Effectiveness Evaluation of nuclear facilities’ security systems under cyber-physical attack scenarios
Cyber Security, Nuclear Security, Cyberphysical Attack, Hybrid Threats, Critical Infrastructure
The present work aims to perform an evaluation on the probabilistic effectiveness of the security system for a nuclear facility model, under attack scenarios involving hybrid threats, i.e. with both cyber and physical capabilities. Amid a global context propitious to the increase in attacks over critical infrastructure, including those involving illicit access and sabotage on nuclear materials, combined with the rapid evolution and diversity of cyber-attacks in various sectors of society, it is a notable challenge to assess the security of critical infrastructure. Considering aspects of confidentiality on security systems designs for real nuclear facilities, a hypothetical one (Instituto de Ciências Nucleares do Cerrado) was modelled, considering the legal and regulatory framework in force in Brazil and similar models in use by the International Agency of Atomic Energy (IAEA) for training purposes. The model describes the characterization of the threat, the security system and the cyber-physical attack scenarios, using probabilistic performance parameters from the literature to calculate the effectiveness (P E) of the security system, comparing scenarios of purely physical attacks to others in which security-critical digital assets are compromised. The results showed a significant decrease in the effectiveness of the system, indicating the need for improvements in the safety measures of nuclear installations, from a regulatory and operational point of view. Furthermore, the methodology used in the work is general and appli