Ask SME and Learn. NRC Cyber Security Oversight. Cyber Security Directorate

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Ask SME and Learn. NRC Cyber Security Oversight. Cyber Security Directorate"

Transcription

1 Ask SME and Learn NRC Cyber Security Oversight Program Mario R. Fernandez Jr., Security Specialist (Cyber) Cyber Security Directorate Office of Nuclear Security & Incident Response 1

2 Agenda Cyber Security Inspection Team Team Composition Training Activities Cyber Security Inspection Schedule Overview of Some Areas of Inspection Oversight Assessment Inspection Trends Security y Issues Forum (SIF) Improvement Trends Communications with the Industry Full Implementation ti Inspections

3 Inspection Team Team Composition Regions Team Leader Regional Inspectors Qualified Inspectors Electrical, Instrumentation &Controls, Security, Plant OPs Contract SMEs NRC Security S i li NRC Headquarters Specialists NSIR Cyber Security Directorate Staff Security Risk Analysts Contract Support Subject Matter Experts Multi-Disciplinary 3

4 Inspection Team Training activities Computer & Networks Course (CBT) Cyber Security Course - Idaho National Lab Pilot Inspections Watts Bar, Clinton Inspection Procedure Workshop at each Region All Inspectors Meeting- June

5 Inspection Team Training activities Core Topics Specialized Training Cyber Security Specialized Training Regulations Regional Inspectors Cyber Security Threats Defensive Strategies Regulatory Guidance Licensing Basis (CSPs) Contractors NRC Regulations Oversight Program Temporary Instruction Cross Training 5

6 Inspection Team Temporary Instruction 2201/004; Inspection of Interim Milestones Significant Determination Process (SDP) NRC Lead inspector Team Composition Regional Inspector Team Lead Regional Inspector NSIR & CSD Staff Cyber Security Specialist (Contractor) 21 Inspections scheduled in CY 2013 split between all regions 16 Inspections completed NRC inspector HQ Personnel NRC Contractor NRC HQ NRC Available (remotely) to the team as/if needed Support staff 6

7 Some Areas of Inspection (TI 2001/004 ) Understanding the Cyber Threat Landscape Threat vectors Threat characteristics Hard-wired networks Internet Intranet Wireless Wifi Bluetooth th Mobile media USB thumb drive CD/DVD Portable equipment Laptops Test equipment Motivated Opportunistic Persistent t Adaptive Learning Good at info sharing 7

8 Some Areas of Inspection (TI 2001/004 ) Establishment of a Cyber Security Assessment Team (CSAT) Identification of Critical Systems (CSs)/Critical Digital Assets (CDAs) Defense-in-Depth and Detection and Response 8

9 Some Areas of Inspection (TI 2001/004) Mobile Media and Device protections Cyber Tampering CDA Use Only Specific CDAs Security Controls Implementation Ongoing Monitoring and Assessments of Security Controls Implemented 9

10 Oversight Assessment CDA Identification or Scoping Implementation of Defensive Architecture Control of Portable Media & Devices Security Controls for CDAs 10

11 Security Issues Forum (SIF) Weekly Secure Video Conference All Regions & HQ staff discuss cyber security inspection issues Good Faith Attempt Enforcement Discretion The NRC is exercising enforcement discretion in accordance with Section 3.0, Use of Enforcement Discretion, Part 3.5, Violations Involving Special Circumstances, of the NRC Enforcement Policy 11

12 Improvement Trends Better documented CDA Scoping Process Effective implementation of one way communication from level 4 to level 3 Increased Mobile Media and Portable Device protections CDA Use Only Cyber Tampering Rounds & indications 12

13 Continued Communications Continued Communications with Industry through calls & meetings Inspector Workshop (June 2013) Industry Workshop Beginning communication with Industry on MILESTONE 8 INSPECTIONS 13

14 Full Implementation Inspections Full Implementation of the Cyber Security Program (Milestone 8) Meet all the requirements committed in approved Cyber Security Plan Licensees, on a site by site basis, have committed to full implementation late , inspections begin 2015 Inspection of final implementation will initially entail a two week inspection 14

15 Summary Importance of multi-disciplinary Cyber Security Inspection Team Training entails cyber, regulations, pilot inspections Cyber Security Inspection Schedule Overview of Some Areas of Inspection Oversight Assessment Inspection Trends Resolution R l of inspection issues (SIF) Full Implementation Inspections

16 Questions 16

NRC Cyber Security Policy &

NRC Cyber Security Policy & Ask SME and Learn NRC Cyber Security Policy & Guidance Development Mario R. Fernandez Jr., Security Specialist (Cyber) Cyber Security Directorate Office of Nuclear Security & Incident Response 1 Agenda

More information

Executive Director for Operations AUDIT OF NRC S CYBER SECURITY INSPECTION PROGRAM FOR NUCLEAR POWER PLANTS (OIG-14-A-15)

Executive Director for Operations AUDIT OF NRC S CYBER SECURITY INSPECTION PROGRAM FOR NUCLEAR POWER PLANTS (OIG-14-A-15) UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 OFFICE OF THE INSPECTOR GENERAL May 7, 2014 MEMORANDUM TO: Mark A. Satorius Executive Director for Operations FROM: Stephen D. Dingbaum

More information

A Regulatory Approach to Cyber Security

A Regulatory Approach to Cyber Security A Regulatory Approach to Cyber Security Perry Pederson Security Specialist (Cyber) Office of Nuclear Security and Incident Response U.S. Nuclear Regulatory Commission 1 Agenda Overview Regulatory Framework

More information

NRC Cyber Security Regulatory

NRC Cyber Security Regulatory Ask SME and Learn NRC Cyber Security Regulatory Program Development Mario R. Fernandez Jr., Security Specialist (Cyber) Cyber Security Directorate Office of Nuclear Security & Incident Response 1 Agenda

More information

Spreading the Word on Nuclear Cyber Security

Spreading the Word on Nuclear Cyber Security Spreading the Word on Nuclear Cyber Security Clifford Glantz, Guy Landine, Philip Craig, and Robert Bass Pacific Northwest National Laboratory (PNNL) PO Box 999; 902 Battelle Blvd Richland, WA 99352 USA

More information

Cynthia Broadwell, Progress Energy. William Gross, Nuclear Energy Institute

Cynthia Broadwell, Progress Energy. William Gross, Nuclear Energy Institute Cyber Security Plan Overview Cynthia Broadwell, Progress Energy Nolan Heinrich, TVA William Gross, Nuclear Energy Institute Introduction Cynthia Broadwell Progress Energy Progress Energy Fleet Cyber Security

More information

OVERVIEW OF THE OPERATING REACTORS BUSINESS LINE. August 6, 2015 Michael Johnson Deputy Executive Director for Reactor and Preparedness Programs

OVERVIEW OF THE OPERATING REACTORS BUSINESS LINE. August 6, 2015 Michael Johnson Deputy Executive Director for Reactor and Preparedness Programs OVERVIEW OF THE OPERATING REACTORS BUSINESS LINE August 6, 2015 Michael Johnson Deputy Executive Director for Reactor and Preparedness Programs Program Overview Bill Dean Director Office of Nuclear Reactor

More information

Cyber Security for Nuclear Power Plants Matthew Bowman Director of Operations, ATC Nuclear IEEE NPEC Meeting July 2012

Cyber Security for Nuclear Power Plants Matthew Bowman Director of Operations, ATC Nuclear IEEE NPEC Meeting July 2012 Cyber Security for Nuclear Power Plants Matthew Bowman Director of Operations, ATC Nuclear IEEE NPEC Meeting July 2012 ATC Nuclear ATC-N serves the commercial nuclear utilities in the US and many foreign

More information

Cyber Security Evaluation of the Wireless Communication for the Mobile Safeguard Systems in uclear Power Plants

Cyber Security Evaluation of the Wireless Communication for the Mobile Safeguard Systems in uclear Power Plants Cyber Security Evaluation of the Wireless Communication for the Mobile Safeguard Systems in uclear Power Plants Sooill Lee a*, Yong Sik Kim a, Song Hae Ye a a Central Research Institute, Korea Hydro and

More information

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001. March 3, 2011

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001. March 3, 2011 UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 March 3, 2011 Mr. Timothy S. Rausch Senior Vice President and Chief Nuclear Officer PPL Susquehanna, LLC 769 Salem Boulevard Berwick,

More information

U.S. NUCLEAR REGULATORY COMMISSION January 2010 REGULATORY GUIDE OFFICE OF NUCLEAR REGULATORY RESEARCH. REGULATORY GUIDE 5.71 (New Regulatory Guide)

U.S. NUCLEAR REGULATORY COMMISSION January 2010 REGULATORY GUIDE OFFICE OF NUCLEAR REGULATORY RESEARCH. REGULATORY GUIDE 5.71 (New Regulatory Guide) U.S. NUCLEAR REGULATORY COMMISSION January 2010 REGULATORY GUIDE OFFICE OF NUCLEAR REGULATORY RESEARCH REGULATORY GUIDE 5.71 (New Regulatory Guide) CYBER SECURITY PROGRAMS FOR NUCLEAR FACILITIES A INTRODUCTION

More information

Cyber Security R&D (NE-1) and (NEET-4)

Cyber Security R&D (NE-1) and (NEET-4) Cyber Security R&D (NE-1) and (NEET-4) Trevor Cook Office of Science and Technology Innovation Office of Nuclear Energy U.S. Department of Energy Cyber Security for Nuclear Systems (the threat is real)

More information

The U.S. Nuclear Regulatory Commission s Cyber Security Regulatory Framework for Nuclear Power Reactors

The U.S. Nuclear Regulatory Commission s Cyber Security Regulatory Framework for Nuclear Power Reactors NUREG/CR-7141 The U.S. Nuclear Regulatory Commission s Cyber Security Regulatory Framework for Nuclear Power Reactors Office of Nuclear Security and Incident Response AVAILABILITY OF REFERENCE MATERIALS

More information

Cyber Security and Other Realities of Our Digital World Andy Dickson IT Director Nuclear Fleet Operations

Cyber Security and Other Realities of Our Digital World Andy Dickson IT Director Nuclear Fleet Operations Cyber Security and Other Realities of Our Digital World Andy Dickson IT Director Nuclear Fleet Operations What Changes Are We Facing? Cyber Security Regulation and Threats Changing IT Landscape and Expectations

More information

2/22/2010. Cyber Security Industry Experiences. Regulatory Documents. Licensing History. NRC RIC Jack Roe NEI

2/22/2010. Cyber Security Industry Experiences. Regulatory Documents. Licensing History. NRC RIC Jack Roe NEI Cyber Security Industry Experiences NRC RIC Jack Roe NEI Regulatory Documents Interim Compensatory Measures (2002) NUREG/CR-6847 (2003) Design Basis Threat Order (2003) NEI 03-12 Section 18 (2004) NEI

More information

Options for Cyber Security. Reactors. April 9, 2015

Options for Cyber Security. Reactors. April 9, 2015 Options for Cyber Security Design Requirements for Power Reactors April 9, 2015 Scope Discuss options for including cyber security design requirements for power reactors into NRC regulations Scope does

More information

ABA Section of Public Utility, Communications & Transportation Law Safety and Security in Transport

ABA Section of Public Utility, Communications & Transportation Law Safety and Security in Transport ABA Section of Public Utility, Communications & Transportation Law Safety and Security in Transport Commercial Nuclear Power Plants Stan Blanton Nuclear Power Subcommittee The Regulatory Landscape NRC

More information

U.S. Nuclear Regulatory Commission. Customer Service Plan

U.S. Nuclear Regulatory Commission. Customer Service Plan U.S. Nuclear Regulatory Commission Customer Service Plan October 24, 2011 Executive Summary The U.S. Nuclear Regulatory Commission (NRC) regulates the civilian nuclear industry s use of radioactive materials

More information

Veterans Health Administration (VHA) Update for Oversight for Uses of Radioactive Materials. Frank A. Miles

Veterans Health Administration (VHA) Update for Oversight for Uses of Radioactive Materials. Frank A. Miles Veterans Health Administration (VHA) Update for Oversight for Uses of Radioactive Materials Frank A. Miles Associate Chief Officer, Patient Care Services, VHA Remarks for Nuclear Regulatory Commission

More information

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001. November 13, 2012

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001. November 13, 2012 UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 November 13, 2012 Vice President, Operations Entergy Nuclear Operations, Inc. Vermont Yankee Nuclear Power Station P.O. Box 250 Governor

More information

FUNDAMENTALS OF CYBER SECURITY FOR NUCLEAR PLANTS

FUNDAMENTALS OF CYBER SECURITY FOR NUCLEAR PLANTS COURSE FUNDAMENTALS OF CYBER SECURITY FOR NUCLEAR PLANTS Hyatt Regency Phoenix is authorized by IACET to offer 1.0 CEUs for the course. is authorized by CPE to offer 11.0 credits for the course. 1 OVERVIEW

More information

NHTSA S AUTOMOTIVE CYBERSECURITY RESEARCH. Arthur Carter, Frank Barickman, NHTSA

NHTSA S AUTOMOTIVE CYBERSECURITY RESEARCH. Arthur Carter, Frank Barickman, NHTSA NHTSA S AUTOMOTIVE CYBERSECURITY RESEARCH Arthur Carter, Frank Barickman, NHTSA Electronic Systems Safety Research Division Electronic Systems Safety (ESS) Research Division conducts research to ensure

More information

POSTAL REGULATORY COMMISSION

POSTAL REGULATORY COMMISSION POSTAL REGULATORY COMMISSION OFFICE OF INSPECTOR GENERAL FINAL REPORT INFORMATION SECURITY MANAGEMENT AND ACCESS CONTROL POLICIES Audit Report December 17, 2010 Table of Contents INTRODUCTION... 1 Background...1

More information

Cyber Security in the Nuclear Age. Dr. Jane LeClair, Chief Operating Officer National Cybersecurity Institute at Excelsior College Washington, D.C.

Cyber Security in the Nuclear Age. Dr. Jane LeClair, Chief Operating Officer National Cybersecurity Institute at Excelsior College Washington, D.C. Cyber Security in the Nuclear Age Dr. Jane LeClair, Chief Operating Officer National Cybersecurity Institute at Excelsior College Washington, D.C. Overview 2 A Vested Interest Computers have provided the

More information

OVERVIEW OF THE OPERATING REACTORS BUSINESS LINE. July 7, 2016 Michael Johnson Deputy Executive Director for Reactor and Preparedness Programs

OVERVIEW OF THE OPERATING REACTORS BUSINESS LINE. July 7, 2016 Michael Johnson Deputy Executive Director for Reactor and Preparedness Programs OVERVIEW OF THE OPERATING REACTORS BUSINESS LINE July 7, 2016 Michael Johnson Deputy Executive Director for Reactor and Preparedness Programs Program Overview Bill Dean Director Office of Nuclear Reactor

More information

AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS

AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS http://dx.doi.org/10.5516/net.04.2012.091 AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS JAE-GU SONG *, JUNG-WOON LEE, GEE-YONG PARK, KEE-CHOON KWON,

More information

Industrial Cyber Security 101. Mike Spear

Industrial Cyber Security 101. Mike Spear Industrial Cyber Security 101 Mike Spear Introduction Mike Spear Duluth, GA USA Global Operations Manager, Industrial Cyber Security Mike.spear@honeywell.com Responsible for the Global Delivery of Honeywell

