ML16074A293
| ML16074A293 | |
| Person / Time | |
|---|---|
| Issue date: | 04/12/2016 |
| From: | Dan Collins NRC/NMSS/DMSTR/SMPB |
| To: | Ashkeboussi N, Fairobent L, Gray P, Kirner N, Ouhib Z, Tomlinson C American Association of Physicists in Medicine, American Brachytherapy Society, American Society of Radiologic Technologists, Health Physics Society, International Source Suppliers & Producers Association, Nuclear Energy Institute |
| Wu I | |
| References | |
| OMB 3150-0227 | |
| Download: ML16074A293 (19) | |
Text
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 April 12, 2016 Ms. Lynne Fairobent Senior Manager for Government Relations American Association of Physicists in Medicine One Physics Ellipse College Park, MD 20740-3846
SUBJECT:
NOTIFICATION OF UPCOMING DISTRIBUTION OF MATERIALS CYBER SECURITY QUESTIONNAIRE
Dear Ms. Fairobent:
In the near future, the U.S. Nuclear Regulatory Commission (NRC) will be distributing a voluntary questionnaire to all NRC and Agreement State byproduct materials licensees that possess Category 1 or Category 2 quantities of radioactive materials (as defined in Title 10 of Code of Federal Regulations, Part 37). Licensees will receive the questionnaire by e-mail from MaterialsCyber.Resource@nrc.gov. In the e-mail, licensees will be provided guidance on what information should not be included in their response and instructions on how to submit responses to the questionnaire. The NRC is requesting that responses to these questionnaires be submitted within 30 days from receipt of the e-mail.
The NRC is notifying you of distribution of the questionnaire and would appreciate your assistance in encouraging the members of your organization to complete this questionnaire.
The responses we receive will assist the NRC in better understanding the potential vulnerabilities and risks associated with cyber threats and will form the basis for any recommendations and possible actions for consideration.
The questionnaire covers, but is not limited to, the following areas:
The use of devices with software-based control systems, such as irradiators and stereotactic radiosurgery systems.
The use of access control or intrusion detection systems that support the physical security of facilities.
The use of computer systems that licensees use to maintain their source inventories.
The use of digital technology used to support response communications/coordination.
L. Fairobent 2
A copy of the questionnaire to be distributed is enclosed.
If you have any questions regarding this correspondence, please contact me at (301) 415-3340 or the individual named below:
POINT OF CONTACT: Irene Wu E-MAIL: Irene.Wu@nrc.gov TELEPHONE: (301) 415-1951
/RA/
Daniel S. Collins, Director Division of Material Safety, State, Tribal and Rulemaking Programs Office of Nuclear Material Safety and Safeguards
Enclosure:
Materials Cyber Security Questionnaire
L. Fairobent 2
A copy of the questionnaire to be distributed is enclosed.
If you have any questions regarding this correspondence, please contact me at (301) 415-3340 or the individual named below:
POINT OF CONTACT: Irene Wu E-MAIL: Irene.Wu@nrc.gov TELEPHONE: (301) 415-1951 Daniel S. Collins, Director Division of Material Safety, State, Tribal and Rulemaking Programs Office of Nuclear Material Safety and Safeguards
Enclosure:
Materials Cyber Security Questionnaire cc: Gary Purdy/NSIR IDENTICAL LETTERS SENT TO: See Attached ML16074A293 OFFICE MSTR/SMPB MSTR/SMPB MSTR NAME IWu SAtack DCollins DATE 3/18/16 3/25/16 4/12/16 OFFICIAL RECORD COPY
Zoubir Ouhib MS FACR DABR American Brachytherapy Society 12100 Sunset Hills Road Suite 130 Reston, VA 20190 Ms. Cindy Tomlinson, MPP American Society of Radiation Oncology 8280 Willow Oaks Corporate Drive Suite 500 Fairfax, VA 22031 Ms. Amy Bereson, Executive Director American Society for Nondestructive Testing PO Box 28518 1711 Arlingate Lane Columbus, OH 43328-0518 Mr. Nima Ashkeboussi Nuclear Energy Institute 1201 F St. NW Suite 1100 Washington, DC 20004-1218 Mr. Paul Gray, Chairman International Source Suppliers and Producers Association 447 March Road Ottawa, ON K2K 1X8 CANADA Ms. Nancy Kirner, President Health Physics Society 17B Cassal Road Winthrop, WA 98862-9134
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 April 12, 2016 Mr. Zoubir Ouhib MS FACR DABR American Brachytherapy Society 12100 Sunset Hills Road Suite 130 Reston, VA 20190
SUBJECT:
NOTIFICATION OF UPCOMING DISTRIBUTION OF MATERIALS CYBER SECURITY QUESTIONNAIRE
Dear Mr. Ouhib:
In the near future, the U.S. Nuclear Regulatory Commission (NRC) will be distributing a voluntary questionnaire to all NRC and Agreement State byproduct materials licensees that possess Category 1 or Category 2 quantities of radioactive materials (as defined in Title 10 of Code of Federal Regulations, Part 37). Licensees will receive the questionnaire by e-mail from MaterialsCyber.Resource@nrc.gov. In the e-mail, licensees will be provided guidance on what information should not be included in their response and instructions on how to submit responses to the questionnaire. The NRC is requesting that responses to these questionnaires be submitted within 30 days from receipt of the e-mail.
The NRC is notifying you of distribution of the questionnaire and would appreciate your assistance in encouraging the members of your organization to complete this questionnaire.
The responses we receive will assist the NRC in better understanding the potential vulnerabilities and risks associated with cyber threats and will form the basis for any recommendations and possible actions for consideration.
The questionnaire covers, but is not limited to, the following areas:
The use of devices with software-based control systems, such as irradiators and stereotactic radiosurgery systems.
The use of access control or intrusion detection systems that support the physical security of facilities.
The use of computer systems that licensees use to maintain their source inventories.
The use of digital technology used to support response communications/coordination.
Z. Ouhib 2
A copy of the questionnaire to be distributed is enclosed.
If you have any questions regarding this correspondence, please contact me at (301) 415-3340 or the individual named below:
POINT OF CONTACT: Irene Wu E-MAIL: Irene.Wu@nrc.gov TELEPHONE: (301) 415-1951
/RA/
Daniel S. Collins, Director Division of Material Safety, State, Tribal and Rulemaking Programs Office of Nuclear Material Safety and Safeguards
Enclosure:
Materials Cyber Security Questionnaire
Z. Ouhib UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 April 12, 2016 Ms. Cindy Tomlinson, MPP American Society of Radiation Oncology 8280 Willow Oaks Corporate Drive Suite 500 Fairfax, VA 22031
SUBJECT:
NOTIFICATION OF UPCOMING DISTRIBUTION OF MATERIALS CYBER SECURITY QUESTIONNAIRE
Dear Ms. Tomlinson:
In the near future, the U.S. Nuclear Regulatory Commission (NRC) will be distributing a voluntary questionnaire to all NRC and Agreement State byproduct materials licensees that possess Category 1 or Category 2 quantities of radioactive materials (as defined in Title 10 of Code of Federal Regulations, Part 37). Licensees will receive the questionnaire by e-mail from MaterialsCyber.Resource@nrc.gov. In the e-mail, licensees will be provided guidance on what information should not be included in their response and instructions on how to submit responses to the questionnaire. The NRC is requesting that responses to these questionnaires be submitted within 30 days from receipt of the e-mail.
The NRC is notifying you of distribution of the questionnaire and would appreciate your assistance in encouraging the members of your organization to complete this questionnaire.
The responses we receive will assist the NRC in better understanding the potential vulnerabilities and risks associated with cyber threats and will form the basis for any recommendations and possible actions for consideration.
The questionnaire covers, but is not limited to, the following areas:
The use of devices with software-based control systems, such as irradiators and stereotactic radiosurgery systems.
The use of access control or intrusion detection systems that support the physical security of facilities.
The use of computer systems that licensees use to maintain their source inventories.
The use of digital technology used to support response communications/coordination.
C. Tomlinson 2
A copy of the questionnaire to be distributed is enclosed.
