NRC Cyber Security Regulatory



Similar documents
A Regulatory Approach to Cyber Security

NRC Cyber Security Policy &

Cyber Security for Nuclear Power Plants Matthew Bowman Director of Operations, ATC Nuclear IEEE NPEC Meeting July 2012

U.S. NUCLEAR REGULATORY COMMISSION January 2010 REGULATORY GUIDE OFFICE OF NUCLEAR REGULATORY RESEARCH. REGULATORY GUIDE 5.71 (New Regulatory Guide)

Options for Cyber Security. Reactors. April 9, 2015

Cyber Security Evaluation of the Wireless Communication for the Mobile Safeguard Systems in uclear Power Plants

Cynthia Broadwell, Progress Energy. William Gross, Nuclear Energy Institute

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C March 3, 2011

NUCLEAR REGULATORY COMMISSION. 10 CFR Part 73 [NRC ] RIN 3150-AJ37. Cyber Security Event Notifications

Spreading the Word on Nuclear Cyber Security

The U.S. Nuclear Regulatory Commission s Cyber Security Regulatory Framework for Nuclear Power Reactors

CHALLENGES OF CYBER SECURITY FOR NUCLEAR POWER PLANTS. Kwangjo Kim

Cyber Security R&D (NE-1) and (NEET-4)

Integrating Cyber Security into Nuclear Power Plant Safety Systems Design

Ask SME and Learn. NRC Cyber Security Oversight. Cyber Security Directorate

NEI [Rev. 6] Cyber Security Plan for Nuclear Power Reactors

A Cost-Efficient Approach to High Cyber Security Assurance in Nuclear Power Plants

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C November 13, 2012

Backgrounder Office of Public Affairs Telephone: 301/

Joint ICTP-IAEA School of Nuclear Energy Management November Nuclear Security Fundamentals Module 9 topic 2

Cyber Security Considerations in the Development of I&C Systems for Nuclear Power Plants

Subject: Critical Infrastructure Identification, Prioritization, and Protection

December 17, 2003 Homeland Security Presidential Directive/Hspd-7

Executive Director for Operations AUDIT OF NRC S CYBER SECURITY INSPECTION PROGRAM FOR NUCLEAR POWER PLANTS (OIG-14-A-15)

PUBLIC MEETING. details&code APPLICATIONS FOR NUCLEAR POWER PLANTS Regulatory Guide [Revision]

AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS

Security at San Onofre

Security Requirements for Spent Fuel Storage Systems 9264

Legislative Language

A CYBER SECURITY RISK ASSESSMENT FOR THE DESIGN OF I&C SYSTEMS IN NUCLEAR POWER PLANTS

THE STATUS OF CYBER SECURITY IN NUCLEAR ENERGY

SaaS. Business Associate Agreement

Nuclear Security Glossary

Ed McMurray, CISA, CISSP, CTGA CoNetrix

Emergency Preparedness at Nuclear Power Plants

The Anatomy of an Effective Cyber Security Solution: Regulatory Guidelines and the Technology Required for Compliance

Cybersecurity for Meaningful Use FRHA Annual Summit "Setting the Health Care Table: Politics, Economics, Health" November 20-22, 2013

Guidelines 1 on Information Technology Security

U.S. NUCLEAR REGULATORY COMMISSION STANDARD REVIEW PLAN. Organization responsible for the review of physical security

NORTH CAROLINA EASTERN MUNICIPAL POWER AGENCY SHEARON HARRIS NUCLEAR POWER PLANT, UNIT 1. Renewed License No. NPF-63

FEDERAL INFORMATION SECURITY. Mixed Progress in Implementing Program Components; Improved Metrics Needed to Measure Effectiveness

Guidance on Risk Analysis Requirements under the HIPAA Security Rule

APPENDIX B SUPPLEMENTAL INSPECTION PROGRAM A. OBJECTIVES AND PHILOSOPHY OF THE SUPPLEMENTAL INSPECTION PROGRAM

IAEA 2015 INTERNATIONAL CONFERENCE ON COMPUTER SECURITY IN A NUCLEAR WORLD

Analysis One Code Desc. Transaction Amount. Fiscal Period

NATIONAL CYBERSECURITY PROTECTION ACT OF 2014

Delegations will find attached the final report of the AHGNS as agreed on 24 May.

Proposal to Consolidate Post-Fukushima Rulemaking Activities

Cyber Security and Other Realities of Our Digital World Andy Dickson IT Director Nuclear Fleet Operations

Nuclear Security Plan

Security for Independent Spent Fuel Storage Installations (ISFSI)

Regulatory Guide Verification, Validation, Reviews, And Audits For Digital Computer Software Used in Safety Systems of Nuclear Power Plants

The Problems With SEC s Cybersecurity Approach

White Paper on Financial Institution Vendor Management

Enterprise Security Governance. Robert Coles Chief Information Security Officer and Global Head of Digital Risk & Security

005ASubmission to the Serious Data Breach Notification Consultation

To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes.

Privacy and Data Security Update for Defense Contractors

MD 12.5 NRC CYBER SECURITY PROGRAM DT-13-15

UNITED STATES NUCLEAR REGULATORY COMMISSION OFFICE OF NUCLEAR REACTOR REGULATION WASHINGTON, D.C February 1, 2006

NEI [Revision 2] Identifying Systems and Assets Subject to the Cyber Security Rule

NEI 06-13A [Revision 0] Template for an Industry Training Program Description

Nuclear Security Requires Cyber Security

NSW Government Digital Information Security Policy

UF IT Risk Assessment Standard

Public Law th Congress An Act

UNITED STATES OF AMERICA Before the SECURITIES AND EXCHANGE COMMISSION

Session 9: 20 Questions You Should Answer About Your Cyber Security Readiness Jeff Thomas, Partner, KPMG Ivan Alcoforado, Senior Manager, KPMG

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, February 12, 2013

Mexican Efforts Towards Building a Design Basis Threat for Radiological and Nuclear Environment.

