Language selection


Assessing Cyber Security in Small Modular Reactors

Abstract of the technical presentation presented at:
WINS Workshop on the Security of Small Modular Reactors
November 21, 2019

Prepared by:
Yubo (Kevin) Lei
Canadian Nuclear Safety Commission


In the past several years, CNSC staff has carried out several pre-licensing reviews (also known as vendor design reviews, or VDRs) at vendor’s request. The VDR process is aimed at informing the vendor of the overall acceptability of the reactor’s design through early identification and resolution of potential regulatory or technical issues during the design process; particularly those that could result in significant changes to the reactor’s design or analysis. CNSC staff carried out several early-stage VDRs for small modular reactors (SMRs), which entailed assessing whether the design intent complies with the CNSC design requirements and confirms, by its design documentation, that the vendor understands CNSC’s requirements and expectations regarding the provision for cyber security in the design.

Cyber security risk management is relevant at all phases of the nuclear facility and system life cycles in that it informs the development, implementation, and maintenance of cyber security measures. CSA N290.7 and REGDOC 2.5.2 require cyber security in the nuclear facility design to protect computer-based instrumentation and control (I&C) systems and components from cyber attacks. Early stage VDRs for SMR focuses on computer-based I&C systems and components important to safety. A set of cyber security review criteria was developed and used to determine how each vendor’s design intent meets applicable CNSC regulatory requirements and guidance. This presentation provides an overview of these review criteria and some general observations from CNSC staff assessments, without providing any specific proprietary vendor design information.

To obtain a copy of the abstract’s document, please contact us at or call 613-995-5894 or 1-800-668-5284 (in Canada). When contacting us, please provide the title and date of the abstract.

Page details

Date modified: