ML22280A116
Jump to navigation
Jump to search
| ML22280A116 | |
| Person / Time | |
|---|---|
| Issue date: | 10/13/2022 |
| From: | Tammie Rivera NRC/NSIR/DPCP/CSB |
| To: | |
| Rivera T | |
| References | |
| Download: ML22280A116 (8) | |
Text
2022 Cybersecurity Inspections Lessons Learned Public Meeting (Open Session)
October 13, 2022 1:00 - 3:00 P.M.
Tammie Rivera, Cyber Security Specialist Cyber Security Branch Division of Physical and Cyber Security Policy Office of Nuclear Security and Incident Response
Topics
- Background
- Discuss lessons learned and best practices
- Comments and feedback 2
Key Messages
- Staff identified lessons learned and trends from the 2022 cybersecurity inspections.
- Focused on the inspection activities from February through September 2022.
- Identified lessons learned and best practices to assist in developing action plans to ensure efficiency and effectiveness for future inspections.
3
Background
- Objectives of IP 71130.10
- 1. To provide assurance that digital equipment associated with safety, security, or emergency preparedness (SSEP) functions are adequately protected against cyber-attacks in accordance with (10 CFR) 73.54 and the licensee's approved cyber security plan (CSP).
- 2. To verify that CSP changes and reports are in accordance with 10 CFR 50.54(p).
4
Background Continued
- ROP baseline cyber inspections 2022
- IP 71130.10 revised to reflect baseline inspection objectives
- Biennial baseline inspections started Feb 2022
- Evaluate changes to the program, critical systems, and CDAs 5
Lessons Learned - Inspection Process
- Request for information (RFI) process
- During inspection prep week, questions forwarded to licensee support team prior to the inspection
- Length of the inspection causes tight inspection schedule
- Issues often dispositioned after inspection week
- Conducting virtual entrance and exit meetings 6
Positive Observations
- Sites with complete, accurate, and well-documented CDA assessments often prevent downstream cyber questions and demonstrate program health
- Knowledgeable and competent staff as POCs critical to successful and efficient inspection
- Timely documentation and resolution of issues 7
Meeting Feedback & POCs To submit feedback and comments please:
- Navigate to this meeting on the NRC Public Meeting Schedule
- Click the Meeting Feedback Form link Meeting POCs: Tammie Rivera and Mario Fernandez Tammie.Rivera@nrc.gov and Mario.Fernandez@nrc.gov Cyber Security Branch Division of Physical and Cyber Security Policy Office of Nuclear Security and Incident Response 8