I am a nuclear engineer. I spent my first ten years at GE Nuclear Energy in San Jose. I worked on the generic versions of Fukushima 1, 2, and 6 and also worked specifically on Fukushima 2. After leaving GE, I spent 5 years managing the EPRI Nuclear Plant Instrumentation and Diagnostics Program. I have spent the past 12 years working on control system cyber security including supporting the NRC on nuclear plant cyber security so I do feel I have a fair bit of knowledge about this subject.
From a cyber security perspective, I believe there are several lessons that can be drawn.
- Defense-in-depth needs to be rethought. All of the Fukushima plants were designed with defense-in-depth and yet they were still impacted by the tsunami. The DOD conference I attended last week discussed whether defense-in-depth was still a viable strategy for cyber security. Is defense-in-depth, as has been practiced prior to the Japanese earthquake, still a viable approach? Does it apply to cyber threats, particularly loss-of-offsite power?
- The Fukushima disaster is essentially a loss-of-offsite power situation. I believe loss-of-offsite power is one of the primary cyber threats to nuclear plants. The current industry approach to cyber security relies on NEI-0809. However, NEI-0809 does not address all of the control system cyber incidents that have occurred to date. Is the current approach the nuclear industry has taken for cyber security, NEI-0809, good enough?
- The Fukushima disaster points out the importance of availability of nuclear plants to the reliability of the electric grid. About 25 percent of electricity in Japan is produced by 55 nuclear power plants. Fukushima Units 1-4 comprise approximately 2800MW. As a result of the earthquake and significant loss of generation, the Japanese grid is under great strain. NRC has always had the responsibility for regulating safety systems. Recently, FERC and NRC clarified the scope of the new nuclear plant cyber security rule that will have NRC now include balance-of-plant equipment in the category of important to safety equipment. NRC is focused on safety and given Fukushima you can expect that focus to become even more intense. Grid reliability might be expected to take a poor second. Given the impact of multiple nuclear plant outages to the reliability of the electric grid, can FERC afford to back away?