Next Article in Journal
A Comparative Analysis of Defense Mechanisms Against Model Inversion Attacks on Tabular Data
Previous Article in Journal
ARGUS: An Autonomous Robotic Guard System for Uncovering Security Threats in Cyber-Physical Environments
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
JCP
Volume 5
Issue 4
10.3390/jcp5040079
jcp-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Review

A Systematic Literature Review on AI-Based Cybersecurity in Nuclear Power Plants

by
Marianna Lezzi
1,*,
Luigi Martino
2,
Ernesto Damiani
2,3 and
Chan Yeob Yeun
4
1
Dipartimento di Ingegneria dell’Innovazione, Campus Ecotekne, Università del Salento, Via per Monteroni, s.n., 73100 Lecce, Italy
2
College of Computing and Mathematical Sciences, Khalifa University, Center for Cyber-Physical Systems (C2PS), Abu Dhabi P.O. Box 127788, United Arab Emirates
3
Dipartimento di Informatica, Università degli Studi di Milano, Via Giovanni Celoria 18, 20133 Milano, Italy
4
Department of Electrical Engineering and Computer Science, Khalifa University, Abu Dhabi P.O. Box 127788, United Arab Emirates
*
Author to whom correspondence should be addressed.
J. Cybersecur. Priv. 2025, 5(4), 79; https://doi.org/10.3390/jcp5040079
Submission received: 7 July 2025 / Revised: 8 August 2025 / Accepted: 26 September 2025 / Published: 1 October 2025
(This article belongs to the Section Security Engineering & Applications)
Browse Figures
Versions Notes

Abstract

Cybersecurity management plays a key role in preserving the operational security of nuclear power plants (NPPs), ensuring service continuity and system resilience. The growing number of sophisticated cyber-attacks against NPPs requires cybersecurity experts to detect, analyze, and defend systems and data from cyber threats in near real time. However, managing a large numbers of attacks in a timely manner is impossible without the support of Artificial Intelligence (AI). This study recognizes the need for a structured and in-depth analysis of the literature in the context of NPPs, referring to the role of AI technology in supporting cyber risk assessment processes. For this reason, a systematic literature review (SLR) is adopted to address the following areas of analysis: (i) critical assets to be preserved from cyber-attacks through AI, (ii) security vulnerabilities and cyber threats managed using AI, (iii) cyber risks and business impacts that can be assessed by AI, and (iv) AI-based security countermeasures to mitigate cyber risks. The SLR procedure follows a macro-step approach that includes review planning, search execution and document selection, and document analysis and results reporting, with the aim of providing an overview of the key dimensions of AI-based cybersecurity in NPPs. The structured analysis of the literature allows for the creation of an original tabular outline of emerging evidence (in the fields of critical assets, security vulnerabilities and cyber threats, cyber risks and business impacts, and AI-based security countermeasures) that can help guide AI-based cybersecurity management in NPPs and future research directions. From an academic perspective, this study lays the foundation for understanding and consciously addressing cybersecurity challenges through the support of AI; from a practical perspective, it aims to assist managers, practitioners, and policymakers in making more informed decisions to improve the resilience of digital infrastructure.

1. Introduction

Nuclear power plants (NPPs) are among the most representative examples of critical infrastructure targeted by cyber-attacks, encompassing a myriad of complex industrial processes and numerous information technology (IT) and operational technology (OT) systems that perform safety and security functions [1]. Specifically, with the advent of the fourth industrial revolution, the integration of Cyber Physical Systems (CPS) in the context of NPPs, i.e., the presence of physical elements with computing, communication, and control capabilities, has contributed to increased cyber risks, exposing software, networks, equipment interfaces, and digital data to potentially devastating cyber-attacks [2].
Cybersecurity is one of the greatest challenges in the NPP context, where the use of digital instrumentation and control (I&C) systems and devices such as programmable logic controllers (PLCs) and Ethernet/IP networks improves communication and the control of NPPs, but also exposes the entire infrastructure to dangerous cyber threats [3]. The Institute for Security and Safety at the Brandenburg University of Applied Science defines cybersecurity in the field of nuclear facilities as “the range of measures enacted to prevent, detect, or respond to the theft of Category I nuclear material or the sabotage of a nuclear facility that could result in catastrophic consequences through cyber-attacks, either alone or combined with physical attacks” [4]. On the other hand, Ref. [5] states that a cybersecurity assessment allows for the identification of possible cyber-attack vectors and existing weaknesses in protecting the NPP from cyber threats. Major cybersecurity issues in the NPP domain include [3] the globalization and decentralization of the manufacturing and supply chain of nuclear reactor components, which have made the management of the cyber-attack aspect complex; the need for configuration-specific vulnerability assessments that consider different interconnected devices, connection types, network architectures and protocols; the presence of highly non-linear nuclear reactors with parametric uncertainties, which make their modeling complex; and the distributed nature of nuclear control systems, which complicates the application of cybersecurity solutions. In this context, the multidimensional and unpredictable nature of current cyber-attacks [6] could lead to significant consequences for the entire business, in terms of damage to nuclear facilities, loss of nuclear security information and theft of nuclear or radioactive material [7]. Moreover, the inherent vulnerabilities of the systems already in use at NPPs, which could potentially be exploitable by sophisticated cyber-attacks, contribute to significantly increasing the attack surface [8].
Even though NPPs have control/monitoring and corporate networks separate from the external network, they cannot be considered secure from cyber threats. This is evident from cyber-attacks on NPPs over the years, such as those on Davis-Besse in 2003, Natanz in 2010, Monju in 2014, Korea Hydro in 2014, and Gundremmingen in 2016, which have highlighted the need to manage cybersecurity in such contexts [9]. The adoption of appropriate cyber risk mitigation strategies plays a key role in preserving the security and safety of nuclear operations, service continuity, and systems resilience [10]. In order to mitigate cyber threats to NPPs, the U.S. Nuclear Regulatory Commission (NRC) published Regulation Guide (RG) 5.71 in 2010 [11], which provides the technical, operational, and management security controls to be adopted in the security lifecycle process of nuclear facilities to protect critical digital assets (CDAs) from cyber-attacks, including the Design Basis Threat (DBT). Similarly, the Korea Institute of Nuclear Nonproliferation and Control (KINAC) published the Regulatory Standard on Cyber Security for Nuclear Facilities (RS-015) in 2014, based on RG 5.71, and conducted annual cybersecurity audits in accordance with the Information and Communication Infrastructure Protection Act [12].
However, to assess, predict, and reduce the risk associated with increasingly frequent cyber threats, advanced data analysis techniques based on Artificial Intelligence (AI) are needed, such as cyber threat intelligence (CTI) or machine learning (ML) and deep learning (DL) models, to analyze attack patterns and suggest intelligent defensive actions [13]. AI is a powerful technology that can provide analytics and insights to protect against evolving cyber-attacks by quickly scanning millions of events and tracking a wide variety of cyber threats to anticipate and act before the problem occurs. Specifically, the AI-based risk assessment process focuses on the following activities [14]: automated vulnerability identification and assessment, automated threat hunting, attack path modeling, automated risk analysis and impact assessment, and predictive intelligence to anticipate attacks. For instance, the integration of AI plays a key role in improving the cybersecurity of critical systems within NPPs, enabling malware detection and prevention through behavioral analysis, endpoint protection, network segmentation, and continuous monitoring [15]. Furthermore, the use of ML algorithms allows anomalies in the NPP system to be detected during normal operations with early warning and response mechanisms for ransomware and spyware, reducing vulnerability to advanced cyber threats [16]. Nevertheless, AI does not only play the role of a defender; malicious actors are increasingly exploiting AI-based tools to launch cyber-attacks and breach security systems [17]. To effectively detect and counter AI-based attacks, it is necessary to train ML models on highly versatile, diverse, and complex datasets to recognize malicious traffic patterns with novel characteristics [18].
Although cybersecurity dimensions (i.e., critical assets, security vulnerabilities, cyber threats, cyber risks/impacts, and security countermeasures) in the NPP domain have been investigated in the recent literature [3,19,20], the analysis of these dimensions is fragmented and insufficient when considering the role played by AI technology. In fact, the study conducted by [3] analyses cyber risks, vulnerabilities, attack vectors, and defense methods in digitalized nuclear facilities, without focusing on AI-based protection techniques or ML-based tools for anomaly detection in industrial control system networks and controllers. Similarly, the study by [19] identifies critical digital assets, risk assessment methods, and threat analysis, as well as protection measures in the context of NPPs, without referring to the role played by AI technology. The work of [20] also provides an analysis of cybersecurity controls and risk assessment methods for NPPs, excluding AI techniques.
To fill this research gap, the aim of the paper is to provide a structured analysis of the key dimensions of the cyber risk assessment process as it relates to NPPs, emphasizing the contribution of AI technology. A systematic literature review (SLR) will be used as a rigorous replicable, transparent, and scientific research approach. Specifically, in accordance with the activities underpinning the cyber risk assessment process disclosed by the main standards in the cybersecurity field (e.g., ISO/IEC 27005:2018, IEC/TS 62443-1-1:2012 and 62443-3-2:2020, and NIST SP 800-30:2012 [21]), the research questions (RQs) addressed by this SLR are as follows:
  • RQ1: What are the critical assets to be preserved from cyber-attacks in the context of NPPs through the support of AI?
  • RQ2: What are the security vulnerabilities and cyber threats in NPPs that can be managed through AI technology?
  • RQ3: What are the cyber risks and business impacts of cyber-attacks on NPPs assessable through AI?
  • RQ4: What are the AI-based security countermeasures to mitigate cyber risks in the context of NPPs?
Through critical and comparative analysis of the content of the papers selected in this SLR, the four RQs will be addressed to achieve the study’s aim. Moreover, an original tabular outline will be developed to systematize the information emerging from the literature, with the aim of providing an effective tool to support cybersecurity practitioners and managers in managing cybersecurity through AI technology. Finally, the extent of the scientific literature will be evaluated to define future research directions.
The rest of the paper is structured as follows. Section 2 describes the SRL procedure adopted, while Section 3 includes an analysis of the selected papers in the literature based on the areas of analysis that characterize this study (i.e., critical assets, system security vulnerabilities and cyber threats, cyber risks and business impacts, AI-based security countermeasures). Section 4, relating to the discussions, provides a tabular outline summarizing the main findings of the review, as well as the research and practical implications of the study. Finally, Section 5 concludes the research by providing final observations, limitations, and directions for future research.

