Text

1 Lopez, Juan From:

Lopez, Juan Sent:

Tuesday, July 14, 2020 5:16 PM To:

det@nei.org Cc:

jlu@nei.org; wrg@nei.org; Berrios, Ilka

Subject:

Status Update: PRM-73-18, Protection of Digital Computer and Communication Systems and Networks [Docket No. PRM-73-18; NRC-2014-0165]

Mr. Doug True:

I am contacting you to provide a status update on the petition for rulemaking submitted by the Nuclear Energy Institute (NEI) to the U.S. Nuclear Regulatory Commission (NRC), dated June 12, 2014 (ADAMS Accession No. ML14184B120). NEI requested that the NRC amend the regulations in Title 10 of the Code of Federal Regulations (10 CFR) Section 73.54, Protection of Digital Computer and Communication Systems and Networks. Specifically, NEI requested, in pertinent part, that the NRC amend the scoping language contained in 10 CFR 73.54(a)(1) to focus on protection of digital computer and communication systems and networks associated with those structures, systems, and components that are necessary to prevent significant core damage and spent fuel sabotage or whose failure would cause a reactor scram.

The NRC docketed your letter as a petition for rulemaking (PRM)-73-18, and the NRC published a notice of receipt in the Federal Register on September 22, 2014 (79 FR 56525). Further, as indicated in NRCs letter dated September 13, 2017 (ADAMS Accession No. ML17179A002), the staff began conducting inspections once power reactor licensees completed full implementation of the cyber security rule. After completing a third of these full implementation inspections, the staff performed an assessment of the cyber security rule and its implementation. The staff completed these efforts and issued an assessment report, Power Reactor Cyber Security Program Assessment, dated July 12, 2019 (ADAMS Accession No. ML19175A211). Following completion of the assessment report, the staff developed an action plan to address the areas for improvement identified in the report. The action plan includes four efforts to evaluate the processes used for critical digital asset determination. The staff and industry are working on addressing these efforts and will use these results to inform the disposition of the petition.

The staff will prepare a formal recommendation to the Commission for approval. Once the petition has been resolved by the Commission, the NRC will publish a notice in the Federal Register explaining the NRCs finding. At that time, you will also receive a letter notifying you of the action the NRC has taken.

The status of PRM-73-18 can be found at the NRC Rules and Petition page at https://www.nrc.gov/reading-rm/doc-collections/rulemaking-ruleforum/active/PetitionIndex.html. At this website, there is a link to a listing of all active NRC PRMs. You can monitor this site for status updates as they become available. You can also continue to monitor the docket for PRM-73-18 at https://www.regulations.gov. The Federal rulemaking Web site allows you to receive alerts when changes or additions occur in a docket folder. To subscribe: 1) navigate to the docket folder (NRC-2014-0165); 2) click the Sign up for E-mail Alerts link; and 3) enter your e-mail address and select how frequently you would like to receive e-mails (daily, weekly, or monthly).

Please contact me at Juan.Lopez@nrc.gov if you have any questions.

Sincerely, Juan A. Lopez Rulemaking Project Manager NRC/NMSS/REFS/RRPB