Cybersecurity and Nuclear Power Plants

It’s hard to read the news these days without seeing reports of one entity or another “getting hacked” or being attacked in cyberspace. We’re frequently asked how nuclear power plants are protected from those who try to break into computer systems without authorized access – often for malicious purposes.

Perhaps the most important thing to recognize is that nuclear power plants and their computer systems were designed before the days of internet cafes and wireless connections. So there is no connection to the internet and thus no way for a hacker from the outside to get at the safety-related computer systems of the plants. Even the digital control systems installed in some plants more recently have no connection to the ‘net.

And while nuclear power plants were designed to feed electricity to the power grid, they were also isolated in ways to protect them from any potential negative effects that could come from the grid.

After the terrorist attacks of September 11, 2001, cyber security quickly became a major focus of U.S. government activities. The NRC was no exception. We took immediate steps – through orders — to ensure that computer systems used to operate nuclear power plants were not accessible even by “insiders” who could attack the cyber systems directly from within the plant.

Later, the NRC went even further with a new regulation that required all the nuclear power plants to have a cyber security plan and a timeframe for implementing protections of those key systems related to safety, security and emergency preparedness functions.

In addition any power company seeking to build a new nuclear power plant will need to include a cyber-security plan as part of their application to the NRC.

The NRC has its own cyber security experts on staff and works closely with other federal experts, including U.S. Cert – the U.S. Cyber Emergency Readiness Team – to monitor what’s happening in cyber space here and around the world, and to take actions if necessary to protect the vital systems in nuclear power plants.

Sara Mroz
Security Specialist

Author: Moderator

Public Affairs Officer for the U.S. Nuclear Regulatory Commission

6 thoughts on “Cybersecurity and Nuclear Power Plants”

  1. While the article gives the reader assurance that our nuclear power plants are not connected to the internet I agree that we need to increase the security on these seemingly outdated nuclear plant systems which are vulnerable to our national security. With government looking to cut costs I can see potential danger for the security of our nuclear power plants.

  2. Nuclear power plants are very dangerous and I really hope that with time the impact on the society will be reduced. this is the priority #1.

  3. Paul Leventhal had a great quote about nuclear power plant security. –
    “The security guards at half the nuclear power plants in the United States have failed to repel mock terrorist attacks against safety systems designed to prevent a reactor meltdown. These are so-called “force-on-force” exercises supervised by the Nuclear Regulatory Commission. The NRC refuses to take enforcement action in response to the failures, and is in the process of weakening the rules of the game in response to industry complaints. Sabotage of nuclear power plants may be the greatest domestic vulnerability in the United States today. This is the time to strengthen, not weaken, nuclear regulation.”

  4. Hacking a into a nuclear power plant has a large potential of being very dangerous and having a huge negative impact on society. I believe the security in these systems needs to be better than any other system in the world. Look at Sony for example, a company that makes COMPUTERS was hacked into. If these guys try and go after power plants, there could be some very big problems.

  5. God save us from those crazy terrorists, can not imagine what can cause a cyber terrorist attack. Security at nuclear plants mean that is the number one priority.
    The nuclear plants are needed, many countries depend on it.

Comments are closed.

%d bloggers like this: