October is National Cyber Security Awareness Month and – before we head into November – it’s now a good time to remember the importance of cyber security. Cyber crime threatens our work, personal life, identity and privacy. Here at the NRC, we’re committed to protecting our internal digital assets and information, as well as ensuring that our regulated facilities’ critical digital systems of are well protected. This vigilance supports the NRC’s security and safety missions.
All NRC employees are required to complete annual training on computer security. Some of the concepts we teach our employees are useful for everyone:
- Set strong passwords and don’t share them with anyone.
- Keep your operating system, browser, and other critical software optimized and secure by installing updates.
- Maintain an open dialogue with your family, friends, and community about Internet safety.
- Limit the amount of personal information you post online, and use privacy settings.
- Be cautious about what you receive or read online; if it sounds too good to be true, it probably is.
The NRC ensures operating power reactor licensees and applicants seeking new licenses implement appropriate protections against cyber threats. Since 2009, the NRC has required each power plant to have a cyber security program in place to protect their computer and communications systems.
Over the last two years we have conducted more than 35 cyber security inspections and actively engaged licensees to ensure all identified issues are addressed. In the recently released “Strategic Plan: Fiscal Years 2014-2018,” we highlight the importance of cyber security guidance for nuclear power reactors, fuel cycle and spent fuel storage facilities, non-power reactors, decommissioned nuclear facilities, and materials licensees.
The NRC is developing a final rule, 10 CFR part 73.77, “Cyber Security Event Notifications,” which, if approved, will require timely notification of cyber security events. This rule is intended to improve the NRC’s ability to respond to cyber security-related plant events, enable the NRC to more effectively evaluate potential threats, and aid the NRC’s overall situational awareness.
In our Cyber Security Directorate, part of the Office of Nuclear Security and Incident Response, we continue to work with federal partners to protect the United States’ critical infrastructure. The NRC joins the Department of Homeland Security in its interagency and public-private efforts under the Sector Specific Agency Nuclear Sector. And we join with other government regulators on the newly-established Cyber Security Forum for Independent and Executive Branch Regulators, led by Chairman Allison Macfarlane. These partnerships strengthen our mutual knowledge base and provide agencies with an opportunity to share methods and approaches to enhance overall cyber security protection.
During Cyber Security Awareness Month, federal agencies are holding a variety of events to promote the conversation – among employees and the public – on this important topic. One of the most important things for our employees and our stakeholders to realize is the individual computer user is the first line of defense in cyber security.