U.S. NRC Blog

Transparent, Participate, and Collaborate

Moments in NRC History – 25 Years of the NRC’s Principles of Good Regulation

Tom Wellock

While the NRC always considered itself a principled regulator, it was not until Jan. 17, 1991, that the agency developed written principles that encouraged regulatory excellence and addressed inadequate performance.

Those principles – five traits of what a good regulator should be – were authored by then-NRC Commissioner Kenneth Rogers. Today, they form the basis of regulatory regimes throughout the world.

To celebrate the anniversary of the NRC’s principles, we’ve produced a video focusing on the historical evolution and application of the principles. Next monthpogr_tom, we’ll post another video looking at how NRC staff view the principles today.

It’s important to consider the well from which the principles sprang some 25 years ago.

In the 1960s, critics attacked federal agencies responsible for environmental and safety regulations for being too secretive and too friendly to the industries they regulated. The NRC’s predecessor, the Atomic Energy Commission, was stung by accusations that it promoted nuclear power rather than protected public safety.

The Energy Reorganization Act of 1974 split the AEC, and consolidated the licensing and related regulatory functions into the newly created NRC, an independent regulator.

But the NRC, too, soon came under fire for its vague, complex and inefficient regulation. The NRC responded by establishing more flexible regulations and clearly defined safety goals.

By 1989, when Rogers first proposed the principles, the NRC was seeking to balance its independence with demands that it be an open, efficient, clear and reliable regulator. Rogers argued that the staff should have consistent guideposts in changing times to remind them of the proven elements of good regulation. Two years later, the Commission agreed, and the principles-of-good-regulation-announcement-january-17-1991 became part of the agency culture.

Many years later, in 2011, President Obama signed an executive order calling for principles of regulation for all federal agencies.

principles-of-good-reg-web-screen_1The Principles:

  • Independence (Independent): Nothing but the highest possible standards of ethical performance and professionalism should influence regulation.
  • Openness (Open): Nuclear regulation is the public’s business, and it must be transacted publicly and candidly.
  • Efficiency (Efficient): The American taxpayer, the rate-paying consumer, and licensees are all entitled to the best possible management and administration of regulatory activities.
  • Clarity (Clear): Regulations should be coherent, logical, and practical.
  • Reliability (Reliable): Regulations should be based on the best available knowledge from research and operational experience. Regulatory actions should always . . . lend stability to the nuclear operational and planning processes.

Seemingly timeless, each principle was really a specific lesson drawn from regulatory experience.

Over the years, the principles spurred continuous improvement at the NRC – among other actions, they helped the agency formulate its budgets and prioritize safety improvements in the aftermath of the accident at Fukushima Daiichi.

Stakeholders also use the principles to hold the agency accountable. They have been valuable reference points for agency critics when they believe the NRC has not measured up to its own standards of excellence.

Even after 25 years, with the changes within and external to the NRC, these Principles of Good Regulation remain the agency’s calling card abroad and touchstones of excellence at home.

UPDATE: Protecting Commercial Nuclear Facilities from Cyber Attack

James Andersen
Director, Cyber Security Directorate

The NRC has been very forward-thinking in developing cyber security requirements for nuclear power plants. The cyber threat is always evolving, and so is our approach. We first imposed cyber security requirements in Orders issued after the 9/11 terrorist attacks. Drawing on our experience with those steps, we formalized regulations in 2009.

Our “cyber security roadmap” spells out how nuclear plant licensees were implementing our 2009 cyber regulations, as well as our approach to assessing cyber needs of other licensees.

cybersecNuclear plants are meeting these requirements in two phases. During Phase 1, they implemented controls to protect their most significant digital assets from the most prevalent cyber attack vectors. This phase was completed in December 2012, and our inspections of Phase 1 actions were completed in 2015.

During Phase 2, which will be completed by the end of this year, licensees will complete full implementation of their cyber security programs. They will add additional technical cyber controls, cyber security awareness training for employees, incident response testing and drills, configuration management controls, and supply chain protection

Like other NRC programs, cyber security involves “defense in depth.” Crucial safety- or security-related systems (both digital and analog) are isolated from the Internet, giving them strong protection. Such “air gaps” are important, but not sufficient. Licensees must also address wireless threats, portable media such as discs or thumb drives, and other avenues of attack. Physical security and access controls, including guarding against an insider threat to the plant, also add to cyber security, as do cyber intrusion detection and response capability.

The NRC published a new regulation in late 2015 requiring nuclear plant licensees to notify the agency quickly of certain cyber attacks.

With these efforts already accomplished or underway, you can see the NRC takes cyber security seriously, and we’re doing our best to stay flexible and ahead of the ever-changing threat. You can find more information about the NRC’s cyber security program on our website.

This post first ran in October 2015

A Special Message

Federal government offices in the National Capital Region will be closed on Friday, January 20, during the 58th Presidential Inauguration.


Re-Evaluating Category 3 Source Protection and Accountability

Duncan White
Senior Health Physicist

Back in July, we talked about the Government Accountability Office’s investigation in which the GAO created a fake company that was successful in one out of three tries at getting a license for radioactive material. Once they received the license and placed an order, GAO then altered the license to increase the quantity of material authorized and placed a second order.  The higher quantity would have required additional protection measures beyond those required for the original quantity. The GAO never actually acquired any radioactive material and the public was never at risk.

On the day the GAO issued their report on the investigation, Commissioner Jeff Baran sent a memo to the other Commissioners proposing that NRC staff re-evaluate the methods used to account for Category 3 sources. (See “Categories of Radioactive Materials” at right). The other categoriesofradmat_editedCommissioners agreed and the Commission directed the staff to evaluate whether we should revise NRC regulations or processes governing protection and accountability for Category 3 sources.

The NRC and its partners in the Agreement States are working together to address these specific actions. That work will include, among other things:

  1. Evaluating the pros and cons of different methods for verifying the validity of a license before a Category 3 source is transferred;
  2. Evaluating the pros and cons of including Category 3 sources in the National Source Tracking System;
  3. Assessing any additional options to address the source accountability recommendations made by the GAO;
  4. Identifying changes in the threat environment since 2009 and considering whether they support expanding the NSTS to include Category 3 sources;
  5. Assessing the risks posed when a licensee possesses enough Category 3 sources to require the higher level protections for Category 2 quantities; and
  6. Getting input from Agreement State partners, non-Agreement States, licensees, public interest groups, industry groups, and the reactor community.

We will also consider recommendations made by the working group that evaluated the vulnerabilities identified by the GAO investigation. Additionally, we will consider our recently completed assessment of the security requirements in 10 CFR Part 37, “Physical Protection of Category 1 and 2 Quantities of Radioactive Material.” This review looked at the results of inspections of NRC licensees during the first two years the rule has been in effect, and events reported under the rule. The NRC sent a report on this review to Congress on December 14.

The NRC staff will develop recommendations related to Category 3 source protection and accountability and provide the recommendations to the Commission for deliberation in August 2017.

An important part of the NRC’s and Agreement States’ re-evaluation is soliciting input from our Agreement State partners, the impacted regulatory community and the public.  We have published a series of questions in the Federal Register to help assess the benefits, impacts, and costs of different alternatives. You can see these questions and send us your comments through the federal rulemaking website. We will provide opportunities to participate in the agency’s decision-making process through public meetings and webinars. More specific information about these opportunities for public involvement will be available on a new webpage. We welcome your input.

A Special Message

%d bloggers like this: