ML20209A442
| ML20209A442 | |
| Person / Time | |
|---|---|
| Issue date: | 08/14/2020 |
| From: | Russell Felts NRC/NSIR/DPCP |
| To: | Gross W Nuclear Energy Institute |
| Warner D, 301-287-3642 | |
| References | |
| NEI 10-04, NEI 13-10 | |
| Download: ML20209A442 (3) | |
Text
August 14, 2020 Mr. William R. Gross Director, Incident Preparedness Nuclear Energy Institute 1201 F Street NW, Suite 1100 Washington, DC 20004
SUBJECT:
RESPONSE TO NEI WHITE PAPER, CHANGES TO NEI 10-04 AND NEI 13-10 GUIDANCE FOR IDENTIFYING AND PROTECTING DIGITAL ASSETS ASSOCIATED WITH THE BALANCE OF PLANT, DATED JULY 2020
Dear Mr. Gross:
In your letter dated July 23, 2020, you requested the U.S. Nuclear Regulatory Commission (NRC) staff to review and endorse provided Nuclear Energy Institute (NEI) White Paper, Changes to NEI 10-04 and NEI 13-10 Guidance for Identifying and Protecting Digital Assets Associated with the Balance of Plant, dated July 2020, located in the NRC Agencywide Documents Access and Management System (ADAMS) Accession Number ML20205L604, to ensure the proposed changes meet the requirements of Title 10 of the Code of Federal Regulations (10 CFR) 73.54, Protection of Digital Computer and Communication Systems, and Networks (known as the NRC Cybersecurity Rule).
The white paper dated July 2020 reflects updates to a previous white paper that was submitted on April 24, 2020 (ADAMS Accession No. ML20115E413). The revised July white paper addresses the staffs comments provided to NEI in a letter dated July 14, 2020 (ADAMS Accession No. ML20195B113). NEI submitted a revised white paper in April to address the comments received at the January 16, 2020, public meeting that provided NEI representatives, the public, and other stakeholders an opportunity to discuss the changes proposed in the NEI White Paper. Details of the public meeting are documented in the Meeting Summary for Public Meeting to Discuss NEIs White Paper Associated with the Balance of Plant, and Meeting Attendance and Talking Points located at ADAMS Accession Number ML20028C897.
The staffs analysis included review of the NEI White Paper, the regulations, Staff Requirements Memorandum COMWCO-10-0001 Regulation of Cyber Security at Nuclear Power Plants, dated October 21,2010, the response, SECY-10-0153 Cyber Security - Implementation of the Commissions Determination of Systems and Equipment Within the Scope of Title 10 of the Code of Federal Regulations, Section 73.54, NRC approved guidance, and the statements of consideration for the NRC Cybersecurity Rule. Based on that analysis the staff has concluded that the proposed changes in NEIs White Paper, Changes to NEI 10-04 and NEI 13-10 Guidance for Identifying and Protecting Digital Assets Associated with the Balance of Plant, dated July 2020, are consistent with the requirements of 10 CFR 73.54 as well as the NRC approved implementation strategies or approaches described in NRC Regulatory Guide (RG) 5.71, Cyber Security Program for Nuclear Facilities, ADAMS
W. Gross Accession No. ML090340159 and in NEI 08-09 Rev. 6, Cyber Security Plan for Nuclear Reactors, ADAMS Accession No. ML101180437. NSIR staff reviewed the proposed guidance revisions and determined the proposed changes will not impact the scope of 10 CFR 73.54(a)(1); thus, Balance of Plant (BOP) digital assets that affect reactivity remain within the scope of the NRCs cyber oversight.
If licensees elect to implement the changes proposed in the NEI White Paper, licensees are responsible to ensure that the implementation of changes to their cyber security programs do not decrease the effectiveness of their cyber security plans in accordance with the 10 CFR 50.54 review process. Licensees are also responsible for ensuring assessments performed analyzing BOP assets to implement the revised guidance are available for inspection by NRC staff. For additional information, licensees may refer to NEI 11-08, Guidance on Submitting Security Plan Changes, Rev 0, dated August 2012, reviewed and approved for use by the NRC ADAMS Accession No. ML12216A194.
This letter is not an endorsement of the NEI White Paper, Changes to NEI 10-04 and NEI 13-10 Guidance for Identifying and Protecting Digital Assets Associated with the Balance of Plant. The NRC expects the changes proposed in the white paper to be incorporated in future revisions of NEI 10-04 and NEI 13-10.
Should you or your staff have any questions, please contact Mr. Dan Warner at (301) 287-3642.
Sincerely,
/RA Anthony Bowers for Russell N. Felts, Director (Acting)
Division of Physical and Cyber Security Policy Office of Nuclear Security and Incident
Response
ML20209A442 *via e-mail OFFICE NSIR/DPCP/CSB NSIR/DPCP/CSB/BC NSIR/DPCP/DD(A)
NAME DWarner* JBeardsley (ELee for)* ABowers for RFelts*
DATE 07/27/2020 07/27/2020 08/14/2020