NRC-11-0012, Response to Request for Additional Information Regarding Cyber Security Plan
ML112082027 | |
Person / Time | |
---|---|
Site: | Fermi |
Issue date: | 03/30/2011 |
From: | Plona J DTE Energy, Detroit Edison |
To: | Document Control Desk, Office of Nuclear Reactor Regulation |
References | |
NRC-11-0012 | |
Download: ML112082027 (13) | |
Text
.Joseph H. Plonn Site Vke Prc~ident MOO N. Dixie Highway, Newport, MJ 4816(l Tel: 734.586.5910 Fax: 734.58f}A172
, DTE Energy' SeeHFity Reltded IBfarBlstieB Withheld Under 10 CFR 2.390 10 CFR 50.90 March 30, 20 II NRC-ll-0012
- u. S. Nuclear Regulatory Commission Attention: Document Control Desk Washington DC 20555-0001
References:
I) Fermi 2 NRC Docket No. 50-341 NRC License No. NPF-43
- 2) Detroit Edison's letter to the NRC, "Request for Approval of Revised Fermi 2 Cyber Security Plan," NRC-I 0-0050, dated July 27,2010
- 3) Detroit Edison's letter to the NRC, "Clarification of Fermi2 Cyber Security Plan Regarding Balance of Plant Systems within the Scope of the Program," NRC-IO-0075, dated November 22, 2010
- 4) NRC Letter to Detroit Edison, "Fermi 2 - Request for Additional Information - Cyber Security Plan (TAC NO ME4366)," dated March 4,2011
Subject:
Response to Request for Additional Information Regarding the Fermi 2 Cyber Security Plan In Reference 2 Detroit Edison submitted a revised Fermi 2 Cyber Security Plan. In Reference 3, Detroit Edison provided a Clarification of the Fermi 2 Cyber Security Plan Regarding Balance of Plant Systems within the Scope of the Plan. In Reference 4 the NRC requested additional information regarding the Fermi 2 Cyber Security Plan.
Enclosure I to tlus letter provides the response to the additional information requested in Reference 4. Enclosures 2 and 4 provide revised wording for two sections ofthe plan and Enclosure 3 provides a revised implementation schedule.
Enclosure 3 contains Security Related Information Withhold Under 10 CFR 2.390. Upon Separation from Enclosure 3, the cover letter and other Enclosures are DECONIROLLED.
SeeD) ity-Related Information - 'Nithhold Under 19 CFR 2.399 USNRC NRC-II-0012 Page 2 Detroit Edison requests that Enclosure 3, which contains security-related information, be withheld from public disclosure in accordance with 10 CFR 2.390.
Should you have any questions or require additional information, please contact Mr.
Rodney W. Johnson of my staff at (734) 586-5076.
Sincerely, Enclosure I Response to Request for Additional Information Concerning the Fermi 2 Cyber Security Plan Revised Section 4.13 to the Fermi 2 Cyber Security Plan Fermi 2 Cyber Security Plan Proposed Implementation Schedule (Security-Related Information Withhold Under 10 CFR 2.390) Revised Section 2.1, "Scope and Purpose" Of the Fermi 2 Cyber Security Plan cc: NRC Project Manager NRC Resident Office Reactor Projects Chief, Branch 4, Region III Regional Administrator, Region III Supervisor, Electric Operators, Michigan Public Service Commission (w/o Enclosure 3)
Enclosure 3 contains Security Related Information Withhold Under 10 CFR 2.390. Upon Separation from Enclosure 3, the cover letter and other Enclosures are DECONTROLLED.
Beeurity-Related Information \¥ithhold Under 19 EFR 2.399 USNRC NRC-l 1-0012 Page 3 I, Joseph H. Plona, do hereby affirm that the foregoing statements are based on facts and circumstances which are true and accurate to the best of my knowledge and belief.
IOsepftr II f k.-.
Site Vice President, Nuclear Generation On this
(}//\*"-
,,: U fV\ I day of I' \lU"c,V\ , 2011 before me personally appeared Joseph H. Plona, being first duly sworn and says that he executed the foregoing as his free act and deed.
Enclosure 3 contains Security Related Information - Withhold Under 10 CFR 2.390. Upon Separation from Enclosure 3, the cover letter and other Enclosures are DECONTROLLED.
Enclosure 1 to NRC-ll-0012 Fermi 2 NRC Docket No. 50-341 Operating License No. NPF-43 Response to Request for Additional Information Concerning the Fermi 2 Cyber Security Plan contains Security Related Information - Withhold Under 10 CFR 2.390. Upon Separation from Enclosure 3, the cover letter and other Enclosures are DECONTROLLED.
Security Related IHfet'matieH Withhald VadeI' 19 CFR 1.399 to NRC-ll-0012 Page 1 Response to Request for Additional Information Concerning the Fermi 2 Cyber Security Plan RAIl: Records Retention Title 10 of the Code of Federal Regulations (10 CFR) Paragraph 73.54(c)(2) requires licensees to design a cyber security program to ensure the capability to detect, respond to, and recover from cyber attacks. Furthermore, 10 CFR 73.54(e)(2)(i) requires licensees to maintain a cyber security plan that describes how the licensee will maintain the capability for timely detection and response to cyber attacks. The ability for a licensee to detect and respond to cyber attacks requires accurate and complete records and is further supported by 10 CFR 73.54(h), which states that the licensee shall retain all records and supporting technical documentation required to satisfy the requirements of 10 CFR Section 73.54 as a record until the Commission terminates the license for which the records were developed, and shall maintain superseded portions of these records for at least 3 years after the record is superseded, unless otherwise specified by the Commission.
The licensee's Cyber Security Plan (CSP) in Section 4.13 states that Critical Digital Asset (CDA) audit records and audit data (e.g., operating system logs, network device logs) are retained for a period of time that is less than what is required by 10 CFR 73.54(h).
Explain the deviation from the 10 CFR 73.54(h) requirement to retain records and supporting technical documentation until the Commission terminates the license (or to maintain superseded portions of these records for at least 3 years) and how that meets the requirements of 10 CFR 73.54.
RAI 1 Response: provides a revised Section 4.13 to the Fermi 2 Cyber Security Plan. This enclosure replaces the text in Section 4.13 of Reference 2, in its entirety. The proposed revised records retention wording is consistent with the wording provided by NEI to the NRC on February 28, 2011.
RAI 2: Implementation Schedule The regulation at 10 CFR 73.54, "Protection of digital computer and communication systems and networks," requires licensees to submit a CSP that satisfies the requirements of this section for Commission review and approval. Furthermore, each submittal must include a proposed implementation schedule and the implementation of the licensee's cyber security program must be consistent with the approved schedule. Paragraph 73.54(a) of 10 CFR requires licensees to provide high assurance that digital computer and communication systems and networks are adequately protected against cyber attacks, up to and including the design basis threat.
Enclosure 3 contains Security Related Information - Withhold Under 10 CFR 2.390. Upon Separation from Enclosure 3, the cover letter and other Enclosures are DECONTROLLED.
Seeuriiy Related htf6rmatiC')ft Vlithh61d UDder 19 CFR 2.399 to NRC~11-0012 Page 2 The completion of several key intermediate milestones (Items (a) through (g) below) would demonstrate progress toward meeting the requirements of 10 CFR 73.54. The Nuclear Regulatory Commission (NRC) staffs expectation is that the key intermediate milestones will be completed in a timely manner, but no later than December 31,2012. The key CSP implementation milestones are as follows:
a) Establish, train and qualify Cyber Security Assessment Team, as described in Section 3.1.2, "Cyber Security Assessment Team," of the CSP.
b) Identify Critical Systems and CD As, as described in Section 3.1.3, "Identification of Critical Digital Assets," of the CSP.
c) Implement cyber security defense~ in-depth architecture by installation of [deterministic one~way devices], as described in Section 4.3, "Defense~In~Depth Protective Strategies" of the CSP.
d) Implement the management, operational and technical cyber security controls that address attacks promulgated by use of portable media, portable devices, and portable equipment as described in Appendix D Section 1.19 "Access Control for Portable and Mobile Devices," of Nuclear Energy Institute (NEI) 08-09, Revision 6.
e) Implement observation and identification of obvious cyber related tampering to existing insider mitigation rounds as described in Appendix E Section 4.3, "Personnel Performing Maintenance and Testing Activities," and Appendix E Section 10.3, "Baseline Configuration" ofNEI 08-09, Revision 6.
f) Identify, document, and implement cyber security controls to physical security target set CDAs in accordance with Section 3.1.6, "Mitigation of Vulnerabilities and Application of Cyber Security Controls," of the CSP.
g) Ongoing monitoring and assessment activities will commence for those target set CDAs whose security controls have been implemented, as described in Section 4.4, "Ongoing Monitoring and Assessment," of the CSP.
h) Full implementation of the CSP for all safety, security, and emergency preparedness functions.
Provide a revised CSP implementation schedule that identifies the appropriate milestones, completion dates, supporting rationale, and level of detail to allow the NRC to evaluate the licensee's proposed schedule and associated milestone dates which include the final completion Enclosure 3 contains Security Related Information - Withhold Under 10 CFR 2.390. Upon Separation from Enclosure 3, the cover letter and other Enclosures are DECONTROLLED.
Secm it, -Related Intin mation Withhold Under 19 CFR 2.399 Enclosure I to NRC-ll-00l2 Page 3 date. It is the NRC's intention to develop a license condition incorporating your revised CSP implementation schedule containing the key milestone dates.
RAI 2: Response provides a revised Fermi 2 proposed implementation schedule. This schedule supersedes the one previously provided in Reference 2.
RAI 3: Scope of Systems Paragraph 73.54(a) of 10 CFR requires licensees to provide high assurance that digital computer and communication systems and networks are adequately protected against cyber attacks, up to and including the design basis threat as described in 10 CFR 73.1. In addition, 10 CFR 73.54(a)(1) states that the licensee shall protect digital computer and communication systems and networks associated with:
(i) Safety-related and important-to-safety functions; (ii) Security functions; (iii) Emergency preparedness functions, including offsite communications; and (iv) Support systems and equipment which, if compromised, would adversely impact safety security or emergency preparedness functions.
Subsequent to the issuance of the cyber security rule, the NRC stated that 10 CFR 73.54 should be interpreted to include structures. systems, and components (SSCs) in the balance of plant (BOP) that have a nexus to radiological health and safety (Agencywide Documents Access and Management System (ADAMS) Accession No. ML103490344, dated November 19.2010).
The SSCs in the BOP are those that could directly or indirectly affect reactivity of a nuclear power plant and could result in an unplanned reactor shutdown or transient and are therefore, within the scope of important-to-safety functions described in 10 CFR 73.54(a)(1). Furthermore, the NRC issued a letter to NEI dated January 5,2011 (ADAMS Accession No. ML103550480) that provided licensees with additional guidance on one acceptable approach to comply with the Commission's policy determination.
Explain how the scoping of systems provided by Detroit Edison's CSP meets the requirements of 10 CFR 73.54 and the additional guidance provided by the NRC.
Enclosure 3 contains Security Related Information Withhold Under 10 CFR 2.390. Upon Separation from Enclosure 3, the cover letter and other Enclosures are DECONTROLLED.
Seeut'ity ReIsted InfflrmstitUl V/ithh61d Under 19 CFR 2.399 Enclosure I to NRC-I 1-0012 Page 4 RAI 3: Response provides a revised Section 2.1 to the Fermi 2 Cyber Security Plan. The revised wording is consistent with the wording in the NRC letter to NEI, dated January 5, 2011. supersedes Reference 3.
Enclosure 3 contains Security Related Information - Withhold Under 10 CFR 2.390. Upon Separation from Enclosure 3, the cover letter and other Enclosures are DECONTROLLED.
SeeDI ity-Related Info. mation = 'Nithhold Un del' HI CFR 2.399 Enclosure 2 to NRC-ll-0012 Fermi 2 NRC Docket No. 50-341 Operating License No, NPF-43 Revised Section 4.13 to the Fermi 2 Cyber Security Plan contains Security Related Information - Withhold Under 10 CFR 2.390. Upon Separation from Enclosure 3, the cover letter and other Enclosures are DECONTROLLED.
Seeurity Relstetllnwrmstioft Vlitbhold Untie. 16 CFR 2.396 to NRC-II-OOI2 Page 1 4.13 Document Control And Records Retention And Handling Detroit Edison has established the necessary measures and governing procedures to ensure that sufficient records of items and activities affecting cyber security are developed, reviewed, approved, issued, used, and revised to reflect completed work.
The following are examples of records or supporting technical documentation that are retained as a record until the Commission terminates the license for which the records are developed.
Superseded portions of these records are retained for three years unless otherwise specified by the Commission in accordance with the requirements of 10 CFR 73.54(h):
- Modification records for CDAs;
- Analyses, basis, conclusions, and determinations used to establish a component as CDA;
- Cyber Security Plan;
- Written Policies and Procedures that implement and maintain the Cyber Security program, with records of changes;
- Corrective Action records related to Cyber Security non-conformance or adverse conditions;
- Documentation of periodic Cyber Security Program reviews and Program audits;
- Vulnerability notifications determined to adversely impact CDAs and the associated analyses, assessments and dispositions;
- Training records to document personnel qualifications and program implementation and maintenance; and
- Audit records are electronic or manual event records (logs) that facilitate the identification and analysis of cyber security attacks and are developed in accordance with NEI 08-09, Revision 6, Appendix D, Section 2, Audit and Accountability.
Enclosure 3 contains Security Related Information - Withhold Under 10 CFR 2.390. Upon Separation from Enclosure 3, the cover letter and other Enclosures are DECONTROLLED.
Seenl ity"Related Illf6rmsft6H Withhold lJBdeF 19 CFR 1.390 to NRC-I1-0012 Page 2 o The scope of auditable events is developed in accordance with NEI 08-09, Revision 6, Appendix D, Section 2.2, Auditable Events. Events identified for auditing are recorded in accordance with Appendix D, Section 2.3, Content of Audible Events and Appendix D, Section 2.4, Audit Storage Capacity (for electronic audit records). The source of auditable events (electronic and non electronic) include, but are not limited to:
- Operating system logs
- Service and application logs
- Network device logs
- Access Logs o Audit records of auditable events are retained to document access history, as well as to discover the source of cyber attacks or other security-related incidents affecting CDAs or SSEP functions, or both. These records are reviewed and analyzed in accordance with procedures implementing NEI 08 09, Revision 6, Appendix D, Section 2.6, Audit Review, Analysis and Reporting. The review and analysis is conducted consistent with maintaining high assurance that digital computer and communication systems and networks are adequately protected against cyber attacks, up to and including the design basis threat as described in 10 CFR 73.1. Superseded records (or portions thereof) are then retained for three years, after the record has been reviewed and analyzed.
Enclosure 3 contains Security Related Information - Withhold Under 10 CFR 2.390. Upon Separation from Enclosure 3, the cover letter and other Enclosures are DECONTROLLED.
SetHI ity Related Infol matioft Vlithhold Under 19 CFR 2.399 Enclosure 4 to NRC-ll-0012 Fermi 2 NRC Docket No. 50-341 Operating License No. NPF-43 Revised Section 2.1, "Scope and Purpose" Of the Fermi 2 Cyber Security Plan Enclosure 3 contains Security Related Infonnation - Withhold Under 10 CFR 2.390. Upon Separation from Enclosure 3, the cover letter and other Enclosures are DECONTROLLED.
Seetu itJ-Related Illrounation Vt'ithhold Buder 16 CFR 2.396 to NRC 11-0012 Page 1 2.1 . Scope and Purpose This Plan establishes a means to achieve high assurance that digital computer and communication systems and networks associated with the following functions (hereafter designated as Critical Digital Assets (CDAs)) are adequately protected against cyber attacks up to and including the Design Basis Threat (DBT) as described in 10 CFR 73.1:
- 1. Safety-related and important-to safety functions;
- 2. Security functions;
- 3. Emergency preparedness functions including offsite communications; and
- 4. Support systems and equipment which if compromised, would adversely impact safety, security, or emergency preparedness functions.
The safety-related and important-to safety functions, security functions, and emergency preparedness functions including offsite communications are herein referred to as SSEP functions.
Within the scope of NRC's cyber security rule at Title 10 of the Code of Federal Regulations (10 CFR) 73.54, systems or equipment that perform important to safety functions include structures, systems, and components (SSCs) in the balance of plant (BOP) that could directly or indirectly affect reactivity at a nuclear power plant and could result in an unplanned reactor shutdown or transient. Additionally, these SSCs are under Detroit Edison's control and include electrical distribution equipment out to the first inter-tie with the offsite distribution system.
High assurance of adequate protection of systems associated with the above functions from cyber attacks is achieved by:
- 1. Implementing and documenting the "baseline" cyber security controls described in Section 3.1.6 of this Plan; and
- 2. Implementing and documenting a cyber security program to maintain the established cyber security controls through a comprehensive life cycle approach as described in Section 4 of this Plan.
Enclosure 3 contains Security Related Information Withhold Under 10 CFR 2.390. Upon Separation from Enclosure 3, the cover letter and other Enclosures are DECONTROLLED.