核电厂网络安全风险分析的动态概率风险评估与博弈论

IF 11 1区工程技术 Q1 ENGINEERING, INDUSTRIAL

Reliability Engineering & System Safety Pub Date : 2025-09-10 DOI:10.1016/j.ress.2025.111702

Pavan Kumar Vaddi , Xiaoxu Diao , Yunfei Zhao , Carol Smidts

{"title":"核电厂网络安全风险分析的动态概率风险评估与博弈论","authors":"Pavan Kumar Vaddi , Xiaoxu Diao , Yunfei Zhao , Carol Smidts","doi":"10.1016/j.ress.2025.111702","DOIUrl":null,"url":null,"abstract":"<div><div>Nuclear Power Plants and energy systems have become more prone to cyber-attacks with their digitalization and the increased use of smart equipment. Hence, it is important to quantify the risk associated with cyber-attacks in such systems. Dynamic Probabilistic Risk Assessment which involves studying the evolution of a system due to random events and operator and attacker actions during a cyber-attack by employing a physics-based model of the system is a suitable framework to quantify cybersecurity risk in nuclear power plants. In addition to the plant dynamics, it is also important to model the strategies of the attackers and plant operators for an effective cybersecurity risk assessment. Game theory provides a set of necessary tools to model such strategic interactions. In this research, a framework that integrates dynamic probabilistic risk assessment with game theory for cybersecurity risk analysis in nuclear power plants is presented. The mathematical formulation is derived based on the theory of continuous event trees. We propose a game theory based action model, that utilizes physics-based rewards to define the strategies of attackers and operators at every decision epoch. As a case study, the risk associated with cyber-attacks on the digital components in the secondary side of a pressurized water reactor is studied using a reduced order model. A set of attacker actions and a set of operator actions are defined for the system. The operator and attacker interactions were modelled using simultaneous game, their action policies were computed using the concept of mixed strategy Nash equilibrium and the evolution of the system was studied.</div></div>","PeriodicalId":54500,"journal":{"name":"Reliability Engineering & System Safety","volume":"266 ","pages":"Article 111702"},"PeriodicalIF":11.0000,"publicationDate":"2025-09-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Dynamic probabilistic risk assessment and game theory for cyber security risk analysis in nuclear power plants\",\"authors\":\"Pavan Kumar Vaddi , Xiaoxu Diao , Yunfei Zhao , Carol Smidts\",\"doi\":\"10.1016/j.ress.2025.111702\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Nuclear Power Plants and energy systems have become more prone to cyber-attacks with their digitalization and the increased use of smart equipment. Hence, it is important to quantify the risk associated with cyber-attacks in such systems. Dynamic Probabilistic Risk Assessment which involves studying the evolution of a system due to random events and operator and attacker actions during a cyber-attack by employing a physics-based model of the system is a suitable framework to quantify cybersecurity risk in nuclear power plants. In addition to the plant dynamics, it is also important to model the strategies of the attackers and plant operators for an effective cybersecurity risk assessment. Game theory provides a set of necessary tools to model such strategic interactions. In this research, a framework that integrates dynamic probabilistic risk assessment with game theory for cybersecurity risk analysis in nuclear power plants is presented. The mathematical formulation is derived based on the theory of continuous event trees. We propose a game theory based action model, that utilizes physics-based rewards to define the strategies of attackers and operators at every decision epoch. As a case study, the risk associated with cyber-attacks on the digital components in the secondary side of a pressurized water reactor is studied using a reduced order model. A set of attacker actions and a set of operator actions are defined for the system. The operator and attacker interactions were modelled using simultaneous game, their action policies were computed using the concept of mixed strategy Nash equilibrium and the evolution of the system was studied.</div></div>\",\"PeriodicalId\":54500,\"journal\":{\"name\":\"Reliability Engineering & System Safety\",\"volume\":\"266 \",\"pages\":\"Article 111702\"},\"PeriodicalIF\":11.0000,\"publicationDate\":\"2025-09-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Reliability Engineering & System Safety\",\"FirstCategoryId\":\"5\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0951832025009020\",\"RegionNum\":1,\"RegionCategory\":\"工程技术\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"ENGINEERING, INDUSTRIAL\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Reliability Engineering & System Safety","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0951832025009020","RegionNum":1,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ENGINEERING, INDUSTRIAL","Score":null,"Total":0}

引用次数: 0

摘要

随着核电站和能源系统的数字化和智能设备的使用增加，它们变得更容易受到网络攻击。因此，量化此类系统中与网络攻击相关的风险是很重要的。动态概率风险评估是量化核电站网络安全风险的一个合适框架，它涉及研究系统在网络攻击期间由于随机事件和操作员和攻击者行为而演变的系统，采用基于物理的系统模型。除了工厂动态之外，为有效的网络安全风险评估，对攻击者和工厂运营商的策略进行建模也很重要。博弈论提供了一套必要的工具来模拟这种战略互动。本文提出了一种将动态概率风险评估与博弈论相结合的核电厂网络安全风险分析框架。在连续事件树理论的基础上，推导了该模型的数学表达式。我们提出了一个基于博弈论的行动模型，该模型利用基于物理的奖励来定义攻击者和操作者在每个决策时刻的策略。以压水堆二次侧数字部件的网络攻击风险为例，采用降阶模型进行了研究。为系统定义了一组攻击者操作和一组操作员操作。采用同时博弈的方法建立了操作者和攻击者的交互模型，采用混合策略纳什均衡的概念计算了他们的行动策略，并研究了系统的演化。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Dynamic probabilistic risk assessment and game theory for cyber security risk analysis in nuclear power plants

Nuclear Power Plants and energy systems have become more prone to cyber-attacks with their digitalization and the increased use of smart equipment. Hence, it is important to quantify the risk associated with cyber-attacks in such systems. Dynamic Probabilistic Risk Assessment which involves studying the evolution of a system due to random events and operator and attacker actions during a cyber-attack by employing a physics-based model of the system is a suitable framework to quantify cybersecurity risk in nuclear power plants. In addition to the plant dynamics, it is also important to model the strategies of the attackers and plant operators for an effective cybersecurity risk assessment. Game theory provides a set of necessary tools to model such strategic interactions. In this research, a framework that integrates dynamic probabilistic risk assessment with game theory for cybersecurity risk analysis in nuclear power plants is presented. The mathematical formulation is derived based on the theory of continuous event trees. We propose a game theory based action model, that utilizes physics-based rewards to define the strategies of attackers and operators at every decision epoch. As a case study, the risk associated with cyber-attacks on the digital components in the secondary side of a pressurized water reactor is studied using a reduced order model. A set of attacker actions and a set of operator actions are defined for the system. The operator and attacker interactions were modelled using simultaneous game, their action policies were computed using the concept of mixed strategy Nash equilibrium and the evolution of the system was studied.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Reliability Engineering & System Safety 管理科学-工程：工业

CiteScore

15.20

自引率

39.50%

发文量

621

审稿时长

67 days

期刊介绍： Elsevier publishes Reliability Engineering & System Safety in association with the European Safety and Reliability Association and the Safety Engineering and Risk Analysis Division. The international journal is devoted to developing and applying methods to enhance the safety and reliability of complex technological systems, like nuclear power plants, chemical plants, hazardous waste facilities, space systems, offshore and maritime systems, transportation systems, constructed infrastructure, and manufacturing plants. The journal normally publishes only articles that involve the analysis of substantive problems related to the reliability of complex systems or present techniques and/or theoretical results that have a discernable relationship to the solution of such problems. An important aim is to balance academic material and practical applications.