Slides from Meeting with Pacific Gas and Electric Company Regarding Diablo Canyon Process Protection System Replacement

ML111640534
Person / Time
Site:	Diablo Canyon
Issue date:	06/07/2011
From:	Pacific Gas & Electric Co
To:	Division of Operating Reactor Licensing
Wang, A B, NRR/DORL/LPLIV, 415-1445
References
Download: ML111640534 (13)
v • d • e

Text

Secu. ity-Related Ii ifo. n ration = 'Nit~~~---;';n-~~~~;;-;;; MiuJ DIABLO CANYON POWER PLANT PROCESS PROTECTION SYSTEM REPLACEMENT NSIR Meeting June 7, 2011 George Hough Pacific Gas and Electric GDH2@pge.com 805-545-4291 Scott B. Patterson Pacific Gas & Electric Co.

sbp1@pge.com 805-545-4082 Ken Schrader Pacific Gas & Electric Co.

kjse@pge.com 805-545-4328 John Hefler Altran Solutions Corp.

jhefler@altransolutions.com 415-543-6111 Ted Quinn Altran Solutions Corp.

tedquinn@cox.net 415-543-6111 Greg Clarkson AHran Solutions Corp.

gretg@rockcreektech.com 415-543-6111 SecUi ily-Related Iilfoll nalioll 'oVitl .liold Uilder It) CPR 2.390 /r8I!J 1

Seccrity-Related Infomlation = Withhold Under 10 erR 2.390 A-P->rJl NSIR Meeting Agenda (1000 to 1200)

• Introductions

• Diablo Canyon Power Plant (DCPP) Cyber Security Program Schedule

• Process Protection System (PPS) Replacement Schedule

• NSIR update on inspection acceptance criteria for meeting RG 5.71

• Programmatic approach to Cyber Security for PPS

• Cyber Security requirements for the PPS o Vendor requirements o PG&E requirements

• Summary

• Discussion Seoi:lFitv Relstefj IAfefmstieA Vlithhe Ia UAaer 10 GrR 2_3QO W~ ~

2

Seeurity Related Information Withhold Under 10 erR 2.390 p..-Q, v.>

DCPP Cyber Security - Implementation Schedule

• Cyber Security Plan Submitted -- April 4, 2011 (J Proposed Implementation Schedule o NRC is Reviewing

• Prioritized Implementation Schedule o Critical Milestones - December 31, 2012 o Full Implementation ~ Plant Specific o Dates viewed as commitments by the NRC SscLirity Rslated Infommtion 'Nithhold UFlder 10 erR 2.390 ~ &w 3

Seeurit)-Related Inforl'lation Withhold Ulldel 10 CFR 2.390 ~ lJ)

DCPP Process Protection Systetn Replacetnent-Impletnentation Schedule

• Two vendors o Westinghouse/CS Innovations

• Topical Report submitted and being reviewed

• Will not be approved before LAR Submittal

• Per ISG-06 the Westinghouse/CSI scope will be Tier 3 o InvensyslTriconex

• Topical Report submitted and being reviewed

• Will be approved before LAR Submittal

• Per ISG-06 the IOMlTriconex scope will be Tier 1

• LAR Submittal - July 2011 (30 days after Triconex v1 0 Topical Report is approved)

• LAR Approval- March 2013 (-20 months after submittal)

• Unit 1 Installation - February 2014

• Unit 2 Installation - October 2014 Seeuffly Related Informatien Y/ithheld Under 10 erR 2.390 4 ~ \f-.)

4

Seouritv Related IAffirmation ~Nithhold Under 1e CFR 2.Sg0 jJf>cJ NSIR update on inspection acceptance criteria for meeting RG 5.71

• To be provided by NRC NSIR Sesblrity ~elatea IAfeFfflstieA \'Vithhold Under 10 erR 2.390 ~(;-J 5

• Programmatic Approach I

• Critical Digital Asset (CDA) Determination

• CDA Multilayered Defense

• Full CS Involvement in CDA Life Cycle

• Periodic Program Review SfaJeuFitv RII!I"t~t'f Il"Imrm"tit"m - ""~ithh~ld Undp.f 1A P.FR 5) ~~A IJ ~ LV 6

3

~

~

4-J

~

0

~

~

C/)

~

Q) 0  ::J

"'C en Q)

~

q .en -0 Q)

U Q) co

+-'

e: Z I 0 (J en 0 CO en Q)

.en

.~

~ 0

~ Q) 0 U (J I

e: "

~ 0....

C/) .co

~

c.. c:

~ E 0

...c 0

(.,)

>- ..... CO 0 (.)

U "'C 'I e: --

~ ~

~ ~ Q)

U ()

Q *

~ DCPP CybeS;CS~R~:i;:"pW;SdU"def19CFR2.399 ~bV

• CS Involved in all project phases I

• Full Protection for PPS o Physical Protections o Network Protections o Operation and Maintenance Procedures s eeUFh' Reletea IFlfeFmstieFl

.~ u'itAAela h U FI6eF 10 erR 2.390 fJr[3 vJ 8

• CS Program Implementation in progress o Some Milestones Complete o Budgets Allocated D Senior management support

• DCPP Involved with Industry CJ NEI, INPO, STARS, USA,

• DCPP Connected to National CS Support I

Seeurity Related IRfeffl'latieR Witht'leld URder 10 erR 2.390 V~ t;0 9

en 4-J c:QJ en en

+-'

8 c ......,

QJ

~

CD c CD

.~

~ E E

~ CD

~

QJ

--:J --CD L

L c- :Jc-C CD

.~

~

L CD L..

~ en L U Q) 0 W

-c -c QJ C/) c ~

J

~

-u Q) (9 c > c..

QJ

~

u

~ - 0 0

SOSUFity Related InfoFmation 'liithhoid Under 10 CFR 2.390 tyl)0 Cyber Security Requirements

• Vendor Requirements:

~

o What is the expectation for vendors with respect to providing assurance of a secure development and operating environment?

• Some vendors will not release specific information

• Legacy software/firmware - How to address?

• Operating Systems SeeuFity Related Information ¥/itl'll'lold Under 10 CFR 2.390 ~vu 11

N en

+-'

c:

Q)

E

-:::J ~

C'"  :::J Q)

C'"

0::: Q) w a::

O(!S en C9 a..

a.. LI a..

r ummary Seol:Jril\-'~ Rcae I t ~ Information WitAAol~ U' ~

R ef 19 GrR 2.399 .).;-0..)

S

• PG&E committed to cyber security compliance in accordance with the DCPP Cyber Security Plan .

• PPS will be evaluated to the same acceptance criteria applicable to all systems for cyber security.

Seeuritv.. Rel~ted Inmm,atioli '/o'ithliold Ulidel 10 CFR 2.9§0 'A ~\?

13