Pacific Northwest National Laboratory’s (PNNL) nuclear cyber security team has been providing technical support to the U.S. Nuclear Regulatory Commission (NRC) since 2002. This team has provided cyber security technical experties in conducting cyber security inspections, developing of regulatory rules and guidance, reviewing facility cyber security plans, developing inspection guidance, and developing and teaching NRC inspectors how to conduct cyber security assessments. The extensive experience the PNNL team has gathered has allowed them to compile a lenghty list of recommendations on how to improve cyber security programs and conduct assessments. A selected set of recommendations are presented, including the need to: integrate an array of defenisve strategies into a facility’s cyber security program, coordinate physical and cyber security activities, train phycial security forces to resist a cyber-enabled physical attack, improve estimates of the consequences of a cyber attack, properly resource cyber security assessments, appropropriately account for insider threats, routinely monitor security devices for potential attacks, supplement compliance-based requirements with risk-based decision making, and introduce the concept of resilience into cyber security programs.
Revised: February 22, 2017 |
Published: September 5, 2013
Citation
Glantz C.S., G.P. Landine, P.A. Craig, and R.B. Bass. 2013.Lessons Learned in Over a Decade of Technical Support for U.S. Nuclear Cyber Security Programmes. In Proceedings of the Interational Conference on Nuclear Security: Enhancing Global Efforts, July 1-5, 2013, Vienna, Austria, Paper No. IAEA-CN--203/335. Vienna:IAEA.PNNL-SA-98808.