I thought I’d send this to the PWR folks as well.  I believe we may have similar concerns on this issue.

 

Ed McVey

Exelon Nuclear Fuels

 

 

We discussed Cyber Security Issues at our last RCRC meeting.  I’d appreciate responses to these questions.  I know it’s a long survey, but Exelon had our experts on the 3 vendors’ Core Monitoring Systems put this together in order to help our fleet make a decision, and I would like to attempt to get the entire industry somewhat consistent on this as well.  When we get responses accumulated, we’ll send it out to everyone for your use.  Thanks

 

Ed McVey

 

Questions to Reactor Engineering Community Regarding Cyber Security:

 

Background:

 

With the issuance of 10CFR73.54 and the associated Regulatory Guide (RG 5.71), NRC licensees are now required to provide high assurance that digital computer systems, communications, and networks are adequately protected against cyber attack.  These documents require that the following systems be protected from such cyber attack:

• Safety-related and important-to-safety functions
• Security functions
• Emergency preparedness functions
• Support systems that if compromised could adversely impact safety, security, or emergency preparedness

 

The NRC has suggested the following cyber security defense architecture would be acceptable.

 

(See Attached Picture)

 

 

Where:

• Level 4 would protect control and safety systems (e.g. digital feedwater systems)
• Level 3 would protect data acquisition systems (e.g. plant process computer)
• Level 2 would protect the site network
• Level 1 would protect the greater corporate network
• Level 0 would represent the internet

 

In the NRC’s defensive model, communication would not be permitted from less secure levels to the more secure levels for Levels 3 and 4.

 

This issue could have considerable impact on the manner in which Reactor Engineers interact with the core monitoring systems.  As such, your responses to the following questions would be greatly appreciated.

 

Questions:

 

1.         What safety classification (Safety Related, Non-Safety Related, Other) does your site consider its core monitoring system?

 

2.         Does your site permit access to the core monitoring system from the following locations:

·          From non-corporate off-site locations (e.g. home)?

·          From corporate off-site locations (e.g. corporate headquarters)?

·          From on-site but outside of the control room or computer room?

 

3.         If you have access to any of the locations in Question 2, what would be the impact to your organization if this was no longer permitted?

 

4.         If you have access to any of the locations in Question 2 and this was removed, would any immediate or urgent actions be no longer possible for your Reactor Engineers in support of Operations?

 

5.         Do you feel that the core monitoring system must be considered as a system that falls within any of the following?

·          Safety-related and important-to-safety functions

·          Security functions

·          Emergency preparedness functions

·          Support systems that if compromised could adversely impact safety, security, or emergency preparedness

 

6.         Has your organization considered locating the core monitoring system in Level 2?  What is the basis of this decision?

 

7.         Has your organization considered replicating the core monitoring system in Level 2 with a secure CMS in Level 3?  Would you feel that predictions run in Level 2 would need to be repeated on the secure system?

 

8.         Do you feel that a reactor engineering working group should be developed to address cyber security impacts on core monitoring systems?

 

9.         Would you like to actively participate in such a working group?  If so, please provide a contact name, phone number, and e-mail.