AREVA Cyber Security
Threat is Real
In today’s digital age, many critical energy-related operations take place in cyberspace. Regulators such as the NRC and North American Electric Reliability Corporation (NERC) are requiring utilities to take measures to protect their employees and infrastructure from cyber-attack. These cyber security measures are constantly evolving based on the ever-changing nature of the threat and the evolving regulatory frameworks that drive enhanced protection.
As one of the world’s largest clean energy suppliers, AREVA is fully committed to safety, quality, performance, and delivery — the pillars of all of our activities. We bring this framework of operational excellence to the cyber security products and services we offer the energy sector to help you secure your future.
The AREVA Advantage
Our Goal is Simple: To work with you to protect your critical digital assets, physical assets and enterprise networks from exploitation in the most practical and cost-effective manner.
The Path Forward: Development and implementation of a practical approach to protect critical enterprise and industrial control infrastructure while ensuring your economic viability.
Our Commitment to You: AREVA is committed to being a trusted cyber security team member. We are driven to support your ability to successfully implement necessary and prudent cyber security controls to achieve cost-effective threat protection and regulatory compliance.
A Single Point of Accountability: AREVA has developed cyber security solutions including any required engineering modifications to minimize your total cost of ownership.
The Expertise You Require: The AREVA team comprises industry-recognized experts in nuclear plant engineering, cyber security, and regulatory affairs. These diverse capabilities enable AREVA to take a holistic approach to cyber security plan implementation, ensuring that our customers meet regulatory requirements in the most prudent manner, while minimizing disruption to plant operations.
A Proven Team Member: The AREVA team provides various levels of cyber security support across the North American nuclear fleet. We have earned a reputation for operational excellence. We bring to bear all the lessons learned and best practices developed over time to each new engagement.
Full Program Development, Implementation and Ongoing Operational Support: Rest assured that you can meet security standards and regulatory requirements for enterprise and industrial control system cyber security by selecting a partner with the expertise, resources and tools to fully develop and implement all aspects of your cyber security plan. By choosing AREVA, you benefit from a seamless solution with a single point of accountability.
Critical Digital Asset Assessments: AREVA offers the right combination of plant engineering, regulatory proficiency, and cyber expertise. We couple that expertise with a pragmatic approach to assess your critical digital assets and identify and mitigate security gaps, whether they are technical, programmatic or organizational in nature.
Continuous Monitoring & Incident Response: The AREVA team has a proven track record deploying continuous monitoring and incident response solutions that provide the highest return with the lowest plant impact. Our overall service delivery approach can help centralized monitoring and cyber-security response architecture in support of increased efficiency and effective decision making. Services include monitoring, system issue alerts, vulnerability advisories, reporting, log management, log parsing, and log analysis for process systems. Alert notifications can be sent to our 24x7x365 Incident Response Center for rapid response, issue identification and mitigation.
Digital Plant Modifications: AREVA can provide turnkey or supplemental support for cyber security engineering modifications. You can benefit from the deployment of team members within our engineering organizations, which have a proven track record for performing plant modification tasks associated with the cyber security requirements. Given our breadth of experience, AREVA is renowned for optimizing these modifications as required to improve performance and generate efficiencies. This thorough and comprehensive approach allows licensees to have predictability to achieve the highest quality modification within budget and schedule.
Periodicity Programs: AREVA has developed a programmatic approach to minimize the cost associated with ongoing cyber security program related activities. The AREVA team can provide support for cyber security modification reviews and maintenance related work. You can benefit from the deployment of team members from our current projects, which have a proven track record for performing analysis tasks associated with the cyber security requirements, accompanying efforts and specialty needs associated with modification reviews and coordination studies. Rather than increasing headcount for periodic activities, you can rely on AREVA for the support you need and only when you need it.
Regulatory Affairs Support: AREVA can provide industry recognized regulatory affairs support to ensure the successful outcome of NRC cyber security interactions and inspections. This offering can include: (1) Periodic regulatory oversight of implementation efforts according to a defined regulatory and inspection support model; and (2) Performance of a pre-NRC-inspection to identify potential gaps and to assess regulatory compliance with a focus on reviewing justifications provided in support of alternate controls.
Vulnerability and Penetration Testing: Penetration testing simulates covert and hostile attacks against your infrastructure in order to evaluate the effectiveness of an organization’s security measures. It is a means of testing systems against advanced hacking techniques and provides insight into where your networks may be vulnerable and how they may be exploited. This information can then be used to develop a mitigation plan to close any identified security gaps.
Verification and Validation (V&V) and Software Quality Assurance: AREVA’s V&V department can provide you with an objective assessment of the products developed from your system development lifecycle process. The services provided by AREVA include software V&V for analysis, program evaluation, independent reviews, audits and inspections, quality assessments, validation of software products, and overall digital I&C equipment testing, such as software and hardware integration testing, factory acceptance testing and site commissioning and startup testing.