GO2-14-105, Cyber Security Plan - Milestone 1-7 Completion Status: Difference between revisions
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
||
| (One intermediate revision by the same user not shown) | |||
| Line 13: | Line 13: | ||
| document type = Letter type:GO, Status Report | | document type = Letter type:GO, Status Report | ||
| page count = 6 | | page count = 6 | ||
| project = | |||
| stage = Other | |||
}} | }} | ||
=Text= | =Text= | ||
{{#Wiki_filter:Donald W. Gregoire P.O. | {{#Wiki_filter:Donald W.Gregoire Richland, Box 9K8 PE2O P.O. | ||
~ NORTHW EST609-377-88161 F. 509-377-4317 | ~ENERGY | ||
'NORTHWEST ~ NORTHW EST609-377-88161 F. | |||
WA 99352-O988 509-377-4317 G02-14-105 June 19, 2014 10 CFR 73.54 U.S. Nuclear Regulatory Commission ATTN: Document Control Desk Washington, D.C. 20555-0001 | |||
==Subject:== | ==Subject:== | ||
COLUMBIA GENERATING STATION, DOCKET NO. 50-397 CYBER SECURITY PLAN -MILESTONES 1-7 COMPLETION STATUS | COLUMBIA GENERATING STATION, DOCKET NO. 50-397 CYBER SECURITY PLAN - MILESTONES 1-7 COMPLETION STATUS | ||
==Reference:== | ==Reference:== | ||
Letter G12-13-140 dated August 12, 2013, NRC to ME Reddemann (Energy Northwest), "Columbia Generating Station, NRC Temporary Instruction 2201/004, 'Inspection of Implementation of Interim Cyber Security Milestones 1 - 7,' Inspection Report 05000397/2013406." | |||
==Dear Sir or Madam:== | |||
In accordance with a request in the Reference letter to provide written notification to the NRC's Regional Office when the corrective actions for the issues identified during the inspection have been completed, Energy Northwest (EN) is herewith submitting a status report on completion of those actions. The corrective actions directly resulting from the inspection and related to Milestones 1 through 7 completions as documented in multiple Condition Reports (CRs) identified in the inspection report (Reference) have been completed as documented in the attachment. Two other activities related to overall implementation of the Cyber Security Program and involving changes in the Control Room Network and assessment of the Digital Electro-Hydraulic (DEH) System are still in progress and have tentative scheduled completion dates for 2015 and 2017, respectively. | |||
There are no new commitments being made to the NRC by this letter. Should you have any questions, please call JR Trautvetter at (509) 377-4337. | |||
Respectfully, | |||
£o- DW Gregoire Manager, Regulatory Programs Attachment - Columbia Generating Station Cyber Security Inspection 05000397/2013406 - Findings and Resolutions cc: NRC Region IVAdministrator MA Jones - BPA/1 399 NRC NRR Project Manager DE Sandlin - BPA/1 399 A NRC Sr. Resident Inspector - 988C WA Horin - Winston & Strawn 5001 | |||
CYBER SECURITY PLAN - MILESTONES 1-7 COMPLETION STATUS Attachment Page 1 of 5 Columbia Generating Station Cyber Security Inspection 05000397/2013406 - Findings and Resolutions Finding/.eficiency. Resolution Trc.ing Completion Status r I CR Number Milestone 1: Estabshment of a Cyber Security Assessment Team None I N/A " N/A NWA Milestone 2: Identification and Documentation of Critical Systems (CSs) and Critical Digtal Assets (CDAs) | |||
A licensee identified violation of 10 Resolution of this finding to bring the program into compliance CFR 73.54 was identified for the failure included the following activities: | |||
to adequately identify CDAs consistent @ Revised procedure SWP-CSW-18 to conform to the CSP 00281324a Complete with the requirements of Milestone 2 a Initial subset of DAs was screened by CSAT 00281250a Complete of the licensee's Cyber Security Plan | |||
* EP Field Team Kits included several DAs. Added as CDAs 00280653a Complete (CSP). | |||
* Procedure changes and walkdowns were used to correct 00282450a Complete the CDA identification process and 00282941a Complete | |||
* Revised procedure ISDI-CYBER-08 to incorporate new 002822358 Complete process for screening DAs iestone 3: Installation of a Protective Device between Lower and IgMer Security LeWs None Enhancements related to this milestone included: " | |||
* Network connectivity to Engineering Test Lab was removed 00279442a Complete | |||
* Modified network access outside the PA 00282451a Complete | |||
CYBER SECURITY PLAN - MILESTONES 1-7 COMPLETION STATUS Attachment Page 2 of 5 Finding/Defidency I Resolution 1"Tracking | |||
_C Number Completion Status MIlestone 4: Ipe of Access Control for Portabe and Mobile Devices Deficiencies in controlling access to a Resolution of this finding to bring the program into compliance digital scanning device with external included the following activities: | |||
