Skip to main content

Partnerships and Information Sharing in President Obama's Executive Order on Cyber Security

President Obama at 2013 SOTU
Yesterday President Obama signed an Executive Order aimed at helping nation harden its critical infrastructure against cyber attacks, and introduced it to the nation as part of his State of the Union address.

The Order states, "We can achieve these goals through a partnership with the owners and operators of critical infrastructure to improve cybersecurity information sharing and collaboratively develop and implement risk-based standards."

The partnership model has a history of success, and it is prudent to continue and support this model.

The nuclear power industry has an active partnership with the U.S. Department of Homeland Security specifically geared toward enhancing the security of commercial users of nuclear materials.

Under HSPD-7, the industry established the Nuclear Sector Coordinating Council (NSCC), and the government established the Government Coordinating Council (GCC).  These groups meet quarterly under the Critical Infrastructure Partnership Advisory Council (CIPAC) framework.

The NSCC/GCC provides an instrumental forum for organizations engaging in civilian uses of nuclear materials in the U.S. to discuss security issues and work together with our federal partners to enhance security and resilience.

The order also discusses the importance of information sharing. I could not agree more. The nuclear power industry in the U.S. has a proven record of responding in a timely manner to identified threats to the safe operations of our facilities.


Information sharing is integral to establishing a robust cyber security program. As I discussed in a previous blog post on nuclear power plant cybersecurity, our plants have been actively addressing the cyber threat for over 10 years.

The first questions that must be answered when establishing a security program are:
  1. What must be protected?
  2. What must it be protected from?
Information sharing has been instrumental in helping us stay on top of what we must be prepared to defend against.

Under the NSCC/GCC framework, the nuclear sector receives quarterly threat briefings at the SECRET level. The DHS also conducts monthly sector-specific unclassified threat briefings.

So, at a high level, the EO is moving in the right direction. But we cannot lose sight of good work already done.

This new emphasis on the adoption of cyber security practices must consider the existing regulatory frameworks and voluntary initiatives that are already in place.Complexity is the enemy of security. Streamlining and minimizing burden on private entities ensures that resources remain available to respond to real threats.

Ensuring that any new cyber security guidance, practices, or policies does not overlap or duplicate existing practices is essential. For addition details, please consult the NEI backgrounder on Cyber Security.

POSTSCRIPT: The Nuclear Energy Institute’s chief nuclear officer and senior vice president, Anthony R. (Tony) Pietrangelo, made the following comment about the cyber security executive order signed Tuesday by President Obama.

Tony Pietrangelo
“Commercial nuclear energy facilities are well protected from possible cyber threats. The nuclear energy industry has been implementing and improving cyber security controls since 2002, and the federal agency that oversees the nation’s nuclear energy facilities—the Nuclear Regulatory Commission—has established regulations that thoroughly monitor and inspect cyber security at all U.S. reactors.

“To ensure our constant readiness, the industry participates with government agencies to be aware of and assess its readiness for emerging cyber threats. Our facilities are essentially cyber islands, in that safety and control systems are not connected to business networks or the Internet. Unlike industries for which two-way data flow is critical, nuclear power plants do not require incoming data flow.

“Nuclear plants also are protected from grid instability, with multiple backup power supplies that provide for safe shutdown of a reactor in the event of a power blackout. Given that the NRC appropriately exercises authority over the protection of nuclear plant systems from potential cyber threats, it would be counterproductive to have dual oversight of these facilities.”

Comments

Popular posts from this blog

An Ohio School Board Is Working to Save Nuclear Plants

Ohio faces a decision soon about its two nuclear reactors, Davis-Besse and Perry, and on Wednesday, neighbors of one of those plants issued a cry for help. The reactors’ problem is that the price of electricity they sell on the high-voltage grid is depressed, mostly because of a surplus of natural gas. And the reactors do not get any revenue for the other benefits they provide. Some of those benefits are regional – emissions-free electricity, reliability with months of fuel on-site, and diversity in case of problems or price spikes with gas or coal, state and federal payroll taxes, and national economic stimulus as the plants buy fuel, supplies and services. Some of the benefits are highly localized, including employment and property taxes. One locality is already feeling the pinch: Oak Harbor on Lake Erie, home to Davis-Besse. The town has a middle school in a building that is 106 years old, and an elementary school from the 1950s, and on May 2 was scheduled to have a referendu

Why Ex-Im Bank Board Nominations Will Turn the Page on a Dysfunctional Chapter in Washington

In our present era of political discord, could Washington agree to support an agency that creates thousands of American jobs by enabling U.S. companies of all sizes to compete in foreign markets? What if that agency generated nearly billions of dollars more in revenue than the cost of its operations and returned that money – $7 billion over the past two decades – to U.S. taxpayers? In fact, that agency, the Export-Import Bank of the United States (Ex-Im Bank), was reauthorized by a large majority of Congress in 2015. To be sure, the matter was not without controversy. A bipartisan House coalition resorted to a rarely-used parliamentary maneuver in order to force a vote. But when Congress voted, Ex-Im Bank won a supermajority in the House and a large majority in the Senate. For almost two years, however, Ex-Im Bank has been unable to function fully because a single Senate committee chairman prevented the confirmation of nominees to its Board of Directors. Without a quorum

NEI Praises Connecticut Action in Support of Nuclear Energy

Earlier this week, Connecticut Gov. Dannel P. Malloy signed SB-1501 into law, legislation that puts nuclear energy on an equal footing with other non-emitting sources of energy in the state’s electricity marketplace. “Gov. Malloy and the state legislature deserve praise for their decision to support Dominion’s Millstone Power Station and the 1,500 Connecticut residents who work there," said NEI President and CEO Maria Korsnick. "By opening the door to Millstone having equal access to auctions open to other non-emitting sources of electricity, the state will help preserve $1.5 billion in economic activity, grid resiliency and reliability, and clean air that all residents of the state can enjoy," Korsnick said. Millstone Power Station Korsnick continued, "Connecticut is the third state to re-balance its electricity marketplace, joining New York and Illinois, which took their own legislative paths to preserving nuclear power plants in 2016. Now attention should