NERC & the NRC Sign Agreement Regarding Oversight of Cyber Security at Nuclear Power Plants
North American Electric Reliability Corporation (NERC) | January 11, 2010
Oversight of cyber security at U.S. commercial nuclear power plants will be divided between the U.S. Nuclear Regulatory Commission (NRC) and the North American Electric Reliability Corporation (NERC), under the terms of a Memorandum of Understanding (MOU) signed recently by the two organizations.
The Federal Energy Regulatory Commission (FERC), in Order 706-B on March 19, 2009, clarified that the facilities within nuclear power plants that are not regulated by the NRC are subject to compliance with the NERC reliability standards approved in Order 706.
The MOU is the result of careful negotiation and due caution to ensure that both the safety of the plants and reliability of the bulk power system are preserved. It clarifies that the NRC is responsible for inspecting digital assets that can affect safety, security and emergency preparedness at nuclear power plants, and enforcing compliance with its cyber security requirements. NERC, which is overseen by FERC in the United States, is responsible for inspecting digital assets that can affect the continuity of power, and enforcing compliance of those assets with its Critical Infrastructure Protection reliability standards.
This division of responsibility is consistent with the NRC’s focus on public health and safety issues, environmental safety, and national defense and security; and NERC’s focus on the reliability of the bulk power system.
In the MOU, the NRC and NERC agree to share information, and to consult and coordinate to the extent practicable on inspection and audit processes, to minimize any potentially adverse effects from one organization’s compliance actions or directives on the other organization’s mandate. It clarifies roles and responsibilities and lays out a process for achieving the necessary coordination.
“The importance of protecting the nation’s cyber assets and systems increases daily. This agreement between NERC and the NRC will help the NRC ensure that commercial nuclear power plants are safe and secure, and help NERC assure the reliability of the bulk power system,” said Gerry Cauley, president and CEO of NERC.
The NRC and NERC will hold a series of workshops in the spring to help U.S. nuclear power plant personnel define which of their cyber systems and assets must comply with each organization’s requirements.
The MOU is available at:
The North American Electric Reliability Corporation’s (NERC) mission is to ensure the reliability of the bulk power system in North America. To achieve that, NERC develops and enforces reliability standards; assesses adequacy annually via a 10-year forecast and winter and summer forecasts; monitors the bulk power system; audits owners, operators, and users for preparedness; and educates, trains, and certifies industry personnel. NERC is a self-regulatory organization, subject to oversight by the U.S. Federal Energy Regulatory Commission and governmental authorities in Canada. Learn more at www.nerc.com.
- 30 -