ML25168A251
| ML25168A251 | |
| Person / Time | |
|---|---|
| Issue date: | 07/16/2025 |
| From: | Siddiky T NRC/NSIR/DPCP/CSB |
| To: | |
| References | |
| ML25168A250 | |
| Download: ML25168A251 (10) | |
Text
Changes to the Cybersecurity Baseline Inspection Tanvir Siddiky Reactor Systems Engineer (Cyber)
Cybersecurity Branch Division of Physical and Cybersecurity Policy Office of Nuclear Security and Incident Response 1
Meeting Agenda
- Introductions
- Opening Remarks
- Presentation
- Q & A
- Closing Remarks 2
=
Background===
- Lessons learned and feedback from stakeholders at the end of CY 2023 identified the need to assess cybersecurity inspections frequency, team composition, and duration of the inspections.
- In response to the lessons learned and feedback provided by stakeholders, the Cybersecurity Branch (CSB) established a working group to assess and evaluate cybersecurity inspections based on the feedback received.
3
4 Assessment and Evaluation Methods The WG identified attributes to enhance the cybersecurity inspections and developed two methods to evaluate different options:
1.
Qualitative: Boolean algebra based.
2.
Quantitative: Ratings from least favorable to most favorable option to achieve acceptance criteria.
Evaluation Methods & Engagements with the Industry
- Six alternate options were proposed and evaluated using the qualitive and quantitative methods.
- The six options proposed were discussed in a public meeting with the industry on 05/07/2024. The NRC solicited feedback and comments regarding the proposed alternatives.
- NEI requested the NRC to consider another option proposed by the industry and discussed the details of this option during a second public meeting on 10/21/2024.
- The WG included NEIs option in the evaluation methods and provided recommendations to management.
5
Other Considerations for Making Changes to the Cybersecurity Inspection
- Section 507 of the ADVANCE Act:
- NSIR Oversight and Inspection Initiative 10 for Operating Rx - Cybersecurity:
- Evaluate the inspection frequency and resources (underway before the ADVANCE Act).
- Revise the inspection procedure (IP).
- Request for Information Adjustments.
- Executive Order 14300 Section 5 (g):
- Revise the ROP and security rules and requirements to reduce unnecessary burdens
- The goal is to make compliance easier and more cost-effective 6
Proposed Changes to the Cybersecurity Inspection
- Cybersecurity inspections will be conducted on a triennial basis.
- Team composition: 2 NRC inspectors and 1 cybersecurity SME, one-week onsite.
7
8 Inspection Frequency (Yrs.)
Years Onsite Inspection Weeks Inspection Team Members Normalization 6 yr period
- of inspections Biennial Current Inspection Format 2
1 4
3 Triennial Proposed New Inspection Format 3
1 3
2 Proposed Changes to the Cybersecurity Inspection
Proposed Changes to IP 71130.10 and the RFI
- IP 71130.10 currently under revision:
- Adjust IP scope to align with changes (ROP Changes - ADVANCE Act)
Consideration for minimum samples Team composition and frequency of inspections
- Use risk-informed principles for sampling and for safety significant.
- RFI: Evaluating options to streamline/reduce information needs to support inspection activities, including the use of modern tools (e.g., the NRC e-library).
9
QUESTIONS and COMMENTS?
Comments Questions 10