A study on process information-driven cyber threat detection for I&C systems in NPP

The increasing digitalization of Instrumentation and Control (I&C) systems in Nuclear Power Plants (NPPs) has improved operational efficiency while introducing cybersecurity vulnerabilities. Conventional network-based intrusion detection systems (IDS) face limitations in detecting sophisticated cyber threats targeting safety-critical controllers. To address these challenges, this study proposes a process information-driven cyber threat detection methodology based on real-time process data analysis and control logic consistency, enabling non-intrusive threat identification. The proposed methodology was examined through simulation and experimental testing using an APR-1400 Reactor Protection System (RPS) testbed. A cyber attack scenario targeting the High Pressurizer Pressure (HPP) Trip function was designed to assess the effectiveness of the detection mechanism. Simulation results demonstrated the detection algorithm's ability to identify unauthorized modifications to the trip setpoint, indicating the potential to detect cyber threats affecting reactor trip logic. Furthermore, experimental testing using the Safety Data Acquisition & Detection System (SDDS) demonstrated real-time anomaly detection while maintaining system integrity. These findings suggest that the proposed process-driven detection technique can enhance the cybersecurity resilience of NPPs without disrupting operational stability.