Wednesday, October 07, 2015

On Chatham House and Nuclear Cyber Security

The following is a guest post by Bill Gross, Manager, Security Integration and Coordination at Nuclear Energy Institute.

On October 6, 2015 the U.S. Department of Homeland Security (DHS) issued an unclassified version of a report assessing cyber security for the Nuclear Reactors, Materials, and Waste sector. The report was developed with input from the Idaho National Laboratory (INL), the DHS Industrial Control Systems Computer Emergency Response Team (ICS-CERT), the U.S. Nuclear Regulatory Commission (NRC) and others.

The report affirms that the nuclear plant cyber security program, “combined with the industry’s exacting standards and culture of back-up safety systems, will make it extremely difficult for an external adversary to cause a radioactive release.”

It is a breath of fresh air to see such conclusions from an independent cyber security assessment.

The recognition is well earned. The power plants and the NRC have been aggressive at addressing the cyber threat. A concerted industry-wide effort began shortly after the events of September 11, 2001, establishing a cyber security task force that is still active today. The industry voluntarily adopted a cyber security program in 2006 and implemented the program in 2008. In 2007 the NRC amended their Design Basis Threat requirements to include a cyber attack as an explicit adversary attribute, and followed this with mandatory cyber security programmatic requirements in 2009. The key findings of the DHS report affirm the good work the sector has, and continues to achieve.

But the industry's journey has included several learning opportunities. On May 5, 2015, Chatham House (a recognized highly-influential London-based think tank) issued a report entitled, “Cyber Security at Civil Nuclear Facilities; Understanding the Risks.” The Chatham House report takes a look at status of cyber security for nuclear facilities around the world. The report summarizes several historical digital-related events at U.S. Nuclear Plants. While these events, from 2003, 2006, and 2008, had no safety impact, they informed industry efforts to address the risks associated with increasing reliance on digital technologies in the plants.

Some of the enhancements we have put into place include implementing cyber security training applicable to all plant personnel, including visiting contractors and support personnel. The plants have established multi-disciplinary cyber security assessment teams that include individuals representing a wide range of expertise, including IT, cyber security, instrumentation and control, nuclear security, operations and engineering. The digital components within the facility that must be protected against cyber attacks have been identified. The plants have implemented robust controls over the use of portable media (e.g., thumb drives) and portable devices (e.g., laptops) and apply those controls to both plant personnel and visiting contractors. The plants have implemented “data diodes” that allow the plants to extract performance data from the plant while precluding a cyber attack from outside the plant. Digital assets most necessary for ensuring safety and security have been assessed, and necessary cyber security controls have been implemented. Insider mitigation programs have been enhanced.

We’ve learned from those early lessons, and our sector continues to learn – including relying on up-to-date intelligence. As noted in the DHS report:
DHS coordinates a monthly unclassified threat briefing via teleconference for the Nuclear Reactors, Materials, and Waste Sector. The Sector also receives quarterly classified threat briefings. The monthly and quarterly briefings address both cyber and physical threats to the Sector.
On the one hand, the Chatham House report provides recommendations that are sound, and are generally consistent with the lessons learned in U.S. plants’ decade-plus history of enhancing its cyber posture. It is my personal opinion that the recommendations starting with Chapter 7, “Meeting the Challenges: the Way Forward” are prudent for any utility establishing a cyber security program.

On the other hand, the Chatham House report paints a fairly gloomy picture - even of the U.S. facilities that have well-established programs. For example, the document chastises the US plants for trying to clarify that the focus of the cyber security program is on the protection of assets that have a nexus to ensuring safety and security. The report states:
The Nuclear Energy Institute, a lobbying group which represents the nuclear industry’s interests to the US government, put in a request in August 2014 to reduce the number of systems in nuclear plants that would have to be included.
The report fails to assess the efficacy of the industry position - yet later on recommends precisely what the industry request sought to achieve:
It will be important for nuclear facilities to identify the most crucial parts of the plant from a cyber security perspective (notably, their critical cyber assets) in order to grant those the highest levels of protection. As Source 3 states, ‘It needs to be a graded approach; we can’t afford to do everything for every system.’ Prioritization of the cyber risks is therefore key. [Emphasis theirs]
As another example, the report makes the following unsubstantiated claim:
When countries do issue guidance, the cyber security measures that they recommend may not be rigorous enough. In the United States, the guidance issued by the Nuclear Regulatory Commission (NRC) is not sufficient to protect against the cyber security threat.
I disagree with this statement. The NRC’s cyber security rules require the plants to defend against a well-trained, dedicated and determined adversary who is willing to kill or be killed in an effort to achieve a radiological release. The NRC spent years developing guidance that provides acceptable methods to defend against that threat. The NRC’s approved guidance is supported by cyber security standards developed by the National Institute of Standards and Technology (NIST), and embodies the findings by standards organizations and agencies such as the International Society of Automation (ISA), and the Institute of Electrical and Electronics Engineers (IEEE), as well as guidance from the DHS.

The claim appears inconsistent with the DHS assessment, which affirms, “Compliance with the strict regulatory requirements of the Nuclear Reactors, Materials, and Waste Sector makes Sector assets difficult targets for physical or cyber attack.”

The U.S. plants are doing the right things for cyber security, and we welcome the opportunity to share recommended practices and lessons learned with nuclear facilities working to establish cyber security programs.

Tuesday, October 06, 2015

How Swapping Coal for Renewables Equals Nuclear Energy

xcel-energyElectricity diversity is a defining value for utilities that maintain a reliable, stable supply. This is helpful in foul weather and in other situations, of course, but it’s also allows a utility to respond to new priorities.

That’s what Xcel is doing in Minnesota (via the Rochester (Minn.) Post-Bulletin):

Xcel Energy on Friday filed plans with state regulators that would shut down part of the state's largest coal-fired power plant.


Sherco's two older units would retire in 2023 and 2026 as part of the plan, which also calls for 1,200 megawatts of renewable energy, including a new 50 megawatt solar installation at the site of the Sherco plant in Becker.

Sherco is short for Sherburne County Generating Station. It has three coal units and Xcel intends to build a new natural gas facility there. 

And nuclear energy?

While two of Sherco's three coal units will retire, Xcel plans to keep running its two nuclear plants at Monticello and Prairie Island through 2030.

Obviously, the Clean Power Plan is the motivation behind all of this – I’d add the Mercury and Air Toxics Standards, which isn’t mentioned, but has impacted a lot of coal facilities - but Xcel is also ensuring that it has sufficient baseload power to cover the intermittency of wind and solar energy.

If a utility has a full deck of energy sources, it has the flexibility to answer to society’s current needs without causing undue stress on the electricity grid. In the current instance, Xcel has explicitly mentioned that it will keep its nuclear plants open. That makes sense, because nuclear energy is CO2 emission free and thus fits Xcel’s goal of reducing its carbon emissions 60 percent by 2030.

We weren’t expecting a case study on the value of energy diversity this soon – and it’s not by a longshot the only value demonstrated in Xcel’s announcement - but there you go. I wonder if Xcel’s announcement will make other utilities think: can building a nuclear facility increase my options while reducing emissions? Short answer: Yes, yes it can.

Monday, October 05, 2015

Nuclear Energy Is a Key Part of the Act

Think energy diversity
Now, there’s nothing wrong with pointing out nuclear energy’s shortcomings, but AA Clearinghouse (a group, not a single person) on Storify really goes the extra mile. It kicks things off by noting that President Richard Nixon wanted 1000 nuclear units by the turn of the century. That shows nothing except that Nixon was an enthusiastic booster. He wasn't the first and certainly wouldn't be the last.  

Otherwise, the article is just a half-baked attack.
The Nuclear Industry claimed that it could solve the Climate Change issue and cost less than other sources of electricity. Yet the price of new reactors went through the ceiling - besides taking 10-15 years to complete. 
Two sentences, almost all wrong. 

  1. The nuclear energy industry never said it could solve the climate change issue - maybe some Nixon-like enthusiasm here and there. Nuclear energy is emission free and produces lots of electricity in a relatively compact space. Hydro is constant, emission-free, but a bit inhibited by the reluctance to build new dams. Solar and wind are less constant - they cannot run all the time - but when they do run, they add emission-free electricity to the grid. The phrase to describe this is energy diversity. Nuclear has its value, renewables have their value and so on.
  2. The price of a new reactor is certainly high, the cost of running them very low, and people just keep on building them. There are five in progress in the U.S., 25 in China (some U.S. sourced), and a bunch of countries are angling for their first facility – UAE is only the first. Most of these are or will be built and ready to go in three to five years. 

Multiply those two sentences a few times and that's the article. I suspect the Clearinghouse knows all this and also knows why people keep throwing together nuclear facilities. From another of the group's articles on the site:
The global impacts to human health will continue to grow well into the future with most of the burden falling on the poorest in the world. From the loss of agriculture due to heat, desertification and extreme weather events, the many vectors causing disease are ominous and rapidly growing in size.
 Just so, AA.

The growing number of extreme weather events and the economic fallout from them is well documented. The failure to act could be civilization's worst decision ever.
But civilization is acting. Nuclear energy is a key part of the act. Think energy diversity, AA, and it makes a lot of sense.


Wednesday, September 30, 2015

Importance of the Nuclear Safety Culture

Ken Byrd
Ken Byrd
As director of engineering at the Davis-Besse Nuclear Power Plant, I’m privileged to be part of a workforce of professionals who recognize their responsibility for upholding safety and make it a priority every day. The U.S. nuclear industry is one of the safest industries in the world, due to close regulation by federal authorities, highly trained and experienced professionals, and a vigorous “safety-in-depth” philosophy applied to the design and construction of our facilities.

But perhaps the defining characteristic of the nuclear industry is a culture that puts safety above all else in everything we do.

Our industry is guided by a set of 10 principles that outline the traits of a robust nuclear safety culture and remind us each of the important role we play in upholding the health and safety of our communities. When put into practice, the nuclear safety culture principles ensure we are meeting the energy needs of our customers while also protecting the environment, our communities and our workforce in the most safe and efficient way possible.

The principles are grounded in the concept of personal accountability, where each individual takes ownership for upholding nuclear, radiological and personal safety in all of their work activities. They also emphasize a healthy questioning attitude, rigorous decision-making practices, and a problem identification and resolution process which together ensure conditions and activities are continuously challenged and fully and effectively addressed. And importantly, the principles place a high value on maintaining an environment where nuclear workers are encouraged to raise safety concerns without fear of reprisal for doing so.

I’ve seen the importance of a strong nuclear safety culture first hand as a longtime employee of Davis-Besse. In the early 2000s, I was an engineering supervisor at the site when we conducted an extended shutdown to address some significant equipment issues. Through a very honest, critical look at our performance, we identified the need to improve our process for challenging existing conditions and activities to ensure that every decision and action supported safe, error-free performance.

It was a sobering process, to be sure. Yet every one of Davis-Besse’s employees, from the site vice president to the individual turning a wrench in the plant, recognized the experience as an opportunity to learn from the past – another of the safety culture principles – and produce nothing short of world-class performance in the future.
Davis-Besse Nuclear Power Station
Today, Davis-Besse is realizing that goal. In addition to twice receiving a most improved plant award, the site has been recognized for excellence in operations by the U.S. nuclear industry for the past six years. Davis-Besse has consistently attained a forced lose rate – which measures the percentage of time a unit is not producing electricity due to an unplanned power reduction or outage – in the top ten percent of the industry, and our capacity factor is above industry average and significantly higher than other forms of generation. The safest plants are also the most efficient and productive facilities, and that’s especially important as we consider the important role of nuclear power in delivering environmentally-friendly and affordable power.

All of these accomplishments mean we are delivering safe, reliable, clean and affordable power to customers, when they need it. None of this could have been achieved without a strong nuclear safety culture as our cornerstone.

I am proud of what I have accomplished in my 36 years as a nuclear professional, and even more fulfilled by the safe and reliable operating record attained as a team by my peers across the industry. As our country moves towards a clean energy future, the nuclear industry is poised to lead that shift with safety as our top priority.

The above post was sent to us by FirstEnergy's Ken Byrd for NEI’s Powered by Our People promotion. It aims to showcase the best and the brightest in the nation’s nuclear energy workforce.

Tuesday, September 29, 2015

From Beaver Valley to NEI: Answering the Why Nuclear Question

In my role as a Project Engineer in Security at the Nuclear Energy Institute (NEI), I deal with questions every day. These questions involve language in the code of federal regulations, inspection findings, operational experience, etc. However, whether it is friends, coworkers, and/or industry peers, the most common question I have to answer is “Why nuclear?”

AJ Clore
AJ Clore
Six years ago I wouldn’t have been able to answer that question. That is when I first started as an Armed Security Officer at FirstEnergy’s Beaver Valley Nuclear Power Station. Beaver Valley is a two unit site located in Shippingport, PA, which is about an hour northwest of Pittsburgh, PA. When I was hired in 2009 by Securitas, I was a rookie in the nuclear arena. I was aware of what nuclear energy was, but knew nothing about how a plant operated or the importance of nuclear.

The four and a half years I spent at Beaver Valley taught me the importance of protecting the health and safety of the public, as well as why it is important to understand how a plant operates and the equipment involved. It was during this time that I began to take a keen interest in nuclear energy. I found myself paying more attention to politics, researching and asking questions to individuals on site (e.g., outage workers, maintenance, operators and radiation protection technicians). As a security officer I got to know a lot of people at the plant.

Fast forward to 2013, I was privileged enough to bring my interest and experience to NEI. At NEI, I have learned the importance and value of nuclear energy, not only to the United States, but to the world.

Nuclear security is managed by NEI’s Nuclear Generation Division. Within our security section, I handle a multitude of different projects. My primary tasks include planning/developing agendas and managing NEI's annual Force-on-Force Workshop and National Nuclear Security Conference (NNSC). I also manage multiple task force projects related to security including security frequently asked questions, decommissioning, regulatory documents, and Force-on-Force. I work with the Nuclear Regulatory Commission (NRC) on a daily basis on all of the aforementioned topics, as well as the Department of Homeland Security in matters related to nuclear security.

I thoroughly enjoy the work I do. Being at NEI allows me to interact with peers in different divisions, all striving for the same goals. The experience sharing and networking with nuclear industry subject matter experts in security on different projects has only added to my interest and fascination with nuclear that started in 2009.

One goal that NEI constantly strives for is innovation. In security, we look for innovation possibilities in everything that we do: ways to reduce burden on the nuclear industry, ways to change certain processes and procedures, and ways to promote safety and security in nuclear energy. In my role, I look with a fresh set of eyes at all security-related inspections a nuclear site has to have over the course of a year. We have had recent successes that have relieved some burden on the industry and have also been a cost savings. We continue to push forward to be innovative with our industry peers, the NRC and the public.

I will close by answering the most popular question I have been asked; “Why nuclear?”

I have spent almost 7 years in this industry and continue to learn every day. In that time I have learned the importance of nuclear, its beneficial uses, environmental benefits, reliability, safety and the role that nuclear plays in the energy arena. These are all answers that I have used to answer that question. My favorite answer to give is simple – “it is fascinating and interesting.”

The above post was submitted to us by NEI’s AJ Clore for the Powered by Our People promotion. It aims to showcase the best and the brightest in the nation’s nuclear energy workforce.

Friday, September 25, 2015

Tennessee vs. Florida: Rivals in Football & Nuclear Energy

Saturday afternoon will see the renewal of one of the greatest rivalries in college football when Tennessee visits Florida. But while the world might be riveted by the action in "The Swamp" tomorrow, our readers should know that the rivalry between these two members of the SEC extends far beyond the football field when it comes to nuclear energy.

Both Tennessee and Florida boast prestigious nuclear engineering programs, and here at NEI Nuclear Notes, we've told the stories about students from both schools who are well on their way to promising careers. Earlier this week, we told you about Alyxandria Wszolek, a senior majoring in nuclear engineering at Tennessee who will be stepping into a great job at Exelon when she graduates in 2016. In 2014, we published a story by Jitesh Kuntwala, then a graduate student in nuclear engineering at Florida, about how he and a group of Gators got together to lobby Gov. Rick Scott and Florida Power Plant Siting Board in favor of building Units 6&7 at Turkey Point. Today, Jitesh is a nuclear engineer with Duke Energy.

So who's #1? We'd like to hear what you think in our Twitter Poll. Today, we're asking the question: Which SEC school has the best nuclear engineering program: Tennessee or Florida? We'll keep the poll open until Monday morning at 9:00 a.m. Vote now!

Thursday, September 24, 2015

Engineering America's Diverse Energy Portfolio

My name is Alyxandria Wszolek and I am a senior at the University of Tennessee, majoring in nuclear engineering with a minor in reliability and maintainability. I could not be more appreciative of the Department of Nuclear Engineering here. I have been given so many opportunities and experiences through this school, and many doors have been opened to me.

Alyxandria Wszolek
Alyxandria Wszolek
Although I only recently accepted a full time job offer to work in the nuclear industry, I have been surrounded by it all my life and passionate about pursuing this career for many years. I have interned at Exelon Generation in BWR core design group, Reactor Engineering at Three Mile Island, and both Reactor Engineering and Electrical Systems at Nine Mile Point. I accepted a full time position at Nine Mile in Reactor Engineering. I am currently president of the University of Tennessee Women in Nuclear Section. I am also involved on a national level in the U. S. Women in Nuclear Communications Committee, serving as the Facebook lead on the Social Media Team. 

I always knew that I wanted to be an engineer. Engineers are the creators of the world we live in. Mostly everything you see and use throughout the day has been engineered in one way or another, whether it was designed, optimized, manufactured, etc. I want to do these things and I want to help change the world. That is how I came to become a nuclear engineer. We all use energy, and we take it for granted. But what would we do if we turned on the lights and nothing happened or if we couldn’t charge our phones or laptops? The demand for energy is increasing, more and more each day. Not only that, but there many countries that struggle with energy availability. Energy makes it easier to teach, create, innovate, heal, and develop. I believe we need nuclear to help solve these issues to help generate electricity in an affordable, emission-free, reliable way.

I truly believe that nuclear is the best form of energy production to supply large amounts of baseload power. Right now, our country relies heavily on fossil fuels, but when you look at the facts, nuclear is a lot more efficient. One uranium fuel pellet creates as much energy as one ton of coal or 17,000 cubic feet of natural gas. Nuclear is an emission-free energy source. Even moving forward with renewable energy, we will need nuclear not only for the transition, but also to provide the reliable baseload energy that would be needed to support. There is danger in relying on one sole form of energy production. A diverse energy portfolio is key to the protection and growth of our country’s energy consumption.

The above post was sent to us for NEI’s Powered by Our People promotion. It aims to showcase the best and the brightest in the nation’s nuclear energy workforce.