Operational cybersecurity, fit for today's plants.
Bringing the cybersecurity programs at operating plants up to the expectations of NEI 08-09 Revision 7, modern OT architectures, and a regulatory environment that no longer tolerates static defenses.
NEI 08-09 Revision 7 Transition
Revision 7 reorients the sector's cybersecurity program toward consequence-informed protection, refreshed control baselines, and clearer expectations for ongoing program assurance.
What changed
A modernized control baseline, sharper expectations for asset characterization, and updated language around supply chain, vulnerability management, and continuous monitoring.
What operators need to do
Rescope critical digital asset inventories, reconcile control mappings, update plant policies and procedures, and prepare evidence packages for inspection.
How NS-ISAC helps members align
The Vulnerability Tracking and Assessment & Vulnerabilities working groups maintain shared transition checklists, mapping templates, and peer-reviewed evidence patterns members can adopt directly.
OT security beyond the classic Purdue model
The Purdue reference model still matters, but IT/OT convergence, virtualization, and remote engineering access have reshaped what a defensible plant network looks like.
Purdue model evolution
Rationalized zone and conduit definitions that reflect virtualized engineering workstations, jump hosts, and cloud-adjacent historians, without weakening segmentation guarantees.
IT/OT convergence
Practical patterns for sharing identity, logging, and patch infrastructure between IT and OT, including the trust boundaries that must remain enforced.
Engineering access
Hardened patterns for vendor and engineering access (privileged session brokering, time-bounded credentials, and full session capture) that field engineers will actually use.
Zero-trust principles, plant-appropriate
Zero-trust ideas (identity-centric access, explicit verification, micro-segmentation) translate into the plant when they respect deterministic control system requirements and the safety case.
Identity is the new perimeter
Strong authentication for every human and machine identity that touches a digital asset, with privilege scoped by role and asset criticality.
Segmentation that holds
Layered enforcement (physical, network, and host) so a single compromised endpoint does not become a lateral movement path into safety-critical systems.
Explicit, observable trust
Every cross-zone interaction is logged, attributable, and tied to a documented engineering justification.
Safety-first deviations
Where deterministic OT requirements conflict with a generic zero-trust pattern, we document the compensating controls rather than weakening the safety case.
Run the program, every day.
A cybersecurity program is only as good as its operating discipline. NS-ISAC's working groups codify the day-to-day practices that keep the program defensible between inspections.
Continuous monitoring
Asset-aware monitoring that distinguishes process anomalies from cyber events and routes both to the right responders.
Change control
Cyber-aware engineering change processes that catch security-impacting changes before they reach the plant.
Vulnerability triage
Shared triage patterns that filter the vendor advisory firehose down to the items that actually matter for plant systems.
Program assurance
Internal assessment cadences, metrics, and evidence packages that hold up to NRC inspection and peer review.
Join the community.
Membership is open to commercial nuclear operators, reactor vendors, national laboratories, and critical suppliers.