Earlier today, the Financial Times published a story concerning how computer hackers might be able to attack America's electric infrastructure. While the story didn't mention the nuclear energy industry specifically, we thought it would be a good idea to remind everyone that
NEI's in-house expert on cyber security, Bill Gross, recently tackled the issue of how the nuclear industry has been responding to these potential threats:
The nuclear sector is a leader in the area cyber security. The Nuclear Energy Institute established a Cyber Security Task Force in 2002 to begin developing recommendations and guidance for nuclear facilities to address cyber security threats. In 2006, in the absence of regulations, the nuclear power plants adopted and, by May of 2008, implemented a robust cyber security program. This program was recognized by both NRC and NERC as adequate for the protection of critical systems.
In March of 2009, the NRC issued mandatory and comprehensive performance-based cyber security regulations applicable to all existing and new nuclear power plants. These regulations require plants to submit a cyber security plan to the NRC for their approval. The cyber security program must implement defense-in-depth measures for the protection of digital systems that support safety, security, emergency preparedness, and reliable power generation. The NRC has approved the plans for all currently operating plants, and the plants are in the process of implementing those plans.