ML15170A091
ML15170A091 | |
Person / Time | |
---|---|
Site: | Wolf Creek ![]() |
Issue date: | 06/18/2015 |
From: | Greg Pick NRC/RGN-IV/DRS/EB-2 |
To: | Heflin A Wolf Creek |
References | |
IR 2015405 | |
Download: ML15170A091 (5) | |
See also: IR 05000482/2015405
Text
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION
UNITED STATES
NUCLEAR REGULATORY COMMISSION
REGION IV
1600 E LAMAR BLVD
ARLINGTON, TX 76011-4511
June 18, 2015
Adam C. Heflin, President and
Chief Executive Officer
Wolf Creek Nuclear Operating Corporation
P.O. Box 411
Burlington, KS 66839
SUBJECT: WOLF CREEK GENERATING STATION - NOTIFICATION OF INSPECTION
OF TEMPORARY INSTRUCTION 2201/004, INSPECTION OF
IMPLEMENTATION OF INTERIM CYBER SECURITY MILESTONES 1-7,
(NRC INSPECTION REPORT 05000482/2015405) AND REQUEST FOR
INFORMATION
Dear Mr. Heflin:
On October 5, 2015, the U.S. Nuclear Regulatory Commission (NRC) will begin an inspection of
the Wolf Creek Generating Station cyber security program implementation, using the guidance
in Temporary Instruction 2201/004, Inspection of Implementation of Interim Cyber Security
Milestones 1-7. As previously discussed with members of your staff, the inspection will be
performed to assess and verify that the cyber security program interim implementation
milestones have been implemented in accordance with the regulatory requirements of
10 CFR 73.54 and NRC-approved cyber security plans and implementation schedules.
In accordance with 10 CFR 73.54, each nuclear power plant licensee was required to submit a
proposed cyber security plan and implementation schedule for NRC approval. On
February 28, 2011, NEI provided a revised Template for the Cyber Security Plan
Implementation Schedule for the purpose of providing licensees with a generic template to aid
in the development of their cyber security plan and implementation schedule. Based on the
NRC review (Agencywide Documents Access and Management System (ADAMS)
ML110070348), the template was found acceptable to develop cyber security plans and
implementation schedules.
With a variety of valid operational and technical issues, full implementation dates varied among
the operating fleet of nuclear power reactors. The NRC staff worked with the nuclear industry to
devise seven interim implementation milestones to ensure a level of protection against cyber
security threats at each power reactor until full implementation of 10 CFR 73.54 is achieved.
In its NRC-approved implementation schedule, each licensee committed to meet these seven
interim milestones by December 31, 2012. These seven milestones are: (1) establishment of a
cyber security assessment team (CSAT), (2) identification and documentation of critical systems
Enclosure transmitted herewith contains SUNSI. When separated from enclosure, this
transmittal document is decontrolled.
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION
A. Heflin -2-
and critical digital assets, (3) installation of protective devices between lower and higher security
levels as described in the cyber security plan, (4) implementation of access control for portable
mobile devices, (5) observation for and identification of obvious cyber-related tampering,
(6) implementation of cyber security controls for critical digital assets that could adversely
impact the design function of target set equipment, and (7) implementation and commencement
of ongoing monitoring and assessment activities.
By letters, dated July 19, 2010 (ML102080329), April 1, 2011 (ML110970134),
and April 14, 2011 (ML11116A086), Wolf Creek Nuclear Operating Corporation submitted
license amendment requests that included a request for approval of the Wolf Creek Generating
Station cyber security plan and implementation schedule. The NRC issued License
Amendment 197 on June 27, 2011 (ML111990339) that specified the April 1, 2011, letter
described the official Milestones 1-7 implementation schedule and the April 14, 2011, letter
described the approved cyber security plan.
The inspection of the interim cyber security program at Wolf Creek Generating Station will be
limited to the verification of implementation of Milestones 1-7. Milestone 8 will be inspected on
a future date.
The schedule for the on-site inspection for Milestones 1-7 is as follows:
- Information Gathering Visit: September 15-17, 2015
- Milestone Inspection: October 5-9, 2015
The purpose of the information gathering visit is to: (1) obtain information and documentation
needed to support the Temporary Instruction 2201/04 inspection; (2) become familiar with the
Wolf Creek Generating Station cyber security program, personnel, and plant layout;
and (3) arrange logistical details, such as office space, availability of knowledgeable staff, and to
ensure unescorted site access privileges.
In order to assure an efficient inspection, we have enclosed a request for information describing
documents needed to aid the inspectors in preparing for and conducting the temporary
instruction inspection. These documents have been divided into four groups. The first group
lists information necessary to aid the inspectors in planning for the inspection. It is requested
that this information be provided to the lead inspector via mail or electronically by
August 31, 2015, if possible. The second group also lists information and possible areas for
discussion necessary to assist the inspectors during the inspection. It is requested this
information be available during the information gathering visit (September 15-17, 2015). The
third group of requested documents consists of those items that the inspectors will review, or
need access to, during the inspection. Please have this information available by the first day of
the on-site inspection week (October 5-9, 2015). The fourth group lists the information
necessary to aid the inspectors in tracking questions and answers identified as a result of the
inspection. It is requested that this information be provided to the lead inspector as the
information is generated during the inspection. It is important that all of these documents are up
to date and complete in order to minimize the number of additional documents requested during
the preparation and the on-site portions of the inspection.
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION
A. Heflin -3-
The team leader for this inspection is Mr. Greg Pick. We understand that our contact for this
inspection is Mr. William Muilenberg. If there are any questions about the inspection or the
material requested, please contact Mr. Pick at (817) 200-1270 or via e-mail at
Greg.Pick@nrc.gov.
This letter does not contain new or amended information collection requirements subject to the
Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). Existing information collection
requirements were approved by the Office of Management and Budget, control
number 3150-0011. The NRC may not conduct or sponsor, and a person is not required to
respond to, a request for information or an information collection requirement unless the
requesting document displays a currently valid Office of Management and Budget control
number.
This letter and the material enclosed herewith contains Security-Related Information in
accordance with 10 CFR 2.390(d)(1) and its disclosure to unauthorized individuals could
present a security vulnerability. Therefore, this letter and the material in the enclosure will not
be made available electronically for public inspection in the NRC Public Document Room or
from the Publicly Available Records (PARS) component of the NRC's Agencywide Documents
Access and Management System (ADAMS).
Sincerely,
/RA/
Gregory A. Pick, Chief
Engineering Branch 2
Division of Reactor Safety
Docket No. 50-482
License No. NPF-42
Nonpublic Enclosure:
Cyber Security Temporary Instruction 2201/004
(Milestones 1-7) Request for Information
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION
Entire Report: Non-Sensitive Publicly Available Keyword:
SUNSI Review Complete Sensitive Non-Publicly Available MD 3.4 Non-Public A.3
By: GAP RGN-002
Cover Letter Only: Non-Sensitive Publicly Available Keyword:
SUNSI Review Complete Sensitive Non-Publicly Available SUNSI Review Complete
By: GAP RGN-002
OFFICE RI:DRS/EB2 C:PBB C:EB2
NAME NOkonkwo ARosebrook GPick
SIGNATURE /RA/ /RA/ /RA/
DATE 6/18/15 6/18/15 6/18/15
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION
Letter to Adam C. Heflin from Gregory Pick, dated June 18, 2015
SUBJECT: WOLF CREEK GENERATING STATION - NOTIFICATION OF INSPECTION
OF TEMPORARY INSTRUCTION 2201/004, INSPECTION OF
IMPLEMENTATION OF INTERIM CYBER SECURITY MILESTONES 1-7,
(NRC INSPECTION REPORT 05000482/2015405) AND REQUEST FOR
INFORMATION
DISTRIBUTION w/enclosure:
Deputy Director, Cyber Security Directorate (Russell.Felts@nrc.gov)
Security Specialist/NSIR (Eric.Wharton@nrc.gov)
Security Specialist/NSIR (Niry.Simonian@nrc.gov)
Branch Chief, RI DRS/EB3 (John.Rogge@nrc.gov)
Branch Chief, RII DRS/EB2 (Scott.Shaeffer@nrc.gov)
Branch Chief, RIII DRS/EB3 (Robert.Daley@nrc.gov)
Senior Resident Inspector (Chris.Speer@nrc.gov)
Resident Inspector (Raja.Stroble@nrc.gov)
DISTRIBUTION w/o enclosure:
Regional Administrator (Marc.Dapas@nrc.gov)
Deputy Regional Administrator (Kriss.Kennedy@nrc.gov)
DRP Director (Troy.Pruett@nrc.gov)
DRP Deputy Director (Ryan.Lantz@nrc.gov)
DRS Director (Anton.Vegel@nrc.gov)
DRS Deputy Director (Jeff.Clark@nrc.gov)
Senior Resident Inspector (Chris.Speer@nrc.gov)
Resident Inspector (Raja.Stroble@nrc.gov)
WC Administrative Assistant (Carey.Spoon@nrc.gov)
Branch Chief, DRP/B (Andrew.Rosebrook@nrc.gov)
Senior Project Engineer, DRP/B (David.Proulx@nrc.gov)
Project Engineer, DRP/B (Fabian.Thomas@nrc.gov)
Project Engineer, DRP/B (Steven.Janicki@nrc.gov)
Public Affairs Officer (Victor.Dricks@nrc.gov)
Public Affairs Officer (Lara.Uselding@nrc.gov)
Project Manager (Fred.Lyon@nrc.gov)
Team Leader, DRS/TSST (Don.Allen@nrc.gov)
RITS Coordinator (Marisa.Herrera@nrc.gov)
ACES (R4Enforcement.Resource@nrc.gov)
Regional Counsel (Karla.Fuller@nrc.gov)
Technical Support Assistant (Loretta.Williams@nrc.gov)
Congressional Affairs Officer (Jenny.Weil@nrc.gov)
RIV Congressional Affairs Officer (Angel.Moreno@nrc.gov)
RIV/ETA: OEDO (Michael.Waters@nrc.gov)
ROPreports
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION