Are nuclear plants cyber secure- another nuclear plant control system cyber incident

November 9th, Susquehanna Unit 2 had a manual shutdown (scram) of the plant due to a failure of the Integrated Control System (ICS) which controls feedwater flow and other systems. The ICS is not a safety system but affects the functionality of the plant. The impact of the incident was a loss of 1250MW to the electric grid which is obviously a reliability concern. It is not clear what caused the ICS to fail or even what the failure actually was as there are different newspaper accounts. This was not the first control system cyber incident at Susquehanna. As far as I can tell, there have been more than 15 ICS cyber incidents at US nuclear plants. Based on those incidents and the recent detailed technical cyber assessment of an international nuclear plant, it is not clear that the US Nuclear Regulatory Commission (NRC) Regulatory Guide 5-71 or the Nuclear Energy Institute (NEI)-0809 provides an adequate level of guidance to assure the security of the critical systems in nuclear power plants.

Joe Weiss