Views
3 months ago

Inside NIRMA - Spring March 2018 Issue

Nuclear operators urged

Nuclear operators urged to tackle growing threat from cyber attack emails In October, the United States Computer Emergency Readiness Team (US-CERT) warned of an advanced persistent threat activity targeting energy sectors including nuclear power. The alert followed investigations by the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). "Since at least May 2017, threat actors have targeted government entities and the energy, water, aviation, nuclear, and critical manufacturing sectors, and, in some cases, have leveraged their capabilities to compromise victims’ networks," US-CERT said in a statement. "DHS assesses this activity as a multi-stage intrusion campaign by threat actors targeting low security and small networks to gain access and move laterally to networks of major, high value asset owners," it said. In July, consultancy group PwC reported “suspected state actors” had used fake emails to penetrate the administration systems of multiple U.S. nuclear plants, as part of a cyber intrusion campaign codenamed Nuclear17. In September, cyber security firm Symantec said it believed a sophisticated cyber espionage group known as Dragonfly was behind a recent wave of cyber attacks on European and U.S. power generation companies. Targets reportedly included personnel working for power generation companies and manufacturers of plant control systems. Article reprinted with permission of Nuclear Energy Insider. Read full article here. Inside NIRMA Magazine Wants Your Photos! With the 2018 launch of the new Inside NIRMA magazine, we would like to have some real "work pictures" to use (with permission) for backdrop shots, etc. We are interested in photos of people in your workplace performing tasks, particularly around records management, document control, engineering and IT, as examples. Other areas are also welcome! Be sure to obtain permission for use from the persons involved. No company or individual names would be included. Please email photos (JPG format preferred) to DevereauxInc@outlook.com. Nominations needed! NIRMA elections will occur in July and we need your HELP! Please send your nominations to the nominating committee members, myself (SHouse@ameren.com) or Cedric Jones (CJONES5@entergy.com) by April 30, 2018. The committee is required to submit the list of nominees to NIRMA Secretary Lona Smith by May 8, 2018. PDBU Continued from Page 16 Board Elections: Two board positions will be filled. Please consider nominating yourself or other individuals whom you consider qualified to fill these leadership positions. The nominating committee will then contact nominees to obtain the required supporting documentation. Factors to include in your consideration of nominees are length of time as a NIRMA member, committee activities, leadership positions held, service to NIRMA, professional qualifications and the desire/ability to serve on the Board. The term is three years. Service Awards: Shana House, Nominating Committee Nominations for annual Exemplary Service Awards are also being accepted. If you would like to nominate someone for their outstanding service to the association, please contact Sarah Perkins, NIRMA Administrator at nirma@nirma.org. completing parts 2-4 of the CRM exam cycle. The CRA can be a first step to obtaining the CRM or it can stand on its own, based on your professional goals. Meanwhile, we continue to make progress on having the NS exam offered electronically through Pearson VUE. The Nuclear Specialist (NS) designation can be obtained by holders of either a CRA or a CRM. The new Federal Specialist designation will require the CRM. I am also seeking one or two co-directors to assist me with the PDBU. For additional information about the above, the PDBU in general, or if you are interested in becoming a co-director, please contact me at tammy.cutts@pge.com. 18 Spring 2018 NIRMA.org Inside NIRMA

ImplementIng presIdent’s Order to Protect Controlled Unclassified Information By Marianne Narick, Senior IT/IM Manager and Records Team Lead, NRC Background he NRC is hard at work developing policies and procedures to implement Executive Order 13556, dated November 4, 2010, “Controlled Unclassified Information” (CUI). This Order established the CUI Program to standardize the way the executive branch handles information that requires safeguarding or dissemination control (excluding information that is classified under Executive Order 13526, Classified National Security Information, or any predecessor or successor order; or the Atomic Energy Act of 1954). As the CUI Executive Agent (EA), the National Archives and Records Administration (NARA) is developing and issuing policy and phased implementation guidance for the CUI Program with the consultative support of the CUI Advisory Council. The NRC along with many other Federal departments and agencies is a member of the Advisory Council and as such is providing input to NARA for consideration and resolution as appropriate, any disputes, complaints, and suggestions about the CUI Program. Identify, Review, and Define Categories The CUI Executive Order prescribes a bottom-up approach, in which each department and agency is required to: •Identify all Sensitive but Unclassified markings being employed in their particular department or agency, such as “Official Use Only,” “Pre- Decisional,” or “Sensitive”; •Identify the authority for those markings, i.e. law, regulation, or government-wide policy; •Review those markings to identify any areas for consolidation across the Executive branch or the elimination of redundancy; and Specifically define all categories, subcategories, and markings that the department or agency would like to continue to employ. NARA Leadership NARA led an interagency process to establish Executive branch-wide definitions and taxonomy of categories of CUI. The taxonomy and standardized definitions are published in a public CUI registry to increase transparency and ensure consistent application across the Executive branch of Government (see CUI Registry - Categories and Subcategories here ). On November 14, 2016, the CUI Rule became effective, but NARA has instructed Federal agencies to make no changes to existing processes at this time given the phased implementation approach underway. Future updates will be posted as more information becomes available. Editors Neal and Sandra Miller DevereauxInc@outlook.com Advertising Neal.F.Miller@gmail.com NIRMA Headquarters Sarah Perkins NIRMA Administrator 245 Sunnyridge Ave., #41 Fairfield, CT 06824 nirma@nirma.org Inside NIRMA NIRMA.org Spring 2018 19