ML15068A295
ML15068A295 | |
Person / Time | |
---|---|
Site: | Grand Gulf ![]() |
Issue date: | 03/06/2015 |
From: | Greg Werner NRC/RGN-IV/DRS/EB-2 |
To: | Kevin Mulligan Entergy Operations |
Werner G | |
References | |
IR 2015405 | |
Download: ML15068A295 (5) | |
See also: IR 05000416/2015405
Text
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION
UNITED STATES
NUCLEAR REGULATORY COMMISSION
REGION IV
1600 E LAMAR BLVD
ARLINGTON, TX 76011-4511
March 6, 2015
Mr. Kevin Mulligan
Site Vice President Operations
Entergy Operations, Inc.
Grand Gulf Nuclear Station
P.O. Box 756
Port Gibson, MS 39150
SUBJECT: GRAND GULF NUCLEAR STATION - NOTIFICATION OF INSPECTION OF
TEMPORARY INSTRUCTION 2201/004, INSPECTION OF IMPLEMENTATION
OF INTERIM CYBER SECURITY MILESTONES 1-7, (NRC INSPECTION
REPORT 05000416/2015405) AND REQUEST FOR INFORMATION
Dear Mr. Mulligan:
On June 1, 2015, the U.S. Nuclear Regulatory Commission (NRC) will begin an inspection of
Entergy Operations, Inc. cyber security program implementation for Grand Gulf Nuclear Station,
using the guidance in Temporary Instruction 2201/004, Inspection of Implementation of Interim
Cyber Security Milestones 1-7. As previously discussed with members of your staff, the
inspection will be performed to assess and verify that the cyber security program interim
implementation milestones have been implemented in accordance with the Regulatory
Requirements of 10 CFR 73.54 and NRC-approved cyber security plans and implementation
schedules.
In accordance with 10 CFR 73.54, each nuclear power plant licensee was required to submit a
proposed cyber security plan and implementation schedule for NRC approval. On
February 28, 2011, NEI provided a revised Template for the Cyber Security Plan
Implementation Schedule, for the purpose of providing licensee's with a generic template to aid
in the development of their cyber security plan and implementation schedule. Based on the
NRC review (Agencywide Documents Access and Management System (ADAMS)
ML110070348), the template was found acceptable to develop cyber security plans and
implementation schedules.
With a variety of valid operational and technical issues, full implementation dates varied among
the operating fleet of nuclear power reactors. The NRC staff worked with the nuclear industry to
devise seven interim implementation milestones to ensure a level of protection against cyber
Enclosure transmitted herewith contains SUNSI. When separated from enclosure, this
transmittal document is decontrolled.
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION
-2-
security threats at each power reactor until full implementation of 10 CFR 73.54 is achieved. In
its NRC-approved implementation schedule, each licensee committed to meet these seven
interim milestones by December 31, 2012. These seven milestones are: (1) establishment of a
Cyber Security Assessment Team (CSAT); (2) identification and documentation of critical
systems and critical digital assets; (3) installation of protective devices between lower and
higher security levels as described in the Cyber Security Plan; (4) implementation of access
control for portable mobile devices; (5) observation for and identification of obvious cyber
related tampering; (6) implementation of cyber security controls for critical digital assets that
could adversely impact the design function of target set equipment; and (7) implementing and
commencing on-going monitoring and assessment activities.
By letter, dated July 22, 2010 (ML102070563) and supplemented by letter, dated April 4, 2011
(ML110950647), Entergy Operations, Inc. submitted a license amendment request which
included a request for approval of the Grand Gulf Nuclear Station Cyber Security Plan (CSP)
and implementation schedule.
The inspection of the interim cyber security program at the Grand Gulf Nuclear Station will be
limited to the verification of implementation of Milestones 1-7. Milestone 8 will be inspected on
a future date.
The schedule for the onsite inspection for Milestones 1-7 is as follows:
- Information Gathering Visit: May 19-21, 2015
- Milestone Inspection: June 1-5, 2015
The purpose of the information gathering visit is to: (1) obtain information and documentation
needed to support the TI inspection; (2) become familiar with the Grand Gulf Nuclear Station
cyber security program, personnel, and plant layout; and (3) arrange logistical details, such as
office space, availability of knowledgeable staff, and to ensure unescorted site access
privileges.
In order to assure an efficient inspection, we have enclosed a request for information describing
documents needed to aid the inspectors in preparing for and conducting the temporary
instruction inspection. These documents have been divided into four groups. The first group
lists information necessary to aid the inspectors in planning for the inspection. It is requested
that this information be provided to the lead inspector via mail or electronically by May 4, 2015,
if possible. The second group also lists information and possible areas for discussion
necessary to assist the inspectors during the inspection. It is requested this information be
available during the information gathering visit (May 19 - 21, 2015). The third group of
requested documents consists of those items that the inspectors will review, or need access to,
during the inspection. Please have this information available by the first day of the onsite
inspection week (June 1, 2015). The fourth group lists the information necessary to aid the
inspectors in tracking questions and answers identified as a result of the inspection. It is
requested that this information be provided to the lead inspector as the information is generated
during the inspection. It is important that all of these documents are up to date and complete in
order to minimize the number of additional documents requested during the preparation and/or
the onsite portions of the inspection.
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION
-3-
The team leader for this inspection is Greg Pick. We understand that our contact for this
inspection is Sherri Sweet. If there are any questions about the inspection or the material
requested, please contact Greg at (817) 200-1270 or via e-mail at greg.pick@nrc.gov.
This letter does not contain new or amended information collection requirements subject to the
Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). Existing information collection
requirements were approved by the Office of Management and Budget, control
number 3150-0011. The NRC may not conduct or sponsor, and a person is not required to
respond to, a request for information or an information collection requirement unless the
requesting document displays a currently valid Office of Management and Budget control
number.
This letter and the material enclosed herewith contains Security-Related Information in
accordance with 10 CFR 2.390(d)(1) and its disclosure to unauthorized individuals could
present a security vulnerability. Therefore, this letter and the material in the enclosure will not
be made available electronically for public inspection in the NRC Public Document Room or
from the Publicly Available Records (PARS) component of the NRC's Agencywide Documents
Access and Management System (ADAMS).
Sincerely,
/RA/ John Mateychick for
Gregory E. Werner, Branch Chief
Engineering Branch 2
Division of Reactor Safety
Docket: 50-416
License: NPF-29
Nonpublic Enclosure:
Cyber Security Temporary Instruction
(TI) 2201/004 (Milestones 1-7)
Request for Information
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION
-3-
The team leader for this inspection is Greg Pick. We understand that our contact for this
inspection is Sherri Sweet. If there are any questions about the inspection or the material
requested, please contact Greg at (817) 200-1270 or via e-mail at greg.pick@nrc.gov.
This letter does not contain new or amended information collection requirements subject to the
Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). Existing information collection
requirements were approved by the Office of Management and Budget, control
number 3150-0011. The NRC may not conduct or sponsor, and a person is not required to
respond to, a request for information or an information collection requirement unless the
requesting document displays a currently valid Office of Management and Budget control
number.
This letter and the material enclosed herewith contains Security-Related Information in
accordance with 10 CFR 2.390(d)(1) and its disclosure to unauthorized individuals could
present a security vulnerability. Therefore, this letter and the material in the enclosure will not
be made available electronically for public inspection in the NRC Public Document Room or
from the Publicly Available Records (PARS) component of the NRC's Agencywide Documents
Access and Management System (ADAMS).
Sincerely,
/RA/ John Mateychick for
Gregory E. Werner, Branch Chief
Engineering Branch 2
Division of Reactor Safety
Docket: 50-416
License: NPF-29
Nonpublic Enclosure:
Cyber Security Temporary Instruction
(TI) 2201/004 (Milestones 1-7)
Request for Information
DISTRIBUTION:
See next page
R:\_REACTORS\_GG\2015\GG 2015405 RFI LTR-GAP TI2201-004 150306.doc.docx ML15068A295
Entire Letter w/enclosure: Non-Sensitive Publicly Available Keyword:
SUNSI Review Sensitive Non-Publicly Available MD 3.4 Non-Public A.3
Complete
By: JMM
Cover Letter Only: Non-Sensitive Publicly Available Keyword:
SUNSI Review Sensitive Non-Publicly Available SUNSI Review Complete
Complete NRC-002
By: JMM
OFFICE SRI:DRS/EB2 C:PBC C:EB2
NAME GPick:PBH GWarnick GWerner
SIGNATURE /RA/J.Mateychick for /RA/ /RA/J.Mateychick for
DATE 03/04/2015 03/06/2015 03/06/2015
OFFICIAL RECORD COPY
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION
Letter to Kevin Mulligan from Greg E. Werner, dated March 6, 2015
SUBJECT: GRAND GULF NUCLEAR STATION - NOTIFICATION OF INSPECTION OF
TEMPORARY INSTRUCTION 2201/004, INSPECTION OF IMPLEMENTATION
OF INTERIM CYBER SECURITY MILESTONES 1-7, (NRC INSPECTION
REPORT 05000416/2015405) AND REQUEST FOR INFORMATION
DISTRIBUTION w/enclosure:
Director, Cyber Security Directorate (Barry.Westreich@nrc.gov)
Deputy Director, Cyber Security Directorate (Russell.Felts@nrc.gov)
Security Specialist/NSIR (Eric.Wharton@nrc.gov)
Security Specialist/NSIR (Niry.Simonian@nrc.gov)
Branch Chief, RI DRS/EB3 (John.Rogge@nrc.gov)
Branch Chief, RII DRS/EB2 (Scott.Shaeffer@nrc.gov)
Branch Chief, RIII DRS/EB3 (Robert.Daley@nrc.gov)
Acting Senior Resident Inspector (Matt.Young@nrc.gov)
DISTRIBUTION w/o enclosure:
Regional Administrator (Marc.Dapas@nrc.gov)
Deputy Regional Administrator (Kriss.Kennedy@nrc.gov)
DRP Director (Troy.Pruett@nrc.gov)
Acting DRP Deputy Director (Thomas.Farnholtz@nrc.gov)
DRS Director (Anton.Vegel@nrc.gov)
DRS Deputy Director (Jeff.Clark@nrc.gov)
Resident Inspector (Neil.Day@nrc.gov)
Administrative Assistant (Alley.Farrell@nrc.gov)
Acting Branch Chief, DRP/C (Greg.Warnick@nrc.gov)
Senior Project Engineer, DRP/C (Ray.Azua@nrc.gov)
Project Engineer, DRP/C (Paul.Nizov@nrc.gov)
Project Engineer, DRP/C (Michael.Stafford@nrc.gov)
Branch Chief, EB2 (Greg.Werner@nrc.gov)
Senior Reactor Inspector, EB2 (Greg.Pick@nrc.gov)
Public Affairs Officer (Victor.Dricks@nrc.gov)
Public Affairs Officer (Lara.Uselding@nrc.gov)
Project Manager (Alan.Wang@nrc.gov)
Branch Chief, DRS/TSB (Geoffrey.Miller@nrc.gov)
RITS Coordinator (Marisa.Herrera@nrc.gov)
ACES (R4Enforcement.Resource@nrc.gov)
Regional Counsel (Karla.Fuller@nrc.gov)
Technical Support Assistant (Loretta.Williams@nrc.gov)
Congressional Affairs Officer (Jenny.Weil@nrc.gov)
RIV Congressional Affairs Officer (Angel.Moreno@nrc.gov)
RIV/ETA: OEDO (Michael.Waters@nrc.gov
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION