NRC Cyber Security Regulatory
|
|
- Laura Melissa Sparks
- 8 years ago
- Views:
Transcription
1 Ask SME and Learn NRC Cyber Security Regulatory Program Development Mario R. Fernandez Jr., Security Specialist (Cyber) Cyber Security Directorate Office of Nuclear Security & Incident Response 1
2 Agenda Background What is Cyber Security? (General public s perspective) NRC Cyber Security Program Development Fi t NRC O d i d t dd th t b th t First NRC Orders issued to address the emergent cyber threat Early NRC Guidance issued to conduct a cyber security self- assessment at nuclear power plants (NPPs) Industry s initiative to implement an interim Cyber Security Program for NPPs Current NRC Regulations which require implementation of a comprehensive cyber security program Questions
3 Background What is Cyber Security? (General public s perspective) Protection of data & systems in networks which may or may not tb be connected dt to the Internet t Measures taken to protect a computer system against unauthorized access or attack The protection of information against unauthorized disclosure, transfer, modification, or destruction, whether accidental or intentional The branch of security responsible for the protection of computer systems and networks. 3
4 NRC Cyber Security Program Development NRC Order EA , Interim Safeguards and Security Compensatory Measures for Nuclear Power Plants, Feb 2002 EA , 086 Design Basis Threat for Radiological Sabotage, in Apr 2003
5 NEI 03-12, 03 12, Security, Security, Training & Qualification, & Safeguards Contingency Plan Template, (2004) NRC Cyber Security Program Development
6 NRC Cyber Security Program Development NUREG/CR-6847 Cyber Security Self-Assessment Method for U.S. Nuclear Power Plants, (Nov 2004) superseded NEI 04-04, Cyber Security Program for Power Reactors, (Nov 2005) (At this time the NRC had not yet proposed comprehensive cyber security regulations) superseded NRC performs site reviews to evaluate implementation of NEI ( ) 10 CFR 73.1 Cyber Attack is included Design Basis Threat (DBT) Rule (2007) 10 CFR Protection ti of Digital it Computer and Communication Systems and Networks (Mar 2009)
7 NRC Cyber Security Program Development 10 CFR Protection of Digital Computer and Communication Systems and Networks (Mar 2009) Protection (high assurance) of digital computer & communication systems associated with: I. Safety-related and important-to-safety functions; II. Security functions; III. Emergency preparedness functions, including offsite communications; AND IV. Support systems and equipment which, if compromised, would adversely impact safety, security, or emergency preparedness (SSEP) functions. 7
8 NRC Cyber Security Program Development Cyber Security Regulatory Perspective Cyber Security Those measures and controls, implemented to comply with 10 CFR 73.54, to protect digital systems against the malicious acts of an intelligent adversary up to and including the design basis threat (cyber attack), as defined by 10 CFR 73.1 Cyber Threat An individual, entity, or action that by cyber-means has or indicates the potential to harm life, information, operations, the environment and/or property 8
9 NRC Cyber Security Regulatory Perspective Cyber Security: General Public s Perspective Those measures and controls, implemented to comply with 10 CFR 73.54, to protect digital systems against the malicious acts of an intelligent adversary up to and including the design basis threat, as defined by 10 CFR 73.1 Protection of data & systems in networks which may or may not be connected to the Internet Measures taken to protect a computer system against unauthorized access or attack Cyber Threat An individual, entity, or action that by cyber-means has or indicates the potential to harm life, information, operations, the The protection of information against unauthorized disclosure, transfer, modification, or destruction, whether accidental or intentional ti The branch of security responsible environment and/or property for the protection of computer systems and networks. 9
