NRC Cyber Security Regulatory
Size: px
Start display at page:

Download "NRC Cyber Security Regulatory"

Transcription

1 Ask SME and Learn NRC Cyber Security Regulatory Program Development Mario R. Fernandez Jr., Security Specialist (Cyber) Cyber Security Directorate Office of Nuclear Security & Incident Response 1

2 Agenda Background What is Cyber Security? (General public s perspective) NRC Cyber Security Program Development Fi t NRC O d i d t dd th t b th t First NRC Orders issued to address the emergent cyber threat Early NRC Guidance issued to conduct a cyber security self- assessment at nuclear power plants (NPPs) Industry s initiative to implement an interim Cyber Security Program for NPPs Current NRC Regulations which require implementation of a comprehensive cyber security program Questions

3 Background What is Cyber Security? (General public s perspective) Protection of data & systems in networks which may or may not tb be connected dt to the Internet t Measures taken to protect a computer system against unauthorized access or attack The protection of information against unauthorized disclosure, transfer, modification, or destruction, whether accidental or intentional The branch of security responsible for the protection of computer systems and networks. 3

4 NRC Cyber Security Program Development NRC Order EA , Interim Safeguards and Security Compensatory Measures for Nuclear Power Plants, Feb 2002 EA , 086 Design Basis Threat for Radiological Sabotage, in Apr 2003

5 NEI 03-12, 03 12, Security, Security, Training & Qualification, & Safeguards Contingency Plan Template, (2004) NRC Cyber Security Program Development

6 NRC Cyber Security Program Development NUREG/CR-6847 Cyber Security Self-Assessment Method for U.S. Nuclear Power Plants, (Nov 2004) superseded NEI 04-04, Cyber Security Program for Power Reactors, (Nov 2005) (At this time the NRC had not yet proposed comprehensive cyber security regulations) superseded NRC performs site reviews to evaluate implementation of NEI ( ) 10 CFR 73.1 Cyber Attack is included Design Basis Threat (DBT) Rule (2007) 10 CFR Protection ti of Digital it Computer and Communication Systems and Networks (Mar 2009)

7 NRC Cyber Security Program Development 10 CFR Protection of Digital Computer and Communication Systems and Networks (Mar 2009) Protection (high assurance) of digital computer & communication systems associated with: I. Safety-related and important-to-safety functions; II. Security functions; III. Emergency preparedness functions, including offsite communications; AND IV. Support systems and equipment which, if compromised, would adversely impact safety, security, or emergency preparedness (SSEP) functions. 7

8 NRC Cyber Security Program Development Cyber Security Regulatory Perspective Cyber Security Those measures and controls, implemented to comply with 10 CFR 73.54, to protect digital systems against the malicious acts of an intelligent adversary up to and including the design basis threat (cyber attack), as defined by 10 CFR 73.1 Cyber Threat An individual, entity, or action that by cyber-means has or indicates the potential to harm life, information, operations, the environment and/or property 8

9 NRC Cyber Security Regulatory Perspective Cyber Security: General Public s Perspective Those measures and controls, implemented to comply with 10 CFR 73.54, to protect digital systems against the malicious acts of an intelligent adversary up to and including the design basis threat, as defined by 10 CFR 73.1 Protection of data & systems in networks which may or may not be connected to the Internet Measures taken to protect a computer system against unauthorized access or attack Cyber Threat An individual, entity, or action that by cyber-means has or indicates the potential to harm life, information, operations, the The protection of information against unauthorized disclosure, transfer, modification, or destruction, whether accidental or intentional ti The branch of security responsible environment and/or property for the protection of computer systems and networks. 9

10 Summary Terrorist Attacks NRC Issues DBT Order Cyber Attack NEI Target Set Development Includes Cyber 9/11 Cyber Attack Cyber NRC Visits NEI NEI Interim Cyber Sec Program 10 CFR NRC Issues Order Cyber Threat NUREG/CR6847 Cyber Security Self-Assessment Cyber Attack 10 CFR

11 Questions 11

Similar documents

A Regulatory Approach to Cyber Security

A Regulatory Approach to Cyber Security A Regulatory Approach to Cyber Security Perry Pederson Security Specialist (Cyber) Office of Nuclear Security and Incident Response U.S. Nuclear Regulatory Commission 1 Agenda Overview Regulatory Framework

More information

NRC Cyber Security Policy &

NRC Cyber Security Policy & Ask SME and Learn NRC Cyber Security Policy & Guidance Development Mario R. Fernandez Jr., Security Specialist (Cyber) Cyber Security Directorate Office of Nuclear Security & Incident Response 1 Agenda

More information

Cyber Security for Nuclear Power Plants Matthew Bowman Director of Operations, ATC Nuclear IEEE NPEC Meeting July 2012

Cyber Security for Nuclear Power Plants Matthew Bowman Director of Operations, ATC Nuclear IEEE NPEC Meeting July 2012 Cyber Security for Nuclear Power Plants Matthew Bowman Director of Operations, ATC Nuclear IEEE NPEC Meeting July 2012 ATC Nuclear ATC-N serves the commercial nuclear utilities in the US and many foreign

More information

U.S. NUCLEAR REGULATORY COMMISSION January 2010 REGULATORY GUIDE OFFICE OF NUCLEAR REGULATORY RESEARCH. REGULATORY GUIDE 5.71 (New Regulatory Guide)

U.S. NUCLEAR REGULATORY COMMISSION January 2010 REGULATORY GUIDE OFFICE OF NUCLEAR REGULATORY RESEARCH. REGULATORY GUIDE 5.71 (New Regulatory Guide) U.S. NUCLEAR REGULATORY COMMISSION January 2010 REGULATORY GUIDE OFFICE OF NUCLEAR REGULATORY RESEARCH REGULATORY GUIDE 5.71 (New Regulatory Guide) CYBER SECURITY PROGRAMS FOR NUCLEAR FACILITIES A INTRODUCTION

