ML22047A230
| ML22047A230 | |
| Person / Time | |
|---|---|
| Issue date: | 02/18/2022 |
| From: | Samson Lee NRC/NSIR/DSO/SOSB |
| To: | |
| References | |
| SA 2022-04 | |
| Download: ML22047A230 (3) | |
Text
.
February 18, 2022 SECURITY ADVISORY FOR POWER REACTORS, INCLUDING THOSE UNDER CONSTRUCTION; NONPOWER PRODUCTION AND UTILIZATION FACILITIES; DECOMMISSIONING REACTORS, INCLUDING THOSE THAT ARE PERMANENTLY DEFUELED BUT HAVE NOT TRANSITIONED TO DECOMMISSIONING; FUEL FABRICATION, ENRICHMENT, AND CONVERSION/DECONVERSION FACILITIES; INDEPENDENT SPENT FUEL STORAGE INSTALLATIONS; LICENSEES POSSESSING SPECIAL NUCLEAR MATERIAL UNDER TITLE 10 OF THE CODE OF FEDERAL REGULATIONS PART 70; LICENSEES REGULATED UNDER TITLE 10 OF THE CODE OF FEDERAL REGULATIONS PART 37; AND ALL RADIATION CONTROL PROGRAM DIRECTORS AND STATE LIAISON OFFICERS SA 2022-04
SUBJECT:
SITUATIONAL AWARENESSGEOPOLITICAL TENSIONS AND THE CURRENT CYBER THREAT ENVIRONMENT The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (DHS/CISA) and its partners have issued a series of cyber security products to ensure that U.S. critical infrastructure sectors are aware of and prepared to mitigate and respond to cyber security threats to their most critical assets. While there are not currently any specific credible threats to the U.S. homeland, CISA is mindful of the potential for threat actors to use cyber attacks against critical infrastructure to escalate or destabilize the current geopolitical environment. Therefore, CISA has been working closely with its critical infrastructure partners to ensure awareness of potential threats and mitigative actions. The U.S. Nuclear Regulatory Commission (NRC) is issuing this security advisory to provide situational awareness to its licensees and Agreement States and to ensure they are aware of CISAs alerts and other related products.
CISA has consolidated its cyber security guidance related to the current threat environment at a central Web site, Shields Up (https://www.cisa.gov/shields-up). This Web site contains recommended actions for U.S. critical infrastructure: (1) take steps to quickly detect a potential cyber intrusion; (2) ensure that the organization is prepared to respond if an intrusion occurs; and (3) maximize the organizations resilience to a destructive cyber incident. The NRC recommends that all addressees review CISAs Shields Up Web site, as well as CISA Alert AA22-011A, Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S.
Critical Infrastructure (https://www.cisa.gov/uscert/ncas/alerts/aa22-011a), and take appropriate mitigative actions in accordance with applicable licensee procedures and cyber security plans, as applicable.
Suspicious activity reporting is important to the U.S. Governments security mission. The NRC encourages its licensees to remain vigilant and report cyber-related suspicious activity to CISA at central@cisa.gov and to the Federal Bureau of Investigations 24-hour Cyber Watch at (855) 292-3937 or cywatch@fbi.gov. Licensees subject to Title 10 of the Code of Federal Regulations (10 CFR) 73.54, Protection of digital computer and communication systems and
networks, are reminded of their obligation to report to the NRC certain cyber-related events under 10 CFR 73.77, Cyber security event notifications.
If you have any questions concerning this advisory, contact the technical point of contact below.
Backfit Analysis Statement: This security advisory does not amend or impose new requirements or constitute a new or different regulatory staff position interpreting Commission rules and, therefore, does not constitute backfitting as defined in 10 CFR 50.109, Backfitting, or 10 CFR 70.76, Backfitting, or 10 CFR 72.62, Backfitting. Consequently, the staff did not perform a backfit analysis.
Paperwork Reduction Act Statement: This security advisory does not contain information collections and, therefore, is not subject to the requirements of the Paperwork Reduction Act of 1995 (Title 44 of the United States Code, Section 3501, et seq.).
Johnson, Dante signing on behal of Lee, Samuel on 02/18/22 Approved by: _______________________
Samuel S. Lee, Acting Director Division of Security Operations Office of Nuclear Security and Incident Response Technical
Contact:
NRC Cyber Assessment Team cyber@usnrc.onmicrosoft.com
Memo ML22047A230
- via email OFFICE NSIR/DPCP/CSB ADM/DRMA* NMSS/MSST/MSEB NSIR/DSO/ILTAB NAME BYip BY KAzariah-Kribbs KA DWhite DW RRichardson RR DATE Feb 16, 2022 Feb 16, 2022 Feb 16, 2022 Feb 16, 2022 OCIO/GEMSD OFFICE NSIR/DSO NSIR/DPCP/RSB NSIR
/FLICB/ICT MSampson NAME DCullison DC SPrasad SP SLee SL JBeardsley for JB DATE Feb 16, 2022 Feb 16, 2022 Feb 17, 2022 Feb 16, 2022 OFFICE NSIR/DPR NRR/DANU NRR/DORL NMSS/DUWP RJohnson MShams JMarshall NAME BPham BP GWarnick for GW JBowen for JB ARoberts for AR DATE Feb 17, 2022 Feb 17, 2022 Feb 17, 2022 Feb 17, 2022 OGC/GCRPS OFFICE NRR/DANU NMSS/MSST NMSS/DFM
/HLWFCNS/NLO*
KWilliams NAME BSmith BS JMaltese JM SHelton SH TClark for TC DATE Feb 17, 2022 Feb 17, 2022 Feb 17, 2022 Feb 17, 2022 OFFICE NMSS/DFM NSIR* NSIR CRegan SLee NAME MGavrilas MG PMcKenna for PM DJohnson for DJ DATE Feb 17, 2022 Feb 18, 2022 Feb 18, 2022