TY - GEN
T1 - Coordination and interface of cyber security and digital instrumentation and control system reviews
AU - Thorp, John
AU - Sturzebecher, Karl
AU - Darbali, Samir
AU - Arndt, Steven
PY - 2015
Y1 - 2015
N2 - At the time the (latest) cyber security regulatory structure was being put into place, the NRC recognized that there was overlapping cyber security guidance in RG 1.152 and RG 5.71. With reactor safety requirements contained within 10 CFR Part 50 and security requirements contained within 10 CFR Part 73, NRC determined that the 10 CFR Part 73 framework was the appropriate location for the NRC's cyber security regulations and guidance. The decision was made to revise RG 1.152, Revision 2 and remove references to cyber security and protection from malicious activity. Revision 3 of RG 1.152 reflects these changes; however, the regulatory guide still provides regulatory positions on the establishment of secure development and operational environments for digital safety systems to comply with the 10 CFR Part 50 requirements. To support the coordination of cyber security and digital I&C reviews the NRC is currently developing an interoffice instruction that would address the interactions between the Office of Nuclear Reactor Regulation (NRR), the Office of New Reactors (NRO), the Office of Nuclear Security and Incident Response (NSIR), and the regional offices in reviewing digital safety systems and their cyber security provisions. Additionally, at the next planned update of SRP Chapters 7 and 13, the NRC will add language to define where the safety and security reviews will be completed and to provide the appropriate references to staff reviews and inspections that will be completed as part of the staff evaluation under other chapters. These staff documents will discuss the framework for coordination of cyber security regulation between NRC offices. They will promote coordination among the NRC staff and foster consistency in the staff regulation of safety and cyber security for digital I&C systems. In addition the framework will ensure that cyber security is adequately considered from the beginning phases of the digital I&C system life cycle, and the staff will consider whether the licensee or applicant has taken early measures to plan for, and/or address, the cyber security requirements contained in its NRC-approved cyber security plans. This paper will discuss how the NRC staff is implementing this framework and associated documents.
AB - At the time the (latest) cyber security regulatory structure was being put into place, the NRC recognized that there was overlapping cyber security guidance in RG 1.152 and RG 5.71. With reactor safety requirements contained within 10 CFR Part 50 and security requirements contained within 10 CFR Part 73, NRC determined that the 10 CFR Part 73 framework was the appropriate location for the NRC's cyber security regulations and guidance. The decision was made to revise RG 1.152, Revision 2 and remove references to cyber security and protection from malicious activity. Revision 3 of RG 1.152 reflects these changes; however, the regulatory guide still provides regulatory positions on the establishment of secure development and operational environments for digital safety systems to comply with the 10 CFR Part 50 requirements. To support the coordination of cyber security and digital I&C reviews the NRC is currently developing an interoffice instruction that would address the interactions between the Office of Nuclear Reactor Regulation (NRR), the Office of New Reactors (NRO), the Office of Nuclear Security and Incident Response (NSIR), and the regional offices in reviewing digital safety systems and their cyber security provisions. Additionally, at the next planned update of SRP Chapters 7 and 13, the NRC will add language to define where the safety and security reviews will be completed and to provide the appropriate references to staff reviews and inspections that will be completed as part of the staff evaluation under other chapters. These staff documents will discuss the framework for coordination of cyber security regulation between NRC offices. They will promote coordination among the NRC staff and foster consistency in the staff regulation of safety and cyber security for digital I&C systems. In addition the framework will ensure that cyber security is adequately considered from the beginning phases of the digital I&C system life cycle, and the staff will consider whether the licensee or applicant has taken early measures to plan for, and/or address, the cyber security requirements contained in its NRC-approved cyber security plans. This paper will discuss how the NRC staff is implementing this framework and associated documents.
KW - Cyber security
KW - I&C
KW - Safety security interface
KW - Secure development and operational environment
UR - http://www.scopus.com/inward/record.url?scp=84946200843&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:84946200843
T3 - 9th International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, NPIC and HMIT 2015
SP - 1936
EP - 1943
BT - 9th International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, NPIC and HMIT 2015
PB - American Nuclear Society
T2 - 9th International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, NPIC and HMIT 2015
Y2 - 22 February 2015 through 26 February 2015
ER -