As the United States accelerates deployment of advanced and small modular reactors (A/SMRs), the nuclear energy sector is embracing a digital future. While digital systems provide operators with big benefits, they can also create vulnerabilities that enable criminals to access critical infrastructure.
To protect the next generation of reactors, cybersecurity has become a critical pillar of trust, safety and resilient operations.
“Cybersecurity can’t be an afterthought — it needs to be discussed and implemented now,” said J’Tia Hart, the Nuclear Nonproliferation division director at the Idaho National Laboratory (INL).
On Aug. 19, INL’s nuclear cybersecurity team hosted the A/SMR Cybersecurity and Operational Resilience Summit in Salt Lake City, bringing together key industry leaders — including Berkshire Hathaway Energy, Curtiss Wright and Hitachi Energy.
The summit focused on shaping cybersecurity frameworks, tools and best practices that ensure secure design, operation and supply chain integrity.
Resilience by design
Nuclear energy companies are designing next-generation reactors with fully integrated digital systems that enable more automated operations. Incorporating system resilience at the start allows these digital systems to anticipate, withstand and recover from cyberattacks or disruptions while maintaining critical functions. The Department of Energy’s Cyber-Informed Engineering (CIE) program embeds cybersecurity principles into the engineering life cycle of A/SMRs and other digital systems.
“We’re really trying to have industry take a comprehensive look at security now — not bolt it on later,” said Hart.
CIE benefits reactor developers and utilities beyond cybersecurity, said Virginia Wright, the Cyber-Informed Engineering program manager at INL. “Adopting CIE is a competitive advantage for SMR vendors and operators,” Wright said. “CIE shortens the time from design to market, reduces regulatory uncertainty and enhances operational resilience.”
CIE offers a novel and efficient pathway for incorporating cybersecurity measures in the design and operation of nuclear energy systems, contributing to the long-term sustainability and security of the energy sector.
Supply chain security for A/SMRs
Ensuring the security of physical, digital and service supply chains is a critical operational focus for A/SMR developers. Any disruption within these supply chains can compromise the integrity and security of the operational enterprise. Managing cybersecurity and other risks within A/SMR supply chains involves addressing numerous complexities. INL is working on identifying vulnerabilities, implementing robust security measures and fostering collaboration across the supply chains.
A/SMR components and software pass through multiple layers of global suppliers, which obscures supply chains and increases opportunities for cyberattacks. INL researchers are helping implement transparent vendor assurance frameworks that offer deep supplier visibility, backed by neutral testing and verification standards for hardware and software.
To accelerate A/SMR deployment, conference attendees stressed that industry must streamline regulations without compromising transparency or safety because even a minor incident can stall progress across the entire sector.
Nuclear-cyber integration and resilience
INL researchers are working to integrate cyber resilience and traditional nuclear safety and security. “To keep nuclear facilities safe in the digital age, nuclear power plant teams need to be trained in both operations and cybersecurity,” said Charlie Nickerson, a nuclear cybersecurity specialist at INL. Right now, those areas often work separately.
For power plants and other nuclear stakeholders, INL’s team helps implement the Defensive Cybersecurity Architecture. This framework combines administrative, physical and technical controls to manage data flows across defined security zones and levels, creating a balanced, risk-informed defense strategy.
“We want to work collaboratively with industry to identify gaps in the sector and, where applicable, utilize our services, capabilities and nuclear expertise to address them,” said Nickerson. “We’re helping solve problems that others can’t solve on their own.”
Strengthen A/SMR resilience by securing HALEU supply
Ensuring operational resilience for A/SMRs requires reliable access to high-assay low-enriched uranium (HALEU), said Justin Coleman, special reactor concepts director at INL. Current U.S. capabilities for enrichment, deconversion and fabrication remain limited, exposing commercial operations to risks associated with dependence on foreign supply.
“Establishing a reliable, domestic HALEU supply chain is critical to making A/SMRs viable and enabling commercial deployment timelines,” said Coleman. The team discussed potential solutions to bridge these challenges to create confidence that fuel will be available for initial core loads and decades of refueling cycles.
Operational readiness for UAS risks
Uncrewed aerial systems (UAS) pose an escalating threat by enabling blended cyber-physical attacks, making them an immediate and easily accessible risk to future nuclear reactors and other infrastructure, said Chris Valleau, INL’s national security test range manager. Experts emphasized that addressing regulatory, policy and operational frameworks is essential for securing A/SMRs from potential vulnerabilities.
“UASs represent a rapidly evolving and multi-angle threat to A/SMRs, combining the potential for physical disruption with advanced cyber surveillance and attack capabilities,” said Valleau. “There is a full spectrum of UAS threats, from kinetic attacks such as explosive payloads against critical infrastructure to cyber-enabled operations such as network analyzing reconnaissance, radar deception and delivery of rogue hardware near vulnerable systems.”
The reduced staffing and remote deployment of many A/SMRs increase their exposure to these risks. INL is working with partners to develop detection and mitigation technologies, find regulatory gaps and response strategies to address UAS’ increasing role in the adversarial tool kit.
The path forward
“The summit was a great opportunity to gain insights into cybersecurity and other issues like the HALEU supply chain and the threats drones pose,” said Andrew Ginter, vice president of Industrial Security at Waterfall Security Solutions. “I learned there’s a widespread awareness of intrinsic safety and probabilistic risk assessment, but the same is not yet true for cyber — this is both a need and an opportunity.”
To tackle these challenges, INL’s nuclear nonproliferation team recommended forming a public-private national coordinating entity to advance national laboratories’ shared testing capabilities and to coordinate test benches, standards and intermediary functions for the A/SMR market. Key initiatives include piloting CIE tools within at least one A/SMR design, launching misuse-scenario simulations to stress-test A/SMR designs, developing workforce curricula for cyber-physical nuclear operations, and accelerating UAS mitigation policies and technologies.
INL’s team will establish shared test facilities for vendors, utilities and regulators. They will formalize acceptance standards for digital and physical components, assess systemic risks across digital subsystems and supply chains, and create an A/SMR Information Sharing and Analysis Center. Additionally, they plan to expand the use of digital twins for testing, training and validation.
In the long term, a national coordinating hub will serve as a lasting resource to integrate cyber, safety and security frameworks with consequence-driven analysis. It will harmonize regulatory frameworks to streamline deployment and build workforce pipelines through universities, labs and utilities.
“Energy generation deployment has a variety of challenging security hurdles,” said Jeffrey Baumgartner, senior vice president and chief security officer at Berkshire Hathaway Energy. “It was great to have INL lead this meeting to discuss the additional complexities that advanced reactors pose in architecting and engineering a secure solution. We need to continue these conversations to make progress for a secure energy future.”
