PLA-6832, Proposed Amendment No. 311 to License NPF-14 and Proposed Amendment No. 283 to License NPF-22: Changes to Cyber Security Implementation Schedule Milestones 3 and 6 PLA-6832
ML12122A011 | |
Person / Time | |
---|---|
Site: | Susquehanna |
Issue date: | 04/30/2012 |
From: | Helsel J Susquehanna |
To: | Document Control Desk, Office of Nuclear Reactor Regulation |
Shared Package | |
ML121220017 | List: |
References | |
PLA-6832 | |
Download: ML12122A011 (20) | |
Text
Jeffrey M. Helsel PPL Susquehanna, LLC Nuclear Plant Manager 769 Salem Boulevard Berwick, PA 18603 Tel. 570.542.3510 Fax 570.542.1504 jmhelsel@pplweb .com U.S. Nuclear Regulatory Commission Attn: Document Control Desk Mail Stop OP1-17 Washington, DC 20555 SUSQUEHANNA STEAM ELECTRIC STATION PROPOSED AMENDMENT NO. 311 TO LICENSE NPF-14 AND PROPOSED AMENDMENT NO. 283 TO LICENSE NPF-22: CHANGES TO CYBER SECURITY IMPLEMENTATION SCHEDULE MILESTONES 3 AND 6 Docket Nos. 50-387 PLA-6832 and 50-388
Reference:
(1) Letterfrom PPL (T. S. Rausch) to NRC Document Control Desk, "Susquehanna Steam Electric Station Proposed Amendment No. 306 to License NPF-14 and Proposed Amendment No. 277 to License NPF-22: Withdrawal and Resubmittal of Request for Approval of the PPL Susquehanna, LLC Cyber Security Plan", dated July 22, 2010 (ML102150151).
(2) Letter from PPL (T. S. Rausch) to NRC Document Control Desk, "Susquehanna Steam Electric Station Response to Cyber Security Request for Additional Information" dated April4, 2011 (ML111020217).
(3) Letter from NRC (B. K. Vaidya) to PPL (T. S. Rausch), Susquehanna Steam Electric Station, Unit Nos. 1 and 2- Issuance of Amendment RE: Approval of PPL Susquehanna, LLC Cyber Security Plan (TAC Nos. ME4420 and ME4421),
dated July 21, 2011 (ML11152A009).
PPL Susquehanna, LLC (PPL) submitted a request for an amendment to the Facility Operating Licenses (FOL) for Susquehanna Steam Electric Station, Units 1 and 2 in Reference (1) and supplemented the request in Reference (2). The request for amendment included the PPL Cyber Security Plan and the associated implementation schedule. In Reference (3 ), the NRC approved and issued the requested amendments.
The amendment approval stated the following, "The implementation of the cyber security plan (CSP), including the key intermediate milestone dates and the full implementation date, shall be in accordance with the implementation schedule submitted by the licensee by letter July 22, 2010, as supplemented by letter dated April 4, 2011, and approved by the NRC staff with this license amendment. All subsequent changes to the NRC-approved CSP implementation schedule will require prior NRC approval pursuant to 10 CFR 50.90."
PPL is planning to implement the requirements of Implementation Schedule Milestone 3
Document Control Desk PLA-6832 and 6 in a slightly different manner than described in the approved Implementation Schedule. Although no change to the Implementation Schedule dates is proposed, the changes to the description of the milestone activities is conservatively considered to be a change to the implementation schedule, and in accordance with the provisions of 10 CFR
§50.4 and §50.90, PPL is submitting this request for an amendment to the Facility Operating Licenses (FOL) for Susquehanna Steam Electric Station, Units 1 and 2.
The proposed amendments request NRC approval of the revised PPL Susquehanna, LLC Cyber Security Plan, revised Implementation Schedule and revised FOL Physical Protection license condition.
These proposed changes have been reviewed by both the Plant Operations Review Committee (PORC) and the Susquehanna Review Committee (SRC). provides an evaluation of the proposed change. Enclosure 1 also contains the following attachments:
- Attachment 1 provides the existing FOL page for Unit 1 marked up to show the proposed change.
- Attachment 2 provides the existing FOL page for Unit 2 marked up to show the proposed change. provides a copy of the revised PPL Susquehanna, LLC Cyber Security Plan Implementation Schedule. The revisions to the wording of Milestones 3 and 6 represent revised regulatory commitments. provides a copy of the revised PPL Susquehanna, LLC Cyber Security Plan.
