US Homeland Security panel presses NRC on cybersecurity policies
  
Washington (Platts)--21May2007
The chairman of the US House Committee on Homeland Security is asking the
US Nuclear Regulatory Commission to move quickly to ensure nuclear power plant
operators put comprehensive cybersecurity policies in place.

     In a May 15 letter made public on Friday, committee Chairman Bennie
Thompson, Democrat-Mississippi, and Representative James Langevin, a Rhode
Island Democrat, who leads the panel's Science and Technology subcommittee,
asked NRC Chairman Dale Klein to "move with all deliberate speed in ensuring
that nuclear plant licensees institute comprehensive cybersecurity policies
and procedures on safety and non-safety systems alike."

     The letter was prompted by an information notice NRC issued April 17
describing an August 19, 2006, shutdown of Tennessee Valley Authority's Browns
Ferry-3 nuclear plant. According to the letter, TVA blamed the shutdown on the
malfunction of the variable frequency driver controller due to excessive
traffic on the plant's computer network. TVA's corrective actions included
placing a firewall that limits connections and traffic to any devices on the
plant's integrated computer system network, it said.

     The congressmen said NRC staff decided against investigating the failure
as a cybersecurity incident, saying the failing system was a non-safety system
and that TVA had determined the incident did not involve an external cyber
attack on the system.

     Thompson and Langevin told Klein they have "deep reservations about the
NRC's hesitation to conduct a special investigation into the incident."

     Noting that NRC is engaged in a rulemaking that will include regulations
for cybersecurity, they said they hoped the new regulations "will reach beyond
safety systems and underscore the impact that disruptions of non-safety
systems can have on the operation of a plant."

     They asked that NRC answer seven questions, including whether the agency
has conclusively determined the source of the "data storm" related to the
Browns Ferry-3 incident, whether it plans to investigate the incident and how
future regulations will address the cybersecurity interdependence of safety
systems and non-safety systems.

		--Tom Harrison, tom_harrison@platts.com

To subscribe or visit go to:  http://www.platts.com      Copyright © 2006 - Platts, All Rights Reserved
The McGraw-Hill Companies