If you have any questions regarding this correspondence, please contact me at (301) 415-3340 or the individual named below:
POINT OF CONTACT: Irene Wu E-MAIL: Irene.Wu@nrc.gov TELEPHONE: (301) 415-1951
/RA/
Daniel S. Collins, Director Division of Material Safety, State, Tribal and Rulemaking Programs Office of Nuclear Material Safety and Safeguards
Enclosure:
Materials Cyber Security Questionnaire
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 April 12, 2016 Ms. Amy Bereson, Executive Director American Society for Nondestructive Testing P.O. Box 28518 1711 Arlingate Lane Columbus, OH 43328-0518
SUBJECT:
NOTIFICATION OF UPCOMING DISTRIBUTION OF MATERIALS CYBER SECURITY QUESTIONNAIRE
Dear Ms. Bereson:
In the near future, the U.S. Nuclear Regulatory Commission (NRC) will be distributing a voluntary questionnaire to all NRC and Agreement State byproduct materials licensees that possess Category 1 or Category 2 quantities of radioactive materials (as defined in Title 10 of Code of Federal Regulations, Part 37). Licensees will receive the questionnaire by e-mail from MaterialsCyber.Resource@nrc.gov. In the e-mail, licensees will be provided guidance on what information should not be included in their response and instructions on how to submit responses to the questionnaire. The NRC is requesting that responses to these questionnaires be submitted within 30 days from receipt of the e-mail.
The NRC is notifying you of distribution of the questionnaire and would appreciate your assistance in encouraging the members of your organization to complete this questionnaire.
The responses we receive will assist the NRC in better understanding the potential vulnerabilities and risks associated with cyber threats and will form the basis for any recommendations and possible actions for consideration.
The questionnaire covers, but is not limited to, the following areas:
The use of devices with software-based control systems, such as irradiators and stereotactic radiosurgery systems.
The use of access control or intrusion detection systems that support the physical security of facilities.
The use of computer systems that licensees use to maintain their source inventories.
The use of digital technology used to support response communications/coordination.
A. Bereson 2
A copy of the questionnaire to be distributed is enclosed.
If you have any questions regarding this correspondence, please contact me at (301) 415-3340 or the individual named below:
POINT OF CONTACT: Irene Wu E-MAIL: Irene.Wu@nrc.gov TELEPHONE: (301) 415-1951
/RA/
Daniel S. Collins, Director Division of Material Safety, State, Tribal and Rulemaking Programs Office of Nuclear Material Safety and Safeguards
Enclosure:
Materials Cyber Security Questionnaire
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 April 12, 2016 Mr. Nima Ashkeboussi Nuclear Energy Institute 1201 F St. NW Suite 1100 Washington, DC 20004-1218
SUBJECT:
NOTIFICATION OF UPCOMING DISTRIBUTION OF MATERIALS CYBER SECURITY QUESTIONNAIRE
Dear Mr. Ashkeboussi:
In the near future, the U.S. Nuclear Regulatory Commission (NRC) will be distributing a voluntary questionnaire to all NRC and Agreement State byproduct materials licensees that possess Category 1 or Category 2 quantities of radioactive materials (as defined in Title 10 of Code of Federal Regulations, Part 37). Licensees will receive the questionnaire by e-mail from MaterialsCyber.Resource@nrc.gov. In the e-mail, licensees will be provided guidance on what information should not be included in their response and instructions on how to submit responses to the questionnaire. The NRC is requesting that responses to these questionnaires be submitted within 30 days from receipt of the e-mail.
The NRC is notifying you of distribution of the questionnaire and would appreciate your assistance in encouraging the members of your organization to complete this questionnaire.
The responses we receive will assist the NRC in better understanding the potential vulnerabilities and risks associated with cyber threats and will form the basis for any recommendations and possible actions for consideration.
The questionnaire covers, but is not limited to, the following areas:
The use of devices with software-based control systems, such as irradiators and stereotactic radiosurgery systems.
The use of access control or intrusion detection systems that support the physical security of facilities.
The use of computer systems that licensees use to maintain their source inventories.
The use of digital technology used to support response communications/coordination.
N. Ashkeboussi 2
A copy of the questionnaire to be distributed is enclosed.
If you have any questions regarding this correspondence, please contact me at (301) 415-3340 or the individual named below:
POINT OF CONTACT: Irene Wu E-MAIL: Irene.Wu@nrc.gov TELEPHONE: (301) 415-1951
/RA/
Daniel S. Collins, Director Division of Material Safety, State, Tribal and Rulemaking Programs Office of Nuclear Material Safety and Safeguards
Enclosure:
Materials Cyber Security Questionnaire
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 April 12, 2016 Mr. Paul Gray, Chairman International Source Suppliers and Producers Association 447 March Road Ottawa, ON K2K 1X8 CANADA
SUBJECT:
NOTIFICATION OF UPCOMING DISTRIBUTION OF MATERIALS CYBER SECURITY QUESTIONNAIRE
Dear Mr. Gray:
In the near future, the U.S. Nuclear Regulatory Commission (NRC) will be distributing a voluntary questionnaire to all NRC and Agreement State byproduct materials licensees that possess Category 1 or Category 2 quantities of radioactive materials (as defined in Title 10 of Code of Federal Regulations, Part 37). Licensees will receive the questionnaire by e-mail from MaterialsCyber.Resource@nrc.gov. In the e-mail, licensees will be provided guidance on what information should not be included in their response and instructions on how to submit responses to the questionnaire. The NRC is requesting that responses to these questionnaires be submitted within 30 days from receipt of the e-mail.
The NRC is notifying you of distribution of the questionnaire and would appreciate your assistance in encouraging the members of your organization to complete this questionnaire.
The responses we receive will assist the NRC in better understanding the potential vulnerabilities and risks associated with cyber threats and will form the basis for any recommendations and possible actions for consideration.
The questionnaire covers, but is not limited to, the following areas:
The use of devices with software-based control systems, such as irradiators and stereotactic radiosurgery systems.
The use of access control or intrusion detection systems that support the physical security of facilities.
The use of computer systems that licensees use to maintain their source inventories.
The use of digital technology used to support response communications/coordination.
P. Gray 2
A copy of the questionnaire to be distributed is enclosed.
If you have any questions regarding this correspondence, please contact me at (301) 415-3340 or the individual named below:
POINT OF CONTACT: Irene Wu E-MAIL: Irene.Wu@nrc.gov TELEPHONE: (301) 415-1951
/RA/
Daniel S. Collins, Director Division of Material Safety, State, Tribal and Rulemaking Programs Office of Nuclear Material Safety and Safeguards
Enclosure:
Materials Cyber Security Questionnaire
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 April 12, 2016 Ms. Nancy Kirner, President Health Physics Society 17B Cassal Road Winthrop, WA 98862-9134
SUBJECT:
NOTIFICATION OF UPCOMING DISTRIBUTION OF MATERIALS CYBER SECURITY QUESTIONNAIRE
Dear Ms. Kirneri:
In the near future, the U.S. Nuclear Regulatory Commission (NRC) will be distributing a voluntary questionnaire to all NRC and Agreement State byproduct materials licensees that possess Category 1 or Category 2 quantities of radioactive materials (as defined in Title 10 of Code of Federal Regulations, Part 37). Licensees will receive the questionnaire by e-mail from MaterialsCyber.Resource@nrc.gov. In the e-mail, licensees will be provided guidance on what information should not be included in their response and instructions on how to submit responses to the questionnaire. The NRC is requesting that responses to these questionnaires be submitted within 30 days from receipt of the e-mail.
The NRC is notifying you of distribution of the questionnaire and would appreciate your assistance in encouraging the members of your organization to complete this questionnaire.
The responses we receive will assist the NRC in better understanding the potential vulnerabilities and risks associated with cyber threats and will form the basis for any recommendations and possible actions for consideration.
The questionnaire covers, but is not limited to, the following areas:
The use of devices with software-based control systems, such as irradiators and stereotactic radiosurgery systems.
The use of access control or intrusion detection systems that support the physical security of facilities.
The use of computer systems that licensees use to maintain their source inventories.
The use of digital technology used to support response communications/coordination.
N. Kimer 2
A copy of the questionnaire to be distributed is enclosed.
If you have any questions regarding this correspondence, please contact me at (301) 415-3340 or the individual named below:
POINT OF CONTACT: Irene Wu E-MAIL: Irene.Wu@nrc.gov TELEPHONE: (301) 415-1951
/RA/
Daniel S. Collins, Director Division of Material Safety, State, Tribal and Rulemaking Programs Office of Nuclear Material Safety and Safeguards
Enclosure:
Materials Cyber Security Questionnaire
Enclosure Approved by OMB: No. 3150-0227 Expires: 04/30/2018 Submit responses to MaterialsCyber.resource@nrc.gov.
