Cyber Security R&D (NE-1) and (NEET-4)



Similar documents
A Regulatory Approach to Cyber Security

Cyber Security Evaluation of the Wireless Communication for the Mobile Safeguard Systems in uclear Power Plants

Cynthia Broadwell, Progress Energy. William Gross, Nuclear Energy Institute

Cyber Security Considerations in the Development of I&C Systems for Nuclear Power Plants

Options for Cyber Security. Reactors. April 9, 2015

NRC Cyber Security Regulatory

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C March 3, 2011

Cyber Security for Nuclear Power Plants Matthew Bowman Director of Operations, ATC Nuclear IEEE NPEC Meeting July 2012

NRC Cyber Security Policy &

POLICY ISSUE INFORMATION

U.S. NUCLEAR REGULATORY COMMISSION January 2010 REGULATORY GUIDE OFFICE OF NUCLEAR REGULATORY RESEARCH. REGULATORY GUIDE 5.71 (New Regulatory Guide)

Business Continuity & Disaster Recovery

Spreading the Word on Nuclear Cyber Security

OCIE CYBERSECURITY INITIATIVE

A CYBER SECURITY RISK ASSESSMENT FOR THE DESIGN OF I&C SYSTEMS IN NUCLEAR POWER PLANTS

Attachment A. Identification of Risks/Cybersecurity Governance

Defense in Depth Architecture of Server Systems for the Improvement of Cyber Security

Cyber Security and the Canadian Nuclear Industry a Canadian Regulatory Perspective

Managing Cyber Threats Risk Management & Insurance Solutions. Presented by: Douglas R. Jones, CPCU, ARM Senior Vice President & Principal

ABA Section of Public Utility, Communications & Transportation Law Safety and Security in Transport

NEI [Rev. 6] Cyber Security Plan for Nuclear Power Reactors

Ask SME and Learn. NRC Cyber Security Oversight. Cyber Security Directorate

AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS

MDEP Generic Common Position No DICWG 02

NUCLEAR REGULATORY COMMISSION. 10 CFR Part 73 [NRC ] RIN 3150-AJ37. Cyber Security Event Notifications

Proposal to Consolidate Post-Fukushima Rulemaking Activities

Boeing is working with industry to establish a unified cyber strategy and deliver cyber security solutions to airlines worldwide.

United States Nuclear Regulatory Commission Office of Research Washington, DC

Cybersecurity and Hospitals. What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response

Performs the Federal coordination role for supporting the energy requirements associated with National Special Security Events.

Executive Director for Operations AUDIT OF NRC S CYBER SECURITY INSPECTION PROGRAM FOR NUCLEAR POWER PLANTS (OIG-14-A-15)

The U.S. Nuclear Regulatory Commission s Cyber Security Regulatory Framework for Nuclear Power Reactors

2/22/2010. Cyber Security Industry Experiences. Regulatory Documents. Licensing History. NRC RIC Jack Roe NEI

ESKISP Manage security testing

A Cost-Efficient Approach to High Cyber Security Assurance in Nuclear Power Plants

Advancing Cyber Security Using System Dynamics Simulation Modeling for System Resilience, Patching, and Software Development

ISACA North Dallas Chapter

Cybersecurity Workshop

REGULATORY GUIDE (Draft was issued as DG-1267, dated August 2012)

THE EVOLUTION OF CYBERSECURITY

Protecting against cyber threats and security breaches

Critical Infrastructure Security and Resilience

Integrating Cyber Security into Nuclear Power Plant Safety Systems Design

Achieving Cyber Resilience. By Garin Pace, Anthony Shapella and Greg Vernaci

BUSINESS CONTINUITY PLANNING

Demystifying Cyber Insurance. Jamie Monck-Mason & Andrew Hill. Introduction. What is cyber? Nomenclature

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C November 13, 2012

A New Standards Project on Avoiding Programming Language Vulnerabilities

The Cybersecurity Threat Protecting Big Data

8/27/2015. Brad Schuette IT Manager City of Punta Gorda (941) Don t Wait Another Day

BlacKnight. Cyber Security international A BUSINESS / MARKETING PRESENTATION

CHALLENGES OF CYBER SECURITY FOR NUCLEAR POWER PLANTS. Kwangjo Kim

Actions and Recommendations (A/R) Summary

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

Cybersecurity Converged Resilience :

Cyber security: Are Australian CEOs sleepwalking or a step ahead? kpmg.com.au

DHS, National Cyber Security Division Overview

How To Write A Cyber Security Risk Analysis Model For Research Reactor

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

Announcement of a new IAEA Co-ordinated Research Programme (CRP)

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY

[STAFF WORKING DRAFT]

National Preparedness for Surge Capacity

Protect Your Assets. Cyber Security Engineering. Control Systems. Power Plants. Hurst Technologies

Security and Vulnerability Assessments. Tom OʼConnor, PE H 2 OʼC Engineering

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS

FACT SHEET: Ransomware and HIPAA

Cybersecurity. Are you prepared?

UNITED STATES NUCLEAR REGULATORY COMMISSION ADVISORY COMMITTEE ON REACTOR SAFEGUARDS WASHINGTON, DC July 17, 2012

i Network, Inc Technology Solutions, Products & Services Providing the right information, to the right customer, at the right time.

