ML16105A049

From kanterella
Revision as of 03:27, 30 March 2018 by StriderTol (talk | contribs) (Created page by program invented by StriderTol)
Jump to navigation Jump to search

Pilgrim Nuclear Power Station - E-mail Planned Issuance of NRC License Amendment for Pilgrim - Revision of the Cyber Security Plan Implementation Schedule Milestone 8 (CAC No. MF6517)
ML16105A049
Person / Time
Site: Pilgrim
Issue date: 04/13/2016
From: Giarrusso J
State of MA, Emergency Management Agency
To: Booma Venkataraman
Plant Licensing Branch 1
Ventkataraman V, DORL/LPLI-I, 415-2934
References
CAC MF6517
Download: ML16105A049 (1)


Text

From:Giarrusso, John (CDA)To:Venkataraman, BoomaCc:McNamara, Nancy; Tifft, DougSubject:[External_Sender] RE: Planned issuance of NRC License Amendment for Pilgrim- Revision of the Cyber Security Plan implementation schedule Milestone 8 (CAC NO. MF6517)Date:Wednesday, April 13, 2016 1:35:20 PMThank you Booma I have no other questions John

John Giarrusso, Jr Planning, Nuclear & Preparedness Section Chief Massachusetts Emergency Management Agency Work - 508-820-2040 Cell - 603-817-0560 From: Venkataraman, Booma [1] Sent: Wednesday, April 13, 2016 12:46 PMTo: Giarrusso, John (CDA)Cc: McNamara, Nancy; Tifft, DougSubject: RE: Planned issuance of NRC License Amendment for Pilgrim- Revision of the Cyber Security Plan implementation schedule Milestone 8 (CAC NO. MF6517) John,Thanks for your questions on this LAR. I provide the answers to your questions below. Let me know if you have any questions.

Question 1: Has Pilgrim provided any reason for the extension?

Currently, Milestone 8 of the Pilgrim Cyber Security Plan (CSP) requires the licensee to fully implement the CSP by June 30, 2016. By letter dated July 15, 2015, the licensee proposed to modify the Milestone 8 completion date to December 15, 2017. The licensee provided the following information pertinent to some of the criteria identified in the NRC guidance memorandum dated October 24, 2013. 1) Identification of the specific requirement or requirements of the cyber security plan that the licensee needs additional time to implement: The licensee stated that the requirements of the CSP that needed additional time to implement are Section 3, "Analyzing Digital Computer Systems and Networks" and Section 4, "Establishing, Implementing and Maintaining the Cyber Security Program." It further noted that these sections describe requirements for application and maintenance of cyber security controls and described the process analyzing security controls to determine their applicability in a particular circumstance. 2) Detailed justification that describes the reason the licensee requires additional time to implement the specific requirement or requirements identified: The licensee stated it had hosted a "pilot" Milestone 8 inspection at the Indian Point Energy Center in March 2014.

During the pilot, insight was gained into the NRC perspective on how to apply the cyber security controls listed in NEI 08-09, "Cyber Security Plan for Nuclear Power Reactors", Revision 6, dated April 2010 (ADAMS Accession No. ML101180437). During the pilot inspection, the NRC team and Entergy reviewed several examples of critical digital assets (CDAs), describing the level of detail and depth expected in the technical analyses for cyber security controls referenced in NEI 08-09. Based on this review, it is evident to Entergy that the detail and depth of the technical analysis exceeds its prior understanding and requires a considerably greater effort to achieve than initially anticipated. Additionally during 2015, each operating Entergy licensee had an inspection of compliance with interim Milestones 1 through 7. The preparation for and support of these inspections has required a significant commitment of time from Entergy's most knowledgeable subject matter experts on nuclear cyber security, exceeding the estimate previously developed and thereby, drawing those resources away from Milestone 8 implementation activities. 3) The licensee stated in its letter dated July 15, 2015, that the impact of the requested additional implementation time on the effectiveness of the overall cyber security program is considered to be very low, because the milestones already completed have resulted in a high degree of protection of safety-related, important-to-safety, and security CDAs against common threat vectors. Additionally, extensive physical and administrative measures are already in place for CDAs [because they are plant components], pursuant to the Pilgrim Security Plan and Technical Specification Requirements. Question 2: Have other plants asked for an extension? Yes, other plants have also asked for an extension. Question 3: Any safety issues by extending the deadline 1.5 years out? The licensee indicated that completion of the activities associated with the CSP, as described in Milestones 1 through 7 were completed prior to December 31, 2012, and provide a high degree of protection to ensure that the most significant digital computer and communication systems and networks associated with safety, security and emergency preparedness functions are protected against cyber-attacks. The NRC staff finds that the licensee's site is more secure after the implementation of Milestones 1 through 7 because the activities the licensee has completed mitigate the most significant cyber- attack vectors for the most significant CDAs.

Thanks, Booma US. NRC/NRR/DORL 301.415.2934 From: Giarrusso, John (CDA) [2] Sent: Wednesday, April 13, 2016 7:29 AMTo: Venkataraman, Booma <Booma.Venkataraman@nrc.gov>

Cc: McNamara, Nancy <Nancy.McNamara@nrc.gov>; Tifft, Doug <Doug.Tifft@nrc.gov>Subject: [External_Sender] RE: Planned issuance of NRC License Amendment for Pilgrim- Revision of the Cyber Security Plan implementation schedule Milestone 8 (CAC NO. MF6517) BoomaHas Pilgrim given a reason for the extension? Also have other plants asked for this extension? Any safety issues by extended the deadline 1.5 years out John

John Giarrusso, Jr Planning, Nuclear & Preparedness Section Chief Massachusetts Emergency Management Agency Work - 508-820-2040 Cell - 603-817-0560 From: Venkataraman, Booma [3] Sent: Monday, April 11, 2016 12:40 PMTo: Giarrusso, John (CDA); Giarrusso, John (CDA)Cc: McNamara, Nancy; Tifft, DougSubject: Planned issuance of NRC License Amendment for Pilgrim- Revision of the Cyber Security Plan implementation schedule Milestone 8 (CAC NO. MF6517) John, The NRC staff is preparing to issue the following license amendment regarding Pilgrim Nuclear Power Station (PNPS). A brief description of the license amendment request (LAR) is provided below. Additional information can be found in the licensee's submittal which is also referenced below by ADAMS Accession No.

Please let me know if you have any comments or questions regarding this licensing action by April 18, 2016, if possible. My current projection for issuance of the amendment is April 29, 2016. PILGRIM NUCLEAR POWER STATION - ISSUANCE OF AMENDMENT RE: CYBER SECURITY PLAN (CSP) IMPLEMENTATION SCHEDULE Application date: July 15, 2015 (ML15205A287) Brief Description: The amendment would revise the completion date of the PNPS CSP by extending the date for full implementation from June 30, 2016, to December 31, 2017. The proposed change would revise the Paragraph 3.G in the renewed facility operating license. The NRC issued a proposed finding that the amendment involves no significant hazards consideration in the Federal Register on October 27, 2015 (80 FR 65812) (Link). The NRC has not received any public comment or requests for hearing on this LAR.

Thanks, Booma Booma Venkataraman, P.E.Project Manager, NRR/DORL/LPL1-1 Office of Nuclear Reactor RegulationBooma.Venkataraman@nrc.gov301.415.2934