The agency tasked with safeguarding public health and safety related to nuclear energy can boost its cybersecurity inspection program making it more efficient, according to an inspector general report.
The Nuclear Regulatory Commission Office of the Inspector General on June 4 highlighted how the agency requires licensees operating a nuclear power plant assure that computer and communication systems and networks are safe from cyberattacks.
These licensees must submit a cybersecurity plan to NRC, which it then OKs and proposes an implementation schedule for. The agency is doing cybersecurity inspections through 2020 to ensure licensees have cybersecurity programs that comply with all the rules and regulations.
Currently, the program lacks performance measures because of technical and regulatory challenges in program implementation. It’s also hard to predict the level of effort required to conduct inspections, the IG concluded.
“Identifying appropriate performance measures will permit NRC’s cyber security inspection program to become more efficient and reliable without diminishing the level of assurance,” per the IG.