More information

Options for Cyber Security. Reactors. April 9, 2015

Options for Cyber Security. Reactors. April 9, 2015 Options for Cyber Security Design Requirements for Power Reactors April 9, 2015 Scope Discuss options for including cyber security design requirements for power reactors into NRC regulations Scope does

More information

Cyber Security Evaluation of the Wireless Communication for the Mobile Safeguard Systems in uclear Power Plants

Cyber Security Evaluation of the Wireless Communication for the Mobile Safeguard Systems in uclear Power Plants Cyber Security Evaluation of the Wireless Communication for the Mobile Safeguard Systems in uclear Power Plants Sooill Lee a*, Yong Sik Kim a, Song Hae Ye a a Central Research Institute, Korea Hydro and

More information

Cynthia Broadwell, Progress Energy. William Gross, Nuclear Energy Institute

Cynthia Broadwell, Progress Energy. William Gross, Nuclear Energy Institute Cyber Security Plan Overview Cynthia Broadwell, Progress Energy Nolan Heinrich, TVA William Gross, Nuclear Energy Institute Introduction Cynthia Broadwell Progress Energy Progress Energy Fleet Cyber Security

More information

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001. March 3, 2011

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001. March 3, 2011 UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 March 3, 2011 Mr. Timothy S. Rausch Senior Vice President and Chief Nuclear Officer PPL Susquehanna, LLC 769 Salem Boulevard Berwick,

More information

NUCLEAR REGULATORY COMMISSION. 10 CFR Part 73 [NRC-2014-0036] RIN 3150-AJ37. Cyber Security Event Notifications

NUCLEAR REGULATORY COMMISSION. 10 CFR Part 73 [NRC-2014-0036] RIN 3150-AJ37. Cyber Security Event Notifications This document is scheduled to be published in the Federal Register on 11/02/2015 and available online at http://federalregister.gov/a/2015-27855, and on FDsys.gov [7590-01-P] NUCLEAR REGULATORY COMMISSION

More information

Spreading the Word on Nuclear Cyber Security

Spreading the Word on Nuclear Cyber Security Spreading the Word on Nuclear Cyber Security Clifford Glantz, Guy Landine, Philip Craig, and Robert Bass Pacific Northwest National Laboratory (PNNL) PO Box 999; 902 Battelle Blvd Richland, WA 99352 USA

More information

POLICY ISSUE INFORMATION

POLICY ISSUE INFORMATION POLICY ISSUE INFORMATION November 19, 2010 SECY-10-0153 FOR: FROM: SUBJECT: The Commissioners R. W. Borchardt Executive Director for Operations CYBER SECURITY IMPLEMENTATION OF THE COMMISSION S DETERMINATION

More information

The U.S. Nuclear Regulatory Commission s Cyber Security Regulatory Framework for Nuclear Power Reactors

The U.S. Nuclear Regulatory Commission s Cyber Security Regulatory Framework for Nuclear Power Reactors NUREG/CR-7141 The U.S. Nuclear Regulatory Commission s Cyber Security Regulatory Framework for Nuclear Power Reactors Office of Nuclear Security and Incident Response AVAILABILITY OF REFERENCE MATERIALS

More information

2/22/2010. Cyber Security Industry Experiences. Regulatory Documents. Licensing History. NRC RIC Jack Roe NEI

2/22/2010. Cyber Security Industry Experiences. Regulatory Documents. Licensing History. NRC RIC Jack Roe NEI Cyber Security Industry Experiences NRC RIC Jack Roe NEI Regulatory Documents Interim Compensatory Measures (2002) NUREG/CR-6847 (2003) Design Basis Threat Order (2003) NEI 03-12 Section 18 (2004) NEI

More information

CHALLENGES OF CYBER SECURITY FOR NUCLEAR POWER PLANTS. Kwangjo Kim

CHALLENGES OF CYBER SECURITY FOR NUCLEAR POWER PLANTS. Kwangjo Kim PBNC 2012 CHALLENGES OF CYBER SECURITY FOR NUCLEAR POWER PLANTS Kwangjo Kim KAIST, Daejeon, Korea Khalifa University of Science, Technology and Research, Abu Dhabi, UAE kkj@kaist.ac.kr, kwangjo.kim@kustar.ac.ae

More information

Cyber Security R&D (NE-1) and (NEET-4)

Cyber Security R&D (NE-1) and (NEET-4) Cyber Security R&D (NE-1) and (NEET-4) Trevor Cook Office of Science and Technology Innovation Office of Nuclear Energy U.S. Department of Energy Cyber Security for Nuclear Systems (the threat is real)

More information

ABA Section of Public Utility, Communications & Transportation Law Safety and Security in Transport

ABA Section of Public Utility, Communications & Transportation Law Safety and Security in Transport ABA Section of Public Utility, Communications & Transportation Law Safety and Security in Transport Commercial Nuclear Power Plants Stan Blanton Nuclear Power Subcommittee The Regulatory Landscape NRC

More information

Integrating Cyber Security into Nuclear Power Plant Safety Systems Design

Integrating Cyber Security into Nuclear Power Plant Safety Systems Design Integrating Cyber Security into Nuclear Power Plant Safety Systems Design Deanna Zhang U.S. Nuclear Regulatory Commission Document Date: 05/21/2010 Objectives To provide methods for utilizing safety features,

More information

Ask SME and Learn. NRC Cyber Security Oversight. Cyber Security Directorate

Ask SME and Learn. NRC Cyber Security Oversight. Cyber Security Directorate Ask SME and Learn NRC Cyber Security Oversight Program Mario R. Fernandez Jr., Security Specialist (Cyber) Cyber Security Directorate Office of Nuclear Security & Incident Response 1 Agenda Cyber Security

More information

NEI 08-09 [Rev. 6] Cyber Security Plan for Nuclear Power Reactors

NEI 08-09 [Rev. 6] Cyber Security Plan for Nuclear Power Reactors NEI 08-09 [Rev. 6] Cyber Security Plan for Nuclear Power Reactors [THIS PAGE IS LEFT BLANK INTENTIONALLY] NEI 08-09 [Rev. 6] Nuclear Energy Institute Cyber Security Plan for Nuclear Power Reactors Nuclear

More information

A Cost-Efficient Approach to High Cyber Security Assurance in Nuclear Power Plants

A Cost-Efficient Approach to High Cyber Security Assurance in Nuclear Power Plants A Cost-Efficient Approach to High Cyber Security Assurance in Nuclear Power Plants The RIPE Framework as an Alternative to Regulatory Guide 5.71 and NEI 08-09 Perry Pederson April 2014 The Langner Group

More information

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001. November 13, 2012

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001. November 13, 2012 UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 November 13, 2012 Vice President, Operations Entergy Nuclear Operations, Inc. Vermont Yankee Nuclear Power Station P.O. Box 250 Governor

More information

Backgrounder Office of Public Affairs Telephone: 301/415-8200 E-mail: opa@nrc.gov

Backgrounder Office of Public Affairs Telephone: 301/415-8200 E-mail: opa@nrc.gov Backgrounder Office of Public Affairs Telephone: 301/415-8200 E-mail: opa@nrc.gov Nuclear Security Background While security of the nuclear facilities and materials the NRC regulates has always been a

More information

2374-19. Joint ICTP-IAEA School of Nuclear Energy Management. 5-23 November 2012. Nuclear Security Fundamentals Module 9 topic 2

2374-19. Joint ICTP-IAEA School of Nuclear Energy Management. 5-23 November 2012. Nuclear Security Fundamentals Module 9 topic 2 2374-19 Joint ICTP-IAEA School of Nuclear Energy Management 5-23 November 2012 Nuclear Security Fundamentals Module 9 topic 2 EVANS Rhonda, IAEA Department of Nuclear Safety and Security Office of Nuclear

More information

Cyber Security Considerations in the Development of I&C Systems for Nuclear Power Plants

Cyber Security Considerations in the Development of I&C Systems for Nuclear Power Plants Cyber Security Considerations in the Development of I&C Systems for Nuclear Power Plants Jung-Woon Lee, Cheol-Kwon Lee, Jae-Gu Song, and Dong-Young Lee I&C and HF Research Division, Korea Atomic Energy

More information

WHITE PAPER PROPOSED CONSEQUENCE-BASED PHYSICAL SECURITY FRAMEWORK FOR SMALL MODULAR REACTORS AND OTHER NEW TECHNOLOGIES

WHITE PAPER PROPOSED CONSEQUENCE-BASED PHYSICAL SECURITY FRAMEWORK FOR SMALL MODULAR REACTORS AND OTHER NEW TECHNOLOGIES WHITE PAPER PROPOSED CONSEQUENCE-BASED PHYSICAL SECURITY FRAMEWORK FOR SMALL MODULAR REACTORS AND OTHER NEW TECHNOLOGIES November 2015 ACKNOWLEDGMENT This NEI White Paper was developed by the NEI Small

More information

Subject: Critical Infrastructure Identification, Prioritization, and Protection

Subject: Critical Infrastructure Identification, Prioritization, and Protection For Immediate Release Office of the Press Secretary The White House December 17, 2003 Homeland Security Presidential Directive / HSPD-7 Subject: Critical Infrastructure Identification, Prioritization,

More information

December 17, 2003 Homeland Security Presidential Directive/Hspd-7

December 17, 2003 Homeland Security Presidential Directive/Hspd-7 For Immediate Release Office of the Press Secretary December 17, 2003 December 17, 2003 Homeland Security Presidential Directive/Hspd-7 Subject: Critical Infrastructure Identification, Prioritization,

More information

Executive Director for Operations AUDIT OF NRC S CYBER SECURITY INSPECTION PROGRAM FOR NUCLEAR POWER PLANTS (OIG-14-A-15)

Executive Director for Operations AUDIT OF NRC S CYBER SECURITY INSPECTION PROGRAM FOR NUCLEAR POWER PLANTS (OIG-14-A-15) UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 OFFICE OF THE INSPECTOR GENERAL May 7, 2014 MEMORANDUM TO: Mark A. Satorius Executive Director for Operations FROM: Stephen D. Dingbaum

More information

PUBLIC MEETING. details&code APPLICATIONS FOR NUCLEAR POWER PLANTS Regulatory Guide 1.206 [Revision]

PUBLIC MEETING. details&code APPLICATIONS FOR NUCLEAR POWER PLANTS Regulatory Guide 1.206 [Revision] PUBLIC MEETING http://meetings.nrc.gov/pmns/mtg?do=details&code=20150270 details&code APPLICATIONS FOR NUCLEAR POWER PLANTS Regulatory Guide 1.206 [Revision] Division of Advanced Reactors and Rulemaking

More information

AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS

AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS http://dx.doi.org/10.5516/net.04.2012.091 AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS JAE-GU SONG *, JUNG-WOON LEE, GEE-YONG PARK, KEE-CHOON KWON,

More information

Security at San Onofre

Security at San Onofre Security at San Onofre April 16, 2015 Ross Quam Security Manager Overview 1. Mission 2. Adversary Characteristics 3. Plans and Procedures 4. Insider Mitigation 5. Local Law Enforcement Agency Support 2

More information

Security Requirements for Spent Fuel Storage Systems 9264

Security Requirements for Spent Fuel Storage Systems 9264 Security Requirements for Spent Fuel Storage Systems 9264 P. G. Brochman, S. R. Helton, E. A. Thompson US Nuclear Regulatory Commission 11555 Rockville Pike, M/S: T4-F25M, Rockville, MD 20852-2738 ABSTRACT

More information

Legislative Language

Legislative Language Legislative Language SEC. 1. COORDINATION OF FEDERAL INFORMATION SECURITY POLICY. (a) IN GENERAL. Chapter 35 of title 44, United States Code, is amended by striking subchapters II and III and inserting

More information

DHS Chemical Security Program: Cyber Security Requirements

DHS Chemical Security Program: Cyber Security Requirements DHS Chemical Security Program: Cyber Security Requirements Steven Burns Energy Bar Association Electricity Regulation & Compliance Committee System Reliability, Planning & Compliance Committee October

More information

NRC REGULATORY ISSUE SUMMARY 2015-03, IDENTIFYING AND REPORTING SECURITY INCIDENTS UNDER 10 CFR PART 37

NRC REGULATORY ISSUE SUMMARY 2015-03, IDENTIFYING AND REPORTING SECURITY INCIDENTS UNDER 10 CFR PART 37 UNITED STATES NUCLEAR REGULATORY COMMISSION OFFICE OF NUCLEAR MATERIAL SAFETY AND SAFEGUARDS OFFICE OF NUCLEAR REACTOR REGULATION OFFICE OF NEW REACTORS WASHINGTON, D.C. 20555 February 24, 2015 NRC REGULATORY

More information

A CYBER SECURITY RISK ASSESSMENT FOR THE DESIGN OF I&C SYSTEMS IN NUCLEAR POWER PLANTS

A CYBER SECURITY RISK ASSESSMENT FOR THE DESIGN OF I&C SYSTEMS IN NUCLEAR POWER PLANTS http://dx.doi.org/10.5516/net.04.2011.065 A CYBER SECURITY RISK ASSESSMENT FOR THE DESIGN OF I&C SYSTEMS IN NUCLEAR POWER PLANTS JAE-GU SONG, JUNG-WOON LEE *, CHEOL-KWON LEE, KEE-CHOON KWON, and DONG-YOUNG

More information

THE STATUS OF CYBER SECURITY IN NUCLEAR ENERGY

THE STATUS OF CYBER SECURITY IN NUCLEAR ENERGY THE STATUS OF CYBER SECURITY IN NUCLEAR ENERGY ANS Connecticut Local Section Home of Nautilus, Millstone, EB, Westinghouse (CE), Zachry Ted Quinn, ANS Past President President, Technology Resources, tedquinn@cox.net

More information

SaaS. Business Associate Agreement

SaaS. Business Associate Agreement SaaS Business Associate Agreement This Business Associate Agreement ( BA Agreement ) becomes effective pursuant to the terms of Section 5 of the End User Service Agreement ( EUSA ) between Customer ( Covered

More information

Nuclear Security Glossary

Nuclear Security Glossary IAEA NUCLEAR SECURITY SERIES NO. Nuclear Security Glossary Revision 3E Draft 17 March 2010 Page 1 of 16 FOREWORD [TO BE PROVIDED BY THE SECRETARIAT AT A LATER TIME] Page 2 of 16 Introduction The Nuclear

More information

787 Wye Road, Akron, Ohio 44333 P 330-666-6200 F 330-666-7801 www.keystonecorp.com

787 Wye Road, Akron, Ohio 44333 P 330-666-6200 F 330-666-7801 www.keystonecorp.com Introduction Keystone White Paper: Regulations affecting IT This document describes specific sections of current U.S. regulations applicable to IT governance and data protection and maps those requirements

More information

Ed McMurray, CISA, CISSP, CTGA CoNetrix

Ed McMurray, CISA, CISSP, CTGA CoNetrix Ed McMurray, CISA, CISSP, CTGA CoNetrix AGENDA Introduction Cybersecurity Recent News Regulatory Statements NIST Cybersecurity Framework FFIEC Cybersecurity Assessment Questions Information Security Stats

More information

Emergency Preparedness at Nuclear Power Plants

Emergency Preparedness at Nuclear Power Plants A White Paper Addressing Compliance with NRC Proposed Rule making Emergency Preparedness at Nuclear Power Plants Ensuring Readiness and Compliance with New NRC Regulation of Emergency Preparedness Programs

More information

FINAL SUPPORTING STATEMENT FOR 10 CFR PART 37 PHYSICAL PROTECTION OF CATEGORY 1 AND CATEGORY 2 QUANTITIES OF RADIOACTIVE MATERIAL

FINAL SUPPORTING STATEMENT FOR 10 CFR PART 37 PHYSICAL PROTECTION OF CATEGORY 1 AND CATEGORY 2 QUANTITIES OF RADIOACTIVE MATERIAL FINAL SUPPORTING STATEMENT FOR 10 CFR PART 37 PHYSICAL PROTECTION OF CATEGORY 1 AND CATEGORY 2 QUANTITIES OF RADIOACTIVE MATERIAL Description of the Information Collection (OMB CLEARANCE NO. 3150-0214)

More information

The Anatomy of an Effective Cyber Security Solution: Regulatory Guidelines and the Technology Required for Compliance

The Anatomy of an Effective Cyber Security Solution: Regulatory Guidelines and the Technology Required for Compliance The Anatomy of an Effective Cyber Security Solution: Regulatory Guidelines and the Technology Required for Compliance A Bentley White Paper Hilmar Retief, Product Manager AssetWise July 2011 www.bentley.com

More information

Cybersecurity for Meaningful Use. 2013 FRHA Annual Summit "Setting the Health Care Table: Politics, Economics, Health" November 20-22, 2013

Cybersecurity for Meaningful Use. 2013 FRHA Annual Summit Setting the Health Care Table: Politics, Economics, Health November 20-22, 2013 Cybersecurity for Meaningful Use 2013 FRHA Annual Summit "Setting the Health Care Table: Politics, Economics, Health" November 20-22, 2013 Healthcare Sector Vulnerable to Hackers By Robert O Harrow Jr.,

More information

Guidelines 1 on Information Technology Security

Guidelines 1 on Information Technology Security Guidelines 1 on Information Technology Security Introduction The State Bank of Pakistan recognizes that financial industry is built around the sanctity of the financial transactions. Owing to the critical

More information

U.S. NUCLEAR REGULATORY COMMISSION STANDARD REVIEW PLAN. Organization responsible for the review of physical security

U.S. NUCLEAR REGULATORY COMMISSION STANDARD REVIEW PLAN. Organization responsible for the review of physical security NUREG-0800 U.S. NUCLEAR REGULATORY COMMISSION STANDARD REVIEW PLAN 13.6.2 PHYSICAL SECURITY DESIGN CERTIFICATION REVIEW RESPONSIBILITIES Primary - Organization responsible for the review of physical security

More information

NORTH CAROLINA EASTERN MUNICIPAL POWER AGENCY SHEARON HARRIS NUCLEAR POWER PLANT, UNIT 1. Renewed License No. NPF-63

NORTH CAROLINA EASTERN MUNICIPAL POWER AGENCY SHEARON HARRIS NUCLEAR POWER PLANT, UNIT 1. Renewed License No. NPF-63 CAROLINA POWER & LIGHT COMPANY NORTH CAROLINA EASTERN MUNICIPAL POWER AGENCY DOCKET NO. 50-400 SHEARON HARRIS NUCLEAR POWER PLANT, UNIT 1 RENEWED FACILITY OPERATING LICENSE 1. The Nuclear Regulatory Commission

More information

FEDERAL INFORMATION SECURITY. Mixed Progress in Implementing Program Components; Improved Metrics Needed to Measure Effectiveness

FEDERAL INFORMATION SECURITY. Mixed Progress in Implementing Program Components; Improved Metrics Needed to Measure Effectiveness United States Government Accountability Office Report to Congressional Committees September 2013 FEDERAL INFORMATION SECURITY Mixed Progress in Implementing Program Components; Improved Metrics Needed

More information

VA Data Breach Follow-Up. Adair Martinez, Deputy Assistant Secretary for Information Protection and Risk Management Department of Veterans Affairs

VA Data Breach Follow-Up. Adair Martinez, Deputy Assistant Secretary for Information Protection and Risk Management Department of Veterans Affairs VA Data Breach Follow-Up Adair Martinez, Deputy Assistant Secretary for Information Protection and Risk Management Department of Veterans Affairs Incidents In The News - VA Is Not Alone Data HMO Report:

More information

UNITED STATES NUCLEAR REGULATORY COMMISSION ADVISORY COMMITTEE ON REACTOR SAFEGUARDS WASHINGTON, DC 20555-0001. July 17, 2012

UNITED STATES NUCLEAR REGULATORY COMMISSION ADVISORY COMMITTEE ON REACTOR SAFEGUARDS WASHINGTON, DC 20555-0001. July 17, 2012 UNITED STATES NUCLEAR REGULATORY COMMISSION ADVISORY COMMITTEE ON REACTOR SAFEGUARDS WASHINGTON, DC 20555-0001 July 17, 2012 Mr. R. W. Borchardt Executive Director for Operations U.S. Nuclear Regulatory

More information

Guidance on Risk Analysis Requirements under the HIPAA Security Rule

Guidance on Risk Analysis Requirements under the HIPAA Security Rule Guidance on Risk Analysis Requirements under the HIPAA Security Rule Introduction The Office for Civil Rights (OCR) is responsible for issuing annual guidance on the provisions in the HIPAA Security Rule.

More information

APPENDIX B SUPPLEMENTAL INSPECTION PROGRAM A. OBJECTIVES AND PHILOSOPHY OF THE SUPPLEMENTAL INSPECTION PROGRAM

APPENDIX B SUPPLEMENTAL INSPECTION PROGRAM A. OBJECTIVES AND PHILOSOPHY OF THE SUPPLEMENTAL INSPECTION PROGRAM APPENDIX B SUPPLEMENTAL INSPECTION PROGRAM A. OBJECTIVES AND PHILOSOPHY OF THE SUPPLEMENTAL INSPECTION PROGRAM The supplemental inspection program is designed to support the NRC s goals of maintaining

More information

IAEA 2015 INTERNATIONAL CONFERENCE ON COMPUTER SECURITY IN A NUCLEAR WORLD

IAEA 2015 INTERNATIONAL CONFERENCE ON COMPUTER SECURITY IN A NUCLEAR WORLD IAEA 2015 INTERNATIONAL CONFERENCE ON COMPUTER SECURITY IN A NUCLEAR WORLD A NEW IEC STANDARD FOR CYBERSECURITY FOR NUCLEAR POWER PLANTS: IEC 62645 - REQUIREMENTS FOR SECURITY PROGRAMS FOR COMPUTER-BASED

More information

Analysis One Code Desc. Transaction Amount. Fiscal Period

Analysis One Code Desc. Transaction Amount. Fiscal Period Analysis One Code Desc Transaction Amount Fiscal Period 57.63 Oct-12 12.13 Oct-12-38.90 Oct-12-773.00 Oct-12-800.00 Oct-12-187.00 Oct-12-82.00 Oct-12-82.00 Oct-12-110.00 Oct-12-1115.25 Oct-12-71.00 Oct-12-41.00

More information

DIRECTIVE TRANSMITTAL

DIRECTIVE TRANSMITTAL U.S. NUCLEAR REGULATORY COMMISSION DIRECTIVE TRANSMITTAL TN: DT-03-11 (REDACTED VERSION) To: NRC Management Directives Custodians Subject: Transmittal of Management Directive 12.5, NRC Automated Information

More information

Information Security Insights From and For Canadian Small to Medium Sized Enterprises

Information Security Insights From and For Canadian Small to Medium Sized Enterprises Information Security Insights From and For Canadian Small to Medium Sized Enterprises Paying Attention to Information Security CPA Canada recently completed an online study conducted by Nielsen called

More information

NATIONAL CYBERSECURITY PROTECTION ACT OF 2014

NATIONAL CYBERSECURITY PROTECTION ACT OF 2014 PUBLIC LAW 113 282 DEC. 18, 2014 NATIONAL CYBERSECURITY PROTECTION ACT OF 2014 VerDate Mar 15 2010 21:01 Feb 12, 2015 Jkt 049139 PO 00282 Frm 00001 Fmt 6579 Sfmt 6579 E:\PUBLAW\PUBL282.113 PUBL282 128

More information

Delegations will find attached the final report of the AHGNS as agreed on 24 May.

Delegations will find attached the final report of the AHGNS as agreed on 24 May. COU CIL OF THE EUROPEA U IO Brussels, 31 May 2012 10616/12 AHG S 20 ATO 84 OTE from : to : Subject General Secretariat of the Council Delegations Ad Hoc Group on Nuclear Security - final report Delegations

More information

Proposal to Consolidate Post-Fukushima Rulemaking Activities

Proposal to Consolidate Post-Fukushima Rulemaking Activities Proposal to Consolidate Post-Fukushima Rulemaking Activities On January 28, 2014, the U.S. Nuclear Regulatory Commission s (NRC s) Fukushima Steering Committee endorsed an NRC staff proposal for integrating

More information

The Objectives of this Rulemaking

The Objectives of this Rulemaking Draft Technical Basis for a Rulemaking to Revise the Security Requirements for Facilities Storing Spent Nuclear Fuel and High-Level Radioactive Waste, Revision 1 [NRC-2009-0558] A The Objectives of this

More information

Cyber Security and Other Realities of Our Digital World Andy Dickson IT Director Nuclear Fleet Operations

Cyber Security and Other Realities of Our Digital World Andy Dickson IT Director Nuclear Fleet Operations Cyber Security and Other Realities of Our Digital World Andy Dickson IT Director Nuclear Fleet Operations What Changes Are We Facing? Cyber Security Regulation and Threats Changing IT Landscape and Expectations

More information

Nuclear Security Plan 2014 2017

Nuclear Security Plan 2014 2017 Atoms for Peace Board of Governors General Conference GOV/2013/42-GC(57)/19 Date: 2 August 2013 For official use only Item 4(b) of the Board s provisional agenda (GOV/2013/37) Item 16 of the Conference's

More information

Security for Independent Spent Fuel Storage Installations (ISFSI)

Security for Independent Spent Fuel Storage Installations (ISFSI) CRYPTOME 30 March 2011 Security for Independent Spent Fuel Storage Installations (ISFSI) http://adamswebsearch2.nrc.gov/idmws/viewdocbyaccession.asp?accessionnumber =ML080030050 (Nuclear Regulation Commission

More information

Regulatory Guide 1.168 Verification, Validation, Reviews, And Audits For Digital Computer Software Used in Safety Systems of Nuclear Power Plants

Regulatory Guide 1.168 Verification, Validation, Reviews, And Audits For Digital Computer Software Used in Safety Systems of Nuclear Power Plants Regulatory Guide 1.168 Page 1 of 10 September 1997 Regulatory Guide 1.168 Verification, Validation, Reviews, And Audits For Digital Computer Software Used in Safety Systems of Nuclear Power Plants Publication

More information

Nuclear Security and Incident Response

Nuclear Security and Incident Response Hitachi Review Vol. 62 (2013), No. 3 168 Nuclear Security and Incident Response Kazuhiko Tanimura Hisayuki Ito Hiroyuki Kimura OVERVIEW: Since the Great East Japan Earthquake, there has been a requirement

More information

COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER THE DEPARTMENT OF DEFENSE [DOD-2009-OS-0183/RIN 0790-AI60]

COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER THE DEPARTMENT OF DEFENSE [DOD-2009-OS-0183/RIN 0790-AI60] COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER to THE DEPARTMENT OF DEFENSE Defense Industrial Base (DIB) Voluntary Cyber Security and Information Assurance (CS/IA) Activities By notice published

More information

The Problems With SEC s Cybersecurity Approach

The Problems With SEC s Cybersecurity Approach Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com The Problems With SEC s Cybersecurity Approach Law360,

More information

White Paper on Financial Institution Vendor Management

White Paper on Financial Institution Vendor Management White Paper on Financial Institution Vendor Management Virtually every organization in the modern economy relies to some extent on third-party vendors that facilitate business operations in a wide variety

More information

Insurance for Data Breaches in the Hospitality Industry

Insurance for Data Breaches in the Hospitality Industry The Academy of Hospitality Industry Attorneys The Pl Palmer House Hilton Chicago, IL April 25, 2014 Insurance for Data Breaches in the Hospitality Industry Presenters: David P. Bender, Jr. dbender@andersonkill.com

More information

Enterprise Security Governance. Robert Coles Chief Information Security Officer and Global Head of Digital Risk & Security

Enterprise Security Governance. Robert Coles Chief Information Security Officer and Global Head of Digital Risk & Security Enterprise Security Governance Robert Coles Chief Information Security Officer and Global Head of Digital Risk & Security Governance and Organisational Model Risk Mgmt & Reporting Digital Risk & Security

More information

005ASubmission to the Serious Data Breach Notification Consultation

005ASubmission to the Serious Data Breach Notification Consultation 005ASubmission to the Serious Data Breach Notification Consultation (Consultation closes 4 March 2016 please send electronic submissions to privacy.consultation@ag.gov.au) Your details Name/organisation

More information

To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes.

To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes. BAG15121 Discussion Draft S.L.C. 114TH CONGRESS 1ST SESSION S. XXXX To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes.

More information

Privacy and Data Security Update for Defense Contractors

Privacy and Data Security Update for Defense Contractors Privacy and Data Security Update for Defense Contractors T.J. Crane May 19, 2017 Overview DoD interim rule Expanded DFAR reporting obligations New DFAR definitions Cloud services Changes to local breach

More information

MD 12.5 NRC CYBER SECURITY PROGRAM DT-13-15

MD 12.5 NRC CYBER SECURITY PROGRAM DT-13-15 U.S. NUCLEAR REGULATORY COMMISSION MANAGEMENT DIRECTIVE (MD) MD 12.5 NRC CYBER SECURITY PROGRAM DT-13-15 Volume 12: Approved By: Security R. W. Borchardt Executive Director for Operations Date Approved:

More information

UNITED STATES NUCLEAR REGULATORY COMMISSION OFFICE OF NUCLEAR REACTOR REGULATION WASHINGTON, D.C. 20555-0001. February 1, 2006

UNITED STATES NUCLEAR REGULATORY COMMISSION OFFICE OF NUCLEAR REACTOR REGULATION WASHINGTON, D.C. 20555-0001. February 1, 2006 UNITED STATES NUCLEAR REGULATORY COMMISSION OFFICE OF NUCLEAR REACTOR REGULATION WASHINGTON, D.C. 20555-0001 February 1, 2006 OMB Control No.: 3150-0011 NRC GENERIC LETTER 2006-02: GRID RELIABILITY AND

More information

NEI 10-04 [Revision 2] Identifying Systems and Assets Subject to the Cyber Security Rule

NEI 10-04 [Revision 2] Identifying Systems and Assets Subject to the Cyber Security Rule NEI 10-04 [Revision 2] Identifying Systems and Assets Subject to the Cyber Security Rule [THIS PAGE IS LEFT BLANK INTENTIONALLY] NEI 10-04 [Revision 2] Nuclear Energy Institute Identifying Systems and

More information

NEI 06-13A [Revision 0] Template for an Industry Training Program Description

NEI 06-13A [Revision 0] Template for an Industry Training Program Description NEI 06-13A [Revision 0] Template for an Industry Training Program Description NEI 06-13A [Revision 0] Nuclear Energy Institute Template for an Industry Training Program Description ACKNOWLEDGEMENTS This

More information

Nuclear Security Requires Cyber Security

Nuclear Security Requires Cyber Security Nuclear Security Requires Cyber Security A. DAVID MCKINNON, PH.D., MARY SUE HOXIE Cyber Physical Security Team, National Security Directorate Project on Nuclear Issues (PONI) Fall 2015 Conference PNNL-SA-113027

More information

NSW Government Digital Information Security Policy

NSW Government Digital Information Security Policy NSW Government Digital Information Security Policy Version: 2.0 Date: April 2015 CONTENTS PART 1 PRELIMINARY... 3 1.1 Scope... 3 1.2 Application... 3 1.3 Objectives... 3 PART 2 POLICY STATEMENT... 4 Core

More information

UF IT Risk Assessment Standard

UF IT Risk Assessment Standard UF IT Risk Assessment Standard Authority This standard was enacted by the UF Senior Vice President for Administration and the UF Interim Chief Information Officer on July 10, 2008 [7]. It was approved

More information

Public Law 113 283 113th Congress An Act

Public Law 113 283 113th Congress An Act PUBLIC LAW 113 283 DEC. 18, 2014 128 STAT. 3073 Public Law 113 283 113th Congress An Act To amend chapter 35 of title 44, United States Code, to provide for reform to Federal information security. Be it

More information

UNITED STATES OF AMERICA Before the SECURITIES AND EXCHANGE COMMISSION

UNITED STATES OF AMERICA Before the SECURITIES AND EXCHANGE COMMISSION UNITED STATES OF AMERICA Before the SECURITIES AND EXCHANGE COMMISSION INVESTMENT ADVISERS ACT OF 1940 Release No. 4204 / September 22, 2015 ADMINISTRATIVE PROCEEDING File No. 3-16827 In the Matter of

More information

Session 9: 20 Questions You Should Answer About Your Cyber Security Readiness Jeff Thomas, Partner, KPMG Ivan Alcoforado, Senior Manager, KPMG

Session 9: 20 Questions You Should Answer About Your Cyber Security Readiness Jeff Thomas, Partner, KPMG Ivan Alcoforado, Senior Manager, KPMG 11:30 am -12:15 pm Session 9: 20 Questions You Should Answer About Your Cyber Security Readiness Jeff Thomas, Partner, KPMG Ivan Alcoforado, Senior Manager, KPMG Agenda Introduction 20 Questions you should

More information

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, 2013. February 12, 2013

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, 2013. February 12, 2013 THE WHITE HOUSE Office of the Press Secretary For Immediate Release February 12, 2013 February 12, 2013 PRESIDENTIAL POLICY DIRECTIVE/PPD-21 SUBJECT: Critical Infrastructure Security and Resilience The

More information

Mexican Efforts Towards Building a Design Basis Threat for Radiological and Nuclear Environment.

Mexican Efforts Towards Building a Design Basis Threat for Radiological and Nuclear Environment. Mexican Efforts Towards Building a Design Basis Threat for Radiological and Nuclear Environment. Juan Eibenschutz H./ José Luis Delgado/ Carina Martínez International Regulators Conference on Nuclear Security.

More information

Cybersecurity Information Sharing Legislation Protecting Cyber Networks Act (PCNA) National Cybersecurity Protection Advancement (NCPA) Act

Cybersecurity Information Sharing Legislation Protecting Cyber Networks Act (PCNA) National Cybersecurity Protection Advancement (NCPA) Act In a flurry of activity, the U.S. House of Representatives last week passed two cybersecurity information sharing bills. Both the House Intelligence Committee and the House Homeland Security Committee

More information

OCIE CYBERSECURITY INITIATIVE

OCIE CYBERSECURITY INITIATIVE Topic: Cybersecurity Examinations Key Takeaways: OCIE will be conducting examinations of more than 50 registered brokerdealers and registered investment advisers, focusing on areas related to cybersecurity.

More information

Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record

Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Roberta Stempfley Acting Assistant Secretary for Cybersecurity and Communications

More information

Risk-Based Assessment and Scoping of IV&V Work Related to Information Assurance Presented by Joelle Spagnuolo-Loretta, Richard Brockway, John C.

Risk-Based Assessment and Scoping of IV&V Work Related to Information Assurance Presented by Joelle Spagnuolo-Loretta, Richard Brockway, John C. Risk-Based Assessment and Scoping of IV&V Work Related to Information Assurance Presented by Joelle Spagnuolo-Loretta, Richard Brockway, John C. Burget September 14, 2014 1 Agenda Information Assurance

More information

Securing the FOSS VistA Stack HIPAA Baseline Discussion. Jack L. Shaffer, Jr. Chief Operations Officer

Securing the FOSS VistA Stack HIPAA Baseline Discussion. Jack L. Shaffer, Jr. Chief Operations Officer Securing the FOSS VistA Stack HIPAA Baseline Discussion Jack L. Shaffer, Jr. Chief Operations Officer HIPAA as Baseline of security: To secure any stack which contains ephi (electonic Protected Health

More information

SAMPLE BUSINESS ASSOCIATE AGREEMENT

SAMPLE BUSINESS ASSOCIATE AGREEMENT SAMPLE BUSINESS ASSOCIATE AGREEMENT This is a draft business associate agreement based on the template provided by HHS. It is not intended to be used as is and you should only use the agreement after you

More information

Industry. Cyber Security. Information Sharing at the Technical Level. Guidelines

Industry. Cyber Security. Information Sharing at the Technical Level. Guidelines NATO Communications and Information Agency (NCI Agency) - Industry Cyber Security Information Sharing at the Technical Level Guidelines Effective date: 28 March 2014 Revision No: Rev 1 Change History Revision

More information

U.S. Nuclear Regulation after Three Mile Island

U.S. Nuclear Regulation after Three Mile Island U.S. Nuclear Regulation after Three Mile Island Mark Holt Specialist in Energy Policy October 23, 2015 Agenda Setting the scene: Before TMI Three Mile Island accident and aftermath ors, 1957-2015 Presidential

More information

Beyond Data Breach: Cyber Trends and Exposures

Beyond Data Breach: Cyber Trends and Exposures Beyond Data Breach: Cyber Trends and Exposures Vietnam 7 th May 2015 Jason Kelly Head of Asia Financial Lines AIG Agenda Why do companies need cyber protection Example of Cyber attack worldwide and in

More information

Ohio Homeland Security Strategic Plan 2013-2016

Ohio Homeland Security Strategic Plan 2013-2016 GOAL 1 Strengthen Ohio s intelligence and information sharing system for the detection and prevention of threats to public safety. Objective 1.1 Support continued development of the information sharing

More information

COMPUTER SECURITY OF INSTRUMENTATION AND CONTROL SYSTEMS AT NUCLEAR FACILITIES

COMPUTER SECURITY OF INSTRUMENTATION AND CONTROL SYSTEMS AT NUCLEAR FACILITIES 1 1 1 1 1 1 1 1 0 1 0 1 0 1 NUCLEAR SECURITY SERIES NO. XX NST0 DRAFT, November 01 STEP : Submission to MS for comment COMPUTER SECURITY OF INSTRUMENTATION AND CONTROL SYSTEMS AT NUCLEAR FACILITIES DRAFT

More information

Business Associates, HITECH & the Omnibus HIPAA Final Rule

Business Associates, HITECH & the Omnibus HIPAA Final Rule Business Associates, HITECH & the Omnibus HIPAA Final Rule HIPAA Omnibus Final Rule Changes Business Associates Marissa Gordon-Nguyen, JD, MPH Health Information Privacy Specialist Office for Civil Rights/HHS

More information

1. Computer Security: An Introduction. Definitions Security threats and analysis Types of security controls Security services

1. Computer Security: An Introduction. Definitions Security threats and analysis Types of security controls Security services 1. Computer Security: An Introduction Definitions Security threats and analysis Types of security controls Security services Mar 2012 ICS413 network security 1 1.1 Definitions A computer security system

More information

Business Associate Agreement

Business Associate Agreement Business Associate Agreement I. Definitions Catch-all definition: The following terms used in this Agreement shall have the same meaning as those terms in the HIPAA Rules: Breach, Data Aggregation, Designated

More information
2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback | Do Not Sell My Personal Information