SBIR-STTR Award

Neo Prime Will Develop a Risk-informed Modeling and Simulation Tool to Quantify and Reduce Cyber Risk During Nuclear Facility Analog-to-digital Transitions.
Award last edited on: 2/26/2019

Sponsored Program
SBIR
Awarding Agency
DOE
Total Award Amount
$150,000
Award Phase
1
Solicitation Topic Code
30h
Principal Investigator
Craig Schultz

Company Information

Neo Prime Inc (AKA: Neo Prime Solutions Inc)

2440 Camino Ramon Suite 127
San Ramon, CA 94583
   N/A
   info@neoprime.com
   www.neoprime.com
Location: Single
Congr. District: 10
County: Contra Costa

Phase I

Contract Number: DE-SC0018690
Start Date: 7/2/2018    Completed: 4/1/2019
Phase I year
2018
Phase I Amount
$150,000
The nuclear power industry, including the 61 commercially operating nuclear power plants with 99 nuclear reactors, and research and test reactors, is undergoing a transition from analog to digital control systems (A2D). While the A2D transition will enhance efficient operation of nuclear reactors, it also introduces cybersecurity concerns related to their safe and cost-effective operation. Insider threats, supply chain management, susceptibility to direct network breach are emerging as recognized concerns in the reactor community as security budgets are an average $10 mm per plant per year.At the same time, there is little unified methodology for assessing the full range risks of vulnerabilities in a digitized reactor domain. Facility safety and security currently often hinge on a catalog of approved parts, with a rudimentary binning and ranking process carrying little fidelity around the impact on A2D transition risks to mission-critical assets. The loss impact could be significant if an operator cannot distinguish the risk impact of changing a low criticality part from accrediting a critical part.Neo Prime proposes to develop a risk-informed approach to the digital transition of the nuclear plants. Neo Prime will extend its patented risk simulation and modeling approach, which is already providing guidance to non-nuclear generation, and extend it to commercial application in the nuclear sector. This will promote design and implementation of secure architectures to reduce risk to mission critical reactor assets, prioritize cost-effective security control deployment and advanced reporting. This framework allows enterprise risk evaluation of resiliency of nuclear facility security planning and implementation, and informs requirements that should be placed on manufacturers of critical digital equipment. Phase I design of a dynamic threat model against nuclear utility components and damage pathways will extend Design Basis Threat analysis to include the latest ICS threats, e.g., US CERT TA17-163A Crash Override. NRC Regulations will be fully incorporated into a stochastic risk-based model of reactor operations, with multiple Neo Prime components focusing on threat groups and attack tactics, the security control measures for insider threat, supply chain security, and A2D transition scenarios, while developing a risk model for safety, security and maintenance. The Phase I risk model will inform decision-making, training and exercising, including cooperative tests with Neo Prime’s current client base. Phase II will focus on extending the Neo Prime RiskFirst platform for automated data entry, risk reporting, alert notifications and security control tracking to allow reactor leadership and security teams to track progress on their cost-effective mitigation strategies, and allow managers to plan and track implementation for safe A2D reactor transitions. Phase II will include the design of a comprehensive simulation and security training regime to protect nuclear facilities via the modified RiskFirst platform.

Phase II

Contract Number: ----------
Start Date: 00/00/00    Completed: 00/00/00
Phase II year
----
Phase II Amount
----