More information

NEI 08-09 [Rev. 6] Cyber Security Plan for Nuclear Power Reactors

NEI 08-09 [Rev. 6] Cyber Security Plan for Nuclear Power Reactors NEI 08-09 [Rev. 6] Cyber Security Plan for Nuclear Power Reactors [THIS PAGE IS LEFT BLANK INTENTIONALLY] NEI 08-09 [Rev. 6] Nuclear Energy Institute Cyber Security Plan for Nuclear Power Reactors Nuclear

More information

Audit of NRC s Network Security Operations Center

Audit of NRC s Network Security Operations Center Audit of NRC s Network Security Operations Center OIG-16-A-07 January 11, 2016 All publicly available OIG reports (including this report) are accessible through NRC s Web site at http://www.nrc.gov/reading-rm/doc-collections/insp-gen

More information

Cyber Security and the Canadian Nuclear Industry a Canadian Regulatory Perspective

Cyber Security and the Canadian Nuclear Industry a Canadian Regulatory Perspective Cyber Security and the Canadian Nuclear Industry a Canadian Regulatory Perspective Terry Jamieson Vice-President Technical Support Branch Canadian Nuclear Safety Commission August 11, 2015 www.nuclearsafety.gc.ca

More information

U.S. Nuclear Regulatory Commission

U.S. Nuclear Regulatory Commission ADAMS ML14344A108 U.S. Nuclear Regulatory Commission Privacy Impact Assessment Designed to collect the information necessary to make relevant determinations regarding the applicability of the Privacy Act,

More information

IBM Data Security Services for endpoint data protection endpoint encryption solution

IBM Data Security Services for endpoint data protection endpoint encryption solution Protecting data on endpoint devices and removable media IBM Data Security Services for endpoint data protection endpoint encryption solution Highlights Secure data on endpoint devices Reap benefits such

More information

We are a Connected World

We are a Connected World Beyond Organizationally Driven Sustainable Collaboration: Strategic Sustainable Collaboration on Innovation Across Nation States in the Arena of Cyber Security Dr. Jane LeClair Chief Operating Officer

More information

ABB s approach concerning IS Security for Automation Systems

ABB s approach concerning IS Security for Automation Systems ABB s approach concerning IS Security for Automation Systems Copyright 2006 ABB. All rights reserved. Stefan Kubik stefan.kubik@de.abb.com The problem Most manufacturing facilities are more connected (and

More information

NRC INSPECTION MANUAL CCIB

NRC INSPECTION MANUAL CCIB NRC INSPECTION MANUAL CCIB MANUAL CHAPTER 1252 CONSTRUCTION INSPECTOR TRAINING AND QUALIFICATION PROGRAM 1252-01 PURPOSE... 2 1252-02 OBJECTIVES... 2 1252-03 DEFINITIONS... 2 1252-04 RESPONSIBILITIES AND

More information

Current Developments Concerning Cybersecurity. ICI General Membership Meeting Legal Forum Jillian Bosmann and Nancy O Hara Thursday, May 19, 2016

Current Developments Concerning Cybersecurity. ICI General Membership Meeting Legal Forum Jillian Bosmann and Nancy O Hara Thursday, May 19, 2016 Current Developments Concerning Cybersecurity ICI General Membership Meeting Legal Forum Jillian Bosmann and Nancy O Hara Thursday, May 19, 2016 AGENDA Why is Cybersecurity Important? Top Cybersecurity

More information

Cyber Security Considerations in the Development of I&C Systems for Nuclear Power Plants

Cyber Security Considerations in the Development of I&C Systems for Nuclear Power Plants Cyber Security Considerations in the Development of I&C Systems for Nuclear Power Plants Jung-Woon Lee, Cheol-Kwon Lee, Jae-Gu Song, and Dong-Young Lee I&C and HF Research Division, Korea Atomic Energy

More information

10 best practice suggestions for common smartphone threats

10 best practice suggestions for common smartphone threats 10 best practice suggestions for common smartphone threats Jeff R Fawcett Dell SecureWorks Security Practice Executive M Brandon Swain Dell SecureWorks Security Practice Executive When using your Bluetooth

More information

High Level Cyber Security Assessment 2/1/2012. Assessor: J. Doe

High Level Cyber Security Assessment 2/1/2012. Assessor: J. Doe 2/1/2012 Assessor: J. Doe Disclaimer This report is provided as is for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information

More information

SCADA Security Training

SCADA Security Training SCADA Security Training 1-Day Course Outline Wellington, NZ 6 th November 2015 > Version 3.1 web: www.axenic.co.nz phone: +64 21 689998 page 1 of 6 Introduction Corporate Background Axenic Ltd Since 2009,

More information

Helping Corporations Defend Enterprise Attacks through Security Awareness & Desktop Security

Helping Corporations Defend Enterprise Attacks through Security Awareness & Desktop Security Helping Corporations Defend Enterprise Attacks through Security Awareness & Desktop Security The Problem Statement Increasing incidents of crime & attacks (including cyber) with Potential to cause severe

More information

Cyber Security Design Methodology for Nuclear Power Control & Protection Systems. By Majed Al Breiki Senior Instrumentation & Control Manager (ENEC)

Cyber Security Design Methodology for Nuclear Power Control & Protection Systems. By Majed Al Breiki Senior Instrumentation & Control Manager (ENEC) Cyber Security Design Methodology for Nuclear Power Control & Protection Systems By Majed Al Breiki Senior Instrumentation & Control Manager (ENEC) 1. INTRODUCTION In today s world, cyber security is one

More information

developing your potential Cyber Security Training

developing your potential Cyber Security Training developing your potential Cyber Security Training The benefits of cyber security awareness The cost of a single cyber security incident can easily reach six-figure sums and any damage or loss to a company

More information

MD 12.5 NRC CYBER SECURITY PROGRAM DT-13-15

MD 12.5 NRC CYBER SECURITY PROGRAM DT-13-15 U.S. NUCLEAR REGULATORY COMMISSION MANAGEMENT DIRECTIVE (MD) MD 12.5 NRC CYBER SECURITY PROGRAM DT-13-15 Volume 12: Approved By: Security R. W. Borchardt Executive Director for Operations Date Approved:

More information

Ifred M. P~aglia Manager, Nuclear Licensing. March 14, 2013 NND-13-0157

Ifred M. P~aglia Manager, Nuclear Licensing. March 14, 2013 NND-13-0157 Alfred M. Paglia, Jr. Manager Nuclear Licensing A SCANA COMPANY New Nuclear Deployment U.S. Nuclear Regulatory Commission ATTN: Document Control Desk Washington, DC 20555-0001 Subject: Virgil C. Summer

More information

U.S. Nuclear Regulatory Commission

U.S. Nuclear Regulatory Commission U.S. Nuclear Regulatory Commission 2011 Data Center Consolidation Plan and Progress Report Version 2.0 September 30, 2011 Enclosure Contents 1 Introduction... 2 2 Agency Goals for Data Center Consolidation...

More information

Independent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015

Independent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015 Independent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015 OIG-16-A-03 November 12, 2015 All publicly available OIG reports (including

More information

NRC Enforcement Policy

NRC Enforcement Policy January 28, 2013 Revised July 9, 2013 Interim Enforcement Policy (Section 9.2) U. S. Nuclear Regulatory Commission Office of Enforcement Washington, DC 20555-00 NRC ENFORCEMENT POLICY CONTENTS PREFACE...

More information

HIPAA Security Overview of the Regulations

HIPAA Security Overview of the Regulations HIPAA Security Overview of the Regulations Presenter: Anna Drachenberg Anna Drachenberg has been assisting healthcare providers and hospitals comply with HIPAA and other federal regulations since 2008.

More information

BETTER RECORDS MANAGEMENT

BETTER RECORDS MANAGEMENT BETTER RECORDS MANAGEMENT THROUGH PROJECT MANAGEMENT Maura L. Dunn, CRM President April 8, 2015 What is the difference between program management and project management? Why does it matter? Programs Are

More information

NRC REGULATORY ISSUE SUMMARY 2015-03, IDENTIFYING AND REPORTING SECURITY INCIDENTS UNDER 10 CFR PART 37

NRC REGULATORY ISSUE SUMMARY 2015-03, IDENTIFYING AND REPORTING SECURITY INCIDENTS UNDER 10 CFR PART 37 UNITED STATES NUCLEAR REGULATORY COMMISSION OFFICE OF NUCLEAR MATERIAL SAFETY AND SAFEGUARDS OFFICE OF NUCLEAR REACTOR REGULATION OFFICE OF NEW REACTORS WASHINGTON, D.C. 20555 February 24, 2015 NRC REGULATORY

More information

abstract NRC Headquarters United States Nuclear Regulatory Commission

abstract NRC Headquarters United States Nuclear Regulatory Commission abstract The Strategic Plan Fiscal Years 2008-2013 describes the U.S. Nuclear Regulatory Commission s mission and defines the strategic goals and outcomes the agency intends to pursue. NRC Headquarters

More information

How to Secure Your Environment

How to Secure Your Environment End Point Security How to Secure Your Environment Learning Objectives Define Endpoint Security Describe most common endpoints of data leakage Identify most common security gaps Preview solutions to bridge

More information

INSPECTOR GENERAL S ASSESSMENT OF THE MOST SERIOUS MANAGEMENT AND PERFORMANCE CHALLENGES FACING THE NUCLEAR REGULATORY COMMISSION (OIG-16-A-01)

INSPECTOR GENERAL S ASSESSMENT OF THE MOST SERIOUS MANAGEMENT AND PERFORMANCE CHALLENGES FACING THE NUCLEAR REGULATORY COMMISSION (OIG-16-A-01) UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 OFFICE OF THE INSPECTOR GENERAL October 1, 2015 MEMORANDUM TO: Chairman Burns FROM: SUBJECT: Hubert T. Bell /RA/ Inspector General

More information

How Secure is Your SCADA System?

How Secure is Your SCADA System? How Secure is Your SCADA System? Charles Drobny GlobaLogix, Inc. Houston, TX, USA Our Industry is a Target 40% of cyber attacks on Critical Infrastructure targets are aimed at the Energy Industry The potential

More information

FACT SHEET Office of Public Affairs Phone: 301-415-8200 Email: opa.resource@nrc.gov

FACT SHEET Office of Public Affairs Phone: 301-415-8200 Email: opa.resource@nrc.gov FACT SHEET Office of Public Affairs Phone: 301-415-8200 Email: opa.resource@nrc.gov NRC S Response to Medical Events at the Veterans Affairs Medical Center in Philadelphia, Pa. Overview The U.S. Nuclear

More information

Standard CIP 004 3a Cyber Security Personnel and Training

Standard CIP 004 3a Cyber Security Personnel and Training A. Introduction 1. Title: Cyber Security Personnel & Training 2. Number: CIP-004-3a 3. Purpose: Standard CIP-004-3 requires that personnel having authorized cyber or authorized unescorted physical access

More information

Defense in Depth Architecture of Server Systems for the Improvement of Cyber Security

Defense in Depth Architecture of Server Systems for the Improvement of Cyber Security , pp. 261-266 http://dx.doi.org/10.14257/ijsia.2014.8.3.27 Defense in Depth Architecture of Server Systems for the Improvement of Cyber Security Hanseong Son 1 and Soongohn Kim 2* 1 Department of Game

More information

TNRCC WATER QUALITY INVESTIGATOR TRAINING PROGRAM

TNRCC WATER QUALITY INVESTIGATOR TRAINING PROGRAM TNRCC WATER QUALITY INVESTIGATOR TRAINING PROGRAM This document describes the policy and guidance for participation in the Water Quality Investigator Training Program in the Field Operations Division (FOD)

More information

Cyber Security :: Insights & Recommendations for Secure Operations. N-Dimension Solutions, Inc.

Cyber Security :: Insights & Recommendations for Secure Operations. N-Dimension Solutions, Inc. Cyber Security :: Insights & Recommendations for Secure Operations N-Dimension Solutions, Inc. Cyber Security Protection for Critical Infrastructure Assets Agenda: Cyber Landscape Cyber Threats to Your

More information

ICBA Summary of FFIEC Cybersecurity Assessment Tool

ICBA Summary of FFIEC Cybersecurity Assessment Tool ICBA Summary of FFIEC Cybersecurity Assessment Tool July 2015 Contact: Jeremy Dalpiaz Assistant Vice President Cyber Security and Data Security Policy Jeremy.Dalpiaz@icba.org www.icba.org ICBA Summary

More information

U.S. Nuclear Regulatory Commission

U.S. Nuclear Regulatory Commission ADAMS ML14268A299 U.S. Nuclear Regulatory Commission Privacy Impact Assessment Designed to collect the information necessary to make relevant determinations regarding the applicability of the Privacy Act,

More information

DOE O 226.1A, IMPLEMENTATION OF DEPARTMENT OF ENERGY OVERSIGHT POLICY CONTRACTOR ASSURANCE SYSTEMS CRITERIA ATTACHMENT 1, APPENDIX A

DOE O 226.1A, IMPLEMENTATION OF DEPARTMENT OF ENERGY OVERSIGHT POLICY CONTRACTOR ASSURANCE SYSTEMS CRITERIA ATTACHMENT 1, APPENDIX A DOE O 226.1A, IMPLEMENTATION OF DEPARTMENT OF ENERGY OVERSIGHT POLICY CONTRACTOR ASSURANCE SYSTEMS CRITERIA ATTACHMENT 1, APPENDIX A DEFINITIONS Assurance systems encompass all aspects of the processes

More information

NASA OFFICE OF INSPECTOR GENERAL

NASA OFFICE OF INSPECTOR GENERAL NASA OFFICE OF INSPECTOR GENERAL OFFICE OF AUDITS SUITE 8U71, 300 E ST SW WASHINGTON, D.C. 20546-0001 April 14, 2016 TO: SUBJECT: Renee P. Wynn Chief Information Officer Final Memorandum, Review of NASA

More information

AURORA Vulnerability Background

AURORA Vulnerability Background AURORA Vulnerability Background Southern California Edison (SCE) September 2011-1- Outline What is AURORA? Your Responsibility as a Customer Sectors Impacted by AURORA Review of Regulatory Agencies History

More information

The Security Overview section describes the FDA Information Security program, consisting of several focus areas whose objectives are to keep FDA

The Security Overview section describes the FDA Information Security program, consisting of several focus areas whose objectives are to keep FDA The FDA Intranet Information Security Program Website is a resource where employees can find the most current information on IT security, the FDA awareness program, who to contact with questions and more.

More information

A CYBER SECURITY RISK ASSESSMENT FOR THE DESIGN OF I&C SYSTEMS IN NUCLEAR POWER PLANTS

A CYBER SECURITY RISK ASSESSMENT FOR THE DESIGN OF I&C SYSTEMS IN NUCLEAR POWER PLANTS http://dx.doi.org/10.5516/net.04.2011.065 A CYBER SECURITY RISK ASSESSMENT FOR THE DESIGN OF I&C SYSTEMS IN NUCLEAR POWER PLANTS JAE-GU SONG, JUNG-WOON LEE *, CHEOL-KWON LEE, KEE-CHOON KWON, and DONG-YOUNG

More information

Nuclear Regulatory Commission Computer Security Office Enterprise Security Architecture Working Group Charter

Nuclear Regulatory Commission Computer Security Office Enterprise Security Architecture Working Group Charter Nuclear Regulatory Commission Computer Security Office Enterprise Security Architecture Working Group Charter Title: CSO Enterprise Security Architecture Working Group Charter Revision Number: 1.0 Effective

More information

NUCLEAR REGULATORY COMMISSION. 10 CFR Part 73 [NRC-2014-0036] RIN 3150-AJ37. Cyber Security Event Notifications

NUCLEAR REGULATORY COMMISSION. 10 CFR Part 73 [NRC-2014-0036] RIN 3150-AJ37. Cyber Security Event Notifications This document is scheduled to be published in the Federal Register on 11/02/2015 and available online at http://federalregister.gov/a/2015-27855, and on FDsys.gov [7590-01-P] NUCLEAR REGULATORY COMMISSION

More information

Security Practices for Online Collaboration and Social Media

Security Practices for Online Collaboration and Social Media Cisco IT Best Practice Collaboration Security Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 2013 Cisco and/or its affiliates. All rights reserved.

More information

Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media

Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 All contents are Copyright 1992 2012 Cisco Systems, Inc. All rights reserved. This document

More information

Information Security Program Management Standard

Information Security Program Management Standard State of California California Information Security Office Information Security Program Management Standard SIMM 5305-A September 2013 REVISION HISTORY REVISION DATE OF RELEASE OWNER SUMMARY OF CHANGES

More information

Enterprise Security Solutions

Enterprise Security Solutions Enterprise Security Solutions World-class technical solutions, professional services and training from experts you can trust ISOCORP is a Value-Added Reseller (VAR) and services provider for best in class

More information

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP Today s Topics SCADA Overview SCADA System vs. IT Systems Risk Factors Threats Potential Vulnerabilities Specific Considerations

More information

INFORMATION SYSTEMS SPECIALIST 8 1488

INFORMATION SYSTEMS SPECIALIST 8 1488 INFORMATION SYSTEMS SPECIALIST 8 1488 SERIES DESCRIPTION The INFORMATION SYSTEMS SPECIALIST (ISS) classification series has eight levels that describe technical and professional non-supervisory positions

More information

plantemoran.com What School Personnel Administrators Need to know

plantemoran.com What School Personnel Administrators Need to know plantemoran.com Data Security and Privacy What School Personnel Administrators Need to know Tomorrow s Headline Let s hope not District posts confidential data online (Tech News, May 18, 2007) In one of

More information

Supplier Vigilance: A Critical Layer of Defense

Supplier Vigilance: A Critical Layer of Defense Supplier Vigilance: A Critical Layer of Defense Lockheed Martin Information Security 1 Supply Chain Cyber Security Lockheed Martin October 23, 2013 Debbie Stuckey Waide Jones, CISSP 2 Synopsis Lockheed

More information

U. S. Attorney Office Northern District of Texas March 2013

U. S. Attorney Office Northern District of Texas March 2013 U. S. Attorney Office Northern District of Texas March 2013 What Is Cybercrime? Hacking DDOS attacks Domain name hijacking Malware Other computer related offenses, i.e. computer and internet used to facilitate

More information

Best Practices for DanPac Express Cyber Security

Best Practices for DanPac Express Cyber Security March 2015 - Page 1 Best Practices for This whitepaper describes best practices that will help you maintain a cyber-secure DanPac Express system. www.daniel.com March 2015 - Page 2 Table of Content 1 Introduction

More information

TODAY S AGENDA. Trends/Victimology. Incident Response. Remediation. Disclosures

TODAY S AGENDA. Trends/Victimology. Incident Response. Remediation. Disclosures TODAY S AGENDA Trends/Victimology Incident Response Remediation Disclosures Trends/Victimology ADVERSARY CLASSIFICATIONS SOCIAL ENGINEERING DATA SOURCES COVERT INDICATORS - METADATA METADATA data providing

More information

Security and. Emergency Preparedness

Security and. Emergency Preparedness 6 6 Security and Emergency Preparedness 91 6 Security and Emergency Preparedness Overview Nuclear security is a high priority for the NRC. For decades, effective NRC regulation and strong partnerships

More information

U.S. Nuclear Regulation after Three Mile Island

U.S. Nuclear Regulation after Three Mile Island U.S. Nuclear Regulation after Three Mile Island Mark Holt Specialist in Energy Policy October 23, 2015 Agenda Setting the scene: Before TMI Three Mile Island accident and aftermath ors, 1957-2015 Presidential

More information

Data Breach and Senior Living Communities May 29, 2015

Data Breach and Senior Living Communities May 29, 2015 Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs

More information

FFIEC Cybersecurity Assessment Tool

FFIEC Cybersecurity Assessment Tool Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,

More information

Secure Access into Industrial Automation and Control Systems Industry Best Practice and Trends. Serhii Konovalov Venkat Pothamsetty Cisco

Secure Access into Industrial Automation and Control Systems Industry Best Practice and Trends. Serhii Konovalov Venkat Pothamsetty Cisco Secure Access into Industrial Automation and Systems Industry Best Practice and Trends Serhii Konovalov Venkat Pothamsetty Cisco Vendor offers a remote firmware update and PLC programming. Contractor asks

More information

IMPLEMENTING THE REGULATORY AUTHORITY INFORMATION SYSTEM (RAIS)

IMPLEMENTING THE REGULATORY AUTHORITY INFORMATION SYSTEM (RAIS) IRPA 12 IMPLEMENTING THE REGULATORY AUTHORITY INFORMATION SYSTEM (RAIS) Buenos Aires, Argentina, 19-24 October, 2008 K. Mrabit Head, Safety and Security Coordination Section Department of Nuclear Safety

More information

Practical Lessons Learned: An Overview of Cybersecurity Law & Information Governance

Practical Lessons Learned: An Overview of Cybersecurity Law & Information Governance Baltimore Chapter Practical Lessons Learned: An Overview of Cybersecurity Law & Information Governance presented by Howard R. Feldman S. Keith Moulsdale hfeldman@wtplaw.com kmoulsdale@wtplaw.com 410.347.8793

More information

Designing a security policy to protect your automation solution

Designing a security policy to protect your automation solution Designing a security policy to protect your automation solution September 2009 / White paper by Dan DesRuisseaux 1 Contents Executive Summary... p 3 Introduction... p 4 Security Guidelines... p 7 Conclusion...

More information

The Network Alone Can t Protect Your Data

The Network Alone Can t Protect Your Data The Network Alone Can t Protect Your Data SESSION ID: STU-T07B Elliot Lewis Chief Security Architect Dell / Dell Software Group @elliotdlewis Chad Skipper Senior Principal Engineer Dell / End User Computing

More information

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems GE Measurement & Control Top 10 Cyber Vulnerabilities for Control Systems GE Proprietary Information: This document contains proprietary information of the General Electric Company and may not be used

More information

Endpoint Security More secure. Less complex. Less costs... More control.

Endpoint Security More secure. Less complex. Less costs... More control. Endpoint Security More secure. Less complex. Less costs... More control. Symantec Endpoint Security Today s complex threat landscape constantly shifts and changes to accomplish its ultimate goal to reap

More information

Olkiluoto 3 Experience

Olkiluoto 3 Experience Olkiluoto 3 Experience CNRA International Workshop on New Reactor Siting, Licensing and Construction Experience Hosted by the State Office for Nuclear Safety Prague, Czech Republic 15-17 September 2010

More information

How to Practice Safely in an era of Cybercrime and Privacy Fears

How to Practice Safely in an era of Cybercrime and Privacy Fears How to Practice Safely in an era of Cybercrime and Privacy Fears Christina Harbridge INFORMATION PROTECTION SPECIALIST Information Security The practice of defending information from unauthorised access,

More information

Volume 03 - Information Management. Part 1 - Publications, Mail, and Information Disclosure (3.01-3.25)

Volume 03 - Information Management. Part 1 - Publications, Mail, and Information Disclosure (3.01-3.25) NRC MD Assistance: Catalog Page I of 8 NRC Management Directives Web Assistance for MD Preparation, Editing, and Review I HomeI Catalog of Directives Catalog Volume 01 - Management Directives Volume 02

More information

TRITON AP-ENDPOINT STOP ADVANCED THREATS AND SECURE SENSITIVE DATA FOR ROAMING USERS

TRITON AP-ENDPOINT STOP ADVANCED THREATS AND SECURE SENSITIVE DATA FOR ROAMING USERS TRITON AP-ENDPOINT STOP ADVANCED THREATS AND SECURE SENSITIVE DATA FOR ROAMING USERS TRITON AP-ENDPOINT STOP ADVANCED THREATS AND SECURE SENSITIVE DATA FOR ROAMING USERS From a damaged reputation to regulatory

More information

How Much Do I Need To Do to Comply? Vice president SystemExperts Corporation

How Much Do I Need To Do to Comply? Vice president SystemExperts Corporation How Much Do I Need To Do to Comply? Richard E. Mackey, Jr. Vice president SystemExperts Corporation Agenda Background Requirements and you Risk language Risk Factors Assessing risk Program elements and

More information

Enabling a Smarter and Safer Nuclear Industry with a Secure, Real-time Data Infrastructure

Enabling a Smarter and Safer Nuclear Industry with a Secure, Real-time Data Infrastructure Fukushima Forum February 18 th, 2014 Tokyo, Japan Enabling a Smarter and Safer Nuclear Industry with a Secure, Real-time Data Infrastructure Presented by Chris Crosby Global Nuclear Industry Principal

More information

Evaluation Report. Weaknesses Identified During the FY 2013 Federal Information Security Management Act Review. April 30, 2014 Report Number 14-12

Evaluation Report. Weaknesses Identified During the FY 2013 Federal Information Security Management Act Review. April 30, 2014 Report Number 14-12 Evaluation Report Weaknesses Identified During the FY 2013 Federal Information Security Management Act Review April 30, 2014 Report Number 14-12 U.S. Small Business Administration Office of Inspector General

More information

Federal Bureau of Investigation s Integrity and Compliance Program

Federal Bureau of Investigation s Integrity and Compliance Program Evaluation and Inspection Division Federal Bureau of Investigation s Integrity and Compliance Program November 2011 I-2012-001 EXECUTIVE DIGEST In June 2007, the Federal Bureau of Investigation (FBI) established

More information

/All APPLICANTS SHOULD NOTE THAT THE TOUR LENGTH OF A RESIDENT INSPECTOR AT A SINGLE SITE IS LIMITED TO SEVEN (7) YEARS BY COMMISSION POLICY.

/All APPLICANTS SHOULD NOTE THAT THE TOUR LENGTH OF A RESIDENT INSPECTOR AT A SINGLE SITE IS LIMITED TO SEVEN (7) YEARS BY COMMISSION POLICY. Senior Resident Inspector QUALIFICATIONS REQUIRED: Candidates must have at least one year of experience at the next lower grade level or equivalent by the closing date or no later than 30 calendar days

More information