Nuclear Regulatory Commission has IT recs to address amid Trump ‘reform’ of the agency

As the Nuclear Regulatory Commission grapples with an executive order that seeks to “reform” the independent agency’s culture, structure and approach to rulemaking, the Government Accountability Office is re-upping recommendations to get its IT shop in order.
The congressional watchdog Wednesday publicly released its open priority recommendations for the NRC’s chief information officer, making the case that the implementation of these half-dozen suggestions “could significantly improve” the agency’s “ability to deter threats and manage its critical systems, operations, and information.”
In a letter addressed to NRC CIO Scott Flanders, the GAO noted that the six recommendations fall under two of the watchdog’s high-risk areas: ensuring the cybersecurity of the nation and improving IT acquisitions and management.
On the cybersecurity front, the GAO urged the NRC chairman to ensure full compliance with event logging requirements called out in Office of Management and Budget guidance. That guidance followed a 2021 executive order from then-President Joe Biden on improving the nation’s cybersecurity, an edict that came in the aftermath of the SolarWinds hack that targeted the federal government and other global organizations.
“Until NRC implements this recommendation, there is increased risk that the agency will not have complete information from logs on its systems to detect, investigate, and remediate cyber threats,” the GAO stated.
The other five recommendations to the NRC center on IT, with callouts for the agency’s CIO to develop guidance to put in place cloud service level agreements “with every vendor when a cloud solution is deployed,” and have the chairman ensure that that guidance aligns with OMB’s four required elements for SLAs. The GAO also wants NRC’s CIO to formulate guidance on the standardization of cloud SLAs.
Finally, the watchdog asks for annual reviews of NRC’s IT portfolio that are conducted with the Federal CIO and chief operating officer or deputy secretary, “as prescribed by the Federal Information Technology Acquisition Reform Act.”
“Until NRC implements this recommendation, investments with substantial cost, schedule, and performance problems may continue unabated without necessary corrective action,” the GAO wrote in its letter to Flanders.
A spokesperson with the NRC told FedScoop that they were unable to confirm Wednesday the receipt of the GAO report.
The delivery of the GAO’s IT report comes less than two months after President Donald Trump issued his NRC executive order, which aims to cut red tape on the licensing of new nuclear reactors and deemphasize safety models that the White House says “posit there is no safe threshold of radiation exposure.”
“The NRC has failed to license new reactors even as technological advances promise to make nuclear power safer, cheaper, more adaptable, and more abundant than ever,” the order stated, adding that the agency going forward should employ “emerging technologies to safely accelerate the modeling, simulation, testing, and approval of new reactor designs.”