Draft nuclear cyber rules mandate new programs for certain facilities

Nuclear fuel cycle facilities must establish, implement, and maintain a cybersecurity program that detects, protects against, and responds to cyber attacks resulting in “consequences of concern,” according to new draft regulations being circulated at the Nuclear Regulatory Commission.

The new rules, which apply only to fuel cycle facilities, mandate that such facilities have security controls in place to protect against four types of “consequences of concern,” including the compromise of functions that prevent radiological sabotage and control of nuclear...