Dynamic probabilistic risk assessment and game theory for cyber security risk analysis in nuclear power plants

Nuclear Power Plants and energy systems have become more prone to cyber-attacks with their digitalization and the increased use of smart equipment. Hence, it is important to quantify the risk associated with cyber-attacks in such systems. Dynamic Probabilistic Risk Assessment which involves studying the evolution of a system due to random events and operator and attacker actions during a cyber-attack by employing a physics-based model of the system is a suitable framework to quantify cybersecurity risk in nuclear power plants. In addition to the plant dynamics, it is also important to model the strategies of the attackers and plant operators for an effective cybersecurity risk assessment. Game theory provides a set of necessary tools to model such strategic interactions. In this research, a framework that integrates dynamic probabilistic risk assessment with game theory for cybersecurity risk analysis in nuclear power plants is presented. The mathematical formulation is derived based on the theory of continuous event trees. We propose a game theory based action model, that utilizes physics-based rewards to define the strategies of attackers and operators at every decision epoch. As a case study, the risk associated with cyber-attacks on the digital components in the secondary side of a pressurized water reactor is studied using a reduced order model. A set of attacker actions and a set of operator actions are defined for the system. The operator and attacker interactions were modelled using simultaneous game, their action policies were computed using the concept of mixed strategy Nash equilibrium and the evolution of the system was studied.