M190925: Cybersecurity Inspection Updates

ML19270D581
Person / Time
Issue date:	09/25/2019
From:	NRC/OCM
To:
Shared Package
ML19270D537	List: ML19270D575 ML19270D577 ML19270D578 ML19270D580 ML19270D581 ML19270D583 ML19270D584 ML19273A082
References
M190925
Download: ML19270D581 (7)
v • d • e

Text

U.S.NRC United States Nuclear Regulatory Commission Protecting People and the Environment Cyber Security Updates Shana Helton, Director, DPCP, NSI R NRC/FERC Joint Commission Meeting September 25, 2019

Agenda

• Full Implementation Inspections Proceeding Well

• Focus Areas to Improve Guidance

• Assessment to Identify Risk-Informed Enhancements to Cyber Program

• Cyber Rule Applies to New and Advanced Reactor Designs

Full Implementation Inspections Proceeding Well

• Full implementation includes:

- Technical controls for all CDAs

- Provisions for incident response, supply chain, configuration management &

audits

• NRC inspections are ---63% complete

- 100% completed by Q 1 FY2 l

• Inspections have resulted in findings of very low safety significance

Focus Areas to Improve Guidance

• Portable media & mobile device

• Quality of critical digital asset & system assessments

• Implementation of the vulnerability assessment program

• Ongoing monitoring & assessment program

Assessment to Identify Risk-Informed Enhancements to Cyber Program

• Cyber Security Program Assessment

- Licensees and other External Stakeholders (including FERC)

- Many actionable comments received

• Path forward

- CDA scoping criteria

- Future inspection program

Cyber Rule Applies to New and Advanced Reactor Designs

Acronyms

• CDA - Critical Digital Asset

• CSP - Cyber Security Plan

• DPCP - Division of Physical & Cyber Security Policy

• FERC - Federal Energy Regulatory Commission

• NEI - Nuclear Energy Institute

• NERC - North American Electric Reliability Corporation

• NSIR - Office of Nuclear Security & Incident Response