Session: 15-01-01: General Topics on Risk, Safety, and Reliability I

Paper Number: 166591

Risk Informed Analysis of Cyber Attack Scenarios for Department of Defense Microreactor: PRA Approach 

Probabilistic Risk Assessment (PRA) using fault tree and event tree analyses has long been a widely adopted methodology for evaluating system and plant risk level in high reliability and high consequence facilities such as Nuclear Power plant NPP. In the nuclear industry, PRA is frequently used to model failure pathways, with a focus on identifying sequences that could lead to fuel damage and radioactive releases. PRA analysis utilizes fault tree and event tree methodologies primarily focusing on initiating events and system or component failures that could result in severe consequences. However, when considering cyber-attacks, a much broader spectrum of consequences emerges, as any compromise in the digital system could lead to operational disruption, system damage and financial loss. Recently, cyber-attacks have arisen as a significant threat to critical infrastructure, including power grids, railway system, and nuclear power plants. In the perspective of nuclear facilities such as microreactor such attacks can lead to a range of consequences, from minor operational disruptions to unplanned reactor shutdowns or even severe plant damage. The DoD's Strategic Capabilities Office (SCO) initiated Project Pele, with the primary goal of designing, constructing, and demonstrating a prototype mobile nuclear reactor within the next five years. The current proposed design is utilizes advanced Tristructural Isotropic (TRISO) fuel. A key consideration in adopting microreactors for use is the associated risks incurred during operation such as remote operation, cyber-attacks and transportation vulnerabilities. The increasing integration of digital instrumentation and control (I&C) systems in microreactors, cybersecurity threats pose a growing concern for reactor safety and operational resilience. In this work, we will present a risk-informed analysis of cyber-attack scenarios targeting microreactor reactor protection systems (RPS) through a PRA-based approach. The analysis focuses on identifying critical digital assets that, if compromised, could lead to high-consequence events, including unintended reactor shutdowns, safety system failures, reactor instability, and potential plant damage. The study applies fault tree and event tree analysis to model failure pathways and quantify risk across various cyber-initiated scenarios. A key objective is to determine the minimal set of digital assets that require prioritized protection to ensure reactor safety, defense in depth and operational continuity. After obtaining results, various cyber-attack mitigation and and resilience strategies will be tested within the model to evaluate their relative effectiveness. The findings contribute to the advancement of cyber-informed PRA methodologies for microreactors by integrating cyber risk in a quantitative framework, supporting risk informed decision making and overall system security.

Presenting Author: Matthew Halley North Carolina State University

Presenting Author Biography: Captain Halley graduated from the United States Military Academy in 2015 with a Bachelor of Science in Nuclear Engineering. Since Graduating he has served as an Airborne Infantryman with the 82nd Airborne Division, 5th Ranger Training Battalion, and 11th Airborne Division. He is currently working to earn a Master of Science in Nuclear Engineering. His research focus is on assessing cyber informed risk in microreactors through PRA modeling.

Authors:

Matthew Halley North Carolina State University
Yahya Alzahrani North Carolina State University
Mihai Diaconeasa North Carolina State University