Staff at the Nuclear Regulatory Commission (NRC) should expeditiously complete and implement cybersecurity rulemaking for nuclear fuel-cycle facilities, the regulatory agency’s commissioners have ordered. 

In a March 24 agency memorandum to Mark Satorius, NRC executive director for operations, the commission disapproved the one option, which was the staff’s recommendation, to issue a security order to fuel cycle facilities followed by rulemaking. It instead approved an option to initiate cybersecurity rulemaking for fuel cycle facilities. It also called on staff to consider an implementation period of 18 months after approval of a final rule—not the typical three-year period.

“The rulemaking should be designated as a high priority and the final rule should be completed and implemented in an expeditious manner,” the memo says.

According to industry experts, the NRC has been evaluating the need for cybersecurity rules for different categories of licensees. The agency issued cybersecurity requirements for power reactors in 2009, and since then has been evaluating the need for requirements for fuel-cycle facilities.

Sonal Patel, associate editor (@POWERmagazine, @sonalcpatel)