SlideShare ist ein Scribd-Unternehmen logo

Cyber security regulation strictly regulated by nrc feb 2013

Yury Chemerkin
Yury Chemerkin
Technologie
1 von 3
Downloaden Sie, um offline zu lesen
Security Cyber Security Strictly Regulated by NRC; No Additional Regulation Needed February 2013 Key Points  The U.S. Nuclear Regulatory Commission (NRC) has extensive regulations for cyber security protection at nuclear energy facilities. Regulatory oversight by other agencies is unnecessary and would duplicate the already-strict NRC oversight.  The nuclear energy industry implemented a cyber security program in 2002 to protect critical digital assets and the information they contain from sabotage or malicious use. The industry has been strengthening its response in the years since.  The NRC in 2009 established regulations for cyber security at commercial reactors, even though critical computer systems used to control nuclear energy facilities are not connected to the Internet.  The industry has worked with federal regulators—including the NRC, the Federal Energy Regulatory Commission (FERC) and the North American Electric Reliability Corporation (NERC)—to ensure that digital assets are fully protected. FERC initially proposed rules to cover portions of a nuclear energy facility but reversed its stance when it found that the NRC’s cyber security rulemaking covers the entire facility. Cyber Security Systems Nuclear energy facilities use both digital and analog systems to monitor plant processes, operate equip- ment, and store and retrieve information. Analog systems follow hard-wired instructions; digital computer systems use software to provide instructions. Digital systems, including individual computers and networks, are vulnerable to cyber attacks, which include malicious exploitation and infection by malware such as viruses, worms and other types of programming code. Nuclear energy facilities are designed to shut down safely if necessary, even if there is a breach of cyber security. A cyber attack cannot prevent critical systems in a nuclear energy facility from performing their safety functions. Among other measures, these critical systems are not connected to the Internet or to a facility’s internal network. The isolation of critical safety systems minimizes the pathways for a cyber attack. Nuclear energy facilities also are designed to automatically disconnect from the power grid if there is a disturbance that could be caused by a cyber attack. No Need for Duplicative Federal Oversight The White House has proposed that the Department of Homeland Security work with critical infrastructure sectors, including the electric sector, to devise strategies to secure computer systems and protect them 1
against cyber threats. Under the proposal, the agency could develop a cyber security strategy for facilities that do not have one. The electric power sector is the only industry with mandatory, enforceable cyber security standards—Critical Infrastructure Protection standards. Moreover, nuclear power plants are strict- ly regulated in this area by NRC regulations and oversight. Additional regulation would be duplicative and would risk creating inconsistencies in requirements. Cyber Protection in Place at Nuclear Power Plants The Nuclear Energy Institute has developed the only comprehensive cyber security program specifically designed for control system and critical infrastructure security and the first of its kind within the energy sector. All nuclear power plants adopted the NEI cyber security program in 2006 and had implemented it by 2008. A year later, the NRC issued comprehensive regulations that require a cyber security plan for all nuclear energy facilities. NRC regulation covers all areas of a plant, including those that might otherwise be subject to NERC’s critical infrastructure protection reliability standards or proposed Department of Homeland Security oversight. Every company operating nuclear power plants has earned NRC approval for a cyber security plan that describes how the facility is implementing its cyber security program. Companies also provided the NRC with a schedule describing the actions toward full implementation of its cyber security program. The NRC has reviewed and approved each of these schedules and regularly inspects cyber protection measures at U.S. reactors. Five Steps That Provide Protection Each U.S. nuclear power plant has taken the following measures to ensure protection against cyber threats:  Isolated key control systems using either air-gaps, which do not implement any network or internet connectivity, or installed robust hardware-based isolation devices that separate front-office computers from the control system, thus making the front-office computers useless for attacking essential sys- tems. As a result, key safety, security and power generation equipment at the plants are protected from any network-based cyber attacks originating outside the plant.  Enhanced and implemented strict controls over the use of portable media and equipment. Where de- vices like thumb drives, CD, and laptops are used to interface with plant equipment, measures are in place to minimize the cyber threat. These measures include authorizing use of portable assets to the performance of a specific task, minimizing the movement from less secure assets to more secure as- sets, and virus scanning. As a result, nuclear power plants are well-protected from attacks like Stuxnet, which was propagated through the use of portable media.  Heightened defenses against an insider threat. Training and insider mitigation programs have been enhanced to include cyber attributes. Individuals who work with digital plant equipment are subject to increased security screening, cyber security training and behavioral observation.  Implemented cyber security controls to protect equipment deemed most essential for the protection of public health and safety. 2
 Taken measures to maintain effective cyber protection measures. These measures include maintaining equipment listed in the plant configuration management program and ensuring changes to the equip- ment are performed in a controlled manner. A cyber security impact analysis is performed before mak- ing changes to relevant equipment. The effectiveness of cyber security controls is periodically as- sessed, and enhancements are made where necessary. Vulnerability assessments are performed to ensure that the cyber security posture of the equipment is maintained. 3