devices. | devices. | ||
* Isolated scanning stations based on Industry OE 002802688 Complete" Published location of scanning stations and added signage 002815578 Complete" Added additional log reviews to department instruction 002829428 Complete | * Isolated scanning stations based on Industry OE 002802688 Complete | ||
* Department instruction was developed for scanning station 002831788 Complete management | " Published location of scanning stations and added signage 002815578 Complete | ||
* Passwords were placed in a locked container 00283179a Complete* Additional language was added to SWP-CSW-15 to 00283264a Complete document laptop controls* Created report on Security Control Analysis 00283265a Complete and 00283118a Complete* Assignments for CSP Milestone 4 issued 002832958 Complete* Actions for Computer Engineering and I&C to generate 002831008, Complete tracking methodology 0 0 3 0 6 4 1 1 b, Ongoing!and 0 0 | " Added additional log reviews to department instruction 002829428 Complete OE on multiple scanning engines - no action necessary O 0 0 2 8 2 94 3a Complete | ||
* Procedure revised and cabinets changed out 002831178 Complete | |||
* Configuration of scanning stations was locked down and 002831188 Complete details included in SWP-CSW-15 | |||
* Department instruction was developed for scanning station 002831788 Complete management | |||
* Passwords were placed in a locked container 00283179a Complete | |||
* Additional language was added to SWP-CSW-15 to 00283264a Complete document laptop controls | |||
* Created report on Security Control Analysis 00283265a Complete and 00283118a Complete | |||
* Assignments for CSP Milestone 4 issued 002832958 Complete | |||
* Actions for Computer Engineering and I&C to generate 002831008, Complete tracking methodology 0 0 3 0 6 4 1 1 b, Ongoing! | |||
and 0 0 30 6 8 76 b Ongoinge | |||
CYBER SECURITY PLAN - MILESTONES 1-7 COMPLETION STATUS Attachment Page 3 of 5 in /deficiency Resolution Tracking Completion Status | |||
_I [CR Number Miestone 5: Observation and Identification of Obvious Cyber Related Tampering Non-cited violation associated with 10 Resolution of this finding to bring the program into compliance CFR 73.54 for failure to fully included the following activities: | |||
implement required security controls. | implement required security controls. | ||
* Issued procedures ISDI-CYBER-17 and ISDI-CYBER-18 00283250a Complete and 00283251" Complete* Updated tamper training module to incorporate additional 00283294? | * Issued procedures ISDI-CYBER-17 and ISDI-CYBER-18 00283250a Complete and 00283251" Complete | ||
Complete details within the training I I M~ilestone 6:1Implementa~tio of Cyber Secunty Controls for CDAs that Could Adversely impact the Design Function of Target Set Equipment Licensee identified violation of 10 CFR Resolution of this finding to bring the program into compliance 73.54 for the failure to adequately included the following activities: | * Updated tamper training module to incorporate additional 00283294? Complete details within the training I I M~ilestone 6:1Implementa~tio of Cyber Secunty Controls for CDAs that Could Adversely impact the Design Function of Target Set Equipment Licensee identified violation of 10 CFR Resolution of this finding to bring the program into compliance 73.54 for the failure to adequately included the following activities: | ||
identify CDAs that could adversely | identify CDAs that could adversely | ||
* Revised procedure ISDI-CYBER-08 to incorporate new 002822352, Complete impact the design function of physical process for screening 00280268a, Complete security target set equipment. | * Revised procedure ISDI-CYBER-08 to incorporate new 002822352, Complete impact the design function of physical process for screening 00280268a, Complete security target set equipment. and 002824500 Complete Milestone 7: Implermention and Commencement of Ongoing Monitoring od Assessment Activities Non-cited violation of 10 CFR 73.54 for Resolution of this finding to bring the program into compliance the failure to fully implement ongoing included the following activities: | ||
and 002824500 Complete Milestone 7: Implermention and Commencement of Ongoing Monitoring od Assessment Activities Non-cited violation of 10 CFR 73.54 for Resolution of this finding to bring the program into compliance the failure to fully implement ongoing included the following activities: | monitoring and assessment activities 0 Closed additional actions related to Milestones 5 and 7 002831804 Complete of the CSP implementation schedule. and | ||
monitoring and assessment activities 0 Closed additional actions related to Milestones 5 and 7 002831804 Complete of the CSP implementation schedule. | * Published procedures ISDI-CYBER-17 and ISDI-CYBER-18 00283251' Complete | ||
* Apparent Cause on malicious software detected 00275206a Complete* Follow up activities after publication of NRC Cyber Security 00282450a Complete guidance" Enabled IPS on external firewall 00241815a Complete* Resolved issues with Cyber CBT and corrective action 00192378a Complete" Assessment of project impacts due to Cyber Security 00218174a Complete concerns* Resolved issue with worm possibly affecting DEH System 001957628 Complete* SCC computers were removed from an OU that required 00203869 Complete screen savers* Computers scanned, cleaned, and hardened after discovery 002805138 Complete of malware on MOV computers* Resolved Supervisor access issues for researching Cyber 0028081Sa Complete Security solutions* In progress modification to Control Room network 00249961a Ongoing | CYBER SECURITY PLAN - MILESTONES 1-7 COMPLETION STATUS Attachment Page 4 of 5 Findin/defiencV Resolution Trackdng Completion Status F CR Number Other Activities Resulting From The Inspection N/A | ||
completion in 2 0 1 7)d NOTES: a Condition Reports listed in NRC Inspection Report 05000397/2013406 (Reference); | * Apparent Cause on malicious software detected 00275206a Complete | ||
* Follow up activities after publication of NRC Cyber Security 00282450a Complete guidance | |||
" Enabled IPS on external firewall 00241815a Complete | |||
* Resolved issues with Cyber CBT and corrective action 00192378a Complete | |||
" Assessment of project impacts due to Cyber Security 00218174a Complete concerns | |||
* Resolved issue with worm possibly affecting DEH System 001957628 Complete | |||
* SCC computers were removed from an OU that required 00203869 Complete screen savers | |||
* Computers scanned, cleaned, and hardened after discovery 002805138 Complete of malware on MOV computers | |||
* Resolved Supervisor access issues for researching Cyber 0028081Sa Complete Security solutions | |||
* In progress modification to Control Room network 00249961a Ongoing (Scheduled and for completion in 2015) 0032205b Ongoingc | |||
* DMA System assessment approved by CSAT 0 0 24 4 2 17 b Complete | |||
* The assessment of the DEH Digital Electro-Hydraulic ON 00244331b Ongoing (Scheduled for | |||
_System is inprogress. completion in 2 0 1 7 )d NOTES: | |||
a Condition Reports listed in NRC Inspection Report 05000397/2013406 (Reference); | |||
b Condition Reports not referenced in NRC Inspection Report 05000397/2013406 (Reference); | b Condition Reports not referenced in NRC Inspection Report 05000397/2013406 (Reference); | ||
No CYBER SECURITY PLAN -MILESTONES 1-7 COMPLETION STATUS Attachment Page 5 of 5 | |||
System; | No CYBER SECURITY PLAN - MILESTONES 1-7 COMPLETION STATUS Attachment Page 5 of 5 cARs 00249961 and 00232205 are AR-EVAL (Evaluation) type Action Requests and are scheduled for completion in 2015. These are not Condition Reports and have no corrective actions. AR 00249961 tracks a cyber security modification that was generated as a part of Milestone 8 completion and not Milestones 1-7. The inspector requested to review this documentation during the inspection and it is listed in the inspection report. However, it is not in CAP; d AR 244331 is an AR-ITSR (Information Technology Service Request) type Action Request. It is not a Condition Report and has no corrective actions. This AR conducts a cyber security assessment of the DEH (Digital Electro-Hydraulic) System; eARs 00306411 and 00306876 are yearly re-occurring Model ARs that will get a new number every year. These ARs are SELF (self-managed) type assignments for internal tracking of Quarterly Walk downs and password changes and will be on an "ongoing" basis during the year and will be dosed at the end of each year. | ||
f Condition Report 00282480 is cited in NRC Inspection Report 05000397/2013406, page 17 (Reference) but is not included in table because it is not related to the Columbia Cyber Security Inspection (suspected typographical error).}} | |||
Latest revision as of 07:58, 11 November 2019
| ML14188B483 | |
| Person / Time | |
|---|---|
| Site: | Columbia  |
| Issue date: | 06/19/2014 |
| From: | Gregoire D Energy Northwest |
| To: | Document Control Desk, Office of Nuclear Reactor Regulation |
| References | |
| GO2-14-105, IR-13-406 | |
| Download: ML14188B483 (6) | |
Text
Donald W.Gregoire Richland, Box 9K8 PE2O P.O.
