NUCLEAR SAFETYHow Hollywood-Style “Break in” Rooms Are Securing the Future of Nuclear
Security is paramount for the nation’s current fleet of light water reactors, but the stakes for small modular reactors are especially high. Small modular reactors promise quicker build timelines and lower operating costs than light water reactors. They achieve these enhancements through better designs, higher levels of automation and smaller operating crews. But those same design choices could expand the opportunity for cyber and insider threats.
Nuclear power plants rarely resemble a Hollywood script. Yet at the Idaho National Laboratory, a simulator puts operators into a scene that could have come straight from the silver screen. Laser sensors, badge readers and biometric scanners guard the entrance. A few well-timed cyberattacks open the way for a silent physical breach.
These staged scenarios are not just training exercises; they are conversation starters. By walking partners through realistic attacks, INL’s nuclear cyber team helps uncover hidden vulnerabilities, sharpen perspectives and form the foundation for building innovative solutions that secure the future of nuclear energy.
While security is paramount for the nation’s current fleet of light water reactors, the stakes for small modular reactors are especially high. Small modular reactors promise quicker build timelines and lower operating costs than light water reactors. They can achieve these enhancements through better designs, higher levels of automation and smaller operating crews. But those same design choices could expand the opportunity for cyber and insider threats. INL is working to accelerate innovation in nuclear cybersecurity so the reactors of tomorrow are not only safe and efficient, but secure and resilient.
Innovation Is Necessary Now
“Digital technology has become inseparable from nuclear operations,” said Charlie Nickerson, a nuclear cybersecurity specialist at INL. “Every plant in operation today relies on a mix of sensors, control systems and data streams that would have been unthinkable three decades ago.”
This digital transformation has created efficiencies in monitoring and controlling reactors, but it has also expanded the potential attack surface for adversaries.
Modern power reactor designs rely on high levels of automation and smaller operating crews, giving each operator broader authority over critical systems. They also lean more heavily on remote access, secure data transfer and supply chains that stretch across borders. Each of these choices strengthens the business case for nuclear power but introduces new sources of risk that must be managed.
Traditional compliance-based approaches to cybersecurity cannot keep pace with this new reality. “Regulations are essential, but they were designed for a different era,” Nickerson said. “Meeting checklists alone will not prepare operators for adversaries who study systems, adapt quickly and combine cyber tactics with traditional sabotage tools.”
“What is needed is innovation in how we simulate threats, how we build systems to prevent unauthorized access, how we detect them earlier in the attack life cycle and how we train people to respond,” said Nickerson.