Empfohlen

The stuxnet computer worm. harbinger of an emerging warfare capability
The stuxnet computer worm. harbinger of an emerging warfare capabilityThe stuxnet computer worm. harbinger of an emerging warfare capability
The stuxnet computer worm. harbinger of an emerging warfare capability
Yury Chemerkin
 
The Stuxnet Virus FINAL
The Stuxnet Virus FINALThe Stuxnet Virus FINAL
The Stuxnet Virus FINAL
Nicholas Poole
 
Stuxnets
StuxnetsStuxnets
Stuxnets
Alek Kwek
 
Medical Device Cybersecurity : A Regulatory Perspective
Medical Device Cybersecurity : A Regulatory PerspectiveMedical Device Cybersecurity : A Regulatory Perspective
Medical Device Cybersecurity : A Regulatory Perspective
Jon Lendrum
 
3778975074 january march 2015 1
3778975074 january march 2015 13778975074 january march 2015 1
3778975074 january march 2015 1
nicfs
 
Stuxnet, a malicious computer worm
Stuxnet, a malicious computer wormStuxnet, a malicious computer worm
Stuxnet, a malicious computer worm
Sumaiya Ismail
 
The use of honeynet to detect exploited systems (basic version)
The use of honeynet to detect exploited systems (basic version)The use of honeynet to detect exploited systems (basic version)
The use of honeynet to detect exploited systems (basic version)
amar koppal
 
Leone ct#2 presentation rev
Leone ct#2 presentation revLeone ct#2 presentation rev
Leone ct#2 presentation rev
vincentleone
 

Empfohlen

The stuxnet computer worm. harbinger of an emerging warfare capability
The stuxnet computer worm. harbinger of an emerging warfare capabilityThe stuxnet computer worm. harbinger of an emerging warfare capability
The stuxnet computer worm. harbinger of an emerging warfare capability
Yury Chemerkin
 
The Stuxnet Virus FINAL
The Stuxnet Virus FINALThe Stuxnet Virus FINAL
The Stuxnet Virus FINAL
Nicholas Poole
 
Stuxnets
StuxnetsStuxnets
Stuxnets
Alek Kwek
 
Medical Device Cybersecurity : A Regulatory Perspective
Medical Device Cybersecurity : A Regulatory PerspectiveMedical Device Cybersecurity : A Regulatory Perspective
Medical Device Cybersecurity : A Regulatory Perspective
Jon Lendrum
 
3778975074 january march 2015 1
3778975074 january march 2015 13778975074 january march 2015 1
3778975074 january march 2015 1
nicfs
 
Stuxnet, a malicious computer worm
Stuxnet, a malicious computer wormStuxnet, a malicious computer worm
Stuxnet, a malicious computer worm
Sumaiya Ismail
 
The use of honeynet to detect exploited systems (basic version)
The use of honeynet to detect exploited systems (basic version)The use of honeynet to detect exploited systems (basic version)
The use of honeynet to detect exploited systems (basic version)
amar koppal
 
Leone ct#2 presentation rev
Leone ct#2 presentation revLeone ct#2 presentation rev
Leone ct#2 presentation rev
vincentleone
 
Stuxnet
StuxnetStuxnet
Stuxnet
Shishir Aryal
 
Implementing a Robust Network-Based Intrusion Detection System
Implementing a Robust Network-Based Intrusion Detection SystemImplementing a Robust Network-Based Intrusion Detection System
Implementing a Robust Network-Based Intrusion Detection System
theijes
 
Whitepaper | Network Security - How to defend your Plant against the threats ...
Whitepaper | Network Security - How to defend your Plant against the threats ...Whitepaper | Network Security - How to defend your Plant against the threats ...
Whitepaper | Network Security - How to defend your Plant against the threats ...
Yokogawa
 
Computing safety
Computing safetyComputing safety
Computing safety
titoferrus
 
20170112 Working Group Assessment Mandate Presentation DRAFT V1[2]
20170112 Working Group Assessment Mandate Presentation DRAFT V1[2]20170112 Working Group Assessment Mandate Presentation DRAFT V1[2]
20170112 Working Group Assessment Mandate Presentation DRAFT V1[2]
Walter Richard Sweeney
 
AN IMPLEMENTATION OF INTRUSION DETECTION SYSTEM USING GENETIC ALGORITHM
AN IMPLEMENTATION OF INTRUSION DETECTION SYSTEM USING GENETIC ALGORITHMAN IMPLEMENTATION OF INTRUSION DETECTION SYSTEM USING GENETIC ALGORITHM
AN IMPLEMENTATION OF INTRUSION DETECTION SYSTEM USING GENETIC ALGORITHM
IJNSA Journal
 
Stuxnet
StuxnetStuxnet
Stuxnet
atif zaidi
 
Standards based security for energy utilities
Standards based security for energy utilitiesStandards based security for energy utilities
Standards based security for energy utilities
Nirmal Thaliyil
 
Cscu module 01 foundations of security
Cscu module 01 foundations of securityCscu module 01 foundations of security
Cscu module 01 foundations of security
Sejahtera Affif
 
UNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSS
UNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSSUNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSS
UNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSS
IJNSA Journal
 
AXENT-Everything-IDS
AXENT-Everything-IDSAXENT-Everything-IDS
AXENT-Everything-IDS
Condition Zebra (CONZebra)
 
Use of network forensic mechanisms to formulate network security
Use of network forensic mechanisms to formulate network securityUse of network forensic mechanisms to formulate network security
Use of network forensic mechanisms to formulate network security
IJMIT JOURNAL
 
Inadequate Security Practices Expose Key NASA Network to Cyber Attack
Inadequate Security Practices Expose Key NASA Network to Cyber AttackInadequate Security Practices Expose Key NASA Network to Cyber Attack
Inadequate Security Practices Expose Key NASA Network to Cyber Attack
Bill Duncan
 
Defending against industrial malware
Defending against industrial malwareDefending against industrial malware
Defending against industrial malware
Ayed Al Qartah
 
Cs tations-pps xversion
Cs tations-pps xversionCs tations-pps xversion
Cs tations-pps xversion
Jitendar
 
Aca presentation arm_
Aca presentation arm_Aca presentation arm_
Aca presentation arm_
Mudassar Mehmud
 
Infosec Workshop - PacINET 2007
Infosec Workshop - PacINET 2007Infosec Workshop - PacINET 2007
Infosec Workshop - PacINET 2007
Chris Hammond-Thrasher
 
Comparative Analysis: Network Forensic Systems
Comparative Analysis: Network Forensic SystemsComparative Analysis: Network Forensic Systems
Comparative Analysis: Network Forensic Systems
ijsrd.com
 
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
qqlan
 
Programacion
ProgramacionProgramacion
Programacion
beca777
 
Robotica (1)
Robotica (1)Robotica (1)
Robotica (1)
Luis Ángel Sanchez Cortes
 
Keuzen voor samenwerking
Keuzen voor samenwerkingKeuzen voor samenwerking
Keuzen voor samenwerking
Jo Horn
 

Weitere ähnliche Inhalte

Was ist angesagt?

Implementing a Robust Network-Based Intrusion Detection System
Implementing a Robust Network-Based Intrusion Detection SystemImplementing a Robust Network-Based Intrusion Detection System
Implementing a Robust Network-Based Intrusion Detection System
theijes
 
20170112 Working Group Assessment Mandate Presentation DRAFT V1[2]
20170112 Working Group Assessment Mandate Presentation DRAFT V1[2]20170112 Working Group Assessment Mandate Presentation DRAFT V1[2]
20170112 Working Group Assessment Mandate Presentation DRAFT V1[2]
Walter Richard Sweeney
 
AN IMPLEMENTATION OF INTRUSION DETECTION SYSTEM USING GENETIC ALGORITHM
AN IMPLEMENTATION OF INTRUSION DETECTION SYSTEM USING GENETIC ALGORITHMAN IMPLEMENTATION OF INTRUSION DETECTION SYSTEM USING GENETIC ALGORITHM
AN IMPLEMENTATION OF INTRUSION DETECTION SYSTEM USING GENETIC ALGORITHM
IJNSA Journal
 
Cscu module 01 foundations of security
Cscu module 01 foundations of securityCscu module 01 foundations of security
Cscu module 01 foundations of security
Sejahtera Affif
 
UNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSS
UNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSSUNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSS
UNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSS
IJNSA Journal
 
Use of network forensic mechanisms to formulate network security
Use of network forensic mechanisms to formulate network securityUse of network forensic mechanisms to formulate network security
Use of network forensic mechanisms to formulate network security
IJMIT JOURNAL
 
Inadequate Security Practices Expose Key NASA Network to Cyber Attack
Inadequate Security Practices Expose Key NASA Network to Cyber AttackInadequate Security Practices Expose Key NASA Network to Cyber Attack
Inadequate Security Practices Expose Key NASA Network to Cyber Attack
Bill Duncan
 
Defending against industrial malware
Defending against industrial malwareDefending against industrial malware
Defending against industrial malware
Ayed Al Qartah
 
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
qqlan
 

Was ist angesagt? (19)

Stuxnet
StuxnetStuxnet
Stuxnet
 
Implementing a Robust Network-Based Intrusion Detection System
Implementing a Robust Network-Based Intrusion Detection SystemImplementing a Robust Network-Based Intrusion Detection System
Implementing a Robust Network-Based Intrusion Detection System
 
Whitepaper | Network Security - How to defend your Plant against the threats ...
Whitepaper | Network Security - How to defend your Plant against the threats ...Whitepaper | Network Security - How to defend your Plant against the threats ...
Whitepaper | Network Security - How to defend your Plant against the threats ...
 
Computing safety
Computing safetyComputing safety
Computing safety
 
20170112 Working Group Assessment Mandate Presentation DRAFT V1[2]
20170112 Working Group Assessment Mandate Presentation DRAFT V1[2]20170112 Working Group Assessment Mandate Presentation DRAFT V1[2]
20170112 Working Group Assessment Mandate Presentation DRAFT V1[2]
 
AN IMPLEMENTATION OF INTRUSION DETECTION SYSTEM USING GENETIC ALGORITHM
AN IMPLEMENTATION OF INTRUSION DETECTION SYSTEM USING GENETIC ALGORITHMAN IMPLEMENTATION OF INTRUSION DETECTION SYSTEM USING GENETIC ALGORITHM
AN IMPLEMENTATION OF INTRUSION DETECTION SYSTEM USING GENETIC ALGORITHM
 
Stuxnet
StuxnetStuxnet
Stuxnet
 
Standards based security for energy utilities
Standards based security for energy utilitiesStandards based security for energy utilities
Standards based security for energy utilities
 
Cscu module 01 foundations of security
Cscu module 01 foundations of securityCscu module 01 foundations of security
Cscu module 01 foundations of security
 
UNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSS
UNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSSUNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSS
UNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSS
 
AXENT-Everything-IDS
AXENT-Everything-IDSAXENT-Everything-IDS
AXENT-Everything-IDS
 
Use of network forensic mechanisms to formulate network security
Use of network forensic mechanisms to formulate network securityUse of network forensic mechanisms to formulate network security
Use of network forensic mechanisms to formulate network security
 
Inadequate Security Practices Expose Key NASA Network to Cyber Attack
Inadequate Security Practices Expose Key NASA Network to Cyber AttackInadequate Security Practices Expose Key NASA Network to Cyber Attack
Inadequate Security Practices Expose Key NASA Network to Cyber Attack
 
Defending against industrial malware
Defending against industrial malwareDefending against industrial malware
Defending against industrial malware
 
Cs tations-pps xversion
Cs tations-pps xversionCs tations-pps xversion
Cs tations-pps xversion
 
Aca presentation arm_
Aca presentation arm_Aca presentation arm_
Aca presentation arm_
 
Infosec Workshop - PacINET 2007
Infosec Workshop - PacINET 2007Infosec Workshop - PacINET 2007
Infosec Workshop - PacINET 2007
 
Comparative Analysis: Network Forensic Systems
Comparative Analysis: Network Forensic SystemsComparative Analysis: Network Forensic Systems
Comparative Analysis: Network Forensic Systems
 
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
 

Andere mochten auch

Programacion
ProgramacionProgramacion
Programacion
beca777
 
Eu cybersecurity strategy 130207
Eu cybersecurity strategy 130207Eu cybersecurity strategy 130207
Eu cybersecurity strategy 130207
Yury Chemerkin
 
Save Tibet! 2.0
Save Tibet! 2.0Save Tibet! 2.0
Save Tibet! 2.0
Eis346
 
Black berry playbook security part two - blackberry bridge
Black berry playbook security part two - blackberry bridgeBlack berry playbook security part two - blackberry bridge
Black berry playbook security part two - blackberry bridge
Yury Chemerkin
 
Facebook ireland audit review report 21 sept 2012
Facebook ireland audit review report 21 sept 2012Facebook ireland audit review report 21 sept 2012
Facebook ireland audit review report 21 sept 2012
Yury Chemerkin
 
Growler mar13
Growler mar13Growler mar13
Growler mar13
Cav Frsa
 
The regulation of ant colony foraging activity without spatial information
The regulation of ant colony foraging activity without spatial informationThe regulation of ant colony foraging activity without spatial information
The regulation of ant colony foraging activity without spatial information
Yury Chemerkin
 

Andere mochten auch (9)

Programacion
ProgramacionProgramacion
Programacion
 
Robotica (1)
Robotica (1)Robotica (1)
Robotica (1)
 
Keuzen voor samenwerking
Keuzen voor samenwerkingKeuzen voor samenwerking
Keuzen voor samenwerking
 
Eu cybersecurity strategy 130207
Eu cybersecurity strategy 130207Eu cybersecurity strategy 130207
Eu cybersecurity strategy 130207
 
Save Tibet! 2.0
Save Tibet! 2.0Save Tibet! 2.0
Save Tibet! 2.0
 
Black berry playbook security part two - blackberry bridge
Black berry playbook security part two - blackberry bridgeBlack berry playbook security part two - blackberry bridge
Black berry playbook security part two - blackberry bridge
 
Facebook ireland audit review report 21 sept 2012
Facebook ireland audit review report 21 sept 2012Facebook ireland audit review report 21 sept 2012
Facebook ireland audit review report 21 sept 2012
 
Growler mar13
Growler mar13Growler mar13
Growler mar13
 
The regulation of ant colony foraging activity without spatial information
The regulation of ant colony foraging activity without spatial informationThe regulation of ant colony foraging activity without spatial information
The regulation of ant colony foraging activity without spatial information
 

Ähnlich wie Cyber security regulation strictly regulated by nrc feb 2013

VPN security standards - Tareq Hanaysha
VPN security standards - Tareq HanayshaVPN security standards - Tareq Hanaysha
VPN security standards - Tareq Hanaysha
Hanaysha
 
Cyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control SystemsCyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control Systems
IJEACS
 
Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices
IJECEIAES
 
Utilization of Encryption for Security in SCADA Networks
Utilization of Encryption for Security in SCADA NetworksUtilization of Encryption for Security in SCADA Networks
Utilization of Encryption for Security in SCADA Networks
International Journal of Engineering Inventions www.ijeijournal.com
 
Encryption Security in SCADA Networks
Encryption Security in SCADA NetworksEncryption Security in SCADA Networks
Encryption Security in SCADA Networks
IJRES Journal
 
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxRunning Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
jeanettehully
 
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxRunning Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
todd521
 
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENTEMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
IJNSA Journal
 
Employee trust based industrial device
Employee trust based industrial deviceEmployee trust based industrial device
Employee trust based industrial device
IJNSA Journal
 
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENTEMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
IJNSA Journal
 

Ähnlich wie Cyber security regulation strictly regulated by nrc feb 2013 (20)

White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)
 
VPN security standards - Tareq Hanaysha
VPN security standards - Tareq HanayshaVPN security standards - Tareq Hanaysha
VPN security standards - Tareq Hanaysha
 
Securing Nuclear Facilities
Securing Nuclear FacilitiesSecuring Nuclear Facilities
Securing Nuclear Facilities
 
Power station monitoring and cyber security
Power station monitoring and cyber securityPower station monitoring and cyber security
Power station monitoring and cyber security
 
Fortifying the Digital Sky: Exploring the Application of Cybersecurity for Cl...
Fortifying the Digital Sky: Exploring the Application of Cybersecurity for Cl...Fortifying the Digital Sky: Exploring the Application of Cybersecurity for Cl...
Fortifying the Digital Sky: Exploring the Application of Cybersecurity for Cl...
 
Cyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control SystemsCyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control Systems
 
Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices
 
Utilization of Encryption for Security in SCADA Networks
Utilization of Encryption for Security in SCADA NetworksUtilization of Encryption for Security in SCADA Networks
Utilization of Encryption for Security in SCADA Networks
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Encryption Security in SCADA Networks
Encryption Security in SCADA NetworksEncryption Security in SCADA Networks
Encryption Security in SCADA Networks
 
IEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel TalkIEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel Talk
 
CYBERSECURITY.pptx
CYBERSECURITY.pptxCYBERSECURITY.pptx
CYBERSECURITY.pptx
 
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxRunning Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
 
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxRunning Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
 
IRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A ReviewIRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A Review
 
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENTEMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
 
Employee trust based industrial device
Employee trust based industrial deviceEmployee trust based industrial device
Employee trust based industrial device
 
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENTEMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
 
Network security
Network securityNetwork security
Network security
 
The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443
 

Mehr von Yury Chemerkin

Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...
Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...
Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...
Yury Chemerkin
 
Red october. detailed malware description
Red october. detailed malware descriptionRed october. detailed malware description
Red october. detailed malware description
Yury Chemerkin
 
Comment crew indicators of compromise
Comment crew indicators of compromiseComment crew indicators of compromise
Comment crew indicators of compromise
Yury Chemerkin
 
Appendix g iocs readme
Appendix g iocs readmeAppendix g iocs readme
Appendix g iocs readme
Yury Chemerkin
 
Appendix f (digital) ssl certificates
Appendix f (digital) ssl certificatesAppendix f (digital) ssl certificates
Appendix f (digital) ssl certificates
Yury Chemerkin
 
Appendix e (digital) md5s
Appendix e (digital) md5sAppendix e (digital) md5s
Appendix e (digital) md5s
Yury Chemerkin
 
Appendix d (digital) fqd ns
Appendix d (digital) fqd nsAppendix d (digital) fqd ns
Appendix d (digital) fqd ns
Yury Chemerkin
 
6071f3f4 40e6-4c7b-8868-3b0b21a9f601
6071f3f4 40e6-4c7b-8868-3b0b21a9f6016071f3f4 40e6-4c7b-8868-3b0b21a9f601
6071f3f4 40e6-4c7b-8868-3b0b21a9f601
Yury Chemerkin
 
Zane lackey. security at scale. web application security in a continuous depl...
Zane lackey. security at scale. web application security in a continuous depl...Zane lackey. security at scale. web application security in a continuous depl...
Zane lackey. security at scale. web application security in a continuous depl...
Yury Chemerkin
 
Windows 8. important considerations for computer forensics and electronic dis...
Windows 8. important considerations for computer forensics and electronic dis...Windows 8. important considerations for computer forensics and electronic dis...
Windows 8. important considerations for computer forensics and electronic dis...
Yury Chemerkin
 
Stuxnet. analysis, myths, realities
Stuxnet. analysis, myths, realitiesStuxnet. analysis, myths, realities
Stuxnet. analysis, myths, realities
Yury Chemerkin
 
Stuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learnedStuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learned
Yury Chemerkin
 
Sophos ransom ware fake antivirus
Sophos ransom ware fake antivirusSophos ransom ware fake antivirus
Sophos ransom ware fake antivirus
Yury Chemerkin
 
Six months later – a report card on google’s demotion of pirate sites
Six months later – a report card on google’s demotion of pirate sitesSix months later – a report card on google’s demotion of pirate sites
Six months later – a report card on google’s demotion of pirate sites
Yury Chemerkin
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guide
Yury Chemerkin
 
Security configuration recommendations for apple i os 5 devices
Security configuration recommendations for apple i os 5 devicesSecurity configuration recommendations for apple i os 5 devices
Security configuration recommendations for apple i os 5 devices
Yury Chemerkin
 
Render man. hacker + airplanes = no good can come of this
Render man. hacker + airplanes = no good can come of thisRender man. hacker + airplanes = no good can come of this
Render man. hacker + airplanes = no good can come of this
Yury Chemerkin
 
Mario heiderich. got your nose! how to steal your precious data without using...
Mario heiderich. got your nose! how to steal your precious data without using...Mario heiderich. got your nose! how to steal your precious data without using...
Mario heiderich. got your nose! how to steal your precious data without using...
Yury Chemerkin
 

Mehr von Yury Chemerkin (20)

Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...
Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...
Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...
 
