3/18/2013 Cyber Security Inspection Oversight Development Looking Back

3/18/2013
Overview
•
•
•
•
Cyber Security Inspection Oversight
Development
Office of Nuclear Security and Incident Response
U.S. Nuclear Regulatory Commission
Status Update
Inspections of Interim Milestones
Final Milestones Inspection
Key Messages
2
Looking Back
Status Update
NRC Begins
Inspections
Industry Begins Implementation
of NRC Req 10CFR 73.54
 Industry submitted an implementation schedule with
commitment to December 31, 2012 deadline
NRC Issues 10 CFR 73.54
 NRC conducted two pilot evaluations in July and August 2012
NRC Performs Reviews of
cyber security programs
based on NEI 04-04
 NRC began inspections of the licensee implementation of
cyber security plans in January 2013
Industry Develops and
Implements NEI 04-04
NRC Issues
Order
2000
2002
2004
2006
2008
2010
2012
2014
3
4
1
3/18/2013
Full Inspections
Full Implementation of the Cyber Security Program
(Milestone 8)
Major Areas of Inspection (TI 2001/004 ):
• Establishment of a Cyber Security Assessment Team (CSAT)
• Identification of Critical Systems (CSs)/Critical Digital Assets (CDAs)
• Defense in Depth and Detection and Response
 Full implementation means entire cyber security program is
implemented as required in 10 CFR 73.54|
 Meet all the requirements committed in approved Cyber Security
Plan
• Mobile Media and Device protections
 Licensees, on a site by site basis, have committed to full
implementation 2014 – 2017
• Cyber Tampering
• Target Set CDA protections
• Ongoing Monitoring and Assessments of Target Set CDAs
5
 Inspection of final implementation will entail a two week inspection
beginning late CY 2014
6
Moving forward
Key Messages
NRC Begins
Inspections
10
• We have made good progress, but we have more to do
Industry Begins Implementation
of NRC Req. 10CFR 73.54
8
6
NRC Issues 10 CFR 73.54
• Must continue to cooperate and share knowledge;
NRC Performs Reviews of
cyber security programs
based on NEI 04-04
4
• Must continue to utilize knowledge gained from International
partnerships i.e. IAEA
Industry Develops and
Implements NEI 04-04
2
• Must maintain schedule for inspections;
NRC Issues
Order
0
2000
2002
2004
2006
2008
2010
2012
2014
7
8
2
3/18/2013
Questions
9
3