Ask SME and Learn. NRC Cyber Security Oversight. Cyber Security Directorate
|
|
- Gilbert Hart
- 8 years ago
- Views:
Transcription
1 Ask SME and Learn NRC Cyber Security Oversight Program Mario R. Fernandez Jr., Security Specialist (Cyber) Cyber Security Directorate Office of Nuclear Security & Incident Response 1
2 Agenda Cyber Security Inspection Team Team Composition Training Activities Cyber Security Inspection Schedule Overview of Some Areas of Inspection Oversight Assessment Inspection Trends Security y Issues Forum (SIF) Improvement Trends Communications with the Industry Full Implementation ti Inspections
3 Inspection Team Team Composition Regions Team Leader Regional Inspectors Qualified Inspectors Electrical, Instrumentation &Controls, Security, Plant OPs Contract SMEs NRC Security S i li NRC Headquarters Specialists NSIR Cyber Security Directorate Staff Security Risk Analysts Contract Support Subject Matter Experts Multi-Disciplinary 3
4 Inspection Team Training activities Computer & Networks Course (CBT) Cyber Security Course - Idaho National Lab Pilot Inspections Watts Bar, Clinton Inspection Procedure Workshop at each Region All Inspectors Meeting- June
5 Inspection Team Training activities Core Topics Specialized Training Cyber Security Specialized Training Regulations Regional Inspectors Cyber Security Threats Defensive Strategies Regulatory Guidance Licensing Basis (CSPs) Contractors NRC Regulations Oversight Program Temporary Instruction Cross Training 5
6 Inspection Team Temporary Instruction 2201/004; Inspection of Interim Milestones Significant Determination Process (SDP) NRC Lead inspector Team Composition Regional Inspector Team Lead Regional Inspector NSIR & CSD Staff Cyber Security Specialist (Contractor) 21 Inspections scheduled in CY 2013 split between all regions 16 Inspections completed NRC inspector HQ Personnel NRC Contractor NRC HQ NRC Available (remotely) to the team as/if needed Support staff 6
7 Some Areas of Inspection (TI 2001/004 ) Understanding the Cyber Threat Landscape Threat vectors Threat characteristics Hard-wired networks Internet Intranet Wireless Wifi Bluetooth th Mobile media USB thumb drive CD/DVD Portable equipment Laptops Test equipment Motivated Opportunistic Persistent t Adaptive Learning Good at info sharing 7
8 Some Areas of Inspection (TI 2001/004 ) Establishment of a Cyber Security Assessment Team (CSAT) Identification of Critical Systems (CSs)/Critical Digital Assets (CDAs) Defense-in-Depth and Detection and Response 8
9 Some Areas of Inspection (TI 2001/004) Mobile Media and Device protections Cyber Tampering CDA Use Only Specific CDAs Security Controls Implementation Ongoing Monitoring and Assessments of Security Controls Implemented 9
10 Oversight Assessment CDA Identification or Scoping Implementation of Defensive Architecture Control of Portable Media & Devices Security Controls for CDAs 10
11 Security Issues Forum (SIF) Weekly Secure Video Conference All Regions & HQ staff discuss cyber security inspection issues Good Faith Attempt Enforcement Discretion The NRC is exercising enforcement discretion in accordance with Section 3.0, Use of Enforcement Discretion, Part 3.5, Violations Involving Special Circumstances, of the NRC Enforcement Policy 11
12 Improvement Trends Better documented CDA Scoping Process Effective implementation of one way communication from level 4 to level 3 Increased Mobile Media and Portable Device protections CDA Use Only Cyber Tampering Rounds & indications 12
13 Continued Communications Continued Communications with Industry through calls & meetings Inspector Workshop (June 2013) Industry Workshop Beginning communication with Industry on MILESTONE 8 INSPECTIONS 13
14 Full Implementation Inspections Full Implementation of the Cyber Security Program (Milestone 8) Meet all the requirements committed in approved Cyber Security Plan Licensees, on a site by site basis, have committed to full implementation late , inspections begin 2015 Inspection of final implementation will initially entail a two week inspection 14
