will also help improve the overall quality and reliability of those control systems while lowering the cost of their development and future modifications.