FINAL SUPPORTING STATEMENT
FOR
ASSESSMENT OF CYBER SECURITY FOR BYPRODUCT MATERIALS LICENSEES
(3150-XXXX)
NEW
COLLECTIONS OF INFORMATION EMPLOYING STATISTICAL METHODS
Respondent Description
Byproduct materials licensees will be asked to voluntarily provide information on the potential vulnerabilities and risks associated with digital devices and digital systems utilized in their facilities. There are approximately 1,800 NRC and Agreement State byproduct materials licensees that will be asked to respond to the questionnaire. The NRC anticipates that 40 percent of byproduct materials licensees will respond to the voluntary questionnaire.
All byproduct materials licensees will be provided with the opportunity to respond to the questionnaire. No statistical sampling will be used. The purpose of the survey is to determine the digital assets for each licensee type and how they connect to internal/external networks, so that cyber vulnerabilities and potential consequences can be assessed.
Procedures for collecting the information
Each licensee has a radiation safety officer (RSO) or in the case of reactor licensees, a radiation protection manager (RPM). The questionnaire will be sent to each licensee’s RSO or RPM by e-mail. Licensees will be able to submit their questionnaire responses to the NRC via email, fax, or by mail.
Methods to maximize response rates and to deal with statistical issues of non-response
Participation is voluntary; however, the NRC anticipates a 40 percent response rate. The NRC will e-mail the questionnaire to each licensee’s RSO or RPM. The NRC also plans to conduct outreach to NRC licensees and to Agreement States to encourage response to the voluntary questionnaire. The responses will inform the NRC’s evaluation of the cyber security environment for each of the different groups of byproduct materials licensees and help form the basis for future NRC actions.
Tests or procedures
An initial pilot of the survey was conducted by distributing a general cyber security questionnaire, which was distributed to nine NRC licensees. Those responses helped to refine this information collection to minimize burden and improve utility.
Contacts for Statistical Aspects and Data Collection
NRC staff who may be involved in the collection and/or analysis of the information include:
Brad Bergemann
Security Specialist, Cyber Security Directorate
Office of Nuclear Security and Incident Response
(301) 287-3797
Ralph Costello
Senior Security Specialist, Cyber Security Directorate
Office of Nuclear Security and Incident Response
(301) 287-3618
Adam Gendelman
Attorney, Division of High-Level Waste, Fuel Cycle and Nuclear Security
Office of the General Counsel
(301) 415-8445
Kim Lukes
Health Physicist, Division of Material Safety, State, Tribal, and Rulemaking Programs
Office of Nuclear Materials Safety and Safeguards
(301) 415-6701
Gary Purdy
Senior Program Manager, Division of Security Policy
Office of Nuclear Security and Incident Response
(301) 287-3692
Ernesto Quinones
Senior Project Manager, Division of Material Safety, State, Tribal, and Rulemaking Programs
Office of Nuclear Materials Safety and Safeguards
(301) 415-0271
Michael Reichard
Health Physicist, Division of Nuclear Materials Safety
Region I
(610) 337-6945
Geoffrey Warren
Senior Health Physicist, Division of Nuclear Materials Safety
Region III
(630) 829-9742
Irene Wu
Project Manager, Division of Material Safety, State, Tribal, and Rulemaking Programs
Office of Nuclear Materials Safety and Safeguards
(301) 415-1951
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| Author | KEB1 |
| File Modified | 0000-00-00 |
| File Created | 2021-01-25 |