NE Colloquium - Fan Zhang "Air gap is not enough: Enhancing Cybersecurity of NPPs"
As nuclear power plants (NPPs) age, analog technologies are difficult to maintain. Utilities are increasingly looking towards implementing digital instrumentation and control (I&C) systems to replace the analog I&C systems. One of the major considerations hindering this deployment is cybersecurity of digital I&C systems. Several nuclear industry cyber incidents suggest that firewalls and network segregation (for example, “air gap”) are not sufficient for preventing cyber-attacks, especially for insiders and systems that support removable media. Indeed, the number and capability of cyber-attacks that target industrial control systems has grown rapidly, indicating that more cyber threats should be considered for NPPs. Another issue exists across the domain of cybersecurity for NPPs: the information technology (IT) experts who monitor the cyber infrastructure and the facility engineers and operators who monitor the processes are largely independent. Lack of cross-disciplinary background and team integration may result in insufficient understanding of the whole scenario when a cyber-attack event happens. Thus, enhancing the cybersecurity of NPPs requires dedicated efforts in not only improving digital safeguards, but also promoting cross-collaboration between the operational technology (OT) and IT. In this talk, Fan will present current research efforts focused on integrating cybersecurity efforts with process monitoring to provide early cyber-attack detection with defense-in-depth concept, and will also present an IAEA Coordinated Research Project “Enhancing Computer Security Incident Analysis and Response Planning at Nuclear Facilities” that Dr. Coble and Fan Zhang are currently involved in.
Wednesday, February 6, 2019 at 1:30pm to 2:30pm
Nuclear Engineering Building, 302
1412 Circle Drive Knoxville TN 37996