Like any other business, nuclear utilities and their employees may be exposed to potential cyberattacks targeting important information technology systems. The recent “WannaCry” ransomware cyberattack provides the most recent high-level example of the need for companies of all kinds to engage in proactive prevention and protection.
Ransomware (malware that encrypts data pending an extortion payment) is a recurring cyber threat that is growing more pervasive and profitable for criminals. The WannaCry global cyberattack is just the latest attack of its sort to highlight the potential global impact, speed and acceleration, and scope of the ransomware problem.
NRC regulations at 10 CFR 73.54 already require licensees to establish robust cybersecurity plans to protect safety-related, important-to-safety, security, and emergency preparedness digital computer and communications systems. But not all information technology systems are subject to the same level of security, leaving some systems (for example, email) more vulnerable than others.
In response to the recurring nature of ransomware attacks, Morgan Lewis partner Mark Krotoski and associate Martin Hirschprung authored a LawFlash offering steps to proactively prevent and protect against these types of cyberattacks, as well as some thoughts on the legal issues that may arise following such attacks.