Year
2018
Abstract
Nuclear power plants are gradually replacing aging analog control systems withdigital systems. While new digital systems improve process operation and enhance equipment reliability, the interconnectedness between cyber and physical systems also introduces new cyber vulnerabilities. False data injection attacks intended to compromise or prevent safe shutdown systems may not be detected by traditional IT-based intrusion detection systems focused on monitoring network traffic. We previously evaluated the use of Principal Component Analysis (PCA) and Independent Component Analysis (ICA) machine learning intrusion detection algorithms for monitoring cyber attacks that spoof data to appear ‘normal’ in order to hide the effects of a simultaneous physical attack. Since most process monitoring systems will not flag ‘normal’ data as an anomaly or an attack, new types of alarm thresholds and notifications are needed for this class of attack. This work builds on past research and moves towards optimization of novel thresholding algorithms for Operator notification of a false data injection attack.