Researchers have demonstrated a new AI-based system to rapidly identify attempted cyber-attacks on nuclear power plant.
The Nuclear AMRC provided technical leadership for the project, which investigated the use of a machine-learning technology known as a wavy-attention network to identify potential attacks in real time.
Nuclear power plants increasingly use digital monitoring and control systems to make or inform operational decisions, based on data from a large number of sensors. These allow more efficient operation than traditional analogue systems and, for the new generation of small modular reactor (SMR), are essential to allow information to flow between different modules.
But, like any digital network, these are vulnerable to cyber-attack. Attacks might come from hostile states or groups, individual trouble-makers, or autonomous software which seeks out vulnerabilities.
In the future, nuclear power plants will form part of a smart grid with other energy systems, or be part of industrial sites for applications such as hydrogen production. These could be particularly vulnerable to attack through their connections to a network of other complex systems.
One way to attack a power plant is through the array of cyberphysical sensors which monitor every aspect of its operation. False data injections, where hackers corrupt the data sent from sensors, could be used to give the impression of unsafe conditions, or to mask changes which are genuinely dangerous. Attackers could also potentially manipulate the logic of the control systems to affect how they respond to sensor data.
False data injection attacks can involve apparently minor changes in data, which could have serious consequences. Operators could lose reliable data on the state of the system, resulting in unnecessary shutdowns or equipment damage, or make decisions based on false data, with potentially disastrous consequences.
To prevent damage, operators need to be able to rapidly and reliably identify when the system is coming under attack, so that counter-measures can be deployed.
“What we’re trying to do is monitor a sensor signal,” says Dr Hafiz Ahmed, head of controls and instrumentation at the Nuclear AMRC. “Say you’re monitoring pressure in a pressure vessel – the type of cyber-attack we’re considering would appear as an anomaly in the data from the sensor.”
The researchers focused on a technology called a wavy-attention network. This is based on the WaveNet system developed by Google to analyse human speech, combined with an attention mechanism which uses machine learning to identify unusual behaviour in a long sequence of data such as a stream of sensor measurements.
“We are detecting a statistical anomaly,” explains Ahmed. “You compare the live data to what happened in the past, and if there’s a difference the system detects that as an anomaly.”
The system features a stack of one-dimensional neural networks, each of which analyses the data from a different sensor.
To prove the viability of the wavy-attention network, the team tested it on data from the Asherah nuclear power plant simulator, developed by the University of Sao Paulo for cybersecurity research with funding from the International Atomic Energy Agency.
The team first collected representative data from normal operations, which they used to train the network. They then subjected the simulated reactor to different kinds of cyber-attack, inserting false data or disrupting the flow of data from reactor pressure, temperature and coolant level sensors.
These simulated attacks would not be identified by standard reactor protection systems, but the wavy-attention network was able to identify 99 per cent of the attacks in real time. This success rate is significantly higher than those achieved by other baseline models of neural networks, the researchers note.
The initial proof-of-concept research has now been published in the journal Nuclear Engineering and Design. In the next phase, the researchers intend to focus on experimental validation using a hardware-in-the-loop configuration, with a commercial programmable logic controller (PLC) reacting to data from the Asherah simulator.
The initial research was part-funded by the Welsh Sêr Cymru programme, with ongoing development supported by the High Value Manufacturing Catapult and the Troci (Towards Resilient Operation of Critical Infrastructure) project funded through EPSRC.
- To read the paper, Wavy-attention network for real-time cyber-attack detection in a small modular pressurized water reactor digital control system: doi.org/10.1016/j.nucengdes.2024.113277