Development of an Approach for the Creation of a Cyber Security Program for Fuel Cycle Facilities regulated by the Nuclear Regulatory Commission

摘要

In March 2009, the Nuclear Regulatory Commission (NRC) established a cyber security rule fornuclear power plants, 10 CFR 73.54. This rule is a performance based approach for theprotection of digital computer and communications systems for protection against a cyber attack.The NRC is currently in the process of developing a regulatory approach to cyber security at fuelcycle facilities. Fuel cycle facilities with Category I quantities of special nuclear material mustprotect against cyber attacks as part of the design basis threat. Other fuel cycle facilities do nothave this regulation. The fuel cycle licensees were asked to provide information on the currentstatus of their cyber security programs, especially in the context of critical functions: safety,physical security, emergency preparedness, material control and accountability, and informationsecurity. NRC staff is working closely with licensees to determine the path forward for cybersecurity of fuel cycle facilities. Current topics of discussion include the establishment of aconsequence threshold and identifying the specific cyber threat to fuel cycle facilities. The NRCis considering the issuance of orders, as appropriate, followed by the development of specificcyber security regulations.