Text

June 17, 2019 MEMORANDUM TO: Shana Helton, Director Division of Physical and Cyber Security Policy Office of Nuclear Security and Incident Response FROM: Anthony Bowers, Acting Chief /RA/

Cyber Security Branch Division of Physical and Cyber Security Policy Office of Nuclear Security and Incident Response

SUBJECT:

CLOSED MEETING

SUMMARY

- DISCUSSION OF POTENTIAL CYBER SECURITY IMPROVEMENTS WITH THE NUCLEAR ENERGY INSTITUTE AND OTHER STAKEHOLDERS On May 29, 2019, a closed meeting was held at the Nuclear Regulatory Commission (NRC) headquarters between NRC staff, utility groups, and other stakeholders. This meeting was coordinated in response to a request from the Nuclear Energy Institute (NEI) to discuss potential improvements to the cyber security program, and for NEI to gain NRCs general alignment on a timeline for implementation and clarity on the path forward for further industry and NRC engagement. In sum, the NRC staff opened the meeting with introductions and brief remarks to acknowledge NEI and the industrys continued engagement with NRC staff to improve the overall cyber security program for nuclear power reactors. The NRC staff further stated that it would not provide any direct feedback or approval on any suggested improvements, however committed to identify points of contact within NRCs cyber security branch for each of the initiatives and to provide these points of contact to NEI and industry for future engagement within the following week.

In its opening remarks, the NEI provided its background involvement with the cyber security program as being implemented by industry, an overview of the industry effort to-date and desired outcomes of the meeting. The NEI, in collaboration with industry, identified seven areas for potential enhancement with team leads and proposed near-term schedules that could be accomplished without the need for rulemaking. The NEI provided background on the cyber security program initiative and described how the industry team reviewed each element of the cyber rule implementation to identify seven areas for potential improvement. The seven areas included: 1) Emergency preparedness functions, including offsite communications;

2) Balance-of-plant; 3) General program clarifications; 4) Safety-related and important-to-safety CONTACT: Dan Warner, NSIR/DPCP/CSB (301) 287-3642

S. Helton functions; 5) Security functions; 6) Cyber security controls; and 7) the Cyber security inspection program. Long-term improvements continued to be focused towards NRCs acceptance of NEIs petition for rulemaking (PRM-73-18) submitted to NRC in June 2014, to ultimately reduce the regulatory burden on licensees. The NEI reiterated its commitment to ensuring adequate protection of nuclear power plants against cyber-attacks.

The NEI concluded their presentation by re-emphasizing that engagement with the NRC will be important for mutual success in implementing the proposed seven enhancements, and to continue to and to adequately protect public health and safety, promote the common defense and security, and protect the environment. The NEI also reiterated the seven proposed near-term improvements can be achieved without a cyber security rule change, incorporate lessons learned and operating experience, are consistent with maintaining adequate protection, and are informed by the current threat environment. Finally, the NEI emphasized that the long-term changes to the cyber security rule are warranted and necessary.

The NRC staff concluded the meeting by reiterating their commitment to identify points of contact within NRCs cyber security branch for each initiative and to provide these points of contact to NEI and industry for future engagement within the following week and thanking everyone for their participation.

Enclosure:

Attendee List

ML19163A386 OFFICE DPCP/CSB DPCP/CSB/BC NAME DWarner ABowers DATE 6/17/19 6/17/19