Download presentation
Presentation is loading. Please wait.
Published bySandra Bond Modified over 9 years ago
1
NRC Cyber Security Regulatory Program Development Background ANSI Nuclear Energy Standards Coordination Collaborative (NESCC) Meeting November 3, 2014November 3, 2014 Ralph Costello, Security SpecialistRalph Costello, Security Specialist Cyber Security DirectorateCyber Security Directorate Office of Nuclear Security & Incident ResponseOffice of Nuclear Security & Incident Response
2
Introduction Inter-Agency Cooperation NRC Cyber Security Requirements Consequence-Based Approach NRC Inspections Cyber Security Reporting Next Steps 2
3
Inter-Agency Cooperation on Cyber Security 3
4
NRC Requirements March 2009 Cyber Security Rule (10 CFR 73.54) – Requires that nuclear power plant licensees: “Provide high assurance that digital computer and communication systems and networks are adequately protected against cyber attacks...” “Establish, implement, and maintain a cyber security program” to protect critical digital assets (CDAs). 4
5
Scope of 10 CFR 73.54 Safety-related and important-to-safety functions, Security functions, Emergency preparedness functions, including offsite communications, and Support systems and equipment important to safety and security. 5
6
Phased Implementation Interim Milestones 1-7 (completed by 12/31/2012) Cyber Security Plans Addresses key threat vectors Milestone 8 (site specific dates through 2017) Full cyber security program implementation Procedures and training Complete all design remediation actions 6
7
Consequence-Based Approach Graded approach – Focus NRC and licensee resources on most significant issues – Direct vs. Indirect CDAs Grouping of CDAs Development of templates and examples for efficiency and consistent implementation 7
8
NRC Oversight NRC inspections of Milestones 1-7 are ongoing – 39 inspections completed to date – Completion scheduled for 2015 NRC inspections of full implementation of cyber security implementation will begin in 2016 (Milestone 8) 8
9
Cyber Security Event Notification Rule Reporting requirements Proposed rule was issued in 2011 Public engagement – Public meetings – Public comments Final rule scheduled for 2015 9
10
Thank You Questions Comments Discussion 10
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.