10 Summary Terrorist Attacks NRC Issues DBT Order Cyber Attack NEI Target Set Development Includes Cyber 9/11 Cyber Attack Cyber NRC Visits NEI NEI Interim Cyber Sec Program 10 CFR NRC Issues Order Cyber Threat NUREG/CR6847 Cyber Security Self-Assessment Cyber Attack 10 CFR
11 Questions 11
A Regulatory Approach to Cyber Security
A Regulatory Approach to Cyber Security Perry Pederson Security Specialist (Cyber) Office of Nuclear Security and Incident Response U.S. Nuclear Regulatory Commission 1 Agenda Overview Regulatory Framework
More informationNRC Cyber Security Policy &
Ask SME and Learn NRC Cyber Security Policy & Guidance Development Mario R. Fernandez Jr., Security Specialist (Cyber) Cyber Security Directorate Office of Nuclear Security & Incident Response 1 Agenda
More informationCyber Security for Nuclear Power Plants Matthew Bowman Director of Operations, ATC Nuclear IEEE NPEC Meeting July 2012
Cyber Security for Nuclear Power Plants Matthew Bowman Director of Operations, ATC Nuclear IEEE NPEC Meeting July 2012 ATC Nuclear ATC-N serves the commercial nuclear utilities in the US and many foreign
More informationU.S. NUCLEAR REGULATORY COMMISSION January 2010 REGULATORY GUIDE OFFICE OF NUCLEAR REGULATORY RESEARCH. REGULATORY GUIDE 5.71 (New Regulatory Guide)
U.S. NUCLEAR REGULATORY COMMISSION January 2010 REGULATORY GUIDE OFFICE OF NUCLEAR REGULATORY RESEARCH REGULATORY GUIDE 5.71 (New Regulatory Guide) CYBER SECURITY PROGRAMS FOR NUCLEAR FACILITIES A INTRODUCTION
More informationOptions for Cyber Security. Reactors. April 9, 2015
Options for Cyber Security Design Requirements for Power Reactors April 9, 2015 Scope Discuss options for including cyber security design requirements for power reactors into NRC regulations Scope does
More informationCyber Security Evaluation of the Wireless Communication for the Mobile Safeguard Systems in uclear Power Plants
Cyber Security Evaluation of the Wireless Communication for the Mobile Safeguard Systems in uclear Power Plants Sooill Lee a*, Yong Sik Kim a, Song Hae Ye a a Central Research Institute, Korea Hydro and
More informationCynthia Broadwell, Progress Energy. William Gross, Nuclear Energy Institute
Cyber Security Plan Overview Cynthia Broadwell, Progress Energy Nolan Heinrich, TVA William Gross, Nuclear Energy Institute Introduction Cynthia Broadwell Progress Energy Progress Energy Fleet Cyber Security
More informationUNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001. March 3, 2011
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 March 3, 2011 Mr. Timothy S. Rausch Senior Vice President and Chief Nuclear Officer PPL Susquehanna, LLC 769 Salem Boulevard Berwick,
More informationNUCLEAR REGULATORY COMMISSION. 10 CFR Part 73 [NRC-2014-0036] RIN 3150-AJ37. Cyber Security Event Notifications
This document is scheduled to be published in the Federal Register on 11/02/2015 and available online at http://federalregister.gov/a/2015-27855, and on FDsys.gov [7590-01-P] NUCLEAR REGULATORY COMMISSION
More informationSpreading the Word on Nuclear Cyber Security
Spreading the Word on Nuclear Cyber Security Clifford Glantz, Guy Landine, Philip Craig, and Robert Bass Pacific Northwest National Laboratory (PNNL) PO Box 999; 902 Battelle Blvd Richland, WA 99352 USA
More informationPOLICY ISSUE INFORMATION
POLICY ISSUE INFORMATION November 19, 2010 SECY-10-0153 FOR: FROM: SUBJECT: The Commissioners R. W. Borchardt Executive Director for Operations CYBER SECURITY IMPLEMENTATION OF THE COMMISSION S DETERMINATION
More informationThe U.S. Nuclear Regulatory Commission s Cyber Security Regulatory Framework for Nuclear Power Reactors
NUREG/CR-7141 The U.S. Nuclear Regulatory Commission s Cyber Security Regulatory Framework for Nuclear Power Reactors Office of Nuclear Security and Incident Response AVAILABILITY OF REFERENCE MATERIALS
More information2/22/2010. Cyber Security Industry Experiences. Regulatory Documents. Licensing History. NRC RIC Jack Roe NEI
