CHALLENGES DURING THE IMPLEMENTATION OF CYBER SECURITY AT NUCLEAR POWER PLANTS


11th International Conference on CANDU® Maintenance and Nuclear Components - 2017 Oct. 01-04

Presented at:
11th International Conference on CANDU® Maintenance and Nuclear Components
2017 Oct. 01-04
Location:
Toronto, ON Canada
Session Title:
Plant Management

Authors:
J. Knight (ENERCON Services, Inc.)
J. Horn (ENERCON Services, Inc)
J. McBride (ENERCON Services, Inc)
  

Abstract

1. INTRODUCTION Requirements for the protection of digital computer and communications systems and networks for U.S. Nuclear Power Plants (NPPs) are documented in 10 CFR 73.54. Guidance to meet the requirements is provided by the Nuclear Energy Institute (NEI) NEI 08-09 Rev. 6 “Cyber Security Plan for Nuclear Power Reactors” and by the Nuclear Regulatory Commission (NRC) in RG 5.71 “Cyber Security Programs for Nuclear Facilities”. There are many challenges that need consideration during the application of these requirements at several U.S. plants. 1.1 Challenge: Integration of Requirements into the Design Process As new designs add components to the scope of a NPP’s Cyber Security Program, integration of the Cyber Security Assessment process into the plant design process is critical to ensure that new components are configured in compliance with the regulatory requirements before installation. 1.2 Challenge: Identification and Classification of Existing Critical Digital Assets It is critical to identify and classify the entire scope of Critical Digital Assets (CDAs) ahead of the Cyber Security assessment phase. NEI 10-04 Rev. 2 provides related guidance. CDAs not identified timely can be difficult to identify later, and may lead to gaps in the assessment and remediation phases. 1.3 Challenge: Program Development Development and modification of processes affected by the Cyber Security Program should be high priority as the Cyber Security Program is implemented. Programs including configuration management, vulnerability management, and training impact each other and should be considered carefully. 1.4 Challenge: Lifecycle Management for Digital Equipment The digital equipment lifecycle is much shorter and more difficult to manage than analog and mechanical equipment. Sufficient digital equipment spares should be acquired anticipating the manufacturer will end production prior to future modifications. CONCLUSION Careful attention to the challenges above can aid in avoiding major requirements implementation pitfalls in different aspects of the Cyber Security Program.

Individual Conference-Paper Copies (Electronic Where Available):

  • For CNS members, the first 5 copies per calendar year are free, and additional copies are $10 each.
  • For non-members, the price is $25 for the first Conference-paper copy in a request, and $10 each for additional copies of papers in the same conference and in the same request.
  • Contact the CNS office to order reprints.