NRC and NERC Execute Memorandum of Understanding Regarding Enforcement of Cyber Security Requirements

On January 11, the Nuclear Regulatory Commission (NRC) and the North American Electric Reliability Corporation (NERC) published a Memorandum of Understanding (MOU) regarding the enforcement of NRC cyber security regulations and NERC Critical Infrastructure Protection (CIP) Reliability Standards at commercial nuclear power plants. This MOU provides further detail on what the NRC and NERC view as their separate responsibilities regarding cyber security at nuclear power plants, and explains how they will coordinate execution of these responsibilities going forward.

Under the terms of the Federal Energy Regulatory Commission’s (FERC’s) Order No. 706-B, the “balance of plant” facilities at nuclear power plants are subject to the mandatory CIP Reliability Standards previously approved by FERC. This MOU clarifies this definition, explaining that NERC’s CIP Reliability Standards apply to the digital assets at nuclear facilities related to “continuity of power.” In addition, the MOU explains that the NRC’s regulatory responsibility regarding cyber security is limited to “those digital assets, including digital control and data acquisition systems and networks, which can affect safety, security, and emergency preparedness functions” for nuclear power plants.

For the full story, please view the PDF.