Nuclear Regulatory Commission Expands Cybersecurity Requirements For Nuke Power Plants

PRESS RELEASE

The Nuclear Regulatory Commission today approved a rule that enhances security requirements for nuclear power reactors. Many of the requirements of this rule are similar to those previously imposed by orders issued after the terrorist attacks of Sept. 11, 2001.

The new rule adds several new requirements as a result of experience in implementing previous security orders and updates the regulatory framework in preparation for the licensing of new nuclear power plants.

In addition, the new rule resolves three petitions for rulemaking that were considered during the development of the final rule.

The final rule is the result of more than four years of work, three public meetings and several opportunities for public comment. Significant stakeholder feedback was received during the process, which resulted in changes to the content, format and organization of the final rule.

Significant features in this rule include a safety/security interface section that requires plants to manage plant activities to avoid potential adverse interactions between security activities and other plant activities. Additionally, there are new sections requiring a comprehensive cyber security program at nuclear power plants, and a requirement that plants develop strategies and response procedures to address an aircraft threat or loss of large areas of the facility due to explosions and fire. New training and qualification requirements for security personnel are also included.

The new rule incorporates portions of a petition for rulemaking submitted by the Union of Concerned Scientists (UCS) and the San Luis Obispo Mothers for Peace to require licensees to evaluate whether proposed changes, tests, or experiments cause protection against radiological sabotage to be decreased and, if so, to conduct such actions only with NRC approval.

A second petition, submitted by Three Mile Island Alert, asked the NRC to require licensees to post at least one armed guard at each entrance to "owner controlled areas." The final physical security requirements in the new rule give licensees flexibility to determine if such personnel postings are necessary. A third petition for rulemaking, focusing on site access authorization and also submitted by the UCS was considered but the recommendations were ultimately not adopted.

The rule will go into effect 30 days after publication in the Federal Register, with licensees given a period of time to update their security plans to be compliant.