2. Research Method

This study uses the SLR approach, a replicable, transparent, and scientific process that ensures the traceability of researchers’ decisions, procedures, and findings [22], to provide an overview of the key dimensions of the cyber risk assessment process with regard to NNPs, emphasizing the role played by AI technology. In particular, the SLR procedure of [23], adopted to characterize the cybersecurity awareness in the Industrial Internet of Things (IIoT) and which envisages review planning, search execution and document selection, and document analysis and reporting results as macro-steps, was taken as a reference and reorganized according to the needs of this study. In particular, the search execution and document selection step involved the systematic search, filtering, and analysis of relevant studies using the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) guidelines [24]. The steps, with their respective activities, followed in this SLR are shown in Table 1, while the research design flow chart is depicted in Appendix A.
Although the literature review cannot be considered exhaustive as it is based on the use of secondary sources (i.e., scientific papers from bibliographic databases used in academia), it provides an important overview of the main dimensions related to the cyber risk assessment process in the context of NPPs, highlighting the role of AI.

2.1. Review Planning

This step brings together all the activities underpinning the review process, starting with the definition of the areas of analysis, in line with the study’s objective, moving on to the selection of the information sources to be used, and finally to the construction of the search query.
With the aim of providing an overview of the key dimensions of cybersecurity in relation to NNPs, highlighting the role played by AI technology in cybersecurity management, the following areas of analysis (AoA) were considered (see Table 2) [21]: (AoA1) critical assets, (AoA2) security vulnerabilities and cyber threats, (AoA3) cyber risks and business impacts, and (AoA4) AI-based security countermeasures. These areas of analysis allow the four research questions underlying the study to be answered.
To achieve the objective of the study, the literature search process was conducted through Scopus (www.scopus.com (accessed on 30 June 2025)) and Web of Science (www.webofknowledge.com (accessed on 30 June 2025)), as they are recognized as the two largest and most comprehensive sources of publications and impact indicators capable of best representing the state of the art [25]. All the sources were accessed in June 2025.
Specifically, the search criteria were based on the keywords “cybersecurity”, “Artificial Intelligence”, and “nuclear power plant”; however, to strengthen the search, the most significant related words for each of the three keywords were considered. Firstly, based on the exploratory study conducted by [26] on the role of cybersecurity in modern networked industrial contexts, the keyword “cybersecurity”, in addition to the variant “cyber security”, was associated with the terms “cyberspace”, “cyber space”, “cyber threat*”, “cyber-attack*”, “security vulnerabilit*”, “cyber vulnerability*”, “security countermeasures”, “security measures”, and “cyber risk*”. All these terms are combined to represent the concept of cybersecurity in its key dimensions. Secondly, the keyword “Artificial Intelligence”, in addition to its acronym “AI”, was joined by the terms “machine learning”, “ML”, “deep learning”, and “neural networks”, which represent its main macro-subsets [27]. Moreover, the terms “automated vulnerability”, “threat modelling”, “cyber threat intelligence”, “threat hunting”, “attack path”, “automated risk”, “predictive intelligence”, and “intelligent technique*” were also included, as they encompass the different activities underlying the AI-based risk assessment process [14]. Finally, the keyword “nuclear power plant”, in addition to its acronym “NPP” was combined with the most used synonyms in the literature, as identified in a preliminary study of paper titles conducted using Google Scholar in the macro-domains “nuclear” and “cybersecurity. As a result of this analysis, the following terms were considered: “nuclear facilit*”, “nuclear infrastructure*”, “nuclear plant”, “nuclear power system”, “nuclear digital instrumentation and control systems”, “nuclear instrumentation and control systems”, “nuclear I&C”, and “nuclear power reactors”.
After this preparatory analysis, considering the syntax for querying the Scopus and Web of Science databases, the following search query was established: (“cybersecurity” OR “cyber security” OR “cyber-attack*” OR “cyber threat*” OR “cyber space” OR “cyberspace” OR “security vulnerabilit*” OR “cyber vulnerabilit*” OR “cybersecurity vulnerabilit*” OR “cyber risk*” OR “security countermeasures” OR “security measures”) AND (“Artificial Intelligence” OR “AI” OR “Machine Learning” OR “ML” OR “deep learning” OR “neural networks” OR “automated vulnerability” OR “Threat modeling” OR “cyber threat intelligence” OR “threat hunting” OR “attack path” OR “automated risk” OR “predictive intelligence” OR “intelligent technique*”) AND (“nuclear power plant*” OR “NPP” OR “nuclear facilit*” OR “nuclear infrastructure*” OR “nuclear plant” OR “nuclear power system” OR “nuclear digital instrumentation and control systems” OR “nuclear instrumentation and control systems” OR “nuclear I&C” OR “nuclear power reactors”).

2.2. Search Execution and Document Selection

This macro-step outlines the procedure for defining the final sample of papers to be analyzed. Firstly, bibliographic sources are queried, the search results are filtered according to specific criteria, and duplicates are removed from the selected bibliographic sources. Secondly, inclusion/exclusion criteria are defined based on an analysis of the title/abstract and the entire content of the papers.
Specifically, the search conducted on Scopus using the fields ‘Article Title, Abstract, Keywords’ returned 73 articles, while the search conducted on Web of Science using the ‘Topic’ field (consisting of the fields Title, Abstract, Author Keywords and Keyword Plus) returned 22 articles. The results were then filtered by subject area (excluding areas belonging to the social sciences and medicine), by document type (excluding book chapters and conference reviews), and by source type (excluding books and book series). No restrictions were applied regarding the year of publication or language used (all documents were written in English). Therefore, the initial sample of 95 scientific papers was reduced to 72 following the application of the selected filters. Furthermore, to avoid the duplication of papers from the two scientific databases considered for the analysis, a comparative analysis of the title and authors of the papers was carried out, which reduced the number of papers to 54. Of this sample, 7 conference papers could not be downloaded, nor was it possible to view the abstract to extract the main information.
Therefore, two exclusion criteria were defined. The first exclusion criterion allows for the selection of papers with a title and/or abstract that refer to the concept of cybersecurity in the domain of NPPs, including aspects of artificial intelligence also applied to the risk assessment process. As a result of the analysis of the title and abstract, 19 papers were discarded from the sample, as they were considered off-topic with respect to the research objective. In particular, most of the discarded papers do not focus on the NPPs domain (which is only mentioned as an example of Industrial Control Systems, Cyber Physical Systems, Supervisory Control and Data Acquisition systems or critical infrastructures), while one paper did not focus on either cybersecurity or artificial intelligence aspects and another focused on the concept of cyber war (which is outside the scope of this paper). On the other hand, the second exclusion criterion is based on a detailed analysis of the entire content of the papers to gather the information necessary to answer one or more RQs. Following the application of this criterion, 5 papers were discarded. Specifically, the content analysis revealed that two papers did not include any explicit reference to AI technology to support the cybersecurity management process, while a preliminary study published in a conference was excluded because its extended version published in a journal was considered in this analysis. Overall, the application of the two exclusion criteria resulted in the selection of 23 items, which represent the final sample of papers considered in this SLR. This sample is summarized in Appendix B, indicating the type of paper (conference paper or journal paper), year of publication, institution, and country of origin.
At the operational level, all the authors who contributed to this study first individually analyzed the different papers under consideration to reflect on the two exclusion criteria to be applied and to obtain an idea of the selection process to be carried out. Subsequently, panel discussion sessions were held, through which all authors agreed on the papers to be eliminated/included for each of the two selection criteria identified. Figure 1 depicts the search execution and document selection step.

3. Document Analysis and Results Reporting

With the aim of analyzing the selected papers in a structured manner, carrying out a comparative and critical discussion of the content, the key notes were first collected in an analysis matrix. This matrix allows us to record general information on the papers (i.e., title, authors, abstract, keywords, and publication year) to track the references consulted and the information needed to answer the RQs guiding this study (i.e., critical assets, security vulnerabilities and cyber threats, cyber risks and business impacts, and AI-based security countermeasures in the domain of NPPs). The results of the SLR are provided in the following sections according to the four areas of analysis defined in the review planning step.

3.1. Critical Assets to Be Preserved Against Cyber-Attacks in the NPPs

To manage cybersecurity and assess cyber risks on business performance, the first step to focus on is identifying valuable assets (including hardware, software, and data) to be protected from cyber-attacks [28]. Specifically, the National Institute of Standard and Technology (NIST) defines a critical asset as “an asset of such extraordinary importance that its incapacitation or destruction would have a very serious, debilitating effect on the ability of an organization to fulfill its missions” [29]. Based on this definition, this section reports evidence from the literature regarding critical assets vulnerable to cyber-attacks in the context of modern NPPs that can be preserved through AI support. Specifically, critical assets are identified, emphasizing their role in the context of reference that would be compromised in the event of a successful cyber-attack.
In the context of NPPs, I&C systems emerge as the critical asset most discussed in the literature that need to be preserved from cyber-attacks through AI-based technologies [12,30,31,32,33,34,35,36,37,38,39,40,41]. In recent decades, I&C systems have undergone a gradual transition from analog to digital thanks to the use of computers and microprocessors. They play a key role in enhancing plant-management capabilities and improving the security and performance of NPPs. Indeed, in the context of NPPs, digital I&C systems are used to collect information from various sensors to determine the status of different parameters, such as pressure, water level, radiation level, flow rate, and temperature, among others, in order to protect, control, and monitor the systems operating in nuclear facilities [12]. Digital I&C systems have been adopted not only in NPP safety systems, such as reactor protection systems (RPS), engineered safety features actuation systems (ESFAS), safety instrumentation systems, and safety monitoring systems, but also in non-safety systems, such as instrumentation control systems, information processing and monitoring systems, and non-safety monitoring systems [32]. Although the transition to digital has brought a number of clear benefits, it has also made I&C systems vulnerable to new and dangerous cyber threats, which can affect the performance and safety of the entire NPP [30].
Other studies, such as those by [36,42,43,44], refer more generally to the control systems of NPPs as critical assets to be preserved from cyber-attacks. Specifically, Ref. [44] focuses on semi- and fully autonomous control systems (ACS), which are adopted to reduce the operating and maintenance costs of advanced reactors, thereby increasing their long-term economic viability. On the other hand, Ref. [43] refers to AI-driven ACS, recognizing that their design, implementation, and deployment radically redefine the interface of cyber-attacks in the NPPs context. These control systems exploit digital I&C and digital twinning (DT) technologies based on machine learning (ML). The ACS is designed to detect plant-level malfunctions, determine component status, predict input and output (I/O) components, and select a control strategy based on component and plant information. In other words, an ACS can process real-time operational data and make process-informed decisions based on individual DTs without human intervention. It enables remote implementation and ensures reliable operations with fewer operators required on a 24/7 basis. On the other hand, Ref. [42] addresses the cybersecurity challenges related to NPPs control systems by considering four main layers that characterize them. The first layer is the physical layer, where sensors and actuators are used to control the physical system, while the second layer is the distributed controller layer, where devices such as PLCs are used and which is responsible for implementing automatic control based on the current state of the monitored component. The third level is that of the process control network, where detection, control, and monitoring functions are performed using control and communication protocols (such as Modbus, DNP3). Finally, the fourth level is the supervisory control and data acquisition level, which is directly connected to the process control network, and contains systems such as control consoles, workstations, servers, network equipment, and human–machine interface systems where operators can monitor and control the physical process. Finally, Refs. [36,41] focus on the digital control systems of small modular reactors (SMRs), which optimize control, reduce costs, and extend reactor lifetime. Specifically, as highlighted above, the most critical cybersecurity issues are found on I&C systems integrated into SMRs.
The studies conducted by [16,31,40,42,45] emphasize the concept of cybersecurity for communication networks and protocols within NPPs. Specifically, Ref. [31] discusses three zones in the individual operation network of NPPs, namely the Internet Network, Internal Network, and Control and Monitoring Network. Although the first two networks are physically separated, data can be transmitted between the two networks via an inter-network data transmission system. On the other hand, the control and monitoring networks are separated from the Internet and internal networks, but they can still be the target of cyber-attacks because they are hierarchically interconnected to receive operational information from the equipment that monitors the control system. Furthermore, Ref. [16] deals with cybersecurity issues of network traffic within NPPs, i.e., the counting of incoming and outgoing data packets, focusing on the volume and communication patterns used. Finally, Ref. [45] focuses on strengthening the security of the OPC-UA communication protocol to manage the cybersecurity of refueling machines (RM). RM is a safety-critical system in NPPs, used for refueling during plant reactor shutdowns or maintenance periods. In addition, Ref. [46] aims to preserve the cybersecurity of RMs, in particular the data they handle, by breaking down and representing their main functions.
Lastly, the study by [47] focuses on the cyber-threats against NPP safety shutdown systems, which are designed to automatically and rapidly shut down the nuclear reactor in the event of faults or accidents.
Table 3 provides an overview of critical assets to be preserved from cyber-attacks in the context of NPPs, based on the literature reviewed. Specifically, it highlights the roles played by these assets that would be compromised in the event of a cyber-attack.

