ML121840016
| ML121840016 | |
| Person / Time | |
|---|---|
| Site: | Susquehanna  (XSNM3674/01) |
| Issue date: | 08/06/2012 |
| From: | Sanders C Plant Licensing Branch 1 |
| To: | Rausch T Susquehanna |
| Sandeers, Carleen, NRR/DORL, 415-1603 | |
| References | |
| TAC ME8521, TAC ME8522 | |
| Download: ML121840016 (4) | |
Text
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 August 6, 2012 Mr. Timothy S. Rausch Senior Vice President and Chief Nuclear Officer PPL Susquehanna, LLC 769 Salem Boulevard NUCSB3 Berwick, PA 18603-0467
SUBJECT:
SUSQUEHANNA STEAM ELECTRIC STATION, UNITS 1 AND 2 - REQUEST FOR ADDITIONAL INFORMATION REGARDING REQUEST FOR CHANGES TO CYBER SECURITY IMPLEMENTATION SCHEDULE MILESTONES 3 AND 6 (TAC NOS. ME8521 AND ME8522)
Dear Mr. Rausch:
By letter dated April 30, 2012,1 PPL Susquehanna, LLC (PPL) submitted a license amendment request for Susquehanna Steam Electric Station, Units 1 and 2 (SSES). The proposed amendment would make changes to the Cyber Security Implementation Schedule for Milestones 3 and 6. Specifically, for Milestone 3, PPL proposes to install a deterministic data diode appliance between Layers 3 and 2 instead of between Layers 3 and 4, with no change to the approved implementation date. For Milestone 6, PPL proposes to: (1) implement the technical controls for critical digital assets (CDAs) that could adversely impact the design function of physical security target set equipment by the approved implementation date; and (2) implement the operational and management controls for CDAs in conjunction with the full implementation of the Cyber Security Program. To complete its review, the Nuclear Regulatory Commission staff requests responses to the enclosed questions.
The draft questions were sent to Mr. Charlie Manges, of your staff, to ensure that the questions were understandable, the regulatory basis for the questions was clear, and to determine if the information was previously docketed. On July 31,2012, Mr. Charlie Manges, agreed that you would provide a response by August 17,2012.
If you have any questions regarding this matter, please contact me at 301-415-1603 or by e-mail at Carleen.Sanders@nrc.gov.
- erely, Plant Lice ing Branch 1-2 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket Nos. 50-387 and 50-388
Enclosure:
As stated cc w/encl: Distribution via Listserv 1 Agencywide Documents Access and Management System (ADAMS) Accession No. ML12122A011
OFFICE OF NUCLEAR SECURITY AND INCIDENT RESPONSE REQUEST FOR ADDITIONAL INFORMATION CHANGES TO CYBER SECURITY IMPLEMENTATION SCHEDULE MILESTONES 3 AND 6 PPL SUSQUEHANNA, LLC ALLEGHANY ELECTRIC COOPERATION, INC.
SUSQUEHANNA STEAM ELECTRIC STATION. UNITS 1 AND 2 DOCKET NUMBERS 50-387 AND 50-388 By letter dated April 30, 2012,1 PPL Susquehanna, LLC (PPL) submitted a license amendment request for Susquehanna Steam Electric Station, Units 1 and 2 (SSES). The proposed amendment would make changes to the Cyber Security Implementation Schedule for Milestones 3 and 6. Specifically, for Milestone 3, PPL proposes to install a deterministic data diode appliance between Layers 3 and 2 instead of between Layers 3 and 4, with no change to the approved implementation date. For Milestone 6, PPL proposes to: (1) implement the technical controls for critical digital assets (CDAs) that could adversely impact the design function of physical security target set equipment by the approved implementation date; and (2) implement the operational and management controls for CDAs in conjunction with the full implementation of the Cyber Security Program.
The U.S. Nuclear Regulatory Commission (NRC) staff has reviewed the information provided by the licensee and has determined that the following additional information is needed in order to complete the review.
Milestone 3 of the Cyber Security Implementation Schedule implements installation of a deterministic one-way device between lower-layer devices and higher-layer devices as described in Section 4.3, "Defense-in-Depth Protective Strategies," of the Cyber Security Plan (CSP). In the April 30, 2012, request, PPL states that (emphasis added) U[f]or non-security critical digital assets (CDAs), the current implementation schedule and cyber security plan describe deterministic devices between Layers 3 and 4 with firewalls between Layers 1 and 2 and between Layers 2 and 3." PPL goes on to describe that the proposed change to the cyber security defensive strategy would install a deterministic device between Layers 2 and 3 with firewalls between the other layers.
- 1. Please clarify that this proposed change not only impacts Milestone 3, but also directly impacts the CSP, Section 4.3, "Defense-in-Depth Protective Strategies."
In the approved CSP, safety and security CDAs were isolated from all other CDAs through the use of deterministic boundary devices (I.e., data diodes, air gaps, etc.) between Layers 4 and 3; 1 Agencywide Documents Access and Management System (ADAMS) Accession No. ML12122A011
information flows between Layers 3 and 2 and between Layers 2 and 1 were restricted through the use of a firewall and network-based intrusion detection system.
In the proposed LAR, for security CDAs, the boundary between Layers 4 and 3 will be implemented by one or more deterministic devices; information flows between Layer 3 and lower layers are restricted through the use of firewalls and network-based intrusion detection system(s). For non-security CDAs, the boundary between Layers 3 and 2 will be implemented by one or more deterministic devices and information flows between Layers 3 and 4 and between Layers 2 and 1 are restricted through the use of firewall(s) and network-based intrusion detection system(s).
- 2. Please explain how the proposed changes to the defensive architecture will provide the same level of protection as the current, approved defensive architecture described above.
- 3. Please provide the detailed description of communication between Layer 4 and Layer 3 of the proposed defensive architecture described above and describe which CDAs reside on each of the two layers.
0 ML121840016 O'
- via email r OFFICE LPL 1-21PM LPL 1-2/PM LPL1-2/LA NSIFtlDSP/CSIRB LPL1-2/BC LPL1-2/PM
! NAME JWhited CSanders ABaxter*
CErlanger MKhanna CSanders LDATE 07/31/12 08/01112 08/03/12 08/02112 08/03112 08/06/12