**3. Cyber risk**

Risk is classically defined by Kaplan and Garrick as the possibility of loss or injury, including the degree of probability of such a loss [12]. Traditional safety PRA in the nuclear industry uses a logical framework combining fault tree analysis

## *Cyber-Informed Engineering for Nuclear Reactor Digital Instrumentation and Control DOI: http://dx.doi.org/10.5772/intechopen.101807*

and event tree analysis to identify the likelihood and consequence of severe accidents which could lead to radiation release impacting the health and safety of the public. Nuclear safety PRAs typically use data on functional failures (i.e., manufacturer failure analyses, historical plant and industry failure data) along with known events (i.e., historical data on prior nuclear-significant events).

Unfortunately, the PRA approach is insufficient for cyber risk analysis as the complete set of failure modes for digital assets and systems may be unknown as they can fail in unexpected ways. Additionally, deliberate actions, such as intentional, intelligent, and adaptive actions by an adversary are challenging, if not impossible, to effectively model. Furthermore, threats and vulnerabilities are constantly evolving, a reality which does not lend itself to PRA. Therefore, rather than follow the Kaplan and Garrick risk triplet of 'scenario, likelihood, consequence' [12], cyber risk is better identified by evaluating threats, vulnerabilities, and consequences [13].

It is important to note that cyber risk includes all risk from both intentional and unintentional actions. Holistic cyber risk includes human performance errors and equipment failures as well as adversarial events. Adversarial events include malicious actions, including those by an unwitting insider, intended to cause damage or disruption to reactor and facility operations. Adding to the concern, intelligent threat actors can potentially adversely impact nuclear DI&C by remotely exploiting vulnerabilities, a threat that does not exist with analog I&C.
