The Nuclear Regulatory Commission recorded zero major security incidents and 29 minor security incidents in fiscal 2016, according to a recent agency report to the Office of Management and Budget.
NRC Chairman Stephen Burns detailed the findings in a Dec. 1 letter to OMB Director Shaun Donovan, which was released publicly last week. According to the letter, all 29 incidents were attempts to attack NRC staff through social engineering, which is regarded as psychological manipulation aimed at persuading people to divulge confidential information or perform acts harmful to security.
Burns said NRC staff detected each of these incidents and reported them to the agency’s computer security incident response team. The Department of Homeland Security’s United States Computer Emergency Readiness Team was also notified.
“None of these attacks resulted in any compromise of (personally identifiable information), sensitive agency information, or information systems,” Burns wrote in the letter.
The NRC has participated in DHS’ high-value assets risk and vulnerability assessments, and continues to perform mitigation and remediation activities tied to this effort, Burns wrote. The incident details were included in NRC’s fiscal 2016 Federal Information Security Management Act and Privacy Management reports.
Fiscal 2016 ended on Sept. 30.
