skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: A PROVEN APPROACH FOR EFFECTIVE COMPUTER SECURITY SELF-ASSESSMENTS AT NUCLEAR FACILITIES

Abstract

A proven method for conducting cybersecurity self-assessments at nuclear power plants is now available for international use. This method was originally developed by Pacific Northwest National Laboratory, under the sponsorship of the U.S. Nuclear Regulatory Commission (NRC), for use at U.S. nuclear power plants. The “Method,” described in NUREG/CR-6847 “Cyber Security Self-Assessment Method for U.S. Nuclear Power Plants,” was originally a limited release document that was withheld from public disclosure but is now publicly available. The Method provides a systematic, phased, and risk-informed approach to help decision makers and security specialists understand their relative cybersecurity posture. Completed Method assessments may be used to support or validate selection of computer security controls to mitigate cyber threats as well as demonstrate compliance with regulations or statutes enacted by competent authorities. The Method assesses the cybersecurity posture of key systems at a nuclear facility with a focus on protection of design base functions. It considers both physical and digital elements of system vulnerabilities and the resulting potential consequences from exploitation. It is well-suited for addressing blended cyberattacks. A semi-quantitative analytical approach is used in the evaluation of potential vulnerabilities, consequences, and risks and provides a technical basis for the selection of security controlsmore » to mitigate cyberattacks. The Method’s application at U.S. nuclear power plants has been very encouraging. The only nuclear plant in the United States that did not have adverse findings during its initial NRC computer security inspection prepared for inspection through the diligent application of this self-assessment method and the implementation of recommendations that came out of that self-assessment. Nuclear facilities around the world might find application of the Method extremely helpful for making cost-effective, risk-based decisions regarding computer security and for preparing to pass computer security inspections by their competent authorities.« less

Authors:
 [1];  [1];  [1]
  1. BATTELLE (PACIFIC NW LAB)
Publication Date:
Research Org.:
Pacific Northwest National Lab. (PNNL), Richland, WA (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
1604145
Report Number(s):
PNNL-SA-149277
DOE Contract Number:  
AC05-76RL01830
Resource Type:
Conference
Resource Relation:
Conference: IAEA International Conference on Nuclear Security (ICONS 2020), February 10-14, 2020, Vienna, Austria
Country of Publication:
Austria
Language:
English
Subject:
Cyber security, Nuclear security, Self-assessment

Citation Formats

Landine, Guy P., Glantz, Clifford S., and Coles, Garill A. A PROVEN APPROACH FOR EFFECTIVE COMPUTER SECURITY SELF-ASSESSMENTS AT NUCLEAR FACILITIES. Austria: N. p., 2020. Web.
Landine, Guy P., Glantz, Clifford S., & Coles, Garill A. A PROVEN APPROACH FOR EFFECTIVE COMPUTER SECURITY SELF-ASSESSMENTS AT NUCLEAR FACILITIES. Austria.
Landine, Guy P., Glantz, Clifford S., and Coles, Garill A. Wed . "A PROVEN APPROACH FOR EFFECTIVE COMPUTER SECURITY SELF-ASSESSMENTS AT NUCLEAR FACILITIES". Austria.
@article{osti_1604145,
title = {A PROVEN APPROACH FOR EFFECTIVE COMPUTER SECURITY SELF-ASSESSMENTS AT NUCLEAR FACILITIES},
author = {Landine, Guy P. and Glantz, Clifford S. and Coles, Garill A.},
abstractNote = {A proven method for conducting cybersecurity self-assessments at nuclear power plants is now available for international use. This method was originally developed by Pacific Northwest National Laboratory, under the sponsorship of the U.S. Nuclear Regulatory Commission (NRC), for use at U.S. nuclear power plants. The “Method,” described in NUREG/CR-6847 “Cyber Security Self-Assessment Method for U.S. Nuclear Power Plants,” was originally a limited release document that was withheld from public disclosure but is now publicly available. The Method provides a systematic, phased, and risk-informed approach to help decision makers and security specialists understand their relative cybersecurity posture. Completed Method assessments may be used to support or validate selection of computer security controls to mitigate cyber threats as well as demonstrate compliance with regulations or statutes enacted by competent authorities. The Method assesses the cybersecurity posture of key systems at a nuclear facility with a focus on protection of design base functions. It considers both physical and digital elements of system vulnerabilities and the resulting potential consequences from exploitation. It is well-suited for addressing blended cyberattacks. A semi-quantitative analytical approach is used in the evaluation of potential vulnerabilities, consequences, and risks and provides a technical basis for the selection of security controls to mitigate cyberattacks. The Method’s application at U.S. nuclear power plants has been very encouraging. The only nuclear plant in the United States that did not have adverse findings during its initial NRC computer security inspection prepared for inspection through the diligent application of this self-assessment method and the implementation of recommendations that came out of that self-assessment. Nuclear facilities around the world might find application of the Method extremely helpful for making cost-effective, risk-based decisions regarding computer security and for preparing to pass computer security inspections by their competent authorities.},
doi = {},
journal = {},
number = ,
volume = ,
place = {Austria},
year = {2020},
month = {3}
}

Conference:
Other availability
Please see Document Availability for additional information on obtaining the full-text document. Library patrons may search WorldCat to identify libraries that hold this conference proceeding.

Save / Share: