The industry group representing nuclear power facilities is cautioning the Nuclear Regulatory Commission (NRC) not to issue further cybersecurity regulations on nuclear byproduct material. The Nuclear Energy Institute urges agencies to pursue a “best practices” guide for byproduct cybersecurity instead of regulations. The NEI suggests that if the NRC is going to make rules, they should allow exemptions for facilities that were previously required to implement security around high-risk, safety-critical nuclear plant infrastructure. The NEI claims that nuclear power reactors have both cyber and physical security qualities that are not in many other critical infrastructures. The new rule diverts license focus from assets that truly need protection. They urge that such rules would give “little, if any, safety or security benefit while creating unnecessary requirements at a significant cost.”
The NEI states that if the NRC is to pursue cybersecurity of nuclear byproducts, they should look to secure assets related to radiological risk and produce a guide addressing nuclear byproduct risk. The industry encourages regulators to view other agencies’ efforts of securing nuclear facilities from cyber threats, permitting those security programs to remain untampered by new NRC regulations. Specifically, the NEI wants the NRC to view the FDA’s cybersecurity guide for medical devices that use radioactive materials. The NRC is scheduled to issue a final rule regarding cybersecurity for “fuel cycle facilities” in 2018.