Learn NRC Cyber Security Oversight Oversight · Cyber Security Inspection Team –Team Composition...
Transcript of Learn NRC Cyber Security Oversight Oversight · Cyber Security Inspection Team –Team Composition...
““Ask
SME
and
Lear
n”A
skSM
Ean
dLe
arn”
Ask
SM
E an
d Le
arn
Ask
SM
E an
d Le
arn
NR
CC
yber
Secu
rity
Ove
rsig
htN
RC
Cyb
erSe
curit
yO
vers
ight
NR
C C
yber
Sec
urity
Ove
rsig
ht
NR
C C
yber
Sec
urity
Ove
rsig
ht
Prog
ram
Prog
ram
Prog
ram
Pr
ogra
m
Mar
io R
. Fer
nand
ez J
r. , S
ecur
ity S
peci
alis
t (C
yber
) M
ario
R. F
erna
ndez
Jr.
, Sec
urity
Spe
cial
ist (
Cyb
er)
Cyb
er S
ecur
ity D
irect
orat
eC
yber
Sec
urity
Dire
ctor
ate
1
yy
yy
Offi
ce o
f Nuc
lear
Sec
urity
& In
cide
nt R
espo
nse
Offi
ce o
f Nuc
lear
Sec
urity
& In
cide
nt R
espo
nse
Age
nda
•C
yber
Sec
urity
Insp
ectio
n Te
am
Age
nda
–Tea
m C
ompo
sitio
n–T
rain
ing
Act
iviti
es
•C
yber
Sec
urity
Insp
ectio
n Sc
hedu
le
Oi
fSA
fIti
•O
verv
iew
of S
ome
Are
as o
f Ins
pect
ion
•O
vers
ight
Ass
essm
ent
Ove
rsig
ht A
sses
smen
t–I
nspe
ctio
n Tr
ends
–Sec
urity
Issu
es F
orum
(SIF
)y
()
–Im
prov
emen
t Tre
nds
–Com
mun
icat
ions
with
the
Indu
stry
Fll
Il
tti
Iti
•Fu
ll Im
plem
enta
tion
Insp
ectio
ns
Insp
ectio
nTe
amTe
am C
ompo
sitio
n
Insp
ectio
n Te
am
p•
Reg
ions
Team
Lead
erR
egio
nal
Insp
ecto
rs–
Team
Lea
der
–Q
ualif
ied
Insp
ecto
rs•
Elec
tric
al, I
nstr
umen
tatio
n
NR
C
Secu
rity
Si
li
Con
trac
t
SMEs
&C
ontr
ols,
Sec
urity
, Pla
nt O
Ps
•N
RC
Hea
dqua
rter
sSp
ecia
lists
SMEs
•N
RC
Hea
dqua
rter
s–
NSI
R C
yber
Sec
urity
Dire
ctor
ate
Staf
f–
Secu
rity
Ris
k A
naly
sts
•C
ontr
act S
uppo
rtM
ulti-
Dis
cipl
inar
y
3
–Su
bjec
t Mat
ter E
xper
ts
Insp
ectio
nTe
amTr
aini
ng a
ctiv
ities
Insp
ectio
n Te
am
g
•C
ompu
ter &
Net
wor
ks C
ours
e (C
BT)
•C
yber
Sec
urity
Cou
rse
-Ida
ho N
atio
nal L
ab
•Pi
lot I
nspe
ctio
ns –
Wat
ts B
ar, C
linto
n
•In
spec
tion
Proc
edur
e W
orks
hop-
2012
at
each
Reg
ion
g
•A
ll In
spec
tors
Mee
ting-
June
201
3
4
Insp
ectio
nTe
amTr
aini
ng a
ctiv
ities
Insp
ectio
n Te
am
g
Cor
e To
pics
Cyb
er S
ecur
ity
Reg
ulat
ions
Con
trac
tors
Reg
iona
l Ins
pect
ors
Spec
ializ
ed T
rain
ing
Spec
ializ
ed T
rain
ing
Reg
ulat
ory
Gui
danc
e
Lice
nsin
g B
asis
(CSP
s)
NR
C R
egul
atio
ns
Ove
