Cyber Security Awareness Training
Another name for 10 CFR 73.54 - answer "Cyber Rule"
Requirements of 10 CFR 73.54 - answer SHALL provide high assurance that digital computer and communication systems are adequately protected against cyber-attacks
Submit cyber security plan and schedule that implements the requirements contained in
the regulation for Commission review
Where is the design basis threat described - answer 73.1
What does SSEP stand for? - answer S = Safety-related and important-to-safety functions
S = Security functions
EP = Emergency Preparedness functions including offsite communications adversely impact safety, security, or emergency preparedness functions
physical systems associated with SSEP functions - answer Critical Systems
Where are Critical Systems defined? - answer NEI 08-09
What are Critical Systems associated with? - answer • Safety-related functions
• Important to safety functions
• Security functions
• Emergency preparedness functions
Examples of support systems and equipment that can be considered Critical Systems - answer o HVAC o Power Sources
o Fire Protection Systems
List Computer software systems that do not support SSEP systems - answer o Work management systems
o Corrective action program software
o Document management software
o Engineering analysis software
o Business network systems
Requirements of NEI 08-09 - answer • Assists licensees in uniformly implementing the NRC 10 CFR 73.54 requirements • Provides a plan template and implementation schedule of either milestones
• Provides catalog of technical, operational, and management cyber security controls • Provides a glossary of terms associated with cyber security
When was NEI 08-09 endorsed? - answer May 2010
What does CDA mean? - answer Critical Digital Asset
What is a CDA? - answer digital computer, communication system, or network that is
a component of a critical system (including asset that perform SSEP functions) or a support system asset whose failure could adversely impact a SSEP function
Examples of CDAs that PERFORM SSEP functions - answer -Digital turbine control system
-Digital diesel sequencer
-Plant security computer
-Safety parameter display system (SPDDS)
Examples of CDAs that PROTECT SSEP functions - answer -Firewalls
-Data Diodes
-Intrusion detection systems (IDS)
What is a Pathway? - answer Direct and indirect connectivity access that can potentially expose a critical system to cyber attack
What is a Direct pathway? - answer includes wired and wireless pathways that involve a chain of connections
List examples of direct pathways - answer o Modems
o Data links
o Network switches
o Wireless connections
What is an Indirect pathway? - answer may include CDAs that are isolated or behind a one-way security boundary in which case data and software is manually transferred from one device to another using disk media, USB drives and other modes of data transfer
What is a Cyber Attack? - answer Any event in which there is reason to believe that an adversary has committed or caused, or attempted to commit or cause, or has made credible threats to commit or cause malicious exploitation of a SSEP function
What are Consequences of a cyber-attack? - answer o Interference with operator awareness of plant status
o Attempts to disable safety related functions
o Avoiding security controls
o Disabling emergency preparedness functions
o Loss of electrical generation
Another name for 10 CFR 73.54 - answer "Cyber Rule"
Requirements of 10 CFR 73.54 - answer SHALL provide high assurance that digital computer and communication systems are adequately protected against cyber-attacks
Submit cyber security plan and schedule that implements the requirements contained in
the regulation for Commission review
Where is the design basis threat described - answer 73.1
What does SSEP stand for? - answer S = Safety-related and important-to-safety functions
S = Security functions
EP = Emergency Preparedness functions including offsite communications adversely impact safety, security, or emergency preparedness functions
physical systems associated with SSEP functions - answer Critical Systems
Where are Critical Systems defined? - answer NEI 08-09
What are Critical Systems associated with? - answer • Safety-related functions
• Important to safety functions
• Security functions
• Emergency preparedness functions
Examples of support systems and equipment that can be considered Critical Systems - answer o HVAC o Power Sources
o Fire Protection Systems
List Computer software systems that do not support SSEP systems - answer o Work management systems
o Corrective action program software
o Document management software
o Engineering analysis software
o Business network systems
Requirements of NEI 08-09 - answer • Assists licensees in uniformly implementing the NRC 10 CFR 73.54 requirements • Provides a plan template and implementation schedule of either milestones
• Provides catalog of technical, operational, and management cyber security controls • Provides a glossary of terms associated with cyber security
When was NEI 08-09 endorsed? - answer May 2010
What does CDA mean? - answer Critical Digital Asset
What is a CDA? - answer digital computer, communication system, or network that is
a component of a critical system (including asset that perform SSEP functions) or a support system asset whose failure could adversely impact a SSEP function
Examples of CDAs that PERFORM SSEP functions - answer -Digital turbine control system
-Digital diesel sequencer
-Plant security computer
-Safety parameter display system (SPDDS)
Examples of CDAs that PROTECT SSEP functions - answer -Firewalls
-Data Diodes
-Intrusion detection systems (IDS)
What is a Pathway? - answer Direct and indirect connectivity access that can potentially expose a critical system to cyber attack
What is a Direct pathway? - answer includes wired and wireless pathways that involve a chain of connections
List examples of direct pathways - answer o Modems
o Data links
o Network switches
o Wireless connections
What is an Indirect pathway? - answer may include CDAs that are isolated or behind a one-way security boundary in which case data and software is manually transferred from one device to another using disk media, USB drives and other modes of data transfer
What is a Cyber Attack? - answer Any event in which there is reason to believe that an adversary has committed or caused, or attempted to commit or cause, or has made credible threats to commit or cause malicious exploitation of a SSEP function
What are Consequences of a cyber-attack? - answer o Interference with operator awareness of plant status
o Attempts to disable safety related functions
o Avoiding security controls
o Disabling emergency preparedness functions
o Loss of electrical generation
