Cybersecurity
Our Vision
Holtec International remains steadfast in its mission to deliver safe, secure, and reliable energy solutions. Our cyber strategy is designed not only to defend today, but to anticipate and adapt to tomorrow’s threat landscape. As we expand our footprint in clean energy innovation—including Small Modular Reactors (SMRs) and the reactivation of the Palisades Power Plant—cybersecurity remains a cornerstone of our operational integrity and public trust.
A Multi-Layered Defense-in-Depth Strategy for Critical Infrastructure Protection
At Holtec International, cybersecurity is not just an IT concern—it is a strategic imperative woven into the fabric of our operations, especially as we continue to support the nuclear energy sector and prepare for public entity status. Under the direction of our senior IT leadership, we have implemented a comprehensive Defense-in-Depth strategy that employs multiple overlapping layers of security to proactively detect, deter, and defend against cyber threats.
Our program is rooted in globally recognized cybersecurity frameworks and built on best-in-class technologies, ensuring regulatory compliance, operational resilience, and the protection of sensitive corporate and regulated data.
As a critical component of our overall risk management posture, Holtec maintains a robust and enterprise-wide Disaster Recovery (DR) plan. This plan ensures that critical business systems and data can be restored in a timely and secure manner following a disruption. We conduct regular testing of our DR protocols to validate recovery time objectives (RTOs), confirm the integrity of backup data, and ensure business continuity under a variety of failure scenarios. This approach ensures that our preparedness extends beyond prevention and detection—encompassing rapid recovery and sustained operations under adverse conditions.
Key Pillars of Our Cybersecurity Program
Framework Alignment and Regulatory Compliance
Holtec’s cybersecurity strategy is built to meet the most stringent compliance mandates and industry best practices, ensuring resilience, audit readiness, and trust among our stakeholders.
NIST SP 800-171
Protecting Controlled Unclassified Information (CUI) through comprehensive access control, audit, and incident response capabilities.
ISO/IEC 27001
Continual improvements are being made to align our Information Security Management System (ISMS) with this globally recognized standard.
10 CFR 73.54
As a nuclear industry leader, Holtec meets the U.S. NRC cybersecurity requirements, protecting Critical Digital Assets (CDAs) within our protected networks.
Next-Generation Network Perimeter Security
Our first line of defense is a globally deployed fleet of next-generation firewalls, which extend far beyond basic perimeter defense.
Intrusion Prevention & Detection Systems (IPS/IDS)
Actively monitor traffic for suspicious activity and known exploits, enabling real-time threat identification.
Deny-by-Default Posture
All network traffic is blocked by default unless explicitly authorized, minimizing the attack surface.
Network Segmentation
Critical systems—including those handling Controlled Unclassified Information (CUI)—are strictly isolated from the broader enterprise network to prevent lateral movement.
Extended Detection and Response (XDR)
Every endpoint is protected using XDR, a leading AI-powered platform for extended detection and response.
Proactive Threat Hunting
Monitors for behavioral anomalies and attack patterns to uncover sophisticated threats.
Automated Response
Capable of isolating compromised assets to contain threats before they spread.
Access Control & Least Privilege Enforcement
Access to systems and data is tightly controlled through our policy-aligned access management procedure.
Role-Based Access Control (RBAC)
Rights are assigned based on business function—not convenience.
Data Classification
Sensitive data is stratified with graduated access controls.
Multi-Factor Authentication (MFA)
Enforced across all remote and privileged access points using enterprise-grade, replay-resistant methods.
Segregation of Duties
Ensures no single individual has unchecked control, reducing the risk of fraud or misuse.
Quarterly Access Reviews
Access entitlements are reviewed regularly by system owners and adjusted as needed.
Proactive Vulnerability and Patch Management
We maintain strong cyber security system hygiene through continuous monitoring and structured remediation.
Continuous Vulnerability Scanning
Automated tools scan systems for known security gaps.
Risk-Based Remediation
Vulnerabilities are prioritized and resolved based on CVSS severity, with critical issues addressed within 48 hours.
Automated Patching
A centralized Endpoint Configuration Management system ensures timely patch deployment aligned with change management protocols.
Cybersecurity Training and Awareness
Holtec recognizes that cybersecurity is a shared responsibility across the organization. A persistent focus on awareness strengthens our human firewall, ensuring that our workforce is informed, vigilant, and empowered to defend against cyber threats.
Continuous Cybersecurity Awareness Training
All employees undergo regular, role-specific training that emphasizes secure behaviors, phishing recognition, and incident reporting protocols.
Company-Wide Simulated Drills
Holtec IT runs frequent phishing simulations and response exercises to reinforce best practices and measure organizational readiness.
Executive and Targeted Training
Privileged users, executives, and critical role-holders receive advanced training tailored to their elevated risk profiles and responsibilities.
Kurt Palmer
Sr. Director of Information Technology
As the Sr. Director of Information Technology at Holtec International, Kurt Palmer is responsible for the strategic direction and modernization of IT across corporate, manufacturing, and nuclear sites. He also oversees critical functions including Cybersecurity, IT Compliance, cloud enablement, systems engineering, as well as IT service delivery.
You must be logged in to post a comment.