Doctoral Dissertations

Orcid ID

Date of Award


Degree Type


Degree Name

Doctor of Philosophy


Nuclear Engineering

Major Professor

Jamie Coble

Committee Members

Wesley Hines, Richard Wood, Mark Dean


The growing number of cyber-attacks against industrial control systems (ICSs) in recent years elevates the urgent research need for enhancing cybersecurity in industry. As ICS systems are deployed for high-value and safety-critical systems, security requirements are evolving to include resilience to cyber-attacks. Nuclear industry is adopting digital control systems for operational benefits, which brings more cybersecurity concerns as well since several cyber-incidents already occurred even before fully digitalization. Currently, common approaches to industrial cybersecurity focus on signature-based intrusion prevention and network segregation, which may be inadequate for a well-motivated cyber-attack. Therefore, a comprehensive cybersecurity solution platform with defense-in-depth concept is developed in this research to facilitate strengthening the cybersecurity of ICSs.The platform consists of five major systems: a data collection and extraction system, a cyber-attack detection system, a cause analysis system, a cyber-attack response system, and a main control room display system, to provide robust approaches to monitor and assess the security status, and aid the decision making of ICSs based on data analytics from both information technology and operational technology domain. The first two systems were well investigated in this research while frameworks are given for the other three systems limited by data access and experiment scale. To reinforce the cyber-attack resilience of key equipment, a localized cybersecurity strategy is proposed to detect a potential cyber-attack within a controller and potentially infer the faulty signal.In order to investigate the proposed platform and strategy, two cybersecurity testbeds were developed to conduct simulated cyber-attacks. The real-time ICS testbed contains a physical experiment facility and a supervisory control and data acquisition (SCADA) system. The hardware-in-the-loop tested integrates a programmable logic controller with a nuclear system simulator. Various cyber-attacks have been conducted towards these two testbeds, including man-in-the-middle, denial of service, tampering, and false data injection attacks. Both cyber data and process data are collected under normal operation and attack scenarios to develop and evaluate the cyber-attack detection models. The results demonstrate both the centralized platform and localized strategies developed are effective and applicable to all ICSs. This research also demonstrates that data analytic approaches are promising in cybersecurity domain.


Portions of this document were previously published in journal Nuclear Technology and journal IEEE Transactions on Industrial Informatics; in conferences: ANS Winter Meeting 2019, In 11th Nuclear Plant Instrumentation, Control and Human- Machine Interface Technologies 2019, In International Congress on Advances in Nuclear Power Plants; and in book Nuclear Power Plant Design and Analysis Codes. Portions of this document were also submitted to journal Progress in Nuclear Energy which is under review.

Files over 3MB may be slow to open. For best results, right-click and select "save as..."