Proposal of a Methodology for Selecting Target Systems for Nuclear Facility Cybersecurity Exercises

Cyber attacks targeting nuclear facilities pose significant risks, including the potential release of radioactive materials and the unauthorized removal of nuclear materials. Cybersecurity exercises are an essential measure for mitigating such threats; however, selecting appropriate exercise target systems remains challenging due to the large number of Critical Digital Assets (CDAs) within nuclear facilities. This paper proposes a systematic methodology for selecting cybersecurity exercise target systems based on the protection objectives of nuclear facilities. Two protection objectives are considered: the prevention of unauthorized removal of nuclear material and the prevention of sabotage against nuclear facilities. For the former, a structured decision-flow methodology based on the securityrelated functions of CDAs is presented. For the latter, a Probabilistic Safety Assessment (PSA)-based approach is applied to identify systems whose compromise could significantly affect nuclear safety. The proposed methodology provides an objective and structured basis for selecting exercise target systems and enhances the effectiveness of cybersecurity exercises in nuclear facilities.

Keywords: Nuclear Facility, Cybersecurity Exercises, Exercise Target System, Probabilistic Safety Assessment.