ML24284A230
ML24284A230 | |
Person / Time | |
---|---|
Issue date: | 10/10/2024 |
From: | Tammie Rivera NRC/NSIR/DPCP/CSB |
To: | |
References | |
Download: ML24284A230 (10) | |
Text
U.S. Nuclear Regulatory Commission Efforts on Cybersecurity for Small Modular Reactors Tammie Rivera, Cybersecurity Specialist Office of Nuclear Security and Incident Response U.S. Nuclear Regulatory Commission International Conference on Small Modular Reactors and their Applications 21-25 October 2024, Vienna, Austria
What is the NRC Doing?
- Developing a new risk-informed, technology-inclusive regulatory framework for advanced reactors (Part 53), including cybersecurity (proposed 10 CFR 73.110).
Provides a graded approach for advanced reactors, including small modular reactors (SMRs), to protect digital computers, communication systems, and networks based on consequences for the differing risk levels within the advanced reactor technologies.
Addresses challenges regarding regulating a broad landscape of novel reactor designs.
- Developing implementing guidance to be used by operators to meet the proposed regulations.
- Conducting research activities to better understand emerging technologies.
2
Broad Landscape of Advanced Reactor Designs 3
Source: Presentation on 10 CFR Part 53 Licensing and Regulation of Commercial Nuclear Plants available via Agencywide Documents Access and Management System Accession Number ML22038A001.
Why Are We Doing It?
- The proposed regulatory framework aims to:
Modernize licensing Provide flexibility and clarity of a regulatory approach for applicants and licensees and reduces the need for regulatory exemptions Address a broad range of technologies and designs Provide a performance-based, graded approach versus prescriptive requirements Promote innovation and enable the use of technology advances in security requirements for physical security, cybersecurity, fitness for duty, access authorization, and emergency preparedness Leverage experience from research and test reactors, large light water reactors, certain fuel cycle facilities, and medical isotope facilities Encourage security by design Provide provisions for factory fuel load 4
Proposed Cyber Requirements (10 CFR 73.110)
Note: This staff-proposed rulemaking and guidance has been documented in SECY-23-0021 and has been released for public comment. More information on the rulemaking process is available at https://www.nrc.gov/about-nrc/regulatory/rulemaking/rulemaking-process.html.
5
Draft Regulatory Guide Development Draft Guidance-5075 Establishing Cybersecurity Programs for Commercial Nuclear Plants Licensed Under 10 CFR Part 53 An acceptable approach for meeting the 10 CFR 73.110 requirements Effective guidance to support a technology-inclusive, performance-based, and risk-informed cybersecurity regulatory framework Leverages IAEA and IEC security concepts 6
Draft Regulatory Guide Three-Tier Analysis Approach 7
Gaining a Better Understanding Through Research Field Programmable Gate Arrays (FPGAs)
Autonomous Control and Remote Access Artificial Intelligence (AI)/Machine Learning (ML)
Wireless 8
Future NRC Work
- Address any NRC Commission feedback on proposed rule and implementing guidance; issue final rule by 2027.
Encourage comments and stakeholder feedback during public comment period.
- Continue working on topics for inclusion in the guidance to support the proposed cybersecurity requirements such as:
Using a performance-based approach for the selection of cybersecurity measures, and Implementation of emerging technologies and novel use cases, such as remote operation and autonomous operation.
- Several research initiatives are underway to better understand the cybersecurity considerations associated with implementation of emerging technology.
9
Authors Paper
Title:
NRC Regulatory Efforts for Cybersecurity of Small Modular Reactors Tammie Rivera Ismael Garcia Cybersecurity Specialist Senior Technical Advisor for Digital I&C and Cyber Division of Physical and Cybersecurity Policy Office of Nuclear Security and Incident Response U.S. Nuclear Regulatory Commission (NRC) 10