In order for a commercial nuclear power plant to operate in the United States, the Nuclear Regulatory Commission (NRC) requires the plant to implement a cybersecurity program that provides “high assurance” that Critical Digital Assets (CDAs) are protected.

The challenge

A nuclear power generation plant in North America needed evidence that their steam turbine control system components had not been tampered with, per the requirements of their NRC-mandated cybersecurity program. However, their control system OEM had no process in place to meet this requirement. Without a resolution, this customer could face expensive system modifications, fines, or even the loss of their license to operate. Recognizing a gap for our customers, GE Vernova stepped up to deliver a solution.

The solution

To address this need for our customer, supply chain and engineering teams built a test system and created a procedure to wipe, reapply, and test the firmware of each card. Throughout this process the team made sure to follow proper chain of custody, utilizing tamper evident tape, to meet the requirements and visibly ensure the cyber integrity of each part being provided. GE Vernova is the only authorized CDA-compliant supplier for GE Mark and control components. This new offering will allow our North American nuclear power customers to meet the NRC-mandated cybersecurity requirements, potentially saving thousands in fines or loss of production. The efficiency of this new process even resulted in the order being delivered two weeks early!

Contact us

Want to learn more about our digital and controls solutions?