Description
The integration of digital Instrumentation and Control (I&C) systems in nuclear facilities creates complex cyber-physical-human systems, introducing vulnerabilities at the confluence of nuclear safety, physical security, and cybersecurity. Conventional risk assessment methodologies often analyze these domains independently and are thus inadequate for evaluating blended threats that exploit such systemic interdependencies. This paper proposes a two-phase analytical framework to address this deficiency. The first phase utilizes Systems-Theoretic Process Analysis (STPA), a top-down hazard analysis technique, to identify Unsafe Control Actions (UCAs) that can precipitate a loss event. This identification is agnostic to the causal factor, encompassing component failure, human error, or malicious cyber-physical attacks. In the second phase, high-consequence scenarios identified via STPA are modeled using Dynamic Probabilistic Risk Assessment (DPRA). DPRA is a simulation-based method that quantifies risk by modeling the temporal evolution of event sequences and dynamic system interactions. The framework's application is demonstrated through a case study of a blended threat against a model research reactor. The analysis reveals systemic vulnerabilities, for example where manipulated sensor data could cause operators to perform incorrect actions. The results quantify how such threats degrade system resilience by reducing the time available for appropriate operator response, thereby increasing the conditional probability of adverse outcomes. This integrated, systems-theoretic approach provides a more robust and quantitatively rigorous framework for the assessment and management of risk in complex, modernized nuclear facilities.
| Technical Track | Student Competition |
|---|
