ML22136A045
| ML22136A045 | |
| Person / Time | |
|---|---|
| Issue date: | 05/16/2022 |
| From: | Jim Beardsley NRC/NSIR/DPCP |
| To: | |
| Beardsley J | |
| Shared Package | |
| ML22136A042 | List: |
| References | |
| Download: ML22136A045 (9) | |
Text
US Cyber Security Strategy and Regulatory Basis Jim Beardsley Acting Division Director Division of Physical and Cyber Security Policy Office of Nuclear Security and Incident Response U.S. Nuclear Regulatory Commission (NRC)
US Critical Infrastructure Protection The Department of Homeland Security (DHS)
Leads effort to manage cyber and physical risk to the U.S. critical infrastructure May 30,2022 2
Cyber Security Strategy
- The US National Cyber Strategy is organized as part of the National Security Strategy and is a part of the critical infrastructure protection strategy
- The Cyber Strategy is implemented through a series of Presidential orders
- The Department of Homeland Security (DHS) Cyber and Infrastructure Security Agency (CISA) has the overall lead for cyber security outside the Department of Defense May 30,2022 3
Cyber & Infrastructure Security Agency (CISA)
- Leads the US strategic and unified work to strengthen the security, resilience, and workforce of the cyber ecosystem to protect critical services.
- Responsibilities include:
- Secure Federal Networks and Information
- Secure Critical Infrastructure
- Combat Cybercrime
- Cyber Incident Reporting and Coordination May 30,2022 4
Interagency Cyber Security
- The Federal Bureau of Investigation (FBI)
- Criminal investigation of cyber incidents
- Department of Energy (DOE)
- Emergency preparedness and coordinated response to disruptions to the energy sector, including cyber-attacks
- Regulates bulk electrical power and energy distribution including cyber security May 30,2022 5
Nuclear Regulation The US Nuclear Regulatory Commission (NRC) licenses and regulates the Nation's civilian use of radioactive materials to provide reasonable assurance of adequate protection of public health and safety, and to promote the common defense and security, and to protect the environment.
- Separated regulatory (NRC) from promotional role (Department of Energy)
- NRC began operations on January 19, 1975
- The Commission Staff formulate policy; develop regulation, orders to licensees; regulatory guidance and adjudicate legal matters
- The Commission, 5 politically appointed members, approve all regulation, orders and direct staff activities.
May 30,2022 6
Implementing our Regulatory Process Commission Direction Public Engagement May 30,2022 7
NRC Security Regulations
- Physical Security Program
- Cyber Security Program
- Fitness-for-Duty Program
- Access Authorization Program
- Insider Mitigation Program
- Safeguards Information Program 8
Cyber Security Regulation History
- 2002: Interim Compensatory Measure Orders to address the Physical & Cyber Threat
- 2007: Cyber added as an element of the DBT (10 CFR 73.1)
- 2009: Cyber Security Rule implemented (10 CFR 73.54)
- 2015: Cyber Security Reporting Rule (10 CFR 73.77)
May 30,2022 9