15 Summary Importance of multi-disciplinary Cyber Security Inspection Team Training entails cyber, regulations, pilot inspections Cyber Security Inspection Schedule Overview of Some Areas of Inspection Oversight Assessment Inspection Trends Resolution R l of inspection issues (SIF) Full Implementation Inspections
16 Questions 16
NRC Cyber Security Policy &
Ask SME and Learn NRC Cyber Security Policy & Guidance Development Mario R. Fernandez Jr., Security Specialist (Cyber) Cyber Security Directorate Office of Nuclear Security & Incident Response 1 Agenda
More informationExecutive Director for Operations AUDIT OF NRC S CYBER SECURITY INSPECTION PROGRAM FOR NUCLEAR POWER PLANTS (OIG-14-A-15)
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 OFFICE OF THE INSPECTOR GENERAL May 7, 2014 MEMORANDUM TO: Mark A. Satorius Executive Director for Operations FROM: Stephen D. Dingbaum
More informationA Regulatory Approach to Cyber Security
A Regulatory Approach to Cyber Security Perry Pederson Security Specialist (Cyber) Office of Nuclear Security and Incident Response U.S. Nuclear Regulatory Commission 1 Agenda Overview Regulatory Framework
More informationNRC Cyber Security Regulatory
Ask SME and Learn NRC Cyber Security Regulatory Program Development Mario R. Fernandez Jr., Security Specialist (Cyber) Cyber Security Directorate Office of Nuclear Security & Incident Response 1 Agenda
More informationSpreading the Word on Nuclear Cyber Security
Spreading the Word on Nuclear Cyber Security Clifford Glantz, Guy Landine, Philip Craig, and Robert Bass Pacific Northwest National Laboratory (PNNL) PO Box 999; 902 Battelle Blvd Richland, WA 99352 USA
More informationCynthia Broadwell, Progress Energy. William Gross, Nuclear Energy Institute
Cyber Security Plan Overview Cynthia Broadwell, Progress Energy Nolan Heinrich, TVA William Gross, Nuclear Energy Institute Introduction Cynthia Broadwell Progress Energy Progress Energy Fleet Cyber Security
More informationHow To Improve Safety At A Nuclear Power Plant
OVERVIEW OF THE OPERATING REACTORS BUSINESS LINE August 6, 2015 Michael Johnson Deputy Executive Director for Reactor and Preparedness Programs Program Overview Bill Dean Director Office of Nuclear Reactor
More informationCyber Security for Nuclear Power Plants Matthew Bowman Director of Operations, ATC Nuclear IEEE NPEC Meeting July 2012
Cyber Security for Nuclear Power Plants Matthew Bowman Director of Operations, ATC Nuclear IEEE NPEC Meeting July 2012 ATC Nuclear ATC-N serves the commercial nuclear utilities in the US and many foreign
More informationCyber Security Evaluation of the Wireless Communication for the Mobile Safeguard Systems in uclear Power Plants
Cyber Security Evaluation of the Wireless Communication for the Mobile Safeguard Systems in uclear Power Plants Sooill Lee a*, Yong Sik Kim a, Song Hae Ye a a Central Research Institute, Korea Hydro and
More informationUNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001. March 3, 2011
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 March 3, 2011 Mr. Timothy S. Rausch Senior Vice President and Chief Nuclear Officer PPL Susquehanna, LLC 769 Salem Boulevard Berwick,
More informationU.S. NUCLEAR REGULATORY COMMISSION January 2010 REGULATORY GUIDE OFFICE OF NUCLEAR REGULATORY RESEARCH. REGULATORY GUIDE 5.71 (New Regulatory Guide)
U.S. NUCLEAR REGULATORY COMMISSION January 2010 REGULATORY GUIDE OFFICE OF NUCLEAR REGULATORY RESEARCH REGULATORY GUIDE 5.71 (New Regulatory Guide) CYBER SECURITY PROGRAMS FOR NUCLEAR FACILITIES A INTRODUCTION
More informationCyber Security R&D (NE-1) and (NEET-4)
Cyber Security R&D (NE-1) and (NEET-4) Trevor Cook Office of Science and Technology Innovation Office of Nuclear Energy U.S. Department of Energy Cyber Security for Nuclear Systems (the threat is real)
More informationThe U.S. Nuclear Regulatory Commission s Cyber Security Regulatory Framework for Nuclear Power Reactors
NUREG/CR-7141 The U.S. Nuclear Regulatory Commission s Cyber Security Regulatory Framework for Nuclear Power Reactors Office of Nuclear Security and Incident Response AVAILABILITY OF REFERENCE MATERIALS
