Text

.

MEMORANDUM TO:

Mario Fernandez, Chief Cybersecurity Branch Division of Physical and Cybersecurity Policy Office of Nuclear Security and Incident Response FROM:

Tanvir Siddiky, Reactor Systems Engineer (Cyber)

Cybersecurity Branch Division of Physical and Cybersecurity Policy Office of Nuclear Security and Incident Response

SUBJECT:

SUMMARY

OF JUNE 18, 2025, PUBLIC MEETING TO PROPOSE CHANGES TO THE CYBERSECURITY BASELINE INSPECTION On June 18, 2025, the U.S. Nuclear Regulatory Commission (NRC) hosted an open public meeting to announce proposed changes to the cybersecurity baseline inspection beginning in January 2026. The meeting notice is available in the Agencywide Documents Access and Management System (ADAMS) accession # ML25154A365. Approximately 101 participants, representing the NRC, the industry, and members of the public attended the meeting.

Tanvir Siddiky from the Cybersecurity Branch (CSB), Office of Nuclear Security and Incident Response (NSIR) began the meeting by thanking all the participants, attendees, and panelists.

Only the industry panelists and NRC management were introduced. Participants online and on the phone were not introduced in the best interest of time. Participants information will be entered on the record from the event registration. After the introductions, instructions for the format and procedures for participating in the meeting were provided.

Next, Shakur Walker, Deputy Director, Division of Physical and Cybersecurity Policy, NSIR, made his opening remarks. Mr. Walker mentioned implementing more effective and targeted strategies to enhance the cybersecurity oversight program. He also emphasized that to improve the oversight program while reducing unnecessary burden, the NRC is streamlining inspections to focus on risk-significant areas to identify serious issues more effectively. This effort is in alignment with the Accelerated Deployment of Versatile Advanced Nuclear for Clean Energy (ADVANCE) Act initiative and Executive Order 14300 section 5(g). He thanked the attendees and the NRC for their valuable insights and support in the ongoing efforts to improve the cybersecurity baseline inspections.

Following Mr. Walkers comments, Mario Fernandez, Chief, CSB, NSIR, also thanked the participants and members of NEI for their attendance, for their feedback and contributions during previous public meetings to assist the NRC staffs efforts to improve the NRC Cybersecurity Oversight Program.

July 15, 2025 Signed by Sid on 07/15/25 The NRC began by discussing the background and rationale for considering alternate options and team compositions for the cybersecurity inspections. The CSB established a working group to assess feedback and lessons learned provided by the industry during the public meeting hosted at the end of the first biennial inspection cycle. The NRC staff developed several alternative options and considered various frequencies, scope and team compositions.

The options developed were evaluated using a qualitative as well as a quantitative risk assessment technique to weigh and compare the efficiencies gained from each option. These options were presented to the industry and the public during a public meeting on May 7, 2024, to solicit stakeholder feedback. After the public meeting, NEI sent a letter to the NRC proposing a different option and requested a public meeting to explain the technical basis and justification for their proposal. The NRC hosted a second public meeting to discuss NEIs proposed changes to the cybersecurity baseline inspections on October 21, 2024. This option was also considered and evaluated using a qualitative and quantitative risk assessment.

In addition to the results produced by the assessment, the working group considered the evaluation of inspection frequency and resources as well as revising the inspection procedure and request for information requirements in light of the ADVANCE Act initiative and EO 14300 section 5(g), which called for revisions to the Reactor Oversight Process and security rules to reduce unnecessary regulatory burden. Based on these considerations, the working group proposes changing the current biennial inspection to a triennial schedule, adjusting the team size composition, and conducting inspections one-week onsite. The staff also discussed adjustments to the cybersecurity inspection procedure 71130.10, Cybersecurity to streamline and make cybersecurity inspections more efficient and effective while ensuring protection of the publics health and safety and advancing the nations common defense and security by enabling the safe and secure use and deployment of civilian nuclear energy technologies and radioactive materials through efficient and reliable oversight.

Once the presentation and the questions and answer session ended, NEI representatives thanked the NRC for organizing the public meeting to announce the proposed changes and discussed options for efficient and effective improvements in the implementation of the cybersecurity program. After the NRC provided closing remarks, the meeting was adjourned by Mr. Siddiky.

Enclosures:

1.

NRC Presentation Slides 2.

Attendance Report

ML25168A250 ; ML25195A200 OFFICE NRC/NSIR/DPCP

/CSB NSIR/DPCP/CSB NRC/NSIR/DPCP

/CSB NAME TSiddiky MFernandez TSiddiky DATE Jul 14, 2025 Jul 15, 2025 Jul 15, 2025