ML12326A517
| ML12326A517 | |
| Person / Time | |
|---|---|
| Site: | Mcguire, McGuire  |
| Issue date: | 11/19/2012 |
| From: | Mark King NRC/RGN-II/DRS/EB2 |
| To: | Capps S Duke Energy Corp |
| References | |
| IR-13-403 | |
| Download: ML12326A517 (6) | |
See also: IR 05000369/2013403
Text
OFFICIAL USE ONLY - SECURITY RELATED INFORMATION
UNITED STATES
NUCLEAR REGULATORY COMMISSION
REGION II
245 PEACHTREE CENTER AVENUE NE, SUITE 1200
ATLANTA, GEORGIA 30303-1257
November 19, 2012
Mr. Steven D. Capps
Site Vice President
Duke Energy Corporation
McGuire Nuclear Station
MG01VP/12700 Hagers Ferry Road
Huntersville, NC 28078
SUBJECT: WILLIAM B. MCGUIRE NUCLEAR PLANT- NOTIFICATION OF CYBER
SECURITY TI MILESTONES 1-7 INSPECTION AND REQUEST FOR
INFORMATION (NRC INSPECTION REPORT NO. 050003692013/403 AND
Dear Mr. Capps:
The purpose of this letter is to notify you that the U.S. Nuclear Regulatory Commission (NRC)
Region II (RII) staff will conduct an inspection of the Cyber Security Milestones 1-7 requirements
specified by the conditions of your operating license at the William B. McGuire Nuclear Facility
on January 28 - February 1, 2013. The inspection team will be led by Mr. Rodney Fanner,
Reactor Inspector, of the NRC RII office. The team will be composed of personnel from the
NRC RII office and personnel from the NRC office of Nuclear Security and Incident Response
(NSIR). The inspection will be conducted in accordance with Temporary Instruction (TI)
2201/004, Inspection of Implementation of Interim Cyber Security Milestones 1-7. The TI
inspection will be performed to evaluate and verify your ability to meet the interim milestone
requirements of the NRCs Cyber Security Rule, Title 10, Code of Federal Regulations (CFR),
Part 73, Section 54, Protection of Digital Computer and Communication Systems and
Networks.
In accordance with 10 CFR 73.54, each nuclear power plant licensee was required to submit
a proposed cyber security plan (CSP) and implementation schedule for NRC review and
approval. On December 14, 2009, by letter (ML093080517) to the Nuclear Energy Institute
(NEI), the NRC provided their expectations for the proposed implementation schedule. On
January 5, 2011, by letter (ML110060093) to the NRC, NEI issued an initial Template for the
Cyber Security Plan Implementation Schedule (ML110060097). On February 28, 2011, by
letter (ML110600206) to the NRC, NEI provided a revised, Template for the Cyber Security
Plan Implementation Schedule. The purpose of the letters attachment was to provide the
licensee with a generically written template to develop their proposed CSP implementation
schedule. Utilization of the generic template required the licensee to make conforming changes
to ensure the submitted schedule accurately accounted for site-specific activities. The CSP,
Enclosure transmitted herewith contains SUNSI. When separated from enclosure, this
transmittal document is decontrolled
LIMITED INTERNAL
DISTRIBUTION PERMITTED
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION
OFFICIAL USE ONLY - SECURITY RELATED INFORMATION
S. Capps 2
implementation schedule, and other applicable information for your facility provided the
implementation aspects, including the key intermediate milestone attributes and dates as well
as the full implementation dates. The implementation aspects were described based in part on
letters to NRC dated November 20, 2009 (ML093410249), August 16, 2010 (ML1023001680,
ML1023001681) and supplemented by letters dated September 27, 2010, March 7, 2011, April
15, 2011 (ML111090627), and August 9, 2011 (ML11109A0741). By reference to letter dated
August 31, 2011 (ML11216A0642), license condition 2.D was modified for facility operating
licenses NPF-9 and NPF-17 for McGuire Units 1 and 2 to ensure that the CSP would be
implemented and maintained consistent with NRC requirements.
On November 5, 2012, during a conversation between Ms. K. Crane of your staff, and Mr. R.
Fanner, NRC RII, our respective staffs confirmed arrangements for a three day information
gathering onsite visit and a one-week onsite inspection. The subject TI inspection provides a
programmatic level review and verification of the licensees site-specific implementation of
Interim Milestones 1 through 7. The schedule for the onsite TI Inspection for the Interim
Milestones 1 through 7 is as follows:
- Information gathering visit: January 15 - 17, 2013
- Onsite inspection: January 28 - February 1, 2013
The purpose of the information gathering visit is to: (1) obtain information and documentation
needed to support the TI inspection; (2) become familiar with the Wiliam B. McGuires Cyber
Security Program and plant layout; and (3) arrange administrative details, such as office space,
availability of knowledgeable office personnel and to ensure unescorted site access privileges.
In order to assure a productive TI inspection, we have enclosed a request for documents
needed to ensure the inspectors are adequately prepared. These documents have been
divided into three groups (I, II, & III). Group I lists information necessary to aid the inspectors in
planning for the TI inspection prior to the information gathering visit. It is requested that this
information be provided to the lead inspector via mail no later than December 15, 2012. Group
II lists information and possible areas for discussion necessary to assist the inspectors during
the TI inspection. It is requested this information be available during the information gathering
visit (January 15, 2013). Group III consists of those items that the inspectors will review, or
need access to, during the TI inspection. Group III also lists the information necessary to aid
the inspectors in tracking questions and answers identified as a result of the TI inspection. It is
requested that this information be provided to the lead inspector as the information is generated
during the TI inspection. It is important that all of these documents are up to date and complete
in order to minimize the number of additional documents requested during the preparation
and/or the onsite portions of the TI inspection.
This letter does not contain new or amended information collection requirements subject to the
Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). Existing information collection
requirements were approved by the Office of Management and Budget, control number 3150-
0011. The NRC may not conduct or sponsor, and a person is not required to respond to, a
request for information or an information collection requirement unless the requesting document
displays a currently valid Office of Management and Budget control number.
Your cooperation and support during this inspection will be appreciated. If you have questions
concerning this inspection, or the inspection team's information or logistical needs, please
contact Mr. Fanner at (404) 997-4638, or me at (404) 997-4511.
OFFICIAL USE ONLY - SECURITY RELATED INFORMATION
OFFICIAL USE ONLY - SECURITY RELATED INFORMATION
S. Capps 3
In accordance with 10 CFR 2.390 of the NRC's "Rules of Practice," a copy of this letter will be
available electronically for public inspection in the NRC Public Document Room or from the
Publicly Available Records (PARS) component of NRC's document system, ADAMS.
ADAMS is accessible from the NRC Website at http://www.nrc.gov/reading-rm/adams.html (the
Public Electronic Reading Room). However, because of the security-related concerns
contained in the enclosure, and in accordance with 10 CFR 2.390, a copy of this letters
enclosure will not be available for public inspection.
Sincerely,
/RA: David Jones for/
Michael F. King, Chief
Engineering Branch 2
Division of Reactor Safety
Docket No.: 50-369, 50-370
Enclosure:
Document Request For Cyber Security Temporary Instruction (TI) 2201/004 Interim Milestones 1-7
Inspection
(OFFICIAL USE ONLY)
cc: (See page 4)
OFFICIAL USE ONLY - SECURITY RELATED INFORMATION
_________________________ xG SUNSI REVIEW COMPLETE G FORM 665 ATTACHED
OFFICE RII:DRS RII:DRS RII:DRP
SIGNATURE * * *
NAME FANNER KING BARTLEY
DATE 11/ 15 /2012 11/ 19 /2012 11/ 19 /2012 11/ /2012 11/ /2012 11/ /2012 11/ /2012
E-MAIL COPY? YES NO YES NO YES NO YES NO YES NO YES NO YES NO
OFFICIAL USE ONLY - SECURITY RELATED INFORMATION
S. Capps 4
cc: Timothy J. Wadsworth
H. Duncan Brewer Security Specialist
Organizational Effectiveness Manager General Office
McGuire Nuclear Station Duke Energy Corporation
Duke Energy Corporation P. O. Box 1006
12700 Hagers Ferry Road 526 S. Church St., EC05P
Huntersville, NC 28078-9340 Charlotte, NC 28201-1006
Kenneth L. Ashe David A. Cummings
Regulatory Compliance Manager Associate General Counsel
McGuire Nuclear Station General Office
Duke Energy Corporation Duke Energy Corporation
MN01RC P.O. Box 1006
12700 Hagers Ferry Road 526 S. Church St., EC07H
Huntersville, NC 28078-8985 Charlotte, NC 28201-1006
Scotty R. Russ
Security Manager
McGuire Nuclear Station
Duke Energy Corporation
12700 Hagers Ferry Road
Huntersville, NC 28078-9340
Christopher T. Osborn
Security Safeguards Administrator
McGuire Nuclear Station
Duke Energy Corporation
12700 Hagers Ferry Road
Huntersville, NC 28078-9340
M. Christopher Nolan
Director - Regulatory Affairs
General Office
Duke Energy Corporation
P. O. Box 1006
526 S. Church Street
Charlotte, NC 28201-1006
David G. Black
Fleet Security Manager
General Office
Duke Energy Corporation
P. O. Box 1006
526 S. Church Street
Charlotte, NC 28201-1006
OFFICIAL USE ONLY - SECURITY RELATED INFORMATION
OFFICIAL USE ONLY - SECURITY RELATED INFORMATION
Letter to Steven D. Capps from Michael F. King dated November 19, 2012.
SUBJECT: WILLIAM B. MCGUIRE NUCLEAR PLANT- NOTIFICATION OF CYBER
SECURITY TI MILESTONES 1-7 INSPECTION AND REQUEST FOR
INFORMATION (NRC INSPECTION REPORT NO. 050003692013/403 AND
Distribution:
RidsNrrPMMcGuire Resource
B. Westreich, NSIR (hard copy w/ encl)
E. McNiel, NSIR (hard copy w/ encl)
RIDSNRRDIRS
Distribution w/o Encl:
PUBLIC
OFFICIAL USE ONLY - SECURITY RELATED INFORMATION