Up & Atom

The Commissioners of the Nuclear Regulatory Commission (NRC) and Federal Energy Regulatory Commission (FERC) conducted a biennial joint meeting on January 25, 2024. The biennial meetings allow the Commissioners to hear presentations from industry experts, learn about the challenges facing the energy industry, and determine how the commissions can assist each other based on their respective regulatory authorities.

The NRC has now followed up on that guidance with revisions to RG 5.83, “Cybersecurity Event Notifications (Revision 1),” to address new cybersecurity concerns, provide clarification, and align with new guidance in RG 5.71. This guidance is critical for the nuclear industry given the rapid pace at which cybersecurity threats and deterrent strategies evolve. All nuclear power reactor owners must review NRC’s latest guidance and confirm that their cybersecurity programs are in compliance.

After 13 years, the Nuclear Regulatory Commission has issued revised guidance for cybersecurity programs for nuclear power reactors. All nuclear power reactor owners must review the NRC’s latest guidance and confirm their cybersecurity programs are in compliance.

The NRC held a public meeting on March 4 to discuss the issuance for public comment of draft regulatory guide (DG) DG-5061, Revision 1, Cyber Security Programs for Nuclear Power Reactors. DG-5061, Revision 1 would revise Regulatory Guide (RG) 5.71, which provides NRC licensees with guidance on meeting the cybersecurity requirements described in Section 73.54 of Title 10 of the Code of Federal Regulations, “Protection of digital computer and communication systems and networks.”

As is clear from recent news reports, cybersecurity hacks and breaches have been trending upward for some time, and there has been a noticeable uptick over the last several months—including in the energy industry. As a result, President Joseph Biden has committed his administration, in large part through the American Jobs Plan and his executive order of May 12, to strengthen cybersecurity across the nation.

The Consolidated Appropriations Act, 2021, signed into law on December 27, includes the Energy Act of 2020 (Energy Act) and the Taxpayer Certainty and Disaster Tax Relief Act of 2020 (Taxpayer Act), which contains tax provisions important to the energy sector.

An order issued from the US Department of Energy on December 17 prohibits the installation of Chinese equipment or components in facilities providing power to designated “Critical Defense Facilities.” The order discusses threats to the electric supply chain from China.

Executive Order 13920, “Securing the United States Bulk-Power System,” issued on May 1 limits the US use of bulk-power system equipment produced by “foreign adversaries.”

FERC and NERC issued a joint notice on Wednesday providing compliance flexibility on certain key reliability standard requirements during the ongoing coronavirus (COVID-19) pandemic. Although this guidance can allow utilities to avoid findings of noncompliance for certain requirements where timely compliance activities could be difficult due to personnel shortages and other limitations, this is not a blanket waiver. Instead, utilities must provide written notices of their intent to use this guidance. The content of those notices must be drafted carefully as they will be necessary to demonstrate compliance in future reviews.

Join Morgan Lewis lawyers for these upcoming programs.