rsig
ht P
rogr
am
Cyb
er S
ecur
ity
Thre
ats
Def
ensi
ve S
trat
egie
s
Tem
pora
ry In
stru
ctio
n
Cro
ssTr
aini
ng5
Cro
ss T
rain
ing
Insp
ectio
nTe
am•
Tem
pora
ry In
stru
ctio
n 22
01/0
04;
Insp
ectio
nof
Inte
rimM
ilest
ones
Insp
ectio
n Te
am
Insp
ectio
n of
Inte
rim M
ilest
ones
•Si
gnifi
cant
Det
erm
inat
ion
Proc
ess
(SD
P)N
RC
Lea
dPr
oces
s (S
DP)
•Te
am C
ompo
sitio
n
insp
ecto
r
NR
CH
QN
RC
–R
egio
nal I
nspe
ctor
Tea
m L
ead
–R
egio
nal I
nspe
ctor
–N
SIR
&C
SDSt
aff
NR
Cin
spec
tor
HQ
Per
sonn
elN
RC
Con
tract
or
Sup
port
Avai
labl
eN
SIR
& C
SD S
taff
–C
yber
Sec
urity
Spe
cial
ist
(Con
trac
tor)
Sup
port
staf
fAv
aila
ble
(rem
otel
y) to
th
e te
am a
s/if
need
ed
•21
Insp
ectio
ns s
ched
uled
in
C
Y 20
13 s
plit
betw
een
all r
egio
ns
need
ed
6
–16
Insp
ectio
ns c
ompl
eted
Som
eA
reas
ofIn
spec
tion
(TI2
001/
004
)
Und
erst
andi
ngth
eC
yber
Thre
atLa
ndsc
ape
Som
e A
reas
of I
nspe
ctio
n (T
I 200
1/00
4 )
Und
erst
andi
ng th
e C
yber
Thr
eat L
ands
cape
Thre
at v
ecto
rsTh
reat
cha
ract
eris
tics
•H
ard-
wire
d ne
twor
ks–
Inte
rnet
–In
tran
et
•M
otiv
ated
•O
ppor
tuni
stic
Pi
tt
–In
tran
et•
Wire
less
–W
ifiB
lt
th
•Pe
rsis
tent
•A
dapt
ive
•Le
arni
n g–
Blu
etoo
th•
Mob
ile m
edia
–U
SB th
umb
driv
e
g•
Goo
d at
info
sha
ring
–C
D/D
VD•
Port
able
equ
ipm
ent
–La
ptop
s
7
Lapt
ops
–Te
st e
quip
men
t
SA
fIti
(TI2
001/
004
)So
me
Are
as o
f Ins
pect
ion
(TI 2
001/
004
)
Es
tabl
ishm
ento
faC
yber
Secu
rity
Es
tabl
ishm
ent o
f a C
yber
Sec
urity
A
sses
smen
t Tea
m (C
SAT)
Id
entif
icat
ion
of C
ritic
al S
yste
ms
(CSs
)/Crit
ical
Dig
italA
sset
s(C
DA
s)(C
Ss)/C
ritic
al D
igita
l Ass
ets
(CD
As)
D
efen
se-in
-Dep
th a
nd D
etec
tion
and
Res
pons
e
8
Som
eA
reas
ofIn
spec
tion
(TI2
001/
004)
Som
e A
reas
of I
nspe
ctio
n (T
I 200
1/00
4)
M
obile
Med
ia a
nd D
evic
e pr
otec
tions
C
yber
Tam
perin
gC
DA
Use
Onl
y
Sp
ecifi
c C
DA
s Se
curit
y C
ontr
ols
Impl
emen
tatio
n
O
ngoi
ng M
onito
ring
and
Ass
essm
ents
of
Secu
rity
Con
trol
sIm
plem
ente
dSe
curit
y C
ontr
ols
Impl
emen
ted
9
Ove
rsig
htA
sses
smen
tO
vers
ight
Ass
essm
ent
CD
A Id
entif
icat
ion
or
Scop
ing
Impl
emen
tatio
n of
p
Def
ensi
ve A
rchi
tect
ure
Con
trol
of P
orta
ble
Med
ia &
Dev
ices
Secu
rity
Con
trol
