Skip to main content

Nuclear Cyber Security and Its Discontents

The minority (that is, the Republicans) on the Senate Homeland Security and Governmental Affairs committee released a report that shows a number of federal agencies, including the Nuclear Regulatory Commission, exercising lax cyber security. In some instances, the brew is rather weak – antivirus software has not been updated at some agencies, which probably has Symantec worried - but there’s some substantial stuff in it, too.

This sums up the report’s finding on the NRC:

Yet just about every aspect of that process [addressing cyber security weaknesses] appears to be broken at the NRC. Problems were identified but never scheduled to be fixed; fixes were scheduled but not completed; fixes were recorded as complete when they were not.

The first thing to note is that this has nothing whatever to do with cyber security at nuclear energy facilities. In some ways, this report confuses network security with what is a much broader topic. Government agency network security has been low hanging fruit when one seeks an issue to publicize, which doesn’t mean it shouldn’t be addressed.

Bill Gross, NEI senior project manager, engineering, who has done a lot of work on nuclear facility cyber security, wrote a blog post for us early last year outlining some of the steps the industry has taken to address the subject. Well worth a read for anyone interested in this issue. His conclusion:

No cyber security program will be 100% perfect.  These interim measures well position the plants to ensure that the public health and safety are maintained, and that the sites will reliably continue to make their significant contribution to the nation’s electrical supply.

---

We can’t really answer for the NRC and what it might need to do to digitally clean its house. We can say that this is a partisan report. Sen. Tom Coburn (R-Okla.), the committee’s ranking member, keeps the pot at a simmer in presenting the report’s findings on his We site.

“Weaknesses in the federal government’s own cyber security have put at risk the electrical grid, our financial markets, our emergency response systems and our citizens’ personal information,” Dr. Coburn said.  “While politicians like to propose complex new regulations, massive new programs, and billions in new spending to improve cyber security, there are very basic – and critically important – precautions that could protect our infrastructure and our citizens’ private information that we simply aren’t doing.”

So, yes, partisan. I’m not sure the report addresses risks to infrastructure or financial markets – agencies overseeing them, perhaps, but that’s not the same thing. It seems to both want and not want regulation; it just depends on what’s being regulated. It’ll be interesting to see how or even if the NRC responds to this report.

Comments

Popular posts from this blog

An Ohio School Board Is Working to Save Nuclear Plants

Ohio faces a decision soon about its two nuclear reactors, Davis-Besse and Perry, and on Wednesday, neighbors of one of those plants issued a cry for help. The reactors’ problem is that the price of electricity they sell on the high-voltage grid is depressed, mostly because of a surplus of natural gas. And the reactors do not get any revenue for the other benefits they provide. Some of those benefits are regional – emissions-free electricity, reliability with months of fuel on-site, and diversity in case of problems or price spikes with gas or coal, state and federal payroll taxes, and national economic stimulus as the plants buy fuel, supplies and services. Some of the benefits are highly localized, including employment and property taxes. One locality is already feeling the pinch: Oak Harbor on Lake Erie, home to Davis-Besse. The town has a middle school in a building that is 106 years old, and an elementary school from the 1950s, and on May 2 was scheduled to have a referendu

Why Ex-Im Bank Board Nominations Will Turn the Page on a Dysfunctional Chapter in Washington

In our present era of political discord, could Washington agree to support an agency that creates thousands of American jobs by enabling U.S. companies of all sizes to compete in foreign markets? What if that agency generated nearly billions of dollars more in revenue than the cost of its operations and returned that money – $7 billion over the past two decades – to U.S. taxpayers? In fact, that agency, the Export-Import Bank of the United States (Ex-Im Bank), was reauthorized by a large majority of Congress in 2015. To be sure, the matter was not without controversy. A bipartisan House coalition resorted to a rarely-used parliamentary maneuver in order to force a vote. But when Congress voted, Ex-Im Bank won a supermajority in the House and a large majority in the Senate. For almost two years, however, Ex-Im Bank has been unable to function fully because a single Senate committee chairman prevented the confirmation of nominees to its Board of Directors. Without a quorum

NEI Praises Connecticut Action in Support of Nuclear Energy

Earlier this week, Connecticut Gov. Dannel P. Malloy signed SB-1501 into law, legislation that puts nuclear energy on an equal footing with other non-emitting sources of energy in the state’s electricity marketplace. “Gov. Malloy and the state legislature deserve praise for their decision to support Dominion’s Millstone Power Station and the 1,500 Connecticut residents who work there," said NEI President and CEO Maria Korsnick. "By opening the door to Millstone having equal access to auctions open to other non-emitting sources of electricity, the state will help preserve $1.5 billion in economic activity, grid resiliency and reliability, and clean air that all residents of the state can enjoy," Korsnick said. Millstone Power Station Korsnick continued, "Connecticut is the third state to re-balance its electricity marketplace, joining New York and Illinois, which took their own legislative paths to preserving nuclear power plants in 2016. Now attention should