Skip to main content

Partnerships and Information Sharing in President Obama's Executive Order on Cyber Security

President Obama at 2013 SOTU
Yesterday President Obama signed an Executive Order aimed at helping nation harden its critical infrastructure against cyber attacks, and introduced it to the nation as part of his State of the Union address.

The Order states, "We can achieve these goals through a partnership with the owners and operators of critical infrastructure to improve cybersecurity information sharing and collaboratively develop and implement risk-based standards."

The partnership model has a history of success, and it is prudent to continue and support this model.

The nuclear power industry has an active partnership with the U.S. Department of Homeland Security specifically geared toward enhancing the security of commercial users of nuclear materials.

Under HSPD-7, the industry established the Nuclear Sector Coordinating Council (NSCC), and the government established the Government Coordinating Council (GCC).  These groups meet quarterly under the Critical Infrastructure Partnership Advisory Council (CIPAC) framework.

The NSCC/GCC provides an instrumental forum for organizations engaging in civilian uses of nuclear materials in the U.S. to discuss security issues and work together with our federal partners to enhance security and resilience.

The order also discusses the importance of information sharing. I could not agree more. The nuclear power industry in the U.S. has a proven record of responding in a timely manner to identified threats to the safe operations of our facilities.


Information sharing is integral to establishing a robust cyber security program. As I discussed in a previous blog post on nuclear power plant cybersecurity, our plants have been actively addressing the cyber threat for over 10 years.

The first questions that must be answered when establishing a security program are:
  1. What must be protected?
  2. What must it be protected from?
Information sharing has been instrumental in helping us stay on top of what we must be prepared to defend against.

Under the NSCC/GCC framework, the nuclear sector receives quarterly threat briefings at the SECRET level. The DHS also conducts monthly sector-specific unclassified threat briefings.

So, at a high level, the EO is moving in the right direction. But we cannot lose sight of good work already done.

This new emphasis on the adoption of cyber security practices must consider the existing regulatory frameworks and voluntary initiatives that are already in place.Complexity is the enemy of security. Streamlining and minimizing burden on private entities ensures that resources remain available to respond to real threats.

Ensuring that any new cyber security guidance, practices, or policies does not overlap or duplicate existing practices is essential. For addition details, please consult the NEI backgrounder on Cyber Security.

POSTSCRIPT: The Nuclear Energy Institute’s chief nuclear officer and senior vice president, Anthony R. (Tony) Pietrangelo, made the following comment about the cyber security executive order signed Tuesday by President Obama.

Tony Pietrangelo
“Commercial nuclear energy facilities are well protected from possible cyber threats. The nuclear energy industry has been implementing and improving cyber security controls since 2002, and the federal agency that oversees the nation’s nuclear energy facilities—the Nuclear Regulatory Commission—has established regulations that thoroughly monitor and inspect cyber security at all U.S. reactors.

“To ensure our constant readiness, the industry participates with government agencies to be aware of and assess its readiness for emerging cyber threats. Our facilities are essentially cyber islands, in that safety and control systems are not connected to business networks or the Internet. Unlike industries for which two-way data flow is critical, nuclear power plants do not require incoming data flow.

“Nuclear plants also are protected from grid instability, with multiple backup power supplies that provide for safe shutdown of a reactor in the event of a power blackout. Given that the NRC appropriately exercises authority over the protection of nuclear plant systems from potential cyber threats, it would be counterproductive to have dual oversight of these facilities.”

Comments

Popular posts from this blog

A Design Team Pictures the Future of Nuclear Energy

For more than 100 years, the shape and location of human settlements has been defined in large part by energy and water. Cities grew up near natural resources like hydropower, and near water for agricultural, industrial and household use.

So what would the world look like with a new generation of small nuclear reactors that could provide abundant, clean energy for electricity, water pumping and desalination and industrial processes?

Hard to say with precision, but Third Way, the non-partisan think tank, asked the design team at the Washington, D.C. office of Gensler & Associates, an architecture and interior design firm that specializes in sustainable projects like a complex that houses the NFL’s Dallas Cowboys. The talented designers saw a blooming desert and a cozy arctic village, an old urban mill re-purposed as an energy producer, a data center that integrates solar panels on its sprawling flat roofs, a naval base and a humming transit hub.

In the converted mill, high temperat…

New Home for Our Blog: Join Us on NEI.org

On February 27, NEI launched the new NEI.org. We overhauled the public site, framing all of our content around the National Nuclear Energy Strategy.

So, what's changed?

Our top priority was to put you, the user, first. Now you can quickly get the information you need. You'll enjoy visiting the site with its intuitive navigation, social media integration and compelling and shareable visuals. We've added a feature called Nuclear Now, which showcases the latest industry news and resources like fact sheets and reports. It's one of the first sections you'll see on our home page and it can be accessed anywhere throughout the site by clicking on the atom symbol in the top right corner of the page.
Most importantly for you, our loyal NEI Nuclear Notes readers, is that we've migrated the blog to the new site. Moving forward, all blog posts will be published in the News section, along with our press releases, Nuclear Energy Overview stories and more. Just look for the &qu…

Hurricane Harvey Couldn't Stop the South Texas Project

As Hurricane Harvey battered southeast Texas over the past week, the devastation and loss of life in its wake have kept our attention and been a cause of grief.

Through the tragedy, many stories of heroics and sacrifice have emerged. Among those who have sacrificed are nearly 250 workers who have been hunkered down at the South Texas Project (STP) nuclear plant in Matagorda County, Texas.

STP’s priorities were always the safety of their employees and the communities they serve. We are proud that STP continued to operate at full power throughout the storm. It is a true testament to the reliability and resiliency of not only the operators but of our industry.

The world is starting to notice what a feat it is to have maintained operations through the catastrophic event. Forbes’ Rod Adams did an excellent job describing the contribution of these men and women:

“STP storm crew members deserve to be proud of the work that they are doing. Their families should take comfort in the fact that…