ML16105A049: Difference between revisions
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
||
Line 18: | Line 18: | ||
=Text= | =Text= | ||
{{#Wiki_filter:From:Giarrusso, John (CDA) | {{#Wiki_filter:From: Giarrusso, John (CDA) | ||
To:Venkataraman, Booma Cc:McNamara, Nancy | To: Venkataraman, Booma Cc: McNamara, Nancy | ||
; Tifft, Doug | ; Tifft, Doug | ||
==Subject:== | ==Subject:== | ||
[External_Sender] RE: Planned issuance of NRC License Amendment for Pilgrim- Revision of the Cyber Security Plan implementation schedule Milestone 8 (CAC NO. MF6517) | [External_Sender] RE: Planned issuance of NRC License Amendment for Pilgrim- Revision of the Cyber Security Plan implementation schedule Milestone 8 (CAC NO. MF6517) | ||
Date:Wednesday, April 13, 2016 1:35:20 PM Thank you Booma I have no other questions | Date: Wednesday, April 13, 2016 1:35:20 PM Thank you Booma I have no other questions | ||
John | John | ||
Line 44: | Line 44: | ||
==Subject:== | ==Subject:== | ||
RE: Planned issuance of NRC License Amendment for Pilgrim- Revision of the Cyber Security Plan implementation schedule Milestone 8 (CAC NO. MF6517) | RE: Planned issuance of NRC License Amendment for Pilgrim- Revision of the Cyber Security Plan implementation schedule Milestone 8 (CAC NO. MF6517) | ||
John,Thanks for your questions on this LAR. I provide the answers to your questions below. Let me know if you have any questions. | John, Thanks for your questions on this LAR. I provide the answers to your questions below. Let me know if you have any questions. | ||
Question 1: Has Pilgrim provided any reason for the extension? | Question 1: Has Pilgrim provided any reason for the extension? | ||
Currently, Milestone 8 of the Pilgrim Cyber Security Plan (CSP) requires the licensee to fully implement the CSP by June 30, 2016. By letter dated July 15, 2015, the licensee proposed to modify the Milestone 8 completion date to December 15, 2017. The licensee provided the following information pertinent to some of the criteria identified in the NRC guidance memorandum dated October 24, 2013. 1) Identification of the specific requirement or requirements of the cyber security plan that the licensee needs additional time to implement: | Currently, Milestone 8 of the Pilgrim Cyber Security Plan (CSP) requires the licensee to fully implement the CSP by June 30, 2016. By letter dated July 15, 2015 , the licensee proposed to modify the Milestone 8 completion date to December 15, 2017. The licensee provided the following information pertinent to some of the criteria identified in the NRC guidance memorandum dated October 24, 2013. 1) Identification of the specific requirement or requirements of the cyber security plan that the licensee needs additional time to implement: | ||
The licensee stated that the requirements of the CSP that needed additional time to implement are Section 3, "Analyzing Digital Computer Systems and Networks" and Section 4, "Establishing, Implementing and Maintaining the Cyber Security Program." | The licensee stated that the requirements of the CSP that needed additional time to implement are Section 3, "Analyzing Digital Computer Systems and Networks" and Section 4, "Establishing, Implementing and Maintaining the Cyber Security Program." | ||
It further noted that these sections describe requirements for application and maintenance of cyber security controls and described the process analyzing security controls to determine their applicability in a particular circumstance | It further noted that these sections describe requirements for application and maintenance of cyber security controls and described the process analyzing security controls to determine their applicability in a particular circumstance | ||
. 2) Detailed justification that describes the reason the licensee requires additional time to implement the specific requirement or requirements identified: | . 2) Detailed justification that describes the reason the licensee requires additional time to implement the specific requirement or requirements identified: | ||
The licensee stated it had hosted a "pilot" Milestone 8 inspection at the Indian Point Energy Center in March 2014. | The licensee stated it had hosted a "pilot" Milestone 8 inspection at the Indian Point Energy Center in March 2014. | ||
During the pilot, insight was gained into the NRC perspective on how to apply the cyber security controls listed in NEI 08-09, "Cyber Security Plan for Nuclear Power Reactors", | During the pilot, insight was gained into the NRC perspective on how to apply the cyber security controls listed in NEI 08-09, "Cyber Security Plan for Nuclear Power Reactors", Revision 6, dated April 2010 (ADAMS Accession No. ML101180437). | ||
Revision 6, dated April 2010 (ADAMS Accession No. ML101180437). | |||
During the pilot inspection, the NRC team and Entergy reviewed several examples of critical digital assets (CDAs), describing the level of detail and depth expected in the technical analyses for cyber security controls referenced in NEI 08-09. Based on this review, it is evident to Entergy that the detail and depth of the technical analysis exceeds its prior understanding and requires a considerably greater effort to achieve than initially anticipated. | During the pilot inspection, the NRC team and Entergy reviewed several examples of critical digital assets (CDAs), describing the level of detail and depth expected in the technical analyses for cyber security controls referenced in NEI 08-09. Based on this review, it is evident to Entergy that the detail and depth of the technical analysis exceeds its prior understanding and requires a considerably greater effort to achieve than initially anticipated. | ||
Additionally during 2015, each operating Entergy licensee had an inspection of compliance with interim Milestones 1 through 7. The preparation for and support of these inspections has required a significant commitment of time from Entergy's most knowledgeable subject matter experts on nuclear cyber security, exceeding the estimate previously developed and thereby, drawing those resources away from Milestone 8 implementation activities. | Additionally during 2015, each operating Entergy licensee had an inspection of compliance with interim Milestones 1 through 7. The preparation for and support of these inspections has required a significant commitment of time from Entergy's most knowledgeable subject matter experts on nuclear cyber security, exceeding the estimate previously developed and thereby, drawing those resources away from Milestone 8 implementation activities. | ||
: 3) The licensee stated in its letter dated July 15, 2015, that the impact of the requested additional implementation time on the effectiveness of the overall cyber security program is considered to be very low, because the milestones already completed have resulted in a high degree of protection of safety-related, important-to-safety, and security CDAs against common threat vectors. | : 3) The licensee stated in its letter dated July 15, 2015, that the impact of the requested additional implementation time on the effectiveness of the overall cyber security program is considered to be very low, because the milestones already completed have resulted in a high degree of protection of safety-related, important-to-safety, and security CDAs against common threat vectors. Additionally, extensive physical and administrative measures are already in place for CDAs [because they are plant components], pursuant to the Pilgrim Security Plan and Technical Specification Requirements. | ||
Additionally, extensive physical and administrative measures are already in place for CDAs [because they are plant components], | |||
pursuant to the Pilgrim Security Plan and Technical Specification Requirements. | |||
Question 2: Have other plants asked for an extension? | Question 2: Have other plants asked for an extension? | ||
Yes, other plants have also asked for an extension. | Yes, other plants have also asked for an extension. | ||
Question 3: Any safety issues by extending the deadline 1.5 years out? | Question 3: Any safety issues by extending the deadline 1.5 years out? | ||
The licensee indicated that completion of the activities associated with the CSP, as described in Milestones 1 through 7 were completed prior to December 31, 2012, and provide a high degree of protection to ensure that the most significant digital computer and communication systems and networks associated with safety, security and emergency preparedness functions are protected | The licensee indicated that completion of the activities associated with the CSP, as described in Milestones 1 through 7 were completed prior to December 31, 2012, and provide a high degree of protection to ensure that the most significant digital computer and communication systems and networks associated with safety, security and emergency preparedness functions are protected against cyber-attacks. | ||
against cyber-attacks. | |||
The NRC staff finds that the licensee's site is more secure after the implementation of Milestones 1 through 7 because the activities the licensee has completed mitigate the most significant cyber- attack vectors for the most significant CDAs. | The NRC staff finds that the licensee's site is more secure after the implementation of Milestones 1 through 7 because the activities the licensee has completed mitigate the most significant cyber- attack vectors for the most significant CDAs. | ||
Thanks, Booma | Thanks, Booma | ||
Line 72: | Line 67: | ||
301.415.2934 From: Giarrusso, John (CDA) [mailto:john.giarrusso@state.ma.us | 301.415.2934 From: Giarrusso, John (CDA) [mailto:john.giarrusso@state.ma.us | ||
] Sent: Wednesday, April 13, 2016 7:29 | ] Sent: Wednesday, April 13, 2016 7:29 AM To: Venkataraman, Booma <Booma.Venkataraman@nrc.gov | ||
> | > | ||
Cc: McNamara, Nancy <Nancy.McNamara@nrc.gov | Cc: McNamara, Nancy <Nancy.McNamara@nrc.gov | ||
Line 80: | Line 75: | ||
==Subject:== | ==Subject:== | ||
[External_Sender] | [External_Sender] | ||
RE: Planned issuance of NRC License Amendment for Pilgrim- Revision of the Cyber Security Plan implementation schedule Milestone 8 (CAC NO. MF6517) | RE: Planned issuance of NRC License Amendment for Pilgrim- Revision of the Cyber Security Plan implementation schedule Milestone 8 (CAC NO. MF6517) Booma Has Pilgrim given a reason for the extension? | ||
Also have other plants asked for this | Also have other plants asked for this | ||
Line 108: | Line 103: | ||
Nuclear Power Station (PNPS). | Nuclear Power Station (PNPS). | ||
A brief description of the license amendment request | A brief description of the license amendment request (LAR) is provided below. | ||
Additional information can be found in the licensee's submittal | Additional information can be found in the licensee's submittal | ||
Revision as of 12:16, 8 July 2018
ML16105A049 | |
Person / Time | |
---|---|
Site: | Pilgrim |
Issue date: | 04/13/2016 |
From: | Giarrusso J State of MA, Emergency Management Agency |
To: | Booma Venkataraman Plant Licensing Branch 1 |
Ventkataraman V, DORL/LPLI-I, 415-2934 | |
References | |
CAC MF6517 | |
Download: ML16105A049 (1) | |
Text
From: Giarrusso, John (CDA)
To: Venkataraman, Booma Cc: McNamara, Nancy
- Tifft, Doug
Subject:
[External_Sender] RE: Planned issuance of NRC License Amendment for Pilgrim- Revision of the Cyber Security Plan implementation schedule Milestone 8 (CAC NO. MF6517)
Date: Wednesday, April 13, 2016 1:35:20 PM Thank you Booma I have no other questions
John
John Giarrusso, Jr
Planning, Nuclear & Preparedness Section Chief
Massachusetts Emergency Management Agency
Work - 508-820-2040
Cell - 603-817-0560
From: Venkataraman, Booma [1]
Sent: Wednesday, April 13, 2016 12:46 PM To: Giarrusso, John (CDA)
Cc: McNamara, Nancy; Tifft, Doug
Subject:
RE: Planned issuance of NRC License Amendment for Pilgrim- Revision of the Cyber Security Plan implementation schedule Milestone 8 (CAC NO. MF6517)
John, Thanks for your questions on this LAR. I provide the answers to your questions below. Let me know if you have any questions.
Question 1: Has Pilgrim provided any reason for the extension?
Currently, Milestone 8 of the Pilgrim Cyber Security Plan (CSP) requires the licensee to fully implement the CSP by June 30, 2016. By letter dated July 15, 2015 , the licensee proposed to modify the Milestone 8 completion date to December 15, 2017. The licensee provided the following information pertinent to some of the criteria identified in the NRC guidance memorandum dated October 24, 2013. 1) Identification of the specific requirement or requirements of the cyber security plan that the licensee needs additional time to implement:
The licensee stated that the requirements of the CSP that needed additional time to implement are Section 3, "Analyzing Digital Computer Systems and Networks" and Section 4, "Establishing, Implementing and Maintaining the Cyber Security Program."
It further noted that these sections describe requirements for application and maintenance of cyber security controls and described the process analyzing security controls to determine their applicability in a particular circumstance
. 2) Detailed justification that describes the reason the licensee requires additional time to implement the specific requirement or requirements identified:
The licensee stated it had hosted a "pilot" Milestone 8 inspection at the Indian Point Energy Center in March 2014.
During the pilot, insight was gained into the NRC perspective on how to apply the cyber security controls listed in NEI 08-09, "Cyber Security Plan for Nuclear Power Reactors", Revision 6, dated April 2010 (ADAMS Accession No. ML101180437).
During the pilot inspection, the NRC team and Entergy reviewed several examples of critical digital assets (CDAs), describing the level of detail and depth expected in the technical analyses for cyber security controls referenced in NEI 08-09. Based on this review, it is evident to Entergy that the detail and depth of the technical analysis exceeds its prior understanding and requires a considerably greater effort to achieve than initially anticipated.
