It was great to see old cyber security colleagues and friends again last week at the NEI Cyber Security Implementation Workshop in Boston. While speaking to the attendees, my colleagues at WizNucleus and I noted that the manpower support necessary to perform required vulnerability assessments is a significant challenge for most of them. For example, assessing the Critical Digital Assets (CDAs) against threat notification from the NVD database and assigning prioritization scores to the CVEs takes up a lot of manpower.
The ability to automatically download the CVE string from the NVD database and to determine the CDA assets affected, and the initiation of the evaluation of the vulnerability impact, would support a reduction of manpower. Any tool used for this purpose must be able to store a complete baseline of all CDA information including software and firmware; it must interface with CDA assessments; it must come with some preconfigured workflows to support the CVE for resolution. I’m glad to see that our WizNucleus solution has made excellent progress in this direction.
Because of the immense focus on meeting Milestone 8 requirements and getting ready for regulatory inspections of the cyber security program, the re-assessment of CDAs may be challenged and could contribute additional backlogs. Additionally, many plants will be undergoing Milestone 8 inspections this year, which could impact the prioritization of manpower to complete programmatic, administrative maintenance requirements. Automation is the answer.
Gary is a professional with over 30 years experience in the Nuclear Industry.