Nuclear energy regulator wants to use AI to detect cyberattacks on power plants

The agency seeks a vendor to evaluate existing technologies and approaches and select one for a test case.
Davis Besse Nuclear Power Plant along Lake Erie in Ohio (Getty Images)

The Nuclear Regulatory Commission wants outside researchers to determine how machine learning and artificial intelligence can detect and respond to cyberattacks at nuclear power plants, according to a notice.

Vendors, including educational institutions, may respond to NRC‘s sources sought synopsis asking them to first evaluate technologies and approaches for analyzing nuclear plants’ cybersecurity states.

NRC plans to regulate ML and AI tools, but first it needs to know if the technologies can identify abnormal activity resulting from cyberattacks on increasingly complex plant systems.

“The vendor must provide and use an existing experimental infrastructure (e.g. personnel, equipment, facilities) to conduct research and implement a test case,” reads the notice issued Feb. 2. “The research conducted by the vendor is expected to produce data that evaluates the impacts of AI/ML concepts, technologies and applications on nuclear power cybersecurity outcomes and programs — especially those outcomes and programs that may be relevant to new and advanced reactor designs.”


NRC intends to select one vendor that will, in turn, choose a single technology to evaluate for accuracy and reliability, need and availability of ML training data, utility, and risks. The vendor will then produce a technical report with the test case results.

The ideal vendor will be able to simulate nuclear plant systems, including how they integrate with operational technology (OT); measure the consequences of cyberattacks on them; develop ML and AI tools for catching system anomalies due to such attacks; and do so within 16 months of a contract award.

The selected vendor must also provide all necessary research personnel who understand how nuclear plants operate, have expertise in plant cybersecurity, can create simulations, and are familiar with ML and AI and how they apply to IT and OT.

Vendors whose staff lack all the required experience may submit plans for how they intend to acquire it for the contract. Interested vendors have until 4 p.m. EST on Feb. 17, 2022, to respond to NRC’s sources sought.

Latest Podcasts