PPL requests that Enclosure 3, which contains security-related sensitive information, be withheld from pubic disclosure in accordance with 10 CFR 2.390.
The proposed changes have been evaluated in accordance with 10 CFR 50.91(a)(1) using criteria in 10 CFR 50.92(c), and it has been determined that the changes involve no significant hazards consideration. The bases for these determinations are included in .
In accordance with 10 CFR 50.91, a copy of this application, with attachments, is being provided to the designated Commonwealth of Pennsylvania state official.
PPL requests this license amendment be effective as of its date of issuance. Although this request is neither exigent nor emergency, your review and approval is requested prior to August 31, 2012.
If you should have any questions regarding this submittal, please contact Mr. John L. Tripoli at (570) 542-3100.
Document Control Desk PLA-6832 I declare under penalty of perjury that the foregoing is true and correct.
Executed on:
~*--"'"'""'
Enclosures:
- 1. Evaluation of Proposed Change
- 2. PPL Susquehanna, LLC Cyber Security Plan Implementation Schedule
- 3. PPL Susquehanna, LLC Cyber Security Plan [Security-Related Information-Withhold Under 10 CFR 2.390]
Attachments to Enclosure 1:
- 1. Facility Operating License No. NPF-14, Unit 1 (Mark-up)
- 2. Facility Operating License No. NPF-22, Unit 2 (Mark-up) cc: NRC Region I Mr. P. W. Finney, NRC Sr. Resident Inspector Mr. R. R. Janati, DEP/BRP Ms. C. J. Sanders, NRC Project Manager
Enclosure 1 to PLA-6832 Evaluation of Proposed Change Request for Approval of the PPL Susquehanna, LLC Cyber Security Plan
- 1. Summary Description
- 2. Detailed Description
- 3. Technical Evaluation
- 4. Regulatory Evaluation 4.1 Applicable Regulatory Requirements I Criteria 4.2 Significant Hazards Consideration 4.3 Conclusion
- 5. Environmental Consideration
- 6. References ATTACHMENTS: - Facility Operating License No. NPF-14, Unit 1 (Mark-up) - Facility Operating License No. NPF-22, Unit 2 (Mark-up)
Enclosure 1 to PLA-6832 Page 1 of7 PPL EVALUATION
Subject:
PPL Evaluation of Proposed Change to the Unit 1 and Unit 2 Request for Approval of the PPL Susquehanna, LLC Cyber Security Plan
- 1.
SUMMARY
DESCRIPTION The proposed license amendment request (LAR) includes the proposed changes to Implementation Schedule Milestones 3 and 6 and corresponding proposed changes to the PPL Susquehanna, LLC Cyber Security Plan and existing Facility Operating License (FOL) Physical Protection license conditions for both Unit 1 and Unit 2.
- 2. DETAILED DESCRIPTION In Reference 1, the PPL Susquehanna, LLC Cyber Security Plan and associated implementation schedule were approved by the NRC. Since the Cyber Security Plan Implementation Schedule contained in Reference 2 was utilized as a portion of the basis for the NRC safety evaluation provided by Reference 1, this proposed LAR includes: 1) the proposed change to the existing operating license condition for the Physical Protection license condition for PPL Susquehanna to reference the implementation schedule commitment changes, 2) the proposed revised Cyber Security Plan Implementation Schedule for Milestones 3 and 6, and 3) the proposed revised Cyber Security Plan.
- 3. TECHNICAL EVALUATION Milestone 3 Changes For non-security critical digital assets (CDAs), the current implementation schedule and cyber security plan describe deterministic devices between Layers 3 and 4 with firewalls between Layers 1 and 2 and between Layers 2 and 3. The proposed change to the cyber defensive strategy would install a deterministic data diode appliance between Layers 3 and 2 with firewalls between the other layers thus providing an increase in overall protection of Critical Digital Systems in Layers 3 and 4. The revised defensive strategy takes advantage of available technology that provides a better and more easily achievable technical solution, does not decrease the overall level of cyber security performance, and is an overall increase in protection for the critical digital systems and components.
Enclosure 1 to PLA-6832 Page 2 of7 Milestone 6 Changes In Reference 3, the Nuclear Energy Institute (NEI) transmitted to the NRC an implementation schedule template (ML110600218) to aid compliance with the NRC cyber security regulations codified in 10 CFR 73.54 which was acknowledged in Reference 4 by the NRC. NEI engaged the industry in an effort to ensure that licensees submit an implementation schedule consistent with the template provided in Reference 3.
PPL provided the requested implementation schedule in Reference 2 in accordance with the template which the NRC approved in Reference 3.
During the industry's efforts to submit implementation schedules, for the reasons stated below, several other licensees clarified the implementation schedule Milestone 6 scope.
Milestone 6 of the template regards the identification, documentation, and implementation of cyber security controls for CDAs by December 31, 2012. The other licensees clarified that Milestone 6 intended to address only the NEI 08-09, Revision 6, Appendix D, technical controls excluding the operational and management controls on the basis that implementing the technical controls for target set CD As provides a high degree of protection against cyber-related attacks that could lead to radiological sabotage.
Furthermore, these other licensees justified that existing licensee programs that are currently in place (e.g., physical protection, maintenance and work management, configuration management, and operational experience, etc.) provide a high degree of operational and management protection during the interim period until such time that the full Cyber Security Program is implemented. The clarification maintains alignment with the intent of the template as submitted for NRC approval in Reference 3. The NRC found the clarification of intent to Milestone 6 scope for other licensees to be acceptable, and issued Safety Evaluations to plants whose implementation schedule incorporated the clarification.
In Reference 2, PPL previously submitted the implementation schedule without articulating the clarification to the scope of Milestone 6. Milestone 6 was intended to focus the efforts on the application of applicable security controls to those CD As that are part of a target set or could impact the proper functioning of target set equipment.
Implementation of operational and management controls for a subset of CD As related to target sets midway through the evaluation of all CD As is impracticable and provides no demonstrable safety benefit. Based on the above justification and the fact that this clarification has already been approved for the other licensees, PPL is requesting this license amendment in order to clarify that the cyber security controls being identified, documented, and implemented in Milestone 6 for target sets are the technical cyber security controls and existing plant programs are sufficient to satisfy the Milestone 6 operational and management controls referenced in the PPL Susquehanna LLC Cyber Security Plan in the interim until full Program implementation.
Enclosure 1 to PLA-6832 Page 3 of7 In conclusion, existing programs at PPL currently in place (e.g., physical protection, maintenance and work management, and configuration management, operational experience, etc.) provide sufficient operational and management protection during the interim period until such time that the full Cyber Security Program is implemented. The cyber security controls to be identified, documented, and implemented in Milestone 6 of the revised Cyber Security Plan Implementation Schedule (Enclosure 2) are the technical cyber security controls excluding the operational and management controls for target sets referenced in the PPL Susquehanna LLC Cyber Security Plan that will be completed following evaluation of the remaining CD As and implemented with full Cyber Security Program implementation.
- 4. REGULATORY EVALUATION 4.1 Applicable Regulatory Requirements I Criteria This license amendment request is submitted pursuant to 10 CFR §50.4 and §50.90.
4.2 Significant Hazards Consideration PPL has evaluated the proposed changes using the criteria in 10 CFR 50.92 and has determined that the proposed changes do not involve a significant hazards consideration.
An analysis of the issue of no significant hazards consideration is presented below.
(1) Does the proposed amendment involve a significant increase in the probability or consequences of an accident previously evaluated?
Response: No.
Milestone 3 The proposed amendment changes some details of the architecture to be used to provide protection against cyber attacks at Susquehanna. The proposed modification to the cyber security architecture is an overall increase in protection for the critical digital systems and components. The proposed change to the cyber security plan and cyber security architecture does not alter accident analysis assumptions, add any initiators, or affect the function of plant systems or the manner in which systems are operated, maintained, modified, tested, or inspected.
Since the proposed modification is an overall increase in protection, the performance capability of the structures, systems, and components relied upon to mitigate the consequences of postulated accidents are not adversely affected and there is no adverse impact on the probability or consequences of an accident previously evaluated.
Enclosure 1 to PLA-6832 Page 4 of7 Milestone 6 The proposed amendment would clarify the scope of the controls to be implemented for target set equipment by December 31, 2012. The clarification to the Cyber Security Plan Implementation Schedule is administrative in nature. This change does not alter accident analysis assumptions, add any initiators, or affect the function of plant systems or the manner in which systems are operated, maintained, modified, tested, or inspected. The change does not require any plant modifications, which affect the performance capability of the structures, systems, and components relied upon to mitigate the consequences of postulated accidents and has no impact on the probability or consequences of an accident previously evaluated.
Overall Conclusion Therefore, the proposed change does not involve a significant increase in the probability or consequences ofan accide~t previously evaluated.
(2) Does the proposed amendment create the possibility of a new or different kind of ,
accident from any accident previously evaluated?
Response: No.
Milestone 3 The proposed amendment changes some details of the architecture to be used to provide protection against cyber attacks at Susquehanna. The proposed modification to the cyber security architecture is an overall increase in protection for the critical digital systems and components. This change to the cyber security architecture does not result in the need for any new or different FSAR design basis accident analysis. In addition, the change does not introduce new equipment that could create a new or different kind of accident and no new equipment failure modes are created. Since the proposed modification to the cyber security architecture is an overall increase in protection for the critical digital systems and components, the change does not adversely affect the function of any safety-related sse as to how they are operated, maintained, modified, tested or inspected.
As a result, no new accident scenarios, failure mechanisms, or limiting single failures are introduced, and the change does not create the possibility of a new or different kind of accident from any accident previously evaluated.
Enclosure 1 to PLA-6832 Page 5 of7 Milestone 6 The proposed amendment would clarify the scope of the controls to be implemented for target set equipment by December 31, 2012. The clarification to the Cyber Security Plan Implementation Schedule is administrative in nature. This clarification does not result in the need for any new or different FSAR design basis accident analysis. In addition, the clarification does not introduce new equipment that could create a new or different kind of accident, and no new equipment failure modes are created. Finally, the clarification does not affect the function of plant systems or the manner in which systems are operated, maintained, modified, tested, or inspected. As a result, no new accident scenarios, failure mechanisms, or limiting single failures are introduced as a result of this proposed amendment.
Therefore, the proposed amendment does not create the possibility of a new or different kind of accident from any accident previously evaluated.
Overall Conclusion Therefore, the proposed change does not create the possibility of a new or different kind of accident from any accident previously evaluated.
(3) Does the proposed amendment involve a significant reduction in a margin of safety?
Response: No.
Milestone 3 The proposed amendment changes some details of the architecture to be used to provide protection against cyber attacks at Susquehanna. The proposed modification to the cyber security architecture is an overall increase in protection for the critical digital systems and components. Plant safety margins are established through limiting conditions for operation, limiting safety system settings, and safety limits specified in the technical specifications. Since the proposed modification to the cyber security architecture is an overall increase in protection for the critical digital systems, there is no adverse change to these established safety margins as result of the proposed modification, and the proposed change does not involve a significant reduction in a margin of safety.
Enclosure 1 to PLA-6832 Page 6 of7 Milestone 6 The proposed amendment would clarify the scope of the controls to be implemented for target set equipment by December 31, 2012. Plant safety margins are established through limiting conditions for operation, limiting safety system settings, and safety limits specified in the technical specifications. The clarification to the Cyber Security Plan Implementation Schedule is administrative in nature. Because there is no change to these established safety margins as result of this clarification, the proposed change does not involve a significant reduction in a margin of safety.
Overall Conclusion Therefore, the proposed change does not involve a significant reduction in a margin of safety.
Based on the above, PPL concludes that the proposed changes present no significant hazards consideration under the standards set forth in 10 CFR 50.92(c), and accordingly, a finding of "no significant hazards consideration" is justified.
4.3 Conclusion In conclusion, based on the considerations discussed above: ( 1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner; (2) such activities will be conducted in compliance with the Commission's regulations; and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public.
- 5. ENVIRONMENTAL CONSIDERATION The proposed amendment establishes the licensing basis for a Cyber Security Program for PPL Susquehanna, Units 1 and 2 and will be a part of the Physical Security Plan.
This proposed amendment will not involve any significant construction impacts.
Pursuant to 10 CFR 51.22(b)(12) no environmental impact statement or environmental assessment need be prepared in connection with the issuance of the amendment.
Enclosure 1 to PLA-6832 Page 7 of7
- 6. REFERENCES
- 1. NRC letter to PPL, Susquehanna Steam Electric Station, Unit Nos. 1 and 2-Issuance of Amendment RE: Approval of PPL Susquehanna, LLC Cyber Security Plan (TAC Nos. ME4420 and ME4421), dated July 21,2011 (ML11152A009).
- 2. PPL letter to NRC, "Susquehanna Steam Electric Station Response to Cyber Security Request for Additional Information," dated April 4, 2011 (ML111020217).
- 3. Letter from Chris Earls (NEI) to Richard P. Correia (NRC), Template for the Cyber Security Plan Implementation Schedule, dated February 28, 2011 (ML110600211).
- 4. Letter from Richard P. Correia (NRC) to Chris Earls (NEI), Template for the Cyber Security Plan Implementation Schedule, dated March 1, 2011 (ML110070348).
Attachment 1 to Enclosure 1 Facility Operating License No. NPF-14, PPL Susquehanna Unit 1 Mark-Up
(39) Containment Operability for EPU PPL shall ensure that the CPPU containment analysis is consistent with the SSES 1 and 2 operating and emergency procedures. Prior to operation above CLTP, for each respective unit 'PPL shall notify the NRC project manager that all appropriate actions have been completed.
(40) Primary Containment Leakage Rate Testing Program Those primary containment local leak rate program tests (Type B - leakage-boundary and Type C - containment isolation valves) as modified by approved exemptions. r~q uired by 10 CFR Part 50, Appendix J, *Option B and Technical Specification 5.5.12, are not required to be performed at the CPPU peak calculated containment internal pressure of 48.6 psig (Amendment No. 246 to this Operating License) until their next required performance.
D. The operating licensee shall fuJiy implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards * *.* ,t,:*
contingency plans including- amendments made pursuant to provisiqns of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 .: ,.
FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR so~54(p) ..The ; .*
plan) which contains Safeguards Information protected under 10 CFR 73.21, is entitled:
"Physical Security Plan, Training and Qualification Plan, Safeguards Contingency Plan and Security and Contingency Plan for Independent Spent Fuel Storage Facility," and J*.
was submitted October 8, 2004. -'
The operating .licensee. shal.l fully Implement ~.nd maintaiQ in effect all*p~ovlsio~s* of the Commission-approved cyber security plan (CSP), including changes made pursuant to * *
- the authority of 10 CFR 50.90 and 10 CFR 50.54(p}. The PPL Susquehanna, LLC CSP was approved by License Amendment No. 25~ as sv pk~n-l.e(l t, .f;.~"-chth!tes O.J\? e.tl by L1blnse iViY!e.,a~efit "'~* ~x><
E. Exemptions from certain requirements of Appendices G and H to 10 CFR Part 50 are described in the Safety Evaluation Report and Supplements 1 and 2 to the Safety .
Evaluation Report. In addition, an exemption was requested until receipt: of new fuel for first refueling from the requirements for criticality monitors in the spent fuel pool area, 10 CFR P~rt 70.24. Also, an exemption was requested from the requirements of Appendi;><:
J of 10 CFR Part 50 for the first fuel cycle when performing local leak rate testing of Residual Heat Removal (RHR) relief valves in accordance with Technical Specification 4.6.1.2. This latter exemption is described in the* safety evaluation-of License Amendment No. 13. These exemptions are authorized by law and will not endanger life
. or property or the common defense and security and are otherwise in the public interest
- and have been granted pursuant to 10 CFR 50.12. Except as here exempted, the facility will operate, to the extent authorized herein, in conformity with the application, as amended, and the rules and regulations of the Commission and the proyisions of the Act.
Renewed Operating License No. NPF-14 Amendment No. 255 Corrected by letter dated July 28. 2011
Attachment 2 to Enclosure 1 Facility Operating License No. NPF-22, PPL Susquehanna Unit 2 Mark-Up
EMF-2209(P), Revision 2, Addendum 1 is published and PPL verifies that the additive constants from the approved report have been incorporated in the cycle specific analyses.
- D. The operating licensee shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The plan, which contains Safeguards Jnformation protected under 10 CFR 73.21 is t entitled: ~Physical Security Plan, Training and 'Qualification Plan, Safeguards Contingency Plan and Security and Contingency Plan for Independent Spent Fuel Storage Facility/' and was submitted October 8, 2004.
The operating licensee shalf fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The PPL Susquehanna, LLC CSP was approved by License Amendment No. 235.
- * *. * - * * * * **~s suppk~\Y)tvtktl. by the cltaV1ge5 . ..
E. DELETED clpprove<:l bfl-\(:tV\St A~dilitfl:t tJo. )()(>(
F. PPL Susquehanna, LLC shall have and maintain financial protection of such typ~ and in such amounts as the Commission shall require in accordance with Section 170 of the Atomic Energy Act of 1954, as amended, to cover public liability claims.
G. The information in the Updated Final Safety Analysis Report (UFSAR) supplement, as --~ i1 *~
revised, submitted pursuant to 10 CFR 54.21 (d). shall be incorporated into the UFSAR
- no later than the next scheduled update r~quired by 10 CFR 50.71(e) follpwing the *~ .,<
issuance of this renewed operating license. Until this update is complete, PPL Susquehanna, LLC may not make changes to the information In the supplement.
Following incorporation into the UFSAR, the need for prior Commission approval of any changes will be governed by 10 CFR 50.59.
H. The UFSAR supplement, as revised, submitted pursuant to 10 CFR 54.21(d),
describes certain future activities to be completed prior to and/or during the period of extended operation. The licensee shall complete these activities in accordance with Appendix A of. NUREG-1931, "Safety Evaluation Report Related to the Susquehanna Steam Electric Station, Units 1 and 2," dated November, 2009. The licensee shall notify the NRC in writing when activities to be completed prior to the period of extended operation are complete and can be verified by NRC inspection.
I. All capsules in the reactor vessel that are removed and tested must meet the requirements of American Society for Testing and Materials (ASTM) E 185-82 to the extent practicable for the configuration of the specimens in the capsule. Any changes to the capsule withdrawal schedule, including spare* capsules, must be approved by the staff prior to implementation. All capsules placed in storage must be maintained for future insertion. Any changes to storage requirements must be approved by the staff, as required by 10 CFR Part 50, Appendix H.
Renewed Operating License No. NPF~22 Amendment No. 235 Corrected by letter dated July 28, 2011 to PLA-6832 PPL Susquehanna, LLC Cyber Security Plan Implementation Schedule
Enclosure 2 to PLA-6832 Guidance on Cyber Security Plan Implementation Schedule Cyber Security Plan Implementation Schedule Full implementation of the cyber security program involves many supporting tasks. Major activities include: program and procedure development; performing of individual critical digital asset (CDA) assessments; and identification, scheduling, and implementing individual asset security control design remediation actions through the site configuration management program. These design modifications may be performed on-line or could require a refueling outage for installation.
The extensive workload associated with full implementation of the Cyber Security Plan (CSP) requires prioritization to assure those activities that provide higher degrees of protection against radiological sabotage are performed first. Therefore the CSP implementation schedule will be implemented with two major milestone dates. The first milestone date of no later than December 31, 2012, includes the activities-listed in the table below. The second milestone date, December 1, 2015, includes the completion of all remaining actions that result in the full implementation of the cyber security plan for all applicable Safety, Security, and Emergency Preparedness (SSEP) functions. This date also bounds the completion of all individual asset security control design remediation actions.
Cyber security controls are not applied if the control adversely impacts safety and important to safety, security or emergency preparedness functions.
Establish Cyber Security Assessment Team (CSAT) as No later than The CSAT, collectively, will need to have digital plant systems described in Section 3.1.2 "Cyber Security Assessment December 31, 2012 knowledge as well as nuclear power plant operations, engineering and Team" of the Cyber Security Plan (CSP). nuclear safety experience and technical expertise. The personnel selected for this team may require additional training in these areas help to ensure adequate capabilities to perform cyber security assessments as well as others duties.
2 Identify Critical Systems (CSs) and Critical Digital No later than The scope of 10 CFR 73.54 includes digital computer and Assets (CDAs) as described in Section 3.1.3 December 31, 2012 communication systems and networks associated with: safety-related "Identification of Critical Digital Assets" of the CSP. and important-to safety functions; security functions; emergency preparedness functions, including offsite communications; and support systems and equipment which, if compromised, would adversely impact safety, security, or emergency preparedness functions. The scope of 10 CFR 73.54 includes structures, systems, and components (SSCs) that have a nexus to radiological health and safety and therefore can directly or indirectly affect reactivity of a nuclear power plant and could Page 1 of 4
Guidance on Cyber Security Plan Implementation Schedule result in an unplanned reactor shutdown or transient.
3 Implement Installation of a deterministic one-way No later than The implementation of communication barriers protects the most critical device between lower level devices (level 0 1,2) and December 31, 2012 SSEP functions from remote attacks on plant systems. Isolating the the higher level devices (level 3,4) as described in plant systems from the internet as well as from the corporate business Section 4.3, "Defense-In-Depth Protective Strategies" systems is an important milestone in defending against external threats.
of the CSP. While the deployment of the barriers is critical to protection from external cyber threats, it also prevents remote access to core Lower security level devices (level 0, 1, 2 devices) that monitoring and plant data systems for reactor engineers, plant bypass the deterministic device and connect to level 3 operations, and other plant staff. This elimination of remote access to or 4 will be modified to prevent the digital connectivity reactor core monitoring systems may require the development and to the higher level or will be modified to meet cyber execution of a detailed change management plan to ensure continued security requirements commensurate with the level 3 or safe operation of the plants. Vendors may be required to develop 4 devices to which they connect. software revisions to support the model. The modification will be developed, prioritized and scheduled.
The design modifications that are not finished by the completion date will be documented in the site configuration management and/or change control program to assure completion of the design modification as soon as possible, but no later than the final implementation date.
4 The security control "Access Control For Portable And No later than Portable media devices are used to transfer electronic information (e.g.,
Mobile Devices" described in Appendix D 1.19 of NEI December 31, 2012 data, software, firmware, virus engine updates and configuration 08-09, Revision 6, will be implemented. information) to and from plant process equipment. Careful use of this class of media is required to minimize the spread of malicious software to plant process equipment. The effective implementation of this control may require the coordinated implementation of other complimentary controls to ensure adequate mitigation.
5 Implement observation and identification of obvious No later than Insider mitigation rounds by trained staff look for obvious signs of cyber cyber related tampering to existing insider mitigation December 31, 2012 related tampering and would provide mitigation of observable cyber Page 2 of 4
Guidance on Cyber Security Plan Implementation Schedule rounds by incorporating the appropriate elements in related insider actions. Implementing steps to add signs of cyber Appendix E Section 4.3 "Personnel Performing security-related tampering to insider mitigation rounds will be performed Maintenance And Testing Activities." by the completion date.
6 Identify, document, and implement NEI 08-09, Rev 6 No later than The site physical protection program provides high assurance that these Appendix D technical cyber security controls in December 31, 2012 elements are protected from physical harm by an adversary. The cyber accordance with the Cyber Security Plan Section 3.1.6 security program will enhance the defense-in-depth nature of the "Mitigation of Vulnerabilities and Application of Cyber protection of CDAs associated with target sets. Implementing Cyber Security Controls" for target set CDAs that could Security Plan security controls to target set CD As provides a high adversely impact the design function of physical degree of protection against a cyber related attacks that could lead to security target set equipment. radiological sabotage. Security controls will be addressed in accordance with Cyber Security Plan Section 3.1.6 with the exception of The implementation of controls that require a design those that require a design modification.
modification that are not finished by the completion date will be documented in the site configuration Note that the operational and management cyber security controls, as management and/or change control program to assure provided in NEI 08-09, Rev 6, Appendix E, will be implemented in completion of the design modification as soon as conjunction with the full implementation of the Cyber Security Program possible, but no later than the final implementation as previously submitted. These controls are primarily procedure based date. programs and must be implemented in coordination with the comprehensive Cyber Security Program. However, a high degree of protection against cyber-related attacks is maintained as major elements of these programs (e.g., physical protection, access control, maintenance and work management, configuration management, operational experience, etc) which are currently in place and are well established within the nuclear industry.
7 Ongoing monitoring and assessment activities No later than The ongoing monitoring and assessment activities as described in commence, as described in Section 4.4, "Ongoing December 31, 2012 Section 4.4, "Ongoing Monitoring and Assessment" of the Cyber Monitoring and Assessment" of the CSP, for those Security Plan will be implemented for the controls applied to target set target set CD As whose security controls have been CD As. This action results in the commencement of the cyber security implemented. program for target set related CD As.
Page 3 of 4
Guidance on Cyber Security Plan Implementation Schedule 8 I Full implementation of the PPL Susquehanna, LLC December 1, 2015 By the completion date, the PPL Susquehanna, LLC Cyber Security Cyber Security Plan for all SSEP functions will be Plan will be fully implemented for all SSEP functions in accordance with achieved. 10 CFR 73.54. This date also bounds the completion of all individual asset security control design remediation actions including those that require a refuel outage for implementation.
Page 4 of 4