New ISA Working Group on Nuclear Plant Cyber Security

Sept. 21, 2009

ISA67, Nuclear Plant Standards, is initiating a new working group on control system cyber security for nuclear plants. There are several reasons for initiating the working group as well as the timing and location of the meeting.

ISA67, Nuclear Plant Standards, is initiating a new working group on control system cyber security for nuclear plants. There are several reasons for initiating the working group as well as the timing and location of the meeting.

As is evident, cyber security awareness and associated countermeasures are becoming increasingly important considerations for nuclear power plants. ISA99 was initiated to address industrial control system security in 2002, and has been very active since that time. It has had little representation from the nuclear plant community, because the ISA99 leadership team, which does include two nuclear power experts, has consistently agreed that appropriate security measures are largely industry independent. However, with current NRC, NEI, FERC, NERC, and nuclear utility attention to this area, it is now appropriate to address these nuclear specific issues within ISA67.

From a regulatory perspective, NRC has issued the security rule and is developing a Regulatory Guide and associated NUREGs to support the rulemaking. FERC has issued FERC Order 706B for continuity of nuclear power. There is an unmet need to provide referenceable standards to meet these requirements. Consequently, it is now appropriate for ISA to establish a new working group to address cyber security requirements for nuclear power plants. This new working group will be jointly affiliated with ISA S99 so as to minimize duplicative efforts and cross-pollinate the two groups with nuclear power expertise and control system cyber security expertise.

The initial meeting of the ISA67 Nuclear Plant Cyber Security Working Group will be October 19 at the Excel Services offices in Rockville, Maryland at 9AM. The purpose of the meeting is to define and establish appropriate activities for the Working Group to help meet the new requirements.

The reason for the timing and location is to coordinate with two other control system cyber security activities occurring that week in Bethesda- the ACS Control System Cyber Security Conference October 20-22 and the NIST SP800-53/SP800-82 training workshop occurring October 23.

Please let Tim Hurst [email protected] or Jerry Voss [email protected] know if you plan on attending the ISA67 Working Group meeting and for obtaining meeting directions.

Joe Weiss, PE, CISM Managing Director, ISA Nuclear Plant Standards
[email protected]
(408) 253-7934