ML21217A177: Difference between revisions

From kanterella
Jump to navigation Jump to search
(StriderTol Bot insert)
 
(StriderTol Bot change)
Line 16: Line 16:


=Text=
=Text=
{{#Wiki_filter:August 17, 2021 SECURITY ADVISORY FOR POWER REACTORS, INCLUDING THOSE UNDER CONSTRUCTION; NONPOWER PRODUCTION AND UTILIZATION FACILITIES; DECOMMISSIONING REACTORS, INCLUDING THOSE THAT ARE PERMANENTLY DEFUELED BUT HAVE NOT TRANSITIONED TO DECOMMISSIONING; FUEL FABRICATION, ENRICHMENT, AND CONVERSION/DECONVERSION FACILITIES; INDEPENDENT SPENT FUEL STORAGE INSTALLATIONS; LICENSEES POSSESSING SPECIAL NUCLEAR MATERIAL UNDER TITLE 10 OF THE CODE OF FEDERAL REGULATIONS PART 70; LICENSEES REGULATED UNDER TITLE 10 OF THE CODE OF FEDERAL REGULATIONS PART 37; AND ALL RADIATION CONTROL PROGRAM DIRECTORS AND STATE LIAISON OFFICERS SA 2021-10
{{#Wiki_filter:}}
 
==SUBJECT:==
SITUATIONAL AWARENESSBLACKBERRY QNX VULNERABILITY On August 17, 2021, the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (DHS/CISA) published Alert AA21-229A, BadAlloc Vulnerability Affecting BlackBerry QNX RTOS (https://us-cert.cisa.gov/ncas/alerts/aa21-229a). This alert describes an exploitable vulnerability in the BlackBerry QNX real-time operating system (RTOS). The QNX RTOS is used in a variety of applications, including industrial control systems. An RTOS with exploitable vulnerabilities may enable actors to deny system availability, exfiltrate data, and move laterally within the systems in which they are installed.
The U.S. Nuclear Regulatory Commission (NRC) is issuing this security advisory to provide situational awareness to its licensees and Agreement States.
The NRC recommends that all licensees review the CISA alert and associated releases and take appropriate mitigative actions in accordance with licensee procedures and, where applicable, cyber security plans.
Reporting suspicious activity is important to the U.S. Governments security mission. The NRC encourages its licensees to remain vigilant and report cyber-related suspicious activity to CISA.
Licensees subject to Title 10 of the Code of Federal Regulations (10 CFR) 73.54, Protection of digital computer and communication systems and networks, are reminded of their obligation to report to the NRC certain cyber-related events under 10 CFR 73.77, Cyber security event notifications.
If you have any questions concerning this advisory, contact the technical point of contact below.
Backfit Analysis Statement: This security advisory does not amend or impose new requirements or constitute a new or different regulatory staff position interpreting Commission rules and, therefore, does not constitute backfitting as defined in 10 CFR 50.109, Backfitting, or 10 CFR 70.76, Backfitting, or 10 CFR 72.62, Backfitting. Consequently, the staff did not perform a backfit analysis.
 
Paperwork Reduction Act Statement: This security advisory does not contain information collections and, therefore, is not subject to the requirements of the Paperwork Reduction Act of 1995 (Title 44 of the United States Code, Section 3501, et seq.).
                                                                    /RA/
Approved by: _______________________
James T. Keene, Acting Director Division of Security Operations Office of Nuclear Security and Incident Response Technical
 
==Contact:==
Brian Yip, NSIR 301-415-3154 brian.yip@nrc.gov
 
==SUBJECT:==
SITUATIONAL AWARENESSBLACKBERRY QNX VULNERABILITY; DATED:
August 17, 2021 OFFICE NSIR/DPCP/CSB        NSIR/DSO/SOSB NSIR/DPCP/CSB  NSIR/DSO/ILTAB QTE NAME  BYip                  SSullivan      JBeardsley    DDavis        KAzariah-Kribbs DATE  8/5/2021              8/5/2021      8/6/2021      8/6/2021      08/10/2021 OFFICE OGC/GCRPS/HLWFCNS/NLO NMSS/MSST      NSIR/DPCP    NRR/DNRL      NPR/DNRL NAME  JMaltese              KWilliams      SHelton      ABradford      MShams DATE  8/11/2021            08/09/2021    08/9/2021    8/6/2021      08/6/2021 OFFICE NMSS/DUWP            NSIR/DPR      NSIR/DSO      NSIR          NMSS/DUWP NAME  PBo                  KBrock        SAtack        SLee          PHolahan DATE  8/9/2021              8/6/2021      8/10/2021    8/18/2021      08/09/2021 OFFICE NRR/DRO              NSIR          NSIR NAME  CMiller              MGavrilas      SLee DATE  8/09/2021            8/12/2021      8/17/2021 OFFICIAL RECORD COPY
                                            }}

Revision as of 01:13, 8 September 2021

SA 2021-10 Situational Awareness - Blackberry Qnx Vulnerability
ML21217A177
Person / Time
Issue date: 08/17/2021
From: Keene J
NRC/NSIR/DSO/SOSB
To:
References
SA 2021-10
Download: ML21217A177 (3)
v  d  e


Text

Retrieved from "https://kanterella.com/w/index.php?title=ML21217A177&oldid=3279521"