How to Cite
Abstract
The rapid digitalization of nuclear power plants (NPPs) and the deployment of advanced and small modular reactors (A/SMRs) have expanded the cybersecurity attack surface within the nuclear sector. This evolution introduces unique challenges beyond those faced in general information technology (IT), operational technology (OT) and industrial control system (ICS) security, due to nuclear power’s regulatory rigor, safety-critical nature, and operational needs.
A pressing workforce gap persists; cybersecurity graduates typically lack nuclear-specific context and retraining them for industry readiness requires 12–18 months, creating a significant burden. This paper addresses this gap by defining the domains of knowledge that nuclear cybersecurity specialists must master, spanning cybersecurity, nuclear engineering, OT/ICS security, and regulatory governance. We propose a curricular framework integrating technical, regulatory, and applied learning components to accelerate workforce readiness.
Our approach builds on existing findings that current curricula inadequately integrate nuclear engineering and cybersecurity, shifting the discourse from why specialization is needed to what knowledge must be taught. The recommendations have implications for workforce development and long-term resilience of the nuclear energy sector.
Open Access License Notice:
This article is © its author(s) and is licensed under the Creative Commons Attribution 4.0 International License (CC BY 4.0). Beginning with Volume 13 (2026), this license is included directly within all published PDFs. For earlier articles, a cover page has been added to indicate the correct licensing terms. Any legacy copyright or pricing statements appearing within the PDF reflect prior print production workflows and do not represent the Journal’s current open access policy. For full details, please see the Journal’s License Terms.