Coordination and interface of cyber security and digital instrumentation and control system reviews

John Thorp, Karl Sturzebecher, Samir Darbali, Steven Arndt

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

At the time the (latest) cyber security regulatory structure was being put into place, the NRC recognized that there was overlapping cyber security guidance in RG 1.152 and RG 5.71. With reactor safety requirements contained within 10 CFR Part 50 and security requirements contained within 10 CFR Part 73, NRC determined that the 10 CFR Part 73 framework was the appropriate location for the NRC's cyber security regulations and guidance. The decision was made to revise RG 1.152, Revision 2 and remove references to cyber security and protection from malicious activity. Revision 3 of RG 1.152 reflects these changes; however, the regulatory guide still provides regulatory positions on the establishment of secure development and operational environments for digital safety systems to comply with the 10 CFR Part 50 requirements. To support the coordination of cyber security and digital I&C reviews the NRC is currently developing an interoffice instruction that would address the interactions between the Office of Nuclear Reactor Regulation (NRR), the Office of New Reactors (NRO), the Office of Nuclear Security and Incident Response (NSIR), and the regional offices in reviewing digital safety systems and their cyber security provisions. Additionally, at the next planned update of SRP Chapters 7 and 13, the NRC will add language to define where the safety and security reviews will be completed and to provide the appropriate references to staff reviews and inspections that will be completed as part of the staff evaluation under other chapters. These staff documents will discuss the framework for coordination of cyber security regulation between NRC offices. They will promote coordination among the NRC staff and foster consistency in the staff regulation of safety and cyber security for digital I&C systems. In addition the framework will ensure that cyber security is adequately considered from the beginning phases of the digital I&C system life cycle, and the staff will consider whether the licensee or applicant has taken early measures to plan for, and/or address, the cyber security requirements contained in its NRC-approved cyber security plans. This paper will discuss how the NRC staff is implementing this framework and associated documents.

Original languageEnglish
Title of host publication9th International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, NPIC and HMIT 2015
PublisherAmerican Nuclear Society
Pages1936-1943
Number of pages8
ISBN (Electronic)9781510808096
StatePublished - 2015
Externally publishedYes
Event9th International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, NPIC and HMIT 2015 - Charlotte, United States
Duration: Feb 22 2015Feb 26 2015

Publication series

Name9th International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, NPIC and HMIT 2015
Volume3

Conference

Conference9th International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, NPIC and HMIT 2015
Country/TerritoryUnited States
CityCharlotte
Period02/22/1502/26/15

Keywords

  • Cyber security
  • I&C
  • Safety security interface
  • Secure development and operational environment

Fingerprint

Dive into the research topics of 'Coordination and interface of cyber security and digital instrumentation and control system reviews'. Together they form a unique fingerprint.

Cite this