ML102070025
| ML102070025 | |
| Person / Time | |
|---|---|
| Site: | Dresden, Peach Bottom, Oyster Creek, Byron, Braidwood, Limerick, Clinton, Quad Cities, LaSalle, Crane |
| Issue date: | 07/27/2010 |
| From: | Nicholas Difrancesco Plant Licensing Branch III |
| To: | Exelon Generation Co |
| DiFrancesco N, NRR/DORL/LPL3-2, 415-1115 | |
| References | |
| TAC ME2684, TAC ME2685, TAC ME2686, TAC ME2687, TAC ME2688, TAC ME2689, TAC ME2690, TAC ME2691, TAC ME2692, TAC ME2693, TAC ME2694, TAC ME2695, TAC ME2696, TAC ME2697, TAC ME2698, TAC ME2699 | |
| Download: ML102070025 (4) | |
Text
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555*0001 July 27, 2010 LICENSEE:
Exelon Generation Company, LLC (Exelon)
FACILITY:
Braidwood Station, Units 1 and 2 (Braidwood)
Byron Station, Unit Nos. 1 and 2 (Byron)
Clinton Power Station, Unit No.1 (Clinton)
Dresden Nuclear Power Station, Units 2 and 3 (Dresden)
LaSalle County Station, Units 1 and 2 (LaSalle)
Limerick Generating Station, Units 1 and 2 (Limerick)
Oyster Creek Nuclear Generating Station (Oyster Creek)
Peach Bottom Atomic Power Station, Units 2 and 3 (Peach Bottom)
Quad Cities Nuclear Power Station, Units 1 and 2 (Quad Cities)
Three Mile Island Nuclear Station, Unit 1 (TMI)
SUBJECT:
SUIVIMARY OF JULY 19, 2010, CATEGORY 1 MEETING WITH EXELON TO DISCUSS RE-SUBMITTAL OF ITS CYBER SECURITY PLAN (TAC NOS.
ME2684, ME2685, ME2686, ME2687, ME2688, ME2689, IVIE2690, ME2691, ME2692, ME2693, ME2694, ME2695, ME2696, ME2697, ME2698, ME2699)
On July 19, 2010, a Category 1 public meeting was held between the U.S. Nuclear Regulatory Commission (NRC) and representatives of Exelon Generation Company, LLC (Exelon, the licensee) at NRC Headquarters, One White Flint North, 11555 Rockville Pike, Rockville, Maryland. The purpose of the meeting was to discuss deviations from the cyber security plan template contained within Nuclear Energy Institute (NEI) 08-09, Revision 6, "Cyber Security Plan for Nuclear Reactors" and the Exelon cyber security plan to be submitted in the near future. At the start of the meeting, the NRC noted that their responses should be taken as initial feedback and not as a technical review. The formal review will be conducted upon submittal of the cyber security plan. The major deviations and the initial NRC response to each are as follows:
In Appendix A, Section 3.1.2 of NEI 08-09, Rev. 6, Exelon stated that they plan to strike the last part of the 6th bullet that reads "and estimates of cyber security risk levels." The NRC staff found this to be acceptable.
In Appendix A, Section 4.7 of NEI 08-09, Rev. 6, Exelon stated that they plan to replace the 2nd bullet with "procedures for severing external electronic connections until secure conditions can be restored" in reference to Regulatory Guide 5.71, Appendix C, Section 9.1. The NRC staff found this to be acceptable.
In Appendix A, Section 3.1.4 of NEI 08-09, Rev. 6, Exelon stated that they plan to change the word "evaluation" to "examination" in the introductory paragraph in order to maintain uniformity. The NRC staff found this to be acceptable.
-2
- In Appendix A, Section 4.3 of NEI 08-09, Rev. 6, Exelon stated that they plan to make changes to some aspects of the defense-in-depth language used in the template. The NRC staff found this deviation to be acceptable as long as Exelon were to maintain the "deterministic" and "non-deterministic" nomenclature used to describe the devices being implemented.
- In Appendix A, Section 3.1.6 of NEI 08-09, Rev. 6, Exelon stated that they plan to change the word "eliminates" to "mitigates" in the 2nd paragraph. The NRC staff did not approve of this deviation for Safeguard Information (SGI)-related reasons.
In addition to these deviations, the NRC staff provided clarification to the Exelon staff regarding the application of certain security controls.
It should be noted that Exelon did not provide the NRC with any material to review prior to the meeting. NRC feedback was based upon orally presented questions.
Members of the public were in attendance. No Public Meeting Feedback forms were received.
Please direct any inquiries to me at 301-415-1115, or nicholas.difrancesco@nrc.gov.
Sincerely,
/IUJJ Nicholas J. DiFrancesco, Project Manager Plant Licensing Branch 111-2 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket Nos. 50-456,50-457,50-454,50-455, 50-461, 50-237,50-249, 50-373,50-374,50-352, 50-353,50-219,50-277,50-278,50-254, 50-265, and 50-289
Enclosure:
List of Attendees cc w/encl: Distribution via Listserv
LIST OF ATTENDEES JULY 19. 2010. MEETING WITH EXELON GENERATION COMPANY. LLC CYBER SECURITY PLAN RE-SUBMITTAL NAME ORGANIZATION C. Gratton Office of Nuclear Reactor Regulation (NRR)/ Division of Operating Reactor Licensing (DORL)
T. Wengert NRRlDORL C. Erlanger Office of Nuclear Security and Incident Response (NSIR)
M. Coflin NSIR M. Shinn NSIR N. Johnston NSIR P. Pederson NSIR B. Harren NSIR G. Simonds NSIR J. Rogge*
Region-I G. Kaegie Exelon D. Walker Exelon J. Drowley Exelon R. Janati*
Commonwealth of Pennsylvania Department of Environmental Protection (DEP)
M. Murphy*
DEP R. Fuller*
DEP S. Dolley*
Platts Nuclear
- Per Telecon Enclosure
P KGML eetlng otlce 5
eetlng Summary ML102070025 OFFICE DORULPL3-2/PM DORULPL3-2/LA DORULPL3-2/BC DORULPL3-2/PM NAME NDiFrancesco THarris MDavid for RCarlson MMahoney for NDiFrancesco DATE 07/24/10 7127110 7/27/10