MA Nuke Eyes Skipping NRC Security Rules

Thursday, July 13, 2017 @ 04:07 PM gHale

In the midst of cybersecurity breaches on business networks at nuclear facilities in the U.S, one nuclear plant is looking for a pass on federal cybersecurity requirements.

Plymouth, MA-based Pilgrim Nuclear Power Station, one of the country’s worst performing plants and in the process of closing its doors by June of 2019, hopes to make it through its final year and a half of operation without all required cybersecurity measures in place.

Repercussions after Nuke Shipping Violation
MA Nuke Security Issue Brings Violation
Worker Action after MA Nuke Errors
Nuke Worker Tried to Hide Error: Feds

Entergy Corp., the plant’s owner and operator, submitted a request in March to push out the December 2017 deadline for completion of federal cybersecurity requirements to December 2020.

Operations are set to cease at Pilgrim June 1, 2019, so the requirement would never have to be met.

Currently the plant is classified by the Nuclear Regulatory Commission (NRC) as one step above mandatory shutdown, based on its poor performance. Only three of the nation’s fleet of 100 commercial nuclear plants are currently in that performance category.

There have been reports from the Department of Homeland Security and the FBI about hacking attempts at nuclear plants across the country.

The NRC is still reviewing the extension request.

The 9/11 terrorist attacks prompted the NRC to take a close look at physical and cybersecurity at the nation’s nuclear power plants. After enacting some initial regulations that beefed up protections, the agency published a cybersecurity rule in 2009.

Those regulations include requirements to ensure the functions of digital computers, communication systems and networks associated with safety and emergency preparedness at the plants are protected from cyberattacks.

Compliance was laid out in two phases. The first phase, completed in 2012, involved implementation of controls to protect a plant’s most important digital assets. The second phase, to be completed by the end of this year, entails full implementation of all the changes that were required.

Pilgrim has completed the first seven “milestones” of the cyber security plan, but it has not yet completed the final milestone.

That final milestone includes additional cyber controls, cybersecurity training for employees, incident response drills and testing, according to NRC spokesman Neil Sheehan.

“Because it is has already achieved milestones 1 to 7, Pilgrim differs little from other U.S. nuclear power plants, with the bulk of the cybersecurity upgrades already in place,” Sheehan said.

He added his agency requires notification of any cyber event that affects critical systems, and it has received no such reports from any of its plants to date.

“Pilgrim is seeking a change in the schedule for implementation of the final cybersecurity milestone, which is consistent with other nuclear plants preparing for near-term decommissioning,” said Entergy spokesman Patrick O’Brien. “Pilgrim is currently scheduled to permanently shut down in 2019. We will not have any additional comments on this issue at this time.”

Leave a Reply

You must be logged in to post a comment.