ML22166A044
| ML22166A044 | |
| Person / Time | |
|---|---|
| Site: | SHINE Medical Technologies |
| Issue date: | 05/11/2022 |
| From: | Meyer A SHINE Medical Technologies |
| To: | NRC/NRR/DANU |
| Shared Package | |
| ML22166A036 | List: |
| References | |
| Download: ML22166A044 (8) | |
Text
Identification of Critical Digital Assets ANDREW MEYER, SAFETY ANALYSIS MANAGER
© SHINE
© SHINE Technologies, Technologies, LLC LLC 1
Critical Digital Assets (CDA)
SHINE Technologies identifies and protects digital assets that, if compromised by a cyber attack, would cause a consequence of concern.
Not all digital assets require protection.
SHINEs approach determines which digital assets require cyber security controls, can be protected by alternate means.
© SHINE Technologies, LLC 2
Critical Digital Assets (CDA), Step 1 Step 1: Identify digital assets associated with consequences of concern o Consequence of concerns are defined as:
Latent - Safeguards: The compromise, as a result of a cyber-attack, of a function required to prevent unauthorized removal of special nuclear material (SNM) of moderate strategic significance.
Active - Safety: Exceeding the SHINE Safety Criteria as a direct result of a cyber-attack.
Latent - Safety: The compromise, as a result of a cyber-attack, of a function required to prevent or mitigate the consequences of an accident which could exceed the SHINE Safety Criteria.
© SHINE Technologies, LLC 3
Critical Digital Assets (CDA), Step 1 SHINE Safety Criteria a1, 2 An acute facility staff dose of 5 rem or greater total effective dose equivalent (TEDE) b1, 3 An acute dose of 1 rem or greater TEDE to any individual located outside the owner controlled area c An intake of 30 mg or greater of uranium in soluble form by any individual located outside the owner controlled area d1, 4 An acute chemical exposure to an individual from licensed material or hazardous chemicals produced from licensed material that could lead to irreversible or other serious, long-lasting health effects to the facility staff or could cause mild transient health effects to any individual located outside the owner controlled area e Criticality where fissionable material is used, handled, or stored (with the exception of the target solution vessel) f Loss of capability to reach safe shutdown conditions 1Acute refers to a single radiation dose or chemical exposure event.
2The control room operator dose is evaluated over a 30 day period, except for accident scenarios involving the tritium purification system, which assumes a 10-day exposure event. The RCA worker dose is evaluated for a 10-minute evacuation period for evacuation.
3 The public exposure event is generally assumed to last for 30 days for all events, except for accident scenarios involving the tritium purification system, which assumes a 10 day exposure event.
4 Hazardous chemicals produced from licensed material are substances having licensed material as precursor compound(s) or substances that physically or chemically interact with licensed materials, or are comingled with licensed materials.
© SHINE Technologies, LLC 4
Critical Digital Assets (CDA), Step 1 o Identify site areas and processes associated with a consequence of concern.
Examine areas and processes for:
o functions that could be compromised to directly cause a safety consequence of concern (i.e., active) o functions needed to prevent a consequence of concern (i.e., latent)
Examine those functions and identify the role of digital assets.
Determine which of types of consequences of concern potentially apply if a compromise of the digital asset were to occur.
Determine whether the compromise of the digital asset would lead to a consequence of concern if a secondary event occurred (i.e., SHINE Safety Analysis considered initiating event). To make these determinations, review:
o software platforms and applications related to digital asset functions or processes o communication and data flow involving the digital asset
© SHINE Technologies, LLC 5
Critical Digital Assets (CDA), Step 2 Step 2: Determine CDAs by considering alternate means.
o Consider the function of the digital asset to determine whether an alternate means exists that could be credited or implemented to prevent the consequence of concern.
The availability and usage of an alternate means is an equivalent substitute for the function provided by the digital asset in lieu of protecting the digital asset via cyber security control.
o When considering acceptable alternate means, SHINE considers attributes, such as:
are protected from a cyber attack can be activated in a timely manner to prevent the are sufficiently reliable and adequately identified consequence of concern implemented consistent with other safety or would be implemented with available resources security features do not contribute to other vulnerabilities or lead to a are properly maintained and periodically tested consequence of concern prevent the identified consequence of concern
© SHINE Technologies, LLC 6
Critical Digital Assets (CDA), Step 2 o Crediting a manual action as an acceptable alternate means should only be done after determining that the action is reliable.
The compromise of a function by a cyber attack is extremely difficult to detect and should not be relied upon to initiate a manual action (i.e., reactive actions are generally not acceptable alternate means).
o If no alternate means exist for a digital asset, it is a CDA.
© SHINE Technologies, LLC 7
Critical Digital Assets (CDA) Documentation Final results of CDA analysis are documented in a technical report, including the following information:
Alternate Means Description of Consequence of Implementing Control Name Location Present Alternate Means Concern (yes or no) (if applicable) (applicable for CDAs)
Active - Safety Digital Asset Latent - Safety Latent-Safeguard
© SHINE Technologies, LLC 8