Industry cyber guide needs more work, say nuclear regulators

The Nuclear Regulatory Commission is withholding its endorsement of an industry-created cybersecurity guidance document, saying it needs a more comprehensive definition of safety functions to incorporate systems that are relied upon during and following any security incidents.

The NRC wrote in a letter obtained by Inside Cybersecurity to the Nuclear Energy Institute, the nuclear sector’s industry association, that it would not endorse NEI’s NEI- 13-10 revision 5 guidance document on cybersecurity as sufficient for NRC licensees to use...