More informationCyber Security and Other Realities of Our Digital World Andy Dickson IT Director Nuclear Fleet Operations
Cyber Security and Other Realities of Our Digital World Andy Dickson IT Director Nuclear Fleet Operations What Changes Are We Facing? Cyber Security Regulation and Threats Changing IT Landscape and Expectations
More information2/22/2010. Cyber Security Industry Experiences. Regulatory Documents. Licensing History. NRC RIC Jack Roe NEI
Cyber Security Industry Experiences NRC RIC Jack Roe NEI Regulatory Documents Interim Compensatory Measures (2002) NUREG/CR-6847 (2003) Design Basis Threat Order (2003) NEI 03-12 Section 18 (2004) NEI
More informationOptions for Cyber Security. Reactors. April 9, 2015
Options for Cyber Security Design Requirements for Power Reactors April 9, 2015 Scope Discuss options for including cyber security design requirements for power reactors into NRC regulations Scope does
More informationU.S. Nuclear Regulatory Commission. Customer Service Plan
U.S. Nuclear Regulatory Commission Customer Service Plan October 24, 2011 Executive Summary The U.S. Nuclear Regulatory Commission (NRC) regulates the civilian nuclear industry s use of radioactive materials
More informationABA Section of Public Utility, Communications & Transportation Law Safety and Security in Transport
ABA Section of Public Utility, Communications & Transportation Law Safety and Security in Transport Commercial Nuclear Power Plants Stan Blanton Nuclear Power Subcommittee The Regulatory Landscape NRC
More informationVeterans Health Administration (VHA) Update for Oversight for Uses of Radioactive Materials. Frank A. Miles
Veterans Health Administration (VHA) Update for Oversight for Uses of Radioactive Materials Frank A. Miles Associate Chief Officer, Patient Care Services, VHA Remarks for Nuclear Regulatory Commission
More informationUNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001. November 13, 2012
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 November 13, 2012 Vice President, Operations Entergy Nuclear Operations, Inc. Vermont Yankee Nuclear Power Station P.O. Box 250 Governor
More informationNHTSA S AUTOMOTIVE CYBERSECURITY RESEARCH. Arthur Carter, Frank Barickman, NHTSA
NHTSA S AUTOMOTIVE CYBERSECURITY RESEARCH Arthur Carter, Frank Barickman, NHTSA Electronic Systems Safety Research Division Electronic Systems Safety (ESS) Research Division conducts research to ensure
More informationCyber Security in the Nuclear Age. Dr. Jane LeClair, Chief Operating Officer National Cybersecurity Institute at Excelsior College Washington, D.C.
Cyber Security in the Nuclear Age Dr. Jane LeClair, Chief Operating Officer National Cybersecurity Institute at Excelsior College Washington, D.C. Overview 2 A Vested Interest Computers have provided the
More informationPOSTAL REGULATORY COMMISSION
POSTAL REGULATORY COMMISSION OFFICE OF INSPECTOR GENERAL FINAL REPORT INFORMATION SECURITY MANAGEMENT AND ACCESS CONTROL POLICIES Audit Report December 17, 2010 Table of Contents INTRODUCTION... 1 Background...1
More informationFUNDAMENTALS OF CYBER SECURITY FOR NUCLEAR PLANTS
COURSE FUNDAMENTALS OF CYBER SECURITY FOR NUCLEAR PLANTS Hyatt Regency Phoenix is authorized by IACET to offer 1.0 CEUs for the course. is authorized by CPE to offer 11.0 credits for the course. 1 OVERVIEW
More informationOVERVIEW OF THE OPERATING REACTORS BUSINESS LINE. July 7, 2016 Michael Johnson Deputy Executive Director for Reactor and Preparedness Programs
OVERVIEW OF THE OPERATING REACTORS BUSINESS LINE July 7, 2016 Michael Johnson Deputy Executive Director for Reactor and Preparedness Programs Program Overview Bill Dean Director Office of Nuclear Reactor
More informationAN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS
http://dx.doi.org/10.5516/net.04.2012.091 AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS JAE-GU SONG *, JUNG-WOON LEE, GEE-YONG PARK, KEE-CHOON KWON,
More informationIndustrial Cyber Security 101. Mike Spear
Industrial Cyber Security 101 Mike Spear Introduction Mike Spear Duluth, GA USA Global Operations Manager, Industrial Cyber Security Mike.spear@honeywell.com Responsible for the Global Delivery of Honeywell
More informationAudit of NRC s Network Security Operations Center
Audit of NRC s Network Security Operations Center OIG-16-A-07 January 11, 2016 All publicly available OIG reports (including this report) are accessible through NRC s Web site at http://www.nrc.gov/reading-rm/doc-collections/insp-gen
More informationNEI 08-09 [Rev. 6] Cyber Security Plan for Nuclear Power Reactors
NEI 08-09 [Rev. 6] Cyber Security Plan for Nuclear Power Reactors [THIS PAGE IS LEFT BLANK INTENTIONALLY] NEI 08-09 [Rev. 6] Nuclear Energy Institute Cyber Security Plan for Nuclear Power Reactors Nuclear
More informationCyber Security and the Canadian Nuclear Industry a Canadian Regulatory Perspective
Cyber Security and the Canadian Nuclear Industry a Canadian Regulatory Perspective Terry Jamieson Vice-President Technical Support Branch Canadian Nuclear Safety Commission August 11, 2015 www.nuclearsafety.gc.ca
More informationU.S. Nuclear Regulatory Commission
ADAMS ML14344A108 U.S. Nuclear Regulatory Commission Privacy Impact Assessment Designed to collect the information necessary to make relevant determinations regarding the applicability of the Privacy Act,
More informationWe are a Connected World
Beyond Organizationally Driven Sustainable Collaboration: Strategic Sustainable Collaboration on Innovation Across Nation States in the Arena of Cyber Security Dr. Jane LeClair Chief Operating Officer
More informationINFORMATION SYSTEMS SPECIALIST 8 1488
INFORMATION SYSTEMS SPECIALIST 8 1488 SERIES DESCRIPTION The INFORMATION SYSTEMS SPECIALIST (ISS) classification series has eight levels that describe technical and professional non-supervisory positions
More informationIBM Data Security Services for endpoint data protection endpoint encryption solution
Protecting data on endpoint devices and removable media IBM Data Security Services for endpoint data protection endpoint encryption solution Highlights Secure data on endpoint devices Reap benefits such
More informationABB s approach concerning IS Security for Automation Systems
ABB s approach concerning IS Security for Automation Systems Copyright 2006 ABB. All rights reserved. Stefan Kubik stefan.kubik@de.abb.com The problem Most manufacturing facilities are more connected (and
More informationCyber Security Considerations in the Development of I&C Systems for Nuclear Power Plants
Cyber Security Considerations in the Development of I&C Systems for Nuclear Power Plants Jung-Woon Lee, Cheol-Kwon Lee, Jae-Gu Song, and Dong-Young Lee I&C and HF Research Division, Korea Atomic Energy
More informationCurrent Developments Concerning Cybersecurity. ICI General Membership Meeting Legal Forum Jillian Bosmann and Nancy O Hara Thursday, May 19, 2016
Current Developments Concerning Cybersecurity ICI General Membership Meeting Legal Forum Jillian Bosmann and Nancy O Hara Thursday, May 19, 2016 AGENDA Why is Cybersecurity Important? Top Cybersecurity
More informationHigh Level Cyber Security Assessment 2/1/2012. Assessor: J. Doe
2/1/2012 Assessor: J. Doe Disclaimer This report is provided as is for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information
More information10 best practice suggestions for common smartphone threats
10 best practice suggestions for common smartphone threats Jeff R Fawcett Dell SecureWorks Security Practice Executive M Brandon Swain Dell SecureWorks Security Practice Executive When using your Bluetooth
More informationSCADA Security Training
SCADA Security Training 1-Day Course Outline Wellington, NZ 6 th November 2015 > Version 3.1 web: www.axenic.co.nz phone: +64 21 689998 page 1 of 6 Introduction Corporate Background Axenic Ltd Since 2009,
More informationHelping Corporations Defend Enterprise Attacks through Security Awareness & Desktop Security
Helping Corporations Defend Enterprise Attacks through Security Awareness & Desktop Security The Problem Statement Increasing incidents of crime & attacks (including cyber) with Potential to cause severe
More informationCyber Security Design Methodology for Nuclear Power Control & Protection Systems. By Majed Al Breiki Senior Instrumentation & Control Manager (ENEC)
Cyber Security Design Methodology for Nuclear Power Control & Protection Systems By Majed Al Breiki Senior Instrumentation & Control Manager (ENEC) 1. INTRODUCTION In today s world, cyber security is one
More informationdeveloping your potential Cyber Security Training
developing your potential Cyber Security Training The benefits of cyber security awareness The cost of a single cyber security incident can easily reach six-figure sums and any damage or loss to a company
More informationplantemoran.com What School Personnel Administrators Need to know
plantemoran.com Data Security and Privacy What School Personnel Administrators Need to know Tomorrow s Headline Let s hope not District posts confidential data online (Tech News, May 18, 2007) In one of
More informationDr. Starnes E. Walker Founding Director, Cybersecurity Initiative starnes@udel.edu (302) 831 1580
Dr. Starnes E. Walker Founding Director, Cybersecurity Initiative starnes@udel.edu (302) 831 1580 The Cybersecurity Initiative was established at the University of Delaware in 2014 as an integrated learning
More informationMD 12.5 NRC CYBER SECURITY PROGRAM DT-13-15
U.S. NUCLEAR REGULATORY COMMISSION MANAGEMENT DIRECTIVE (MD) MD 12.5 NRC CYBER SECURITY PROGRAM DT-13-15 Volume 12: Approved By: Security R. W. Borchardt Executive Director for Operations Date Approved:
More informationBETTER RECORDS MANAGEMENT
BETTER RECORDS MANAGEMENT THROUGH PROJECT MANAGEMENT Maura L. Dunn, CRM President April 8, 2015 What is the difference between program management and project management? Why does it matter? Programs Are
More informationU.S. Nuclear Regulatory Commission
U.S. Nuclear Regulatory Commission 2011 Data Center Consolidation Plan and Progress Report Version 2.0 September 30, 2011 Enclosure Contents 1 Introduction... 2 2 Agency Goals for Data Center Consolidation...
More informationIfred M. P~aglia Manager, Nuclear Licensing. March 14, 2013 NND-13-0157
Alfred M. Paglia, Jr. Manager Nuclear Licensing A SCANA COMPANY New Nuclear Deployment U.S. Nuclear Regulatory Commission ATTN: Document Control Desk Washington, DC 20555-0001 Subject: Virgil C. Summer
More informationNRC Enforcement Policy
January 28, 2013 Revised July 9, 2013 Interim Enforcement Policy (Section 9.2) U. S. Nuclear Regulatory Commission Office of Enforcement Washington, DC 20555-00 NRC ENFORCEMENT POLICY CONTENTS PREFACE...
More informationHIPAA Security Overview of the Regulations
HIPAA Security Overview of the Regulations Presenter: Anna Drachenberg Anna Drachenberg has been assisting healthcare providers and hospitals comply with HIPAA and other federal regulations since 2008.
More informationabstract NRC Headquarters United States Nuclear Regulatory Commission
abstract The Strategic Plan Fiscal Years 2008-2013 describes the U.S. Nuclear Regulatory Commission s mission and defines the strategic goals and outcomes the agency intends to pursue. NRC Headquarters
More informationIndependent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015
Independent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015 OIG-16-A-03 November 12, 2015 All publicly available OIG reports (including
More informationNRC REGULATORY ISSUE SUMMARY 2015-03, IDENTIFYING AND REPORTING SECURITY INCIDENTS UNDER 10 CFR PART 37
UNITED STATES NUCLEAR REGULATORY COMMISSION OFFICE OF NUCLEAR MATERIAL SAFETY AND SAFEGUARDS OFFICE OF NUCLEAR REACTOR REGULATION OFFICE OF NEW REACTORS WASHINGTON, D.C. 20555 February 24, 2015 NRC REGULATORY
More informationHow to Secure Your Environment
End Point Security How to Secure Your Environment Learning Objectives Define Endpoint Security Describe most common endpoints of data leakage Identify most common security gaps Preview solutions to bridge
More informationHow Secure is Your SCADA System?
How Secure is Your SCADA System? Charles Drobny GlobaLogix, Inc. Houston, TX, USA Our Industry is a Target 40% of cyber attacks on Critical Infrastructure targets are aimed at the Energy Industry The potential
More informationProtecting critical infrastructure from Cyber-attack
Protecting critical infrastructure from Cyber-attack ACI-NA BIT Workshop, Session 6 (Cybersecurity) Long Beach, California October 4, 2015 Ben Trethowan Aviation Systems & Security Architect The scale
More informationFACT SHEET Office of Public Affairs Phone: 301-415-8200 Email: opa.resource@nrc.gov
FACT SHEET Office of Public Affairs Phone: 301-415-8200 Email: opa.resource@nrc.gov NRC S Response to Medical Events at the Veterans Affairs Medical Center in Philadelphia, Pa. Overview The U.S. Nuclear
More informationDefense in Depth Architecture of Server Systems for the Improvement of Cyber Security
, pp. 261-266 http://dx.doi.org/10.14257/ijsia.2014.8.3.27 Defense in Depth Architecture of Server Systems for the Improvement of Cyber Security Hanseong Son 1 and Soongohn Kim 2* 1 Department of Game
More informationStandard CIP 004 3a Cyber Security Personnel and Training
A. Introduction 1. Title: Cyber Security Personnel & Training 2. Number: CIP-004-3a 3. Purpose: Standard CIP-004-3 requires that personnel having authorized cyber or authorized unescorted physical access
More informationDOE O 226.1A, IMPLEMENTATION OF DEPARTMENT OF ENERGY OVERSIGHT POLICY CONTRACTOR ASSURANCE SYSTEMS CRITERIA ATTACHMENT 1, APPENDIX A
DOE O 226.1A, IMPLEMENTATION OF DEPARTMENT OF ENERGY OVERSIGHT POLICY CONTRACTOR ASSURANCE SYSTEMS CRITERIA ATTACHMENT 1, APPENDIX A DEFINITIONS Assurance systems encompass all aspects of the processes
More informationInformation Security Program Management Standard
State of California California Information Security Office Information Security Program Management Standard SIMM 5305-A September 2013 REVISION HISTORY REVISION DATE OF RELEASE OWNER SUMMARY OF CHANGES
More informationTNRCC WATER QUALITY INVESTIGATOR TRAINING PROGRAM
TNRCC WATER QUALITY INVESTIGATOR TRAINING PROGRAM This document describes the policy and guidance for participation in the Water Quality Investigator Training Program in the Field Operations Division (FOD)
More informationCyber Security :: Insights & Recommendations for Secure Operations. N-Dimension Solutions, Inc.
Cyber Security :: Insights & Recommendations for Secure Operations N-Dimension Solutions, Inc. Cyber Security Protection for Critical Infrastructure Assets Agenda: Cyber Landscape Cyber Threats to Your
More informationNASA OFFICE OF INSPECTOR GENERAL
NASA OFFICE OF INSPECTOR GENERAL OFFICE OF AUDITS SUITE 8U71, 300 E ST SW WASHINGTON, D.C. 20546-0001 April 14, 2016 TO: SUBJECT: Renee P. Wynn Chief Information Officer Final Memorandum, Review of NASA
More informationU.S. Nuclear Regulatory Commission
ADAMS ML14268A299 U.S. Nuclear Regulatory Commission Privacy Impact Assessment Designed to collect the information necessary to make relevant determinations regarding the applicability of the Privacy Act,
More informationAURORA Vulnerability Background
AURORA Vulnerability Background Southern California Edison (SCE) September 2011-1- Outline What is AURORA? Your Responsibility as a Customer Sectors Impacted by AURORA Review of Regulatory Agencies History
More informationNuclear Regulatory Commission Computer Security Office Enterprise Security Architecture Working Group Charter
Nuclear Regulatory Commission Computer Security Office Enterprise Security Architecture Working Group Charter Title: CSO Enterprise Security Architecture Working Group Charter Revision Number: 1.0 Effective
More informationICBA Summary of FFIEC Cybersecurity Assessment Tool
ICBA Summary of FFIEC Cybersecurity Assessment Tool July 2015 Contact: Jeremy Dalpiaz Assistant Vice President Cyber Security and Data Security Policy Jeremy.Dalpiaz@icba.org www.icba.org ICBA Summary
More informationA CYBER SECURITY RISK ASSESSMENT FOR THE DESIGN OF I&C SYSTEMS IN NUCLEAR POWER PLANTS
http://dx.doi.org/10.5516/net.04.2011.065 A CYBER SECURITY RISK ASSESSMENT FOR THE DESIGN OF I&C SYSTEMS IN NUCLEAR POWER PLANTS JAE-GU SONG, JUNG-WOON LEE *, CHEOL-KWON LEE, KEE-CHOON KWON, and DONG-YOUNG
More informationEnterprise Security Solutions
Enterprise Security Solutions World-class technical solutions, professional services and training from experts you can trust ISOCORP is a Value-Added Reseller (VAR) and services provider for best in class
More informationThe Security Overview section describes the FDA Information Security program, consisting of several focus areas whose objectives are to keep FDA
The FDA Intranet Information Security Program Website is a resource where employees can find the most current information on IT security, the FDA awareness program, who to contact with questions and more.
More informationSCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP
SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP Today s Topics SCADA Overview SCADA System vs. IT Systems Risk Factors Threats Potential Vulnerabilities Specific Considerations
More informationNUCLEAR REGULATORY COMMISSION. 10 CFR Part 73 [NRC-2014-0036] RIN 3150-AJ37. Cyber Security Event Notifications
This document is scheduled to be published in the Federal Register on 11/02/2015 and available online at http://federalregister.gov/a/2015-27855, and on FDsys.gov [7590-01-P] NUCLEAR REGULATORY COMMISSION
More informationSecurity Practices for Online Collaboration and Social Media
Cisco IT Best Practice Collaboration Security Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 2013 Cisco and/or its affiliates. All rights reserved.
More informationBest Practices for DanPac Express Cyber Security
March 2015 - Page 1 Best Practices for This whitepaper describes best practices that will help you maintain a cyber-secure DanPac Express system. www.daniel.com March 2015 - Page 2 Table of Content 1 Introduction
More informationThe Network Alone Can t Protect Your Data
The Network Alone Can t Protect Your Data SESSION ID: STU-T07B Elliot Lewis Chief Security Architect Dell / Dell Software Group @elliotdlewis Chad Skipper Senior Principal Engineer Dell / End User Computing
More informationData Breach and Senior Living Communities May 29, 2015
Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs
More informationU. S. Attorney Office Northern District of Texas March 2013
U. S. Attorney Office Northern District of Texas March 2013 What Is Cybercrime? Hacking DDOS attacks Domain name hijacking Malware Other computer related offenses, i.e. computer and internet used to facilitate
More informationCisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media
January 2012 Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 All contents are Copyright 1992 2012 Cisco Systems, Inc. All rights reserved. This document
More informationGE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems
GE Measurement & Control Top 10 Cyber Vulnerabilities for Control Systems GE Proprietary Information: This document contains proprietary information of the General Electric Company and may not be used
More informationHow to Practice Safely in an era of Cybercrime and Privacy Fears
How to Practice Safely in an era of Cybercrime and Privacy Fears Christina Harbridge INFORMATION PROTECTION SPECIALIST Information Security The practice of defending information from unauthorised access,
More informationSecure Access into Industrial Automation and Control Systems Industry Best Practice and Trends. Serhii Konovalov Venkat Pothamsetty Cisco
Secure Access into Industrial Automation and Systems Industry Best Practice and Trends Serhii Konovalov Venkat Pothamsetty Cisco Vendor offers a remote firmware update and PLC programming. Contractor asks
More informationHow Much Do I Need To Do to Comply? Vice president SystemExperts Corporation
How Much Do I Need To Do to Comply? Richard E. Mackey, Jr. Vice president SystemExperts Corporation Agenda Background Requirements and you Risk language Risk Factors Assessing risk Program elements and
More informationINSPECTOR GENERAL S ASSESSMENT OF THE MOST SERIOUS MANAGEMENT AND PERFORMANCE CHALLENGES FACING THE NUCLEAR REGULATORY COMMISSION (OIG-16-A-01)
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 OFFICE OF THE INSPECTOR GENERAL October 1, 2015 MEMORANDUM TO: Chairman Burns FROM: SUBJECT: Hubert T. Bell /RA/ Inspector General
More informationSupplier Vigilance: A Critical Layer of Defense
Supplier Vigilance: A Critical Layer of Defense Lockheed Martin Information Security 1 Supply Chain Cyber Security Lockheed Martin October 23, 2013 Debbie Stuckey Waide Jones, CISSP 2 Synopsis Lockheed
More informationEvaluation Report. Weaknesses Identified During the FY 2013 Federal Information Security Management Act Review. April 30, 2014 Report Number 14-12
Evaluation Report Weaknesses Identified During the FY 2013 Federal Information Security Management Act Review April 30, 2014 Report Number 14-12 U.S. Small Business Administration Office of Inspector General
More informationOlkiluoto 3 Experience
Olkiluoto 3 Experience CNRA International Workshop on New Reactor Siting, Licensing and Construction Experience Hosted by the State Office for Nuclear Safety Prague, Czech Republic 15-17 September 2010
More informationTODAY S AGENDA. Trends/Victimology. Incident Response. Remediation. Disclosures
TODAY S AGENDA Trends/Victimology Incident Response Remediation Disclosures Trends/Victimology ADVERSARY CLASSIFICATIONS SOCIAL ENGINEERING DATA SOURCES COVERT INDICATORS - METADATA METADATA data providing
More informationDesigning a security policy to protect your automation solution
Designing a security policy to protect your automation solution September 2009 / White paper by Dan DesRuisseaux 1 Contents Executive Summary... p 3 Introduction... p 4 Security Guidelines... p 7 Conclusion...
More informationEndpoint Security More secure. Less complex. Less costs... More control.
Endpoint Security More secure. Less complex. Less costs... More control. Symantec Endpoint Security Today s complex threat landscape constantly shifts and changes to accomplish its ultimate goal to reap
More informationEvaluation Report. Office of Inspector General
Evaluation Report OIG-08-035 INFORMATION TECHNOLOGY: Network Security at the Office of the Comptroller of the Currency Needs Improvement June 03, 2008 Office of Inspector General Department of the Treasury
More informationFFIEC Cybersecurity Assessment Tool
Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,
More informationEnabling a Smarter and Safer Nuclear Industry with a Secure, Real-time Data Infrastructure
Fukushima Forum February 18 th, 2014 Tokyo, Japan Enabling a Smarter and Safer Nuclear Industry with a Secure, Real-time Data Infrastructure Presented by Chris Crosby Global Nuclear Industry Principal
More informationElectronic Signatures. Ashley Cockerham Medical Radiation Safety Team
Electronic Signatures Ashley Cockerham Medical Radiation Safety Team Summary of Issue More and more documents are developed and stored electronically NRC permits the use of electronic media to produce
More informationVolume 03 - Information Management. Part 1 - Publications, Mail, and Information Disclosure (3.01-3.25)
NRC MD Assistance: Catalog Page I of 8 NRC Management Directives Web Assistance for MD Preparation, Editing, and Review I HomeI Catalog of Directives Catalog Volume 01 - Management Directives Volume 02
More informationPrivacy Governance and Compliance Framework Accountability
Privacy Governance and Framework Accountability Agenda Global Data Protection and Privacy (DPP) Organization Structure Privacy The 3 Lines of Defense (LOD) Model: Overview Privacy The 3 Lines of Defense
More informationFederal Bureau of Investigation s Integrity and Compliance Program
Evaluation and Inspection Division Federal Bureau of Investigation s Integrity and Compliance Program November 2011 I-2012-001 EXECUTIVE DIGEST In June 2007, the Federal Bureau of Investigation (FBI) established
More informationIMPLEMENTING THE REGULATORY AUTHORITY INFORMATION SYSTEM (RAIS)
IRPA 12 IMPLEMENTING THE REGULATORY AUTHORITY INFORMATION SYSTEM (RAIS) Buenos Aires, Argentina, 19-24 October, 2008 K. Mrabit Head, Safety and Security Coordination Section Department of Nuclear Safety
More information/All APPLICANTS SHOULD NOTE THAT THE TOUR LENGTH OF A RESIDENT INSPECTOR AT A SINGLE SITE IS LIMITED TO SEVEN (7) YEARS BY COMMISSION POLICY.
Senior Resident Inspector QUALIFICATIONS REQUIRED: Candidates must have at least one year of experience at the next lower grade level or equivalent by the closing date or no later than 30 calendar days
More information