Recommendations of the House Republican Cybersecurity Task Force

Today the House Republican Cybersecurity Task Force released a set of recommendations on how House Republicans should approach issues associated with cyber security.

The recommendations recognize that targeted and limited regulations may be warranted for certain critical infrastructure sectors.  The Task Force recommendations promote the use of existing regulators and recognize the need to coordinate security standards across sectors and within sectors subject to multiple regulators.  This approach is reasonable, and consistent with how the nuclear sector has been addressing cyber issues.

The nuclear sector is a leader in the area cyber security.  The Nuclear Energy Institute established a Cyber Security Task Force in 2002 to begin developing recommendations and guidance for nuclear facilities to address cyber security threats.  In 2006, in the absence of regulations, the nuclear power plants adopted and, by May of 2008, implemented a robust cyber security program.  This program was recognized by both NRC and NERC as adequate for the protection of critical systems.

In March of 2009, the NRC issued mandatory and comprehensive performance-based cyber security regulations applicable to all existing and new nuclear power plants.  These regulations require plants to submit a cyber security plan to the NRC for their approval.  The cyber security program must implement defense-in-depth measures for the protection of digital systems that support safety, security, emergency preparedness, and reliable power generation.  The NRC has approved the plans for all currently operating plants, and the plants are in the process of implementing those plans.

New legislation or regulations addressing cyber security should recognize that the NRC has comprehensive and mandatory requirements in place for nuclear plants.