US cyber security oversight clarified

Tuesday, 12 January 2010

Oversight of cyber security at US nuclear power plants is to be conducted jointly by the Nuclear Regulatory Commission and the North American Electric Reliability Corporation.

Oversight of cyber security at US nuclear power plants is to be conducted jointly by the Nuclear Regulatory Commission (NRC) and the North American Electric Reliability Corporation (NERC).

 

Currently both the bodies are responsible for establishing and enforcing cyber security requirements at commercial nuclear power plants in the USA, consistent with their statutory authority and regulations. However, the two have now signed a memorandum of understanding (MoU) splitting up the area and defining respective roles and responsibilities. The MoU - effective for five years - supplements and existing memorandum of agreement they signed in July 2007.

 

The new arrangement clarifies that the NRC is responsible for inspecting digital assets that can affect safety, security and emergency preparedness, and enforcing compliance with its requirements. NERC, which is overseen by the Federal Energy Regulatory Commission (FERC), is responsible for inspecting those digital assets which can affect the continuity of electric power generation.

 

This division of responsibility, the organizations said, is consistent with the NRC's focus on public health and safety issues, environmental safety, and national defence and security, as well as NERC's focus on the reliability of the bulk power system.

 

Each organization is responsible for taking enforcement action consistent with its own statutory authority. To ensure consistent regulation, both organizations have agreed to coordinate on any enforcement actions that might be necessary should a cyber security incident result in a violation of both NRC and NERC requirements.

 

The NRC and NERC will now begin planning a series of workshops to help US nuclear power plant operators define exactly which systems and assets must comply with each organization's requirements.

 

In the MoU, the NRC and NERC agree to share information, and to consult and coordinate to the extent practicable on inspection and audit processes, "to minimize any potentially adverse effects from one organization's compliance actions or directives on the other organization's mandate."

 

Gerry Cauley, president and CEO of NERC, said: "The importance of protecting the nation's cyber assets and systems increases daily." He added, "This agreement between NERC and the NRC will help the NRC ensure that commercial nuclear power plants are safe and secure, and help NERC assure the reliability of the bulk power system."

 

Researched and written

by World Nuclear News

 

Related Links
Related Stories
Keep me informed