U.S. NRC Blog

Transparent, Participate, and Collaborate

Cybersecurity and Nuclear Power Plants

It’s hard to read the news these days without seeing reports of one entity or another “getting hacked” or being attacked in cyberspace. We’re frequently asked how nuclear power plants are protected from those who try to break into computer systems without authorized access – often for malicious purposes.

Perhaps the most important thing to recognize is that nuclear power plants and their computer systems were designed before the days of internet cafes and wireless connections. So there is no connection to the internet and thus no way for a hacker from the outside to get at the safety-related computer systems of the plants. Even the digital control systems installed in some plants more recently have no connection to the ‘net.

And while nuclear power plants were designed to feed electricity to the power grid, they were also isolated in ways to protect them from any potential negative effects that could come from the grid.

After the terrorist attacks of September 11, 2001, cyber security quickly became a major focus of U.S. government activities. The NRC was no exception. We took immediate steps – through orders — to ensure that computer systems used to operate nuclear power plants were not accessible even by “insiders” who could attack the cyber systems directly from within the plant.

Later, the NRC went even further with a new regulation that required all the nuclear power plants to have a cyber security plan and a timeframe for implementing protections of those key systems related to safety, security and emergency preparedness functions.

In addition any power company seeking to build a new nuclear power plant will need to include a cyber-security plan as part of their application to the NRC.

The NRC has its own cyber security experts on staff and works closely with other federal experts, including U.S. Cert – the U.S. Cyber Emergency Readiness Team – to monitor what’s happening in cyber space here and around the world, and to take actions if necessary to protect the vital systems in nuclear power plants.

Sara Mroz
Security Specialist

6 responses to “Cybersecurity and Nuclear Power Plants

  1. Bruce November 27, 2012 at 4:22 pm

    This blog is so far away from the truth as it could be. This exact miss-conceptual thinking put the current cyber security efforts 10 steps back. This is the same argument that the Utilities use to save money on security. I beg you different. Please read my blog for the real reflecting of cyber security risk to NPP. http://nuclearcybersecurity.blogspot.de/2012/11/how-real-is-risk.html

  2. Curt August 6, 2011 at 9:03 pm

    While the article gives the reader assurance that our nuclear power plants are not connected to the internet I agree that we need to increase the security on these seemingly outdated nuclear plant systems which are vulnerable to our national security. With government looking to cut costs I can see potential danger for the security of our nuclear power plants.

  3. dog training August 3, 2011 at 6:45 am

    Nuclear power plants are very dangerous and I really hope that with time the impact on the society will be reduced. this is the priority #1.

  4. dog training courses July 17, 2011 at 1:45 pm

    Paul Leventhal had a great quote about nuclear power plant security. –
    “The security guards at half the nuclear power plants in the United States have failed to repel mock terrorist attacks against safety systems designed to prevent a reactor meltdown. These are so-called “force-on-force” exercises supervised by the Nuclear Regulatory Commission. The NRC refuses to take enforcement action in response to the failures, and is in the process of weakening the rules of the game in response to industry complaints. Sabotage of nuclear power plants may be the greatest domestic vulnerability in the United States today. This is the time to strengthen, not weaken, nuclear regulation.”

  5. Chris P July 12, 2011 at 10:22 pm

    Hacking a into a nuclear power plant has a large potential of being very dangerous and having a huge negative impact on society. I believe the security in these systems needs to be better than any other system in the world. Look at Sony for example, a company that makes COMPUTERS was hacked into. If these guys try and go after power plants, there could be some very big problems.

  6. Mark - eliminar estrias July 8, 2011 at 12:44 pm

    God save us from those crazy terrorists, can not imagine what can cause a cyber terrorist attack. Security at nuclear plants mean that is the number one priority.
    The nuclear plants are needed, many countries depend on it.

%d bloggers like this: