ML12194A210: Difference between revisions

From kanterella
Jump to navigation Jump to search
(Created page by program invented by StriderTol)
(Created page by program invented by StriderTol)
 
(One intermediate revision by the same user not shown)
Line 3: Line 3:
| issue date = 07/11/2012
| issue date = 07/11/2012
| title = Draft SSES Cyber Security RAI v2
| title = Draft SSES Cyber Security RAI v2
| author name = Whited J A
| author name = Whited J
| author affiliation = NRC/NRR/DORL/LPLI-2
| author affiliation = NRC/NRR/DORL/LPLI-2
| addressee name = Manges C E
| addressee name = Manges C
| addressee affiliation = PPL Susquehanna, LLC
| addressee affiliation = PPL Susquehanna, LLC
| docket = 05000387, 05000388
| docket = 05000387, 05000388
| license number =  
| license number =  
| contact person = Whited J A
| contact person = Whited J
| package number = ml12193A570
| package number = ml12193A570
| document type = Request for Additional Information (RAI)
| document type = Request for Additional Information (RAI)
Line 16: Line 16:


=Text=
=Text=
{{#Wiki_filter:DRAFT DRAFT  OFFICE OF NUCLEAR SECURITY AND INCIDENT RESPONSE REQUEST FOR ADDITIONAL INFORMATION CHANGES TO CYBER SECUR ITY IMPLEMENTATION SCHEDULE MILESTONES 3 AND 6 PPL SUSQUEHANNA, LLC ALLEGHANY ELECTRIC COOPERATION, INC.
{{#Wiki_filter:DRAFT OFFICE OF NUCLEAR SECURITY AND INCIDENT RESPONSE REQUEST FOR ADDITIONAL INFORMATION CHANGES TO CYBER SECURITY IMPLEMENTATION SCHEDULE MILESTONES 3 AND 6 PPL SUSQUEHANNA, LLC ALLEGHANY ELECTRIC COOPERATION, INC.
DOCKET NUMBERS 50
SUSQUEHANNA STEAM ELECTRIC STATION, UNITS 1 AND 2 DOCKET NUMBERS 50-387 AND 50-388 By letter dated April 30, 2012, 1 PPL Susquehanna, LLC (PPL) submitted a license amendment request for Susquehanna Steam Electric Station, Units 1 and 2 (SSES). The proposed amendment would make changes to the cyber security implementation schedule for Milestone 3 and 6. Specifically, for Milestone 3, PPL proposes to install a deterministic data diode appliance between Layers 3 and 2 instead of between Layers 3 and 4 with no change to the approved implementation date. For Milestone 6, PPL proposes to implement the technical controls for critical digital assets (CDAs) that could adversely impact the design function of physical security target set equipment by the approved implementation date, and to implement the operational and management controls for CDAs in conjunction with the full implementation of the Cyber Security Program.
-387 AND 50
-388 SUSQUEHANNA STEAM ELECTRIC STATION, UNITS 1 AND 2 By letter dated April 30, 2012, 1 PPL Susquehanna, LLC (PPL) submitted a license amendment request for Susquehanna Steam Electric Station, Units 1 and 2 (SSES).
The proposed amendment would make changes to the cyber security implementation schedule for Milestone 3 and 6. Specifically, for Milestone 3
, PPL proposes to install a deterministic data diode appliance between Layers 3 and 2 instead of between Layers 3 and 4 with no change to the approved implementation date.
For Milestone 6, PPL proposes to implement the technical controls for critical digital assets (CDAs) that could adversely impact the design function of physical security target set equipment by the approved implementation date, and to implement the operational and management controls for CDAs in conjunction with the full implementation of the Cyber Security Program.
The U.S. Nuclear Regulatory Commission (NRC) staff has reviewed the information provided by the licensee and has determined that the following additional information is needed in order to complete the review.
The U.S. Nuclear Regulatory Commission (NRC) staff has reviewed the information provided by the licensee and has determined that the following additional information is needed in order to complete the review.
Milestone 3 of the Cyber Security Implementation Schedule implements installation of a deterministic one
Milestone 3 of the Cyber Security Implementation Schedule implements installation of a deterministic one-way device between lower level devices and higher level devices as described in Section 4.3, Defense-in-Depth Protective Strategies of the Cyber Security Plan (CSP). In the April 30, 2012, request PPL states that (emphasis added) [f]or non-security critical digital assets (CDAs), the current implementation schedule and cyber security plan describe deterministic devices between Layers 3 and 4 with firewalls between Layers 1 and 2 and between Layers 2 and 3. PPL goes on to describe that the proposed change to the cyber defensive strategy would install a deterministic device between Layers 2 and 3 with firewalls between the other layers.
-way device between lower level devices and higher level devices as described in Section 4.3, "Defense
The NRC staff would like to clarify that this proposed change does not only impact Milestone 3, but also directly impacts the CSP, Section 4.3, Defense-in-Depth Protective Strategies. Will security CDAs and safety CDAs (both residing in Layer 4) continue to be isolated from each other as described in the existing CSP?
-in-Depth Protective Strategies" of the Cyber Security Plan (CSP). In the April 30, 2012, request PPL states that (emphasis added)
1 Agencywide Documents Access and Management System (ADAMS) Accession No. ML12122A011 DRAFT}}
"[f]or non-security critical digital assets (CDAs), the current implementation schedule and cyber security plan describe deterministic devices between Layers 3 and 4 with firewalls between Layers 1 and 2 and between Layers 2 and 3.
PPL goes on to describe that the proposed change to the cyber defensive strategy would install a deterministic device between Layers 2 and 3 with firewalls between the other layers.
The NRC staff would like to clarify that this proposed change does not only impact Milestone 3, but also directly impacts the CSP, Section 4.3, "Defense
-in-Depth Protective Strategies.Will security CDAs and safety CDAs (both residing in Layer 4) continue to be isolated from each other as described in the existing CSP?
 
1 Agencywide Documents Access and Management System (ADAMS) Accession No. ML12122A011}}

Latest revision as of 01:03, 12 November 2019

Draft SSES Cyber Security RAI v2
ML12194A210
Person / Time
Site: Susquehanna  Talen Energy icon.png
Issue date: 07/11/2012
From: Jeffrey Whited
Plant Licensing Branch 1
To: Manges C
Susquehanna
Whited J
Shared Package
ml12193A570 List:
References
Download: ML12194A210 (1)


Text

DRAFT OFFICE OF NUCLEAR SECURITY AND INCIDENT RESPONSE REQUEST FOR ADDITIONAL INFORMATION CHANGES TO CYBER SECURITY IMPLEMENTATION SCHEDULE MILESTONES 3 AND 6 PPL SUSQUEHANNA, LLC ALLEGHANY ELECTRIC COOPERATION, INC.

SUSQUEHANNA STEAM ELECTRIC STATION, UNITS 1 AND 2 DOCKET NUMBERS 50-387 AND 50-388 By letter dated April 30, 2012, 1 PPL Susquehanna, LLC (PPL) submitted a license amendment request for Susquehanna Steam Electric Station, Units 1 and 2 (SSES). The proposed amendment would make changes to the cyber security implementation schedule for Milestone 3 and 6. Specifically, for Milestone 3, PPL proposes to install a deterministic data diode appliance between Layers 3 and 2 instead of between Layers 3 and 4 with no change to the approved implementation date. For Milestone 6, PPL proposes to implement the technical controls for critical digital assets (CDAs) that could adversely impact the design function of physical security target set equipment by the approved implementation date, and to implement the operational and management controls for CDAs in conjunction with the full implementation of the Cyber Security Program.

The U.S. Nuclear Regulatory Commission (NRC) staff has reviewed the information provided by the licensee and has determined that the following additional information is needed in order to complete the review.

Milestone 3 of the Cyber Security Implementation Schedule implements installation of a deterministic one-way device between lower level devices and higher level devices as described in Section 4.3, Defense-in-Depth Protective Strategies of the Cyber Security Plan (CSP). In the April 30, 2012, request PPL states that (emphasis added) [f]or non-security critical digital assets (CDAs), the current implementation schedule and cyber security plan describe deterministic devices between Layers 3 and 4 with firewalls between Layers 1 and 2 and between Layers 2 and 3. PPL goes on to describe that the proposed change to the cyber defensive strategy would install a deterministic device between Layers 2 and 3 with firewalls between the other layers.

The NRC staff would like to clarify that this proposed change does not only impact Milestone 3, but also directly impacts the CSP, Section 4.3, Defense-in-Depth Protective Strategies. Will security CDAs and safety CDAs (both residing in Layer 4) continue to be isolated from each other as described in the existing CSP?

1 Agencywide Documents Access and Management System (ADAMS) Accession No. ML12122A011 DRAFT