Cyber Security Industry Experiences NRC RIC Jack Roe NEI Regulatory Documents Interim Compensatory Measures (2002) NUREG/CR-6847 (2003) Design Basis Threat Order (2003) NEI 03-12 Section 18 (2004) NEI
More informationCHALLENGES OF CYBER SECURITY FOR NUCLEAR POWER PLANTS. Kwangjo Kim
PBNC 2012 CHALLENGES OF CYBER SECURITY FOR NUCLEAR POWER PLANTS Kwangjo Kim KAIST, Daejeon, Korea Khalifa University of Science, Technology and Research, Abu Dhabi, UAE kkj@kaist.ac.kr, kwangjo.kim@kustar.ac.ae
More informationCyber Security R&D (NE-1) and (NEET-4)
Cyber Security R&D (NE-1) and (NEET-4) Trevor Cook Office of Science and Technology Innovation Office of Nuclear Energy U.S. Department of Energy Cyber Security for Nuclear Systems (the threat is real)
More informationABA Section of Public Utility, Communications & Transportation Law Safety and Security in Transport
ABA Section of Public Utility, Communications & Transportation Law Safety and Security in Transport Commercial Nuclear Power Plants Stan Blanton Nuclear Power Subcommittee The Regulatory Landscape NRC
More informationIntegrating Cyber Security into Nuclear Power Plant Safety Systems Design
Integrating Cyber Security into Nuclear Power Plant Safety Systems Design Deanna Zhang U.S. Nuclear Regulatory Commission Document Date: 05/21/2010 Objectives To provide methods for utilizing safety features,
More informationAsk SME and Learn. NRC Cyber Security Oversight. Cyber Security Directorate
Ask SME and Learn NRC Cyber Security Oversight Program Mario R. Fernandez Jr., Security Specialist (Cyber) Cyber Security Directorate Office of Nuclear Security & Incident Response 1 Agenda Cyber Security
More informationNEI 08-09 [Rev. 6] Cyber Security Plan for Nuclear Power Reactors
NEI 08-09 [Rev. 6] Cyber Security Plan for Nuclear Power Reactors [THIS PAGE IS LEFT BLANK INTENTIONALLY] NEI 08-09 [Rev. 6] Nuclear Energy Institute Cyber Security Plan for Nuclear Power Reactors Nuclear
More informationA Cost-Efficient Approach to High Cyber Security Assurance in Nuclear Power Plants
A Cost-Efficient Approach to High Cyber Security Assurance in Nuclear Power Plants The RIPE Framework as an Alternative to Regulatory Guide 5.71 and NEI 08-09 Perry Pederson April 2014 The Langner Group
More informationUNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001. November 13, 2012
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 November 13, 2012 Vice President, Operations Entergy Nuclear Operations, Inc. Vermont Yankee Nuclear Power Station P.O. Box 250 Governor
More informationBackgrounder Office of Public Affairs Telephone: 301/415-8200 E-mail: opa@nrc.gov
Backgrounder Office of Public Affairs Telephone: 301/415-8200 E-mail: opa@nrc.gov Nuclear Security Background While security of the nuclear facilities and materials the NRC regulates has always been a
More information2374-19. Joint ICTP-IAEA School of Nuclear Energy Management. 5-23 November 2012. Nuclear Security Fundamentals Module 9 topic 2
2374-19 Joint ICTP-IAEA School of Nuclear Energy Management 5-23 November 2012 Nuclear Security Fundamentals Module 9 topic 2 EVANS Rhonda, IAEA Department of Nuclear Safety and Security Office of Nuclear
More informationCyber Security Considerations in the Development of I&C Systems for Nuclear Power Plants
Cyber Security Considerations in the Development of I&C Systems for Nuclear Power Plants Jung-Woon Lee, Cheol-Kwon Lee, Jae-Gu Song, and Dong-Young Lee I&C and HF Research Division, Korea Atomic Energy
More informationWHITE PAPER PROPOSED CONSEQUENCE-BASED PHYSICAL SECURITY FRAMEWORK FOR SMALL MODULAR REACTORS AND OTHER NEW TECHNOLOGIES
WHITE PAPER PROPOSED CONSEQUENCE-BASED PHYSICAL SECURITY FRAMEWORK FOR SMALL MODULAR REACTORS AND OTHER NEW TECHNOLOGIES November 2015 ACKNOWLEDGMENT This NEI White Paper was developed by the NEI Small
More informationSubject: Critical Infrastructure Identification, Prioritization, and Protection