Cybersecurity Information Sharing Legislation Protecting Cyber Networks Act (PCNA) National Cybersecurity Protection Advancement (NCPA) Act

OCIE CYBERSECURITY INITIATIVE

Risk-Based Assessment and Scoping of IV&V Work Related to Information Assurance Presented by Joelle Spagnuolo-Loretta, Richard Brockway, John C.

Securing the FOSS VistA Stack HIPAA Baseline Discussion. Jack L. Shaffer, Jr. Chief Operations Officer

SAMPLE BUSINESS ASSOCIATE AGREEMENT

Industry. Cyber Security. Information Sharing at the Technical Level. Guidelines

U.S. Nuclear Regulation after Three Mile Island

Ohio Homeland Security Strategic Plan

COMPUTER SECURITY OF INSTRUMENTATION AND CONTROL SYSTEMS AT NUCLEAR FACILITIES

Business Associates, HITECH & the Omnibus HIPAA Final Rule

1. Computer Security: An Introduction. Definitions Security threats and analysis Types of security controls Security services

Transcription:

Ask SME and Learn NRC Cyber Security Regulatory Program Development Mario R. Fernandez Jr., Security Specialist (Cyber) Cyber Security Directorate Office of Nuclear Security & Incident Response 1

Agenda Background What is Cyber Security? (General public s perspective) NRC Cyber Security Program Development Fi t NRC O d i d t dd th t b th t First NRC Orders issued to address the emergent cyber threat Early NRC Guidance issued to conduct a cyber security self- assessment at nuclear power plants (NPPs) Industry s initiative to implement an interim Cyber Security Program for NPPs Current NRC Regulations which require implementation of a comprehensive cyber security program Questions

Background What is Cyber Security? (General public s perspective) Protection of data & systems in networks which may or may not tb be connected dt to the Internet t Measures taken to protect a computer system against unauthorized access or attack The protection of information against unauthorized disclosure, transfer, modification, or destruction, whether accidental or intentional The branch of security responsible for the protection of computer systems and networks. 3

NRC Cyber Security Program Development NRC Order EA-02-026, Interim Safeguards and Security Compensatory Measures for Nuclear Power Plants, Feb 2002 EA-03-086, 086 Design Basis Threat for Radiological Sabotage, in Apr 2003

NEI 03-12, 03 12, Security, Security, Training & Qualification, & Safeguards Contingency Plan Template, (2004) NRC Cyber Security Program Development

NRC Cyber Security Program Development NUREG/CR-6847 Cyber Security Self-Assessment Method for U.S. Nuclear Power Plants, (Nov 2004) superseded NEI 04-04, Cyber Security Program for Power Reactors, (Nov 2005) (At this time the NRC had not yet proposed comprehensive cyber security regulations) superseded NRC performs site reviews to evaluate implementation of NEI 04-04 (2005 2007) 10 CFR 73.1 Cyber Attack is included Design Basis Threat (DBT) Rule (2007) 10 CFR 73.54 Protection ti of Digital it Computer and Communication Systems and Networks (Mar 2009)

NRC Cyber Security Program Development 10 CFR 73.54 Protection of Digital Computer and Communication Systems and Networks (Mar 2009) Protection (high assurance) of digital computer & communication systems associated with: I. Safety-related and important-to-safety functions; II. Security functions; III. Emergency preparedness functions, including offsite communications; AND IV. Support systems and equipment which, if compromised, would adversely impact safety, security, or emergency preparedness (SSEP) functions. 7

NRC Cyber Security Program Development Cyber Security Regulatory Perspective Cyber Security Those measures and controls, implemented to comply with 10 CFR 73.54, to protect digital systems against the malicious acts of an intelligent adversary up to and including the design basis threat (cyber attack), as defined by 10 CFR 73.1 Cyber Threat An individual, entity, or action that by cyber-means has or indicates the potential to harm life, information, operations, the environment and/or property 8

NRC Cyber Security Regulatory Perspective Cyber Security: General Public s Perspective Those measures and controls, implemented to comply with 10 CFR 73.54, to protect digital systems against the malicious acts of an intelligent adversary up to and including the design basis threat, as defined by 10 CFR 73.1 Protection of data & systems in networks which may or may not be connected to the Internet Measures taken to protect a computer system against unauthorized access or attack Cyber Threat An individual, entity, or action that by cyber-means has or indicates the potential to harm life, information, operations, the The protection of information against unauthorized disclosure, transfer, modification, or destruction, whether accidental or intentional ti The branch of security responsible environment and/or property for the protection of computer systems and networks. 9

Summary Terrorist Attacks NRC Issues DBT Order Cyber Attack NEI 03-12 Target Set Development Includes Cyber 9/11 Cyber Attack Cyber NRC Visits NEI 04-04 NEI 04-04 Interim Cyber Sec Program 10 CFR 73.54 2001 2002 2003 2004 2005 2007 2009 NRC Issues Order Cyber Threat NUREG/CR6847 Cyber Security Self-Assessment Cyber Attack 10 CFR 73.1 10

Questions 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information