The Nuclear Regulatory Commission believes that licensed operators of U.S. nuclear plants are providing sufficient resources to counter cyber threats, according to the agency’s response to a letter from Senator Edward Markey (D-Mass.).
Markey raised concerns in a July 10 letter to the heads of the NRC and several other federal agencies following news reports of cyberattacks on U.S. nuclear power installations. The lawmaker expressed specific concern about the potential for sabotage of a reactor core or storage pool for used nuclear fuel.
NRC Chair Kristine Svinicki on Aug. 9 responded with a three-page list of answers to Markey’s query; the document was posted on the regulator’s website on Wednesday.
“From the NRC’s perspective, adequate actions are being taken [by licensees], based on our understanding of the threat assessment,” the agency said, adding that the large majority of license holders are due by the end of the year to implement all cybersecurity regulatory requirements established in 2009 by the NRC. The exceptions include plants that will be decommissioned before 2019.
The cyber attacks on NRC license holders did not affect safety, security, or emergency readiness operations, but rather was restricted to their business networks, the agency told Markey. It said more specific information would be available in a classified briefing Markey requested of the NRC and its partner agencies in cybersecurity.
The NRC said it has the funding it needs to carry out its cybersecurity activities, which includes operation of its Cyber Security Directorate.
