Speaker
Description
The increasing advancement of digital technology and the large amount of digital equipment in nuclear power plants have created new cyber threats to the nuclear power industry. In the U.S., nuclear power plants have implemented measures to address ever increasing cyber threats since the September 11, 2001 terrorist attacks. The NRC published a cyber security rule for power reactor licensees (10 CFR 73.54) in 2009.
The power reactor licensees implemented the cyber security rule at their facilities (cyber security program) in two steps. The first step had seven milestones, referred to as “interim milestones”. The licensees implemented security measures that would address significant threat vectors so that nuclear power plants were protected. The licensees completed the implementation of these security measures by 2012. The NRC inspected licensees’ implementation of the interim milestones between 2013 and 2015. The second step involves full implementation of the cyber security program. In general, licensees fully implemented the cyber security program at their facilities by 2017. The NRC began inspecting licensees’ full implementation program in July 2017 and this inspection is scheduled to be completed in 2020. The NRC performs a two-week onsite inspection. As of December 2018, the NRC completed the inspections of 20 sites.
The NRC has gained valuable insights on implementing cyber security programs at commercial nuclear power plants in the United States. This paper provides an overview of the challenges faced in implementing a cyber security oversight program for nuclear power plants, as well as the lessons learned from its implementation. In addition, this paper will also discuss those controls that are effective in minimizing the cyber attack surfaces for the commercial nuclear power plants in the U.S.
| State | United States |
|---|---|
| Gender | Male |
