Example: confidence

Nuclear Regulatory Commission Cyber Security …

Nuclear Regulatory CommissionNuclear Regulatory CommissionCyber Security ProgramCyber Security ProgramBarry WestreichBarry WestreichyyDirectorDirectorCyber Security DirectorateCyber Security DirectorateOffif N lSit & I idt ROffif N lSit & I idt R1 Office of Nuclear Security & Incident Response Office of Nuclear Security & Incident Response Nuclear Regulatory Commission2 The Nuclear Regulatory Commission (NRC) was created as an independentagency by Congress in 1974 to ensure the safe use of radioactive materials for beneficial civilian purposes while protecting people and the environment. 3 Commercial Power Reactors, Non Power reactorsreactors4 Hospitals, Nuclear Fuel Cycle, Fuel StorageStorage 5 NRC Cyber Security Historyyyy 2002 2003; NRC included the first Cyber requirementsinPhysicalSecurityandrequire ments in Physical Security and Design Basis Threat Orders 2005; NRC supported industry voluntary cyberprog

The U.S. Nuclear Regulatory Commission (NRC) was created as an independentagency by Congress in 1974 to ensure the safe use of radioactive materials for beneficial civilian purposes while protecting people

Tags:

  Security, Commission, Regulatory, Nuclear, Cyber, Nuclear regulatory commission, Nuclear regulatory commission cyber security

Information

Domain:

Source:

Link to this page:

Please notify us if you found a problem with this document:

Other abuse

Transcription of Nuclear Regulatory Commission Cyber Security …

1 Nuclear Regulatory CommissionNuclear Regulatory CommissionCyber Security ProgramCyber Security ProgramBarry WestreichBarry WestreichyyDirectorDirectorCyber Security DirectorateCyber Security DirectorateOffif N lSit & I idt ROffif N lSit & I idt R1 Office of Nuclear Security & Incident Response Office of Nuclear Security & Incident Response Nuclear Regulatory Commission2 The Nuclear Regulatory Commission (NRC) was created as an independentagency by Congress in 1974 to ensure the safe use of radioactive materials for beneficial civilian purposes while protecting people and the environment. 3 Commercial Power Reactors, Non Power reactorsreactors4 Hospitals, Nuclear Fuel Cycle, Fuel StorageStorage 5 NRC Cyber Security Historyyyy 2002 2003; NRC included the first Cyber requirementsinPhysicalSecurityandrequire ments in Physical Security and Design Basis Threat Orders 2005; NRC supported industry voluntary cyberprogram(NEI04 04) Cyber program (NEI 0404) 2009; 10 CFR , Cyber Security Rule 2012.

2 Implementation/Oversight of Interim CyberSecuritymeasuresCyber Security measures 2014 Endorsed NEI 13 10 Cyber Security Control Assessments GddCBdAh Graded Consequence Based Approach6 NRC Power Reactor Cyber SecurityProgramSecurity Program 10 CFR (2009); Protect digital assets associated with Safety, Security ,andEmergencyPreparedness (SSEP)Safety, Security , and Emergency Preparedness (SSEP) functionsRequired Power Reactors submit a Cyber Security Plan (CSP) for NRC review & ApprovalCoordination with NERC/FERC to address potential areas of overlappNRC Cyber Security Program 10 CFR Basic Critical Digital Assets (CDAs)

3 & Maintain a Defense-in-Depth Protective Security Controls for each , Respond and Mitigate against Cyber Cyber Security Program 10 CFR Basic commensurate with roles and responsibilities to facility the CSP as a component of the Physical Security PlanPhysical Security records and supporting records and supporting technical documentation. Guidance Documents Regulatory Guide (RG) Cyber Security Programs for Nuclear Facilities (Jan 2010)Programs for Nuclear Facilities (Jan 2010) NEI 08-09 Rev. 6 Cyber Security Plan For PowerNEI 0809 Rev. 6 Cyber Security Plan For Power Reactors (April 2010)Conceptual ApproachCbSitAtTCyber Security Assessment TeamIdentify Critical Digital AssetsApply Defensive ArchitectureAddress Security each control for all CDAs, orSafety CDAsSecurity Site LANC orporate LAN each control for all CDAs, alternative measures, why a control is N/ACDAsConsequence Based Graded Cyber Risk ManagementApproach1:Identify Critical Digital Assets associated with Important Functions Management Approach2.

4 Implement basic Cyber program for all CDAs ( milestone 1 7)Ensure continued maintenance of basic Cyber program and ability to identify and 3. Identify CDAs that have a delayed impact that can be recognized and mitigated prior to the function and mitigate impacts4. Identify CDAs that have near term, direct impact on important functionAssess and implement RG controls .NRC Cyber Security Program Iltii2hhImplementing in 2 phase approach 1stphase Milestone compete by 12/2012ppy Establish Multi-disciplinary Cyber Assessment Team Identify Critical Digital Assets Establish Defensive architecture- Isolation of the most critical assets Control Portable Media and Devices Enhanced Insider Mitigation Controls Established for most significant componentsgp Full implementation iContact InformationBarry WestreichDirector, Cyber Security DirectorateUS Nuclear Regulatory 287 3664


Related search queries