ML24127A004
| ML24127A004 | |
| Person / Time | |
|---|---|
| Issue date: | 05/06/2024 |
| From: | Siddiky T NRC/NSIR/DPCP/CSB |
| To: | |
| References | |
| ML24114A285 | |
| Download: ML24127A004 (11) | |
Text
Public Meeting on Proposed Changes to Enhance the Cybersecurity Baseline Inspection Tanvir Siddiky NSIR/DPCP/CSB 1
Background:
Inspection Challenges
- Present alternate options to conduct inspections
- Qualitative and quantitative analysis of alternate options and evaluation
- Obtain feedback from stakeholders and the public Meeting Topics 2
Reasons for Reviewing Alternate Frequencies and Team Composition
- Completing biennial cybersecurity inspections in one-week onsite has been challenging for the NRC and the Industry.
- Sometimes a high number of questions and requests present a challenge to both the NRC and licensees (resources, SMEs not available during the inspection week, prolongation of direct inspection effort.)
- There are lot of issues identified that need to be dispositioned within a very short turnaround prior to exiting during the onsite week.
- The inspection team does not have sufficient time to assess licensee responses when licensees challenge issues and potential findings.
- Large inspection team (4-person team) - typical engineering inspection is 2 onsite weeks with an in-between week which provides the inspection team and licensee response team more time to address identified issues.
3
NRCs Response to Cybersecurity Inspection Challenges
- Established a working group with representatives from all four regions to analyze and develop solutions to address identified challenges.
- Consider alternate inspection completion frequencies (e.g. annual, triennial, etc.) and team composition to gain efficiencies and effectiveness.
- Evaluate all potential options, including maintaining the current biennial inspection 4
Alternate Options Inspection Frequency (Yrs.)
Inspection Team Members Onsite Inspection Weeks Annual 2
1 Biennial
[Current Inspection Frequency]
4 1
Triennial -
[3 Person Team]
3 2
Triennial
[4 Person Team]
4 2
Quadrennial 4
2 5
Team Composition and Direct Inspection FTE Inspection Frequency (Yrs.)
Inspection Team Members Onsite Inspection Weeks Inspection Cycles in a 12 yr. Period.
Direct Inspection FTE (Onsite Weeks) in a 12 yr. Period.
Annual 2
1 12 24 Biennial
[Current Inspection Frequency]
4 1
6 24 Triennial -
Team Light
[3 Person Team]
3 2
4 24 Triennial
[4 Person Team]
4 2
4 32 Quadrennial 4
2 3
24
- Significant DIE Budget Impact**
Current DIE Budget No DIE Budget Impact No DIE Budget Impact No DIE Budget Impact
- DIE = Direct Inspection Effort 6
RISK ASSESSMENT OF POTENTIAL SOLUTIONS TWO METHODS WERE USED TO EVALUATE THE PROBLEM STATEMENT:
QUALITATIVE : BOOLEAN ALGEBRA QUANTITATIVE : RATINGS FROM LEAST FAVORABLE TO MOST FAVORABLE TO ACHIEVE ACCEPTANCE CRITERIA 7
QUALITATIVE EVALUATION RESULTS 8
QUANTITATIVE EVALUATION RESULTS 9
Next Steps
- Obtain feedback from the stakeholders
- Assess and evaluate the feedback
- Present final recommendation to management
- Revise inspection procedure with management approval
- Public meeting to present revised procedure 10
QUESTIONS and COMMENTS?
Comments Questions 11