Audit: Network of U.S. Nuclear Regulatory Commission not optimized against cyberthreats
Cyber deficiencies noted in U.S. Nuclear Regulatory Commission Security Operations Center.
An audit of the Security Operations Center (SOC) responsible for securing the U.S. Nuclear Regulatory Commission's (NRC) network infrastructure reveals the SOC's procedures are currently not optimized to meet the rapidly escalating needs of its government client, in light of growing cyberthreats.
A report issued yesterday by the NRC's Office of the Inspector General states that the SOC currently underperforms in providing proactive analysis, timely research and reporting, and enhanced network monitoring. Moreover, the report continues, the SOC “has relatively few highly skilled SOC analysts” who are “not solely dedicated to the SOC and can be assigned to other information technology support tasks instead of focusing on needed in-depth analysis.”
The report recommends the NRC and SOC fix these deficiencies by revising their services contract to specifically define performance expectations and establish measurable goals for supporting NRC and its stakeholders.