NYS LOCAL GOVERNMENT VULNERABILITY SCANNING PROJECT September 22, 2011

Capabilities for Cybersecurity Resilience

REGULATORY GUIDE (Draft was issued as DG-1207, dated August 2012)

Why you should adopt the NIST Cybersecurity Framework

SURVEY REPORT SPON. Identifying Critical Gaps in Database Security. Published April An Osterman Research Survey Report.

Lessons from Defending Cyberspace

MEMORANDUM. Date: October 28, Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance

THE STATUS OF CYBER SECURITY IN NUCLEAR ENERGY

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, February 12, 2013

IT Security Risks & Trends

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

October 24, Mitigating Legal and Business Risks of Cyber Breaches

AURORA Vulnerability Background

Final Draft/Pre-Decisional/Do Not Cite. Forging a Common Understanding for Critical Infrastructure. Shared Narrative

BEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT

CYBERSECURITY INVESTIGATIONS

Penetration Testing Service. By Comsec Information Security Consulting

How Secure is Your SCADA System?

Subject: Critical Infrastructure Identification, Prioritization, and Protection

Section A: Introduction, Definitions and Principles of Infrastructure Resilience

Leveraging Regulatory Compliance to Improve Cyber Security

CONCEPTS IN CYBER SECURITY

ESKISP Conducts vulnerability assessment under supervision

December 17, 2003 Homeland Security Presidential Directive/Hspd-7

B A S I C S C I E N C E S

The State-of-the-State of Control System Cyber Security

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

Information Technology Risk Management

Transcription:

Cyber Security R&D (NE-1) and (NEET-4) Trevor Cook Office of Science and Technology Innovation Office of Nuclear Energy U.S. Department of Energy

Cyber Security for Nuclear Systems (the threat is real) July 2015 WIRED publishes details of Jeep Hack June 2015 China Hacks United Airlines May 2015 Passenger Hacks Airplane July 2014 - China Hacks Canadian National Research Council March 2014 China Hacks OPM 2011-2014 Russian Cyber attacks against U.S. Energy Companies January 2013 Department of Energy Hacked October 2011 - China Hacks Iron Dome (Israel s missile defense) 2

Regulatory Framework for Cyber Security n 10 CFR 73.54, "Protection of Digital Computer and Communication Systems and Networks requires licensees to protect digital computer and communications systems and networks associated with the following categories of functions, from those cyber attacks identified in 10 CFR 73.54(a)(2): safety-related and important-to-safety functions security functions emergency preparedness functions, including offsite communications, and support systems and equipment which, if compromised, would adversely impact safety, security, or emergency preparedness functions. n Regulatory Guide 5.71, "Cyber Security Programs for Nuclear Facilities Guidance for meeting 10 CFR 73.54 3

Regulatory Framework for Cyber Security n Regulatory Guide 1.152, Rev. 3, "Criteria for Use of Computers in Safety Systems of Nuclear Power Plants guidance for establishing a Secure Development and Operational Environment (SDOE) endorses provisions of IEEE Standard 7-4.3.2-2003 4

Implementing Cyber Security Establish Cyber Security Assessment Team Establish CSAT Identify Critical Systems Implement Portable and Mobile Device Controls Identify Digital Devices Implement ongoing program for Cyber Security Stand up Ongoing Program Document Findings Identify CDAs Identify Critical Systems and Critical Digital Assets Remediate CDAs Assess CDAs 5

Purpose of NE Cyber Security R&D n To reduce the vulnerability n To mitigate the consequence n To lower the costs n To provide a partner 6

Sample Cyber Security R&D Needs n Cyber-hardened Sensors and Networks Technologies and methodologies to assure secure sensors, networks and communication systems Technologies and methodologies to test the security of sensors, networks and communication systems n Modeling and Simulation Methodologies to apply nuclear simulation codes to evaluate the consequences of cyber attacks Experiments to validate such methods Risk based methodologies for prioritizing vulnerabilities 7

Sample Cyber Security R&D Needs n Personnel Protection Systems and Insider Threat Technologies and methodologies needed to measure security effectiveness, predict emerging threat risk trends and predict security performance anomalies that may increase personnel and their private systems exposure to cyber targeting 8

NEUP Scope n Methods and Technologies to Inform Operators Develop a methodology and technology to distinguish deliberate cyber attack from ordinary failure Develop guidelines for recovery from cyber attack Demonstrate an application of the methodology n Operator Performance during Cyber Attack Evaluate operator performance during simulated cyber attacks Identify assets that would assist operators during cyber attacks Examine the question on if and how cyber attack presents itself differently to operators Use lessons learned to inform technological and administrative solutions 9

NEET Scope n Examine, evaluate, create methods and technologies that costeffectively mitigate and minimize insider threats. n Examine, evaluate, create methods and technologies that cost effectively mitigate and minimize supply chain vulnerabilities. 10

Contact Information n For NEET and NEUP, interested parties may contact the INL cyber security program manager at steven.hartenstein@inl.gov n Interested parties may contact me as well at trevor.cook@nuclear.energy.gov 11

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information