ML22280A116
| ML22280A116 | |
| Person / Time | |
|---|---|
| Issue date: | 10/13/2022 |
| From: | Tammie Rivera NRC/NSIR/DPCP/CSB |
| To: | |
| Rivera T | |
| References | |
| Download: ML22280A116 (8) | |
Text
2022 Cybersecurity Inspections Lessons Learned Tammie Rivera, Cyber Security Specialist Cyber Security Branch Division of Physical and Cyber Security Policy Office of Nuclear Security and Incident Response Public Meeting (Open Session)
October 13, 2022 1:00 - 3:00 P.M.
Topics
- Background
- Discuss lessons learned and best practices
- Comments and feedback 2
Key Messages
- Staff identified lessons learned and trends from the 2022 cybersecurity inspections.
- Focused on the inspection activities from February through September 2022.
- Identified lessons learned and best practices to assist in developing action plans to ensure efficiency and effectiveness for future inspections.
3
=
Background===
- Objectives of IP 71130.10
- 1. To provide assurance that digital equipment associated with safety, security, or emergency preparedness (SSEP) functions are adequately protected against cyber-attacks in accordance with (10 CFR) 73.54 and the licensee's approved cyber security plan (CSP).
- 2. To verify that CSP changes and reports are in accordance with 10 CFR 50.54(p).
4
Background Continued ROP baseline cyber inspections 2022
- IP 71130.10 revised to reflect baseline inspection objectives
- Biennial baseline inspections started Feb 2022
- Evaluate changes to the program, critical systems, and CDAs 5
Lessons Learned - Inspection Process
- Request for information (RFI) process
- During inspection prep week, questions forwarded to licensee support team prior to the inspection
- Length of the inspection causes tight inspection schedule
- Issues often dispositioned after inspection week
- Conducting virtual entrance and exit meetings 6
Positive Observations
- Sites with complete, accurate, and well-documented CDA assessments often prevent downstream cyber questions and demonstrate program health
- Knowledgeable and competent staff as POCs critical to successful and efficient inspection
- Timely documentation and resolution of issues 7
Meeting Feedback & POCs To submit feedback and comments please:
- Navigate to this meeting on the NRC Public Meeting Schedule
- Click the Meeting Feedback Form link Meeting POCs: Tammie Rivera and Mario Fernandez Tammie.Rivera@nrc.gov and Mario.Fernandez@nrc.gov Cyber Security Branch Division of Physical and Cyber Security Policy Office of Nuclear Security and Incident Response 8