ML22069A090
| ML22069A090 | |
| Person / Time | |
|---|---|
| Issue date: | 03/04/2022 |
| From: | Kim Lawson-Jenkins NRC/NSIR/DPCP/CSB |
| To: | |
| Lawson-Jenkins K | |
| Shared Package | |
| ML22069A084 | List: |
| References | |
| DG-5061, RG-5.071 | |
| Download: ML22069A090 (21) | |
Text
00:00:00.000 --> 00:00:04.040 Lawson-Jenkins, Kim In the in our CS Office of nuclear security and incident response.
00:00:05.750 --> 00:00:17.360 Lawson-Jenkins, Kim This morning we're meeting to briefly discuss the issuance of draft guidance 5061 for public comment draft guidance 5061 is the draft of revision one.
00:00:18.230 --> 00:00:24.960 Lawson-Jenkins, Kim Of Regulatory Guide 5 dot 71, which is titled Cyber security plans for nuclear power plants.
00:00:26.250 --> 00:00:31.780 Lawson-Jenkins, Kim A copy of the presentation slides so that we use today have been attached to the public meeting notice.
00:00:32.850 --> 00:00:34.460 Lawson-Jenkins, Kim This is an observation meeting.
00:00:35.500 --> 00:00:42.340 Lawson-Jenkins, Kim This is a meeting in which attendees will have an opportunity to observe and RC performing its regulatory function.
00:00:43.450 --> 00:00:46.220 Lawson-Jenkins, Kim Attendees will have an opportunity to ask questions.
00:00:46.930 --> 00:01:02.140 Lawson-Jenkins, Kim Uh for me and to make automate comments about the issues discussed following my presentation at this meeting. However, the NRC is not actively for listing comments towards regulatory decisions at this meeting.
00:01:03.260 --> 00:01:12.140 Lawson-Jenkins, Kim During the meeting, we would not decide any agency or staff positions and will not interpret regulation.
00:01:14.370 --> 00:01:19.180 Lawson-Jenkins, Kim Other than what has already been established in the guidance or prior for staff positions.
00:01:20.500 --> 00:01:23.160 Lawson-Jenkins, Kim After some brief and introductory remarks.
00:01:23.720 --> 00:01:28.880 Lawson-Jenkins, Kim Uhm I will provide an overview of the draft guidance that said the discussion today.
00:01:30.000 --> 00:01:32.670 Lawson-Jenkins, Kim But first some brief administrative items.
00:01:33.840 --> 00:01:36.900 Lawson-Jenkins, Kim If you are participating in the meeting by phone.
00:01:36.950 --> 00:01:41.100 Lawson-Jenkins, Kim Phone please send me an email with your name.
00:01:41.760 --> 00:01:51.340 Lawson-Jenkins, Kim And organizations, so that we can include your participation on our list of attendees. My email address is Kim Dot Lawson.
00:01:52.110 --> 00:01:58.830 Lawson-Jenkins, Kim Hyphenjenkins@nrc.gov this information is also located on the public meeting notice.
00:02:00.460 --> 00:02:04.760 Lawson-Jenkins, Kim Please ensure that you mute your phone or microphone when you're not speaking.
00:02:05.970 --> 00:02:16.170 Lawson-Jenkins, Kim If you would like to provide feedback on on this meeting. You can do so using in RC Form 659 found on the endorsees website.
00:02:17.750 --> 00:02:30.820 Lawson-Jenkins, Kim And now I'd like to turn the meeting over to Jim Beardsley for some introductory remarks. Jim is the acting deputy deputy director of the division of physical security physical and cyber security policy.
00:02:31.670 --> 00:02:32.380 Lawson-Jenkins, Kim Take it down.
00:02:32.030 --> 00:03:02.010 Beardsley, Jim Take care thank you. Kim Uh, I sincerely appreciate your introduction. I just wanted to provide a little bit of context. The original version of regulatory guide 571 was issued over 12 years ago and the staff has worked hard over the over the past few years to develop a revision to it. It is a significant revision and
Kim is going to go through that it's so significant that it would be difficult for us to even show someone a red line strike out version.
00:03:02.310 --> 00:03:34.270 Beardsley, Jim Document to to to compare the old version, and the new version so please bear with us as we issue, it and put this document out for contact out for comment because it's going to be a challenge. It's it's a big revision. It's in important revision. Kim is going to go through the reason we did. The revision and the background on it. We are actively seeking stakeholder feedback and we want to hear from any stakeholders any questions or any comments. You have on the document. We would sincerely appreciate that we intend to have a follow on public meeting at the.
