Skip to main content

Nuclear Cyber Security and Its Discontents

The minority (that is, the Republicans) on the Senate Homeland Security and Governmental Affairs committee released a report that shows a number of federal agencies, including the Nuclear Regulatory Commission, exercising lax cyber security. In some instances, the brew is rather weak – antivirus software has not been updated at some agencies, which probably has Symantec worried - but there’s some substantial stuff in it, too.

This sums up the report’s finding on the NRC:

Yet just about every aspect of that process [addressing cyber security weaknesses] appears to be broken at the NRC. Problems were identified but never scheduled to be fixed; fixes were scheduled but not completed; fixes were recorded as complete when they were not.

The first thing to note is that this has nothing whatever to do with cyber security at nuclear energy facilities. In some ways, this report confuses network security with what is a much broader topic. Government agency network security has been low hanging fruit when one seeks an issue to publicize, which doesn’t mean it shouldn’t be addressed.

Bill Gross, NEI senior project manager, engineering, who has done a lot of work on nuclear facility cyber security, wrote a blog post for us early last year outlining some of the steps the industry has taken to address the subject. Well worth a read for anyone interested in this issue. His conclusion:

No cyber security program will be 100% perfect.  These interim measures well position the plants to ensure that the public health and safety are maintained, and that the sites will reliably continue to make their significant contribution to the nation’s electrical supply.

---

We can’t really answer for the NRC and what it might need to do to digitally clean its house. We can say that this is a partisan report. Sen. Tom Coburn (R-Okla.), the committee’s ranking member, keeps the pot at a simmer in presenting the report’s findings on his We site.

“Weaknesses in the federal government’s own cyber security have put at risk the electrical grid, our financial markets, our emergency response systems and our citizens’ personal information,” Dr. Coburn said.  “While politicians like to propose complex new regulations, massive new programs, and billions in new spending to improve cyber security, there are very basic – and critically important – precautions that could protect our infrastructure and our citizens’ private information that we simply aren’t doing.”

So, yes, partisan. I’m not sure the report addresses risks to infrastructure or financial markets – agencies overseeing them, perhaps, but that’s not the same thing. It seems to both want and not want regulation; it just depends on what’s being regulated. It’ll be interesting to see how or even if the NRC responds to this report.

Comments

Popular posts from this blog

Wednesday Update

From NEI’s Japan micro-site: NRC, Industry Concur on Many Post-Fukushima Actions Industry/Regulatory/Political Issues • There is a “great deal of alignment” between the U.S. Nuclear Regulatory Commission and the industry on initial steps to take at America’s nuclear energy facilities in response to the nuclear accident in Japan, Charles Pardee, the chief operating officer of Exelon Generation Co., said at an agency briefing today. The briefing gave stakeholders an opportunity to discuss staff recommendations for near-term actions the agency may take at U.S. facilities. PowerPoint slides from the meeting are on the NRC website. • The International Atomic Energy Agency board has approved a plan that calls for inspectors to evaluate reactor safety at nuclear energy facilities every three years. Governments may opt out of having their country’s facilities inspected. Also approved were plans to maintain a rapid response team of experts ready to assist facility operators recoverin...

Activists' Claims Distort Facts about Advanced Reactor Design

Below is from our rapid response team . Yesterday, regional anti-nuclear organizations asked federal nuclear energy regulators to launch an investigation into what it claims are “newly identified flaws” in Westinghouse’s advanced reactor design, the AP1000. During a teleconference releasing a report on the subject, participants urged the Nuclear Regulatory Commission to suspend license reviews of proposed AP1000 reactors. In its news release, even the groups making these allegations provide conflicting information on its findings. In one instance, the groups cite “dozens of corrosion holes” at reactor vessels and in another says that eight holes have been documented. In all cases, there is another containment mechanism that would provide a barrier to radiation release. Below, we examine why these claims are unwarranted and why the AP1000 design certification process should continue as designated by the NRC. Myth: In the AP1000 reactor design, the gap between the shield bu...

Nuclear Utility Moves Up in Credit Ratings, Bank is "Comfortable with Nuclear Strategy"

Some positive signs that nuclear utilities can continue to receive positive ratings even while they finance new nuclear plants for the first time in decades: Wells Fargo upgrades SCANA to Outperform from Market Perform Wells analyst says, "YTD, SCG shares have underperformed the Regulated Electrics (total return +2% vs. +9%). Shares trade at 11.3X our 10E EPS, a modest discount to the peer group median of 11.8X. We view the valuation as attractive given a comparatively constructive regulatory environment and potential for above-average long-term EPS growth prospects ... Comfortable with Nuclear Strategy. SCG plans to participate in the development of two regulated nuclear units at a cost of $6.3B, raising legitimate concerns regarding financing and construction. We have carefully considered the risks and are comfortable with SCG’s strategy based on a highly constructive political & regulatory environment, manageable financing needs stretched out over 10 years, strong partners...