VT Nuke Needs to Rework Cyber Plan

Monday, December 27, 2010 @ 04:12 PM gHale

The Vermont Yankee nuclear power plant needs to give the Nuclear Regulatory Commission (NRC) more information about its plan to combat computer hackers.

“In general, we found the Vermont Yankee plan to be consistent with the revised Nuclear Energy Institute guidance template,” said Neil Sheehan, a spokesman for the NRC. “Our questions center on terminology used by Entergy (which owns and operates the plant) in describing various systems and actions in the area of cyber security.”

Entergy must respond to the Request for Additional Information by Feb. 15.

“The company has indicated its response will likely be part of a consolidated response that covers other Entergy plants as well,” Sheehan said.

In March 2009, the NRC issued a new cyber security rule which required companies that own and operate nuclear power plants to submit a new cyber security plan and an implementation timeline, Sheehan wrote.

The plan must show how the facility identified, or would identify, critical digital assets and describe its protective strategy by late November 2009.

All of the plants, including Vermont Yankee, submitted a plan by the deadline but Yankee and other plants withdrew their plans, “because they were based on incomplete Nuclear Energy Institute guidance,” and submitted a revised plan this July, Sheehan said.

A Regulatory Guide, published by the NRC in January, provides comprehensive guidance on acceptable ways to meet the new requirements. The guidance includes recommended best practices from organizations such as the Institute of Electrical and Electronics Engineers, the National Institute of Standards and Technology and the Department of Homeland Security.

All power reactor licensees and those seeking permission to construct and operate new reactors must prove their digital computer and communications systems and networks are safe against cyber attacks.

The NRC review will take a look at how the facility’s cyber program will secure systems and networks associated with safety-related equipment and emergency preparedness functions, including offsite communications and support systems and equipment, Sheehan said.

After the plan goes to the NRC for review and approval and has accounted for any site-specific conditions that might affect implementations, a separate group of NRC staff, dedicated to cyber security will review the plan. It can ask for additional information as part of its review as well, he said.

“If the NRC finds that the cyber security plan meets the requirements, the staff issues a Safety Evaluation Report,” Sheehan said. “Once approved, the plan becomes part of the site’s operating license and is enforceable.”

Entergy has applied to the NRC to extend the operating license for Vermont Yankee for another 20 years, from 2012 to 2032. The NRC staff has stated there are no environmental or safety reasons to not issue the renewed operating license.

However, Entergy must also receive approval from the state and in February 2010 the Senate voted 26-4 against the plant’s continued operation.

2 Responses to “VT Nuke Needs to Rework Cyber Plan”

Leave a Reply

You must be logged in to post a comment.