Success Story

Nexus Controls Ensures Cyber Integrity of Nuclear Critical Digital Assets (CDAs)

2 Min Read
BH Green Background Image

Region: North America

Industry: Nuclear Power Generation 

Application: Steam Turbine

Background

In order for a commercial nuclear power plant to operate in the United States, the Nuclear Regulatory Commission (NRC) requires the plant to implement a cybersecurity program that provides “high assurance” that Critical Digital Assets (CDAs) are protected. A critical digital asset is defined as a digital device, computer, communication system, or network that performs or supports a critical system. One of the requirements of the mandated cybersecurity program is for each supplier to provide evidence that the items they are supplying have not been tampered with. This requirement extends to control system components installed in a nuclear power plant.

Customer's Challenge

A nuclear power generation plant in North America needed evidence that their steam turbine control system components had not been tampered with, per the requirements of their NRC-mandated cybersecurity program. However, their control system OEM had no process in place to meet this requirement. Without a resolution, this customer could face expensive system modifications, fines, or even the loss of their license to operate. Recognizing a gap for our customers, Nexus Controls stepped up to deliver a solution.

Nexus OnCore Repair

Nexus Controls Solution

To address this need for our customer, Nexus Controls’ supply chain and engineering teams built a test system and created a procedure to wipe, reapply, and test the firmware of each card. Throughout this process the team made sure to follow proper chain of custody, utilizing tamper evident tape, to meet the requirements and visibly ensure the cyber integrity of each part being provided.

Nexus Controls is now the only authorized CDA-compliant supplier for GE Mark and Nexus OnCore control components. This new offering will allow our North American nuclear power customers to meet the NRC-mandated cybersecurity requirements, potentially saving thousands in fines or loss of production. The efficiency of this new process even resulted in the order being delivered two weeks early!

Acknowledgements: Thank you to Andy Barhorst, Pat Breakfield, Justin Busselman, Robert Duvall, Brian Hamill, Chris Mcmenamin, Eric Redding, and Rosemary Sargeant for your help on this first of a kind order.

Author: Brad Shochat