Skip to main content

Nuclear Cyber Security and Its Discontents

The minority (that is, the Republicans) on the Senate Homeland Security and Governmental Affairs committee released a report that shows a number of federal agencies, including the Nuclear Regulatory Commission, exercising lax cyber security. In some instances, the brew is rather weak – antivirus software has not been updated at some agencies, which probably has Symantec worried - but there’s some substantial stuff in it, too.

This sums up the report’s finding on the NRC:

Yet just about every aspect of that process [addressing cyber security weaknesses] appears to be broken at the NRC. Problems were identified but never scheduled to be fixed; fixes were scheduled but not completed; fixes were recorded as complete when they were not.

The first thing to note is that this has nothing whatever to do with cyber security at nuclear energy facilities. In some ways, this report confuses network security with what is a much broader topic. Government agency network security has been low hanging fruit when one seeks an issue to publicize, which doesn’t mean it shouldn’t be addressed.

Bill Gross, NEI senior project manager, engineering, who has done a lot of work on nuclear facility cyber security, wrote a blog post for us early last year outlining some of the steps the industry has taken to address the subject. Well worth a read for anyone interested in this issue. His conclusion:

No cyber security program will be 100% perfect.  These interim measures well position the plants to ensure that the public health and safety are maintained, and that the sites will reliably continue to make their significant contribution to the nation’s electrical supply.

---

We can’t really answer for the NRC and what it might need to do to digitally clean its house. We can say that this is a partisan report. Sen. Tom Coburn (R-Okla.), the committee’s ranking member, keeps the pot at a simmer in presenting the report’s findings on his We site.

“Weaknesses in the federal government’s own cyber security have put at risk the electrical grid, our financial markets, our emergency response systems and our citizens’ personal information,” Dr. Coburn said.  “While politicians like to propose complex new regulations, massive new programs, and billions in new spending to improve cyber security, there are very basic – and critically important – precautions that could protect our infrastructure and our citizens’ private information that we simply aren’t doing.”

So, yes, partisan. I’m not sure the report addresses risks to infrastructure or financial markets – agencies overseeing them, perhaps, but that’s not the same thing. It seems to both want and not want regulation; it just depends on what’s being regulated. It’ll be interesting to see how or even if the NRC responds to this report.

Comments

Popular posts from this blog

Fluor Invests in NuScale

You know, it’s kind of sad that no one is willing to invest in nuclear energy anymore. Wait, what? NuScale Power celebrated the news of its company-saving $30 million investment from Fluor Corp. Thursday morning with a press conference in Washington, D.C. Fluor is a design, engineering and construction company involved with some 20 plants in the 70s and 80s, but it has not held interest in a nuclear energy company until now. Fluor, which has deep roots in the nuclear industry, is betting big on small-scale nuclear energy with its NuScale investment. "It's become a serious contender in the last decade or so," John Hopkins, [Fluor’s group president in charge of new ventures], said. And that brings us to NuScale, which had run into some dark days – maybe not as dark as, say, Solyndra, but dire enough : Earlier this year, the Securities Exchange Commission filed an action against NuScale's lead investor, The Michael Kenwood Group. The firm "misap

An Ohio School Board Is Working to Save Nuclear Plants

Ohio faces a decision soon about its two nuclear reactors, Davis-Besse and Perry, and on Wednesday, neighbors of one of those plants issued a cry for help. The reactors’ problem is that the price of electricity they sell on the high-voltage grid is depressed, mostly because of a surplus of natural gas. And the reactors do not get any revenue for the other benefits they provide. Some of those benefits are regional – emissions-free electricity, reliability with months of fuel on-site, and diversity in case of problems or price spikes with gas or coal, state and federal payroll taxes, and national economic stimulus as the plants buy fuel, supplies and services. Some of the benefits are highly localized, including employment and property taxes. One locality is already feeling the pinch: Oak Harbor on Lake Erie, home to Davis-Besse. The town has a middle school in a building that is 106 years old, and an elementary school from the 1950s, and on May 2 was scheduled to have a referendu

Wednesday Update

From NEI’s Japan micro-site: NRC, Industry Concur on Many Post-Fukushima Actions Industry/Regulatory/Political Issues • There is a “great deal of alignment” between the U.S. Nuclear Regulatory Commission and the industry on initial steps to take at America’s nuclear energy facilities in response to the nuclear accident in Japan, Charles Pardee, the chief operating officer of Exelon Generation Co., said at an agency briefing today. The briefing gave stakeholders an opportunity to discuss staff recommendations for near-term actions the agency may take at U.S. facilities. PowerPoint slides from the meeting are on the NRC website. • The International Atomic Energy Agency board has approved a plan that calls for inspectors to evaluate reactor safety at nuclear energy facilities every three years. Governments may opt out of having their country’s facilities inspected. Also approved were plans to maintain a rapid response team of experts ready to assist facility operators recoverin