Spotlight
Cybersecurity of Digital I&C Systems
On this page:
In support of NRC's cybersecurity effort, the Office of Research (RES) performs technical research to provide technical advice, tools, and information to support current and potential NRC’ regulatory activities including cybersecurity regulatory evaluations, oversight, and guidance. RES also engages with federal agencies such as the U.S. Department of Energy, academic institutions such as Purdue University, and industry groups such as the Electric Power Research Institute to coordinate and collaborate on future research in cybersecurity.
Ongoing cybersecurity research includes novel technology applications, advanced reactors, multi-domain assessment approaches, and performance-based, risk-informed, and technology neutral methodologies. Table 1 summarizes publicly available research on the cybersecurity of DI&C systems.
Table 1: Cybersecurity of Digital I&C Systems
ID | Title | ADAMS Accession Number | Document Date |
|---|---|---|---|
TLR-RES-DE-2025-001 | Implementing Zero Trust for Operational Technology at Nuclear Facilities | 2025-02-10 | |
IAEA-CN-323/00 | Cybersecurity Considerations of Autonomy in Nuclear Facilities | 2024-07-03 | |
TLR-RES/DE-2024-003 | Characterizing Nuclear Cybersecurity States Using AI/ML – Final Report | 2024-06-30 | |
Research Plan Development | |||
Identification of a Representative Use Case | |||
Identification of AI/ML Technologies | |||
Use Case Implementation | |||
Performance Evaluation & Gap Analysis | |||
TLR-RES-DE-2024-005 | Analyzing the Impact of Using Wireless Technologies for Monitoring Safety-Related Critical Digital Assets (2-16-2024) | 2023-09-30 | |
TLR-RES-DE-2024-001 | Zero Trust Architectures for Operational Technology at Nuclear Facilities | 2023-11-30 | |
TLR-RES-DE-2023-007 | Determining the Safety of Wireless Technologies at Nuclear Power Plants | 2023-09-30 | |
TLR-RES-DE-2023-006 | Criteria for Determining the Safety of Wireless Technologies at Nuclear Power Plants | 2023-03-31 | |
TLR-RES-DE-2023-001 | Zero Trust for Operational Technology Literature Review | 2023-02-10 | |
RG 5.71 (rev. 1) | Cyber Security Programs for Nuclear Power Reactors | 2023-02-03 | |
TLR-RES/DE-2022-007 | Study of Wireless Technology Implementation in Isolated, High-Consequence, Networks | 2022-07-31 |
Novel Technology Applications
Novel applications of technology within nuclear reactors include the use of autonomous monitoring and control, Field Programmable Gate Arrays (FPGAs), and Artificial Intelligence (AI)/Machine Language (ML) technologies. The implementation of these technologies within current and future reactors, as well as new proposed regulations, will potentially require new cybersecurity regulatory guidance and new technical basis to support that guidance. RES performs research to assist NSIR in developing a foundation of knowledge and technical basis to support regulatory cybersecurity guidance for novel technology applications under existing and new regulatory frameworks.
Table 2 summarizes the publicly available research on novel technology applications.
Table 2: Cybersecurity of Novel Technology Applications
ID | Title | ADAMS Accession Number | Document Date |
|---|---|---|---|
IAEA-CN-323/00 | Cybersecurity Considerations of Autonomy in Nuclear Facilities | 2024-07-03 | |
TLR-RES/DE-2024-003 | Characterizing Nuclear Cybersecurity States Using AI/ML – Final Report | 2024-06-30 | |
Research Plan Development | |||
Identification of a Representative Use Case | |||
Identification of AI/ML Technologies | |||
Use Case Implementation | |||
Performance Evaluation & Gap Analysis |
Wireless Technologies
With the rapid development of technologies, the nuclear industry has begun adapting wireless technologies to increase the efficiency and effectiveness of plant operations. The nuclear industry is considering the expansion of wireless technologies to safety-related (SR) and important-to-safety (ITS) systems by removing the wireless access restrictions in their cybersecurity plans. However, the use of wireless technologies has the potential to compromise the defense-in-depth cybersecurity posture at nuclear power plants that has been established to protect SR/ITS systems.
To address this consideration, RES performs research on potential cybersecurity vulnerabilities and risks from introducing wireless technologies to SR/ITS systems at a nuclear power plant. Table 3 summarizes research on this topic.
For more information about the safety aspect of wireless technologies, see the Digital Instrumentation and Controls research page.
Table 3: Cybersecurity of Wireless Technologies
ID | Title | ADAMS Accession Number | Document Date |
|---|---|---|---|
TLR-RES-DE-2024-005 | Analyzing the Impact of Using Wireless Technologies for Monitoring Safety-Related Critical Digital Assets (2-16-2024) | 2024-02-29 | |
TLR-RES-DE-2023-007 | Determining the Safety of Wireless Technologies at Nuclear Power Plants | 2023-09-30 | |
TLR-RES-DE-2023-006 | Criteria for Determining the Safety of Wireless Technologies at Nuclear Power Plants | 2023-03-31 | |
TLR-RES/DE-2022-007 | Study of Wireless Technology Implementation in Isolated, High-Consequence, Networks | 2022-07-31 |
Zero Trust
Zero Trust Architecture (ZTA) is a security model that can be summarized by the statement “never trust, always verify.” It assumes threats exist both inside and outside traditional network boundaries, whereas traditional, perimeter-based models assign trust to assets inside a network perimeter. When properly implemented, a Zero Trust architecture shifts the burden from the defender to the attacker who must constantly guess correctly to move through the network.
As new reactors adopt/employ emerging technologies such as remote and autonomous monitoring, drones, and robotics, the current perimeter-based security model and domination of physical controls to address vulnerabilities will not work. New technologies such as drones/wireless/remote management do not nearly fit into the defensive architecture or regulatory guidelines we have today. RES is examining whether Zero Trust architectures can replace the current defensive architecture and reduce the security challenges of introducing newer technologies (such as wireless devices, drones, cloud computing, and remote monitoring) in a secure manner while satisfying the safety requirements.
Table 4: Zero Trust
ID | Title | ADAMS Accession Number | Document Date |
|---|---|---|---|
TLR-RES-DE-2025-001 | Implementing Zero Trust for Operational Technology at Nuclear Facilities | 2025-02-10 | |
TLR-RES-DE-2024-001 | Zero Trust Architectures for Operational Technology at Nuclear Facilities | 2023-11-30 | |
TLR-RES-DE-2023-001 | Zero Trust for Operational Technology Literature Review | 2023-02-10 |
Archival Documents
Table 5 summarizes past research on cybersecurity that does not represent current research topics and/or has been updated.
Table 5: Background/Archival Documents
ID | Title | ADAMS Accession Number | Document Date |
|---|---|---|---|
NUREG/CR-7117 | Secure Network Design | 2010-01-31 | |
RG 5.71 | Regulatory Guide 5.71 Cyber Security Programs for Nuclear Facilities. | 2010-01-31 |
Page Last Reviewed/Updated Monday, January 12, 2026
Page Last Reviewed/Updated Monday, January 12, 2026