IR 05000528/2013405
| ML13119A545 | |
| Person / Time | |
|---|---|
| Site: | Palo Verde  |
| Issue date: | 04/29/2013 |
| From: | Miller G B NRC/RGN-IV/DRS/EB-2 |
| To: | Edington R K Arizona Public Service Co |
| References | |
| IR-13-405 | |
| Preceding documents: |
|
| Download: ML13119A545 (8) | |
Text
April 29, 2013
Randall K. Edington, Executive Vice President, Nuclear/CNO Arizona Public Service Company P.O. Box 52034, Mail Stop 7602 Phoenix, AZ 85072-2034
SUBJECT: PALO VERDE NUCLEAR GENERATING STATION - NOTIFICATION TO PERFORM INSPECTION OF TEMPORARY INSTRUCTION 2201/004,
"INSPECTION OF IMPLEMENTATION OF INTERIM CYBER SECURITY MILESTONES 1-7," AND REQUEST FOR INFORMATION (05000528/2013405, 05000529/2013405, 05000530/2013405)
Dear Mr. Edington:
On June 17, 2013, the U.S. Nuclear Regulatory Commission (NRC) will begin an inspection of Arizona Public Service Company's cyber security program implementation for Palo Verde Nuclear Generating Station, Units 1, 2, and 3 using the guidance in Temporary Instruction 2201/004, "Inspection of Implementation of Interim Cyber Security Milestones 1-7."
As previously discussed with members of your staff, the inspection will be performed to assess and verify that the cyber security program interim implementation milestones have been implemented in accordance with the regulatory requirements of 10 CFR 73.54 and NRC-
approved cyber security plans and implementation schedules.
In accordance with 10 CFR 73.54, each nuclear power plant licensee was required to submit a proposed cyber security plan and implementation schedule for NRC approval. On February 28, 2011, NEI provided a revised "Template for the Cyber Security Plan Implementation Schedule," for the purpose of providing licensee's with a generic template to aid in the development of their cyber security plan and implementation schedule. Based on NRC review (ML110070348), the template was found acceptable to develop cyber security plans and implementation schedules. With a variety of valid operational and technical issues, full implementation dates varied among the operating fleet of nuclear power reactors. The NRC staff worked with the nuclear industry to devise seven interim implementation milestones to ensure a level of protection against cyber security threats at each power reactor until full implementation of 10 CFR 73.54 is achieved. In its NRC-approved implementation schedule, each licensee committed to meet these seven interim milestones by December 31, 2012. These seven milestones are: (1) establishment of a Cyber Security Assessment Team (CSAT); (2) identification and documentation of critical systems (CSs) and critical digital assets (CDAs); (3) installation of protective devices between lower and higher security levels as described in the Cyber Security Plan; (4) implementation of access control for portable mobile devices; (5) observation for and identification of obvious cyber related tampering; (6) implementation of cyber security controls for CDAs that could adversely impact the design function of target set equipment; and (7) implementing and commencing on-going monitoring and assessment activities.
By letter dated July 22, 2010 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML102150229) supplemented by letters dated September 29, 2010, November 30, 2010, January 20, 2011, and March 31, 2011 (ADAMS Accession Nos.
ML102810308, ML103420060, ML110320077, and ML111030028), Arizona Public Service Company submitted a license amendment request for approval of a Cyber Security Plan and Implementation Schedule for the Palo Verde Nuclear Generating Station, Units 1, 2, and 3 as required by Title 10 of the Code of Federal Regulations (10 CFR) 73.54. The inspection of the interim cyber security program at Palo Verde Nuclear Generating Station will be limited to the verification of implementation of milestones one through seven. Temporary Instruction 2201/004, "Inspection of Implementation of Interim Cyber Security Milestones 1-7," provides a programmatic level review and verification of the site-specific implementation of these milestones. Milestone 8 will be inspected on a future date.
The schedule for the onsite inspection for Milestones 1 through 7 is as follows:
- Information Gathering Visit: June 4 - 6, 2013 * Milestone Inspection: June 17 - 21, 2013 The purpose of the information gathering visit is to: (1) obtain information and documentation needed to support the TI inspection; (2) become familiar with the Palo Verde Nuclear Generating Station Cyber Security Program, personnel, and plant layout; and (3) arrange logistical details, such as office space, availability of knowledgeable staff, and to ensure unescorted site access privileges.
In order to assure an efficient inspection, we have enclosed a request for information describing documents needed to aid the inspectors in preparing for and conducting the temporary instruction inspection. These documents have been divided into four groups. The first group lists information necessary to aid the inspectors in planning for the TI inspection. It is requested that this information be provided to the lead inspector via mail or electronically by May 20, 2013 of possible. The second group also lists information and possible areas for discussion necessary to assist the inspectors during the inspection. It is requested this information be available during the information gathering visit (June 4 - 6, 2013). The third group of requested documents consists of those items that the inspectors will review, or need access to, during the inspection. Please have this information available by the first day of the onsite inspection week (June 17, 2013). The fourth group lists the information necessary to aid the inspectors in tracking questions and answers identified as a result of the inspection. It is requested that this information be provided to the lead inspector as the information is generated during the inspection. It is important that all of these documents are up to date and complete in order to minimize the number of additional documents requested during the preparation and/or the onsite portions of the TI inspection. The lead inspector is Sam Graves. We understand that our contact for this inspection is Nawaporn AaronsCooke of your Regulatory Affairs organization. If there are any questions about the inspection or the material requested, please contact the lead inspector at (817) 200-1102, or via e-mail at samuel.graves@nrc.gov.
This letter does not contain new or amended information collection requirements subject to the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). Existing information collection requirements were approved by the Office of Management and Budget, control number 3150-0011. The NRC may not conduct or sponsor, and a person is not required to respond to, a request for information or an information collection requirement unless the requesting document displays a currently valid Office of Management and Budget control number. In accordance with 10 CFR 2.390 of the NRC's "Rules of Practice," a copy of this letter will be available electronically for public inspection in the NRC Public Document Room or from the Publicly Available Records (PARS) component of the NRC's Agencywide Document Access and Management System (ADAMS). ADAMS is accessible from the NRC Website at http://www.nrc.gov/reading-rm/adams.html (the Public Electronic Reading Room).
Sincerely,/RA/ Geoffrey Miller, Chief Engineering Branch 2 Division of Reactor Safety Dockets: 50-528; 50-529; 50-530 Licenses: NPF-41; NPF-51; NPF-74
Enclosure:
Cyber Security Temporary Instruction (TI) 2201/004 (Milestones 1 - 7) Request for Information cc w/
Enclosure:
Distribution via ListServe