For Immediate Release Office of the Press Secretary The White House December 17, 2003 Homeland Security Presidential Directive / HSPD-7 Subject: Critical Infrastructure Identification, Prioritization,
More informationDecember 17, 2003 Homeland Security Presidential Directive/Hspd-7
For Immediate Release Office of the Press Secretary December 17, 2003 December 17, 2003 Homeland Security Presidential Directive/Hspd-7 Subject: Critical Infrastructure Identification, Prioritization,
More informationExecutive Director for Operations AUDIT OF NRC S CYBER SECURITY INSPECTION PROGRAM FOR NUCLEAR POWER PLANTS (OIG-14-A-15)
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 OFFICE OF THE INSPECTOR GENERAL May 7, 2014 MEMORANDUM TO: Mark A. Satorius Executive Director for Operations FROM: Stephen D. Dingbaum
More informationPUBLIC MEETING. details&code APPLICATIONS FOR NUCLEAR POWER PLANTS Regulatory Guide 1.206 [Revision]
PUBLIC MEETING http://meetings.nrc.gov/pmns/mtg?do=details&code=20150270 details&code APPLICATIONS FOR NUCLEAR POWER PLANTS Regulatory Guide 1.206 [Revision] Division of Advanced Reactors and Rulemaking
More informationAN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS
http://dx.doi.org/10.5516/net.04.2012.091 AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS JAE-GU SONG *, JUNG-WOON LEE, GEE-YONG PARK, KEE-CHOON KWON,
More informationSecurity at San Onofre
Security at San Onofre April 16, 2015 Ross Quam Security Manager Overview 1. Mission 2. Adversary Characteristics 3. Plans and Procedures 4. Insider Mitigation 5. Local Law Enforcement Agency Support 2
More informationSecurity Requirements for Spent Fuel Storage Systems 9264
Security Requirements for Spent Fuel Storage Systems 9264 P. G. Brochman, S. R. Helton, E. A. Thompson US Nuclear Regulatory Commission 11555 Rockville Pike, M/S: T4-F25M, Rockville, MD 20852-2738 ABSTRACT
More informationLegislative Language
Legislative Language SEC. 1. COORDINATION OF FEDERAL INFORMATION SECURITY POLICY. (a) IN GENERAL. Chapter 35 of title 44, United States Code, is amended by striking subchapters II and III and inserting
More informationDHS Chemical Security Program: Cyber Security Requirements
DHS Chemical Security Program: Cyber Security Requirements Steven Burns Energy Bar Association Electricity Regulation & Compliance Committee System Reliability, Planning & Compliance Committee October
More informationNRC REGULATORY ISSUE SUMMARY 2015-03, IDENTIFYING AND REPORTING SECURITY INCIDENTS UNDER 10 CFR PART 37
UNITED STATES NUCLEAR REGULATORY COMMISSION OFFICE OF NUCLEAR MATERIAL SAFETY AND SAFEGUARDS OFFICE OF NUCLEAR REACTOR REGULATION OFFICE OF NEW REACTORS WASHINGTON, D.C. 20555 February 24, 2015 NRC REGULATORY
More informationA CYBER SECURITY RISK ASSESSMENT FOR THE DESIGN OF I&C SYSTEMS IN NUCLEAR POWER PLANTS
http://dx.doi.org/10.5516/net.04.2011.065 A CYBER SECURITY RISK ASSESSMENT FOR THE DESIGN OF I&C SYSTEMS IN NUCLEAR POWER PLANTS JAE-GU SONG, JUNG-WOON LEE *, CHEOL-KWON LEE, KEE-CHOON KWON, and DONG-YOUNG
More informationTHE STATUS OF CYBER SECURITY IN NUCLEAR ENERGY
THE STATUS OF CYBER SECURITY IN NUCLEAR ENERGY ANS Connecticut Local Section Home of Nautilus, Millstone, EB, Westinghouse (CE), Zachry Ted Quinn, ANS Past President President, Technology Resources, tedquinn@cox.net
More informationSaaS. Business Associate Agreement
SaaS Business Associate Agreement This Business Associate Agreement ( BA Agreement ) becomes effective pursuant to the terms of Section 5 of the End User Service Agreement ( EUSA ) between Customer ( Covered
More informationNuclear Security Glossary
IAEA NUCLEAR SECURITY SERIES NO. Nuclear Security Glossary Revision 3E Draft 17 March 2010 Page 1 of 16 FOREWORD [TO BE PROVIDED BY THE SECRETARIAT AT A LATER TIME] Page 2 of 16 Introduction The Nuclear
More information787 Wye Road, Akron, Ohio 44333 P 330-666-6200 F 330-666-7801 www.keystonecorp.com
Introduction Keystone White Paper: Regulations affecting IT This document describes specific sections of current U.S. regulations applicable to IT governance and data protection and maps those requirements
More informationEd McMurray, CISA, CISSP, CTGA CoNetrix
Ed McMurray, CISA, CISSP, CTGA CoNetrix AGENDA Introduction Cybersecurity Recent News Regulatory Statements NIST Cybersecurity Framework FFIEC Cybersecurity Assessment Questions Information Security Stats
More informationEmergency Preparedness at Nuclear Power Plants
A White Paper Addressing Compliance with NRC Proposed Rule making Emergency Preparedness at Nuclear Power Plants Ensuring Readiness and Compliance with New NRC Regulation of Emergency Preparedness Programs
More informationFINAL SUPPORTING STATEMENT FOR 10 CFR PART 37 PHYSICAL PROTECTION OF CATEGORY 1 AND CATEGORY 2 QUANTITIES OF RADIOACTIVE MATERIAL
FINAL SUPPORTING STATEMENT FOR 10 CFR PART 37 PHYSICAL PROTECTION OF CATEGORY 1 AND CATEGORY 2 QUANTITIES OF RADIOACTIVE MATERIAL Description of the Information Collection (OMB CLEARANCE NO. 3150-0214)
More informationThe Anatomy of an Effective Cyber Security Solution: Regulatory Guidelines and the Technology Required for Compliance
The Anatomy of an Effective Cyber Security Solution: Regulatory Guidelines and the Technology Required for Compliance A Bentley White Paper Hilmar Retief, Product Manager AssetWise July 2011 www.bentley.com
More informationCybersecurity for Meaningful Use. 2013 FRHA Annual Summit "Setting the Health Care Table: Politics, Economics, Health" November 20-22, 2013
Cybersecurity for Meaningful Use 2013 FRHA Annual Summit "Setting the Health Care Table: Politics, Economics, Health" November 20-22, 2013 Healthcare Sector Vulnerable to Hackers By Robert O Harrow Jr.,
More informationGuidelines 1 on Information Technology Security
Guidelines 1 on Information Technology Security Introduction The State Bank of Pakistan recognizes that financial industry is built around the sanctity of the financial transactions. Owing to the critical
More informationU.S. NUCLEAR REGULATORY COMMISSION STANDARD REVIEW PLAN. Organization responsible for the review of physical security
NUREG-0800 U.S. NUCLEAR REGULATORY COMMISSION STANDARD REVIEW PLAN 13.6.2 PHYSICAL SECURITY DESIGN CERTIFICATION REVIEW RESPONSIBILITIES Primary - Organization responsible for the review of physical security
More informationNORTH CAROLINA EASTERN MUNICIPAL POWER AGENCY SHEARON HARRIS NUCLEAR POWER PLANT, UNIT 1. Renewed License No. NPF-63
CAROLINA POWER & LIGHT COMPANY NORTH CAROLINA EASTERN MUNICIPAL POWER AGENCY DOCKET NO. 50-400 SHEARON HARRIS NUCLEAR POWER PLANT, UNIT 1 RENEWED FACILITY OPERATING LICENSE 1. The Nuclear Regulatory Commission
More informationFEDERAL INFORMATION SECURITY. Mixed Progress in Implementing Program Components; Improved Metrics Needed to Measure Effectiveness
United States Government Accountability Office Report to Congressional Committees September 2013 FEDERAL INFORMATION SECURITY Mixed Progress in Implementing Program Components; Improved Metrics Needed
More informationVA Data Breach Follow-Up. Adair Martinez, Deputy Assistant Secretary for Information Protection and Risk Management Department of Veterans Affairs
VA Data Breach Follow-Up Adair Martinez, Deputy Assistant Secretary for Information Protection and Risk Management Department of Veterans Affairs Incidents In The News - VA Is Not Alone Data HMO Report:
More informationUNITED STATES NUCLEAR REGULATORY COMMISSION ADVISORY COMMITTEE ON REACTOR SAFEGUARDS WASHINGTON, DC 20555-0001. July 17, 2012
UNITED STATES NUCLEAR REGULATORY COMMISSION ADVISORY COMMITTEE ON REACTOR SAFEGUARDS WASHINGTON, DC 20555-0001 July 17, 2012 Mr. R. W. Borchardt Executive Director for Operations U.S. Nuclear Regulatory
More informationGuidance on Risk Analysis Requirements under the HIPAA Security Rule
Guidance on Risk Analysis Requirements under the HIPAA Security Rule Introduction The Office for Civil Rights (OCR) is responsible for issuing annual guidance on the provisions in the HIPAA Security Rule.
More informationAPPENDIX B SUPPLEMENTAL INSPECTION PROGRAM A. OBJECTIVES AND PHILOSOPHY OF THE SUPPLEMENTAL INSPECTION PROGRAM
APPENDIX B SUPPLEMENTAL INSPECTION PROGRAM A. OBJECTIVES AND PHILOSOPHY OF THE SUPPLEMENTAL INSPECTION PROGRAM The supplemental inspection program is designed to support the NRC s goals of maintaining
More informationIAEA 2015 INTERNATIONAL CONFERENCE ON COMPUTER SECURITY IN A NUCLEAR WORLD
IAEA 2015 INTERNATIONAL CONFERENCE ON COMPUTER SECURITY IN A NUCLEAR WORLD A NEW IEC STANDARD FOR CYBERSECURITY FOR NUCLEAR POWER PLANTS: IEC 62645 - REQUIREMENTS FOR SECURITY PROGRAMS FOR COMPUTER-BASED
More informationAnalysis One Code Desc. Transaction Amount. Fiscal Period
Analysis One Code Desc Transaction Amount Fiscal Period 57.63 Oct-12 12.13 Oct-12-38.90 Oct-12-773.00 Oct-12-800.00 Oct-12-187.00 Oct-12-82.00 Oct-12-82.00 Oct-12-110.00 Oct-12-1115.25 Oct-12-71.00 Oct-12-41.00
More informationDIRECTIVE TRANSMITTAL
U.S. NUCLEAR REGULATORY COMMISSION DIRECTIVE TRANSMITTAL TN: DT-03-11 (REDACTED VERSION) To: NRC Management Directives Custodians Subject: Transmittal of Management Directive 12.5, NRC Automated Information
More informationInformation Security Insights From and For Canadian Small to Medium Sized Enterprises
Information Security Insights From and For Canadian Small to Medium Sized Enterprises Paying Attention to Information Security CPA Canada recently completed an online study conducted by Nielsen called
More informationNATIONAL CYBERSECURITY PROTECTION ACT OF 2014
PUBLIC LAW 113 282 DEC. 18, 2014 NATIONAL CYBERSECURITY PROTECTION ACT OF 2014 VerDate Mar 15 2010 21:01 Feb 12, 2015 Jkt 049139 PO 00282 Frm 00001 Fmt 6579 Sfmt 6579 E:\PUBLAW\PUBL282.113 PUBL282 128
More informationDelegations will find attached the final report of the AHGNS as agreed on 24 May.
COU CIL OF THE EUROPEA U IO Brussels, 31 May 2012 10616/12 AHG S 20 ATO 84 OTE from : to : Subject General Secretariat of the Council Delegations Ad Hoc Group on Nuclear Security - final report Delegations
More informationProposal to Consolidate Post-Fukushima Rulemaking Activities
Proposal to Consolidate Post-Fukushima Rulemaking Activities On January 28, 2014, the U.S. Nuclear Regulatory Commission s (NRC s) Fukushima Steering Committee endorsed an NRC staff proposal for integrating
More informationThe Objectives of this Rulemaking
Draft Technical Basis for a Rulemaking to Revise the Security Requirements for Facilities Storing Spent Nuclear Fuel and High-Level Radioactive Waste, Revision 1 [NRC-2009-0558] A The Objectives of this
More informationCyber Security and Other Realities of Our Digital World Andy Dickson IT Director Nuclear Fleet Operations
Cyber Security and Other Realities of Our Digital World Andy Dickson IT Director Nuclear Fleet Operations What Changes Are We Facing? Cyber Security Regulation and Threats Changing IT Landscape and Expectations
More informationNuclear Security Plan 2014 2017
Atoms for Peace Board of Governors General Conference GOV/2013/42-GC(57)/19 Date: 2 August 2013 For official use only Item 4(b) of the Board s provisional agenda (GOV/2013/37) Item 16 of the Conference's
More informationSecurity for Independent Spent Fuel Storage Installations (ISFSI)
CRYPTOME 30 March 2011 Security for Independent Spent Fuel Storage Installations (ISFSI) http://adamswebsearch2.nrc.gov/idmws/viewdocbyaccession.asp?accessionnumber =ML080030050 (Nuclear Regulation Commission
More informationRegulatory Guide 1.168 Verification, Validation, Reviews, And Audits For Digital Computer Software Used in Safety Systems of Nuclear Power Plants
Regulatory Guide 1.168 Page 1 of 10 September 1997 Regulatory Guide 1.168 Verification, Validation, Reviews, And Audits For Digital Computer Software Used in Safety Systems of Nuclear Power Plants Publication
More informationNuclear Security and Incident Response
Hitachi Review Vol. 62 (2013), No. 3 168 Nuclear Security and Incident Response Kazuhiko Tanimura Hisayuki Ito Hiroyuki Kimura OVERVIEW: Since the Great East Japan Earthquake, there has been a requirement
More informationCOMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER THE DEPARTMENT OF DEFENSE [DOD-2009-OS-0183/RIN 0790-AI60]
COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER to THE DEPARTMENT OF DEFENSE Defense Industrial Base (DIB) Voluntary Cyber Security and Information Assurance (CS/IA) Activities By notice published
More informationThe Problems With SEC s Cybersecurity Approach
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com The Problems With SEC s Cybersecurity Approach Law360,
More informationWhite Paper on Financial Institution Vendor Management
White Paper on Financial Institution Vendor Management Virtually every organization in the modern economy relies to some extent on third-party vendors that facilitate business operations in a wide variety
More informationInsurance for Data Breaches in the Hospitality Industry
The Academy of Hospitality Industry Attorneys The Pl Palmer House Hilton Chicago, IL April 25, 2014 Insurance for Data Breaches in the Hospitality Industry Presenters: David P. Bender, Jr. dbender@andersonkill.com
More informationEnterprise Security Governance. Robert Coles Chief Information Security Officer and Global Head of Digital Risk & Security
Enterprise Security Governance Robert Coles Chief Information Security Officer and Global Head of Digital Risk & Security Governance and Organisational Model Risk Mgmt & Reporting Digital Risk & Security
More information005ASubmission to the Serious Data Breach Notification Consultation
005ASubmission to the Serious Data Breach Notification Consultation (Consultation closes 4 March 2016 please send electronic submissions to privacy.consultation@ag.gov.au) Your details Name/organisation
More informationTo improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes.
