In 2009 the U.S. NRC published a new regulation that requires licensees of nuclear power plants to provide assurance that critical systems are protected from cyber attacks. The new regulation is “performance-based”, i.e. it focuses on desired, measurable outcomes, rather than prescriptive processes or procedures. Therefore licensees have the flexibility to determine their own methods for complying with the regulations. That flexibility comes with a risk when decisions made by a licensee may not be in alignment with the NRC’s interpretation. To mitigate that risk, the Center for Advanced Engineering and Research (CAER) is collaborating with utilities, vendors and technical service providers to create the International Critical Infrastructure Security Institute (ICISI). ICISI will be a member organization operating as an independent body of multidisciplinary expertise. Its mission is the acceleration of implementation of cyber security programs while providing increased regulatory certainty for these plans across the power generation industry.
ICISI will be located and headquartered at the CAER in Bedford County and will utilize the laboratory facilities located there. It will, however, serve utilities and solution providers throughout the United States.
Through extensive research agreements with universities and other academic institutions, ICISI is designing an integrated Industrial Automation Computing Systems Test Lab for the following:
- Digital Instrumentation & Control System Certification and Validation Testing.
- Member Training Courses
- New ICISI Cybersecurity Assessor Certification for Nuclear Energy.
- Cooperative Research (Vendors, Universities)