Scenario-based training for nuclear power plants based on actual nuclear plant cyber incidents

There have been more than 500 actual control system cyber incidents globally in multiple industries. The impacts have ranged from trivial to significant environmental releases to significant equipment damage to major cyber-related outages to deaths. Most of the incidents were not malicious and the vast majority were not identified as cyber. Several years ago, Marshall Abrams from MITRE and myself performed a project for NIST to review selected control system cyber incidents to understand what really happened, what security controls were violated, and what controls could have prevented or mitigated the events. The analysis done for NIST on the Olympic Pipeline Company gasoline pipeline rupture led to determining the PG&E San Bruno natural gas pipeline rupture was also control system cyber. The International Atomic Energy Agency (IAEA) has tasked me to select 3 of the more than 30 nuclear-plant cyber incidents and present similar findings the week of June 1^st in Vienna – what really happened, what controls were violated, and what policies and guidelines would be needed to prevent or mitigate the incidents. The selected incidents are very important as they have the following characteristics:

-        They were not identified as cyber

-        They had significant impact on plant operations including forced shutdowns, loss-of-off-site power, and loss of control of a turbine

-        They were not network-based but affected the control systems

-        Existing cyber security guidance including NRC guidance did not address them

-        They affected other industries besides nuclear

This type of information is critical in developing appropriate control system cyber security awareness, training, policies, procedures, and technologies for any industry.

Joe Weiss