In an era characterized by rapidly evolving threats to cybersecurity, public health, and public safety, the imperative for nuclear power organizations to adapt and excel has never been more pronounced. This inquiry delves into the critical journey of transforming nuclear power organizations into learning organizations that are resilient and highly effective in safeguarding against cybersecurity threats and adeptly managing incidents, planning, and recovery. Leveraging the rich insights derived from qualitative focus group research, this study unveils a comprehensive framework of best practices tailored to the unique challenges nuclear power organizations face. Moreover, the study highlights the significance of organizational commitment to the principles of organizational learning, the seamless integration of learning into daily operations, regular assessments of organizational capacity and competence, and the unequivocal expression of an organizational commitment to learning.
TopIntroduction
Nuclear power reactors play a crucial role in clean and sustainable energy systems, particularly in striving for energy independence and bolstering national security (Cho & Woo, 2017; Christensen et al., 2021). Recent events like the Russia-Ukraine conflict have underscored the significance of energy independence and its direct link to strategic national security policies (Ayodeji et al., 2023).
Nuclear reactors emerge as a dependable solution for ensuring a consistent, low-carbon electricity and heating supply, with modern facilities designed to prioritize safety and cost-effective power generation (Bhamare et al., 2020). The ever-increasing demand for enhanced engineering system performance has driven the development of cutting-edge technologies, coupled with the integration of digital innovations, resulting in a heightened interconnectedness among various physical systems (Bhamare et al., 2020). This integration of digital technology can significantly enhance the efficiency, reliability, flexibility, and remote management capabilities of critical infrastructures (Bhamare et al., 2020). These infrastructures encompass a broad spectrum, ranging from smart grids to industrial production systems and the next generation of nuclear power plants. However, it is imperative to acknowledge that as these technological advancements bring numerous benefits, they also introduce a heightened susceptibility to cyber threats (Ayodeji et al., 2023). These threats can potentially result in severe safety incidents, posing a significant national and international security risk. Consequently, the imperative to implement robust cybersecurity controls within these critical infrastructures is becoming increasingly evident and essential to safeguard against the potentially catastrophic consequences of successful cyberattacks (Ayodeji et al., 2023).
In alignment with the burgeoning Industry 4.0 movement and the ongoing digitalization of industrial systems, there has been a notable shift towards the adoption of digital instrumentation and control (DI&C) systems, alongside the utilization of devices like programmable logic controllers (PLCs) and ethernet/IP networks (Ayodeji et al., 2023). These technological advancements have been primarily aimed at enhancing communication and operational control, especially in non-safety-related functions within the nuclear industry (Ayodeji et al., 2023). However, this transformative digitalization inadvertently propels cybersecurity into the forefront as one of the paramount challenges faced by nuclear facilities worldwide (Ayodeji et al., 2023). The escalating concerns regarding cybersecurity within Nuclear Power Plants (NPPs) have been exacerbated by previous cyberattacks targeting nuclear facilities globally. These incidents are stark reminders of the vulnerabilities within the sector. Prominent examples include the cyberattack on an Iranian fuel enrichment facility, the security breaches at the Davis-Besse Nuclear Power Plant in the United States, and the targeted attacks on computer networks affiliated with the Korea Hydro & Nuclear Power organization (Ayodeji et al., 2023). These events underscore the critical importance of fortifying cybersecurity measures in the nuclear industry to safeguard against cyber threats and their potentially catastrophic consequences (Cho & Woo, 2017; Christensen et al., 2021).