skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Lessons Learned in Over a Decade of Technical Support for U.S. Nuclear Cyber Security Programmes

Abstract

Pacific Northwest National Laboratory’s (PNNL) nuclear cyber security team has been providing technical support to the U.S. Nuclear Regulatory Commission (NRC) since 2002. This team has provided cyber security technical experties in conducting cyber security inspections, developing of regulatory rules and guidance, reviewing facility cyber security plans, developing inspection guidance, and developing and teaching NRC inspectors how to conduct cyber security assessments. The extensive experience the PNNL team has gathered has allowed them to compile a lenghty list of recommendations on how to improve cyber security programs and conduct assessments. A selected set of recommendations are presented, including the need to: integrate an array of defenisve strategies into a facility’s cyber security program, coordinate physical and cyber security activities, train phycial security forces to resist a cyber-enabled physical attack, improve estimates of the consequences of a cyber attack, properly resource cyber security assessments, appropropriately account for insider threats, routinely monitor security devices for potential attacks, supplement compliance-based requirements with risk-based decision making, and introduce the concept of resilience into cyber security programs.

Authors:
; ; ;
Publication Date:
Research Org.:
Pacific Northwest National Lab. (PNNL), Richland, WA (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
1345465
Report Number(s):
PNNL-SA-98808
NN4009040
DOE Contract Number:  
AC05-76RL01830
Resource Type:
Conference
Resource Relation:
Conference: Proceedings of the Interational Conference on Nuclear Security: Enhancing Global Efforts, July 1-5, 2013, Vienna, Austria, Paper No. IAEA-CN--203/335
Country of Publication:
United States
Language:
English

Citation Formats

Glantz, Clifford S., Landine, Guy P., Craig, Philip A., and Bass, Robert B. Lessons Learned in Over a Decade of Technical Support for U.S. Nuclear Cyber Security Programmes. United States: N. p., 2013. Web.
Glantz, Clifford S., Landine, Guy P., Craig, Philip A., & Bass, Robert B. Lessons Learned in Over a Decade of Technical Support for U.S. Nuclear Cyber Security Programmes. United States.
Glantz, Clifford S., Landine, Guy P., Craig, Philip A., and Bass, Robert B. Thu . "Lessons Learned in Over a Decade of Technical Support for U.S. Nuclear Cyber Security Programmes". United States.
@article{osti_1345465,
title = {Lessons Learned in Over a Decade of Technical Support for U.S. Nuclear Cyber Security Programmes},
author = {Glantz, Clifford S. and Landine, Guy P. and Craig, Philip A. and Bass, Robert B.},
abstractNote = {Pacific Northwest National Laboratory’s (PNNL) nuclear cyber security team has been providing technical support to the U.S. Nuclear Regulatory Commission (NRC) since 2002. This team has provided cyber security technical experties in conducting cyber security inspections, developing of regulatory rules and guidance, reviewing facility cyber security plans, developing inspection guidance, and developing and teaching NRC inspectors how to conduct cyber security assessments. The extensive experience the PNNL team has gathered has allowed them to compile a lenghty list of recommendations on how to improve cyber security programs and conduct assessments. A selected set of recommendations are presented, including the need to: integrate an array of defenisve strategies into a facility’s cyber security program, coordinate physical and cyber security activities, train phycial security forces to resist a cyber-enabled physical attack, improve estimates of the consequences of a cyber attack, properly resource cyber security assessments, appropropriately account for insider threats, routinely monitor security devices for potential attacks, supplement compliance-based requirements with risk-based decision making, and introduce the concept of resilience into cyber security programs.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {2013},
month = {9}
}

Conference:
Other availability
Please see Document Availability for additional information on obtaining the full-text document. Library patrons may search WorldCat to identify libraries that hold this conference proceeding.

Save / Share: