1 / 10

NRC Cyber Security Regulatory Program Development Background

This document outlines the development of the Nuclear Regulatory Commission's (NRC) Cyber Security Regulatory Program, focusing on the requirements set forth in the March 2009 Cyber Security Rule (10 CFR 73.54). It details inter-agency cooperation, the phased implementation of cybersecurity measures at nuclear power plants, and NRC oversight through inspections and reporting requirements. The presentation from the November 2014 NESCC meeting, led by Ralph Costello, emphasizes the need for a consequence-based approach to enhance cyber security readiness in nuclear energy facilities.

wyatt-witt
Download Presentation

NRC Cyber Security Regulatory Program Development Background

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NRC Cyber Security Regulatory Program Development Background ANSI Nuclear Energy Standards Coordination Collaborative (NESCC) Meeting November 3, 2014 Ralph Costello, Security Specialist Cyber Security Directorate Office of Nuclear Security & Incident Response

  2. Introduction • Inter-Agency Cooperation • NRC Cyber Security Requirements • Consequence-Based Approach • NRC Inspections • Cyber Security Reporting • Next Steps

  3. Inter-Agency Cooperationon Cyber Security

  4. NRC Requirements • March 2009 Cyber Security Rule (10 CFR 73.54) – Requires that nuclear power plant licensees: • “Provide high assurance that digital computer and communication systems and networks are adequately protected against cyber attacks . . .” • “Establish, implement, and maintain a cyber security program” to protect critical digital assets (CDAs).

  5. Scope of 10 CFR 73.54 • Safety-related and important-to-safety functions, • Security functions, • Emergency preparedness functions, including offsite communications, and • Support systems and equipment important to safety and security.

  6. Phased Implementation Interim Milestones 1-7 (completed by 12/31/2012) • Cyber Security Plans • Addresses key threat vectors Milestone 8 (site specific dates through 2017) • Full cyber security program implementation • Procedures and training • Complete all design remediation actions

  7. Consequence-Based Approach • Graded approach • Focus NRC and licensee resources on most significant issues • Direct vs. Indirect CDAs • Grouping of CDAs • Development of templates and examples for efficiency and consistent implementation

  8. NRC Oversight • NRC inspections of Milestones 1-7 are ongoing • 39 inspections completed to date • Completion scheduled for 2015 • NRC inspections of full implementation of cyber security implementation will begin in 2016 (Milestone 8)

  9. Cyber Security Event Notification Rule • Reporting requirements • Proposed rule was issued in 2011 • Public engagement • Public meetings • Public comments • Final rule scheduled for 2015

  10. Thank You Questions Comments Discussion

More Related