~ENERGY
'NORTHWEST ~ NORTHW EST609-377-88161 F.
WA 99352-O988 509-377-4317 G02-14-105 June 19, 2014 10 CFR 73.54 U.S. Nuclear Regulatory Commission ATTN: Document Control Desk Washington, D.C. 20555-0001
Subject:
COLUMBIA GENERATING STATION, DOCKET NO. 50-397 CYBER SECURITY PLAN - MILESTONES 1-7 COMPLETION STATUS
Reference:
Letter G12-13-140 dated August 12, 2013, NRC to ME Reddemann (Energy Northwest), "Columbia Generating Station, NRC Temporary Instruction 2201/004, 'Inspection of Implementation of Interim Cyber Security Milestones 1 - 7,' Inspection Report 05000397/2013406."
Dear Sir or Madam:
In accordance with a request in the Reference letter to provide written notification to the NRC's Regional Office when the corrective actions for the issues identified during the inspection have been completed, Energy Northwest (EN) is herewith submitting a status report on completion of those actions. The corrective actions directly resulting from the inspection and related to Milestones 1 through 7 completions as documented in multiple Condition Reports (CRs) identified in the inspection report (Reference) have been completed as documented in the attachment. Two other activities related to overall implementation of the Cyber Security Program and involving changes in the Control Room Network and assessment of the Digital Electro-Hydraulic (DEH) System are still in progress and have tentative scheduled completion dates for 2015 and 2017, respectively.
There are no new commitments being made to the NRC by this letter. Should you have any questions, please call JR Trautvetter at (509) 377-4337.
Respectfully,
£o- DW Gregoire Manager, Regulatory Programs Attachment - Columbia Generating Station Cyber Security Inspection 05000397/2013406 - Findings and Resolutions cc: NRC Region IVAdministrator MA Jones - BPA/1 399 NRC NRR Project Manager DE Sandlin - BPA/1 399 A NRC Sr. Resident Inspector - 988C WA Horin - Winston & Strawn 5001
CYBER SECURITY PLAN - MILESTONES 1-7 COMPLETION STATUS Attachment Page 1 of 5 Columbia Generating Station Cyber Security Inspection 05000397/2013406 - Findings and Resolutions Finding/.eficiency. Resolution Trc.ing Completion Status r I CR Number Milestone 1: Estabshment of a Cyber Security Assessment Team None I N/A " N/A NWA Milestone 2: Identification and Documentation of Critical Systems (CSs) and Critical Digtal Assets (CDAs)
A licensee identified violation of 10 Resolution of this finding to bring the program into compliance CFR 73.54 was identified for the failure included the following activities:
to adequately identify CDAs consistent @ Revised procedure SWP-CSW-18 to conform to the CSP 00281324a Complete with the requirements of Milestone 2 a Initial subset of DAs was screened by CSAT 00281250a Complete of the licensee's Cyber Security Plan
- Procedure changes and walkdowns were used to correct 00282450a Complete the CDA identification process and 00282941a Complete
- Revised procedure ISDI-CYBER-08 to incorporate new 002822358 Complete process for screening DAs iestone 3: Installation of a Protective Device between Lower and IgMer Security LeWs None Enhancements related to this milestone included: "
- Network connectivity to Engineering Test Lab was removed 00279442a Complete
- Modified network access outside the PA 00282451a Complete
CYBER SECURITY PLAN - MILESTONES 1-7 COMPLETION STATUS Attachment Page 2 of 5 Finding/Defidency I Resolution 1"Tracking
_C Number Completion Status MIlestone 4: Ipe of Access Control for Portabe and Mobile Devices Deficiencies in controlling access to a Resolution of this finding to bring the program into compliance digital scanning device with external included the following activities:
devices.
