- New ‘Rise of Skywalker’ clip includes a possible spoiler about Palpatine 4 Years Ago
- Teens keep trolling Florida’s new school safety app 4 Years Ago
- What is the TikTok drink and can you still get it? Thursday 9:27 PM
- ‘Party, Party, Party’ TikTok meme grapples with party culture Thursday 8:43 PM
- Baby Yoda was just added to Sims 4 Thursday 7:54 PM
- Religious conservatives petition Netflix to pull ‘gay Jesus’ Christmas comedy Thursday 7:19 PM
- Kylie Jenner criticized for yet another expensive car post Thursday 5:57 PM
- Apex Legends became a major Pornhub search in 2019 Thursday 5:15 PM
- CBS accidentally interviewed InfoWars host as regular Trump supporter Thursday 4:31 PM
- TLC accused of fatphobia, fetishization with show about ‘mixed-weight’ couples Thursday 3:41 PM
- Betting odds show KSI could fight FaZe Sensei, Jake Paul, or Justin Bieber next Thursday 3:20 PM
- Nick Cannon releases another thirsty Eminem diss track Thursday 2:59 PM
- Dogs at polling stations are helping bark out the vote in the U.K. Thursday 1:00 PM
- Streamers dominated Pornhub searches in 2019 Thursday 12:59 PM
- Pro and anti-boot factions emerge in wake of ‘Wonder Woman 1984’ trailer Thursday 12:31 PM
U.S. to update how its nuclear power plants deal with cyberattacks
Power plants operations will have to step up their reporting of cyberthreat information.
Hoping to avoid a proverbial “cyber Pearl Harbor,” in which a hacker causes major physical damage to U.S. infrastructure, the government is updating its rules for nuclear power plants.
The U.S. Nuclear Regulatory Commission (NRC) has published new cybersecurity regulations, which impose reporting requirements on nuclear facilities. Such facilities have been widely criticized as of late for reportedly maintaining outdated and insecure systems and skimping on anti-intrusion measures. The new rules, effective May 2016, are essential, the NRC says, to assist the agency in assessing and evaluating potential cyber-related threats.
“This rule establishes new cyber security event notification requirements that contribute to the NRC’s analysis of the reliability and effectiveness of licensees’ cyber security programs” the NRC said in a statement. It added that such rules would play “an important role in the continuing effort to provide high assurance that digital computer and communication systems and networks are adequately protected against cyber attacks.”
Moreover, the new requirements are intended to aid the NRC in reporting cybersecurity issues that pose a threat to public health or safety to the U.S. Department of Homeland Security and other federal intelligence and law enforcement agencies.
The new rules require power plant “licensees” to notify the NRC within one hour after the discovery any cyberattack that adversely impacts safety, security, or emergency preparedness functions, or ones that compromise support systems and equipment resulting in similar vulnerabilities. Additionally, power plants will have an eight-hour window in which to notify the NRC of any “observed behavior, activities, or statements that may indicate intelligence gathering or preoperational planning” related to a cyberattack.
A report published in early October by the London-based Chatham House noted that cyberattacks targeting nuclear energy facilities are becoming more widespread and easier to conduct, and those facilities are ill-prepared for attacks that may result in the release of ionizing radiation. Lapses in security can stem from a variety of on-site issues, including an unhealthy reliance on reactive security measures or poor communication between cybersecurity teams—which are often located off-site—and nuclear engineers.
The NRC contested the report, as it addresses nuclear facilities worldwide, not simply in the United States.
“The Chatham House report does not reflect the intensive effort the Nuclear Regulatory Commission has made to protect this country’s nuclear power plants from cyber threats,” David McIntyre, an NRC spokesman, told the Hill on Friday. “These efforts began with security orders issued soon after 9/11 and continued with regulations finalized in 2009 designed to protect critical digital assets and safety systems at the plants from the ever-changing cyber threat.”
Photo by Tennessee Valley Authority/Flickr (CC BY 2.0)
Dell Cameron was a reporter at the Daily Dot who covered security and politics. In 2015, he revealed the existence of an American hacker on the U.S. government's terrorist watchlist. He is a co-author of the Sabu Files, an award-nominated investigation into the FBI's use of cyber-informants. He became a staff writer at Gizmodo in 2017.