In March 2009, the Nuclear Regulatory Commission (NRC) published 10 CFR 73.54, "Protection of Digital Computer and Communications Systems and Networks." This rule required each power reactor licensee to submit a cyber security plan (CSP) and a proposed implementation schedule; the NRC staff reviewed and approved each CSP and implementation schedule for all operating power reactors. The implementation schedule utilized a two-phased approach. The first phase required licensees to address the major cyber security attack vectors and apply cyber security controls to the most risk-significant digital assets no later than December 2012. The second phase, requiring application of cyber security controls to all critical digital assets, is to be completed no later than December 2017. Inspection activities began in early 2013 to review and assess licensee cyber security programs, as well as to verify that the first implementation phase was completed in accordance with regulatory requirements. To date, approximately one third of the U.S. power reactors have been inspected for cyber security. Inspections for full implementation of licensees' cyber security programs will begin in late 2014 or early 2015. Upon completion of full implementation inspection activities, all licensees will be in full compliance with cyber security regulatory requirements. This paper provides an overview of the program, its status, and next steps.
展开▼
