The Nuclear Regulation Commission's Office of the Inspector General has released results of an audit on the agency's cybersecurity operations. NRC OIG said Tuesday that it found the agency generally provides assurance on the cybersecurity of nuclear power plant licensees across digital assets.
However, NRC faces challenges in staffing cybersecurity inspectors due to demographic and resource limits, the office noted. The audit report also noted that NRC's cybersecurity inspection program, while risk-informed, lacks performance measures. This gap stems from technical and regulatory constraints, and limits the inspection program's efficiency and reliability.
OIG recommends NRC to identify skill gap and closure strategies via strategic workforce planning for the staffing issue, and develop cybersecurity measures based on operating experience and industry input. The agency's management has confirmed agreement with OIG's recommendations.