ML24043A087: Difference between revisions
Jump to navigation
Jump to search
StriderTol (talk | contribs) (StriderTol Bot insert) |
StriderTol (talk | contribs) (StriderTol Bot change) |
||
| Line 16: | Line 16: | ||
=Text= | =Text= | ||
{{#Wiki_filter:Cybersecuri ty I nspecti ons Lessons Learned Public Meeting (Closed) | {{#Wiki_filter:Cybersecuri ty I nspecti ons Lessons Learned Public Meeting (Closed) | ||
February 15, 2024 10:00 A.M. - | February 15, 2024 10:00 A.M. - 12:00 P.M. | ||
Tammie Rivera, Cybersecurity Specialist Cyber Security Branch Division of Physical and Cyber Security Policy Office of Nuclear Security and Incident Response Topics | Tammie Rivera, Cybersecurity Specialist Cyber Security Branch Division of Physical and Cyber Security Policy Office of Nuclear Security and Incident Response Topics | ||
* Key Messages | * Key Messages | ||
* Background | * Background | ||
* 2023 Top | * 2023 Top 3 Trends ( MTM Violations & Cross-Cutting Aspects) | ||
* Observations | * Observations | ||
* Lessons Learned & Insights | * Lessons Learned & Insights | ||
| Line 28: | Line 28: | ||
2 Key Messages | 2 Key Messages | ||
* This meeting focuses on cybersecurity baseline inspection activities conducted | * This meeting focuses on cybersecurity baseline inspection activities conducted during CY 2023. | ||
* Staff identified lessons | * Staff identified lessons learned and trends from the 2023 cybersecurity inspections. | ||
* This effort will support identification of any actions needed to ensure efficiency and effectiveness of future inspections. | * This effort will support identification of any actions needed to ensure efficiency and effectiveness of future inspections. | ||
| Line 36: | Line 36: | ||
===Background=== | ===Background=== | ||
* Objectives of IP 71130.10 | * Objectives of IP 71130.10 | ||
: 1. | : 1. To provide assurance that digital equipment associated with safety, security, or emergency preparedness (SSEP) functions are adequately protected against cyber-attacks in accordance with (10 CFR) 73.54 and the licensee's approved cyber security plan (CSP). | ||
: 2. | : 2. To verify that CSP changes and reports are in accordance with 10 CFR 50.54(p). | ||
Inspection Procedure 71130 Attachment 10, Cyber Security, ( ML21155A209) | Inspection Procedure 71130 Attachment 10, Cyber Security, ( ML21155A209) 4 Background ( cont i nued) | ||
* Inspection Requirements | * Inspection Requirements | ||
Excerpt | Excerpt from IP 71130.10, page 2: | ||
* This inspection requirement range for completion is as follows: | * This inspection requirement range for completion is as follows: | ||
* minimum of three inspection requirements, | * minimum of three inspection requirements, | ||
* nominal four inspection | * nominal four inspection requirements, and | ||
* maximum, | * maximum, based on unusual circumstance, or special considerationsrequirements., five inspection | ||
* Inspection teams considered the following special considerations during development of cybersecurity team inspection plans: | * Inspection teams considered the following special considerations during development of cybersecurity team inspection plans: | ||
* First | * First biennial cycle completion using IP 71130.10 | ||
* High number of inspection findings during the biennial cycle | * High number of inspection findings during the biennial cycle | ||
Inspection Procedure 71130 Attachment 10, Cyber Security, ( ML21155A209) | Inspection Procedure 71130 Attachment 10, Cyber Security, ( ML21155A209) 5 I nspecti ons and Vi olati ons | ||
Total Baseline Inspections - | Total Baseline Inspections - Full Biennial Cycle LIVS & MTMs by Year | ||
90 80 | 90 80 78 | ||
70 60 | 70 60 70% | ||
50 | 50 46 24 Inspections for 2022 40 Inspections for 2023 30 31 20 17 | ||
10 | 10 6 183% | ||
0 55 Total | 0 55 Total 2022 2023 2022 2023 LIV LIV MTM MTM | ||
6 2023 Top 3 Trends | 6 2023 Top 3 Trends | ||
MTM Violations | MTM Violations Cross-Cutting Aspects (CCAs) | ||
Most commonly cited | Most commonly cited NEI 08-09 1 security Most commonly cited CCAs as described in controls: NRC IMC 03102: | ||
: 1. | : 1. Vulnerability Management (E.12) 1. Conservative Bias (H.14) | ||
: 2. | : 2. Baseline Configuration (E.10.3) 2. Resources (H.1) | ||
: 3. | : 3. Monitoring Tools and Techniques 3. Procedure Adherence (H.8) | ||
(E.3.4) | (E.3.4) | ||
1 NEI 08-09, Cyber Security Plan for Nuclear Power Reactors, Revision 6, Addendum 1 Markup dated 2017 ( | 1 NEI 08-09, Cyber Security Plan for Nuclear Power Reactors, Revision 6, Addendum 1 Markup dated 2017 ( ML17079A423) 2 IMC 0310, Aspects Within The Cross-cutting Areas, (ML19011A360) 7 O b s e r vat i o n s | ||
* Resources - | * Resources - Staffing and retention of well qualified cyber staff | ||
* Training - | * Training - properly trained staff and knowledge transfer (particularly, specialized training) | ||
* Documentation - | * Documentation - insufficient documentation (i.e. CDA assessments and alternate controls) | ||
* Licensee cyber staff not thoroughly familiar with the requirements, guidance, or misinterpretation of the requirements | * Licensee cyber staff not thoroughly familiar with the requirements, guidance, or misinterpretation of the requirements | ||
8 Lessons Learned | 8 Lessons Learned | ||
* A one -week inspection is challenging and resource intensive | * A one -week inspection is challenging and resource intensive | ||
* Inspectors | * Inspectors have observed that the best performing sites and we l l-maintained cybersecurity programs have strong support from senior management | ||
* Documentation still does not reflect | * Documentation still does not reflect the whole story | ||
* Inspectors observed | * Inspectors observed that some licensee staff lacked experience with regulatory requirements, background, and guidance related to the implementation of the cybersecurity program. | ||
9 Insights | 9 Insights | ||
* Accurate and complete documentation improvement reduces the number of questions. | * Accurate and complete documentation improvement reduces the number of questions. | ||
* The program is in the maintenance phase. Inspection focus on the defense | * The program is in the maintenance phase. Inspection focus on the defense -in-depth approach | ||
* The NRC will continue to enhance the oversight program. | * The NRC will continue to enhance the oversight program. | ||
IMC 0612 Appendix E, "Examples | IMC 0612 Appendix E, "Examples of Minor Issues" | ||
10 Nex t Steps | 10 Nex t Steps | ||
* An agency working group was established to evaluate alternate inspection procedure | * An agency working group was established to evaluate alternate inspection procedure frequencies and team composition | ||
* Reasons for establishing the working group: | * Reasons for establishing the working group: | ||
Completing | Completing cybersecurity biennial inspections in one onsite week has been a challenge for regional inspection teams. | ||
Iquestions and disposition identified issues.nspection teams and licensee response | Iquestions and disposition identified issues.nspection teams and licensee response teams need more time to address | ||
* The | * The working group expects to present solutions that will gain efficiency and effectiveness | ||
* The | * The working group will develop recommendations for management consideration. Any proposed changes to the inspection procedure will be discussed at a later public meeting. | ||
11 Quest i ons & Di scussi on | 11 Quest i ons & Di scussi on | ||
Trends | Trends Observations Lessons Increase Learned Efficiency | ||
12 Submitting Meeti ng Feedback & POC | 12 Submitting Meeti ng Feedback & POC | ||
| Line 112: | Line 112: | ||
* Click the Meeting Feedback Form link | * Click the Meeting Feedback Form link | ||
Meeting POC: Tammie | Meeting POC: Tammie Rivera Tammie.Rivera@nrc.gov Cyber Security Branch Division of Physical and Cyber Security Policy Office of Nuclear Security and Incident Response | ||
13}} | 13}} | ||
Revision as of 15:18, 5 October 2024
| ML24043A087 | |
| Person / Time | |
|---|---|
| Issue date: | 02/15/2024 |
| From: | Tammie Rivera NRC/NSIR/DPCP/CSB |
| To: | |
| References | |
| Download: ML24043A087 (1) | |
Text
Cybersecuri ty I nspecti ons Lessons Learned Public Meeting (Closed)
February 15, 2024 10:00 A.M. - 12:00 P.M.
Tammie Rivera, Cybersecurity Specialist Cyber Security Branch Division of Physical and Cyber Security Policy Office of Nuclear Security and Incident Response Topics
- Key Messages
- Background
- 2023 Top 3 Trends ( MTM Violations & Cross-Cutting Aspects)
- Observations
- Lessons Learned & Insights
- Next Steps
- Q & A
2 Key Messages
- This meeting focuses on cybersecurity baseline inspection activities conducted during CY 2023.
- Staff identified lessons learned and trends from the 2023 cybersecurity inspections.
- This effort will support identification of any actions needed to ensure efficiency and effectiveness of future inspections.
3
Background
- Objectives of IP 71130.10
- 1. To provide assurance that digital equipment associated with safety, security, or emergency preparedness (SSEP) functions are adequately protected against cyber-attacks in accordance with (10 CFR) 73.54 and the licensee's approved cyber security plan (CSP).
- 2. To verify that CSP changes and reports are in accordance with 10 CFR 50.54(p).
Inspection Procedure 71130 Attachment 10, Cyber Security, ( ML21155A209) 4 Background ( cont i nued)
- Inspection Requirements
Excerpt from IP 71130.10, page 2:
- This inspection requirement range for completion is as follows:
- minimum of three inspection requirements,
- nominal four inspection requirements, and
- maximum, based on unusual circumstance, or special considerationsrequirements., five inspection
- Inspection teams considered the following special considerations during development of cybersecurity team inspection plans:
- First biennial cycle completion using IP 71130.10
- High number of inspection findings during the biennial cycle
Inspection Procedure 71130 Attachment 10, Cyber Security, ( ML21155A209) 5 I nspecti ons and Vi olati ons
Total Baseline Inspections - Full Biennial Cycle LIVS & MTMs by Year
90 80 78
70 60 70%
50 46 24 Inspections for 2022 40 Inspections for 2023 30 31 20 17
10 6 183%
0 55 Total 2022 2023 2022 2023 LIV LIV MTM MTM
6 2023 Top 3 Trends
MTM Violations Cross-Cutting Aspects (CCAs)
Most commonly cited NEI 08-09 1 security Most commonly cited CCAs as described in controls: NRC IMC 03102:
- 1. Vulnerability Management (E.12) 1. Conservative Bias (H.14)
- 2. Baseline Configuration (E.10.3) 2. Resources (H.1)
- 3. Monitoring Tools and Techniques 3. Procedure Adherence (H.8)
(E.3.4)
1 NEI 08-09, Cyber Security Plan for Nuclear Power Reactors, Revision 6, Addendum 1 Markup dated 2017 ( ML17079A423) 2 IMC 0310, Aspects Within The Cross-cutting Areas, (ML19011A360) 7 O b s e r vat i o n s
- Resources - Staffing and retention of well qualified cyber staff
- Training - properly trained staff and knowledge transfer (particularly, specialized training)
- Documentation - insufficient documentation (i.e. CDA assessments and alternate controls)
- Licensee cyber staff not thoroughly familiar with the requirements, guidance, or misinterpretation of the requirements
8 Lessons Learned
- A one -week inspection is challenging and resource intensive
- Inspectors have observed that the best performing sites and we l l-maintained cybersecurity programs have strong support from senior management
- Documentation still does not reflect the whole story
- Inspectors observed that some licensee staff lacked experience with regulatory requirements, background, and guidance related to the implementation of the cybersecurity program.
9 Insights
- Accurate and complete documentation improvement reduces the number of questions.
- The program is in the maintenance phase. Inspection focus on the defense -in-depth approach
- The NRC will continue to enhance the oversight program.
IMC 0612 Appendix E, "Examples of Minor Issues"
10 Nex t Steps
- An agency working group was established to evaluate alternate inspection procedure frequencies and team composition
- Reasons for establishing the working group:
Completing cybersecurity biennial inspections in one onsite week has been a challenge for regional inspection teams.
Iquestions and disposition identified issues.nspection teams and licensee response teams need more time to address
- The working group expects to present solutions that will gain efficiency and effectiveness
- The working group will develop recommendations for management consideration. Any proposed changes to the inspection procedure will be discussed at a later public meeting.
11 Quest i ons & Di scussi on
Trends Observations Lessons Increase Learned Efficiency
12 Submitting Meeti ng Feedback & POC
To submit feedback and comments please:
- Navigate to this meeting on the NRC Public Meeting Schedule
- Click the Meeting Feedback Form link
Meeting POC: Tammie Rivera Tammie.Rivera@nrc.gov Cyber Security Branch Division of Physical and Cyber Security Policy Office of Nuclear Security and Incident Response
13