Questionnaire on Cyber Security at Byproduct Materials Licensees In order to aid the NRC in evaluating cyber security at byproduct materials licensees, it would be helpful if you responded to the following questions. Responses to these questions are not required, and no adverse action will result from not responding to this survey, or from any responses to this survey. Please do not include any Safeguards Information or other controlled information in your responses.
Date:
Name:
Company Name:
License Number(s):
Phone Number:
Email Address:
License Category (select one): Academic, Disposer, Distributor, Fuel Cycle Facility, Irradiator, Medical, Power Reactor, Radiography, Research Reactor, Research and Development, Waste Broker, Well Logging, Other
- 1. Digital/microprocessor-based systems and devices that support the physical security of the licensees facilities. This includes access control systems, physical intrusion detection and alarm systems, video camera monitoring systems, digital video recorders, door alarms, motion sensors, keycard readers, biometric scanners, etc:
Does the facility have a digital access monitoring and control system? [Yes]/[No]
Does the facility have a digital intrusion detection/alarm system? [Yes]/[No]
Does the facility have a digital video monitoring/surveillance system? [Yes]/[No]
Are any such systems connected to a facility local area network? [Yes]/[No]
Is the facility local area network connected/bridged into any other network?
[Yes]/[No]
Can any of these systems be remotely accessed by the vendor? [Yes]/[No]
Can any of these computers be remotely accessed by the IT organization? [Yes]/[No]
Are any of these systems remotely monitored for incident response? [Yes]/[No]
Do any of these systems employ wireless technology? [Yes]/[No]
Is the maintenance/support of any of these systems outsourced? [Yes]/[No]
Is portable media used to move data/files to or from any of these systems?
[Yes]/[No]
If you would like to elaborate on any of your above answers, please use the space below.
2
- 2. Devices/equipment with software-based control, operation, and automation features, such as panoramic irradiators, gamma knives, and fixed radiography:
Are any of these devices connected to a facility local area network? [Yes]/[No]
Is the facility local area network connected/bridged into any other network?
[Yes]/[No]
Can any of these devices be remotely accessed by the vendor? [Yes]/[No]
Can any of these computers be remotely accessed by the IT organization? [Yes]/[No]
Are any of these devices remotely monitored for incident response? [Yes]/[No]
Do any of these devices employ wireless technology? [Yes]/[No]
Is maintenance/support of any of these devices outsourced? [Yes]/[No]
Is portable media used to move data/files to or from any of these devices? [Yes]/[No]
Are periodic/occasional updates made to the software of any of these devices?
[Yes]/[No]
If you would like to elaborate on any of your above answers, please use the space below.
- 3. Computers/systems used to maintain source inventories, audit data, and records necessary for compliance with security requirements and regulations:
Are any of these computers connected to a facility local area network? [Yes]/[No]
Is the facility local area network connected/bridged into any other network?
[Yes]/[No]
Can any of these computers be remotely accessed by the vendor? [Yes]/[No]
Can any of these computers be remotely accessed by the IT organization? [Yes]/[No]
Do any of these computers employ wireless technology? [Yes]/[No]
Is maintenance/support of any of these computers outsourced? [Yes]/[No]
Is portable media used to move data/files to or from any of these computers?
[Yes]/[No]
Are periodic/occasional updates made to the software on any of these computers?
[Yes]/[No]
Is any form of encryption used to protect sensitive data on these computers?
[Yes]/[No]
Are these computers given the latest security patches on a regular basis? [Yes]/[No]
Do any of these computers support email or web browsing functions? [Yes]/[No]
If you would like to elaborate on any of your above answers, please use the space below.
3
- 4. Digital technology used to support incident response communications/coordination such as a digital packet radio system, digital repeater stations, digital trunk radio, etc:
Are all such systems and associated components tested on a periodic basis?
[Yes]/[No]
Are all portable components of such systems periodically inspected for tampering?
[Yes]/[No]
Are all stationary components of such systems located in physically secure areas?
[Yes]/[No]
Have any radio system components received software upgrades from the vendor?
[Yes]/[No]
Is radio system provisioning (changes) performed by licensee personnel? [Yes]/[No]
If you would like to elaborate on any of your above answers, please use the space below.