Text

U.S. Nuclear Regulatory Commission Public Meeting Summary

Title:

Public Meeting to Discuss DG-5079, Revision to RG 5.83, Cybersecurity Event Notifications Date of Meeting: January 25, 2023 Location: Virtual Meeting Type of Meeting: Observation Meeting Description of the Meeting:

After an introduction by Dan Warner from the Cyber Security Branch (CSB) and opening remarks from Brian Yip, Chief, CSB Branch, Rich Mogavero from the Nuclear Energy Institute (NEI) provided a description of the changes in NEI 15-09, Revision 1.

Following the opening statements, Dan Warner gave a presentation on the changes being made to RG 5.83 by DG-5079 (RG). Lessons learned over the years have identified areas within the RG that could benefit from clarification and additional examples of reportable events. In addition, NEI requested endorsement of NEI 15-09, Cybersecurity Event Notifications, Revision 1 and this revision to RG 5.83 will approve NEI 15-09, Revision 1 for use as an acceptable method to meet the requirements of 10 CFR 73.77.

The meeting also discussed key changes for RG 5.83 including the following:

• Editorial changes to align the document with the current revision of the U.S. Nuclear Regulatory Commission (NRC) Style Guide.

• Will approve NEI 15-09 Revision 1 for use as an acceptable method to meet the requirements of 10 CFR 73.77.

• Added discussion to Section 2.3 Eight-hour Notifications on devices residing on the same network as a CDA or devices that support CDAs. Also added an example for malicious activity observed on a boundary device protecting a network containing CDAs.

• Revised glossary to align definitions with the latest revisions to RG 5.71, Cybersecurity Programs for Nuclear Power Reactors.

• Adopted the use of higher security level network and lower security level network from NEI 15-09, Rev. 1 to replace protected network and unprotected network.

Following the presentation, the only comment received was from Rich Mogavero of NEI regarding the potential for different definitions in RG 5.83, Revision 1 from what is currently in NEI 15-09, Revision 1. NRC staff stated they encourage feedback during the upcoming official comment period to address this concern.

Next Steps:

The final part of the presentation outlined the schedule for the next steps in the RG 5.83 revision process. The dates include:

• The Office of Nuclear Security and Incident Response will submit DG-5079 to RES in the beginning of February.

• The Office of Regulatory Research will issue DG-5079 for public comment at the end of March.

• Public comment period ends in the beginning of May.

• Final RG 5.83, Revision 1 issued mid-July.

Attendees:

NRC External:

Dan Warner Tony Brown Brian Yip Peter Bruley Tammie Rivera Nathan Faith Alan Konkal David Feitl Alex Prada Stephen Flickinger Balla Barro Deidra Garrett Bridget Curran Raymond George Casey Priester David Hall Glenn Dentel Jerry Mills Gregory Hansen Jonathan Johnson Ismael Garcia C. Dallas LeMaster Jasmine Gilliam Rich Mogavero Kim Lawson-Jenkins Jared Prink Kimberlee Edwards Sean F.

Mike Brown Russell Thompson Ralph Costello Andrew Zach Sam Graves Scott Junkin Tanvir Siddiky Heather Pickard Tim Marshall David Gerads Trace Coleman Tony Lowry