The 10 CFR 73.54 Cyber Rule in 2009 launched America’s commercial nuclear fleet operators into rapid implementation of cybersecurity controls at their plants.
The commercial nuclear industry has learned much from implementing NEI 08-09 compliant cybersecurity programs. Extended Milestone 8 deadlines are now on the horizon for 2017. Guidance, however, continues to change with the NEI 13-10 “Controls Required for Indirect Critical Digital Assets” Revision 1 in October 2014, and the latest Revision 4, at the end of 2015.
These revisions promised a foreshortened cybersecurity process for peripheral, “indirect” digital equipment, reducing the investment required for cybersecurity controls by operators.