CNSC CYBER SECURITY PROGRAM FOR NPPS: THE PRESENT … · Cyber Security Program Inspections at NPPs...
Transcript of CNSC CYBER SECURITY PROGRAM FOR NPPS: THE PRESENT … · Cyber Security Program Inspections at NPPs...
![Page 1: CNSC CYBER SECURITY PROGRAM FOR NPPS: THE PRESENT … · Cyber Security Program Inspections at NPPs - Past and Current past cyber security programs were assessed through desktop reviews](https://reader034.fdocuments.net/reader034/viewer/2022042812/5fac75dc6b46de3a7f35a305/html5/thumbnails/1.jpg)
U.S. NRC RIC 2020 March 10 - 1
CNSC CYBER SECURITY PROGRAM FOR NPPS: THE PRESENT AND THE FUTURE
Eric Lemoine
Director, Systems Engineering Division
E-doc #6110540
U.S. Nuclear Regulatory Commission’s (NRCs)
Regulatory Information Conference (RIC) 2020
![Page 2: CNSC CYBER SECURITY PROGRAM FOR NPPS: THE PRESENT … · Cyber Security Program Inspections at NPPs - Past and Current past cyber security programs were assessed through desktop reviews](https://reader034.fdocuments.net/reader034/viewer/2022042812/5fac75dc6b46de3a7f35a305/html5/thumbnails/2.jpg)
U.S. NRC RIC 2020.3.10 - 2
Content
Regulatory requirements for cyber security
Cyber security program present and future
Cyber security program inspections
Other activities
Conclusion
![Page 3: CNSC CYBER SECURITY PROGRAM FOR NPPS: THE PRESENT … · Cyber Security Program Inspections at NPPs - Past and Current past cyber security programs were assessed through desktop reviews](https://reader034.fdocuments.net/reader034/viewer/2022042812/5fac75dc6b46de3a7f35a305/html5/thumbnails/3.jpg)
U.S. NRC RIC 2020.3.10 - 3
Canadian Nuclear Safety Commission (CNSC)
Regulates the use of nuclear energy
and materials to:
protect the health, safety and
security of Canadians and the
environment
implements Canada's international
commitments on the peaceful use of
nuclear energy
disseminates objective scientific,
technical and regulatory information
to the public
Canada’s Nuclear Regulator
![Page 4: CNSC CYBER SECURITY PROGRAM FOR NPPS: THE PRESENT … · Cyber Security Program Inspections at NPPs - Past and Current past cyber security programs were assessed through desktop reviews](https://reader034.fdocuments.net/reader034/viewer/2022042812/5fac75dc6b46de3a7f35a305/html5/thumbnails/4.jpg)
U.S. NRC RIC 2020.3.10 - 4
CNSC’s Regulatory Framework
CNSC's regulatory framework
consists of:
laws passed by Parliament that govern the regulation of Canada's nuclear industry
regulations
licences/conditions
regulatory documents used by the CNSC to regulate the nuclear industry
![Page 5: CNSC CYBER SECURITY PROGRAM FOR NPPS: THE PRESENT … · Cyber Security Program Inspections at NPPs - Past and Current past cyber security programs were assessed through desktop reviews](https://reader034.fdocuments.net/reader034/viewer/2022042812/5fac75dc6b46de3a7f35a305/html5/thumbnails/5.jpg)
U.S. NRC RIC 2020.3.10 - 5
Cyber Security Regulatory Framework
General Nuclear Safety and Control Regulations
• “Every licensee shall take reasonable precautions to
maintain the security of nuclear facilities”
Nuclear Security Regulations
• under revision to include cyber security requirements
Regulatory documents (REGDOCs)
• REGDOC-2.5.2, Design of Reactor Facilities: NPP
Licence Conditions Handbooks (LCHs)
• clarifies the regulatory requirements for each licence
condition (LC)
![Page 6: CNSC CYBER SECURITY PROGRAM FOR NPPS: THE PRESENT … · Cyber Security Program Inspections at NPPs - Past and Current past cyber security programs were assessed through desktop reviews](https://reader034.fdocuments.net/reader034/viewer/2022042812/5fac75dc6b46de3a7f35a305/html5/thumbnails/6.jpg)
U.S. NRC RIC 2020.3.10 - 6
Cyber Security Program at NPPs (Past)
Requirements (past):
• site-specific cyber security programs are in
place at all NPPs
• regulatory position statement: Letter to NPP
licensees outlining CNSC expectations
