ML103140341
| ML103140341 | |
| Person / Time | |
|---|---|
| Issue date: | 11/26/2010 |
| From: | Wiggins J Integrated Security Coordination and Policy Branch |
| To: | Fertel M Nuclear Energy Institute |
| Lee, Eric , 415-8099 | |
| References | |
| Download: ML103140341 (2) | |
Text
November 26, 2010 Mr. Marvin Fertel President and Chief Executive Officer Nuclear Energy Institute 1776 I Street, NW, Suite 400 Washington, DC 20006
Dear Mr. Fertel:
On October 21, 2010, the Commission determined as a matter of policy that the U.S. Nuclear Regulatory Commission (NRC) cyber security rule at Title 10 of the Code of Federal Regulations (10 CFR) 73.54, Protection of Digital Computer and Communication Systems and Networks, includes structures, systems, and components (SSCs) in the balance of plant (BOP) at the NRC-licensed nuclear power plants that have a nexus to radiological health and safety.
The decision resulted from consideration of the efforts between the NRC and the Federal Energy Regulatory Commission (FERC) following the work performed by the North American Electric Reliability Corporation (NERC) on the oversight of BOP systems (i.e., the Bright-Line Survey). This decision also stems from licensee responses to the Bright-Line Survey and the licensees regulatory commitments to the NRC to update their cyber security plans to clarify that the scope of their respective cyber security programs will include certain BOP SSCs. The NRC staff has communicated the Commissions policy decision to NERC and FERC in separate correspondences.
Per NERCs direction provided in its August 2010 letter, each licensee sent a notification letter to the NRC identifying that all SSCs in the BOP considered important to safety are within the scope of NRCs cyber security regulation. In the letter, each licensee also committed to submitting a revised cyber security plan to the NRC for review and approval on or before November 30, 2010. However, in light of this Commission policy decision, the NRC staff coordinated with NERC staff to defer licensees submittals of their revised cyber security plans in accordance with a schedule to be provided by the NRC. The NRC will provide each licensee with regulatory guidance in the form of a template that can be used when supplementing its cyber security plan and a schedule for submittal of the revised cyber security plan. The NRC staff will coordinate with the Nuclear Energy Institute to develop this template in an expeditious manner.
Should you or your staff have any questions, please contact Craig Erlanger at (301) 415-5374.
Sincerely,
/RA Richard P. Correia for/
James T. Wiggins, Director Office of Nuclear Security and Incident Response
November 26, 2010 Marvin Fertel President and Chief Executive Officer Nuclear Energy Institute 1776 I Street, NW, Suite 400 Washington, DC 20006
Dear Mr. Fertel:
On October 21, 2010, the Commission determined as a matter of policy that the U.S. Nuclear Regulatory Commission (NRC) cyber security rule at Title 10 of the Code of Federal Regulations (10 CFR) 73.54, Protection of Digital Computer and Communication Systems and Networks, includes structures, systems, and components (SSCs) in the balance of plant (BOP) at the NRC-licensed nuclear power plants that have a nexus to radiological health and safety.
The decision resulted from consideration of the efforts between the NRC and the Federal Energy Regulatory Commission (FERC) following the work performed by the North American Electric Reliability Corporation (NERC) on the oversight of BOP systems (i.e., the Bright-Line Survey). This decision also stems from licensee responses to the Bright-Line Survey and the licensees regulatory commitments to the NRC to update their cyber security plans to clarify that the scope of their respective cyber security programs will include certain BOP SSCs. The NRC staff has communicated the Commissions policy decision to NERC and FERC in separate correspondences.
Per NERCs direction provided in its August 2010 letter, each licensee sent a notification letter to the NRC identifying that all SSCs in the BOP considered important to safety are within the scope of NRCs cyber security regulation. In the letter, each licensee also committed to submitting a revised cyber security plan to the NRC for review and approval on or before November 30, 2010. However, in light of this Commission policy decision, the NRC staff coordinated with NERC staff to defer licensees submittals of their revised cyber security plans in accordance with a schedule to be provided by the NRC. The NRC will provide each licensee with regulatory guidance in the form of a template that can be used when supplementing its cyber security plan and a schedule for submittal of the revised cyber security plan. The NRC staff will coordinate with the Nuclear Energy Institute to develop this template in an expeditious manner.
Should you or your staff have any questions, please contact Craig Erlanger at (301) 415-5374.
Sincerely,
/RA Richard P. Correia for/
James T. Wiggins, Director Office of Nuclear Security and Incident Response DISTRIBUTION:
DSP r/f Adams Accession no.: ML103140341 OFFICE DSP/ISCPB BC/DSP/ISCPB DD/NSIR D/NSIR/DSP QTE NAME E. Lee C. Erlanger M. Layton R. Correia By email DATE 11/16/10 11/17/10 11/ 22/10 11/ 22 /10 11/18/10 OFFICE D/NSIR/DSO D/NRR D/NRO OGC D/NSIR NAME P. Holahan /RA Barry E. Leeds /RA Pat M. Johnson/RA M. Young /RA J. Wiggins /RA Weistrich for/ Hiland for/ Laura Dudes Norman StAmour Richard for/ for/ P.Correia for/
DATE 11/13/10 11/22/10 11/24/10 11/26/10 11/26/10 OFFICE RECORD COPY