Nuclear Power Plant Cyber Security: Highly Controlled, Fully Protected
The public has been hearing more about the security of nuclear power plant computer systems through fictionalized movies and TV shows, news reports and social media. Here are important facts to know about nuclear plant cyber security.
- The U.S. Nuclear Regulatory Commission (NRC) has extensive regulations in place that are closely monitored and regularly inspected to ensure cyber security at nuclear power plants. The NRC Cyber Security Directorate provides centralized oversight for this important area. This team collaborates with other federal agencies, including the Department of Homeland Security, and other energy regulators and organizations. NRC inspectors are on-site at all U.S. nuclear plants.
- The nuclear energy industry has had a cybersecurity program in place since 2002 to protect critical digital assets and the information they contain from sabotage or malicious use.
- “Critical digital assets” that perform safety, security, and emergency preparedness functions at nuclear power plants are not connected to the Internet.
- Where devices like thumb drives, CDs or laptops are used to interface with plant equipment, strictly monitored measures are in place. Nuclear power plants are well-protected from attacks like Stuxnet, which was transmitted through the use of portable media.
- Nuclear power plants have strong defenses against an insider threat. Individuals who work with digital plant equipment are subject to increased security screening, cyber security training and behavioral observation.
- A cyber attack cannot prevent critical systems in a nuclear energy facility from performing their safety functions. Nuclear power plants are designed to shut down safely if necessary, even if there is a breach of cyber security. They are also designed to automatically disconnect from the power grid if there is a disturbance caused by a cyber attack.
[1] Sources: Nuclear Regulatory Commission, Nuclear Energy Institute
