An Overview of the NRC Regulatory Frameworktrtr.org/wp-content/uploads/2017/12/ML12276A251.pdf ·...
Transcript of An Overview of the NRC Regulatory Frameworktrtr.org/wp-content/uploads/2017/12/ML12276A251.pdf ·...
Cyb
erSe
curit
yfo
rNuc
lear
Faci
litie
s:C
yber
Sec
urity
for N
ucle
ar F
acili
ties:
A
n O
verv
iew
of t
he N
RC
Reg
ulat
ory
Fram
ewor
k
Cra
ig E
rlang
erG
eorg
e S
imon
dsG
eoge
So
dsC
yber
Sec
urity
and
Inte
grat
ed R
espo
nse
Bra
nch
Offi
ce o
f Nuc
lear
Sec
urity
and
Inci
dent
Res
pons
e
1
U.S
. Nuc
lear
Reg
ulat
ory
Com
mis
sion
Sep
tem
ber 2
6, 2
012
Cyb
erS
ecur
ityC
yber
Sec
urity
Toda
y’s
Ove
rvie
w:
•W
hy–
Thre
at a
nd C
onse
quen
ce•
Wha
t–M
odes
ofP
rote
ctio
nW
hat
Mod
es o
f Pro
tect
ion
•H
ow–
Per
form
ance
-Bas
ed R
egul
atio
n
2
Why
–Th
reat
and
Con
sequ
ence
3
Why
-Thr
eat
Why
Thre
at
4
Why
-Thr
eat
Why
Thre
at
•W
hat i
s an
Adv
ance
d A
ttack
?
•W
hat W
e K
now
/D
on’t
Kno
w
•A
ttack
Vect
ors
Atta
ck V
ecto
rs
•In
tern
al/E
xter
nal
5
•In
tern
al/E
xter
nal
Why
-Thr
eat
Why
Thre
at
Pas
tTo
day
Pas
tTo
day
6
Why
–C
onse
quen
ceW
hy
Con
sequ
ence
•N
ot th
e S
ame
for A
ll Li
cens
ees’
Fac
ilitie
s
•P
erce
ived
and
Rea
l Con
sequ
ence
s
•S
ecur
ity is
a P
roce
ss
Not
aS
tate
Not
a S
tate
•Th
ink
Mal
icio
usly
•Th
ink
Mal
icio
usly
7
Wh
tM
dfP
tti
Wha
t–M
odes
of P
rote
ctio
n
8
Wha
t –M
odes
of P
rote
ctio
n
•C
omm
on T
axon
omy
–N
IST
Spe
cial
Pub
licat
ion
800-
82, “
Gui
de to
C
S(C
S)S
”In
dust
rial C
ontro
l Sys
tem
(IC
S) S
ecur
ity”
ICS
Not
Des
igne
dw
ithS
ecur
ityin
Min
d•
ICS
Not
Des
igne
d w
ith S
ecur
ity in
Min
d
Pti
•P
rogr
amm
atic
–S
tand
ards
Tai
lore
d fo
r Fle
xibi
lity
& E
ffect
iven
ess
RG
571
&N
EI0
809
(R6)
–R
G 5
.71
& N
EI 0
8-09
(R6)
9
10
HP
fB
dH
ow–
Per
form
ance
-Bas
ed
Reg
ulat
ion
Reg
ulat
ion
11
How
–P
erfo
rman
ce-B
ased
Reg
ulat
ion
•N
RC
Cyb
er S
ecur
ity R
ule
(10
CFR
73.
54)
–P
erfo
rman
ce-B
ased
, Pro
gram
mat
icFO
CU
SH
ih
AfAd
tP
tti
–FO
CU
S: H
igh
Ass
uran
ce o
f Adequate
Pro
tect
ion
–G
ener
ic (i
.e.,
not r
eact
or-s
peci
fic)
–C
onsi
sten
twith
regu
lato
ryap
proa
chfo
rphy
sica
l–
Con
sist
ent w
ith re
gula
tory
app
roac
h fo
r phy
sica
l se
curit
y–
Dig
ital S
yste
ms
and
Equ
ipm
ent A
ssoc
iate
d w
ith
Crit
ical
Fun
ctio
ns–
Lice
nsee
s P
erfo
rm A
naly
sis
to D
eter
min
e W
hat
Nee
dsP
rote
ctio
n
12
Nee
ds P
rote
ctio
n
How
–P
erfo
rman
ce-B
ased
Reg
ulat
ion
•B
asic
Req
uire
men
ts◦
Dig
ital a
sset
s th
at m
ust b
e pr
otec
ted
◦D
efen
se-in
-dep
th p
rote
ctiv
e st
rate
gy◦
App
licat
ion
of s
ecur
ity c
ontro
ls to
dig
ital a
sset
s◦
Impl
emen
tatio
n de
tails
mai
ntai
ned
on s
ite◦
Sub
mis
sion
of C
yber
Sec
urity
Pla
ns to
NR
C fo
r l
appr
oval
•B
alan
ceof
Pla
ntS
yste
ms
13
Bal
ance
of P
lant
Sys
tem
s
How
–P
erfo
rman
ce-B
ased
Reg
ulat
ion
•R
egul
ator
y G
uida
nce
–A
lign
with
Pro
gram
mat
ic,
Per
form
ance
Bas
edR
ule
•NIS
T•D
HS
• IEE
E
Sta
ndar
ds-B
ased
Per
form
ance
-Bas
ed R
ule
–In
tegr
atio
n W
ith E
xist
ing
NR
C P
rogr
ams
(Phy
sica
l
IEEE
•NEI
Col
labo
ratio
n
Sec
urity
, etc
.)–
Tem
plat
e fo
r Lic
ensi
ngC
berS
ecrit
Pla
n
•Ind
ustr
y•N
atio
nal L
abs
•Priv
ate
Sect
or
Fili
•C
yber
Sec
urity
Pla
n•C
oncu
rren
ce•A
CR
S A
ppro
val
•Pub
licly
Ava
ilabl
e
Fina
lize
14
y
How
–P
erfo
rman
ce-B
ased
Reg
ulat
ion
•C
halle
nges
–S
cope
of C
yber
Sec
urity
–B
read
th o
f Pro
gram
s (P
hysi
cal S
ecur
ity,
Mai
nten
ance
, Dig
ital I
&C
Dev
elop
men
t, et
c.)
Mon
itorin
gth
eTh
reat
scap
e–
Mon
itorin
g th
e Th
reat
-sca
pe–
Wor
kfor
ce T
rain
ing
and
Dev
elop
men
t
15
How
–P
erfo
rman
ce-B
ased
Pat
hFo
rwar
dfo
rRTR
s
Reg
ulat
ion
•P
ath
Forw
ard
for R
TRs
–S
elf-A
sses
smen
ts–
NR
C E
valu
atio
n of
Sel
f-Ass
essm
ents
–S
ite V
isits
–D
eter
min
e N
ext S
teps
•A
dditi
onal
Con
side
ratio
ns fo
r Cyb
er S
ecur
ity–
Cyb
er S
ecur
ity R
oadm
ap–
Gui
danc
e D
evel
opm
ent
–C
yber
Sec
urity
Tra
inin
g–
Inte
rage
ncy
and
Inte
rnat
iona
lSup
port
16
Inte
rage
ncy
and
Inte
rnat
iona
l Sup
port
Que
stio
ns?
17