3.2. Security Vulnerabilities and Cyber Threats in the NPPs

As in other critical industries, in the context of modern NPPs, the integration of digital technologies offers several advantages (such as the use of software, high-speed data processing, and the use of advanced detection or fault-tolerance techniques) [33], but it also increases the complexity of security management, introducing vulnerabilities to a wide variety of cyber-attacks through increased connectivity [16,36,48]. This section compiles evidence from the literature related to security vulnerabilities and cyber-attacks that characterize the context of NPPs and can be managed through AI support. In particular, the aim is to highlight the key points that define these key dimensions of cybersecurity.
Vulnerabilities in the context of NPPs are not always intuitive and require specialized skills and tools for identification and remediation [40]. They raise concerns for both nuclear safety and security [43]. On the other hand, cyber-attacks against NPPs are considered hostile and malicious intrusions into control systems and components, with the potential to compromise the availability, integrity, or confidentiality of their operations [42]. These intrusions can also be the result of internal exploits that cause abnormal behavior in the control system, networks, or processes.
Many studies in the literature refer to the vulnerabilities [12,30,36,40,42,48,49] and cyber threats [16,31,32,36,38,40,43,48] that characterize the digital control systems of NPPs and the networked devices integrated with them, and which can be detected and managed through AI technologies. In particular, [48] state that it is necessary to be aware of components and devices of the control system to identify the vulnerabilities associated with it, the malicious actions that can exploit these vulnerabilities, and the necessary cybersecurity control actions to be implemented. Ref. [30] specifically consider the vulnerabilities of critical digital assets of I&C systems, which, if breached by cyber-attacks, can affect the performance and safety of the entire NPP. According to [49], periodic analysis of control system vulnerabilities and strengthening controls with respect to identified security measures can play a key role in preserving the cybersecurity of NPPs. Moreover, [36] address vulnerabilities related to False Data Injection Attacks (FDIAs) that threaten the digital control system of NPPs, particularly cyber-physical sensors. Specifically, FDIAs generate false instructions regarding the control of various components of nuclear plants and could compromise the operation of the entire plant.
In general, vulnerability analysis is divided into identification and verification phases, depending on the inspection level during vulnerability scanning [12]. Identification refers to the list of existing vulnerabilities that may be present in the target asset, while verification concerns confirming that these existing vulnerabilities in the target asset are cybersecurity threats. Regarding the identification phase, there are network-based scanners that focus on devices connected to a network to determine existing vulnerabilities related to firewalls, operating systems, and services; on the other hand, host-based scanners collect information about the agents installed in each inspection target and perform a vulnerability analysis based on the information obtained [42]. The latter type of vulnerability scanner has a number of limitations in the context of NPP I&C systems [12].
The cybersecurity of NPPs can be compromised by a variety of adversaries, such as state agents, hacktivists, and disgruntled employees, each with different motivations and resources [48]. Such attackers can exploit system vulnerabilities through various techniques, including mimicking, man-in-the-middle attacks, network spoofing, packet sniffing and modification, sensor masking, and Denial of Service [40], which can compromise the security of data, systems, and the wired and wireless digital I&C network [3].
According to the study by [16], malware designed to penetrate and exfiltrate critical information unobtrusively can have devastating results in a NPP. In particular, the study draws attention to ransomware attacks, known to encrypt critical data and demand a fee for its release, and spyware infiltration, which steals confidential information and data without authorization to conduct illicit activities aimed at obtaining trade secrets or stealing money. On the other hand, [36,38] state that one of the most powerful potential cyber-attacks against small modular reactors (SMRs) is the false data injection attack (FDIA). Leveraging this attack, adversaries introduce subtle corruption in sensor measurements or other signals to give the impression of abnormal conditions; this could trigger unsafe control actions by the system, alter the system’s response to real events, or falsify process data without triggering conventional anomalies. Furthermore, [43] identify six primary attack scenarios referring to AI-driven ACS, namely attacks on ML functions, attacks on ML classifiers, attacks on ML training environments, insider threats targeting ML models within operational environments, breaches of multi-factor access control systems, and attacks on Material Access Control Video Surveillance System. Finally, the study by [31] focuses on advanced persistent threats (APTs), which persistently target a specific object over a long period of time. These attacks are also a major concern in the context of NPPs, as they do not rely on the use of already known attack patterns and do not exploit vulnerabilities, making signature-based pattern matching methods ineffective.
In general, cyber-attacks against NPPs can be classified into four macro-groups [32]: (1) direct attacks on digital systems to make them unavailable or cause abnormal behavior (e.g., attacks on a digital output module of the reactor protection system, RPS); (2) indirect attacks on the control logic of non-digital components such as pumps and valves (e.g., attacks on a programmable logic controller, PLC, which controls analog components); (3) operator failures, which are attacks on information systems that block data or replace it with incorrect data (e.g., attacks on a monitoring system); and (4) initial events, which are attacks that cause initial events such as loss of coolant incident (LOCA), interface systems LOCA (IS-LOCA), and station blackout (SBO).
Several taxonomies have been developed to profile cyber threats against NPPs [48]. For instance, the International Atomic Energy Agency has created a list of internal and external threats to nuclear facilities, defining their resources, attack period, tools used, and motivations [50]. On the other hand, the US Defense Science Board has defined a layered threat taxonomy system that describes threats in terms of financial resources, capabilities, and potential impact [51]. Finally, Intel Corporation has compiled a Threat Agent Library (TAL) that defines 21 unique threat agents, describing them through 9 attributes (i.e., intent, access, outcome, limitations, resources, skill level, objective, visibility, and motivation) [52].
Table 4 summarizes key points related to security vulnerabilities and cyber threats in the context of NPPs, while Figure 2 provides a taxonomy of the main cyber threats characterizing the same sector.

3.3. Cyber Risks and Business Impacts for the NPPs

Cyber risk assessment in the context of NPPs, commonly defined as the probability that a cyber-attack may occur multiplied by the impact it may have, is calculated in terms of failure rates. This assessment, considering the digitization that is affecting NPPs and the increasing frequency of cyber-attacks, involves a number of skills, namely the consultation of experts in the domain of cybersecurity, nuclear engineering, and machine learning [44]. The Cyber Security Plan (CSP) is now commonly used as a measure to identify digital equipment in the NPP’s control network and assess its level of cyber risk. However, the literature demonstrates a lack of real-time cyber risk assessment techniques [49]. This section collects evidence from the literature regarding the potential cyber risks and business impacts manageable through AI techniques that characterize modern NPPs when cyber-attacks breach critical assets.
The literature review shows that cyber-attacks against nuclear reactors can sabotage their operation (by interrupting the power supply or causing the reactor to operate at unsecure power levels) or the operation of their I&C systems (e.g., by injecting false data into priority signals or altering the triggering signal of emergency safety functions) [12,32,34,35,36,41,43,44,48,49]. Moreover, cyber-attacks can contribute to the theft or uncontrolled release of nuclear materials [32,36,44,48,49], theft of sensitive data [31,48], or, in the worst case, cause reactor meltdowns, resulting in extensive damage to the core or other plant components [12,36,39,44,48,49].
In the event of a cybersecurity compromise of digitized systems associated with NPPs, such as the Reactor Protection System (RPS) and the Engineered Safety Features Actuation System (ESFAS), they could be disabled or have abnormal behavior. For example, the RPS has multiple digital/analog input modules, a processor module, and output modules to decide on intervention conditions and generate an action signal to mitigate incidents. When the RPS fails due to a cyber-attack (e.g., the output modules are compromised), the risk to the NPP increases accordingly. On the other hand, in a digitized NPP, some analog components (such as pumps and valves) are controlled by digital controllers such as PLCs. Again, although a component consists only of analog parts, if it is controlled by a digital control system, it may not perform the required function or be physically damaged due to a cyber-attack. Moreover, another contingency is operator error of commission (EOC), which could occur due to cyber-attacks that compromise human–machine interface systems and could seriously affect the safety of the nuclear plant [32,36].
Closely related to the cyber risks mentioned above are the following categories of impacts resulting from the compromise of NPPs cybersecurity [39,41,48]: (i) loss of power production as a result of unplanned interruptions of operations; (ii) environmental damage (such as the release of radioactive materials) due to the compromise of defense-in-depth security systems and damage to the core or other critical components of the facility; (iii) injury or death of personnel, which is a rare but extremely serious event; (iv) damage to public opinion that can adversely affect government policies, leading to over-regulation or a reduction in the nuclear industry’s share of total energy production; (v) serious damage to equipment, resulting in substantial repair costs that can sometimes even threaten the closure of the nuclear facility; and (vi) loss of sensitive data (such as data related to national security and the protection of radioactive materials). Specifically, the last category includes the loss of classified sensitive information and the loss of unclassified sensitive information. Classified sensitive information relates to national security and is classified by an executive order to preserve national security or by the Atomic Energy Act to prevent the development or use of nuclear weapons. On the other hand, sensitive unclassified information includes safeguards information (SGI), relating to the physical protection of operating power reactors and other radioactive materials, which must be protected under section 147 of the Atomic Energy Act, and sensitive unclassified non-safeguards information (SUNSI), such as personal and proprietary data, which is not publicly available and is not related to nuclear safeguards.
Table 5 relates the cyber risks associated with compromising NPPs cybersecurity to their business impacts. Impacts are classified as tangible if they can be measured quantitatively (e.g., by defining costs) and intangible if they cannot be measured in specific units of measurement but qualified (e.g., in terms of high, medium, and low impacts) [53]. Finally, Figure 3 provides a graphical representation of the relationship between cyber risks and business impacts in the context of NPPs.

