Connect with us

Hi, what are you looking for?


Security Infrastructure

Nuclear Agency’s Cybersecurity Center Not Optimized: Audit

An audit has found that the U.S. Nuclear Regulatory Commission’s security operations center is not optimized to protect the agency’s networks, which raises some concerns given the increasing volume of cyberattacks aimed at government systems.

An audit has found that the U.S. Nuclear Regulatory Commission’s security operations center is not optimized to protect the agency’s networks, which raises some concerns given the increasing volume of cyberattacks aimed at government systems.

The security operations center (SOC) of the Nuclear Regulatory Commission (NRC) is tasked with securing the agency’s network and monitoring it for any suspicious activity. While the SOC is not responsible for classified systems, the network it oversees does process sensitive unclassified information.

The objective of the Office of the Inspector General (OIG) audit was to determine if the NRC’s cybersecurity center meets operational requirements, and to assess its effectiveness in working with other organizations involved in securing the NRC’s network.

The nuclear agency’s SOC is primarily staffed by contractors working under an information technology infrastructure support services (ITISS) contract. The SOC staff, which is overseen by the NRC’s Office of the Chief Information Officer Operations Division, is responsible for analyzing network activity and taking part in incident response efforts. The SOC also provides information on incidents to the NRC’s Information Security Directorate, which in turn reports them to CERT.

According to the report, the number of cyber security incidents reported by NRC to CERT in 2014 increased by 18 percent compared to the previous fiscal year, an increase that is nearly double compared to the number of government-wide incidents reported during the same period. The list of incidents included malicious code, unauthorized access, policy violations, social engineering, scans and other access attempts.

The audit has found that while SOC staff meets security operational requirements, the center’s capabilities could be improved by better defining contractual requirements. The problem, according to the OIG, is that the current contract doesn’t clearly define the SOC’s performance objectives and functional requirements.

“NRC staff described several areas in which the SOC does not meet agency needs, including proactive analysis and timely, detailed reports. This occurs because although the contract performance criteria are aligned with National Institute of Standards and Technology and NRC internal guidance, the contract does not clearly define SOC performance goals and metrics that can be used to determine whether agency needs are being met,” the OIG said in its report.

Advertisement. Scroll to continue reading.

“Additionally, SOC staff and NRC stakeholders expressed differing expectations of SOC roles and responsibilities. This occurs due to a lack of adequate definitions in agency policies and undifferentiated functional descriptions between different entities responsible for securing NRC’s network,” the auditor added.

Another recommendation made by the OIG for improving the cybersecurity center’s performance and capabilities is to better clarify organizational responsibilities and roles.

A study conducted last year by Chatham House on cybersecurity at civil nuclear facilities revealed that the nuclear industry still underestimates the risk posed by cyberattacks.

Records obtained in September 2015 from the U.S. Department of Energy showed that the organization’s components had been breached more than 150 times between October 2010 and October 2014. Documents revealed that 19 of the successful attacks targeted the National Nuclear Security Administration.

Related: South Korea Accuses North of Cyber-attacks on Nuclear Plants

Related: Former US Govt Employee ‘Tried to Sell Nuclear Secrets’

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Management & Strategy

Hundreds of companies are showcasing their products and services this week at the 2023 edition of the RSA Conference in San Francisco.

Security Infrastructure

Comcast jumps into the enterprise cybersecurity business, betting that its internal security tools and inventions can find traction in an expanding marketplace.

Security Infrastructure

XDR's fully loaded value to threat detection, investigation and response will only be realized when it is viewed as an architecture


Identity and access governance vendor Saviynt has closed a $205 million financing round.

Cloud Security

The term ‘zero trust’ is now used so much and so widely that it has almost lost its meaning.

Identity & Access

The National Security Agency (NSA) has published a series of recommendations on how to properly configure IP Security (IPsec) Virtual Private Networks (VPNs).


Security orchestration, automation and response (SOAR) provider Swimlane on Monday announced the launch of a security automation solution ecosystem for operational technology (OT) environments.