NUCLEAR
Protecting Operational Technology and Informational Technology for 30+ Years.
Nuclear Power Plant Cybersecurity
Protecting Nuclear Plant Systems from Cyber Attacks for 12+ Years
FoxGuard Solutions is a wholly-owned cybersecurity subsidiary of Framatome, an international leader in nuclear energy.
Protecting Industrial Control Systems (ICS), Operational Technology (OT), and Informational Technology (IT) requires strong defense against cyber intrusion threats and constant regulatory compliance. FoxGuard Solutions designs, manufactures, and integrates innovative cybersecurity and industrial computing solutions for critical infrastructures to meet the Nuclear Regulatory Commission’s (NRC) compliance. Our solutions are customized to fit the needs of your specific environment: for all plant systems including safety, important to safety, physical security, emergency preparedness, and balance of plant systems.
As a leading cybersecurity vendor, we provide you with world-class cybersecurity while lowering your operating costs. Rest assured that your cybersecurity is being managed with excellence and efficiency.
We Do The Work!
You can expect the best cybersecurity work and support when you engage with FoxGuard Solutions. In addition, your Nuclear Power Plant will benefit from:
- A reduced operation and management budget. We offer world-class talent and a lower cost than maintaining an internal team.
- Skill retention. Cybersecurity skills are in high demand, making it difficult to keep the best professionals in-house. Specialized cybersecurity contractors have less turnover to support uniform implementation of cybersecurity measures.
- Broad OT & IT Experience. FoxGuard has OT & IT experts with experience in other critical infrastructure industries and that broader experience can lead to innovations in implementing cybersecurity and compliance solutions.
- Extensively certified cybersecurity professionals. FoxGuard continuously tracks the latest qualifications and ensures our team maintains the most current certifications. Currently, our team holds over 15 unique certifications.
- Customized qualification procedures. The FoxGuard team will ascertain and comply with your qualification procedures (QUALs) including SGI, Critical Group, and Cyber Security Specialist qualifications.
- High levels of nuclear regulation experience. The FoxGuard team has experience in US and international nuclear plants, making them better qualified to apply solutions and meet regulatory requirements.
Request A Quote
We provide cybersecurity services for Advanced Reactor plant designs. Contact us to learn more.
Compliance
In 10 CFR 73.54 and RG 5.71, the Nuclear Regulatory Commission (NRC) requires nuclear utilities to take measures to protect computer and network assets from cyber attacks. To support uniform implementation of these cybersecurity measures, the NRC endorsed the NEI 08-09, NEI 13-10 and NEI 10-04 guidance. However, these cybersecurity measures are constantly evolving based on the ever-changing nature of cyber threats and the evolving regulatory frameworks that drive enhanced cyber protection.
FoxGuard Solutions is highly experienced in all facets of 10 CFR 73.54, NEI 08-09, NEI 13-10 and NEI 10-04, and can help nuclear utilities keep up with the evolving cybersecurity regulatory requirements. Since 2010, our team has been supporting utilities worldwide in their development and implementation of cybersecurity programs. Our cybersecurity experience in the US Nuclear industry includes supporting more than 12 utilities, 20 plants, and 33 units with all facets of their cybersecurity program.
Learn more about our Nuclear Periodicity Services.
Nuclear Cybersecurity Case Study
“The FoxGuard team’s collective experience and expertise allowed the team to quickly & efficiently kickoff and execute the project to achieve the desired timeline to address the findings and violations while performing under budget.”
Nuclear Focused Cybersecurity Services
FoxGuard Solutions provides customized cybersecurity solutions for commercial nuclear power plants. Our most popular services consist of:
Cybersecurity Program Development, Implementation and Ongoing Operational Support
Rest assured that you can meet security standards and regulatory requirements for Critical System and Critical Digital Asset cyber security by selecting a partner with the expertise, resources and tools to fully develop and implement all aspects of your cyber security plan. By choosing FoxGuard, you benefit from a seamless solution with a single point of accountability.
Critical Digital Asset Assessments
FoxGuard offers the right combination of plant engineering, regulatory proficiency, and cyber expertise. We couple that expertise with a pragmatic approach to assess your critical digital assets to identify and mitigate security gaps, whether they are technical, programmatic, or organizational in nature.
Continuous Monitoring & Attack Detection
The FoxGuard team has a proven track record of deploying continuous monitoring and incident response solutions that provide the highest return with the lowest plant impact. Our overall service delivery approach can help centralized monitoring and cyber-security response architecture in support of increased efficiency and effective decision-making. Services include monitoring, system issue alerts, vulnerability advisories, reporting, log management, log parsing, and log analysis for OT process systems.
Periodicity Programs
FoxGuard has developed a programmatic approach to minimize the cost associated with ongoing cybersecurity program-related activities. The FoxGuard team can provide cybersecurity support for plant design modification and maintenance-related work. You can benefit from the deployment of team members from our current projects, who have a proven track record for performing analysis tasks associated with the cyber security requirements, accompanying efforts, and specialty needs associated with modification reviews and coordination studies. Rather than increasing headcount for periodic activities, you can rely on FoxGuard for the support you need and only when you need it.
Regulatory Affairs Support
FoxGuard can provide industry-recognized regulatory affairs support to ensure the successful outcome of NRC cyber security interactions and inspections. This offering can include:
- Periodic assessment and effectiveness analysis of implementation efforts according to a defined regulatory and inspection support model.
- Performance of a pre-NRC inspection to identify potential gaps and to assess regulatory compliance with a focus on reviewing justifications provided in support of alternate controls.
Vulnerability and Penetration Testing
Penetration testing is a common part of evaluating the cybersecurity of an IT system. However, penetration testing is not advised for nuclear plant OT systems. Penetration testing simulates covert and hostile attacks against your infrastructure in order to evaluate the effectiveness of an organization’s security measures. It is a means of testing systems against advanced hacking techniques and provides insight into where your networks may be vulnerable and how they may be exploited. For an OT system, penetration testing can be safely conducted on offline development systems or by performing a tabletop review of vulnerabilities, compared to the mitigations in place. This information can then be used to develop a mitigation plan to close any identified security gaps.
Nuclear Patch Management Products & Services
In addition to the customized cybersecurity services, FoxGuard Solutions also provides a detailed suite of patch management services that comply with NRC requirements and are extremely useful with nuclear power plants’ cybersecurity.
Asset Inventory
Banish uncertainty. We identify and inventory every one of your OT assets with our select set of tools and expert team. Your organization will receive a detailed, normalized report with all your assets, including manufacturer, product name, and version.
Patch Availability Report (PAR)
Know your weaknesses. We create a recurring readable report that details all your vulnerabilities and the patches you need. It’s all done without ever touching your equipment. Our PAR report will be delivered to your security management team every month to help you maintain or work towards regulatory compliance. For more details download our PDF
Patch Applicability
Deploy the right solutions. We take a hands-on approach using your Patch Availability Report to assess all possible solutions. Either remotely or onsite, we make a risk-based assessment to determine what solutions to apply and when.
Patch Validation Programs
Validate your results. Deployment is a critical step when implementing patches to various assets across an organization. Validate your results in a controlled environment before deployment. We will help you build a validation lab to test patches before releasing them into an active environment. Then, choose from multiple options available when running your lab:
1. FoxGuard builds and runs your validation lab for you. Ensuring all patches are functioning properly before deployment.
2. FoxGuard co-manages your validation lab by providing your team with guidelines to follow and checkpoints before deployment.
3. FoxGuard trains and equips your team completely to run your validation lab independently.
Patch Binary Acquisition (PBA)
Trust your solutions. FoxGuard has a secure supply chain beginning from source vendors all the way to the point of application. This ensures that every patch remains exactly as the original vendors intended. Our secure supply chain prevents “man in the middle” attacks from corrupting a patch. FoxGuard’s tools verify the source of every patch and ensures that they are unchanged before deploying it to your OT environment.
Patch Deployment
Hardwire your success. We install Sentrigard Patch hardware onsite to encrypt and deliver patches securely. This unique solution is compliant with most regulatory standards such as NERC CIP and more.
Is your nuclear power plant achieving its highest level of cybersecurity?
The ever-changing nature of cyber threats requires systematic and continuous assessment and implementation. Using our four-step framework, we test the maturity of your cybersecurity system. We start by creating a comprehensive inventory of your assets because its critical to know exactly what you have so you can protect it. We move progressively to assess risk, execute solutions, and monitor results, providing certainty that your nuclear power plant is always operating with the highest levels of protection.
