HOME / REGULATION & SAFETY / US CYBER SECURITY OVERSIGHT CLARIFIED

US cyber security oversight clarified

Tuesday, 12 January 2010

Oversight of cyber security at US nuclear power plants is to be conducted jointly by the Nuclear Regulatory Commission and the North American Electric Reliability Corporation.

Oversight of cyber security at US nuclear power plants is to be conducted jointly by the Nuclear Regulatory Commission (NRC) and the North American Electric Reliability Corporation (NERC).

 

Currently both the bodies are responsible for establishing and enforcing cyber security requirements at commercial nuclear power plants in the USA, consistent with their statutory authority and regulations. However, the two have now signed a memorandum of understanding (MoU) splitting up the area and defining respective roles and responsibilities. The MoU - effective for five years - supplements and existing memorandum of agreement they signed in July 2007.

 

The new arrangement clarifies that the NRC is responsible for inspecting digital assets that can affect safety, security and emergency preparedness, and enforcing compliance with its requirements. NERC, which is overseen by the Federal Energy Regulatory Commission (FERC), is responsible for inspecting those digital assets which can affect the continuity of electric power generation.

 

This division of responsibility, the organizations said, is consistent with the NRC's focus on public health and safety issues, environmental safety, and national defence and security, as well as NERC's focus on the reliability of the bulk power system.

 

Each organization is responsible for taking enforcement action consistent with its own statutory authority. To ensure consistent regulation, both organizations have agreed to coordinate on any enforcement actions that might be necessary should a cyber security incident result in a violation of both NRC and NERC requirements.

 

The NRC and NERC will now begin planning a series of workshops to help US nuclear power plant operators define exactly which systems and assets must comply with each organization's requirements.

 

In the MoU, the NRC and NERC agree to share information, and to consult and coordinate to the extent practicable on inspection and audit processes, "to minimize any potentially adverse effects from one organization's compliance actions or directives on the other organization's mandate."

 

Gerry Cauley, president and CEO of NERC, said: "The importance of protecting the nation's cyber assets and systems increases daily." He added, "This agreement between NERC and the NRC will help the NRC ensure that commercial nuclear power plants are safe and secure, and help NERC assure the reliability of the bulk power system."

 

Researched and written

by World Nuclear News

 

Most Read
Guidelines drawn up for AI use in nuclear sector
Guidelines drawn up for AI use in nuclear sector
Thursday, 12 September 2024
President Biden signs ADVANCE Act into law
President Biden signs ADVANCE Act into law
Wednesday, 10 July 2024
Long-term safety at Koeberg assessed
Long-term safety at Koeberg assessed
Friday, 13 September 2024
Joint preparatory review for Thorizon One reactor
Joint preparatory review for Thorizon One reactor
Wednesday, 4 September 2024
Podcasts & Features
Podcast: Financiers back idea of nuclear expansion, but what are the challenges? Podcasts & Features
Podcast: Financiers back idea of nuclear expansion, but what are the challenges?
Podcasts & Features · Tuesday, 24 September 2024
Viewpoint: Building the industrial foundations for new nuclear growth Podcasts & Features
Viewpoint: Building the industrial foundations for new nuclear growth
Podcasts & Features · Friday, 20 September 2024
All Podcasts & Features
WNN is a public information service of World Nuclear Association.
Related Links
Related Stories
Keep me informed