ML13192A314

From kanterella
Jump to navigation Jump to search

Regulatory Audit Plan for August 6-8, 2013, Audit to Support Review of Digital Instrumentation and Control License Amendment Request
ML13192A314
Person / Time
Site: Diablo Canyon  Pacific Gas & Electric icon.png
Issue date: 07/22/2013
From: Polickoski J
Plant Licensing Branch IV
To: Halpin E
Pacific Gas & Electric Co
Polickoski J
References
TAC ME7522, TAC ME7523
Download: ML13192A314 (9)
v  d  e


Text

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555"()001 July 22, 2013 Mr. Edward D. Halpin Senior Vice President and Chief Nuclear Officer Pacific Gas and Electric Company Diablo Canyon Power Plant P.O. Box 56, Mail Code 104/6 Avila Beach, CA 93424

SUBJECT:

DIABLO CANYON POWER PLANT, UNIT NOS. 1 AND 2 - REGULATORY AUDIT PLAN FOR AUGUST 6-8, 2013, AUDIT TO SUPPORT REVIEW OF DIGITAL INSTRUMENTATION AND CONTROL LICENSE AMENDMENT REQUEST (TAC NOS. ME7522 AND ME7523)

Dear Mr. Halpin:

.By letter dated October 26, 2011, as supplemented by letters dated December 20, 2011, and April 2, April 30, June 6, August 2. September 11, November 27 .. and December 5. 2012. and March 25, April 30, May 9, and May 30, 2013 (Agencywide Documents Access and Management System (ADAMS) Accession Nos. ML113070457, ML113610541, ML12094A072.

ML12131A513, rv1L12170A837, ML12222A094, ML12256A308, ML13004A468, ML12342A149, ML13093A311. ML13121A089. ML13130A059. and ML13154A049. respectively), Pacific Gas and Electric (PG&E, the licensee), requested the U.S. Nuclear Regulatory Commission (NRC) staff's approval of an amendment to the facility operating license for the Dia,blo Canyon Power Plant, Unit Nos. 1 and 2 (DCPP). The proposed license amendment request (LAR) would provide a digital replacement of the Process Protection System (PPS) portion of the Reactor Trip System and Engineered Safety Features Actuation System at DCPP.

In conjunction with the NRC staff's LAR review. the NRC Cyber Security Directorate will conduct an audit at the DCPP site in Avila Beach, California, during the week of August 6-8,2013. The NRC cyber security pilot study at DCPP will review PG&E's consideration and implementation of cyber security controls associated with the proposed PPS digital upgrade during this interim period leading up to full implementation of the licensee's onsite cyber security program, in December 2015. Enclosed is the plan to support this audit.

E. Halpin - 2 If you have any questions, please contact me at 301-415-5430 or via e-mail at james. polickoski@nrc.gov Sincerely,

p.~~. 6cr.

James T. Polickoski, Project Manager Plant Licensing Branch IV Division of Operating Reactor licensing Office of Nuclear Reactor Regulation Docket Nos. 50-275 and 50-323

Enclosure:

As stated cc w/encl: Distribution via Listserv

NRC CYBER SECURITY DIRECTORATE PILOT STUDY CYBER SECURITY AUDIT PLAN FOR DIABLO CANYON POWER PLANT. UNITS 1 AND 2 AUGUST 6 - 8. 2013 AVILA BEACH. CALIFORNIA

Background

In March 2009, the U.S. Nuclear Regulatory Commission (NRC) issued Title 10 of the Code of Federal Regulations (10 CFR) 73.54, "Protection of digital computer and communication systems and networks." In accordance with this regulation, each operating nuclear power plant licensee, including Pacific Gas and Electric (PG&E), submitted a cyber security plan (CSP) to the Commission for review and approval that describes how the licensee will meet the 10 CFR 73.54 cyber security regulatory requirements. The PG&E CSP was approved by the NRC, and full implementation of the PG&E on-site cyber security program is scheduled for completion by December 2015.

By letter dated October 26, 2011, as supplemented by letters dated December 20, 2011, and April 2, April 30, June 6, August 2, September 11, November 27, and December 5,2012, and March 25, April 30, May 9, and May 30,2013 (Agencywide Documents Access and Management System (ADAMS) Accession Nos. ML113070457, ML113610541, ML12094A072, ML12131A513, ML12170A837, ML12222A094, ML12256A308, ML13004A468, ML12342A149, ML13093A311, ML13121A089, ML13130A059, and ML13154A049. respectively), PG&E requested the NRC staff's approval of an amendment to the facility operating license for the Diablo Canyon Power Plant, Unit Nos. 1 and 2 (DCPP). The proposed license amendment request (LAR) would provide a digital replacement of the Process Protection System (PPS) portion of the Reactor Trip System and Engineered Safety Features Actuation System at DCPP.

Under 10 CFR 73.54, the PPS is identified as a critical digital asset and requires cyber security protections as described in the NRC-approved DCPP CSP. PG&E's proposal to upgrade the DCPP PPS is, therefore, the first digital update that requires compliance to both safety and security regulations. The NRC cyber security pilot study at DCPP will review PG&E's consideration and implementation of cyber security controls associated with the proposed PPS digital upgrade during this interim period leading up to full implementation of the licensee's onsite cyber security program, in December 2015. This study is in conjunction with, but parallel to the NRC staff's LAR review.

Specifically, the NRC-approved DCPP CSP provides two primary categories of security controls that apply when modifying or updating critical digital assets: security impact analysis and system and services acquisition. For the security impact analysis security control, PG&E will need to perform security analysis as part of the change approval process to assess how the proposed update will impact the cyber security posture of the PPS. From this analysis, PG&E will identify security requirements or security features that need to be addressed for, or incorporated into, the proposed digital PPS. These requirements shall be provided to the licensee's vendors as Enclosure

-2 part of the overall system's requirements. For the systems and service acquisition security controls, PG&E will be engaged with its vendors and provide them with security requirements to minimize the introduction of vulnerabilities or exploitable code into the proposed PPS that could result from insecure programming practices, code management, testing, or malicious acts during system development.

Regulatory Audit Basis The NRC Cyber Security Directorate within the Office of Nuclear Security and Incident Response (NSIR) will conduct a pilot study cyber security audit at DCPP in Avila Beach, California, during the week of August 5, 2013, to evaluate the licensee's consideration and implementation of cyber security controls associated with the proposed PPS digital upgrade.

This includes PG&E's implementation of security impact analysis and system and services acquisition security controls described in the licensee's CSP and associated information documented (I.e., results and information that supports the results) during the analysis. While in conjunction with the NRC staff's LAR review, this site audit supports the cyber security pilot study.

Regulatory Audit Scope The NRC staff will evaluate PG&E's compliance to security controls described in its CSP that apply when modifying or updating critical digital assets, namely security impact analysis and system and services acquisition. The NRC staff will also review information that PG&E documented (I.e., results and information that supports the results) during its security analysis of the existing PPS.

The objective of this audit will be to verify, via an independent evaluation, that PG&E has adequately performed the security impact analysis to properly address potential vulnerabilities, weaknesses,and risks introduced by the proposed PPS update.

Audit Reguirements

  • Configuration Management - Verify that the PPS has appropriate hardware and software under configuration management, and that the configuration management process is effectively controlling the items bein'g tracked for the PPS. '
  • Secure Operational Environment - Verify that PG&E has established appropriate administrative and physical controls to ensure protection from inadvertent access to the updated PPS.
  • Security Impact Analysis - Verify that PG&E has performed the security impact analysis in accordance with the DCPP CSP.

- 3

  • Pathway Analysis - Verify that PG&E has performed pathway analysis for the updated PPS, properly determined the system boundary, and the location of cyber security measures that are to protect the updated PPS from cyber-based attacks in accordance with the DCPP CSP.

Information Necessary for the Regulatory Audit The documentation and supporting materials listed below will be required for performance of this au9it. All material shall be available for review to the audit team upon arrival at the licensee's facilities.

  • Configuration diagrams for the DCPP PPS system.
  • PPS architecture drawings as required to demonstrate required functionality.

This includes any interface information detailing any connectivity between the PPS and other plant devices, systems and/or networks. For communication links, this should include specifics on the type of link (e.g., Ethernet, RS-232, etc.), all of the protocols used over the link, and any information and/or commands/controls exchanged over all of the communication links.

  • Qualifications of the cyber assessment team.
  • Documented results of the security impact analysis and the supporting information.
  • A control-by-control indication ofhow each control from Appendices Band C of the licensee's CSP will be addressed: implemented, alternative, or not required.
  • System and services acquiSition policies and procedures for meeting the System and Services Acquisition security controls provided in the NRC-approved DCPP CSP.

Additional information may be necessary to complete audit activities. In such cases, the NRC staff will notify the licensee in writing and request the information be provided.

. -4 Team Assignments / Resource Estimates The resource estimate for this audit visit is approximately 96 hours0.00111 days <br />0.0267 hours <br />1.587302e-4 weeks <br />3.6528e-5 months <br /> of direct audit effort. The NRC staff performing this audit will consist of the following: .

Office of Nuclear Security and Incident Response/Cyber Security Directorate

  • Eric Lee, (301) 287-3461, Eric.Lee@nrc.gov
  • George Simonds, (301) 787-1424, George.Simonds@nrc.gov
  • William Shaw, (443) 517-9427, William.Shaw@nrc.gov Office of New ReactorslDivision of Construction Inspection and Operational Programs/Construction Electrical Vendor Branch
  • Stacy Smith, (301) 415-6025, Stacy.Smith@nrc.gov Office of Nuclear Reactor RegulationlDivision of Engineeringllnstrumentation and Control Branch
  • Samir Darbali, (301) 415-1361, Samir.Darbali@nrc.gov Region IVlDivision of Reactor Safety/Engineering Branch 2
  • Shiattin Makor, (817) 200-1507, Shiattin.Makor@nrc.gov This audit will be conducted at the DCPP located in Avila Beach, California. The estimated length of the audit is 3 days.

Logistics The audit will take place at the licensee's facilities in Avila Beach, California. The audit will start on the morning of Tuesday, August 6, 2013, and conclude at the close of business Thursday, August 8, 2013.

Our tentative schedule for the audit is as follows:

  • Tuesday, August 6,2013 (9:00 a.m. - 5:00 p.m.)

9:00 a.m. - Entrance meeting (NRC staff on purpose of audit; licensee staff on brief overview of PPS project and facility).

9:30 a.m. - Review of PPS documentation / interviews with key licensee personnel (staff may work together or individually, as circumstances dictate).

3:00 p.m. - NRC staff internal meeting.

4:00 p.m. (as needed) - NRC and licensee staff discuss any observations from the day.

- 5

  • Wednesday - Thursday August 7, 20'13 (8:00 a.m. - 5:00 p.m.)

8:00 a.m. - Morning meeting between NRC and licensee staff to discuss activities and logistics for the day.

9:30 a.m. - Review of PPS documentation I interviews with key licensee personnel (staff may work together or individually, as circumstances dictate). This may include a facility tour (Grover Beach).

3:00 p.m. - NRC staff internal meeting.

4:00 p.m. (as needed) - NRC and licensee staff discuss any observations from the day.

  • Thursday, August 8,2013 (9:00 a.m. - 2:00 p.m.)

8:00 a.m. - Morning meeting between NRC and licensee staff to discuss activities and logistics for the day.

9:30 a.m. - Review of PPS documentation I interviews with key licensee personnel (staff may work together or individually, as circumstances dictate). This may include a facility tour.'

3:00 p.m. - NRC staff internal meeting.

4:00 p.m. - Exit meeting (NRC staff - general overview of observations and identification of any open items).

As circumstances dictate, the above schedule can be modified.

Deliverables At the conclusion of the audit, the NRC staff will conduct an exit briefing and will provide a summary of the preliminary audit results.

The NRC audit report will be issued by October 8, 2013.

References Licensee Documentation:

- Triconex approved topical report 7286-545-1-a, Revision 4, "Nuclear Qualification of V1 0 Tricon Triple Modular Redundant (TMR) PLC System," NRC-approved version dated May 15, 2012 (ADAMS Accession No. ML12146A010). .

- DCPP PPS License Amendment Request dated October 26, 2011 (ADAMS Accession No. ML113070457).

-6 NRC and Industry Guidance:

- Regulatory Guide 5.71, Revision 0, "Cyber Security Program for Nuclear Facilities," January 2010 (ADAMS Accession No. ML090340159).

- Regulatory Guide 1.152, Revision 3, "Criteria for Use of Computers in Safety Systems of Nu.clear Power Plants," July 2011 (ADAMS Accession No. ML102870022).

Nuclear Energy Institute (NEI) 08-09, Revision 6, "Cyber Security Plants for Nuclear Power Reactors," April 2010 (ADAMS Accession No. ML101180437).

ML13192A314 OFFICE NRR/DORLlLPL4/PM NRRlDORLlLPL4/LA NSIR/CSD NRRlDORULPL4/BC NRRlDORLlLPL4/PM NAME .\Polickoski JBurkhardt RFeits MMarkley JPolickoski IJRankin for DATE 07/18/13 07/16/13 07/22/13 07/22/13 07/22/13

Retrieved from "https://kanterella.com/w/index.php?title=ML13192A314&oldid=2636488"