Letter Sequence Other |
|---|
EPID:L-2019-NEW-0004, Shine Medical Technologies, LLC Application for an Operating License (Approved, Closed) |
Initiation
- Request, Request, Request, Request, Request, Request, Request, Request, Request, Request, Request, Request, Request, Request, Request, Request
- Acceptance, Acceptance
- Supplement, Supplement, Supplement, Supplement, Supplement, Supplement, Supplement, Supplement, Supplement, Supplement, Supplement, Supplement
Results
Other: ML19235A308, ML19324F963, ML20057F950, ML20114E315, ML20126G523, ML20226A262, ML21029A103, ML21053A261, ML21089A228, ML21089A334, ML21096A250, ML21130A314, ML21145A060, ML21161A115, ML21209A997, ML21210A438, ML22042A018, ML22075A331, ML22075A336, ML22095A067, ML22124A073, ML22125A040, ML22152A108, ML22187A134, ML22206A208, ML22216A112, ML22220A261, ML22308A233, ML22322A212, ML22322A223, ML22347A177, ML22347A214, ML22348A067, ML22348A070, ML22348A072, ML23006A185
|
MONTHYEARML19211C0442019-07-17017 July 2019
Shine Medical Technologies, LLC Application for an Operating License
Project stage: Request
ML19211C1432019-07-17017 July 2019
Shine Medical Technologies, LLC Application for an Operating License
Project stage: Request
ML19235A3082019-09-0505 September 2019
Shine Medical Technologies, LLC - Cover Letter for Notice of Receipt and Availability of Operating License Application
Project stage: Other
ML19276D4112019-10-0808 October 2019
Shine Medical Technologies, LLC - Acceptance for Docketing Letter
Project stage: Acceptance Review
ML19276D4092019-10-0808 October 2019
Shine Medical Technologies, LLC - Operating License Application Acceptance Review Results
Project stage: Request
ML19276D4102019-10-0808 October 2019
Shine Medical Technologies, LLC - Acceptance for Docketing Federal Register Notice
Project stage: Acceptance Review
ML19337A2752019-11-14014 November 2019
Shine Medical Technologies, LLC Supplement 1 to Final Safety Analysis Report
Project stage: Request
ML19353C6872019-12-19019 December 2019
Environmental Site Audit Regarding Shine Medical Technologies, LLC - Proposed Medical Isotope Production Facility
Project stage: Request
ML19324F9622020-01-0202 January 2020, 6 January 2020
Shine Medical Technologies, LLC - Notice of Opportunity for Hearing and Petition for Leave to Intervene
Project stage: Request
ML19324F9632020-01-0202 January 2020
Shine Medical Technologies, LLC - Cover Letter for Notice of Opportunity for Hearing and Petition for Leave to Intervene
Project stage: Other
ML20057F9502020-03-0606 March 2020
Shine Medical Technologies, LLC - Instrumentation and Control Regulatory Audit Plan
Project stage: Other
ML20105A2952020-03-27027 March 2020
Shine Medical Technologies, LLC, Supplement 2 to License Application, Rev.2 to Final Safety Analysis Report
Project stage: Supplement
ML20114E3152020-04-30030 April 2020
Shine Medical Technologies, LLC - Operating License Application Technical Review Schedule
Project stage: Other
ML20126G5232020-05-0707 May 2020
Shine Medical Technologies, LLC - Regulatory Audit Plan Related to Electrical Power Systems
Project stage: Other
ML20226A2622020-08-14014 August 2020
Shine Medical Technologies, LLC - Accident Analysis and Criticality Safety Audit Plan
Project stage: Other
ML20255A0272020-08-28028 August 2020
Shine Medical Technologies, LLC Operating License Application Response to Request for Additional Information and Supplement No. 3
Project stage: Supplement
ML21309A0192020-10-16016 October 2020
Shine Medical Technologies, LLC - Request for Additional Information Related to Chapters 2, 3, and 8
Project stage: RAI
ML20311A1242020-10-30030 October 2020
Shine Medical Technologies, LLC, Operating License Application Supplement No. 4 Submittal of a Revision to the Shine Physical Security Plan
Project stage: Supplement
ML21309A0232020-11-10010 November 2020
Shine Medical Technologies, LLC - Request for Additional Information Related to Chapters 6 and 13
Project stage: RAI
ML20325A0262020-11-13013 November 2020
Submittal of a Mark-Up to the Draft NRG-Proposed SHINE-Specific Security Measures
Project stage: Request
ML20357A0862020-12-10010 December 2020
Enclosure 1 - Final Safety Analysis Report Change Summary
Project stage: Request
ML21011A2242020-12-15015 December 2020
Shine Medical Technologies, LLC - Operating License Application Supplement No. 6 and Response to Request for Additional Information
Project stage: Supplement
ML20352A2252020-12-18018 December 2020
Shine Environmental RAIs - Cumulative Impacts
Project stage: RAI
ML21309A0442021-01-27027 January 2021
Shine Medical Technologies, LLC - Request for Additional Information Related to Chapters 9 and 11
Project stage: RAI
ML21019A1592021-01-27027 January 2021
Public Meeting Summary January 12 2021
Project stage: Meeting
ML21029A1032021-01-29029 January 2021
Enclosure 1 - Response to Final Safety Analysis Report Chapters 2, 3, and 8 Requests for Additional Information
Project stage: Other
ML21029A1022021-01-29029 January 2021
Shine Medical Technologies, LLC Operating License Application Response to Request for Additional Information
Project stage: Response to RAI
ML21029A0382021-01-29029 January 2021
Request for Exemption from Criticality Accident Alarm System Monitoring Requirements for the Shine Irradiation Unit Cells and Material Staging Building
Project stage: Request
ML21057A0052021-02-26026 February 2021
Shine Medical Technologies. LLC Application for an Operating License Commitment Change Related to the Submission of a Revision to the Technical Specifications
Project stage: Request
ML21053A2612021-03-11011 March 2021
Shine Medical Technologies - Geotechnical Audit Plan
Project stage: Other
ML21075A0122021-03-16016 March 2021
Shine Medical Technologies, LLC - Application for an Operating License, Revision 1 of Shine Response to Request for Additional Information 2.4-1
Project stage: Response to RAI
ML21095A2142021-03-23023 March 2021
Shine Medical Technologies, LLC, Revisions to Final Safety Analysis Report, Chapter 6, Engineered Safety Features
Project stage: Request
ML21095A2222021-03-23023 March 2021
Shine Medical Technologies, LLC, Revisions to Final Safety Analysis Report, Chapter 5, Cooling Systems
Project stage: Request
ML21095A2292021-03-23023 March 2021
Shine Medical Technologies, LLC, Response to Request for Additional Information and Supplement No. 7
Project stage: Supplement
ML21095A2352021-03-23023 March 2021
Shine Medical Technologies, LLC, Cover Letter for Response to Request Tor Additional Information and Supplement No. 7
Project stage: Supplement
ML21089A3342021-04-0707 April 2021
Shine Medical Technologies, LLC - Summary of Audit Related to Geotechnical Topics
Project stage: Other
ML21089A0012021-04-0808 April 2021
Shine Medical Technologies, LLC - Request for Additional Information Related to Meteorological Data, Cooling Systems, and Physical Security
Project stage: RAI
ML21096A2502021-04-0808 April 2021
Shine Medical Technologies - Fire Protection Audit Plan
Project stage: Other
ML21106A1362021-04-16016 April 2021
Shine Medical Technologies, LLC Application for an Operating License Revision 1 of Shine Response to Request for Additional Information 3.4-6
Project stage: Response to RAI
ML21089A2282021-04-21021 April 2021
Shine Medical Technologies, LLC - Physical Security Plan Audit Summary
Project stage: Other
ML21130A3132021-05-12012 May 2021
Shine Medical Technologies, LLC - Instrumentation and Control Systems Audit Topics Enclosure 2
Project stage: Request
ML21130A3142021-05-12012 May 2021
Shine Medical Technologies, LLC - Instrumentation and Control Systems Audit Plan
Project stage: Other
ML21145A0602021-06-0202 June 2021
Shine Medical Technologies - Ch 6 8 13 and Exemption RAI
Project stage: Other
ML21161A1162021-06-10010 June 2021
Shine Medical Technologies, LLC - Cyber Security Audit Plan W/ 2 Encl
Project stage: Request
ML21161A1152021-06-10010 June 2021
Shine Medical Tech Ltr - Cyber Security Audit Plan Enclosure 1
Project stage: Other
ML21162A3182021-07-0101 July 2021
Shine Medical Technologies, LLC - Request for Additional Information Related to Fire Protection
Project stage: RAI
ML21172A1952021-07-0101 July 2021
Shine Medical Technologies, LLC - Request for Additional Information Related to Instrumentation and Control Systems
Project stage: RAI
ML21208A1352021-07-27027 July 2021
Shine Medical Technologies, LLC Application for an Operating License Response to Request for Additional Information
Project stage: Response to RAI
ML21209A9972021-08-0303 August 2021
Shine Medical Technologies, LLC - Update to Operating License Application Technical Review Schedule
Project stage: Other
ML21210A4382021-08-13013 August 2021
Shine Medical Technologies, LLC - Cyber Security RAI
Project stage: Other
2020-08-14
[Table View] |
|
|---|
Category:Audit Report
MONTHYEARML22287A1852023-02-0101 February 2023
Shine Technologies, LLC Regulatory Report on the Audit of Phased Startup Operations Application Supplement
ML22308A2332023-01-0909 January 2023
Shine Technologies LLC - Regulatory Audit Report for Chapter 8 - Irradiation Facility and Radioisotope Production Facility Electrical Power Systems
ML22347A2142023-01-0404 January 2023
Shine Technologies LLC - Regulatory Audit Report for I&C Combined Sessions
ML22347A1772022-12-14014 December 2022
Shine Technologies LLC - Regulatory Audit Report for Programmable Logic Lifecycle
ML22301A1492022-12-0707 December 2022
Shine Technologies, LLC - Regulatory Audit Report for Chapter 13 - Accident Analysis and Criticality Safety
ML22322A2232022-12-0202 December 2022
Shine Medical Technologies - Fire Protection Audit Summary Report
ML22322A2122022-12-0202 December 2022
Shine Medical Technologies - Cybersecurity Audit Summary Report
ML22220A2612022-09-12012 September 2022
Shine Technologies LLC - Regulatory Report on the Audit Chapter 14, Technical Specifications
ML22124A0732022-05-18018 May 2022
Shine Medical Technologies LLC - Summary of Audit Related to Human Factors Engineering
ML22075A3312022-03-23023 March 2022
Shine Medical Technologies, LLC - Regulatory Audit of Instrumentation and Control Systems Described in Operating License Application, Session 2
ML21137A3402021-05-25025 May 2021
Shine - Hfe Audit Topics
ML21089A2282021-04-21021 April 2021
Shine Medical Technologies, LLC - Physical Security Plan Audit Summary
ML20202A6092020-06-29029 June 2020
Shine Medical Technologies, LLC - Draft Fire Protection Audit Topic
2023-02-01
[Table view]
Category:Letter
MONTHYEARML23229A0202023-08-17017 August 2023
Periodic Report Required by the License Conditions in Section 3.D.(1) of CPMIF-001
ML23087A2272023-05-0505 May 2023
Shine Technologies, LLC - Issuance of Amendment No. 4 to Construction Permit No. CPMIF-001 for the Receipt and Possession of Contained Special Nuclear Material
ML23086C0502023-04-27027 April 2023
Shine Technologies, LLC - Letter, Environmental Assessment and Finding of No Significant Impact
ML23088A3382023-04-0505 April 2023
Shine Technologies, LLC - Review of the Physical Security Plan in Support of an Operating License for a Medical Radioisotope Production Facility
ML23010A1982023-02-24024 February 2023
Shine Technologies, LLC - Letter: Safety Evaluation Report for the Shine Medical Radioisotope Production Facility Operating License Application
ML23048A2442023-02-17017 February 2023
Shine Technologies, LLC Request to Amend Construction Permit No. CPMIF-001 Response to Request for Additional Information
ML23034A1872023-02-0303 February 2023
Shine Medical Technologies, LLC Notice of Availability of Environmental Impact Statement Supplement Related to the Operating License for the Shine Medical Isotope Production Facility (Docket Number: 50-608)
ML23010A2382023-02-0303 February 2023
Shine Technologies, LLC - Individual Notice of Consideration FRN Letter
ML23023A0942023-02-0202 February 2023
Notice of Availability of the Environmental Impact Statement Supplement Related to the Operating License for the Shine Medical Isotope Production Facility
ML23023A0922023-02-0202 February 2023
Notice of Availability of the Environmental Impact Statement Supplement Related to the Operating License for the Shine Medical Isotope Production Facility
