Skip to main content

Partnerships and Information Sharing in President Obama's Executive Order on Cyber Security

President Obama at 2013 SOTU
Yesterday President Obama signed an Executive Order aimed at helping nation harden its critical infrastructure against cyber attacks, and introduced it to the nation as part of his State of the Union address.

The Order states, "We can achieve these goals through a partnership with the owners and operators of critical infrastructure to improve cybersecurity information sharing and collaboratively develop and implement risk-based standards."

The partnership model has a history of success, and it is prudent to continue and support this model.

The nuclear power industry has an active partnership with the U.S. Department of Homeland Security specifically geared toward enhancing the security of commercial users of nuclear materials.

Under HSPD-7, the industry established the Nuclear Sector Coordinating Council (NSCC), and the government established the Government Coordinating Council (GCC).  These groups meet quarterly under the Critical Infrastructure Partnership Advisory Council (CIPAC) framework.

The NSCC/GCC provides an instrumental forum for organizations engaging in civilian uses of nuclear materials in the U.S. to discuss security issues and work together with our federal partners to enhance security and resilience.

The order also discusses the importance of information sharing. I could not agree more. The nuclear power industry in the U.S. has a proven record of responding in a timely manner to identified threats to the safe operations of our facilities.


Information sharing is integral to establishing a robust cyber security program. As I discussed in a previous blog post on nuclear power plant cybersecurity, our plants have been actively addressing the cyber threat for over 10 years.

The first questions that must be answered when establishing a security program are:
  1. What must be protected?
  2. What must it be protected from?
Information sharing has been instrumental in helping us stay on top of what we must be prepared to defend against.

Under the NSCC/GCC framework, the nuclear sector receives quarterly threat briefings at the SECRET level. The DHS also conducts monthly sector-specific unclassified threat briefings.

So, at a high level, the EO is moving in the right direction. But we cannot lose sight of good work already done.

This new emphasis on the adoption of cyber security practices must consider the existing regulatory frameworks and voluntary initiatives that are already in place.Complexity is the enemy of security. Streamlining and minimizing burden on private entities ensures that resources remain available to respond to real threats.

Ensuring that any new cyber security guidance, practices, or policies does not overlap or duplicate existing practices is essential. For addition details, please consult the NEI backgrounder on Cyber Security.

POSTSCRIPT: The Nuclear Energy Institute’s chief nuclear officer and senior vice president, Anthony R. (Tony) Pietrangelo, made the following comment about the cyber security executive order signed Tuesday by President Obama.

Tony Pietrangelo
“Commercial nuclear energy facilities are well protected from possible cyber threats. The nuclear energy industry has been implementing and improving cyber security controls since 2002, and the federal agency that oversees the nation’s nuclear energy facilities—the Nuclear Regulatory Commission—has established regulations that thoroughly monitor and inspect cyber security at all U.S. reactors.

“To ensure our constant readiness, the industry participates with government agencies to be aware of and assess its readiness for emerging cyber threats. Our facilities are essentially cyber islands, in that safety and control systems are not connected to business networks or the Internet. Unlike industries for which two-way data flow is critical, nuclear power plants do not require incoming data flow.

“Nuclear plants also are protected from grid instability, with multiple backup power supplies that provide for safe shutdown of a reactor in the event of a power blackout. Given that the NRC appropriately exercises authority over the protection of nuclear plant systems from potential cyber threats, it would be counterproductive to have dual oversight of these facilities.”

Comments

Popular posts from this blog

Fluor Invests in NuScale

You know, it’s kind of sad that no one is willing to invest in nuclear energy anymore. Wait, what? NuScale Power celebrated the news of its company-saving $30 million investment from Fluor Corp. Thursday morning with a press conference in Washington, D.C. Fluor is a design, engineering and construction company involved with some 20 plants in the 70s and 80s, but it has not held interest in a nuclear energy company until now. Fluor, which has deep roots in the nuclear industry, is betting big on small-scale nuclear energy with its NuScale investment. "It's become a serious contender in the last decade or so," John Hopkins, [Fluor’s group president in charge of new ventures], said. And that brings us to NuScale, which had run into some dark days – maybe not as dark as, say, Solyndra, but dire enough : Earlier this year, the Securities Exchange Commission filed an action against NuScale's lead investor, The Michael Kenwood Group. The firm "misap...

Wednesday Update

From NEI’s Japan micro-site: NRC, Industry Concur on Many Post-Fukushima Actions Industry/Regulatory/Political Issues • There is a “great deal of alignment” between the U.S. Nuclear Regulatory Commission and the industry on initial steps to take at America’s nuclear energy facilities in response to the nuclear accident in Japan, Charles Pardee, the chief operating officer of Exelon Generation Co., said at an agency briefing today. The briefing gave stakeholders an opportunity to discuss staff recommendations for near-term actions the agency may take at U.S. facilities. PowerPoint slides from the meeting are on the NRC website. • The International Atomic Energy Agency board has approved a plan that calls for inspectors to evaluate reactor safety at nuclear energy facilities every three years. Governments may opt out of having their country’s facilities inspected. Also approved were plans to maintain a rapid response team of experts ready to assist facility operators recoverin...

Nuclear Utility Moves Up in Credit Ratings, Bank is "Comfortable with Nuclear Strategy"

Some positive signs that nuclear utilities can continue to receive positive ratings even while they finance new nuclear plants for the first time in decades: Wells Fargo upgrades SCANA to Outperform from Market Perform Wells analyst says, "YTD, SCG shares have underperformed the Regulated Electrics (total return +2% vs. +9%). Shares trade at 11.3X our 10E EPS, a modest discount to the peer group median of 11.8X. We view the valuation as attractive given a comparatively constructive regulatory environment and potential for above-average long-term EPS growth prospects ... Comfortable with Nuclear Strategy. SCG plans to participate in the development of two regulated nuclear units at a cost of $6.3B, raising legitimate concerns regarding financing and construction. We have carefully considered the risks and are comfortable with SCG’s strategy based on a highly constructive political & regulatory environment, manageable financing needs stretched out over 10 years, strong partners...