00:03:34.330 --> 00:04:02.930 Beardsley, Jim Towards the end of the UM comment period where we would will be open to questions and answers and receive comments back. But we would prefer to get comments and writing and we very important for us to get comments in writing, so that will be able to adjudicate those comments understand them and then provide feedback as part of our process for evaluating and and in further pursuing the revision thanks very much and I'll turn it back over to Kim.
00:04:06.350 --> 00:04:07.950 Lawson-Jenkins, Kim Thank you Tim for those comments.
00:04:06.700 --> 00:04:07.360 Beardsley, Jim Thank you Tim.
00:04:08.650 --> 00:04:13.880 Lawson-Jenkins, Kim OK, so I'm going to pull up the slides and and give the presentation right now.
00:04:42.250 --> 00:04:46.670 Lawson-Jenkins, Kim This presentation is on a draft guidance 5061.
00:04:47.290 --> 00:04:51.440 Lawson-Jenkins, Kim Which is the revision of regular regulatory guide 571?
00:04:52.090 --> 00:05:00.820 Lawson-Jenkins, Kim Regulatory guide 571 describes one acceptable method of establishing a cyber security plan and the nuclear power plant.
00:05:01.470 --> 00:05:09.660 Lawson-Jenkins, Kim
That complies with the NRC regulation for protecting digital computer equipment and communication systems.
00:05:10.260 --> 00:05:11.100 Lawson-Jenkins, Kim At the plant.
00:05:12.060 --> 00:05:22.350 Lawson-Jenkins, Kim As Jim said the original version of Regulatory Guide Regulatory Guide, Vice having one was published in 201012 years ago.
00:05:26.080 --> 00:05:32.420 Lawson-Jenkins, Kim Hey uh this work on the draft guidance actually began in 2016.
00:05:33.280 --> 00:05:38.900 Lawson-Jenkins, Kim Uh so after working on it for almost 2 years in 2018, we released.
00:05:39.370 --> 00:05:46.830 Lawson-Jenkins, Kim Uh of version of the draft guidance for public comment in August of 2018, there was a public meeting at that time.
00:05:47.890 --> 00:06:06.370 Lawson-Jenkins, Kim After we received the comments when the comment period closed a decision was made to delay work on the draft guidance for 2 years due to post assessment as initiatives with the industry. On on the way to identify to better identify and and protect.
00:06:08.090 --> 00:06:09.440 Lawson-Jenkins, Kim Equipment related to.
00:06:09.760 --> 00:06:10.190 Lawson-Jenkins, Kim Uhm.
00:06:11.320 --> 00:06:12.830 Lawson-Jenkins, Kim Safety security.
00:06:13.370 --> 00:06:23.210 Lawson-Jenkins, Kim Uh if important to safety and emergency preparedness functions and also there was an an audit of the.
00:06:23.950 --> 00:06:35.860 Lawson-Jenkins, Kim
Of the of our program of the inspection program by the office of Inspector General and or the report or the report was issued in June of 2019.
00:06:36.840 --> 00:06:43.780 Lawson-Jenkins, Kim At the same time, we was a beginning our full implementation inspections of the cyber security plants.
00:06:44.590 --> 00:06:50.460 Lawson-Jenkins, Kim Work resumed on draft guidance 5061 in August 2020.
00:06:51.290 --> 00:07:01.050 Lawson-Jenkins, Kim And we finalize that a new version of it of the draft guidance just this last month in February 2021.
00:07:01.670 --> 00:07:04.910 Lawson-Jenkins, Kim February 2022, Let's just say.
00:07:05.920 --> 00:07:08.050 Lawson-Jenkins, Kim So it was just it's issued.
00:07:09.340 --> 00:07:14.780 Lawson-Jenkins, Kim It was finalized only a few weeks ago and yesterday.
00:07:15.470 --> 00:07:18.420 Lawson-Jenkins, Kim Uh the FRN announced the draft guidance.
00:07:19.320 --> 00:07:24.130 Lawson-Jenkins, Kim Uh with Isabella for public comment so that's March 3rd.
00:07:24.750 --> 00:07:24.980 Lawson-Jenkins, Kim Of.
00:07:25.720 --> 00:07:35.020 Lawson-Jenkins, Kim Does she asked today the FRN docket number for this FRN is in RC dash 20 dash 0143?
00:07:36.750 --> 00:07:48.040 Lawson-Jenkins, Kim And in this slide, you see the Addams number for this version of the draft guidance that we have available for public comments. The public comment period began yesterday.
00:07:49.020 --> 00:07:50.480 Lawson-Jenkins, Kim And this for 60 days.
00:07:52.040 --> 00:07:57.340 Lawson-Jenkins, Kim During this public comment period, we would prefer strongly preferred if you can.
00:08:00.170 --> 00:08:02.600 Lawson-Jenkins, Kim Give your comments using regular.
00:08:06.060 --> 00:08:19.000 Lawson-Jenkins, Kim Using the information that's given on the frnregulations.gov that is really the best way to enter the comments but obviously you can even when you contact me if you sent some information about the.
00:08:19.670 --> 00:08:20.200 Lawson-Jenkins, Kim Uhm.
00:08:21.210 --> 00:08:33.030 Lawson-Jenkins, Kim Your comment on the guide it will be recorded and address but the we are strongly encouraging people to useregulation.gov and the procedures that had mentioned on the Fr at.
00:08:34.250 --> 00:08:48.560 Lawson-Jenkins, Kim The public comment period ends in 60 days. But as Jim said. Before that period ends in early April. We're going to have an information public meeting where there will be more detailed discussions of the guide.
00:08:48.970 --> 00:09:05.460 Lawson-Jenkins, Kim Uh and asked we can answer any questions about why we had a why some decisions were made to what we what we include in the other guy, then what we did to include and other stakeholders will actually be speaking at this meeting well today is just the NRC and making a presentation.
00:09:06.920 --> 00:09:09.460 Lawson-Jenkins, Kim After the public comment period closes in May.
00:09:09.950 --> 00:09:14.660 Lawson-Jenkins, Kim Uhm it will take not quite but almost a year to actually publish the guide.
00:09:18.390 --> 00:09:22.950 Lawson-Jenkins, Kim So I want to briefly go over some of the major changes in the guide.
00:09:25.110 --> 00:09:27.660 Lawson-Jenkins, Kim This slide was actually shown in 2018.
00:09:28.670 --> 00:09:47.210 Lawson-Jenkins, Kim Uh with the version that when that was made the relevant 2018 clarifies the existing interpretation of the regulation based on the lessons learned from the first set of inspections. Cyber security inspections.
The NRC performed which were called milestone one through 7 inspections.
00:09:48.200 --> 00:09:59.090 Lawson-Jenkins, Kim Uh it updated the guidance to show the new regulation that came into effect after the original version, which was the cyber security event notification rule.
00:09:59.740 --> 00:10:00.440 Lawson-Jenkins, Kim
- 10.
00:10:01.710 --> 00:10:07.800 Lawson-Jenkins, Kim Title 10 code of Federal Register Regulations, 73 dot 77.
00:10:08.870 --> 00:10:20.480 Lawson-Jenkins, Kim Uh we updated the document based on changes to this special product 853 revision 4 because that we based.
00:10:21.200 --> 00:10:30.420 Lawson-Jenkins, Kim We use the NIST document revision 3 as they were original template for generating the the first version of the regulatory guide.
00:10:31.110 --> 00:10:41.870 Lawson-Jenkins, Kim So they had been a revision to this document and we wanted to make sure we were still generally aligned with it and pick up any changes that were relevant for our document.
00:10:42.880 --> 00:10:53.600 Lawson-Jenkins, Kim Uh in the 8 years since at that time when the this draft guidance was made available for public comment there was new I IEA.
00:10:53.650 --> 00:10:56.880 Lawson-Jenkins, Kim Hey Uhm International Atomic Energy.
00:10:57.710 --> 00:11:01.020 Lawson-Jenkins, Kim Uh agency security guidance on the.
00:11:02.500 --> 00:11:19.900 Lawson-Jenkins, Kim On cyber security so we incorporated that and we also incorporate it. Update had that was regarding the Commission. There's a direction to regarding balance of plant equipment that this equipment is.
00:11:20.170 --> 00:11:23.260 Lawson-Jenkins, Kim Uhm subject to the cyber security rule.
00:11:23.950 --> 00:11:25.740 Lawson-Jenkins, Kim And and nuclear power plants.
00:11:30.490 --> 00:11:32.780 Lawson-Jenkins, Kim So after that pause and dumb.
00:11:33.580 --> 00:11:48.020 Lawson-Jenkins, Kim After the public comment period in 2018. We resumed work on the document at 20:20 and we added.
Some additional information regarding it really new information regarding risk informed cyber security.
00:11:49.240 --> 00:12:03.050 Lawson-Jenkins, Kim One of the huge lesson learned through the full implementation inspections in the original milestone, one through 7 inspection or what's the need for accurate assessments of the?
00:12:03.770 --> 00:12:08.190 Lawson-Jenkins, Kim Critical digital assets that the assessments should.
00:12:09.270 --> 00:12:28.290 Lawson-Jenkins, Kim Basically, they really should reflect the current security posture of that device so we included a lot of information in the updated guidance regarding how to maintain an accurate view of the security posture of CD 's.
00:12:29.760 --> 00:12:36.850 Lawson-Jenkins, Kim Even within the last 3 years, there's been new international guidance as standards and NIST had another revision of.
00:12:37.180 --> 00:13:03.230 Lawson-Jenkins, Kim A special product 853, so we incorporated that into this guidance. We addressed the public comments
that we did receive in 2018 and in 2021. We had 2 brief and in RC staff had 2 briefs with the Advisory Committee on reactor safeguards and they provided comments to us and we 00:13:04.670 --> 00:13:09.170 Lawson-Jenkins, Kim responded to those comments and included some updates in the guidance.
00:13:13.840 --> 00:13:15.870 Lawson-Jenkins, Kim I'm going to give a brief overview of all the.
00:13:16.910 --> 00:13:20.170 Lawson-Jenkins, Kim The changes and as Jim said this was.
00:13:20.870 --> 00:13:23.360 Lawson-Jenkins, Kim There were significant changes throughout the document.
00:13:24.920 --> 00:13:27.290 Lawson-Jenkins, Kim And it's really hard to come.
00:13:28.250 --> 00:13:51.470 Lawson-Jenkins, Kim Give a lot of details in the in a a brief today, so the strategy is to let everyone see document with emphasis on what we're speaking about today at the point issues that we addressed and you can look at the details and once you see the document of how we address them and then like I said, We'll have another public meeting a month from now to discuss these changes in more detail.
00:13:52.430 --> 00:13:54.430 Lawson-Jenkins, Kim K UM section.
00:13:55.150 --> 00:13:56.390 Lawson-Jenkins, Kim 3 of the document.
00:13:57.140 --> 00:14:17.990 Lawson-Jenkins, Kim Yeah has to do with this staff regulatory position on staff regulatory guidance for the document so at the beginning of the document. We discussed risk informed cyber security, we discussed the information regarding the balance of plant asset identification.
00:14:18.660 --> 00:14:33.770 Lawson-Jenkins, Kim And we added some decision points and identifying CDs, which includes identifying pathways functions anything that can affect critical functions that are plant.
00:14:35.270 --> 00:14:56.010 Lawson-Jenkins, Kim We updated the defense in depth protective strategies. We updated text regarding the defensive architecture, which is very important important for protecting functions? How to address vulnerabilities and how to minimize the tax services at pathways, these terms.
00:14:56.690 --> 00:15:06.230 Lawson-Jenkins, Kim Attack surfaces at pathways when there were not used in the original guidance, but it's very standard now when discussing cybersecurity protections.
00:15:07.680 --> 00:15:10.020 Lawson-Jenkins, Kim Uhm Section 3 dot 3.
00:15:10.740 --> 00:15:21.700 Lawson-Jenkins, Kim Yeah, we discussed the use of alternate controls and also clarify the use of consequence based graded approach approaches for applying security controls.
00:15:23.200 --> 00:15:37.970 Lawson-Jenkins, Kim Based on the discussions with the acrs. We added text stating that technical controls that are implemented in a cyber security plan can be incorporated during the design certification process.
00:15:40.750 --> 00:15:47.280 Lawson-Jenkins, Kim Because from the lessons learned that we saw a lot of UM quite a few.
00:15:48.270 --> 00:15:50.490 Lawson-Jenkins, Kim Alter the controls were used for technical.
00:15:51.130 --> 00:16:00.380 Lawson-Jenkins, Kim Controls that would normally be implemented. We added text to clarify the purpose of various families of technical security controls.
00:16:01.620 --> 00:16:09.380 Lawson-Jenkins, Kim And also we added a text to discuss the new so I could security cyber event notification rule.
00:16:14.870 --> 00:16:17.000 Lawson-Jenkins, Kim Uh we updated a reference to.
00:16:17.050 --> 00:16:24.640 Lawson-Jenkins, Kim To read guides, one dot 152, which is the criteria for use.
00:16:25.370 --> 00:16:30.360 Lawson-Jenkins, Kim Of our computers and safety systems and nuclear power plants.
00:16:31.950 --> 00:16:37.210 Lawson-Jenkins, Kim We met today with specifically because it was of concern to important concerning to the acrs.
00:16:38.390 --> 00:16:39.190 Lawson-Jenkins, Kim We.
00:16:40.260 --> 00:16:54.580 Lawson-Jenkins, Kim Update the section that had to do with continuous monitoring. UM other than example. Some more examples and have it. We are added. The discussion of anomaly detection, which really was not addressed in the original guidance.
00:16:55.640 --> 00:17:00.570 Lawson-Jenkins, Kim In 2018, we added a new section on the use of metrics too.
00:17:01.930 --> 00:17:06.830 Lawson-Jenkins, Kim For if they affect to determine the effectiveness of cyber security plans.
00:17:07.640 --> 00:17:08.720 Lawson-Jenkins, Kim Implementations.
00:17:09.680 --> 00:17:40.450 Lawson-Jenkins, Kim And you can see here for the at the text changes. We made regarding how to have quality assessments for CDA 's we added text all through the document. This is really to emphasize this is not a one time activity that through the life of maintenance of equipment that they assessments should accurately accurately reflect the security posture of that equipment.
00:17:40.960 --> 00:17:45.540 Lawson-Jenkins, Kim That is one of the really the biggest lessons learned that.
00:17:46.240 --> 00:17:47.800 Lawson-Jenkins, Kim If we don't understand.
00:17:48.410 --> 00:18:01.510 Lawson-Jenkins, Kim With the equip the attack surface and the purpose of the equipment in the plant that is. It is difficult to adequately protect that equipment and we made a lot of improvements in this area.
00:18:02.860 --> 00:18:03.410 Lawson-Jenkins, Kim Uhm.
00:18:04.230 --> 00:18:12.050 Lawson-Jenkins, Kim And attendance sorry appendices D&C. We added clarification for all the security control primarily by.
00:18:13.060 --> 00:18:28.810 Lawson-Jenkins, Kim Having done do a little section and every control to say this is the intent of the control, so that when alternate so used to the for the 4 instead of implementing the control in this understood that the alternate shouldn't be Thi intent of the control.
00:18:30.290 --> 00:18:39.990 Lawson-Jenkins, Kim The glossary has a quite a few new terms and definitions and we clarified some terms that were in the original revision and they original version of the document.
00:18:41.400 --> 00:18:43.260 Lawson-Jenkins, Kim Obviously, we update the references.
00:18:44.170 --> 00:19:07.890 Lawson-Jenkins, Kim And throughout the document. We had editorial changes from the office of general counsel from the based on the public comments based on peer reviews, so as Jim said, because of all these changes just delivering a red line version of the document. We would not have been very useful because everything will be red line.
00:19:12.640 --> 00:19:31.220 Lawson-Jenkins, Kim So that was the overview of the main change that we made in the document. A license over the last 10 years. Licensees have implemented cyberspace cyber security programs and they and their C has implemented effective oversight of the licensees cyber security programs.
00:19:32.990 --> 00:19:40.860 Lawson-Jenkins, Kim There are no changes in the staff position in this draft guidance only clarifications and there's only one new regulation.
00:19:41.290 --> 00:19:44.700 Lawson-Jenkins, Kim Uhm 10 CFR 7377.
00:19:46.820 --> 00:20:06.810 Lawson-Jenkins, Kim The document has changed a lot it reflects the lessons learned that from their inspections from the
changes in the CSP implementations. The refinement of them over the past 12 years and it positions.
This document to be used for guidance for future licensees.
00:20:17.710 --> 00:20:31.350 Lawson-Jenkins, Kim This was a really brief presentation is an overview the document. I believe it's almost 160 pages in length. And this code that takes some time for people to go through it, but we are very much looking forward to feedback.
00:20:33.130 --> 00:20:35.850 Lawson-Jenkins, Kim I noticed when I was doing some research for this.
00:20:37.410 --> 00:20:41.840 Lawson-Jenkins, Kim For the some of the presentations, I've been giving recently that.
00:20:42.570 --> 00:20:52.970 Lawson-Jenkins, Kim Uhm a lot of other agencies have been referencing the version of the draft guides that was put out for public comment in 2018.
00:20:54.080 --> 00:21:07.810 Lawson-Jenkins, Kim So there was a real need for us to get updated guidance out because they were not referencing referring to the older document in 2010 and this newer document reflects the current state of the art.
00:21:08.720 --> 00:21:10.950 Lawson-Jenkins, Kim And like I said, and professors for the future.
00:21:12.200 --> 00:21:15.920 Lawson-Jenkins, Kim So we arrive just ended for this with my presentation.
00:21:16.550 --> 00:21:34.580 Lawson-Jenkins, Kim Uhm if we're gonna open the discussion for anyone who's on teams right now. If you would if you in teams. If you look at the top if you could see the the hand or you could raise your hand. We can you can go off a mute and I will change that so that people will be able to speak?
00:21:43.550 --> 00:21:44.050 Lawson-Jenkins, Kim OK.
00:21:46.340 --> 00:21:49.750 Lawson-Jenkins, Kim So people should be able to speak so if you raise your hand.
00:21:50.350 --> 00:21:53.010 Lawson-Jenkins, Kim K and write down.
00:21:52.250 --> 00:21:54.420 Beardsley, Jim It's like Gary Locklear has his hand raised.
00:21:54.230 --> 00:21:57.890 Lawson-Jenkins, Kim Yes, I see it now, please start speaking thank you.
00:22:01.110 --> 00:22:02.250 Lawson-Jenkins, Kim Gary you can start.
00:22:18.170 --> 00:22:19.750 Beardsley, Jim It looks like he's still muted Kim.
00:22:26.840 --> 00:22:29.740 Beardsley, Jim Yeah, it looks like they're all but the presenters are still muted.
00:22:27.110 --> 00:22:27.460 Warner, Dan I've 00:22:28.410 --> 00:22:28.980 LOCKLEAR Gary - (CONTRACTOR AES) - KINECTRICS AES I don't know why.
00:22:31.450 --> 00:22:33.190 Beardsley, Jim Now now your wife were good.
00:22:32.970 --> 00:22:33.650 Warner, Dan you're good Gary.
00:22:32.990 --> 00:22:34.710 LOCKLEAR Gary - (CONTRACTOR AES) - KINECTRICS AES No OK.
00:22:35.640 --> 00:22:40.980 LOCKLEAR Gary - (CONTRACTOR AES) - KINECTRICS AES Uh when general comment is is intent of the changes to be consistent.
00:22:41.610 --> 00:22:49.710 LOCKLEAR Gary - (CONTRACTOR AES) - KINECTRICS AES
Or has considered to be consistent with the revised guidance who was implementation guidance. It was reflected in the.
00:22:50.380 --> 00:22:53.620 LOCKLEAR Gary - (CONTRACTOR AES) - KINECTRICS AES In the white papers that are being incorporated into any I 1004.
00:23:01.630 --> 00:23:02.300 Warner, Dan Your meeting.
00:23:01.810 --> 00:23:02.360 Lawson-Jenkins, Kim Yes.
00:23:03.170 --> 00:23:16.840 Lawson-Jenkins, Kim Yes, the UM the guidance is in alignment with that, if you notice that the white papers with go into a lot of detail about how to identify and protect certain categories of CD 's.
00:23:17.880 --> 00:23:34.190 Lawson-Jenkins, Kim The language in this guide will score the refer to update the guidance. You saw in the timeline that we probably won't have actually have this guy just published until next year in 2023 and the.
00:23:34.970 --> 00:23:47.850 Lawson-Jenkins, Kim Assumption the hope in my my my mind is that the new guidance and those white papers will be and in the I 1310 and in the I 1004 prior to publication.
00:23:48.550 --> 00:23:56.080 Lawson-Jenkins, Kim Of of of this document that this draft of this draft guidance when the regulatory guide is published and we will refer to those documents.
00:23:57.960 --> 00:23:58.450 LOCKLEAR Gary - (CONTRACTOR AES) - KINECTRICS AES OK.
00:23:58.800 --> 00:23:59.100 Lawson-Jenkins, Kim K.
00:24:04.940 --> 00:24:07.930 Lawson-Jenkins, Kim Uh why is that Gary Locklear strangers?
00:24:08.840 --> 00:24:10.580 Lawson-Jenkins, Kim Do you still have another question doors?
00:24:10.230 --> 00:24:10.940 Beardsley, Jim Best regards.
00:24:11.450 --> 00:24:12.910 LOCKLEAR Gary - (CONTRACTOR AES) - KINECTRICS AES No, I just unmuted itself.
00:24:11.850 --> 00:24:12.520 Beardsley, Jim Well, I just got.
00:24:12.920 --> 00:24:13.350 Lawson-Jenkins, Kim OK.
00:24:13.250 --> 00:24:13.950 Beardsley, Jim Stop listening.
00:24:14.450 --> 00:24:15.940 Lawson-Jenkins, Kim Uh Peter, 00:24:16.600 --> 00:24:17.480 Lawson-Jenkins, Kim you have a question.
00:24:17.960 --> 00:24:33.820 Bruley, Peter Yeah, just to follow up with that there were 5 endorsed Addendums to 0809 that came out. Recently, like within the last 3 years is that does this guidance also reflect those endorse dependent.
00:24:34.680 --> 00:24:35.320 Bruley, Peter Changes.
00:24:39.000 --> 00:24:41.040 Lawson-Jenkins, Kim This guy didn't come.
00:24:42.800 --> 00:24:47.760 Lawson-Jenkins, Kim Takes into account the state of the art and some of the the UM.
00:24:49.100 --> 00:24:50.400 Lawson-Jenkins, Kim Some of that information.
00:24:51.380 --> 00:24:54.380 Lawson-Jenkins, Kim Thumb in the eye guidance and the.
00:24:55.090 --> 00:24:58.230 Lawson-Jenkins, Kim Our regulatory guidance is not 100% in alignment.
00:24:59.090 --> 00:24:59.420 Lawson-Jenkins, Kim OK.
00:25:00.720 --> 00:25:25.740 Lawson-Jenkins, Kim There and that was a present part of that presentation was made in 2018 and will show it again. Show it again and add a little bit bored, too right and and in April. We give a presentation. Both guidance whether it's the NEI guidance or the NRC regulatory guides or 2, there are 2 acceptable methods of implementing cybersecurity plans at plants.
00:25:26.430 --> 00:25:33.980 Lawson-Jenkins, Kim Uh if we had new licensees and they want to use part or all of either documents, they could do that.
00:25:34.940 --> 00:25:40.760 Lawson-Jenkins, Kim OK, so we want the documents, the documents are in alignment there's no conflict.
00:25:35.960 --> 00:25:36.840 Beardsley, Jim So we want to.
00:25:41.400 --> 00:25:42.880 Lawson-Jenkins, Kim But they are not identical.
00:25:44.390 --> 00:25:46.760 Beardsley, Jim Kim let me let me clarify one thing Peter.
00:25:46.910 --> 00:26:11.880 Beardsley, Jim Uhm you, you uh stated that the documents were endorsed the documents were not endorsed by undersea. They were accepted for use So what that means is as Kim stated. They are an acceptable way to meet the requirements. There are it. Rigide 571 is another acceptable way to meet the requirements
and if a license. He came up with another way to do it. We would evaluate that and and and you know, evaluate whether or not, that's acceptable as well.
00:26:08.000 --> 00:26:08.360 Lawson-Jenkins, Kim Sorry.
00:26:16.500 --> 00:26:16.840 Bruley, Peter K.
00:26:24.310 --> 00:26:28.560 Lawson-Jenkins, Kim I I don't see any other sorry any other raise hands at this point.
00:26:31.250 --> 00:26:37.330 Lawson-Jenkins, Kim If someone dialed into this public meeting on the telephone can you please?
00:26:38.040 --> 00:26:39.860 Lawson-Jenkins, Kim Uhm I mute yourself.
00:26:40.450 --> 00:26:42.650 Lawson-Jenkins, Kim And identify yourself in your organization.
00:26:46.690 --> 00:26:47.860 Lawson-Jenkins, Kim If you have any comments.
00:26:56.810 --> 00:27:01.690 Lawson-Jenkins, Kim Rich rich right you waste your hand again, yeah, rich MacGyver over any I.
00:27:02.380 --> 00:27:04.360 Lawson-Jenkins, Kim Do you wanna go on and speak thank you.
00:27:02.810 --> 00:27:03.330 MOGAVERO, Richard I can.
00:27:04.100 --> 00:27:13.250 MOGAVERO, Richard Yeah, hi. Ken thanks for the opportunity to speak. Rich Micawber from nuclear Energy Institute. You know based on the significant amount of changes throughout the entire document.
00:27:13.440 --> 00:27:16.600 MOGAVERO, Richard Uh you know as an industry we may be looking at.
00:27:17.900 --> 00:27:34.560 MOGAVERO, Richard Further discussion with the NRC about the 60 day comment period and if there's an opportunity to extend that out for the industry to take a look at those significant changes against the current plan that's in place to make sure that there's no no major deltas for one that the current operating.
00:27:36.320 --> 00:27:45.000 MOGAVERO, Richard Fleet as well as future stations that maybe maybe part of the advanced reactor fleet in the future. That's my statement, Kim just a thought for consideration.
00:27:47.470 --> 00:27:51.120 Lawson-Jenkins, Kim I appreciate your comment rich we will be speaking again.
00:27:51.630 --> 00:27:58.580 Lawson-Jenkins, Kim I love you and I will probably be on the same panel where we had the meeting and uh April and I'm sure that comment will be addressed.
00:28:02.740 --> 00:28:05.370 Lawson-Jenkins, Kim Are there any other comments today?
00:28:08.220 --> 00:28:16.350 Lawson-Jenkins, Kim Uh once again probably within the next week, they will probably be Oh, Gary Locke Dealer Locklear again.
00:28:17.530 --> 00:28:18.570 Lawson-Jenkins, Kim Please go on and speak.
00:28:20.060 --> 00:28:25.720 LOCKLEAR Gary - (CONTRACTOR AES) - KINECTRICS AES Yeah, I guess since no one had any other comments. I have uh a broad general comment other than the question I had.
00:28:26.810 --> 00:28:28.460 LOCKLEAR Gary - (CONTRACTOR AES) - KINECTRICS AES I think it's critical.
00:28:29.090 --> 00:28:32.890 LOCKLEAR Gary - (CONTRACTOR AES) - KINECTRICS AES The terms in their use or consistent.
00:28:33.750 --> 00:28:34.890 LOCKLEAR Gary - (CONTRACTOR AES) - KINECTRICS AES That throughout the document.
00:28:36.060 --> 00:28:39.670 LOCKLEAR Gary - (CONTRACTOR AES) - KINECTRICS AES To avoid confusion with the users in the long run.
00:28:40.430 --> 00:28:43.620 LOCKLEAR Gary - (CONTRACTOR AES) - KINECTRICS AES Something as simple as the word safety versus safety related.
00:28:45.910 --> 00:28:49.730 LOCKLEAR Gary - (CONTRACTOR AES) - KINECTRICS AES We don't have a really a definition for safety, but we do have a definition of safety related.
00:28:50.580 --> 00:29:00.630 LOCKLEAR Gary - (CONTRACTOR AES) - KINECTRICS AES So that's a simple example. But token consistent usage terms. We use the word adverse impact in some places. It's it's it's communicated one way another place somewhere else.
00:29:01.270 --> 00:29:10.140 LOCKLEAR Gary - (CONTRACTOR AES) - KINECTRICS AES So those kind of thing to consistency is really important to avoid confusion. That's that's a general comment. I have overall and all have specific comments which I'll submit later.
00:29:12.920 --> 00:29:13.400 LOCKLEAR Gary - (CONTRACTOR AES) - KINECTRICS AES Thank you.
00:29:13.640 --> 00:29:25.430 Lawson-Jenkins, Kim OK, thank you Gary and once again when you submit comments and I. We do look forward to receiving those comments. If you can maybe to notes Texans specifically where you see.
00:29:27.360 --> 00:29:42.000 Lawson-Jenkins, Kim Confusing or or we, we, we didn't clear that would be very helpful. But general comments or a grade.
But at the same time, if you see specific instances of where there might be in this consistency that would be a very valuable comment.
00:29:45.240 --> 00:29:52.290 Lawson-Jenkins, Kim OK, I I know this meeting was not 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> long, but we wanted to make sure that everyone understood that the.
00:29:52.940 --> 00:29:58.370 Lawson-Jenkins, Kim The draft guidance is available for comment right now and 2, we look forward to.
00:29:58.420 --> 00:30:16.770 Lawson-Jenkins, Kim You are having you participate in the next public meeting, which will be in early April, like as I was going to say that the public notice for that meeting will probably be published within a week or 10 days. Once we get an agreement on the time and date from other stakeholders.
00:30:18.500 --> 00:30:24.540 Lawson-Jenkins, Kim So once again if you have any comments about this meeting in general, you can come.
00:30:25.590 --> 00:30:29.220 Lawson-Jenkins, Kim Submit form in Dorothy Form 659.
00:30:30.340 --> 00:30:45.520 Lawson-Jenkins, Kim Please use the information@regulationswww.regulations.gov to submit formal comments for the guide and we look forward to receiving those comments and for the the next public meeting.
00:30:46.560 --> 00:30:48.760 Lawson-Jenkins, Kim Thank you very much for participating today.
00:30:50.500 --> 00:30:51.870 Lawson-Jenkins, Kim Now the meeting is adjourned.