![Page 7: CNSC CYBER SECURITY PROGRAM FOR NPPS: THE PRESENT … · Cyber Security Program Inspections at NPPs - Past and Current past cyber security programs were assessed through desktop reviews](https://reader034.fdocuments.net/reader034/viewer/2022042812/5fac75dc6b46de3a7f35a305/html5/thumbnails/7.jpg)
U.S. NRC RIC 2020.3.10 - 7
Cyber Security Program at NPPs (Present)
Requirements (present):
CSA N290.7-14, “Cyber Security for Nuclear
Power Plants and Small Reactor Facilities”
cyber security controls are required in a
graded approach based on cyber essential
asset’s classification
![Page 8: CNSC CYBER SECURITY PROGRAM FOR NPPS: THE PRESENT … · Cyber Security Program Inspections at NPPs - Past and Current past cyber security programs were assessed through desktop reviews](https://reader034.fdocuments.net/reader034/viewer/2022042812/5fac75dc6b46de3a7f35a305/html5/thumbnails/8.jpg)
U.S. NRC RIC 2020.3.10 - 8
Cyber Security Program at NPPs (Future)
• Requirements (future):
CSA N290.7 is currently being updated
updated N290.7-20 is intended to be used
as cyber security program requirements for
future cyber security programs
![Page 9: CNSC CYBER SECURITY PROGRAM FOR NPPS: THE PRESENT … · Cyber Security Program Inspections at NPPs - Past and Current past cyber security programs were assessed through desktop reviews](https://reader034.fdocuments.net/reader034/viewer/2022042812/5fac75dc6b46de3a7f35a305/html5/thumbnails/9.jpg)
U.S. NRC RIC 2020.3.10 - 9
Update Cyber Security Program Inspection Guide
Inspection Guide
Purpose is to:
verify that the licensee’s cyber security program is
implemented and maintained in a manner that is
consistent with CNSC regulatory requirements,
licensee’s governance, and that follows industry
guidance and best practices
guide and assist CNSC staff in the conduct of site
inspections
![Page 10: CNSC CYBER SECURITY PROGRAM FOR NPPS: THE PRESENT … · Cyber Security Program Inspections at NPPs - Past and Current past cyber security programs were assessed through desktop reviews](https://reader034.fdocuments.net/reader034/viewer/2022042812/5fac75dc6b46de3a7f35a305/html5/thumbnails/10.jpg)
U.S. NRC RIC 2020.3.10 - 10
Cyber Security Program Inspections at NPPs - Past and Current
past cyber security programs were assessed through desktop reviews and site inspections from 2015 to 2018
revealed that all NPP facilities were compliant with the past regulatory requirements
updated programs will be assessed based on requirements of CSA N290.7-14
compliance inspections to begin in 2020
![Page 11: CNSC CYBER SECURITY PROGRAM FOR NPPS: THE PRESENT … · Cyber Security Program Inspections at NPPs - Past and Current past cyber security programs were assessed through desktop reviews](https://reader034.fdocuments.net/reader034/viewer/2022042812/5fac75dc6b46de3a7f35a305/html5/thumbnails/11.jpg)
U.S. NRC RIC 2020.3.10 - 11
Other Activities
Nuclear security regulations update
Design basis threat development support
Research
Bi-lateral/multi-lateral meetings
![Page 12: CNSC CYBER SECURITY PROGRAM FOR NPPS: THE PRESENT … · Cyber Security Program Inspections at NPPs - Past and Current past cyber security programs were assessed through desktop reviews](https://reader034.fdocuments.net/reader034/viewer/2022042812/5fac75dc6b46de3a7f35a305/html5/thumbnails/12.jpg)
U.S. NRC RIC 2020.3.10 - 12
Conclusion
cyber security programs have been implemented
at all operating Canadian NPPs
programs have been updated at most NPPs to
comply with the requirements in CSA N290.7-14
cyber security inspections have been performed
at NPPs
regulatory oversight through desktop reviews and
site inspections conducted to-date have revealed
that all NPP facilities are compliant with the
required regulatory requirements
![Page 13: CNSC CYBER SECURITY PROGRAM FOR NPPS: THE PRESENT … · Cyber Security Program Inspections at NPPs - Past and Current past cyber security programs were assessed through desktop reviews](https://reader034.fdocuments.net/reader034/viewer/2022042812/5fac75dc6b46de3a7f35a305/html5/thumbnails/13.jpg)
Thank You! Questions?
nuclearsafety.gc.ca