Text

NRC Power Reactor Cyber Security Today and Tomorrow Jim Beardsley, Chief Cyber Security Branch (CSB)

Division of Physical and Cyber Security Policy (DPCP)

Office of Nuclear Security and Incident Response (NSIR) james.beardsley@nrc.gov

Future Cyber Security Program RG 5.71 & NEI 08-09 Implementation Guidance Acceptable for Use 2010 2009 2011 2013 2014 2015 2016 Future Inspection Program Industrys Interim Implementation Schedule MS 1-7 Inspections All NPP Cyber Security Plans & Implementation Schedules Approved NRC & Industry Agree on MS 1-7 Implementation Schedule 2012 NRC Cybersecurity Notification Rule 10 CFR 73.77 2018 2019 2020/2021 Power Reactor Cyber Security Self-Assessment Full Implementation Full Implementation Inspections at All Licensee Sites Licensee Interim Implementation Completed 2017 Cyber Security Program Assessment (ADAMS Accession No. ML19175A211)

Independent assessment team Licensees and other external stakeholders (including FERC)

Many actionable comments received Staff developed an action plan to address the challenges identified during the assessment Phased approach 3/9/2021 2

3/9/2021 3

Program Definitions & Terms Risk-Informing Critical Digital Asset Determination Emergency Preparedness Balance of Plant Safety Related/Important to Safety Security Critical Digital Asset Assessment Risk-Informing Critical Digital Asset Protection (Digital Asset Protective Controls)

Cyber Inspection Oversight Program Following Full Implementation Performance-Informed Inspection Revised Inspection Procedure (July 2021); Inspection Start (2022)

Power Reactor Cyber Security Action Plan