The 37th NITSL Workshop just wrapped up in beautiful Phoenix. The conference was just as hot as the weather.  Thanks to all who worked to put on a great workshop and to all of the attendees especially those who made presentations.  Clearly the road ahead to fully implement the cyber security program is complex and schedule driven.  There are still some scope unknowns, resources to do the work may be limited and the schedule is tight.

There are many tools out there that can facilitate completion of the several thousand CDA assessment points on the regulatory required schedule. When selecting a tool, look at features that facilitate the management of the assessment effort.  Look at features that allow collaborative efforts with multiple users.  Look at document management capabilities.  Look at how well the tool establishes the framework for maintaining compliance once the assessments are completed.  Not all tools have these features in a proven technology.

As a former licensing engineer, I would not want to go to the CNO and say we need to request schedule relief from the NRC in order to complete the required actions. We all need to do what we can to get the job done in the required timeframe.  It’s time to get hot!

Bob Gill

Foreign – Cyber Risk

One of the biggest sources of cyber risk is foreign-made computer components with digital assets. It makes it easier to launch cyber attacks on U.S. companies and consumers, and this threat is not easy to detect.  For example, the Stuxnet that crippled the Iranian nuclear plant was planted in a digital system with programmable logic control. The number of components with integrated and programmable chips is staggering. These components are a source of serious trapdoors and cyber security risks. Perhaps one way to reduce this risk is for NIST to put out specific controls required for a given class or type of component, and for DHS to require importers to do risk assessment before putting the component into distribution or production. For example, any device with built-in digital component should be subject to importer certification with regard to cyber security assessment. In principle this would be same as doing compliance risk assessment like NERC CIP or NEI 08-09, CFATS or PCI assessment but a much more limited and focused assessment. Vendors like Wiznucleus already provide tools for cyber security assessment.

Krish Shetty

Wiznuclues, Inc.

I read an article in the Washington Post recently about Congress giving the Department of Homeland Security a lot more authority on cyber security protection of critical infrastructure.  The level of urgency and effort shown by the government is legitimate but the question is, does it have the right energy and expertise to make sure that the companies can meet the requirements in an appropriate manner and cost-effectively?   For example, existing requirements such as NERC CIP compliance and NEI 08-09 implementation for nuclear power plants are complex.  They require a lot of domain knowledge and subject matter expertise in plant digital systems, control system, and security perimeter of the substations. Congress is suggesting that DHS provide tools for enforcement and aggregation of vulnerability data. This is a step in the right direction. DHS may be a good source of aggregated vulnerability data. But the current DHS cyber security tools are poorly designed and do little to help secure the critical infrastructure.  I do not believe there is any cyber security tool available from DHS to do either NERC CIP 002-009 or NEI 08-09 implementation effectively and efficiently.

Today there are cyber security tools available to measure compliance with cyber security requirements for nuclear power plants and those facilities under the jurisdiction of NERC/FERC.  For example, my company, Wiznucleus offers a cyber security software system to facilitate compliance and determine what levels are met and how to mitigate security risks.  CyberWiz-Pro™ and NERC-WIZ-PRO™ perform these required activities in an efficient and cost-effective manner using state-of-the art programming.

Check them out: http://www.wiznucleus.com

Krish Shetty

(http://www.washingtonpost.com/opinions/a-gold-standard-in-cyber-defense/2011/07/01/gIQAjsZk2H_story.html)

Another important area in which the tool helps them with is the NEI 10-08 CS Program Reviews by external party when they come to them for information. It’s all in a database and they can access it for all information. The Records are a direct print out from the tool, so they match one for one rather than having a hybrid system which then creates more problems, from a consistency and CM stand point. This it seems is a very big concern of the NRC based on pilot walk-downs that found gaps in CM and that resulted in 100% walk-downs and documentation.

It has been a great experience working with these nuclear plant licensees, because, it turns out that a lot of what we did for the STARS is resonating well with other customers. This saves them the trouble reinventing the wheel on features. That’s a win-win for everybody.

Krish Shetty

Wiznucleus, Inc
http://www.wiznucleus.com

Nuclear Cyber Security Services

Wiznucleus launches comprehensive nuclear plant cyber security readiness and compliance program

The program is designed to help utilities meet NERC/FERC and CIP compliance requirements quickly and cost-effectively.

New York – Wiznucleus has launched the company’s cyber-security solution for the nuclear energy industry. The company has exceptional information technology assets and nuclear domain expertise to leverage a successful cyber-security readiness assessments and regulatory compliance services.

Krish Shetty, Wiznucleus CEO, [right] said,

“The NRC cyber-security requirements are driving changes throughout IT business processes. Our team understands NRC regulations and licensing requirements.

And we are current with best practices in cyber-security evaluation techniques. We have invested in developing the right mix of technologies and expertise to simplify the effort required to meet the regulatory requirements and on time.”

The Wiznucleus team has performed hundreds of NRC-related audits and assessments for the industry, and they know what it takes to get a passing grade Wiznucleus supports the total process for an NRC cyber security regulatory response, including compliance with Cyber Security Standards CIP-002 through CIP-009-1, and its services includes an assessment, plan, NRC submittal, and support for execution of implementation measures.

About Wiznucleus

Wiznucleus has the nuclear industry’s best and most cost-effective knowledge management platform which aggregates, correlates, and cross references a vast array of internal and external information to provide fast decision support for regulated entities. The platform includes content and collaboration services, configuration management, and document control.

The Wiznucleus team has experience developing and implementing major IT projects at nuclear facilities, government agencies, and private industry sites. The products include refresh of the enterprise architecture and legacy systems management. The firm’s cyber-security products are qualified and auditable to NQA-1 safety software standards. Wiznucleus partners with experts in compliance, licensing, and security.

For more information contact:

Wiznucleus, Inc.
646-367-1947
Email

Wiznucleus to exhibit at American Nuclear Society Meeting
Washington, DC Nov 15-16

Wiznucleus, the leading provider of actionable knowledge management solutions for cyber security and compliance management, will exhibit at the winter meeting of the American Nuclear Society in Washington, DC, Nov 15-17. Look for us in the conference exhibit hall at the OMNI Shoreham Hotel, 2500 Calvert St., NW. It opens at the same time as the President’s reception Sunday evening Nov 15. We will be there to talk about our knowledge management and cyber-security services for the commercial nuclear industry.

WIZNUCLEUS will exhibit a complete line of software solutions for the nuclear industry.

WIZNUKE ~ Requirements Knowledge Management ~ The WIZNUKE System is designed to improve development and review of reactor design certifications and combined operating licenses. It provides the customer with a customizable environment for management of nuclear plant licensing information. WIZNUKE is delivered based on a model of the NRC’s Standard Review Approach for nuclear plant design including One-Step Licensing and the use of “Inspections, Test, Analyses and Acceptance Criteria” (ITAAC) for operational programs.

WIZMON ~ NRC/NERC Compliant Cyber Security ~ The WIZMON tool is an appliance designed to assess and implement emerging NERC and NRC cyber security requirements, in a phased approach, for access outside the Electronic Security Perimeter. It is a fully NIST compliant tool that delivers the customer’s current and legacy applications in a cyber-secure environment. WIZMON provides high-confidence in secure access for: system administration, monitoring and updates, Internet access, off-site back-ups / disaster recovery, external hosting, as well as providing a secure portal for collaboration with off-site entities.

WIZDOM STATE Module ~ WIZDOM for the State Regulator ~ The WIZDOM STATE system provides state agencies with a highly-intuitive, user-friendly, ability to centrally manage requirements for which they are responsible either directly or in an oversight role. WIZDOM STATE includes a comprehensive “Executive Dashboard” that allows management (and other users) to quickly assess the status and timing of requirements. It provides reminders to ensure critical activities (deliverable dates, status update points, etc.) are never missed. WIZDOM STATE maintains a “change-by-change” log of all modifications made to any data in the system ensuring the chain-of-accountability is maintained and sends an Alert to the responsible individual if any requirement data or parameters are changed.

WIZDOM ~ Risk Management ~ WIZDOM delivers a life cycle risk management decision support tool, adaptable to customer requirements, that ensures the latest critical information for managing the licensing and construction of a nuclear facility is at the user’s fingertips. This module is “phase-based” automatically identifying and tracking the latest regulatory changes based on the current phase of the plant including licensing, construction, and plant status during operations.
______________________________________________________

Wiznucleus Inc., 204 E. 11^th St., Suite 142, New York, NY, 10003
Tel: 646-367-1947
http://www.wiznucleus.com/ info@wiznucleus.com

Wiznucleus Launches Wizdom State™, a Software Tool for State Agency Oversight of Nuclear Power Plant Compliance Requirements

The solution is designed to help state agencies track requirements quickly and cost-effectively

New York, NY – November 9, 2009. Wiznucleus has launched the company’s commitments management software solution for state regulators who are responsible, either directly or in an oversight role, for compliance issues related to the operations of a nuclear power plant.