3.4. AI-Based Security Countermeasures in the NPPs

The recent literature has seen the emergence of a series of AI-based security countermeasures aimed at mitigating cyber risks in the context of NPPs. By rapidly analyzing millions of events and tracking a wide variety of cyber threats, such countermeasures can provide analysis and insights to protect NNPs from increasingly frequent and evolving cyber-attacks [13]. This section aims to provide an overview of AI-based security countermeasures in the literature suitable for mitigating cyber risks in NPPs. Specifically, for each countermeasure found, the objectives and main features are outlined.
Early diagnostic systems (EDSs) are widely used to detect failures and performance deviations of NPPs following cybersecurity breaches [30]. EDSs aim to prevent the evolution of cyber-attacks through an early resolution process during all operational modes of the plant. Specifically, they exploit the passive diagnostic information acquired directly from the software and hardware of the NPP I&C components and generate special test sequences on the EDS elements, comparing the obtained response with the expected one and generating a fault signal when a discrepancy is detected. This information is used as an input to the expert system, which performs an active audit (AA) as a method of cybersecurity protection.
Moreover, FusionGuard [16], a hybrid machine-learning-based anomaly detection system, was designed to provide early warning of ransomware and spyware intrusions on NPP systems. The FusionGuard system combines, processes and analyses data from multiple sources within the NPPs’ systems (such as network traffic, user activity, software vulnerabilities, firewall logs, and alerts generated by control systems and access attempts) to detect any changes in system behavior following cybersecurity breaches. Specifically, for anomaly detection, FusionGuard combines supervised (e.g., Random Forest) and unsupervised (e.g., Support Vector Machines and Deep Neural Networks) machine learning algorithms.
The study conducted by [47] proposes a novel hybrid deep learning approach, combining a native transformer and Long Short-Term Memory (LSTM) networks, to detect Modbus TCP attacks on NPP safety shutdown systems. The transformer layer uses a standard architecture with six layers of multi-head-attention and feed-forward neural networks to efficiently handle critical packet sequences and capture dependencies between their different features. Like the transformer layer, the LSTM layer uses a traditional architecture to process the embedding sequence produced by the transformer. This layer helps capture long-term dependencies that could indicate a complex attack pattern.
On the other hand, the autoencoder is an unsupervised neural network designed for anomaly detection of I&C systems in the context of NPPs [33]. In this case, the network traffic attributes associated with I&C systems are exploited, while the training and testing databases are acquired from a physical PLC system simulating a water level control system. Leveraging an autoencoder, the study conducted by [38] proposed a self-healing strategy to respond to FDIAs on digital I&C systems. This resilience strategy consists of three components: (1) an anomaly detection model that can detect FDIA, (2) a device-level control that uses inferred values to perform control in the event of false data injection, and (3) a system-level control that exploits another non-attacked controller to return the system to a safe operating state when the device-level control is unavailable. Specifically, anomaly detection and device-level control use an autoencoder, while system-level control uses reinforcement learning.
A wavy-attention network (WAN) was proposed by [36] for sensor attack detection in nuclear facilities. This network, comprising stacks of batch-normalized, dilated, one-dimensional convolution neural networks, and sequential self-attention modules (which are superior to conventional single-layer networks in sequence classification tasks), enables the extraction of important temporal and frequency features from system signals and uses them to detect cyber-attacks.
Furthermore, the study conducted by [34] adopts the one-class classification method, which assumes that all instances of the training data have a single class label for training the anomaly detection model in the I&C systems of NPPs. Specifically, a replicator neural network (RNN) is used as the one-class anomaly detection model. On the other hand, the work of [39], inspired by explainable sensor fault detection (E-SFD), uses the hardware-in-the-loop (HIL)-based augmented ICS (HAI) dataset for the detection and explanation of multiple anomalies. They focus on the analysis, detection, and explanation of individual attack cases in the initial and RPS cases, providing a broad approach to understanding each attack against the NPP system. Specifically, using a time-series deep learning model, i.e., the bidirectional long short-term memory (Bi-LSTM), trained exclusively on normal data and including explainable AI (XAI) as an insight into how distinguishing features contribute to the model decision, the proposed model learns what “normal” data looks like and becomes sensitive to even small deviations.
Covert Cognizance (C2) is an active covert defense technique against cyber-attacks, designed not to affect system operation and to facilitate the detection of deviations from normal operating conditions through deterministic methods [54]. This defense technique has proven immune to detection by AI-based learning techniques (such as long short-term memory neural networks and the adversarial generative learning framework).
A cyber threat assessment model using machine learning-based digital twinning (DT) technologies was proposed by [44] in the context of ACS characterizing advanced reactors. This model was designed with two plant-level DTs, which predict reactor malfunctions and determine control actions, and two component-level DTs, which are responsible for classifying component states and predicting component inputs and outputs (I/O). Specifically, two models were built, one using a traditional ML framework and one using an automated ML framework (AutoML), to qualitatively assess cyber risks on training data, real-time process data and ML model architectures of the NPPs.
The study by [41] proposes a system to detect FDI, Aurora, and DoS attacks within the SMRs’ electrical grid systems in the early stages of failure propagation. Specifically, it utilizes real-time simulators, including a real-time digital simulator (RTDS) and network simulator 3 (NS3), to emulate the behavior of power and communication networks, while various ML algorithms are integrated into the cyber-attack detection system (CADS), allowing cyber-attacks to be identified in the early stages of fault propagation.
Instead, an NPP control network traffic analysis system that meets security requirements and adopts an in-depth defense strategy has been developed by [49]. The designed system uses the ML approach to detect and respond to cyber-attacks in real time. Specifically, in the context of NNPs, the system collects data on the Internet network associated with control facilities, intranet traffic, and events recorded by security equipment and compares and verifies them using appropriate ML algorithms (i.e., Adam, G-Descent, and convolutional neural network algorithm).
In the field of vulnerability assessment, the study by [12] proposes an automated vulnerability scanner to preserve the cybersecurity of NPPs’ I&C systems. Specifically, this scanner can identify vulnerabilities in I&C systems based on the state of the network, thus mitigating the risk of reduced availability of the entire facility. The vulnerability scanner architecture is divided into two blocks; one block scans existing vulnerabilities, while the second block is dedicated to automatic checks of legislative and regulatory guidelines and guidelines-based scans.
Moreover, in order to strengthen the cyber vulnerability assessment process for critical industrial control systems, such as NPPs, the study conducted by [46] combines formal functional specification with the AI-based planning techniques, using the Planning Domain Definition Language (PDDL) as the formalization language. AI planning identifies the sequence (path) of actions that can transform the system’s initial states (which correspond to normal operating states) into final states (i.e., target states that preserve the system’s security). In other words, the AI planner verifies, in relation to the system under consideration, the existence of a path from normal states to undesirable states in terms of security.
Finally, an approach for constructing a Bayesian game was proposed by [48] to preserve cybersecurity scenarios for NPPs. By playing this game, the defender can identify the optimal security strategy for a NPP, given their knowledge of the attacker. Specifically, this approach leverages the Threat Agent Risk Assessment (TARA) methodology, developed by Intel Corporation, to model the threats to the NPP and identify those that pose the greatest risk.
Table 6 collects the AI-based security countermeasures that emerged from the literature review in the domain of NPPs, highlighting the name, objective, and main features of each.

4. Discussion

The results of this study show that the use of AI-based cybersecurity in the NPP domain needs to be further explored to support practitioners, managers, and policymakers in addressing new challenges posed by complex and increasingly frequent cyber-attacks on digital systems. Indeed, advanced AI-based data analysis techniques, which quickly analyze millions of events and monitor a wide variety of cyber threats, enable early intervention with a view to reducing risks (i.e., negative impacts on business performance).
Table 7 provides a tabular outline of the results obtained from this SLR, based on the following AoA: (AoA1) critical assets; (AoA2) security vulnerabilities and cyber threats; (AoA3) cyber risks and business impacts; and (AoA4) AI-based security countermeasures. For each of these AoA, the focus and evidence emerging from the SLR are given, with the aim of steering not only future research, but also managerial actions in the field of AI-based cybersecurity management.
From the analysis of critical assets in the context of modern NPPs, I&C systems emerged as the most discussed in the literature that need to be preserved from cyber-attacks through AI [12,30,31,32,33,34,35,36,37,38,39,40,41], followed by networks and communication protocols [16,31,40,42,45], a series of control systems and devices—such as ACS, PLCs, sensors and actuators, control consoles, workstations, servers, network equipment, and human–machine interface systems [42,43,44], refueling machines [46], and NPP safety shutdown systems [47]. While I&C systems are used to protect, control, and monitor systems operating in NPPs, networks and communication protocols focus on cybersecurity issues affecting network traffic within NPPs. On the other hand, all other control systems and devices are designed to detect plant-level malfunctions and determine the status of each component.
In the context of digital control systems for NPPs, the potential vulnerabilities and cyber threats that can be detected and managed through AI technologies have been discussed in the literature by a fair number of papers (i.e., respectively, [12,30,36,40,43,48,49] and [16,31,32,36,38,40,43,48]). Specifically, key takeaways of each of these aspects were defined, with the aim of providing a systematization of the knowledge developed, as well as an overview of the topic.
Moreover, the literature review outlined the main categories of cyber risks that characterize modern NNPs, associating each of them with their respective negative business impacts. Specifically, it emerged that sabotage of NNP operations or the performance of their I&C systems can result in loss of power production, damage to equipment, injury or death of personnel, and damage to public opinion [12,32,34,35,36,38,39,41,44,48,49]. The theft or uncontrolled release of nuclear materials can also cause environmental damage, injury or death of personnel, and damage to public opinion [32,36,44,48,49]. Furthermore, reactor meltdowns can result in loss of power production, environmental damage, injury or death of personnel, and damage to public opinion [12,36,44,48,49], while the compromise of human–machine interface systems can cause equipment damage, environmental damage, injury or death of personnel, and damage to public opinion [32,36]. Finally, theft of sensitive data can result in loss of classified and unclassified sensitive information and damage to public opinion [31,48].
Finally, the literature review revealed several AI-based security countermeasures to mitigate cyber risks in the context of NPPs, which were systematized in this study by their objectives and main features. While some countermeasures focus on detecting failures/anomaly, performance deviation, and attacks in NPPs [16,30,33,34,36,39,41,47,54], others have the more generic goal of preserving the cybersecurity of NPPs [12,48,49]. On the other hand, some countermeasures intend to qualitatively assess cyber risks [44], strengthen cyber vulnerability assessment [46], and respond to FDIAs on digital I&C systems [38]. Furthermore, some countermeasures leverage neural network models [33,34,38,47], others rely on the use of ML algorithms [16,41,44,49,54], while the model proposed by [39] to detect multiple anomalies in NPPs uses a deep learning model based on time series.
The tabular outline proposed in this study provides researchers with an immediate overview of the topics covered in the literature on key dimensions of AI-based cybersecurity in the context of modern NPPs, enabling them to focus future research on specific application contexts or to consider further emerging technologies (such as generative AI, or blockchain, digital twins and quantum computing integrated with AI) in support of cybersecurity. Indeed, GenAI has wide applications in the field of cybersecurity for preserving privacy and information security by enabling automatic anomaly detection, synthetic data generation, and simulation of attack scenarios [55]. ML and DL algorithms play a key role in the cybersecurity systems of digital twin platforms, offering significant advantages for security activities. They can learn and identify patterns and signatures through supervised learning and apply this knowledge to new, previously unseen intrusions [56]. Furthermore, the use of quantum algorithms and ML techniques aims to strengthen cryptographic methods, optimize threat detection systems, and develop flexible defense protocols against sophisticated cyber-attacks. On the other hand, the combination of AI and blockchain in cybersecurity can improve the overall security posture of organizations [57]. In this regard, one possible approach is to create decentralized AI models operating on a blockchain network, which can provide secure and transparent processing of sensitive data and a tamper-proof model [58].
Furthermore, the tabular outline can be used as a basis for establishing new conceptual models for cyber risk assessment in the NPP domain, based on qualitative and quantitative analysis the impact of cyber-attacks on business activities. The results of this study can also be used to implement the impact assessment methodology designed by [53] and implemented in modern subtractive and additive production cells in a manufacturing context [59] in specific NPP industrial settings. In fact, this methodology, based on the NIST’s asset-impact-oriented approach of risk assessment [60], relies on the definition of critical industrial assets to be protected from cyber-attacks and the classification of potential impacts in the event of a breach.
On the other hand, practitioners, managers, and policymakers working in the context of NPPs can consider this tabular outline as a useful knowledge base for managing current critical cybersecurity issues more consciously, as well as for making the right decisions to minimize cyber risks and increase the resilience of NPPs’ digital infrastructure.

5. Conclusions

This study explored the dimensions of cybersecurity (i.e., critical assets, security vulnerabilities, cyber threats, cyber risks, and countermeasures) with reference to the role played by AI technology in the context of NPPs, using the SLR approach. Although this topic represents a relevant research field in the modern NPP, where complex cyber-attacks occur with increasing frequency and result in significant business damage, studies in the literature are currently scarce. Specifically, cybersecurity dimensions in the NPP domain have been investigated in the recent literature [3,19,20], but the analysis of these dimensions is fragmented when considering AI technology. With the aim of filling this gap, the papers selected for this study were analyzed in a structured manner, conducting a comparative and critical discussion of the content based on four areas of analysis, namely critical assets, security vulnerabilities and cyber threats, cyber risks and business impacts, and AI-based security countermeasures. Based on the evidence from the literature, an original tabular outline was created with the aim of providing an overview of the topic, useful for guiding future research and managerial decisions in the relevant industrial domain.
The theoretical and conceptual foundations of this study represent a significant contribution to understanding and addressing the cybersecurity challenges of modern NPPs through AI support. Indeed, only by combining technological advances with key dimensions of cybersecurity can the current cyber risks of NPPs be minimized. From a practical perspective, this study can support managers and practitioners operating in NPPs in cybersecurity management activities aimed at increasing the resilience of the digital infrastructure to cyber-attacks. Furthermore, it can be used as a starting point for policymakers to increase their knowledge of AI-based techniques for cyber risk assessment in the NPP context and make more informed decisions.
Although the study contributes to existing literature by providing an overview of cybersecurity dimensions for modern NPPs, considering the role of AI, it has three main limitations. The first limitation concerns the choice of keywords underlying the search string, which may have influenced the data collection. While the aim was to be as inclusive as possible, further research could refine the keyword selection process to improve the comprehensiveness of the results. The second limitation concerns the databases used for the analysis. Scopus and Web of Science were used for their wide coverage; however, this choice may have excluded other relevant sources. For this reason, future research could integrate additional databases (such as IEEE Xplore and ACM Digital Library) to broaden the evidence base. The fact that the analysis was mainly conducted from a management/theoretical perspective, rather than a technical/informatics perspective, is the third limitation. The contributions of this study are conceptual, not including applications in reference domains of what is proposed. Finally, with the rapid evolution of AI technologies supporting cybersecurity, it may be necessary to periodically update the proposed tabular outline, integrating the content of the different areas of analysis to address new cyber threats.
Future research can use this study as a reference framework to conduct further investigations in the domain of AI-based cybersecurity for NPPs, considering specific application domains or developments in the relevant technologies (such as generative AI or blockchain and quantum computing integrated with AI), thereby expanding the current state of the art. For instance, the experimental validation of the proposed classification can be explored and applied to simulated or real nuclear cybersecurity scenarios. In this case, mapping the areas of analysis underpinning this study based on the guidelines defined by the major cybersecurity standards in force in this sector (such as ISO/IEC 27005:2018, IEC/TS 62443-1-1:2012/-3-2:2020 and NIST SP 800-30:2012) can increase the practical relevance of the study. Moreover, the results of this study can be used as a theoretical background useful for the implementation of the Impact Assessment Methodology [53], based on the asset-impact oriented risk assessment approach of NIST, in the context of NPPs. Overall, the integration of AI-based cybersecurity practices in the context of NPPs is an evolving field with enormous potential. Future research will need to balance robust security, real-time responsiveness, and regulatory compliance, considering the operational environment that characterizes NPPs (i.e., the presence of air-gapped systems, legacy technologies, and high security requirements). There are currently several funding opportunities available, demonstrating the importance of this field of research, such as the Horizon Europe “Increased Cybersecurity” call, which focuses on generative AI applications for cybersecurity, incentivizing the development of AI tools for monitoring, detection, response, auto remediation, and automated correction in line with EU legal, ethical, and privacy frameworks; the Digital Europe Program (DEP) and the European Cybersecurity Competence Center (ECCC), which support AI-based cybersecurity and the implementation of resilient AI systems; and ARPA-E (Advanced Research Projects Agency–Energy), which supports transformative projects, such as AI-enhanced cybersecurity for critical energy infrastructure (such as NPPs). To create valuable research, it will be strategic not only to focus on technical innovation, but also to create interdisciplinary collaboration between AI researchers, nuclear engineers, regulatory bodies, and cybersecurity experts.

Author Contributions

All authors contributed to the preparation of this paper. M.L. proposed the research method, designed and implemented the systematic literature review activities, performed the systematic data collection, analyzed the documents, and wrote the manuscript. E.D. and C.Y.Y. supervised the research, offering guidance and suggestions for improvement. L.M. collaborated in the analysis of the results and provided recommendations for revisions. All authors have read and agreed to the published version of the manuscript.

Funding

The authors declare that no funds, grants, or other support were received during the preparation of this manuscript.

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

The work has been approved by all co-authors.

Data Availability Statement

The datasets generated during and/or analyzed during the current study are available from the corresponding author on reasonable request.

Conflicts of Interest

The authors have no relevant financial or non-financial interests to disclose.

Appendix A

Jcp 05 00079 i001

Appendix B

IDReferenceDocument TypeAuthor’s InstitutionCountryYear
1[43]Article
-
Texas A&M University
-
USA
2025
2[40]Article
-
Ontario Tech University
-
Algoma University
-
Canada
-
Canada
2024
3[48]Conference
paper
-
Dalhousie University
-
Canada
2024
4[41]Article
-
University of Regina
-
Canada
2024
5[39]Article
-
Jeonbuk National University
-
Suwon University
-
Korea
-
Korea
2024
6[38]Article
-
Georgia Institute of Technology
-
USA
2024
7[16]Article
-
Imam Mohammad Ibn Saud Islamic University (IMSIU)
-
Saudi Arabia
2024
8[36]Article
-
Harbin Engineering University
-
State Key Laboratory of Nuclear Power Safety Monitoring Technology and Equipment Shenzhen
-
China
-
China
2024
9[44]Article
-
Georgia Institute of Technology
-
Idaho National Laboratory
-
USA
-
USA
2023
10[49]Article
-
University of Pittsburgh
-
USA
2022
11[35]Article
-
Korea Advanced Institute of Science and Technology
-
Korea Atomic Energy Research Institute
-
Korea
-
Korea
2022
12[55]Article
-
Purdue University
-
USA
2021
13[37]Conference
paper
-
V.A. Trapeznikov Institute of Control Sciences of Russian Academy of Sciences
-
Russia
2021
14[42]Article
-
Harbin Engineering University
-
State Key Laboratory of Nuclear Power Safety Monitoring Technology and Equipment Shenzhen
-
China
-
China
2020
15[50]Article
-
Korea Hydro & Nuclear Power (KHNP) Co., Ltd.
-
Korea Maritime and Ocean University
-
Silla University
-
Korea
-
Korea
-
Korea
2020
16[33]Conference
paper
-
Tsinghua University
-
China
2020
17[30]Conference
paper
-
V.A. Trapeznikov Institute of Control Sciences of the Russian Academy of Sciences Moscow
-
Russia
2019
18[31]Article
-
Soongsil University
-
Korea Hydro and Nuclear Power (KHNP) Co., Ltd.
-
Catholic University of Pusan
-
Korea
-
Korea
-
Korea
2019
19[46]Conference
paper
-
Bielefeld University
-
Huaneng Shandong Shidao Bay Nuclear Power Company
-
Otto von Guericke University Magdeburg
-
Framatome GmbH
-
Germany
-
China
-
Germany
-
Germany
2019
20[34]Conference
paper
-
Tsinghua University
-
China
2019
21[32]Article
-
Ulsan National Institute of Science & Technology
-
South Korea
2019
22[12]Conference
paper
-
University of Science and Technology
-
Electronic and Telecommunications Research Institute (ETRI)
-
South Korea
-
South Korea
2018
23[47]Conference
paper
-
Bielefeld University
-
Framatome GmbH
-
Otto-von-Guericke University
-
Germany
-
Germany
-
Germany
2018

References

  1. Busquim e Silva, R.B.; Piqueira, J.R.C.; Cruz, J.J.; Marques, R.P. Cybersecurity Assessment Framework for Digital Interface Between Safety and Security at Nuclear Power Plants. Int. J. Crit. Infrastruct. Prot. 2021, 34, 100453. [Google Scholar] [CrossRef]
  2. Zhang, F.; Kelly, K. Overview and Recommendations for Cyber Risk Assessment in Nuclear Power Plants. Nucl. Technol. 2023, 209, 488–502. [Google Scholar] [CrossRef]
  3. Ayodeji, A.; Mohamed, M.; Li, L.; Di Buono, A.; Pierce, I.; Ahmed, H. Cyber security in the nuclear industry: A closer look at digital control systems, networks and human factors. Prog. Nucl. Energy 2023, 161, 104738. [Google Scholar] [CrossRef]
  4. Institute for Security and Safety. Cyber Security at Nuclear Facilities: National Approaches. 2015. Available online: https://www.nti.org/wp-content/uploads/2015/06/Cyber_Security_in_Nuclear_FINAL_UZNMggd.pdf (accessed on 15 May 2025).
  5. Klevtsov, O.; Symonov, A.; Trubchaninov, S. Cyber Security Assessment of NPP I&C Systems. In Advances in Information Security, Privacy, and Ethics; Yastrebenetsky, M.A., Kharchenko, V.S., Eds.; IGI Global: Hershey, PA, USA, 2020; pp. 221–238. [Google Scholar] [CrossRef]
  6. Kure, H.; Islam, S. Cyber Threat Intelligence for Improving Cybersecurity and Risk Management in Critical Infrastructure. J. Univ. Comput. Sci. 2019, 25, 1478–1502. [Google Scholar] [CrossRef]
  7. International Atomic Energy Agency. Computer Security for Nuclear Security. 2021. Available online: https://www.iaea.org/publications/13629/computer-security-for-nuclear-security (accessed on 13 May 2025).
  8. Kollias, S.; Yu, M.; Wingate, J.; Durrant, A.; Leontidis, G.; Alexandridis, G.; Stafylopatis, A.; Mylonakis, A.; Vinai, P.; Demaziere, C. Machine learning for analysis of real nuclear plant data in the frequency domain. Ann. Nucl. Energy 2022, 177, 109293. [Google Scholar] [CrossRef]
  9. Han, S.M.; Lee, C.; Seong, P.H. Estimating the frequency of cyber threats to nuclear power plants based on operating experience analysis. Int. J. Crit. Infrastruct. Prot. 2022, 37, 100523. [Google Scholar] [CrossRef]
  10. Son, K.-S.; Song, J.-G.; Lee, J.-W. Development of the framework for quantitative cyber risk assessment in nuclear facilities. Nucl. Eng. Technol. 2023, 55, 2034–2046. [Google Scholar] [CrossRef]
  11. U.S. Nuclear Regulatory Commission. Cybersecurity Programs for Nuclear Power Reactors.; 2010. Available online: https://www.nrc.gov/docs/ML2225/ML22258A204.pdf (accessed on 13 May 2025).
  12. Kim, J.-H.; Choi, Y.-S.; Na, J.-C. Cybersecurity Vulnerability Scanner for Digital Nuclear Power Plant Instrumentation and Control Systems. In Proceedings of the 2018 2nd International Conference on Computer Science and Artificial Intelligence, Shenzhen China, 8–10 December 2018; ACM: New York, NY, USA, 2018; pp. 463–467. [Google Scholar] [CrossRef]
  13. Kure, H.I.; Islam, S.; Mouratidis, H. An integrated cyber security risk management framework and risk predication for the critical infrastructure protection. Neural Comput. Appl. 2022, 34, 15241–15271. [Google Scholar] [CrossRef]
  14. Kaur, R.; Gabrijelčič, D.; Klobučar, T. Artificial intelligence for cybersecurity: Literature review and future research directions. Inf. Fusion 2023, 97, 101804. [Google Scholar] [CrossRef]
  15. Sajedul, T.; Syed, A.; Kumar, B.P. Developing an AI-Powered Zero-Trust Cybersecurity Framework for Malware Prevention in Nuclear Power Plants. 2023. Available online: https://www.osti.gov/biblio/2367312 (accessed on 30 June 2025).
  16. Almoqbil, A.H.N. Anomaly detection for early ransomware and spyware warning in nuclear power plant systems based on FusionGuard. Int. J. Inf. Secur. 2024, 23, 2377–2394. [Google Scholar] [CrossRef]
  17. Rustam, F.; Ranaweera, P.; Jurcut, A.D. AI on the Defensive and Offensive: Securing Multi-Environment Networks from AI Agents. In Proceedings of the ICC 2024—IEEE International Conference on Communications, Denver, CO, USA, 9–13 June 2024; pp. 4287–4292. [Google Scholar] [CrossRef]
  18. Petinrin, O.O.; Saeed, F.; Li, X.; Ghabban, F.; Wong, K.-C. Malicious Traffic Detection in IoT and Local Networks Using Stacked Ensemble Classifier. Comput. Mater. Contin. 2022, 71, 489–515. [Google Scholar] [CrossRef]
  19. Chowdhury, N. CS Measures for Nuclear Power Plant Protection: A Systematic Literature Review. Signals 2021, 2, 803–819. [Google Scholar] [CrossRef]
  20. Jung, D.; Shin, J.; Lee, C.; Kwon, K.; Seo, J.T. Cyber Security Controls in Nuclear Power Plant by Technical Assessment Methodology. IEEE Access 2023, 11, 15229–15241. [Google Scholar] [CrossRef]
  21. Alanen, J.; Linnosmaa, J.; Malm, T.; Papakonstantinou, N.; Ahonen, T.; Heikkilä, E.; Tiusanen, R. Hybrid ontology for safety, security, and dependability risk assessments and Security Threat Analysis (STA) method for industrial control systems. Reliab. Eng. Syst. Saf. 2022, 220, 108270. [Google Scholar] [CrossRef]
  22. Bryman, A.; Bell, E. Business Research Methods, 3rd ed.; Oxford University Press: Cambridge, UK; New York, NY, USA, 2011. [Google Scholar]
  23. Corallo, A.; Lazoi, M.; Lezzi, M.; Luperto, A. Cybersecurity awareness in the context of the Industrial Internet of Things: A systematic literature review. Comput. Ind. 2022, 137, 103614. [Google Scholar] [CrossRef]
  24. Page, M.J.; McKenzie, J.E.; Bossuyt, P.M.; Boutron, I.; Hoffmann, T.C.; Mulrow, C.D.; Shamseer, L.; Tetzlaff, J.M.; Akl, E.A.; Brennan, S.E.; et al. The PRISMA 2020 statement: An updated guideline for reporting systematic reviews. BMJ 2021, 372, n71. [Google Scholar] [CrossRef] [PubMed]
  25. Pranckutė, R. Web of Science (WoS) and Scopus: The Titans of Bibliographic Information in Today’s Academic World. Publications 2021, 9, 12. [Google Scholar] [CrossRef]
  26. Lezzi, M.; Lazoi, M.; Corallo, A. Cybersecurity for Industry 4.0 in the current literature: A reference framework. Comput. Ind. 2018, 103, 97–110. [Google Scholar] [CrossRef]
  27. IBM. AI Versus Machine Learning Versus Deep Learning Versus Neural Networks: What’s the Difference? 2023. Available online: https://www.ibm.com/think/topics/ai-vs-machine-learning-vs-deep-learning-vs-neural-networks (accessed on 3 June 2025).
  28. Pfleeger, C.P.; Pfleeger, S.L.; Margulies, J. Security in Computing, 5th ed.; Prentice Hall: Upper Saddle River, NJ, USA; Munich, Germany, 2015. [Google Scholar]
  29. NIST. Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations. 2022. Available online: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-161r1.pdf (accessed on 20 June 2025).
  30. Jharko, E.; Promyslov, V.; Iskhakov, A. Extending Functionality of Early Fault Diagnostic System for Online Security Assessment of Nuclear Power Plant. In Proceedings of the 2019 International Russian Automation Conference (RusAutoCon), Sochi, Russia, 8–14 September 2019; pp. 1–6. [Google Scholar] [CrossRef]
  31. Lee, S.; Huh, J.-H. An effective security measures for nuclear power plant using big data analysis approach. J. Supercomput. 2019, 75, 4267–4294. [Google Scholar] [CrossRef]
  32. Park, J.W.; Lee, S.J. Probabilistic safety assessment-based importance analysis of cyber-attacks on nuclear power plants. Nucl. Eng. Technol. 2019, 51, 138–145. [Google Scholar] [CrossRef]
  33. Si, W.; Li, J.; Qu, R.; Huang, X. Anomaly Detection for Network Traffic of I&C Systems Based on Neural Network. In Volume 3: Student Paper Competition; Thermal-Hydraulics; Verification and Validation; American Society of Mechanical Engineers: New York, NY, USA, 2020. [Google Scholar] [CrossRef]
  34. Si, W.; Li, J.; Huang, X. One-class Anomaly Detection for Instrumentation and Control Systems based on Replicator Neural Networks. In Proceedings of the 11th Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, Orlando, FL, USA, 9–14 February 2019; pp. 1361–1369. [Google Scholar]
  35. Chae, Y.H.; Lee, C.; Choi, M.K.; Seong, P.H. Evaluating attractiveness of cyberattack path using resistance concept and page-rank algorithm. Ann. Nucl. Energy 2022, 166, 108748. [Google Scholar] [CrossRef]
  36. Ayodeji, A.; Di Buono, A.; Pierce, I.; Ahmed, H. Wavy-attention network for real-time cyber-attack detection in a small modular pressurized water reactor digital control system. Nucl. Eng. Des. 2024, 424, 113277. [Google Scholar] [CrossRef]
  37. Jharko, E.; Meshcheryakov, R.; Promyslov, V. Aspects of Nuclear Power Plant Digital Decommissioning. In Proceedings of the 2021 International Siberian Conference on Control and Communications (SIBCON), Kazan, Russia, 13–15 May 2021; pp. 1–6. [Google Scholar] [CrossRef]
  38. Yoo, S.; Mohler, G.; Zhang, F. Self-Healing Control of Nuclear Power Plants Under False Data Injection Attacks. Nucl. Sci. Eng. 2024, 199, 162–175. [Google Scholar] [CrossRef]
  39. Chaudhary, A.; Han, J.; Kim, S.; Kim, A.; Choi, S. Anomaly Detection and Analysis in Nuclear Power Plants. Electronics 2024, 13, 4428. [Google Scholar] [CrossRef]
  40. Jendoubi, C.; Asad, A. A Survey of Artificial Intelligence Applications in Nuclear Power Plants. IoT 2024, 5, 666–691. [Google Scholar] [CrossRef]
  41. Salehpour, A.; Al-Anbagi, I. Digital Substations: Cyberattack detection system for small modular reactor-based power plants. IEEE Electrific. Mag. 2024, 12, 57–67. [Google Scholar] [CrossRef]
  42. Ayodeji, A.; Liu, Y.; Chao, N.; Yang, L. A new perspective towards the development of robust data-driven intrusion detection for industrial control systems. Nucl. Eng. Technol. 2020, 52, 2687–2698. [Google Scholar] [CrossRef]
  43. Hsieh, H.-Y.; Tsvetkov, P. Advancements and challenges of machine learning and deep learning in autonomous control of nuclear reactors. Ann. Nucl. Energy 2025, 223, 111643. [Google Scholar] [CrossRef]
  44. Yockey, P.; Erickson, A.; Spirito, C. Cyber threat assessment of machine learning driven autonomous control systems of nuclear power plants. Prog. Nucl. Energy 2023, 166, 104960. [Google Scholar] [CrossRef]
  45. Lou, X.; Guo, Y.; Gao, Y.; Waedt, K.; Parekh, M. An idea of using Digital Twin to perform the functional safety and cybersecurity analysis. In Proceedings of the Standardization of Industry 4.0 Automation and Control Systems, Kassel, Germany, 23–26 September 2019. [Google Scholar] [CrossRef]
  46. Lou, X.; Waedt, K.; Gao, Y.; Zid, I.B.; Watson, V. Combining Artificial Intelligence planning advantages to assist preliminary formal analysis on Industrial Control System cybersecurity vulnerabilities. In Proceedings of the 2018 10th International Conference on Electronics, Computers and Artificial Intelligence (ECAI), Iasi, Romania, 28–30 June 2018; pp. 1–8. [Google Scholar] [CrossRef]
  47. Thiyagarajan, K.; Hammad, I. Anomaly Detection in Air-Gapped Industrial Control Systems of Nuclear Power Plants. In Proceedings of the 2024 Cyber Awareness and Research Symposium (CARS), Grand Forks, ND, USA, 28–29 October 2024; pp. 1–6. [Google Scholar] [CrossRef]
  48. Maccarone, L.T.; Cole, D.G. Bayesian games for the cybersecurity of nuclear power plants. Int. J. Crit. Infrastruct. Prot. 2022, 37, 100493. [Google Scholar] [CrossRef]
  49. Lee, S.; Huh, J.-H.; Kim, Y. Python TensorFlow Big Data Analysis for the Security of Korean Nuclear Power Plants. Electronics 2020, 9, 1467. [Google Scholar] [CrossRef]
  50. International Atomic Energy Agency. Computer Security at Nuclear Facilities. 2011. Available online: https://www.iaea.org/publications/8691/computer-security-at-nuclear-facilities (accessed on 20 May 2025).
  51. Defense Science Board. Resilient Military Systems and the Advanced Cyber Threat. 2013. Available online: https://apps.dtic.mil/sti/pdfs/ADA569975.pdf (accessed on 25 May 2025).
  52. Intel Corporation. Threat Agent Library Helps Identify Information Security Risks. 2007. Available online: https://www.researchgate.net/profile/Timothy-Casey/publication/324091298_Threat_Agent_Library_Helps_Identify_Information_Security_Risks/links/5abd353445851584fa6fb597/Threat-Agent-Library-Helps-Identify-Information-Security-Risks.pdf (accessed on 22 May 2025).
  53. Corallo, A.; Lazoi, M.; Lezzi, M. Cybersecurity in the context of industry 4.0: A structured classification of critical assets and business impacts. Comput. Ind. 2020, 114, 103165. [Google Scholar] [CrossRef]
  54. Sundaram, A.; Abdel-Khalik, H. Validation of Covert Cognizance Active Defenses. Nucl. Sci. Eng. 2021, 195, 977–989. [Google Scholar] [CrossRef]
  55. Gupta, M.; Akiri, C.; Aryal, K.; Parker, E.; Praharaj, L. From ChatGPT to ThreatGPT: Impact of Generative AI in Cybersecurity and Privacy. IEEE Access 2023, 11, 80218–80245. [Google Scholar] [CrossRef]
  56. Homaei, M.; Mogollón-Gutiérrez, Ó.; Sancho, J.C.; Ávila, M.; Caro, A. A review of digital twins and their application in cybersecurity based on artificial intelligence. Artif. Intell. Rev. 2024, 57, 201. [Google Scholar] [CrossRef]
  57. Thirupathi, L.; Akshaya, B.; Reddy, P.C.; Harsha, S.S.; Reddy, E.S. Integration of AI and Quantum Computing in Cyber Security. In Advances in Mechatronics and Mechanical Engineering; Mishra, B.K., Ed.; IGI Global: Hershey, PA, USA, 2024; pp. 29–56. [Google Scholar] [CrossRef]
  58. Ullah, Z.; Waheed, A.; Mohmand, M.I.; Basar, S.; Zareei, M.; Granda, F. AICyber-Chain: Combining AI and Blockchain for Improved Cybersecurity. IEEE Access 2024, 12, 142194–142214. [Google Scholar] [CrossRef]
  59. Corallo, A.; Lazoi, M.; Lezzi, M.; Pontrandolfo, P. Cybersecurity Challenges for Manufacturing Systems 4.0: Assessment of the Business Impact Level. IEEE Trans. Eng. Manag. 2022, 70, 3745–3765. [Google Scholar] [CrossRef]
  60. Joint Task Force Transformation Initiative. Guide for Conducting Risk Assessments; NIST SP 800-30r1; National Institute of Standards and Technology: Gaithersburg, MD, USA, 2012. [Google Scholar] [CrossRef]
Jcp 05 00079 g001
Figure 1. Search execution and document selection step.
Figure 1. Search execution and document selection step.
Jcp 05 00079 g001
Jcp 05 00079 g002
Figure 2. Taxonomy of cyber threats affecting NPPs.
Figure 2. Taxonomy of cyber threats affecting NPPs.
Jcp 05 00079 g002
Jcp 05 00079 g003
Figure 3. Graphical representation of the relationship between cyber risks and business impacts in NPPs.
Figure 3. Graphical representation of the relationship between cyber risks and business impacts in NPPs.
Jcp 05 00079 g003
Table 1. Steps and activities of the SLR. Adapted by [23].
Table 1. Steps and activities of the SLR. Adapted by [23].
1. Review Planning
-
Definition of specific areas of analysis
-
Selection of information sources and search keywords
-
Planning of qualitative mechanisms for content selection
-
Determination of a standard for reference tracking
2. Search Execution and Document Selection
-
Querying information sources
-
Preliminary filtering and papers selection
-
Removal of duplicates from different information sources
-
Definition of inclusion and/or exclusion criteria
-
Final selection of papers
-
Tracking of consulted references
3. Document Analysis and Results Reporting
-
Critical analysis of content and identification of key concepts
-
Comparison of relationships between papers
-
Narrative/structured synthesis of content
-
Summary of research results
Table 2. Areas of analysis for AI-based cybersecurity management in the NPP domain.
Table 2. Areas of analysis for AI-based cybersecurity management in the NPP domain.
AoARQAoA TopicAoA Focus
AoA1RQ1Critical assetsCritical assets to be preserved from cyber-attacks in the context of NPPs through AI support
AoA2RQ2Security vulnerabilities and cyber threatsSecurity vulnerabilities and cyber threats NPPs that can be managed through AI technology
AoA3RQ3Cyber risks and business impactsCyber risks and business impacts of cyber-attacks on NPPs that can be assessed through AI
AoA4RQ4AI-based security countermeasuresAI-based security countermeasures to mitigate cyber risks in the context of NPPs
Table 3. Critical assets to be preserved against cyber-attacks in the NPP context.
Table 3. Critical assets to be preserved against cyber-attacks in the NPP context.
Critical AssetsRole that Can be Compromised
by Cyber-Attacks		References
Digital I&C systems
-
Collect information from sensors and determine the status of various operational parameters of nuclear facilities (e.g., pressure, water level, radiation level, flow rate, and temperature)
[12,30,31,32,33,34,35,36,37,38,39,40,41]
ACS and other control devices such as PLCs
-
Detect malfunctions at plant level, determine component status, predict I/O components, and select a control strategy based on component and plant information
[42,43,44]
Sensors and actuators
-
Monitor and control various parameters essential for safe and reliable operation of the entire plant
[42]
Control consoles, workstations, servers, network equipment and human–machine interface systems
-
Allow operators to monitor and control the plant’s physical processes, integrate information, and facilitate automatic adjustments to operations
[42]
Digital control systems of small modular reactors
-
Optimize control, reduce costs, and extend reactor lifetime
[36,41]
Communication networks and protocols
-
Ensure the secure and timely transmission of data for the control and monitoring of the facility’s safety-related and non-safety related systems, and for emergency communications
[16,31,40,42,45]
Refueling machines
-
Refuel during a plant reactor shutdown or during a maintenance period
[45,46]
NPP safety shutdown systems
-
Automatically and rapidly shut down the nuclear reactor in the event of faults or accident
[47]
Table 4. Security vulnerabilities and cyber threats in the NPP context.
Table 4. Security vulnerabilities and cyber threats in the NPP context.
Key PointsReferences
-
Vulnerabilities at NPPs raise concerns about nuclear safety and security
[43]
-
Vulnerabilities at NPPs require specialized skills and tools for identification and remediation
[40]
Security vulnerabilities
-
There is a strict correlation among vulnerabilities, malicious actions and cybersecurity control actions for components and devices of NPP control systems
[48]
-
Cyber-attacks exploiting vulnerabilities in critical digital assets of I&C systems impact the performance and security of the entire plant
[30]
-
Periodic analysis of control system vulnerabilities and strengthening controls over identified security measures are key to preserving the NPPs’ cybersecurity
[49]
-
Cyber-physical sensors in the NPPs have vulnerabilities to False Data Injection Attacks that if exploited could compromise the operation of the entire facility
[36]
-
Host-based vulnerability scanners have several limitations in the context of NPP I&C systems
[12]
Cyber threats
-
NPPs can be compromised by state agents, hacktivists, and disgruntled employees
[48]
-
The main cyber-attacks against NPPs that emerged in the literature are mimicking, man-in-the-middle attacks, network spoofing, packet sniffing and modification, sensor masking, Denial of Service, malware (e.g., ransomware attacks and spyware infiltration), FDIA, and APTs
[16,31,36,38,40]
-
There are six primary attack scenarios for AI-driven ACS: attacks on ML functions, attacks on ML classifiers, attacks on ML training environments, insider threats targeting ML models within operational environments, breaches of multi-factor access control systems, and attacks on Material Access Control Video Surveillance System
[43]
-
Cyber-attacks against NPPs can be categorized into four macro-groups: direct attacks, indirect attacks, operator failures, and initial events
[32]
-
There are several taxonomies that profile cyber threats against NPPs (i.e., those defined by the International Atomic Energy Agency, the U.S. Defense Science Board and Intel Corporation)
[48]
Table 5. Cyber risks and business impacts from compromised cybersecurity at NPPs.
Table 5. Cyber risks and business impacts from compromised cybersecurity at NPPs.
Cyber RisksRelated Business Impacts
(Tangible: T/Intangible: I)		References
Sabotage of NNP operations or performance of their I&C systems
-
Loss of power production (T)
-
Damage to equipment (T)
-
Injury or death of personnel (T)
-
Damage to public opinion (I)
[12,32,34,35,36,38,39,41,44,48,49]
Theft or uncontrolled release of nuclear materials
-
Environmental damage (T)
-
Injury or death of personnel (T)
-
Damage to public opinion (I)
[32,36,44,48,49]
Reactor meltdowns
-
Loss of power production (T)
-
Environmental damage (I)
-
Damage to equipment (T)
-
Injury or death of personnel (T)
-
Damage to public opinion (I)
[12,36,41,44,49]
Compromise of human–machine interface systems
-
Damage to equipment (T)
-
Environmental damage (T)
-
Injury or death of personnel (T)
-
Damage to public opinion (I)
[32,36]
Theft of sensitive data
-
Loss of classified and unclassified sensitive information (I)
-
Damage to public opinion (I)
[31,48]
Table 6. AI-based security countermeasures for NPPs.
Table 6. AI-based security countermeasures for NPPs.
NameObjectivesMain FeaturesReferences
EDSs
-
Detect failures and performance deviations of NPPs due to cybersecurity compromise
-
