ML21187A293: Difference between revisions
StriderTol (talk | contribs) (StriderTol Bot change) |
StriderTol (talk | contribs) (StriderTol Bot change) |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 16: | Line 16: | ||
=Text= | =Text= | ||
{{#Wiki_filter:}} | {{#Wiki_filter:July 14, 2021 MEMORANDUM TO: Chairman Hanson Commissioner Baran Commissioner Wright FROM: Margaret M. Doane Digitally signed by Margaret M. | ||
Executive Director for Operations Margaret M. Doane Doane Date: 2021.07.14 18:07:26 -04'00' | |||
==SUBJECT:== | |||
CONCERNS PERTAINING TO UNI-DIRECTIONAL COMMUNICATIONS (NOT IMPLEMENTED IN SOFTWARE) FROM HIGH SAFETY TO LOWER SAFETY SYSTEMS AND INTERNAL PLANT TO EXTERNAL SYSTEMS CONNECTED TO THE INTERNET This memorandum forwards the report of the U.S. Nuclear Regulatory Commission (NRC) Expert Evaluation Team (Team) on Concerns Pertaining to Uni-Directional Communications (Not Implemented in Software) From High Safety to Lower Safety Systems and Internal Plant to External Systems Connected to the Internet, dated June 30, 2021 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML21175A332). In addition, this memorandum highlights the Teams findings, recommendations, and describes the actions I will take in response to these recommendations. | |||
The Team was established following an April 14, 2021, memorandum from the Chairman (ADAMS Accession No. ML21112A190). This memorandum directed the Executive Director for Operations to undertake a review and to provide the Commission information on how the staff addressed the concerns raised by the Advisory Committee on Reactor Safeguards (ACRS), in a {{letter dated|date=March 31, 2021|text=March 31, 2021, letter}} from Mathew W. Sunseri, Chairman of the ACRS, to Chairman Hanson (ADAMS Accession No. ML21085A014) regarding the uni-directional communications issues. | |||
In response to the Chairmans April 14, 2021, memorandum, I tasked Mirela Gavrilas, Director, Office of Nuclear Security and Incident Response, and Andrea Veil, Director, Office of Nuclear Reactor Regulation, to assemble a team of experts to review the information in the ACRS letter and to provide information on how the issues raised by the ACRS have been addressed. As directed, all team members were independent from the previous activities related to the ACRSs {{letter dated|date=March 31, 2021|text=March 31, 2021, letter}} and have the necessary experience to address the concerns that were raised. | |||
In summary, the Team concluded that the concerns identified by the ACRS letter do not identify a safety issue not currently covered by the NRCs regulations (i.e., no regulatory gap exists that could lead to a safety or security issue) for existing licensees or future applicants. Mandating CONTACT: Michele Sampson, Team Lead 301-415-7493 | |||
The Commissioners 2 hardware would not increase the level of cyber security protection. It would add a regulatory burden, reduce flexibility, and make the NRCs regulations more prescriptive in an area where performance-based regulations have proven effective. The Team further concluded that specific guidance documents could be revised to encourage design certification applicants to consider the cyber security requirements that will apply to a future operating license or combined license applicant. | |||
The Team recommends revising Branch Technical Position (BTP) 7-19 to clarify how the staff could reduce the scope of its review of the defense-in-depth and diversity assessment when a design includes uni-directional digital communications between safety system tiers. The Team also recommends revising Regulatory Guide (RG) 1.152 to reference RG 5.71 and include additional information to make applicants for design certifications aware of the cyber security requirements that apply to an operating license or combined license, and how these requirements could be considered during the design phase and revising RG 5.71 to reference RG 1.152 to make applicants for design certification aware of cyber security controls that could be incorporated as part of the nuclear power reactor design. | |||
I have reviewed the Teams report and found it to be thorough and well documented. I accept all of its recommendations and conclusions. I will direct the staff to revise BTP 7-19, RG 1.152, and RG 5.71 as soon as practicable to address the Teams recommendations. | |||
I am appreciative of the work of Ms. Sampson, Team Lead, and all Team members. The Team assembled on very short notice and compiled a thorough report in a short time. The Teams product will prove very useful in the future as we strive to enhance our risk-informed approaches to licensing reviews. | |||
==Enclosure:== | |||
Report from the NRC Expert Evaluation Team on Concerns Pertaining to Uni-Directional Communications (Not Implemented in Software) | |||
From High Safety to Lower Safety Systems and Internal Plant to External Systems Connected to the Internet (ADAMS Accession No. ML21175A332) cc: SECY OGC OCA OPA OCFO | |||
Pkg: MLML21187A291, Ltr: L21187A293, ML, Rpt: ML21175A332 OFFICE EDO NAME MDoane DATE 07/14/21}} | |||
Latest revision as of 21:46, 18 January 2022
| ML21187A293 | |
| Person / Time | |
|---|---|
| Issue date: | 07/14/2021 |
| From: | Margaret Doane NRC/EDO |
| To: | Jeff Baran, Christopher Hanson, David Wright NRC/Chairman, NRC/OCM |
| Johnson D | |
| Shared Package | |
| ML21187A291 | List: |
| References | |
| Download: ML21187A293 (3) | |
Text
July 14, 2021 MEMORANDUM TO: Chairman Hanson Commissioner Baran Commissioner Wright FROM: Margaret M. Doane Digitally signed by Margaret M.
Executive Director for Operations Margaret M. Doane Doane Date: 2021.07.14 18:07:26 -04'00'
SUBJECT:
CONCERNS PERTAINING TO UNI-DIRECTIONAL COMMUNICATIONS (NOT IMPLEMENTED IN SOFTWARE) FROM HIGH SAFETY TO LOWER SAFETY SYSTEMS AND INTERNAL PLANT TO EXTERNAL SYSTEMS CONNECTED TO THE INTERNET This memorandum forwards the report of the U.S. Nuclear Regulatory Commission (NRC) Expert Evaluation Team (Team) on Concerns Pertaining to Uni-Directional Communications (Not Implemented in Software) From High Safety to Lower Safety Systems and Internal Plant to External Systems Connected to the Internet, dated June 30, 2021 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML21175A332). In addition, this memorandum highlights the Teams findings, recommendations, and describes the actions I will take in response to these recommendations.
The Team was established following an April 14, 2021, memorandum from the Chairman (ADAMS Accession No. ML21112A190). This memorandum directed the Executive Director for Operations to undertake a review and to provide the Commission information on how the staff addressed the concerns raised by the Advisory Committee on Reactor Safeguards (ACRS), in a March 31, 2021, letter from Mathew W. Sunseri, Chairman of the ACRS, to Chairman Hanson (ADAMS Accession No. ML21085A014) regarding the uni-directional communications issues.
In response to the Chairmans April 14, 2021, memorandum, I tasked Mirela Gavrilas, Director, Office of Nuclear Security and Incident Response, and Andrea Veil, Director, Office of Nuclear Reactor Regulation, to assemble a team of experts to review the information in the ACRS letter and to provide information on how the issues raised by the ACRS have been addressed. As directed, all team members were independent from the previous activities related to the ACRSs March 31, 2021, letter and have the necessary experience to address the concerns that were raised.
In summary, the Team concluded that the concerns identified by the ACRS letter do not identify a safety issue not currently covered by the NRCs regulations (i.e., no regulatory gap exists that could lead to a safety or security issue) for existing licensees or future applicants. Mandating CONTACT: Michele Sampson, Team Lead 301-415-7493
The Commissioners 2 hardware would not increase the level of cyber security protection. It would add a regulatory burden, reduce flexibility, and make the NRCs regulations more prescriptive in an area where performance-based regulations have proven effective. The Team further concluded that specific guidance documents could be revised to encourage design certification applicants to consider the cyber security requirements that will apply to a future operating license or combined license applicant.
The Team recommends revising Branch Technical Position (BTP) 7-19 to clarify how the staff could reduce the scope of its review of the defense-in-depth and diversity assessment when a design includes uni-directional digital communications between safety system tiers. The Team also recommends revising Regulatory Guide (RG) 1.152 to reference RG 5.71 and include additional information to make applicants for design certifications aware of the cyber security requirements that apply to an operating license or combined license, and how these requirements could be considered during the design phase and revising RG 5.71 to reference RG 1.152 to make applicants for design certification aware of cyber security controls that could be incorporated as part of the nuclear power reactor design.
I have reviewed the Teams report and found it to be thorough and well documented. I accept all of its recommendations and conclusions. I will direct the staff to revise BTP 7-19, RG 1.152, and RG 5.71 as soon as practicable to address the Teams recommendations.
I am appreciative of the work of Ms. Sampson, Team Lead, and all Team members. The Team assembled on very short notice and compiled a thorough report in a short time. The Teams product will prove very useful in the future as we strive to enhance our risk-informed approaches to licensing reviews.
Enclosure:
Report from the NRC Expert Evaluation Team on Concerns Pertaining to Uni-Directional Communications (Not Implemented in Software)
From High Safety to Lower Safety Systems and Internal Plant to External Systems Connected to the Internet (ADAMS Accession No. ML21175A332) cc: SECY OGC OCA OPA OCFO
Pkg: MLML21187A291, Ltr: L21187A293, ML, Rpt: ML21175A332 OFFICE EDO NAME MDoane DATE 07/14/21