ML23023A0862023-02-0202 February 2023
Notice of Availability of the Environmental Impact Statement Supplement Related to the Operating License for the Shine Medical Isotope Production Facility
ML23024A1682023-02-0101 February 2023
Letter to Ken Westlake, EPA Region 5 - Issuance of Final EIS Supplement Related to the Operating License
ML23024A1742023-02-0101 February 2023
Dr. Gregory Piefer, Chief Executive Officer - Issuance of Final EIS Supplement Related to the Operating License
ML22287A1852023-02-0101 February 2023
Shine Technologies, LLC Regulatory Report on the Audit of Phased Startup Operations Application Supplement
ML22308A2332023-01-0909 January 2023
Shine Technologies LLC - Regulatory Audit Report for Chapter 8 - Irradiation Facility and Radioisotope Production Facility Electrical Power Systems
ML22347A2142023-01-0404 January 2023
Shine Technologies LLC - Regulatory Audit Report for I&C Combined Sessions
ML22356A1932022-12-22022 December 2022
Shine Technologies, LLC Application for an Operating License - Response to Request for Confirmatory Information
ML22347A1772022-12-14014 December 2022
Shine Technologies LLC - Regulatory Audit Report for Programmable Logic Lifecycle
ML22301A1492022-12-0707 December 2022
Shine Technologies, LLC - Regulatory Audit Report for Chapter 13 - Accident Analysis and Criticality Safety
ML22322A2122022-12-0202 December 2022
Shine Medical Technologies - Cybersecurity Audit Summary Report
ML22322A2232022-12-0202 December 2022
Shine Medical Technologies - Fire Protection Audit Summary Report
ML22348A0672022-12-0101 December 2022
Shine Technologies, LLC - Request for Confirmatory Information Related to Instrumentation and Control Systems
ML22335A5722022-12-0101 December 2022
Shine Technologies, LLC Application for an Operating License Response to Request for Confirmatory Information
ML22292A3192022-11-30030 November 2022
Shine Medical Technologies, LLC Issuance of Order and Amendment No. 3 to Construction Permit No. CPMIF-001
ML22318A1782022-11-14014 November 2022
Shine Technologies, LLC Application for an Operating License Response to Request for Confirmatory Information
ML22304A1262022-10-31031 October 2022
Shine Technologies, LLC Application for an Operating License Response to Request for Confirmatory Information
ML22279A9512022-10-0606 October 2022
Shine Technologies, LLC Request to Amend Construction Permit No. CPMIF-001
ML22271A9632022-09-28028 September 2022
Shine Technologies, LLC Application for an Operating License Supplement No. 31 Revision to the Phased Startup Operations Application Supplement
ML22263A3442022-09-20020 September 2022
Shine Technologies, LLC Application for an Operating License - Response to Request for Additional Information
ML22263A0272022-09-19019 September 2022
Shine Technologies, LLC - Application for an Operating License - Response to Request for Confirmatory Information
ML22220A2612022-09-12012 September 2022
Shine Technologies LLC - Regulatory Report on the Audit Chapter 14, Technical Specifications
ML22251A3272022-09-0808 September 2022
Shine Technologies, LLC Application for an Operating License Revision 1 of Shine Response to Requests for Additional Information 7-38, 7-40, and 7-48
ML22249A1252022-08-31031 August 2022
Shine Technologies, LLC Final Safety Analysis Report - Application for an Operating License Supplement No. 30, Cover Letter
ML22105A1102022-08-26026 August 2022
Shine Medical Technologies LLC - Request for Additional Information Related to the OGC Review of Phrase Approach
ML22061A2122022-08-24024 August 2022
Shine Medical Technologies LLC - Regulatory Audit Plan for Phased Approach - Session 1
ML22213A0492022-08-0101 August 2022
Shine Technologies, LLC Application for an Operating License Response to Request for Confirmatory Information
ML22187A1342022-08-0101 August 2022
Shine Technologies, LLC - Update to Operating License Application Technical Review Schedule
ML22206A2082022-07-27027 July 2022
Shine Medical Technologies, LLC - Request for Confirmatory Information Related to Radiation Protection Program and Waste Management
ML22207A0062022-07-26026 July 2022
Shine Technologies, LLC Application for an Operating License Supplement No. 29
ML22202A4492022-07-21021 July 2022
Shine Technologies, LLC Operating License Application Supplement No. 28 - Submittal of a Revision to the Shine Emergency Plan
ML22188A2412022-07-14014 July 2022
Meeting with Shine Medical Technologies, LLC (EPID No. L-2019-NEW-0004), to Discuss Development of Shine'S Cybersecurity Program for It'S Medical Isotope Production Facility
ML22175A0392022-07-11011 July 2022
Letter to Reid Nelson, Achp Notice of Availability and Request for Comments on the Draft EIS Supplement Related to the Operating License for the Shine Facility
ML22175A0542022-07-0808 July 2022
Letter to Gregory Piefer - Notice of Availability of the Draft EIS Supplement Related to the Operating License for the Shine Medical Isotope Production Facility
ML22175A0912022-07-0808 July 2022
Notice of Availability and Request for Comments on the Draft Environmental Impact Statement Supplement Related to the Operating License for the Shine (Multiple Tribal Letters)
ML22175A0772022-07-0808 July 2022
Letter to Daina Penkiunas - Notice of Availability and Request for Comments on the Draft EIS Supplement Related to the Operating License for the Shine Facility
ML22175A0632022-07-0808 July 2022
Letter to Ken Westlake, EPA Region 5 - Notice of Availability and Request for Comments on the Draft EIS Supplement Related to the Operating License for the Shine Facility
ML22188A1942022-07-0707 July 2022
Shine Technologies, LLC, Application for an Operating License Supplement No. 27
ML22188A0562022-07-0707 July 2022
Shine Technologies, LLC Operating License Application Supplement No. 26 Submittal of a Revision to the Shine Material Control and Accounting Plan
ML22223A0662022-07-0606 July 2022
Shine Technologies, LLC, Application for an Operating License, Revision 1 of the Response to Requests for Additional Information Related to Cyber Security
ML22175A0742022-07-0101 July 2022
Letter to Mary Buelow Maintenance of Reference Materials at the Hedberg Public Library for the Environmental Review of Shine Medical Technologies, LLC Operating License Application
2023-08-17
[Table view] |
Text
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 December 2, 2022 Dr. Gregory Piefer, Chief Executive Officer SHINE Medical Technologies, LLC 101 East Milwaukee Street, Suite 600 Janesville, WI 53545
SUBJECT:
SHINE MEDICAL TECHNOLOGIES, LLC -
SUMMARY
OF REGULATORY AUDIT OF CYBERSECURITY TOPICS RELATED TO SHINE OPERATING LICENSE APPLICATION (EPID NO. L-2019-NEW-0004)
Dear Dr. Piefer:
By letter dated July 17, 2019 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML19211C044), as supplemented by letters dated November 14, 2019 (ML19337A275), March 27, 2020 (ML20105A295), August 28, 2020 (ML20255A027),
November 13, 2020 (ML20325A026), December 10, 2020 (ML20357A084), and December 15, 2020 (ML21011A264), SHINE Medical Technologies, LLC (SHINE) submitted to the U.S. Nuclear Regulatory Commission (NRC) an operating license application for its proposed SHINE Medical Isotope Production Facility in accordance with the requirements contained in Title 10 of the Code of Federal Regulations Part 50, Domestic Licensing of Production and Utilization Facilities.
To enhance its review of cybersecurity topics described in SHINEs operating license application, the NRC staff conducted a virtual regulatory audit on June 15, 2021. The NRC staff performed its audit in accordance with the regulatory audit plan provided to the licensee by letter dated June 10, 2021 (ML21161A116). A summary of the regulatory audit is enclosed.
The audit report does not make any licensing conclusions or findings, but it is part of the administrative record of the NRC staffs review of the application and may provide information supporting the NRC staffs safety evaluation.
G. Piefer If SHINE has any questions, please contact me at (301) 415-2856, or by electronic mail at Michael.Balazik@nrc.gov.
Sincerely, Hardesty, Duane signing on behalf of Balazik, Michael on 12/02/22 Michael F. Balazik, Project Manager Non-Power Production and Utilization Facility Licensing Branch Division of Advanced Reactors and Non-Power Production and Utilization Facilities Office of Nuclear Reactor Regulation Docket No. 50-608 Construction Permit No. CPMIF-001
Enclosure:
Regulatory Audit Summary cc: See next page
SHINE Medical Technologies, LLC Docket No. 50-608 cc:
Jeff Bartelme Licensing Manager SHINE Technologies, LLC 3400 Innovation Court Janesville, WI 53546 Nathan Schleifer General Counsel SHINE Technologies, LLC 3400 Innovation Court Janesville, WI 53546 Christopher Landers Director, Office of Conversion National Nuclear Security Administration, NA 23 U.S. Department of Energy 1000 Independence Ave SW Washington, DC 20585 Mark Paulson, Supervisor Radiation Protection Section Wisconsin Department of Health Services P.O. Box 2659 Madison, WI 53701-2659 Test, Research and Training Reactor Newsletter Attention: Amber Johnson Dept of Materials Science and Engineering University of Maryland 4418 Stadium Drive College Park, MD 20742-2115 Mark Freitag City Manager P.O. Box 5005 Janesville, WI 53547-5005 Bill McCoy 1326 Putnam Avenue Janesville, WI 53546 Alfred Lembrich 541 Miller Avenue Janesville, WI 53548
ML22322A212 NRR-106 OFFICE NRR/DANU/PM NSIR/DPCP/BC NRR/DANU/BC NRR/DANU/PM NAME MBalazik BYip HCruz for (DHardesty for)
JBorromeo MBalazik DATE 11/18/2022 12/1/2022 12/2/2022 12/2/2022 OFFICE OF NUCLEAR SECURITY AND INCIDENT RESPONSE REGULATORY AUDIT TOPICS
SUMMARY
REPORT REGARDING CYBERSECURITY DESCRIBED IN SHINE OPERATING LICENSE APPLICATION SHINE TECHNOLOGIES, LLC DOCKET NO. 50-608
1.0 BACKGROUND
The U.S. Nuclear Regulatory Commission (NRC) staff is continuing its review of the SHINE Medical Technologies, LLC (SHINE) operating license application, submitted July 17, 2019 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML19211C044), as supplemented by letters dated November 14, 2019 (ML19337A275),
March 27, 2020 (ML20105A295), August 28, 2020 (ML20255A027), November 13, 2020 (ML20325A026), December 10, 2020 (ML20357A084), and December 15, 2020 (ML21011A264). This regulatory audit is intended to assist the NRC staff in its review of cybersecurity topics described in the SHINE final safety analysis report (FSAR), submitted as part of SHINEs operating license application.
The NRC staff performed its audit in accordance with the regulatory audit plan provided to the licensee by letter dated June 10, 2021 (ML21161A116). The purpose of this regulatory was to review additional information necessary in determining that a reasonable assurance of adequate protection of public health and safety exist, that applicable regulatory requirements are met, and to identify information that requires docketing to support a regulatory finding regarding cybersecurity protection.
The audit entrance meeting was held on June 15, 2021, via teleconference. The audit included the NRC staffs review of docketed and non-docketed information via the SHINE electronic reading room (ERR) and teleconferences with SHINE.
Following the audit and prior to the issuance of this report, the NRC issued request for additional information (RAI) on August 13, 2021 (ML21210A438), as discussed in more detail below. On November 11, 2021 (ML21315A003) and July 7, 2022 (ML22223A065), SHINE submitted responses to these RAIs.
2.0 REGULATORY BASIS Regulatory Basis Paragraph (b) of 10 CFR 50.34, Contents of applications; technical information, states, in part, that [t]he final safety analysis report [FSAR] shall include information that describes the facility, presents the design bases and the limits on its operation, and presents a safety analysis of the structures, systems, and components and of the facility as a whole.
Enclosure
Paragraph (d) of 10 CFR 73.67, Licensee fixed site and in-transit requirements for the physical protection of special nuclear material of moderate and low strategic significance, includes requirements for fixed sites to control access to special nuclear material of moderate strategic significance.
Paragraph (a)(6) of 10 CFR 50.57, Issuance of operating license, states that an operating license may be issued upon finding, in part, that [t]he issuance of the license will not be inimical to the common defense and security or to the health and safety of the public.
3.0 AUDIT LOCATION AND DATES The audit was conducted via SHINEs ERR and a teleconference bridge Dates: June 15, 2021 Locations: SHINE ERR 4.0 NRC AUDIT TEAM MEMBERS Steven Lynch, Senior Project Manager Dan Warner, IT Specialist (Cyber)
Kim Lawson-Jenkins, IT Specialist (Cyber) 5.0 APPLICANT PARTICIPANTS Jeff Bartelme, SHINE Medical Technologies, LLC et al.
6.0 DESCRIPTION
OF AUDIT ACTIVITIES AND
SUMMARY
OF OBSERVATIONS The following information, as listed in the audit plan dated June 10, 2021 (ML21161A116), was reviewed, and discussed with the licensee:
Audit Topic 1 FSAR Sections 7.4.2.2.1 and 7.5.2.2.1 include criteria to prevent unauthorized physical and electronic access to CDAs [critical digital assets] in safety systems during the operational phase and during transition from development to operations. Section 7.4.5.3.2, Cyber Security Design Features, of the SHINE FSAR provides a description of the SHINE cybersecurity design for the safety systems, including references to the defensive system architecture, communication via one-way isolated channels, requirements for use of a maintenance workstation, and no remote access capabilities.
The NRC staffs observations:
Safety systems will be isolated and maintained within key locked cabinets in the facility control room through two levels of security, the facility access control and then the control room itself.
Control room is continuously manned.
Architecture: Limited ways to access the control system, need to use the maintenance workstation within the facility to access the programming and make changes, also need to use the rock creek architecture for the system to recognize the changes.
Criterion 2 for TRPS [target solution vessel reactivity protection system] and ESFAS
[engineered safety features actuation system] address the security controls for the systems.
No portable media access, no wired access outside of the facility.
Configuration control process used to address the future changes to the program.
Maintenance workstation is a chassis mounted touch screen computer mounted in a cabinet.
Hardwired through a cut wire switch into the control systems that needs to be activated to allow connection to the control system and then it is disabled once the changes are made. Any updates are handled through the engineering change process.
Board has to physically be removed to make any changes to the field programmable gate array (FPGA) logic. Uses something similar to a hashing function to verify changes to the bit stream for the FPGA devices that is only generated via a specific process at the RCI facilities.
No sort of cybersecurity program for operational technology currently planned at the SHINE facility.
The Cyber Security - Effective Practices for the Establishment and Maintenance of Adequate Cybersecurity at Non-Power (Research and Test) Reactor Facilities, was reviewed for information, but the applicant did not identify any of the practices that were incorporated into the facility for development.
SHINE referenced April 2017 meeting that the staff cant require a cybersecurity program.
Audit Topic 2 The physical security plan provides a description of the measures used to protect the facility and ensure the Category 2 material is secure including some of the digital computer and communication systems and networks used. However, it is unclear if any cybersecurity protections have been implemented to ensure these systems can perform their intended functions in the event of a cyber attack.
The NRC staffs observations:
The security system is stand alone and is not connected to other systems within the facility. Access level controls are password protected. Servers are in a controlled area, individual devices have temper switches where appropriate so that any attempt at access will result in an alarm. No access to untrusted networks from the security system.
Security software will also have tamper alarms for any unauthorized changes.
Three consecutive failed logins will result in an alarm.
Audit trail of last 50,000 commands that will be logged.
They receive generic cybersecurity awareness training.
Tablet for watchman is still being looked at to address if they can use it but they are not sure how to implement while ensuring protection of the systems at this point.
No network diagram for the system at this point.
7.0 Exit Briefing The NRC staff conducted an audit exit meeting via a teleconference on June 15, 2021. The NRC staff summarized its observations and described information needs that would likely be issued in a request for additional information as a result of the audit.
8.0 OPEN ITEMS AND PROPOSED CLOSURE PATHS Not applicable.
9.0 DEVIATIONS FROM THE AUDIT PLAN Not applicable.