(Idaho National Laboratory, January 6, 2026)
Nuclear power plants rarely resemble a Hollywood script. Yet at the Idaho National Laboratory, a simulator puts operators into a scene that could have come straight from the silver screen. Laser sensors, badge readers and biometric scanners guard the entrance. A few well-timed cyberattacks open the way for a silent physical breach.
These staged scenarios are not just training exercises; they are conversation starters. By walking partners through realistic attacks, INL’s nuclear cyber team helps uncover hidden vulnerabilities, sharpen perspectives and form the foundation for building innovative solutions that secure the future of nuclear energy.
While security is paramount for the nation’s current fleet of light water reactors, the stakes for small modular reactors are especially high. Small modular reactors promise quicker build timelines and lower operating costs than light water reactors. They can achieve these enhancements through better designs, higher levels of automation and smaller operating crews. But those same design choices could expand the opportunity for cyber and insider threats. INL is working to accelerate innovation in nuclear cybersecurity so the reactors of tomorrow are not only safe and efficient, but secure and resilient.
Innovation is necessary now
“Digital technology has become inseparable from nuclear operations,” said Charlie Nickerson, a nuclear cybersecurity specialist at INL. “Every plant in operation today relies on a mix of sensors, control systems and data streams that would have been unthinkable three decades ago.”
This digital transformation has created efficiencies in monitoring and controlling reactors, but it has also expanded the potential attack surface for adversaries.
Modern power reactor designs rely on high levels of automation and smaller operating crews, giving each operator broader authority over critical systems. They also lean more heavily on remote access, secure data transfer and supply chains that stretch across borders. Each of these choices strengthens the business case for nuclear power but introduces new sources of risk that must be managed.
Traditional compliance-based approaches to cybersecurity cannot keep pace with this new reality. “Regulations are essential, but they were designed for a different era,” Nickerson said. “Meeting checklists alone will not prepare operators for adversaries who study systems, adapt quickly and combine cyber tactics with traditional sabotage tools.”
“What is needed is innovation in how we simulate threats, how we build systems to prevent unauthorized access, how we detect them earlier in the attack life cycle and how we train people to respond,” said Nickerson.
This is the role INL has chosen. By combining immersive environments with structured frameworks, the nuclear cyber team is building the tools that allow operators and decision makers to see the future of cyber risk and act on it today.
Innovation in action
Innovation at INL takes a tangible form inside the lab’s test bench environments. These are not classroom lectures or tabletop discussions. They are engineered environments where nuclear operators, cybersecurity professionals and decision makers confront real-world attacks in controlled conditions.
“Each test bench forces participants to see how a vulnerability unfolds during exploitation, what signals might have revealed it earlier and how defenses can be strengthened,” said Nickerson.
The INL team’s spent fuel pool cooling system replicates cooling systems for spent fuel at commercial nuclear power plants, making the stakes clear. A cyberattack that disrupts flow or disables sensors could put safety at risk. Participants test what happens when systems fail, then practice detection and recovery strategies that emphasize consequence-driven engineering and thinking. The experience drives home why cybersecurity is not abstract in a nuclear plant. It is directly tied to safety.
Another test bench mirrors the camera surveillance systems used at many facilities. The exercise is instantly familiar to anyone who has seen a heist film. A participant loops video footage so the security display shows a repeating image while a mock adversary gains access behind the scenes. It feels like Ocean’s Eleven, but it demonstrates how attackers blend digital system compromises with physical intrusions. The result is a vivid lesson in the importance of verifying what a system shows against what is actually happening.
These and other test benches at INL form more than a collection of exercises and pieces of equipment. They are innovation infrastructure. Each environment becomes a laboratory to stress-test ideas, refine detection strategies and help cross-disciplinary teams learn to anticipate the creativity of adversaries. The outcome: better-trained operators and a stronger foundation for building tools, practices and technologies that will secure nuclear energy for decades to come.
From simulation to framework and back again
The test benches may look like movie sets, but their real power comes afterward. Each bench feeds into a deliberate process that INL has built to help operators, vendors and regulators turn a single vivid experience into lasting change. The process has four steps: simulation, framework, application and return.
Step 1 | Simulation
The experience begins inside environments that recreate nuclear systems under cyberattack. The spent fuel pool test bench, for example, forces participants to see what happens when sensors fail or controls are disrupted. The surveillance bench shows how an attacker might distort data transmissions by looping a video feed while an intruder moves through a facility undetected. These moments are designed to stick. They create a shared memory through a common experience that everyone in the room can reference later, whether they are engineers, cybersecurity analysts or decision makers.
Step 2 | Framework
INL takes the drama from the exercise and distills it into structure. “Each scenario is mapped against the adversary life cycle, showing reconnaissance, delivery, exploitation and actions on target step by step,” Nickerson said. “Participants then discuss where protection and detection opportunities were missed.”
This is where varied scenarios and threat types are considered together. For example, an insider may provide access, but an outsider may weaponize it. “The goal is to create a framework that integrates both perspectives while blending behavioral cues with technical data, with the end goal of helping partners build defenses that match the reality of modern threat capabilities,” said Nickerson.
Step 3 | Application
The next step takes place outside the lab. Operators, vendors and decision makers carry the experiences and frameworks back to their home facilities. A regulator may adapt inspection criteria. A plant operator may revise a procedure for verifying surveillance feeds. A vendor may adjust the way remote access tools are configured. These are small but concrete changes, seeded by the memory of the exercise and shaped by the framework that followed, but the process does not end there. INL applies these same lessons working with partners to design new test scenarios, build new test benches, validate new ideas and expand the cycle of innovation. The application phase is not a handoff; it is the beginning of a collaborative loop that keeps INL and its partners moving ahead of adversaries.
Step 4 | Return
Finally, partners come back to Idaho. They bring new ideas, revised procedures or even prototype technologies to test on INL’s benches. This is where innovation accelerates. Instead of waiting for an adversary to prove whether the adjustment closes the gap, partners see it play out in a safe environment. They can test a new detection tool, stress test a revised response plan and validate a vendor’s design. The results show whether the change closes a gap, introduces new trade-offs, or maintains the safety and efficiency that advanced designs promise.
The outcome is not just a sharper workforce. It is a cycle that accelerates industry learning and innovation. Each loop compresses years of trial and error into weeks of experimentation.
“Participants leave not only with stories of simulated breaches, but with frameworks they can apply, solutions they can test and confidence that security does not have to come at the cost of safety and efficiency,” Nickerson said. “The benches are not just training environments. They are proving grounds where the future of cybersecurity is rehearsed, refined and proven.”
Scaling innovation and looking ahead
What happens inside INL’s test benches does not stay in Idaho. The same process that trains U.S. stakeholders has been shared with partners across the world. INL has collaborated with the International Atomic Energy Agency, supported Ukraine’s nuclear sector as it operates under the strain of war, and worked with partners like the United Arab Emirates, the Republic of Korea, the United Kingdom and others to advance safe, secure and reliable nuclear power. Each partnership turns the benches into amplifiers of innovation, spreading lessons and ideas across borders so nuclear facilities remain secure no matter where they are deployed.
INL’s work illustrates a simple lesson: innovation and security cannot be separated. Test benches, frameworks and partnerships are not side projects. They are the foundation for how nuclear power will remain secure and resilient in an era of rapid change.
“The future of nuclear energy depends on safety, cost and trust in the security. That is why INL is not just defending nuclear power, we are reinventing how we secure it,” said Nickerson.
By Sarah Lusk, INL Communications
About Idaho National Laboratory
Battelle Energy Alliance manages INL for the U.S. Department of Energy’s Office of Nuclear Energy. INL is the nation’s center for nuclear energy research and development, and also performs research in each of DOE’s strategic goal areas: energy, national security, science and the environment. For more information, visit www.inl.gov. Follow us on social media: Facebook, Instagram, LinkedIn and X.
