Certified Nuclear Assessor (CNA) Bootcamp


The ICISI Certified Nuclear Assessor (CNA) Bootcamp is a full immersion course that is specifically designed for members of the Cyber Security Assessment Teams (CSAT) at commercial nuclear facilities that are responsible for implementation and maintenance of Title 10 Code of Federal Regulations Part 73.54 (10 CFR 73.54) compliant programs. Attendees will be instructed on how to build a successful cybersecurity program and ensure program-related activities are effectively being carried out.

Course content is designed by technical contributors of the U.S. Nuclear Regulatory Commission (NRC) cybersecurity guidance and oversight program, and senior cybersecurity engineers and architects from multiple sectors throughout the nation’s critical infrastructure. While consideration of national and international standards are included, the curriculum is tailored based on actual operating experience, historical regulatory program developments, and the emergent threats to nuclear power plant operation.

Who Should Attend?

Nuclear power generation facilities within the U.S. have to meet some of the toughest cybersecurity regulations in the country. Those seeking a more thorough awareness of the unique attributes and challenges of protecting industrial automation systems and equipment within these high reliability, safety-focused environments will find this course both helpful and instructive.

Course Objectives

Foundational understanding and awareness of 10 CFR 73.54 requirements and the interpretation and performance measurement of NRC Regualtory Guide 5.71 and National Energy Institute (NEI) 08-09 Cyber Security Plan objectives.

Development of common-sense, quality-driven acceptance criteria for plant cyber security program activities.

Hands-on proficiency in periodic cybersecurity tasks, CDA, and network monitoring, and recurring performance audits.

Master cyber risk measurement and protection for industrial automation systems, and streamlining methods for converging protections for critical systems and critical digital assets of all types.

This Course Will Cover the Following in Detail:

Cyber Security Regulations & Guidance

  • Historical Perspective
  • FERC, NERC, and NRC Alignment
  • Comparative Review of Regulatory Guidance
  • Requirements Planning and Analysis

Overview of Digital Technologies

  • Generational Categories of Industrial Technologies
  • Unique Security Challenges
  • Hardware & Software Attributes
  • Regulatory Definitions & Applicability

Performing Critical Security Analysis

  • Methods for Determining Compliance vs. Performance
  • Critical Analysis of Cyber Threats
  • Susceptibility to Cyber Attack

Assessing Threat Vectors & Security Controls

  • General & Discreet Threat Vectors
  • Insider Threat vs. External Threat
  • Identifying and Mitigating Performance Deficiencies
  • Tailoring Protections – When Controls Apply/Do Not Apply

Streamlining Protections for Critical Systems & Assets

  • Economize Protections
  • Regulatory Flexibilities
  • Demystifying Security Programs
  • Minimization of Attack Vectors & Pathways