3/18/2013 Cyber Security Inspection Oversight Development Looking Back
by user
Comments
Transcript
3/18/2013 Cyber Security Inspection Oversight Development Looking Back
3/18/2013 Overview • • • • Cyber Security Inspection Oversight Development Office of Nuclear Security and Incident Response U.S. Nuclear Regulatory Commission Status Update Inspections of Interim Milestones Final Milestones Inspection Key Messages 2 Looking Back Status Update NRC Begins Inspections Industry Begins Implementation of NRC Req 10CFR 73.54 Industry submitted an implementation schedule with commitment to December 31, 2012 deadline NRC Issues 10 CFR 73.54 NRC conducted two pilot evaluations in July and August 2012 NRC Performs Reviews of cyber security programs based on NEI 04-04 NRC began inspections of the licensee implementation of cyber security plans in January 2013 Industry Develops and Implements NEI 04-04 NRC Issues Order 2000 2002 2004 2006 2008 2010 2012 2014 3 4 1 3/18/2013 Full Inspections Full Implementation of the Cyber Security Program (Milestone 8) Major Areas of Inspection (TI 2001/004 ): • Establishment of a Cyber Security Assessment Team (CSAT) • Identification of Critical Systems (CSs)/Critical Digital Assets (CDAs) • Defense in Depth and Detection and Response Full implementation means entire cyber security program is implemented as required in 10 CFR 73.54| Meet all the requirements committed in approved Cyber Security Plan • Mobile Media and Device protections Licensees, on a site by site basis, have committed to full implementation 2014 – 2017 • Cyber Tampering • Target Set CDA protections • Ongoing Monitoring and Assessments of Target Set CDAs 5 Inspection of final implementation will entail a two week inspection beginning late CY 2014 6 Moving forward Key Messages NRC Begins Inspections 10 • We have made good progress, but we have more to do Industry Begins Implementation of NRC Req. 10CFR 73.54 8 6 NRC Issues 10 CFR 73.54 • Must continue to cooperate and share knowledge; NRC Performs Reviews of cyber security programs based on NEI 04-04 4 • Must continue to utilize knowledge gained from International partnerships i.e. IAEA Industry Develops and Implements NEI 04-04 2 • Must maintain schedule for inspections; NRC Issues Order 0 2000 2002 2004 2006 2008 2010 2012 2014 7 8 2 3/18/2013 Questions 9 3