Wizdom State™ system provides state government agencies with the ability to centrally manage compliance requirements. The system includes a comprehensive “Executive Dashboard” that allows state regulators to quickly assess the status and timing of requirements. It provides reminders to ensure critical activities (deliverable dates, status update points, etc.) are never missed.

Wizdom State™ maintains a “change-by-change” log of all modifications made to any data in the system ensuring the chain-of-accountability is maintained and sends an alert to the responsible individual if any requirement data or parameters are changed.

The State of Vermont is one of the customers using Wizdom State™. Wiznucleus is supporting the Vermont Department of Public Service (DPS) through the development of a computer-based requirements management/commitment tracking system. The system will allow the DPS to have the status of commitments/requirements at their fingertips related to the Entergy Nuclear Vermont Yankee (ENVY) plant. The system will also be used as a proactive scheduling tool for related monitoring actions, status reports, follow up actions, etc.

Wiznucleus expects to show its Wizdom State™ product at the American Nuclear Society Winter Meeting Nov 15-17. Wiznucleus will have a booth in the exhibitors’ hall Sunday-Tuesday.

About Wiznucleus

Wiznucleus has the nuclear industry’s best and most cost-effective knowledge management platform which aggregates, correlates, and cross references a vast array of internal and external information to provide fast decision support for regulated entities. The platform includes content and collaboration services, configuration management, and document control.

The Wiznucleus team has experience developing and implementing major IT projects at nuclear facilities, government agencies, and private industry sites. Wiznucleus partners with experts in compliance, licensing, and security.

The company’s products include refresh of the enterprise architecture and legacy systems management. The cyber-security products are qualified and auditable to NQA-1 safety software standards.

Platform will reduce plants’ operational and licensing risks by more than 50%
New York City-based Wiznucleus, a provider of next-generation technology solutions to the energy industry, has announced that it has developed an advanced information technology platform that will help nuclear power plants operate more effectively, and help plant operators balance risk and regulation compliance decisions better.

Wiznucleus’ Enterprise Suite of Products is a knowledge-based, risk-informed platform designed to enable nuclear power plant technicians to intelligently track, store, manage, and utilize plant-critical information such as an inventory of all plant equipment, warranties on plant systems, a history of all plant modifications, and the complete range of requirements under which nuclear plants must operate.

The company created the product after studying the international nuclear energy sector and realizing that nuclear sector equipment vendors, technicians, and architect engineers want to share information between themselves more rapidly than they presently do.

Bruce Hinkley, Wiznucleus’ Managing Director of their Nuclear Services practice, says that the company’s Enterprise Suite of Products will support the real-time critical information needs of nuclear power plants while simultaneously reducing plants’ operational and licensing risks by more than 50%.

“We will help nuclear facilities worldwide to perform at an even higher level by mitigating risks related to new plant cost, schedule and operation,” Hinkley said.

Hinkley notes that demand for Wiznucleus’ platform is palatable as the international nuclear energy sector is a $200 billion market and is expanding.

“Two European Pressurized Reactors are under construction in Europe. China is also planning to build two European Pressurized Reactors. In 2008, the Department of Energy announced the availability of loan guarantees for $18.5 billion in financing for new power reactor projects. In response to this, the agency received requests for $122 billion in loan guarantees for 14 projects totaling 21 reactors,” notes Hinkley.

Krish Shetty, CEO of Wiznucleus, said: “Our technology will transform the way current and future nuclear power plants create, modify, share, and store information during all phases of their lifecycle – from licensing to decommissioning.

Also, Wiznucleus will enable nuclear plant partners, suppliers, and customers to more efficiently meet and accelerate project work schedules, while also lowering their budgets and improving performance through cycle time reductions resulting from real-time information, and risk management.”

Wiznucleus, partnered with Beckman and Associates, to develop the product. Wiznucleus’ Enterprise Product Suite is scheduled to be delivered in-between the third and fourth quarters of 2009.

WIZNUCLEUS, INC. 204 East 11th Street. Suite 142 New York, NY 10003

(646) 367-1947 (609) 228-4032 Fax

www.wiznucleus.com