The Nuclear Regulatory Commission (NRC) believes that licensed operators of U.S. nuclear plants are providing sufficient resources to counter cyber threats, according to the agency’s response to a letter from Sen. Edward Markey (D-Mass.).
Markey raised concerns in a July 10 letter to the heads of the NRC and several other federal agencies following news reports of cyber attacks on U.S. nuclear power installations. The lawmaker expressed specific concern about the potential for sabotage of a reactor core or storage pool for used nuclear fuel.
NRC Chair Kristine Svinicki on Aug. 9 responded with a three-page list of answers to Markey’s query; the document was posted on the regulator’s website on Wednesday.
“From the NRC’s perspective, adequate actions are being taken [by licensees], based on our understanding of the threat assessment,” the agency said, adding that the large majority of license holders are due by the end of the year to implement all cybersecurity regulatory requirements established in 2009 by the NRC. The exceptions include plants that will be decommissioned before 2019.
The cyber attacks on NRC license holders did not affect safety, security, or emergency readiness operations, but rather were restricted to their business networks, the agency told Markey. It said more specific information would be available in a classified briefing Markey requested of the NRC and its partner agencies in cyber security.
The NRC said it has the funding it needs to carry out its cyber security activities, which includes operation of its Cyber Security Directorate.