Thanks for all the great info. Lots to read there, both links, but on a scan, the name “Scattered Castles” caught my eye. I wonder if there’s any tie-in whatsoever to Q’s Red Castle - Green Castle posts. I’ll have to look at them again with an eye to seeing if they could be related to information classification levels, security clearances, etc.
I met some nuclear power plant inspectors many years ago when I was up in that area looking at homes - Harris plant, if I’m not mistaken, and they were from Alabama.
They were probably actual nuclear inspectors - the ones that look for radiation leaks, corroded pipes, a lot of physical stuff - they are the original nuclear inspectors. I came in when the NRC decided they actually needed to worry about cyber, so they contracted a bunch of us to go out with the regular inspectors but we would inspect anything digital. Mostly computer stuff, but if something had a microchip, or a serial port (or any port that could have digital input) we assessed it. Even night-vision standalone scopes for the AR-15s had serial ports for firmware upgrades. The only other difference between us and the non-cyber inspectors was we all required Q clearances - most of them only required an L with the supervisor getting a Q.
We were all contractors but all of us wore the NRC "uniform" with the polo shirts with the NRC seal, the hardhat with the big NRC seal, and everything else. It was odd that whenever we would put those hats on and walk into a plant people would move out of our way like we were a gang or something. Plants were seriously scared of NRC inspectors because whether it was the original people or us cyber guys either one of us could shut them down and/or fine them. Some plants can lose as much as $1M a day if they are down, and if they got shut down by NRC they stayed down until they fixed the issue and were reinspected. If they didn't pass their cyber inspections they would lose their license to operate until they fixed everything.
I felt bad for the plants because for the cyber stuff we could tell them the violations we found but couldn't tell them why it is a violation or how to fix it. Stupid govt rules. I had one place that I found a violation at, and it was as simple as labeling a specific CD and putting it in a locked cabinet. I couldn't tell them that, and I actually got in trouble for arguing with HQ that not telling the plant what was wrong didn't help anyone and only led to less trust.
Thanks for all the great info. Lots to read there, both links, but on a scan, the name “Scattered Castles” caught my eye. I wonder if there’s any tie-in whatsoever to Q’s Red Castle - Green Castle posts. I’ll have to look at them again with an eye to seeing if they could be related to information classification levels, security clearances, etc.
I met some nuclear power plant inspectors many years ago when I was up in that area looking at homes - Harris plant, if I’m not mistaken, and they were from Alabama.
They were probably actual nuclear inspectors - the ones that look for radiation leaks, corroded pipes, a lot of physical stuff - they are the original nuclear inspectors. I came in when the NRC decided they actually needed to worry about cyber, so they contracted a bunch of us to go out with the regular inspectors but we would inspect anything digital. Mostly computer stuff, but if something had a microchip, or a serial port (or any port that could have digital input) we assessed it. Even night-vision standalone scopes for the AR-15s had serial ports for firmware upgrades. The only other difference between us and the non-cyber inspectors was we all required Q clearances - most of them only required an L with the supervisor getting a Q.
We were all contractors but all of us wore the NRC "uniform" with the polo shirts with the NRC seal, the hardhat with the big NRC seal, and everything else. It was odd that whenever we would put those hats on and walk into a plant people would move out of our way like we were a gang or something. Plants were seriously scared of NRC inspectors because whether it was the original people or us cyber guys either one of us could shut them down and/or fine them. Some plants can lose as much as $1M a day if they are down, and if they got shut down by NRC they stayed down until they fixed the issue and were reinspected. If they didn't pass their cyber inspections they would lose their license to operate until they fixed everything.
I felt bad for the plants because for the cyber stuff we could tell them the violations we found but couldn't tell them why it is a violation or how to fix it. Stupid govt rules. I had one place that I found a violation at, and it was as simple as labeling a specific CD and putting it in a locked cabinet. I couldn't tell them that, and I actually got in trouble for arguing with HQ that not telling the plant what was wrong didn't help anyone and only led to less trust.