Text

February 15, 2022 NRC CISO Advisory GA-22-046-01 Nuclear Regulatory Commission Chief Information Security Officer (CISO)

On February 12, 2022 the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) released the general advisory Shields Up in response to recent developing geopolitical events surrounding potential conflict in the Ukraine with Russia.

While there are currently no specific credible threats to the U.S. homeland, CISA urges cybersecurity personnel in critical infrastructure to review the January 11, 2022 CISA Alert AA22-011A Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S.

Critical Infrastructure.

The Shields Up advisory recommends that organizations adopt a heightened posture for protecting critical assets that may include actions such as:

Ensuring software is up to date, prioritizing updates that address known vulnerabilities identified by CISA; Ensuring cybersecurity personnel are focused on identifying and assessing unexpected or unusual network behavior; Ensuring incident response teams are aware of their roles and responsibilities; and Ensuring Industrial Control Systems or other operational technology manual controls, if applicable, are working as designed.

As the nations cyber defense agency, CISA is available to help organizations improve cybersecurity and resilience. If you are not receiving alerts from CISA, I recommend you reach out to the Nuclear Reactor, Materials, and Waste Sector Risk Management Agency at NuclearSSA@hq.dhs.gov or contact the NRC CISO for assistance.

Please feel free to contact the NRC CISO at CISO@nrc.gov if you have questions or concerns.

Thank you, Jonathan Feibus, CISO U.S. Nuclear Regulatory Commission Office of the Chief Information Officer 11545 Rockville Pike, Rockville, MD 20850 Office: 301-415-0717 l TWFN 6B85