The Nuclear Regulatory Commission’s (NRC) Regulatory Information Conference (RIC) is typically three days full of information ranging from high-level policy as conveyed by the Commissioners themselves, to deep technical details on design, components, and nuclear fuel. This year’s RIC 2014 was packed with information on the nuclear industry and drew close to 3,000 attendees.
During one of the plenary sessions there was a panel discussion with leaders from the NRC, the Nuclear Energy Institute, and from a nuclear power plant. One of the common threads running through several of the panel member’s comments was a general admonition to the industry not to become too dependent on contractors and/or vendors.
The RIPE Framework was designed from the ground up keeping this sentiment in mind; give the automation engineers the governance process to manage their cyber security program and the training and checklists to perform their duties with competence. Although RIPE users may choose to enjoy an ongoing RIPE license (which provides annual updates and information sharing) the goal is to give the ICS practitioners the tools and methods to gain full knowledge and understanding of their own systems and processes. In this respect, the RIPE Framework is different from other approaches in the sense that working the process will actually force the indigenous plant staff to become less dependent on the various contractors and/or vendors rather than more so.