ML15132A768
| ML15132A768 | |
| Person / Time | |
|---|---|
| Site: | Waterford  |
| Issue date: | 05/12/2015 |
| From: | Greg Werner NRC/RGN-IV/DRS/EB-2 |
| To: | Chisum M Entergy Operations |
| References | |
| IR 2015406 | |
| Download: ML15132A768 (5) | |
See also: IR 05000382/2015406
Text
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION
UNITED STATES
NUCLEAR REGULATORY COMMISSION
REGION IV
1600 E LAMAR BLVD
ARLINGTON, TX 76011-4511
May 12, 2015
Mr. Michael R. Chisum
Site Vice President
Entergy Operations, Inc.
17265 River Road
Killona, LA 70057-0751
SUBJECT: WATERFORD STEAM ELECTRIC STATION, UNIT 3 - NOTIFICATION OF
INSPECTION OF TEMPORARY INSTRUCTION 2201/004, INSPECTION OF
IMPLEMENTATION OF INTERIM CYBER SECURITY MILESTONES 1-7,
(NRC INSPECTION REPORT 05000382/2015406) AND REQUEST FOR
INFORMATION
Dear Mr. Chisum:
On August 17, 2015, the U.S. Nuclear Regulatory Commission (NRC) will begin an inspection of
the Entergy Operations, Inc., cyber security program implementation for Waterford Steam
Electric Station, Unit 3, using the guidance in Temporary Instruction 2201/004, Inspection of
Implementation of Interim Cyber Security Milestones 1-7. As previously discussed with
members of your staff, the inspection will be performed to assess and verify that the cyber
security program interim implementation milestones have been implemented in accordance with
the regulatory requirements of 10 CFR 73.54 and NRC-approved cyber security plans and
implementation schedules.
In accordance with 10 CFR 73.54, each nuclear power plant licensee was required to submit a
proposed cyber security plan and implementation schedule for NRC approval. On
February 28, 2011, NEI provided a revised Template for the Cyber Security Plan
Implementation Schedule for the purpose of providing licensees with a generic template to aid
in the development of their cyber security plan and implementation schedule. Based on the
NRC review (Agencywide Documents Access and Management System (ADAMS)
ML110070348), the template was found acceptable to develop cyber security plans and
implementation schedules.
With a variety of valid operational and technical issues, full implementation dates varied among
the operating fleet of nuclear power reactors. The NRC staff worked with the nuclear industry to
devise seven interim implementation milestones to ensure a level of protection against cyber
security threats at each power reactor until full implementation of 10 CFR 73.54 is achieved.
In its NRC-approved implementation schedule, each licensee committed to meet these seven
interim milestones by December 31, 2012. These seven milestones are: (1) establishment of a
cyber security assessment team (CSAT), (2) identification and documentation of critical systems
Enclosure transmitted herewith contains SUNSI. When separated from enclosure, this
transmittal document is decontrolled.
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION
M. Chisum -2-
and critical digital assets, (3) installation of protective devices between lower and higher security
levels as described in the cyber security plan, (4) implementation of access control for portable
mobile devices, (5) observation for and identification of obvious cyber-related tampering, (6)
implementation of cyber security controls for critical digital assets that could adversely impact
the design function of target set equipment, and (7) implementation and commencement of
ongoing monitoring and assessment activities.
By letters, dated July 15, 2010 (ML102000415) and April 4, 2011 (ML110950122), and
supplemented by letter, dated August 4, 2014 (ML14217A498), Entergy Operations, Inc.,
submitted license amendment requests that included a request for approval of the Waterford
Steam Electric Station, Unit 3, cyber security plan (CSP) and implementation schedule.
The inspection of the interim cyber security program at Waterford Steam Electric Station, Unit 3,
will be limited to the verification of implementation of Milestones 1-7. Milestone 8 will be
inspected on a future date.
The schedule for the on-site inspection for Milestones 1-7 is as follows:
- Information Gathering Visit: August 4-6, 2015
- Milestone Inspection: August 17-21, 2015
The purpose of the information gathering visit is to: (1) obtain information and documentation
needed to support the Temporary Instruction (TI) 2201/04 inspection; (2) become familiar with
the Waterford Steam Electric Station, Unit 3, cyber security program, personnel, and plant
layout; and (3) arrange logistical details, such as office space, availability of knowledgeable
staff, and to ensure unescorted site access privileges.
In order to assure an efficient inspection, we have enclosed a request for information describing
documents needed to aid the inspectors in preparing for and conducting the temporary
instruction inspection. These documents have been divided into four groups. The first group
lists information necessary to aid the inspectors in planning for the inspection. It is requested
that this information be provided to the lead inspector via mail or electronically by July 20, 2015,
if possible. The second group also lists information and possible areas for discussion
necessary to assist the inspectors during the inspection. It is requested this information be
available during the information gathering visit (August 4-6, 2015). The third group of requested
documents consists of those items that the inspectors will review, or need access to, during the
inspection. Please have this information available by the first day of the on-site inspection week
(August 17, 2015). The fourth group lists the information necessary to aid the inspectors in
tracking questions and answers identified as a result of the inspection. It is requested that this
information be provided to the lead inspector as the information is generated during the
inspection. It is important that all of these documents are up to date and complete in order to
minimize the number of additional documents requested during the preparation and the on-site
portions of the inspection.
The team leader for this inspection is Mr. Greg Pick. We understand that our contact for this
inspection is Ms. Leia Milster. If there are any questions about the inspection or the material
requested, please contact Mr. Pick at (817) 200-1270 or via e-mail at Greg.Pick@nrc.gov.
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION
M. Chisum -3-
This letter does not contain new or amended information collection requirements subject to the
Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). Existing information collection
requirements were approved by the Office of Management and Budget, control
number 3150-0011. The NRC may not conduct or sponsor, and a person is not required to
respond to, a request for information or an information collection requirement unless the
requesting document displays a currently valid Office of Management and Budget control
number.
This letter and the material enclosed herewith contains Security-Related Information in
accordance with 10 CFR 2.390(d)(1) and its disclosure to unauthorized individuals could
present a security vulnerability. Therefore, this letter and the material in the enclosure will not
be made available electronically for public inspection in the NRC Public Document Room or
from the Publicly Available Records (PARS) component of the NRC's Agencywide Documents
Access and Management System (ADAMS).
Sincerely,
/RA/
Gregory E. Werner, Branch Chief
Engineering Branch 2
Division of Reactor Safety
Docket No. 50-382
License No. NPF-38
Nonpublic Enclosure:
Cyber Security Temporary Instruction
(TI) 2201/004 (Milestones 1-7)
Request for Information
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION
Entire Report: Non-Sensitive Publicly Available Keyword:
SUNSI Review Complete Sensitive Non-Publicly Available MD 3.4 Non-Public A.3
By: GAP RGN-002
Cover Letter Only: Non-Sensitive Publicly Available Keyword:
SUNSI Review Complete Sensitive Non-Publicly Available SUNSI Review Complete
By: GAP RGN-002
OFFICE RI:DRS/EB2 C:PBD C:EB2
NAME GAPick GMiller GWerner
SIGNATURE /RA/ /RA/ /RA/
DATE 5/11/15 5/12/15 5/12/15
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION
Letter to Michael R. Chisum from Gregory E. Werner, dated May 12, 2015
SUBJECT: WATERFORD STEAM ELECTRIC STATION, UNIT 3 - NOTIFICATION OF
INSPECTION OF TEMPORARY INSTRUCTION 2201/004, INSPECTION OF
IMPLEMENTATION OF INTERIM CYBER SECURITY MILESTONES 1-7,
(NRC INSPECTION REPORT 05000382/2015406) AND REQUEST FOR
INFORMATION
DISTRIBUTION w/enclosure:
Director, Cyber Security Directorate (Barry.Westreich@nrc.gov)
Deputy Director, Cyber Security Directorate (Russell.Felts@nrc.gov)
Security Specialist/NSIR (Eric.Wharton@nrc.gov)
Security Specialist/NSIR (Niry.Simonian@nrc.gov)
Branch Chief, RI DRS/EB3 (John.Rogge@nrc.gov)
Branch Chief, RII DRS/EB2 (Scott.Shaeffer@nrc.gov)
Branch Chief, RIII DRS/EB3 (Robert.Daley@nrc.gov)
Senior Resident Inspector (Frances.Ramirez@nrc.gov)
Resident Inspector (Chris.Speer@nrc.gov)
DISTRIBUTION w/o enclosure:
Regional Administrator (Marc.Dapas@nrc.gov)
Deputy Regional Administrator (Kriss.Kennedy@nrc.gov)
DRP Director (Troy.Pruett@nrc.gov)
DRP Deputy Director (Ryan.Lantz@nrc.gov)
DRS Director (Anton.Vegel@nrc.gov)
DRS Deputy Director (Jeff.Clark@nrc.gov)
Senior Resident Inspector (Frances.Ramirez@nrc.gov)
Resident Inspector (Chris.Speer@nrc.gov)
WAT Administrative Assistant (Linda.Dufrene@nrc.gov)
Branch Chief, DRP/D (Geoffrey.Miller@nrc.gov)
Senior Project Engineer, DRP/D (Bob.Hagar@nrc.gov)
Project Engineer, DRP/D (Brian.Parks@nrc.gov)
Project Engineer, DRP/D (Jan.Tice@nrc.gov)
Public Affairs Officer (Victor.Dricks@nrc.gov)
Public Affairs Officer (Lara.Uselding@nrc.gov)
Project Manager (Michael.Orenak@nrc.gov)
Team Leader, DRS/TSS (Don.Allen@nrc.gov)
RITS Coordinator (Marisa.Herrera@nrc.gov)
ACES (R4Enforcement.Resource@nrc.gov)
Regional Counsel (Karla.Fuller@nrc.gov)
Congressional Affairs Officer (Jenny.Weil@nrc.gov)
Technical Support Assistant (Loretta.Williams@nrc.gov)
RIV Congressional Affairs Officer (Angel.Moreno@nrc.gov)
RIV/ETA: OEDO (Michael.Waters@nrc.gov)
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION