ML20072M555
| ML20072M555 | |
| Person / Time | |
|---|---|
| Site: | Grand Gulf, Arkansas Nuclear, River Bend, Waterford  (DPR-051, NPF-006, NPF-029, NPF-038, NPF-047) |
| Issue date: | 03/12/2020 |
| From: | Gaston R Entergy Operations |
| To: | Clay Johnson Document Control Desk, Office of Nuclear Reactor Regulation |
| References | |
| CNRO 2020-00012 | |
| Download: ML20072M555 (3) | |
Text
Entergy Operations, Inc.
1340 Echelon Parkway Jackson, MS 39213 Tel 601-368-5138 Ron Gaston Director, Nuclear Licensing 10 CFR 73.54 10 CFR 170.11 CNRO 2020-00012 March 12, 2020 ATTN: Cherish K. Johnson Chief Financial Officer U.S. Nuclear Regulatory Commission Washington, DC 20555-0001
Subject:
Request for Exemption from NRC Review Fees Associated with Proposed Performance Based Cyber Security Testing Plan Arkansas Nuclear One, Units 1 and 2 NRC Docket Nos. 50-313 and 50-368 Renewed Facility Operating License Nos. DPR-51 and NPF-6 Grand Gulf Nuclear Station, Unit 1 NRC Docket No. 50-416 Renewed Facility Operating License No. NPF-29 Waterford Steam Electric Station, Unit 3 NRC Docket No. 50-382 Renewed Facility Operating License No. NPF-38 River Bend Station, Unit 1 NRC Docket No. 50-458 Renewed Facility Operating License No. NPF-47 By letter dated December 21, 2019 (Reference 1), Entergy Services, LLC (Entergy) submitted, for U.S Nuclear Regulatory Commission (NRC) review and endorsement, a Cyber Security Performance-Based Testing proposal to be used as part of the NRC Cyber Security Inspection Process. The submittal contained a proposed approach for an NRC observed demonstration of the ability of licensees to protect, detect and respond to cyber security attacks as required by the NRC approved Cyber Security Plan (CSP) for each site. The NRC responded to Entergy's request in Reference 2, stating that, upon development and inclusion of an acceptable appendix with details of the performance testing protocols, the Cyber Security Performance-Based Testing proposal is acceptable for use during inspections.
In accordance with 10 CFR 170.11(a)(1)(ii), Entergy requests exemption from the NRC fees that have been incurred for the review and endorsement of Entergy's Cyber Security Performance-Based Testing Proposal submitted in Reference 1, NRC review of any future submissions of the guidance documents, and NRC review of proof-of-concept demonstrations associated with this topic. The document meets the exemption requirement in 10 CFR 170.11(a)(1)(ii) on the basis that it will assist the NRC in implementing generic regulatory improvements or efforts (i.e. as a
CNRO 2020-00012 Page 2 of 3 "lead plant" or "pilot plant"). The promulgation and eventual implementation of the performance-based testing proposal submitted in Reference 1 represents a significant generic regulatory improvement effort, as follows.
As stated in NRC Inspection Procedure 71130.10P (Reference 3), the objectives of the NRC Cyber Security Inspection is to inspect operating nuclear power plants which have completed full implementation of 10 CFR 73.54, "Protection of Digital and Communication Systems and Networks," and verify the licensee has implemented provisions of their CSP in accordance with the NRC approved CSP and 10 CFR 73.54. The current method of NRC inspection encompasses a programmatic level review and verification of the licensees performance. Due to the large scope of the cyber security program, inspectors request information in advance of the 3-week inspection effort. Lessons learned through the implementation and inspection of cyber security programs indicate that the current approach to NRC oversight activities is heavily document review driven vs having observable demonstrations.
In the July 12, 2019 NRC Reactor Cyber Security Program Assessment Final Report (Reference 4) the NRC identified an area for improvement for transforming the future cyber security inspection program. One of the suggested approaches to achieve this transformation was to consider the observation of exercises involving cyber-attacks and evaluate the performance of the licensees' Cyber Security Incident Response capabilities consistent with existing programs (i.e., physical security and emergency preparedness). The performance-based approach submitted in Reference 1 provides a proposal to implement this transformative approach to the cyber security inspection program.
Additionally, this approach will be shared with the rest of the nuclear industry after initial development. NRC review and endorsement of the proposal will improve the effectiveness and efficiency of licensee cyber security programs and NRC oversight functions; and can be used by the NRC as it develops and implements its Cyber Security Action Plan as described in its assessment of the Cyber Security Program (Reference 4).
In that Entergy will be the first licensee to pilot the performance-based testing proposed and given the NRCs action plan to improve the Cyber Security Inspection Program, as outlined in its assessment report (Reference 4); Entergy believes that this proposal satisfies the standard for an NRC fee waiver described in 10 CFR 170.11(a)(1)(ii).
This letter contains no new regulatory commitments. Should you have any questions or require additional information, please contact Sparky Soudah, Director, IT-Operations Technology Services, at 281-297-3493 or ksoudah@Entergy.com.
Respectfully, Ron Gaston RWG/rh
CNRO 2020-00012 Page 3 of 3
References:
- 1) Entergy Services, LLC (Entergy) letter to U.S. Nuclear Regulatory Commission (NRC), "Performance-Based Testing Proposal," dated December 21, 2019
- 2) NRC letter to Entergy, "Performance Based Testing Proposal," (ADAMS Accession No. ML20031C877), dated January 24, 2020
- 3) NRC Inspection Manual, Inspection Procedure 71130.10P, "Cyber Security," dated May 15, 2017
- 4) NRC Internal Letter Reactor Cyber Security Program Assessment Final Report, (ADAMS Accession No. ML19175A210) dated July 12, 2019 cc:
NRC Branch Chief, Cyber Security NRC Branch Chief, Physical Security NRC Region III Regional Administrator NRC Region IV Regional Administrator NRC Senior Resident Inspector - ANO NRC Senior Resident Inspector - GGN NRC Senior Resident Inspector - RBS NRC Senior Resident Inspector - WF3 NRC Project Manager - ANO NRC Project Manager - GGN NRC Project Manager - RBS NRC Project Manager - WF3 NRC Project Manager - Entergy Fleet NRC Document Control Desk