NERC CIP Compliance is Coming to a Nuke Near You…


This entry was posted by on .

I attended the Nuclear IT Strategic Leadership (NITSL) Symposium in Chicago last week. This was a virtual who’s who of IT experts in the nuclear space. This year’s conference was oriented towards Cyber Security. Nuclear Power generation is one of the most heavily regulated industries and has been extremely stringent in implementing physical security procedures. It was good to see physical and logical security convergence getting so much air time. One of the keynote speakers Susan Landahl, The Sr. VP of Operations for Exelon (they operate the largest fleet of nuclear plants in the country) in the keynote address said “Cyber Security is going to rival physical security in importance. Physical and Cyber better learn to get along; in fact we need to collocate them now in the same organization”. So how does NERC CIP figure into this? Well as you may know (if you have been following the regulations governing utilities), nuclear plants have been exempt from NERC CIP requirements. Under FERC Order 706-B, NERC CIP extends to cyber critical assets that may not be covered by NRC regulations, particularly 10 CFR 73.54 defining Cyber Digital Assets (CDAs). The tough part is that nuclear plant cyber and IT staff have to submit a security plan with a timeline to demonstrate how they will comply with NERC CIP. Some of the key stakeholders present in the ongoing dialog on how best to deliver security convergence for the Nuclear industry were the Nuclear Regulatory Commission (NRC), Nuclear Energy Institute (NEI), Institute of Nuclear Power Operations (INPO) and of course the Department of Homeland Security (DHS). AlertEnterprise was a sponsor of the event and exhibited solutions for nuclear industry that included compliance automation across multiple regulations including NERC CIP and the nuclear requirements as well as an ongoing risk management methodology. For more information please contact me at pan.kamal@alertenterprise.com.