BAG15121 Discussion Draft S.L.C. 114TH CONGRESS 1ST SESSION S. XXXX To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes.
More informationPrivacy and Data Security Update for Defense Contractors
Privacy and Data Security Update for Defense Contractors T.J. Crane May 19, 2017 Overview DoD interim rule Expanded DFAR reporting obligations New DFAR definitions Cloud services Changes to local breach
More informationMD 12.5 NRC CYBER SECURITY PROGRAM DT-13-15
U.S. NUCLEAR REGULATORY COMMISSION MANAGEMENT DIRECTIVE (MD) MD 12.5 NRC CYBER SECURITY PROGRAM DT-13-15 Volume 12: Approved By: Security R. W. Borchardt Executive Director for Operations Date Approved:
More informationUNITED STATES NUCLEAR REGULATORY COMMISSION OFFICE OF NUCLEAR REACTOR REGULATION WASHINGTON, D.C. 20555-0001. February 1, 2006
UNITED STATES NUCLEAR REGULATORY COMMISSION OFFICE OF NUCLEAR REACTOR REGULATION WASHINGTON, D.C. 20555-0001 February 1, 2006 OMB Control No.: 3150-0011 NRC GENERIC LETTER 2006-02: GRID RELIABILITY AND
More informationNEI 10-04 [Revision 2] Identifying Systems and Assets Subject to the Cyber Security Rule
NEI 10-04 [Revision 2] Identifying Systems and Assets Subject to the Cyber Security Rule [THIS PAGE IS LEFT BLANK INTENTIONALLY] NEI 10-04 [Revision 2] Nuclear Energy Institute Identifying Systems and
More informationNEI 06-13A [Revision 0] Template for an Industry Training Program Description
NEI 06-13A [Revision 0] Template for an Industry Training Program Description NEI 06-13A [Revision 0] Nuclear Energy Institute Template for an Industry Training Program Description ACKNOWLEDGEMENTS This
More informationNuclear Security Requires Cyber Security
Nuclear Security Requires Cyber Security A. DAVID MCKINNON, PH.D., MARY SUE HOXIE Cyber Physical Security Team, National Security Directorate Project on Nuclear Issues (PONI) Fall 2015 Conference PNNL-SA-113027
More informationNSW Government Digital Information Security Policy
NSW Government Digital Information Security Policy Version: 2.0 Date: April 2015 CONTENTS PART 1 PRELIMINARY... 3 1.1 Scope... 3 1.2 Application... 3 1.3 Objectives... 3 PART 2 POLICY STATEMENT... 4 Core
More informationUF IT Risk Assessment Standard
UF IT Risk Assessment Standard Authority This standard was enacted by the UF Senior Vice President for Administration and the UF Interim Chief Information Officer on July 10, 2008 [7]. It was approved
More informationPublic Law 113 283 113th Congress An Act
PUBLIC LAW 113 283 DEC. 18, 2014 128 STAT. 3073 Public Law 113 283 113th Congress An Act To amend chapter 35 of title 44, United States Code, to provide for reform to Federal information security. Be it
More informationUNITED STATES OF AMERICA Before the SECURITIES AND EXCHANGE COMMISSION
UNITED STATES OF AMERICA Before the SECURITIES AND EXCHANGE COMMISSION INVESTMENT ADVISERS ACT OF 1940 Release No. 4204 / September 22, 2015 ADMINISTRATIVE PROCEEDING File No. 3-16827 In the Matter of
More informationSession 9: 20 Questions You Should Answer About Your Cyber Security Readiness Jeff Thomas, Partner, KPMG Ivan Alcoforado, Senior Manager, KPMG
11:30 am -12:15 pm Session 9: 20 Questions You Should Answer About Your Cyber Security Readiness Jeff Thomas, Partner, KPMG Ivan Alcoforado, Senior Manager, KPMG Agenda Introduction 20 Questions you should
More informationTHE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, 2013. February 12, 2013
THE WHITE HOUSE Office of the Press Secretary For Immediate Release February 12, 2013 February 12, 2013 PRESIDENTIAL POLICY DIRECTIVE/PPD-21 SUBJECT: Critical Infrastructure Security and Resilience The
More informationMexican Efforts Towards Building a Design Basis Threat for Radiological and Nuclear Environment.
Mexican Efforts Towards Building a Design Basis Threat for Radiological and Nuclear Environment. Juan Eibenschutz H./ José Luis Delgado/ Carina Martínez International Regulators Conference on Nuclear Security.
More informationCybersecurity Information Sharing Legislation Protecting Cyber Networks Act (PCNA) National Cybersecurity Protection Advancement (NCPA) Act
In a flurry of activity, the U.S. House of Representatives last week passed two cybersecurity information sharing bills. Both the House Intelligence Committee and the House Homeland Security Committee
More informationOCIE CYBERSECURITY INITIATIVE
Topic: Cybersecurity Examinations Key Takeaways: OCIE will be conducting examinations of more than 50 registered brokerdealers and registered investment advisers, focusing on areas related to cybersecurity.
More informationCyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record
Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Roberta Stempfley Acting Assistant Secretary for Cybersecurity and Communications
More informationRisk-Based Assessment and Scoping of IV&V Work Related to Information Assurance Presented by Joelle Spagnuolo-Loretta, Richard Brockway, John C.
Risk-Based Assessment and Scoping of IV&V Work Related to Information Assurance Presented by Joelle Spagnuolo-Loretta, Richard Brockway, John C. Burget September 14, 2014 1 Agenda Information Assurance
More informationSecuring the FOSS VistA Stack HIPAA Baseline Discussion. Jack L. Shaffer, Jr. Chief Operations Officer
Securing the FOSS VistA Stack HIPAA Baseline Discussion Jack L. Shaffer, Jr. Chief Operations Officer HIPAA as Baseline of security: To secure any stack which contains ephi (electonic Protected Health
More informationSAMPLE BUSINESS ASSOCIATE AGREEMENT
SAMPLE BUSINESS ASSOCIATE AGREEMENT This is a draft business associate agreement based on the template provided by HHS. It is not intended to be used as is and you should only use the agreement after you
More informationIndustry. Cyber Security. Information Sharing at the Technical Level. Guidelines
NATO Communications and Information Agency (NCI Agency) - Industry Cyber Security Information Sharing at the Technical Level Guidelines Effective date: 28 March 2014 Revision No: Rev 1 Change History Revision
More informationU.S. Nuclear Regulation after Three Mile Island
U.S. Nuclear Regulation after Three Mile Island Mark Holt Specialist in Energy Policy October 23, 2015 Agenda Setting the scene: Before TMI Three Mile Island accident and aftermath ors, 1957-2015 Presidential
More informationBeyond Data Breach: Cyber Trends and Exposures
Beyond Data Breach: Cyber Trends and Exposures Vietnam 7 th May 2015 Jason Kelly Head of Asia Financial Lines AIG Agenda Why do companies need cyber protection Example of Cyber attack worldwide and in
More informationOhio Homeland Security Strategic Plan 2013-2016
GOAL 1 Strengthen Ohio s intelligence and information sharing system for the detection and prevention of threats to public safety. Objective 1.1 Support continued development of the information sharing
More informationCOMPUTER SECURITY OF INSTRUMENTATION AND CONTROL SYSTEMS AT NUCLEAR FACILITIES
1 1 1 1 1 1 1 1 0 1 0 1 0 1 NUCLEAR SECURITY SERIES NO. XX NST0 DRAFT, November 01 STEP : Submission to MS for comment COMPUTER SECURITY OF INSTRUMENTATION AND CONTROL SYSTEMS AT NUCLEAR FACILITIES DRAFT
More informationBusiness Associates, HITECH & the Omnibus HIPAA Final Rule
Business Associates, HITECH & the Omnibus HIPAA Final Rule HIPAA Omnibus Final Rule Changes Business Associates Marissa Gordon-Nguyen, JD, MPH Health Information Privacy Specialist Office for Civil Rights/HHS
More information1. Computer Security: An Introduction. Definitions Security threats and analysis Types of security controls Security services
1. Computer Security: An Introduction Definitions Security threats and analysis Types of security controls Security services Mar 2012 ICS413 network security 1 1.1 Definitions A computer security system
More informationBusiness Associate Agreement
Business Associate Agreement I. Definitions Catch-all definition: The following terms used in this Agreement shall have the same meaning as those terms in the HIPAA Rules: Breach, Data Aggregation, Designated
More information