Information Security for Remote Cybersecurity Inspections of Nuclear Sites

Greg White - Lawrence Livermore National Laboratory
Michael Rowland - Sandia National Laboratories
Starting in 2019, in response to the COVID-19 pandemic and associated travel restrictions, an international group of nuclear security experts and regulators began work to consider the challenges of performing remote cybersecurity inspections of nuclear sites. Remote inspections occur when some or all members of an inspection team cannot be physically present at the licensee facility during an inspection. The scope of this group included the identification of technical, logistical, and procedural challenges and identify and detail solutions. This led to several guidance documents, one of them being the Remote Inspection Information Security Guide. The Remote Inspection Information Security Guide is intended to help inspection teams protect and secure information during the planning and execution of remote inspections. This guide applies to remote inspectors performing their work remotely from an office or their residence. It is intended to elucidate key differences in information security requirements and measures for on-site and remote inspections and serves as a guide both for the regulator and licensees as they consider information security trade-offs. The initial focus is on remote cybersecurity inspections. Although it is expected that these COVID-related travel restrictions will likely ease over time, the systemic changes that emerged to accommodate the pandemic will likely continue to influence how inspections are performed due to the benefits of greater flexibility in the timing, scheduling, and the minimization of travel and required on-site personnel. In this paper, we will discuss key findings in the guide.