ML101460275
| ML101460275 | |
| Person / Time | |
|---|---|
| Site: | Robinson  |
| Issue date: | 06/09/2010 |
| From: | Orf T Plant Licensing Branch II |
| To: | Mccartney E Carolina Power & Light Co |
| Orf, T J, NRR/DORL/301-415-2788 | |
| References | |
| TAC ME2746 | |
| Download: ML101460275 (3) | |
Text
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 June 9, 2010 Mr. Eric McCartney, Vice President H. B. Robinson Steam Electric Plant, Unit NO.2 Carolina Power & Light Company 3581 West Entrance Road Hartsville, South Carolina 29550-0790 SUB~IECT:
H. B. ROBINSON STEAM ELECTRIC PLANT, UNIT NO.2 - LICENSE AMENDMENT REQUEST FOR APPROVAL OF THE CYBER SECURITY PLAN (TAC NO. ME2746)
Dear Mr. McCartney:
The purpose of this letter is to inform you that the U.S. Nuclear Regulatory Commission (NRC) staff has completed an initial review of a license amendment request (LAR) for H.B. Robinson Steam Electric Plant, Unit NO.2 (HBRSEP). This LAR was submitted by letter dated November 23, 2009 (Agencywide Documents Access and Management System (ADAMS)
Accession No. ML093340350), by Carolina Power & Light Company, doing business as Progress Energy Carolinas (PEC), Inc. The proposed LAR includes the cyber security plan, proposed changes to Section 3.F of the renewed facility operating license, and a proposed cyber security plan implementation schedule. The proposed cyber security plan has been submitted in accordance with Title 10 of the Code of Federal Regulations (10 CFR),
Section 73.54, "Protection of digital computer and communication systems and networks."
In accordance with the Office of Nuclear Reactor Regulation Office Instruction L1C-109, "Acceptance Review Procedures" (ADAMS Accession No. ML091810088), Section 3.1.3, "Rare Circumstance," the NRC staff has decided to forgo the traditional acceptance review due to the complexity and "first-of-a-kind" nature of this application. While the NRC staff has docketed your application, the NRC staff is not rendering a judgment as to the acceptability of the submittal within the context of an acceptance review.
The cyber security plan submittal prepared for HBRSEP is based on Nuclear Energy Institute (NEI) guidance contained in NEI 08-09, "Cyber Security Plan for Nuclear Power Reactors,"
Revision 3. The NRC staff had significant generic concerns with this guidance. As a result of NRC staff discussions with NEI and the Executive Task Force of the industry Nuclear Security Working Group (NSWG), NEI and NSWG committed to representing operating power reactor licensees in resolving these concerns.
Through numerous interactions, the NRC staff has communicated their generic concerns with the NEI guidance. The security-related nature of the information required these interactions to be conducted in closed meetings not open to the public. A publicly available list of the specific issues discussed with NEI and NSWG was communicated to the licensees via e-mail dated March 9, 2010 (ADAMS Accession No. ML100680284).
By letter dated April 28, 2010, NEI submitted Revision 6 to NEI 08-09 (ADAMS Accession Nos.
ML101180434 and ML101180437), which contains changes that address the NRC staff
E. McCartney
- 2 concerns associated with previous versions. Based on a technical review of the document, the Office of Nuclear Security and Incident Response in its letter dated May 5, 2010 (ADAMS Accession No. ML101190371), concluded that submission of a cyber security plan using the template provided in NEI 08-09, Revision 6, dated April 2010, would be an acceptable means for licensees to demonstrate compliance with the requirements of 10 CFR 73.54, with the exception of the definition of "cyber attack."
Therefore, to resolve the NRC staffs concerns with the requested LAR, PEC is requested to review the list of generic issues provided to the industry cyber security writing team and forwarded to all licensees via e-mail dated March 9, 2010, and provide a revised submittal as appropriate. For those generic issues that will not be addressed in the revised submittal, provide additional information or justification in the revised submittal for their exclusion.
For any changes to the cyber security plan proposed in the original LAR, PEC is requested to indicate that the revised submittal supersedes the previous submittal in its entirety or indicate what portions are superseded.
As a potentially less resource intensive alternative to addressing the individual generic issues within the existing submittal, PEC may submit a revised cyber security plan consistent with Regulatory Guide (RG) 5.71 1 or submit a revised cyber security plan consistent with NEI 08-09, Revision 6. However, if this option is exercised, the NRC staff expects that the existing application will be withdrawn and the revised application resubmitted concurrently.
The NRC staff requests that PEC's response or revised cyber security plan application be submitted within 60 days of the date of this letter. Please contact me if circumstances result in the need to revise the requested response date.
Following receipt and review of your response, you will be advised by separate correspondence if any further information is needed to support the NRC staff's detailed technical review. If you have any questions regarding this matter, I may be reached at (301) 415-2788.
Sincerely,
~C¥-
Tracy J. Orf, Project Manager Plant Licensing Branch 11-2 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket No. 50-261 cc: Distribution via Listserv 1 In January, 2010, the NRC staff issued RG 5.71, "Cyber Security Programs for Nuclear Facilities" (ADAMS Accession No. ML090340159). This guidance provides an approach that the NRC staff deems acceptable for complying with the Commission's regulations regarding the protection of digital computers, communications systems, and networks from a cyber security attack.
E. McCartney
- 2 concerns associated with previous versions. Based on a technical review of the document, the Office of Nuclear Security and Incident Response in its letter dated May 5, 2010 (ADAMS Accession No. ML101190371), concluded that submission of a cyber security plan using the template provided in NEI 08-09, Revision 6, dated April 2010, would be an acceptable means for licensees to demonstrate compliance with the requirements of 10 CFR 73.54, with the exception of the definition of "cyber attack."
Therefore, to resolve the NRC staff's concerns with the requested LAR, PEC is requested to review the list of generic issues provided to the industry cyber security writing team and forwarded to all licensees via e-mail dated March 9, 2010, and provide a revised submittal as appropriate. For those generic issues that will not be addressed in the revised submittal, provide additional information or justification in the revised submittal for their exclusion.
For any changes to the cyber security plan proposed in the original LAR, PEC is requested to indicate that the revised submittal supersedes the previous submittal in its entirety or indicate what portions are superseded.
As a potentially less resource intensive alternative to addressing the individual generic issues within the existing submittal, PEC may submit a revised cyber security plan consistent with Regulatory Guide (RG) 5.71 1 or submit a revised cyber security plan consistent with NEI 08-09, Revision 6. However, if this option is exercised, the NRC staff expects that the existing application will be withdrawn and the revised application resubmitted concurrently.
The NRC staff requests that PEC's response or revised cyber security plan application be submitted within 60 days of the date of this letter. Please contact me if circumstances result in the need to revise the requested response date.
Following receipt and review of your response, you will be advised by separate correspondence if any further information is needed to support the NRC staff's detailed technical review. If you have any questions regarding this matter, I may be reached at (301) 415-2788.
Sincerely, IRA!
Tracy J. Ort, Project Manager Plant Licensing Branch 11-2 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket No. 50-261 cc: Distribution via ListServ lin January, 2010, the NRC staff issued RG 5.71, "Cyber Security Programs for Nuclear Facilities" (ADAMS Accession No. ML090340159). This guidance provides an approach that the NRC staff deems acceptable for complying with the Commission's regulations regarding the protection of digital computers, communications systems, and networks from a cyber security attack.
DISTRIBUTION:
PUBLIC LPL2-2 r/f RidsNrrPM Robinson RidsNrrLACSola RidsNrrDorlLpl2-2 RidsNrrDorlDpr RidsNrrDirsltsb RidsOgcRp C. Erlanger, NSIR P. Pederson, NSIR RidsRgn2MailCenter RidsAcrsAcnw MailCTR ADAMS Accession No*.. ML101460275 OFFICE LPL2-2/PM LPL2-2/LA LPL2-2/BC LPL2-2/PM NAME TOrf CSoia DBroaddus (EBrown for)
TOrf DATE OS/27/10 OS/26/10 06/07/10 06/09/10 OFFICIAL RECORD COpy