Ask SME and Learn. NRC Cyber Security Oversight. Cyber Security Directorate



Similar documents
NRC Cyber Security Policy &

Executive Director for Operations AUDIT OF NRC S CYBER SECURITY INSPECTION PROGRAM FOR NUCLEAR POWER PLANTS (OIG-14-A-15)

A Regulatory Approach to Cyber Security

NRC Cyber Security Regulatory

Spreading the Word on Nuclear Cyber Security

Cynthia Broadwell, Progress Energy. William Gross, Nuclear Energy Institute

How To Improve Safety At A Nuclear Power Plant

Cyber Security for Nuclear Power Plants Matthew Bowman Director of Operations, ATC Nuclear IEEE NPEC Meeting July 2012

Cyber Security Evaluation of the Wireless Communication for the Mobile Safeguard Systems in uclear Power Plants

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C March 3, 2011

U.S. NUCLEAR REGULATORY COMMISSION January 2010 REGULATORY GUIDE OFFICE OF NUCLEAR REGULATORY RESEARCH. REGULATORY GUIDE 5.71 (New Regulatory Guide)

Cyber Security R&D (NE-1) and (NEET-4)

The U.S. Nuclear Regulatory Commission s Cyber Security Regulatory Framework for Nuclear Power Reactors

Cyber Security and Other Realities of Our Digital World Andy Dickson IT Director Nuclear Fleet Operations

Options for Cyber Security. Reactors. April 9, 2015

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C November 13, 2012

NHTSA S AUTOMOTIVE CYBERSECURITY RESEARCH. Arthur Carter, Frank Barickman, NHTSA

Cyber Security in the Nuclear Age. Dr. Jane LeClair, Chief Operating Officer National Cybersecurity Institute at Excelsior College Washington, D.C.

POSTAL REGULATORY COMMISSION

FUNDAMENTALS OF CYBER SECURITY FOR NUCLEAR PLANTS

OVERVIEW OF THE OPERATING REACTORS BUSINESS LINE. July 7, 2016 Michael Johnson Deputy Executive Director for Reactor and Preparedness Programs

AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS

Industrial Cyber Security 101. Mike Spear

Audit of NRC s Network Security Operations Center

NEI [Rev. 6] Cyber Security Plan for Nuclear Power Reactors

Cyber Security and the Canadian Nuclear Industry a Canadian Regulatory Perspective

INFORMATION SYSTEMS SPECIALIST

IBM Data Security Services for endpoint data protection endpoint encryption solution

ABB s approach concerning IS Security for Automation Systems

Cyber Security Considerations in the Development of I&C Systems for Nuclear Power Plants

High Level Cyber Security Assessment 2/1/2012. Assessor: J. Doe

10 best practice suggestions for common smartphone threats

SCADA Security Training

Helping Corporations Defend Enterprise Attacks through Security Awareness & Desktop Security

Cyber Security Design Methodology for Nuclear Power Control & Protection Systems. By Majed Al Breiki Senior Instrumentation & Control Manager (ENEC)

developing your potential Cyber Security Training

plantemoran.com What School Personnel Administrators Need to know

Dr. Starnes E. Walker Founding Director, Cybersecurity Initiative (302)

MD 12.5 NRC CYBER SECURITY PROGRAM DT-13-15

U.S. Nuclear Regulatory Commission

Ifred M. P~aglia Manager, Nuclear Licensing. March 14, 2013 NND

NRC Enforcement Policy

abstract NRC Headquarters United States Nuclear Regulatory Commission

Independent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015

How Secure is Your SCADA System?

Protecting critical infrastructure from Cyber-attack

Standard CIP 004 3a Cyber Security Personnel and Training

DOE O 226.1A, IMPLEMENTATION OF DEPARTMENT OF ENERGY OVERSIGHT POLICY CONTRACTOR ASSURANCE SYSTEMS CRITERIA ATTACHMENT 1, APPENDIX A

Information Security Program Management Standard

TNRCC WATER QUALITY INVESTIGATOR TRAINING PROGRAM

Cyber Security :: Insights & Recommendations for Secure Operations. N-Dimension Solutions, Inc.

NASA OFFICE OF INSPECTOR GENERAL

U.S. Nuclear Regulatory Commission

AURORA Vulnerability Background

Nuclear Regulatory Commission Computer Security Office Enterprise Security Architecture Working Group Charter

ICBA Summary of FFIEC Cybersecurity Assessment Tool

A CYBER SECURITY RISK ASSESSMENT FOR THE DESIGN OF I&C SYSTEMS IN NUCLEAR POWER PLANTS

Enterprise Security Solutions

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

NUCLEAR REGULATORY COMMISSION. 10 CFR Part 73 [NRC ] RIN 3150-AJ37. Cyber Security Event Notifications

Security Practices for Online Collaboration and Social Media

Best Practices for DanPac Express Cyber Security

Data Breach and Senior Living Communities May 29, 2015

U. S. Attorney Office Northern District of Texas March 2013

Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems

Secure Access into Industrial Automation and Control Systems Industry Best Practice and Trends. Serhii Konovalov Venkat Pothamsetty Cisco

Supplier Vigilance: A Critical Layer of Defense

Evaluation Report. Weaknesses Identified During the FY 2013 Federal Information Security Management Act Review. April 30, 2014 Report Number 14-12

Olkiluoto 3 Experience

TODAY S AGENDA. Trends/Victimology. Incident Response. Remediation. Disclosures

Designing a security policy to protect your automation solution

Evaluation Report. Office of Inspector General

FFIEC Cybersecurity Assessment Tool

Enabling a Smarter and Safer Nuclear Industry with a Secure, Real-time Data Infrastructure

Electronic Signatures. Ashley Cockerham Medical Radiation Safety Team

Privacy Governance and Compliance Framework Accountability

Federal Bureau of Investigation s Integrity and Compliance Program

IMPLEMENTING THE REGULATORY AUTHORITY INFORMATION SYSTEM (RAIS)

Transcription:

Ask SME and Learn NRC Cyber Security Oversight Program Mario R. Fernandez Jr., Security Specialist (Cyber) Cyber Security Directorate Office of Nuclear Security & Incident Response 1

Agenda Cyber Security Inspection Team Team Composition Training Activities Cyber Security Inspection Schedule Overview of Some Areas of Inspection Oversight Assessment Inspection Trends Security y Issues Forum (SIF) Improvement Trends Communications with the Industry Full Implementation ti Inspections

Inspection Team Team Composition Regions Team Leader Regional Inspectors Qualified Inspectors Electrical, Instrumentation &Controls, Security, Plant OPs Contract SMEs NRC Security S i li NRC Headquarters Specialists NSIR Cyber Security Directorate Staff Security Risk Analysts Contract Support Subject Matter Experts Multi-Disciplinary 3

Inspection Team Training activities Computer & Networks Course (CBT) Cyber Security Course - Idaho National Lab Pilot Inspections Watts Bar, Clinton Inspection Procedure Workshop- 2012 at each Region All Inspectors Meeting- June 2013 4

Inspection Team Training activities Core Topics Specialized Training Cyber Security Specialized Training Regulations Regional Inspectors Cyber Security Threats Defensive Strategies Regulatory Guidance Licensing Basis (CSPs) Contractors NRC Regulations Oversight Program Temporary Instruction Cross Training 5

Inspection Team Temporary Instruction 2201/004; Inspection of Interim Milestones Significant Determination Process (SDP) NRC Lead inspector Team Composition Regional Inspector Team Lead Regional Inspector NSIR & CSD Staff Cyber Security Specialist (Contractor) 21 Inspections scheduled in CY 2013 split between all regions 16 Inspections completed NRC inspector HQ Personnel NRC Contractor NRC HQ NRC Available (remotely) to the team as/if needed Support staff 6

Some Areas of Inspection (TI 2001/004 ) Understanding the Cyber Threat Landscape Threat vectors Threat characteristics Hard-wired networks Internet Intranet Wireless Wifi Bluetooth th Mobile media USB thumb drive CD/DVD Portable equipment Laptops Test equipment Motivated Opportunistic Persistent t Adaptive Learning Good at info sharing 7

Some Areas of Inspection (TI 2001/004 ) Establishment of a Cyber Security Assessment Team (CSAT) Identification of Critical Systems (CSs)/Critical Digital Assets (CDAs) Defense-in-Depth and Detection and Response 8

Some Areas of Inspection (TI 2001/004) Mobile Media and Device protections Cyber Tampering CDA Use Only Specific CDAs Security Controls Implementation Ongoing Monitoring and Assessments of Security Controls Implemented 9

Oversight Assessment CDA Identification or Scoping Implementation of Defensive Architecture Control of Portable Media & Devices Security Controls for CDAs 10

Security Issues Forum (SIF) Weekly Secure Video Conference All Regions & HQ staff discuss cyber security inspection issues Good Faith Attempt Enforcement Discretion The NRC is exercising enforcement discretion in accordance with Section 3.0, Use of Enforcement Discretion, Part 3.5, Violations Involving Special Circumstances, of the NRC Enforcement Policy 11

Improvement Trends Better documented CDA Scoping Process Effective implementation of one way communication from level 4 to level 3 Increased Mobile Media and Portable Device protections CDA Use Only Cyber Tampering Rounds & indications 12

Continued Communications Continued Communications with Industry through calls & meetings Inspector Workshop (June 2013) Industry Workshop Beginning communication with Industry on MILESTONE 8 INSPECTIONS 13

Full Implementation Inspections Full Implementation of the Cyber Security Program (Milestone 8) Meet all the requirements committed in approved Cyber Security Plan Licensees, on a site by site basis, have committed to full implementation late 2014 2017, inspections begin 2015 Inspection of final implementation will initially entail a two week inspection 14

Summary Importance of multi-disciplinary Cyber Security Inspection Team Training entails cyber, regulations, pilot inspections Cyber Security Inspection Schedule Overview of Some Areas of Inspection Oversight Assessment Inspection Trends Resolution R l of inspection issues (SIF) Full Implementation Inspections

Questions 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information