s fo
r 10
yC
DA
s
Secu
rity
Issu
esFo
rum
(SIF
)Se
curit
y Is
sues
For
um (S
IF)
•W
eekl
y Se
cure
Vid
eo C
onfe
renc
e
All
Reg
ions
&H
Qst
affd
iscu
sscy
bers
ecur
ity•
All
Reg
ions
& H
Q s
taff
disc
uss
cybe
r sec
urity
in
spec
tion
issu
es
•“G
ood
Faith
” A
ttem
pt E
nfor
cem
ent D
iscr
etio
n
The
NR
C is
exe
rcis
ing
enfo
rcem
ent d
iscr
etio
n in
ac
cord
ance
with
Sec
tion
3.0,
“U
se o
f Enf
orce
men
t D
iscr
etio
n”
Part
35
“Vio
latio
nsIn
volv
ing
Spec
ial
Dis
cret
ion,
Par
t 3.5
, Vi
olat
ions
Invo
lvin
g Sp
ecia
l C
ircum
stan
ces,
” of
the
NR
C E
nfor
cem
ent P
olic
y
11
Impr
ovem
entT
rend
sIm
prov
emen
t Tre
nds
•B
ette
r doc
umen
ted
CD
A Sc
opin
g Pr
oces
s
•Ef
fect
ive
impl
emen
tatio
n of
one
way
co
mm
unic
atio
n fr
om le
vel 4
to le
vel 3
•In
crea
sed
Mob
ile M
edia
and
Por
tabl
e D
evic
e pr
otec
tions
C
DA
Use
Onl
yp
•C
yber
Tam
perin
gR
ound
s&
CD
A U
se O
nly
Cyb
er T
ampe
ring
Rou
nds
&
indi
catio
ns12
Con
tinue
dC
omm
unic
atio
nsC
ontin
ued
Com
mun
icat
ions
•C
ontin
ued
Com
mun
icat
ions
with
Indu
stry
th
roug
h ca
lls &
mee
tings
•In
spec
tor W
orks
hop
(Jun
e 20
13)
•In
dust
ryW
orks
hop
Indu
stry
Wor
ksho
p
•B
egin
ning
com
mun
icat
ion
with
Indu
stry
on•
Beg
inni
ng c
omm
unic
atio
n w
ith In
dust
ry o
n M
ILES
TON
E 8
INSP
ECTI
ON
S
13
Full
Impl
emen
tati
onIn
spec
tion
sFu
ll Im
plem
enta
tion
Insp
ecti
ons
Full
Impl
emen
tatio
n of
the
Cyb
er S
ecur
ity P
rogr
am
py
yg
(Mile
ston
e 8)
•M
eet a
ll th
e re
quire
men
ts c
omm
itted
in a
ppro
ved
Cyb
er S
ecur
ity P
lan
•Li
cens
ees,
on
a si
te b
y si
te b
asis
, hav
e co
mm
itted
to
full
impl
emen
tatio
nla
te20
14–
2017
,ins
pect
ions
full
impl
emen
tatio
n la
te 2
014
2017
, ins
pect
ions
be
gin
2015
•In
spec
tion
of fi
nal i
mpl
emen
tatio
n w
ill in
itial
ly e
ntai
l a
two
wee
k in
spec
tion
14
Sum
mar
y•
Impo
rtan
ce o
f mul
ti-di
scip
linar
y C
yber
S
itI
tiT
Sum
mar
ySe
curit
y In
spec
tion
Team
–Tra
inin
g en
tails
cyb
er, r
egul
atio
ns, p
ilot i
nspe
ctio
ns
•C
yber
Sec
urity
Insp
ectio
n Sc
hedu
le
•O
verv
iew
of S
ome
Are
as o
f Ins
pect
ion
•O
vers
ight
Ass
essm
ent
–Ins
pect
ion
Tren
dsR
lti
fiti
i(S
IF)
–Res
olut
ion
of in
spec
tion
issu
es (S
IF)
•Fu
ll Im
plem
enta
tion
Insp
ectio
ns
Qti
Que
stio
ns
16