Complying with the Cyber Rule in Nuclear Cybersecurity
Keep up with shifting regulations like NEI 13-10 and Milestone 8
The 10 CFR 73.54 Cyber Rule in 2009 launched America’s commercial nuclear fleet operators into rapid implementation of cybersecurity controls at their plants.
The commercial nuclear industry has learned much from implementing NEI 08-09 compliant cybersecurity programs. Extended Milestone 8 deadlines are now on the horizon for 2017. Guidance, however, continues to change with the NEI 13-10 “Controls Required for Indirect Critical Digital Assets” Revision 1 in October 2014, and the latest Revision 4, at the end of 2015.
These revisions promised a foreshortened cybersecurity process for peripheral, “indirect” digital equipment, reducing the investment required for cybersecurity controls by operators.
“For nuclear facilities, complying with the Cyber Rule means more than simply purchasing a few new pieces of tech. It requires new skillsets, business processes, and physical security.”
Many commercial nuclear operators have found the shifting 13-10 indirect critical digital asset (CDA) assessment process challenging. Similarly, compliance objectives in incident response, supply chain, vulnerability assessment, and configuration management are inherently complex and behind schedule in many plants. Keeping up with regulations, as well as new threats and defensive capabilities, is a job that is never done.
Operators are understanding that adherence to the Cyber Rule involves people with new skills, new sustainable business processes, and active engagement of operations and physical security in real time. Complying with the Cyber Rule requires more than purchasing a few new technologies—it impacts every role in the facility.
Partnering with Booz Allen, a leader in nuclear cybersecurity compliance, can help clients address today’s regulation landscape and be prepared for future regulatory requirements, all while optimizing the compliance investment.