Additionally during 2015, each operating Entergy licensee had an inspection of compliance with interim Milestones 1 through 7. The preparation for and support of these inspections has required a significant commitment of time from Entergy's most knowledgeable subject matter experts on nuclear cyber security, exceeding the estimate previously developed and thereby, drawing those resources away from Milestone 8 implementation activities.
- 3) The licensee stated in its letter dated July 15, 2015, that the impact of the requested additional implementation time on the effectiveness of the overall cyber security program is considered to be very low, because the milestones already completed have resulted in a high degree of protection of safety-related, important-to-safety, and security CDAs against common threat vectors. Additionally, extensive physical and administrative measures are already in place for CDAs [because they are plant components], pursuant to the Pilgrim Security Plan and Technical Specification Requirements.
Question 2: Have other plants asked for an extension?
Yes, other plants have also asked for an extension.
Question 3: Any safety issues by extending the deadline 1.5 years out?
The licensee indicated that completion of the activities associated with the CSP, as described in Milestones 1 through 7 were completed prior to December 31, 2012, and provide a high degree of protection to ensure that the most significant digital computer and communication systems and networks associated with safety, security and emergency preparedness functions are protected against cyber-attacks.
The NRC staff finds that the licensee's site is more secure after the implementation of Milestones 1 through 7 because the activities the licensee has completed mitigate the most significant cyber- attack vectors for the most significant CDAs.
Thanks, Booma
US. NRC/NRR/DORL
301.415.2934 From: Giarrusso, John (CDA) [mailto:john.giarrusso@state.ma.us
] Sent: Wednesday, April 13, 2016 7:29 AM To: Venkataraman, Booma <Booma.Venkataraman@nrc.gov
>
Cc: McNamara, Nancy <Nancy.McNamara@nrc.gov
>; Tifft, Doug <Doug.Tifft@nrc.gov
>
Subject:
[External_Sender]
RE: Planned issuance of NRC License Amendment for Pilgrim- Revision of the Cyber Security Plan implementation schedule Milestone 8 (CAC NO. MF6517) Booma Has Pilgrim given a reason for the extension?
Also have other plants asked for this
extension?
Any safety issues by extended the deadline 1.5 years out
John
John Giarrusso, Jr
Planning, Nuclear & Preparedness Section Chief
Massachusetts Emergency Management Agency
Work - 508-820-2040
Cell - 603-817-0560
From: Venkataraman, Booma [
mailto:Booma.Venkataraman@nrc.gov
] Sent: Monday, April 11, 2016 12:40 PM To: Giarrusso, John (CDA); Giarrusso, John (CDA)
Cc: McNamara, Nancy; Tifft, Doug
Subject:
Planned issuance of NRC License Amendment for Pilgrim- Revision of the Cyber Security Plan implementation schedule Milestone 8 (CAC NO. MF6517)
John, The NRC staff is preparing to issue the following license amendment regarding Pilgrim
Nuclear Power Station (PNPS).
A brief description of the license amendment request (LAR) is provided below.
Additional information can be found in the licensee's submittal
which is also referenced below by ADAMS Accession No.
Please let me know if you have any comments or questions regarding this licensing action
by April 18, 2016, if possible.
My current projection for issuance of the amendment is April
29, 2016.
PILGRIM NUCLEAR POWER STATION - ISSUANCE OF AMENDMENT RE: CYBER SECURITY PLAN (CSP) IMPLEMENTATION SCHEDULE Application date: July 15, 2015 (ML15205A287)
Brief
Description:
The amendment would revise the completion date of the PNPS CSP by extending the date for full implementation from June 30, 2016, to December 31, 2017. The proposed change would revise the Paragraph 3.G in the renewed facility operating license. The NRC issued a proposed finding that the amendment involves no significant hazards consideration in the Federal Register on October 27, 2015 (80 FR 65812) (Link). The NRC has not received any public comment or requests for hearing on this LAR.
Thanks, Booma Booma Venkataraman, P.E.
Project Manager, NRR/DORL/LPL1-1 Office of Nuclear Reactor Regulation Booma.Venkataraman@nrc.gov 301.415.2934