A recent Office of the Inspector General (OIG) report for the U.S. Nuclear Regulatory Commission (NRC) found that although the NRC had sufficient protection of digital computers, communication systems, and networks associated with safety, security, and emergency preparedness, the commission’s cybersecurity inspection program is facing future staffing issues that will affect its ability to mitigate cyber risks.
“NRC should determine potential gaps in critical skills and competencies to address emerging needs and workload fluctuations,” the OIG report said. “NRC trains current staff as cyber security inspectors, but the inspection program faces future staffing challenges, because demographic and resource constraints work against optimal staffing.”
The OIG report states that the inspection program is not performance based, and that identifying performance measures could help the program become more efficient and reliable. The OIG made two recommendations for the commission:
- Use the Strategic Workforce Planning initiative to identify skills gaps and closure strategies for future cyber staffing including hiring flexibilities, internal rotations, competency modeling, availability of outside training and continuous training, appropriate numbers and roles of staff; and
- Implement performance measures by using discussions and experiences with industry such as testing and analysis of logs.
The OIG had a meeting with the agency on May 30, but NRC did not provide any comments to include in the report, although, it did state a general agreement with the findings and recommendations.