- Isolated scanning stations based on Industry OE 002802688 Complete
" Published location of scanning stations and added signage 002815578 Complete
" Added additional log reviews to department instruction 002829428 Complete OE on multiple scanning engines - no action necessary O 0 0 2 8 2 94 3a Complete
- Procedure revised and cabinets changed out 002831178 Complete
- Configuration of scanning stations was locked down and 002831188 Complete details included in SWP-CSW-15
- Department instruction was developed for scanning station 002831788 Complete management
- Passwords were placed in a locked container 00283179a Complete
- Additional language was added to SWP-CSW-15 to 00283264a Complete document laptop controls
- Created report on Security Control Analysis 00283265a Complete and 00283118a Complete
- Assignments for CSP Milestone 4 issued 002832958 Complete
- Actions for Computer Engineering and I&C to generate 002831008, Complete tracking methodology 0 0 3 0 6 4 1 1 b, Ongoing!
and 0 0 30 6 8 76 b Ongoinge
CYBER SECURITY PLAN - MILESTONES 1-7 COMPLETION STATUS Attachment Page 3 of 5 in /deficiency Resolution Tracking Completion Status
_I [CR Number Miestone 5: Observation and Identification of Obvious Cyber Related Tampering Non-cited violation associated with 10 Resolution of this finding to bring the program into compliance CFR 73.54 for failure to fully included the following activities:
implement required security controls.
- Issued procedures ISDI-CYBER-17 and ISDI-CYBER-18 00283250a Complete and 00283251" Complete
- Updated tamper training module to incorporate additional 00283294? Complete details within the training I I M~ilestone 6:1Implementa~tio of Cyber Secunty Controls for CDAs that Could Adversely impact the Design Function of Target Set Equipment Licensee identified violation of 10 CFR Resolution of this finding to bring the program into compliance 73.54 for the failure to adequately included the following activities:
identify CDAs that could adversely
- Revised procedure ISDI-CYBER-08 to incorporate new 002822352, Complete impact the design function of physical process for screening 00280268a, Complete security target set equipment. and 002824500 Complete Milestone 7: Implermention and Commencement of Ongoing Monitoring od Assessment Activities Non-cited violation of 10 CFR 73.54 for Resolution of this finding to bring the program into compliance the failure to fully implement ongoing included the following activities:
monitoring and assessment activities 0 Closed additional actions related to Milestones 5 and 7 002831804 Complete of the CSP implementation schedule. and
- Published procedures ISDI-CYBER-17 and ISDI-CYBER-18 00283251' Complete
CYBER SECURITY PLAN - MILESTONES 1-7 COMPLETION STATUS Attachment Page 4 of 5 Findin/defiencV Resolution Trackdng Completion Status F CR Number Other Activities Resulting From The Inspection N/A
- Apparent Cause on malicious software detected 00275206a Complete
- Follow up activities after publication of NRC Cyber Security 00282450a Complete guidance
" Enabled IPS on external firewall 00241815a Complete
- Resolved issues with Cyber CBT and corrective action 00192378a Complete
" Assessment of project impacts due to Cyber Security 00218174a Complete concerns
- Resolved issue with worm possibly affecting DEH System 001957628 Complete
- SCC computers were removed from an OU that required 00203869 Complete screen savers
- Computers scanned, cleaned, and hardened after discovery 002805138 Complete of malware on MOV computers
- Resolved Supervisor access issues for researching Cyber 0028081Sa Complete Security solutions
- In progress modification to Control Room network 00249961a Ongoing (Scheduled and for completion in 2015) 0032205b Ongoingc
- DMA System assessment approved by CSAT 0 0 24 4 2 17 b Complete
- The assessment of the DEH Digital Electro-Hydraulic ON 00244331b Ongoing (Scheduled for
_System is inprogress. completion in 2 0 1 7 )d NOTES:
a Condition Reports listed in NRC Inspection Report 05000397/2013406 (Reference);
b Condition Reports not referenced in NRC Inspection Report 05000397/2013406 (Reference);
No CYBER SECURITY PLAN - MILESTONES 1-7 COMPLETION STATUS Attachment Page 5 of 5 cARs 00249961 and 00232205 are AR-EVAL (Evaluation) type Action Requests and are scheduled for completion in 2015. These are not Condition Reports and have no corrective actions. AR 00249961 tracks a cyber security modification that was generated as a part of Milestone 8 completion and not Milestones 1-7. The inspector requested to review this documentation during the inspection and it is listed in the inspection report. However, it is not in CAP; d AR 244331 is an AR-ITSR (Information Technology Service Request) type Action Request. It is not a Condition Report and has no corrective actions. This AR conducts a cyber security assessment of the DEH (Digital Electro-Hydraulic) System; eARs 00306411 and 00306876 are yearly re-occurring Model ARs that will get a new number every year. These ARs are SELF (self-managed) type assignments for internal tracking of Quarterly Walk downs and password changes and will be on an "ongoing" basis during the year and will be dosed at the end of each year.
f Condition Report 00282480 is cited in NRC Inspection Report 05000397/2013406, page 17 (Reference) but is not included in table because it is not related to the Columbia Cyber Security Inspection (suspected typographical error).