Cybersecurity of Digital I&C Systems
On this page:
In support of NRC's cybersecurity effort, the Office of Research (RES) performs technical research to provide technical advice, tools, and information to support current and potential NRC’ regulatory activities including cybersecurity regulatory evaluations, oversight, and guidance. RES also engages with federal agencies such as the U.S. Department of Energy, academic institutions such as Purdue University, and industry groups such as the Electric Power Research Institute to coordinate and collaborate on future research in cybersecurity.
Ongoing cybersecurity research includes novel technology applications, advanced reactors, multi-domain assessment approaches, and performance-based, risk-informed, and technology neutral methodologies. Table 1 summarizes publicly available research on the cybersecurity of DI&C systems.
Table 1: Cybersecurity of Digital I&C Systems
| ID |
Title |
ADAMS Accession Number |
Document Date |
| IAEA-CN-323/00 |
Cybersecurity Considerations of Autonomy in Nuclear Facilities |
ML24184A132 |
2024-07-03 |
| TLR-RES/DE-2024-003 |
Characterizing Nuclear Cybersecurity States Using AI/ML – Final Report |
ML23040A169 |
2024-06-30 |
| Research Plan Development |
ML23062A349 |
| Identification of a Representative Use Case |
ML23102A182 |
| Identification of AI/ML Technologies |
ML24052A002 |
| Use Case Implementation |
ML24193A007 |
| Performance Evaluation & Gap Analysis |
ML24193A008 |
| TLR-RES-DE-2024-005 |
Analyzing the Impact of Using Wireless Technologies for Monitoring Safety-Related Critical Digital Assets (2-16-2024) |
ML23264A148 |
2023-09-30 |
| TLR-RES-DE-2023-007 |
Determining the Safety of Wireless Technologies at Nuclear Power Plants |
ML23222A183 |
2023-09-30 |
| TLR-RES-DE-2023-006 |
Criteria for Determining the Safety of Wireless Technologies at Nuclear Power Plants |
ML23222A166 |
2023-03-31 |
| RG 5.71 (rev. 1) |
Cyber Security Programs for Nuclear Power Reactors |
ML22258A204 |
2023-02-03 |
Novel Technology Applications
Novel applications of technology within nuclear reactors include the use of autonomous monitoring and control, Field Programmable Gate Arrays (FPGAs), and Artificial Intelligence (AI)/Machine Language (ML) technologies. The implementation of these technologies within current and future reactors, as well as new proposed regulations, will potentially require new cybersecurity regulatory guidance and new technical basis to support that guidance. RES performs research to assist NSIR in developing a foundation of knowledge and technical basis to support regulatory cybersecurity guidance for novel technology applications under existing and new regulatory frameworks.
Table 2 summarizes the publicly available research on novel technology applications.
Table 2: Cybersecurity of Novel Technology Applications
| ID |
Title |
ADAMS Accession Number |
Document Date |
| IAEA-CN-323/00 |
Cybersecurity Considerations of Autonomy in Nuclear Facilities |
ML24184A132 |
2024-07-03 |
| TLR-RES/DE-2024-003 |
Characterizing Nuclear Cybersecurity States Using AI/ML – Final Report |
ML23040A169 |
2024-06-30 |
| Research Plan Development |
ML23062A349 |
| Identification of a Representative Use Case |
ML23102A182 |
| Identification of AI/ML Technologies |
ML24052A002 |
| Use Case Implementation |
ML24193A007 |
| Performance Evaluation & Gap Analysis |
ML24193A008 |
Wireless Technologies
With the rapid development of technologies, the nuclear industry has begun adapting wireless technologies to increase the efficiency and effectiveness of plant operations. The nuclear industry is considering the expansion of wireless technologies to safety-related (SR) and important-to-safety (ITS) systems by removing the wireless access restrictions in their cybersecurity plans. However, the use of wireless technologies has the potential to compromise the defense-in-depth cybersecurity posture at nuclear power plants that has been established to protect SR/ITS systems.
To address this consideration, RES performs research on potential cybersecurity vulnerabilities and risks from introducing wireless technologies to SR/ITS systems at a nuclear power plant. Table 3 summarizes research on this topic.
For more information about the safety aspect of wireless technologies, see the Digital Instrumentation and Controls research page.
Table 3: Cybersecurity of Wireless Technologies
| ID |
Title |
ADAMS Accession Number |
Document Date |
| TLR-RES-DE-2024-005 |
Analyzing the Impact of Using Wireless Technologies for Monitoring Safety-Related Critical Digital Assets (2-16-2024) |
ML23264A148 |
2024-02-29 |
| TLR-RES-DE-2023-007 |
Determining the Safety of Wireless Technologies at Nuclear Power Plants |
ML23222A183 |
2023-09-30 |
| TLR-RES-DE-2023-006 |
Criteria for Determining the Safety of Wireless Technologies at Nuclear Power Plants |
ML23222A166 |
2023-03-31 |
Archival Documents
Table 4 summarizes past research on cybersecurity that does not represent current research topics and/or has been updated.
Table 4: Background/Archival Documents
| ID |
Title |
ADAMS Accession Number |
Document Date |
| NUREG/CR-7117 |
Secure Network Design |
ML12163A047 |
2010-01-31 |
| RG 5.71 |
Regulatory Guide 5.71 Cyber Security Programs for Nuclear Facilities. |
ML090340159 |
2010-01-31 |