ML082880092
| ML082880092 | |
| Person / Time | |
|---|---|
| Site: | LaSalle  |
| Issue date: | 10/02/2008 |
| From: | Gursharan Singh Division of Engineering |
| To: | Sands S Division of Operating Reactor Licensing |
| Sands S,NRR/DORL, 415-3154 | |
| References | |
| Download: ML082880092 (1) | |
Text
From:
Gursharan Singh Sent:
Thursday, October 02, 2008 12:58 PM To:
Stephen Sands Cc:
Jonah Pezeshki; Paul Loeser
Subject:
Further Clarifications needed on La Salle 9/2 and 9/12 RAI response submittals
- Stephen, A telephone conference call was set up with La Salle on October 1, 2008 to obtain further clarification regarding the RAI responses provided by La Salle in their September 2 and September 12, 2008 submittals. Based on the partial clarifications provided by La Salle it was agreed that La Salle will provide additional information in support of the following items:
EGC Response to EICB-6 The first part of the question requested justification for the conclusion that smaller switches have similar or better seismic withstand capability as compared with the existing switches.
La Salle has answered the second part of the question and not the first part. Please provide response on the first part of the question.
EGC Response to EICB-7 EGC response indicates that since Level 4 and Level 3 are connected via two-way communication, EGC conforms to the modified 4-Level model. In such case NEI 04-04 requires that a buffer network with disposable resources be setup to help delay and confuse the adversaries. Such disposable resources are often termed as honeypots or honeynets. In EGC Figure 3, we do not see a buffer network similar to the buffer network described in NEI 04-04 (refer to page B-11 of NEI 04-04). Please provide us the sketch or description of such a network.
Figure 3 shows two-way communication between Level 3 and Level 2. NEI 04-04 shows one way communication from Level 3 to Level 2. If two-way communication is not intended then Figure 3 should be updated to reflect one-way communication from Level 3 to Level 2. If two-way communication is deemed essential then please justify the use of this two-way communication. Further, if two-way communication is limited to certain messages and/or message types, please clarify and justify the same. The justification must address why two-way communication is essential and what additional steps have been taken to achieve the equivalent of one way communication. Per the guidance provided in NEI 04-04 Appendix B, data may be passed from a higher level to a lower level (i.e. from Level 4 to Level 3 or from Level 3 to Level
- 2) and data may not be passed from a lower level to a higher level. Appendix B further states that, A dependency relation must not exist between the Control & Safety Systems Network and Data Acquisition Network that would prevent the Control & Safety System Network or any of its CDAs from performing their intended function. La Salle to explain how it meets this communication guidance.
In response to RAI EICB-4, La Salle stated that, As a result of company-wide NEI 04-04 Cyber security reviews, EGC determined that intrusion detection software should be added to all
company firewalls as a general mitigating action. The words should be do not represent a firm decision. If EGC has determined that intrusion detection software will be added for all firewalls then it should state so clearly, and include a summary of how such intrusion detection software is implemented (e.g. location of honeypots, summary of how information captures by honeypots is utilized for both preventative and forensic purposes, etc).
Figure 3 does not show any firewall for the business unit LAN level (between Levels 2 and 1).
Please either update the diagram to show this firewall, or justify its omission.
During the telephone conference call on October 1, 2008, La Salle indicated that Figure 3 did not completely represent all the cyber security features that are in place and agreed to provide a more detailed equivalent of Figure 3 with clarification notes as needed.
Gursharan Singh 301-415-2962 E-mail Properties Mail Envelope Properties (C4A4C9A16294FB4CBA5A36312D05FFAC0AC09D9BD0)
Subject:
Further Clarifications needed on La Salle 9/2 and 9/12 RAI response submittals Sent Date: 10/02/2008 12:57:42 PM Received Date: 10/02/2008 12:57:42 PM From: Gursharan Singh Created By: Gursharan.Singh@nrc.gov Recipients:
Stephen.Sands@nrc.gov (Stephen Sands)
Tracking Status: None Jonah.Pezeshki@nrc.gov (Jonah Pezeshki)
Tracking Status: None Paul.Loeser@nrc.gov (Paul Loeser)
Tracking Status: None Post Office:
HQCLSTR02.nrc.gov Files Size Date & Time MESSAGE 14198 10/02/2008 Options Expiration Date:
Priority: olImportanceNormal ReplyRequested: False Return Notification: False
Sensitivity: olNormal Recipients received: