The Nuclear Regulatory Commission (NRC) is reporting progress in addressing at least one of several cybersecurity-related issues reported to it by the Government Accountability Office (GAO) last year.
According to GAO, NRC has since addressed at least one of seven open recommendations to the agency in 2020 by issuing a risk management strategy addressing key elements foundational to managing cybersecurity risks.
In a letter to NRC Chairman Christopher Hanson, GAO provided an update on the priority open recommendations, saying that “NRC closed one of our recommendations by issuing a risk management strategy that addresses key elements identified in our 2019 report that are foundational to effectively managing cybersecurity risks.”
“We are not adding new priority recommendations at this time, and ask your continued attention to our six remaining priority recommendations,” GAO added.
The remaining six priority recommendations involve three different areas, including:
- Addressing the security of radiological sources;
- Improving the reliability of cost estimates; and
- Improving strategic human capital management.
“In November 2020, we reported that on a government-wide bases, 77 percent of our recommendations made four years ago were implemented,” wrote GAO. “NRC’s recommendation implementation rate was 78 percent.”
GAO detailed some of the government-wide high-risk areas that have direct implications for NRC and its operations. Among those are: the government-wide personnel security clearance process; ensuring the cybersecurity of the nation; improving management of IT acquisitions and operations; strategic human capital management; and managing Federal real property.
“We urge your attention to the government-wide high-risk issues as they relate to NRC,” wrote GAO. “Progress on high-risk issues has been possible through the concerted actions and efforts of Congress, the Office of Management and Budget, and the leadership and staff in agencies, including NRC.”