Prevent cyber-attacks through an early resolution process
-
Exploit the passive diagnostic information from the I&C components’ software and hardware
-
Generate special test sequences on the EDS elements by comparing the obtained response with the expected one and generating the fault signal upon detection of a mismatch
[30]
FusionGuard
-
Provide early warning of ransomware and spyware intrusions into NPP systems
-
Detect any changes in system behavior
-
Hybrid machine learning-based anomaly detection system
-
Combine, process, and analyze data from multiple sources within the NPPs’ systems
-
Employ a combination of machine learning algorithms, both supervised and unsupervised
[16]
Autoencoder
-
Detect anomaly in I&C systems
-
Unsupervised neural network
-
Exploit network traffic attributes
-
Acquire training and testing databases from a physical PLC system
[33]
Self-healing strategy
-
Respond to FDIAs on digital I&C systems
-
Use an autoencoder for anomaly detection and device-level control
-
Use a reinforcement learning for system-level control
[38]
WAN
-
Detect sensor attacks at nuclear facilities
-
Comprise stacks of batch-normalized, dilated, one-dimensional convolution neural networks and sequential self-attention modules
-
Enable the extraction of temporal and frequency features from system signals
[36]
RNN
-
Detect anomaly in I&C systems
-
Adopt the one-class classification method
-
Replicator neural network as the one-class anomaly detection model
[34]
Bi-LSTM model
-
Detect and explain multiple anomalies in the NPP system
-
Time-series deep learning model trained exclusively on normal data
-
Explainable AI (XAI) to distinguish features that contribute to the model decision
[39]
C2
-
Facilitate the detection of deviations from normal operating conditions through deterministic methods
-
Active covert defense technique against cyber-attacks
-
Use deterministic methods
-
Immune to detection by artificial intelligence-based learning techniques
[54]
Cyber threat assessment model using machine learning-based DT technologies
-
Qualitatively assess cyber risks on training data, real-time process data and ML model architectures of the NPPs
-
Two plant-level DTs, which predict and two component-level DTs
-
Use a traditional ML framework and an automated ML framework
[44]
NPP control network traffic analysis system
-
Detect and respond to cyber-attacks in real time
-
In-depth defense strategy
-
Collect data on the Internet network associated with control facilities, intranet traffic, and events recorded by security equipment
-
Compare and verify data using appropriate ML algorithms
[49]
Automated vulnerability scanner
-
Preserve the cybersecurity of I&C systems
-
Mitigate the risk of reduced availability of the entire facility
-
Identify vulnerabilities based on the state of the network
-
Two-block architecture (i.e., scanning for existing vulnerabilities and automatic checking of legislative and regulatory guidelines)
[12]
Formal functional specification with AI-based planning technique
-
Strengthen the cyber vulnerability assessment process for critical industrial control systems
-
Use PDDL as the formalization language
-
Verify the existence of a path from normal states to undesirable states in terms of security
[46]
Bayesian game
-
Preserve cybersecurity scenarios for NPPs
-
Defender can identify the optimal security strategy
-
Leverage TARA methodology
[48]
Hybrid deep learning approach
-
Detect Modbus TCP attacks on NPP safety shutdown systems
-
Combine a native transformer and LSTM networks
-
Six-layer architecture with head multi-head attention and feed-forward neural networks for the transformer layer
-
Traditional architecture to process the embedding sequence from the LSTM layer
[47]
Cyber-attack detection system
-
Detect FDI, Aurora, and DoS attacks within the SMRs’ electrical grid systems in the early stages of failure propagation
-
Use real-time simulators to emulate the behavior of power and communication networks
-
Integrate ML algorithms into the cyber-attack detection system (CADS)
[41]
Table 7. Tabular outline of AI-based cybersecurity management research in the NPP domain.
Table 7. Tabular outline of AI-based cybersecurity management research in the NPP domain.
Areas of Analysis
IDTopicFocusEvidence from the Literature
AoA1Critical assetsCritical assets to be preserved from cyber-attacks in the context of NPPs through AI supportList of critical assets:
-
Digital I&C systems
-
Communication networks and protocols
-
Sensors and actuators
-
Control devices such as PLCs
-
Control consoles, workstations, servers, network equipment and
-
human–machine interface systems
-
Digital control systems of small modular reactors
-
Refueling machines
-
NPP safety shutdown systems
Most mentioned critical asset:
-
Digital I&C systems
AoA2Security vulnerabilities and cyber threatsSecurity vulnerabilities and cyber threats NPPs that can be managed through AI technologyKey points:
-
Vulnerabilities at NPPs raise concerns for nuclear safety and security
-
Vulnerabilities at NPPs require specialized skills and tools for identification and remediation
-
There is a strict correlation among vulnerabilities, malicious actions, and cybersecurity control actions for components and devices of NPP control systems
-
Cyber-attacks exploiting vulnerabilities in critical digital assets of I&C systems impacts the performance and security of the entire plant
-
Periodic analysis of control system vulnerabilities and strengthening controls over identified security measures are key to preserving the NPPs’ cybersecurity
-
Cyber-physical sensors in the NPPs have vulnerabilities to False Data Injection Attacks that if exploited could compromise the operation of the entire facility
-
Host-based vulnerability scanners have several limitations in the context of NPP I&C systems
Key points:
-
NPPs can be compromised by state agents, hacktivists, and disgruntled employees
-
The main cyber-attacks against NPPs emerged in the literature are mimicking, man-in-the-middle attacks, network spoofing, packet sniffing and modification, sensor masking, Denial of Service, malware (e.g., ransomware attacks and spyware infiltration), FDIA, and APTs
-
There are six primary attack scenarios for AI-driven ACS: attacks on ML functions, attacks on ML classifiers, attacks on ML training environments, insider threats targeting ML models within operational environments, breaches of multi-factor access control systems, and attacks on Material Access Control Video Surveillance System
-
Cyber-attacks against NPPs can be categorized into four macro-groups: direct attacks, indirect attacks, operator failures, and initial events
-
There are several taxonomies that profile cyber threats against NPPs (i.e., those defined by the International Atomic Energy Agency, the U.S. Defense Science Board and Intel Corporation
AoA3Cyber risks and business impactsCyber risks and business impacts of cyber-attacks on NPPs that can be assessed through AICyber risks (CRs) and related business Impacts (BIs):
-
CR1. Sabotage of NNP operations or performance of their I&C systems
BI1: Loss of power production
BI2: Damage to equipment
BI3: Injury or death of personnel
BI4: Damage to public opinion
-
CR2. Theft or uncontrolled release of nuclear materials
BI1: Environmental damage
BI2: Injury or death of personnel
BI3: Damage to public opinion Damage to equipment
-
CR3. Reactor meltdowns
BI1: Loss of power production
BI2: Environmental damage
BI3: Damage to equipment
BI4: Injury or death of personnel
BI5: Damage to public opinion
-
CR4. Compromise of human–machine interface systems
BI1: Damage to equipment
BI2: Environmental damage
BI3: Injury or death of personnel
BI4: Damage to public opinion
-
CR5. Theft of sensitive data
BI1: Loss of classified and unclassified sensitive information
BI2: Damage to public opinion
AoA4AI-based security countermeasuresAI-based security countermeasures to mitigate cyber risks in the context of NPPsList of AI-based countermeasures:
-
EDSs
-
FusionGuard
-
Autoencoder
-
Self-healing strategy
-
WAN
-
RNN
-
Bi-LSTM model
-
C2
-
Cyber threat assessment model using machine learning-based DT technologies
-
NPP control network traffic analysis system
-
Automated vulnerability scanner
-
Formal functional specification with AI-based planning technique
-
Bayesian game
-
Hybrid deep learning approach
-
Cyber-attack detection system
Countermeasures to detect failures/anomaly, performance deviation and attacks of NPPs:
-
EDSs
-
FusionGuard
-
Autoencoder
-
WAN
-
RNN
-
Bi-LSTM model
-
C2
-
Hybrid deep learning approach
-
Cyber-attack detection system
Countermeasures to preserve cybersecurity of NPPs:
-
NPP control network traffic analysis system
-
Automated vulnerability scanner
-
Bayesian game
Countermeasure to qualitatively assess cyber risks:
-
Cyber threat assessment model using machine learning-based DT technologies
Countermeasure to strengthen the cyber vulnerability assessment:
-
Formal functional specification with AI-based planning technique
Countermeasure to respond to FDIAs on digital I&C systems:
-
Self-healing strategy
Countermeasures based on leverage neural network models:
-
Autoencoder
-
Self-healing strategy
-
RNN
-
Hybrid deep learning approach
Countermeasures based on machine learning algorithms:
-
FusionGuard
-
C2
-
Cyber threat assessment model using machine learning-based DT technologies
-
NPP control network traffic analysis system
-
Cyber-attack detection system
Countermeasure based on deep learning model:
-
Bi-LSTM model
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Lezzi, M.; Martino, L.; Damiani, E.; Yeun, C.Y. A Systematic Literature Review on AI-Based Cybersecurity in Nuclear Power Plants. J. Cybersecur. Priv. 2025, 5, 79. https://doi.org/10.3390/jcp5040079

AMA Style

Lezzi M, Martino L, Damiani E, Yeun CY. A Systematic Literature Review on AI-Based Cybersecurity in Nuclear Power Plants. Journal of Cybersecurity and Privacy. 2025; 5(4):79. https://doi.org/10.3390/jcp5040079

Chicago/Turabian Style

Lezzi, Marianna, Luigi Martino, Ernesto Damiani, and Chan Yeob Yeun. 2025. "A Systematic Literature Review on AI-Based Cybersecurity in Nuclear Power Plants" Journal of Cybersecurity and Privacy 5, no. 4: 79. https://doi.org/10.3390/jcp5040079

APA Style

Lezzi, M., Martino, L., Damiani, E., & Yeun, C. Y. (2025). A Systematic Literature Review on AI-Based Cybersecurity in Nuclear Power Plants. Journal of Cybersecurity and Privacy, 5(4), 79. https://doi.org/10.3390/jcp5040079

Article Metrics

Back to TopTop