Red october. detailed malware description
Red october. detailed malware descriptionRed october. detailed malware description
Red october. detailed malware description
 
Comment crew indicators of compromise
Comment crew indicators of compromiseComment crew indicators of compromise
Comment crew indicators of compromise
 
Appendix g iocs readme
Appendix g iocs readmeAppendix g iocs readme
Appendix g iocs readme
 
Appendix f (digital) ssl certificates
Appendix f (digital) ssl certificatesAppendix f (digital) ssl certificates
Appendix f (digital) ssl certificates
 
Appendix e (digital) md5s
Appendix e (digital) md5sAppendix e (digital) md5s
Appendix e (digital) md5s
 
Appendix d (digital) fqd ns
Appendix d (digital) fqd nsAppendix d (digital) fqd ns
Appendix d (digital) fqd ns
 
6071f3f4 40e6-4c7b-8868-3b0b21a9f601
6071f3f4 40e6-4c7b-8868-3b0b21a9f6016071f3f4 40e6-4c7b-8868-3b0b21a9f601
6071f3f4 40e6-4c7b-8868-3b0b21a9f601
 
Jp3 13
Jp3 13Jp3 13
Jp3 13
 
Zane lackey. security at scale. web application security in a continuous depl...
Zane lackey. security at scale. web application security in a continuous depl...Zane lackey. security at scale. web application security in a continuous depl...
Zane lackey. security at scale. web application security in a continuous depl...
 
Windows 8. important considerations for computer forensics and electronic dis...
Windows 8. important considerations for computer forensics and electronic dis...Windows 8. important considerations for computer forensics and electronic dis...
Windows 8. important considerations for computer forensics and electronic dis...
 
Stuxnet. analysis, myths, realities
Stuxnet. analysis, myths, realitiesStuxnet. analysis, myths, realities
Stuxnet. analysis, myths, realities
 
Stuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learnedStuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learned
 
Sophos ransom ware fake antivirus
Sophos ransom ware fake antivirusSophos ransom ware fake antivirus
Sophos ransom ware fake antivirus
 
Six months later – a report card on google’s demotion of pirate sites
Six months later – a report card on google’s demotion of pirate sitesSix months later – a report card on google’s demotion of pirate sites
Six months later – a report card on google’s demotion of pirate sites
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guide
 
Security configuration recommendations for apple i os 5 devices
Security configuration recommendations for apple i os 5 devicesSecurity configuration recommendations for apple i os 5 devices
Security configuration recommendations for apple i os 5 devices
 
Render man. hacker + airplanes = no good can come of this
Render man. hacker + airplanes = no good can come of thisRender man. hacker + airplanes = no good can come of this
Render man. hacker + airplanes = no good can come of this
 
Msft oracle brief
Msft oracle briefMsft oracle brief
Msft oracle brief
 
Mario heiderich. got your nose! how to steal your precious data without using...
Mario heiderich. got your nose! how to steal your precious data without using...Mario heiderich. got your nose! how to steal your precious data without using...
Mario heiderich. got your nose! how to steal your precious data without using...
 

Kürzlich hochgeladen

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Kürzlich hochgeladen (20)

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 

Cyber security regulation strictly regulated by nrc feb 2013

  • 1. Security Cyber Security Strictly Regulated by NRC; No Additional Regulation Needed February 2013 Key Points  The U.S. Nuclear Regulatory Commission (NRC) has extensive regulations for cyber security protection at nuclear energy facilities. Regulatory oversight by other agencies is unnecessary and would duplicate the already-strict NRC oversight.  The nuclear energy industry implemented a cyber security program in 2002 to protect critical digital assets and the information they contain from sabotage or malicious use. The industry has been strengthening its response in the years since.  The NRC in 2009 established regulations for cyber security at commercial reactors, even though critical computer systems used to control nuclear energy facilities are not connected to the Internet.  The industry has worked with federal regulators—including the NRC, the Federal Energy Regulatory Commission (FERC) and the North American Electric Reliability Corporation (NERC)—to ensure that digital assets are fully protected. FERC initially proposed rules to cover portions of a nuclear energy facility but reversed its stance when it found that the NRC’s cyber security rulemaking covers the entire facility. Cyber Security Systems Nuclear energy facilities use both digital and analog systems to monitor plant processes, operate equip- ment, and store and retrieve information. Analog systems follow hard-wired instructions; digital computer systems use software to provide instructions. Digital systems, including individual computers and networks, are vulnerable to cyber attacks, which include malicious exploitation and infection by malware such as viruses, worms and other types of programming code. Nuclear energy facilities are designed to shut down safely if necessary, even if there is a breach of cyber security. A cyber attack cannot prevent critical systems in a nuclear energy facility from performing their safety functions. Among other measures, these critical systems are not connected to the Internet or to a facility’s internal network. The isolation of critical safety systems minimizes the pathways for a cyber attack. Nuclear energy facilities also are designed to automatically disconnect from the power grid if there is a disturbance that could be caused by a cyber attack. No Need for Duplicative Federal Oversight The White House has proposed that the Department of Homeland Security work with critical infrastructure sectors, including the electric sector, to devise strategies to secure computer systems and protect them 1
  • 2. against cyber threats. Under the proposal, the agency could develop a cyber security strategy for facilities that do not have one. The electric power sector is the only industry with mandatory, enforceable cyber security standards—Critical Infrastructure Protection standards. Moreover, nuclear power plants are strict- ly regulated in this area by NRC regulations and oversight. Additional regulation would be duplicative and would risk creating inconsistencies in requirements. Cyber Protection in Place at Nuclear Power Plants The Nuclear Energy Institute has developed the only comprehensive cyber security program specifically designed for control system and critical infrastructure security and the first of its kind within the energy sector. All nuclear power plants adopted the NEI cyber security program in 2006 and had implemented it by 2008. A year later, the NRC issued comprehensive regulations that require a cyber security plan for all nuclear energy facilities. NRC regulation covers all areas of a plant, including those that might otherwise be subject to NERC’s critical infrastructure protection reliability standards or proposed Department of Homeland Security oversight. Every company operating nuclear power plants has earned NRC approval for a cyber security plan that describes how the facility is implementing its cyber security program. Companies also provided the NRC with a schedule describing the actions toward full implementation of its cyber security program. The NRC has reviewed and approved each of these schedules and regularly inspects cyber protection measures at U.S. reactors. Five Steps That Provide Protection Each U.S. nuclear power plant has taken the following measures to ensure protection against cyber threats:  Isolated key control systems using either air-gaps, which do not implement any network or internet connectivity, or installed robust hardware-based isolation devices that separate front-office computers from the control system, thus making the front-office computers useless for attacking essential sys- tems. As a result, key safety, security and power generation equipment at the plants are protected from any network-based cyber attacks originating outside the plant.  Enhanced and implemented strict controls over the use of portable media and equipment. Where de- vices like thumb drives, CD, and laptops are used to interface with plant equipment, measures are in place to minimize the cyber threat. These measures include authorizing use of portable assets to the performance of a specific task, minimizing the movement from less secure assets to more secure as- sets, and virus scanning. As a result, nuclear power plants are well-protected from attacks like Stuxnet, which was propagated through the use of portable media.  Heightened defenses against an insider threat. Training and insider mitigation programs have been enhanced to include cyber attributes. Individuals who work with digital plant equipment are subject to increased security screening, cyber security training and behavioral observation.  Implemented cyber security controls to protect equipment deemed most essential for the protection of public health and safety. 2
  • 3.  Taken measures to maintain effective cyber protection measures. These measures include maintaining equipment listed in the plant configuration management program and ensuring changes to the equip- ment are performed in a controlled manner. A cyber security impact analysis is performed before mak- ing changes to relevant equipment. The effectiveness of cyber security controls is periodically as- sessed, and enhancements are made where necessary. Vulnerability assessments are performed to ensure that the cyber security posture of the equipment is maintained. 3