RIS 2009-13, Emergency Response Data System Upgrade from Modem to Virtual Private Network Appliance
| ML092670124 | |
| Person / Time | |
|---|---|
| Issue date: | 09/28/2009 |
| From: | Mcginty T, Tracy G Division of Construction Inspection and Operational Programs, Division of Policy and Rulemaking |
| To: | |
| stransky R NSIR/DIRO (301) 415-6411 | |
| References | |
| RIS-09-013 | |
| Download: ML092670124 (5) | |
UNITED STATES
NUCLEAR REGULATORY COMMISSION
OFFICE OF NUCLEAR REACTOR REGULATION
WASHINGTON, DC 20555-0001
September 28, 2009
NRC REGULATORY ISSUE SUMMARY 2009-13 EMERGENCY RESPONSE DATA SYSTEM UPGRADE FROM MODEM TO VIRTUAL
PRIVATE NETWORK APPLIANCE
ADDRESSEES
All holders of operating licenses for nuclear power reactors under the provisions of Title 10 of the Code of Federal Regulations (10 CFR) Part 50, Domestic Licensing of Production and Utilization Facilities, except those that have ceased operations and have certified that fuel has been permanently removed from the reactor vessel.
All holders of, and applicants for, nuclear power plant construction permits under the provisions of 10 CFR Part 50, Domestic Licensing of Production and Utilization Facilities.
All holders of, and applicants for, combined licenses under the provisions of 10 CFR Part 52, Licenses, Certifications, and Approvals for Nuclear Power Plants.
INTENT
The U.S. Nuclear Regulatory Commission (NRC) is issuing this regulatory issue summary (RIS)
to notify current and future power reactor licensees of pending changes to the technology used to transmit data from power reactor facility sites to the emergency response data system (ERDS) server at NRC Headquarters (HQ) and to solicit licensees to transition voluntarily to the new technology.
BACKGROUND
In Appendix E to 10 CFR Part 50, the NRC requires power reactor licensees to transmit ERDS
data to a server at NRC HQ. Licensees currently use analog modulator/demodulators (modems) to establish point-to-point data connections. Although this technology was state of the art when ERDS was first implemented, it is now obsolete, and replacement equipment is no longer readily available. In addition, the use of modems inherently introduces a cyber security vulnerability to the systems to which they are attached.
As part of the NRCs current effort to modernize the ERDS infrastructure, the NRC has been working with individual licensees to develop an acceptable solution to replace the existing modems. The most promising technology explored was virtual private network (VPN)
technology used to create a secure point-to-point data pathway between the licensee site and NRC HQ. This VPN technology is a current, stable, and reliable information technology industry
standard. In addition, this technology will permit all ERDS-enabled facilities to connect to NRC
HQ simultaneously, thus, enhancing the NRCs ability to respond to incidents that may affect multiple licensees simultaneously, such as grid instability events.
From September 2008 through December 2008, the NRC conducted prototype testing with several licensees (i.e., Exelon Nuclear Corporation, Progress Energy, and the Tennessee Valley Authority) to investigate the viability of using a VPN for the secure transmission of data from power reactor facilities to the ERDS server located at NRC HQ. The NRC provided VPN
appliances and configuration support to these licensees. All major test objectives were met.
Based on the success of the prototype testing and on the interest expressed by numerous licensees, the NRC intends to proceed with the replacement of existing analog modems with VPN devices. The purpose of this RIS is to solicit licensees to transition voluntarily to the VPN
technology.
SUMMARY OF ISSUE
S
This RIS informs licensees of a voluntary program that they can participate in to upgrade the technology used to transmit plant information to the ERDS server in order to address the following two issues:
(1)
The modem technology currently employed to transmit ERDS data from power reactor sites to NRC HQ is obsolete. In addition, replacement modems are no longer readily available.
(2)
The use of modems inherently introduces cyber security vulnerabilities to the systems to which they are attached.
Based on the success of the prototype testing, the NRC has decided to enter into a voluntary program with individual licensees to replace the current NRC-supplied modem with an NRC-supplied VPN appliance. As of May 1, 2009, licensees representing 19 sites have already expressed interest in transitioning to the VPN solution.
Although ongoing implementation of the ERDS modernization project will change the device used to transmit data, it does not affect the criteria for transmitting ERDS data, the transmission frequency, the data point library, or any other aspect of ERDS implementation as described in
10 CFR 50.72(a)(4); Appendix E, Emergency Planning and Preparedness for Production and Utilization Facilities, to 10 CFR Part 50; and NUREG-1394, Revision 1, Emergency Response Data System Implementation, published in June 1991. The NRC staff also notes that the use of an NRC-provided VPN appliance, when properly configured, is consistent with guidance provided in draft Regulatory Guide 5.71, Cyber Security Programs for Nuclear Facilities, (Official Use Only - Security Related Information).
Licensees interested in participating in the voluntary program to replace their modems with an NRC-supplied VPN appliance are encouraged to contact the ERDS support desk by telephone at (301) 415-0467 or through e-mail at ERDS.Resource@nrc.gov. The NRC will support licensee requests in the order in which they are received.
BACKFIT DISCUSSION
The intent of this RIS is to inform stakeholders of a change to the data transmission technology for ERDS information. This change is a part of the continuing ERDS modernization project, and it will provide improved technology and cyber security for both licensees and the NRC. This RIS
informs stakeholders of the change to the technology to transmit ERDS data to the NRC in accordance with 10 CFR Part 50 and to solicit voluntary participation by licensees in a program to replace obsolete technology with modern equipment.
This RIS provides licensees an opportunity to schedule a replacement of NRC-provided obsolete modems with NRC-provided VPN technology. The staff is not imposing any new positions on licensees. This RIS is not providing any new regulatory requirements. This RIS
only conveys the NRCs plan to address issues with the current ERDS modem technology. No action is required on the part of any licensee; therefore, this document does not constitute a backfit under 10 CFR 50.109, Backfitting. Consequently, the staff did not perform a backfit analysis.
FEDERAL REGISTER NOTIFICATION
Although this RIS is informational and does not represent a departure from current regulatory requirements, a notice of opportunity for public comment on this RIS was published in the Federal Register, July 20, 2009 (74 FR 35208).
CONGRESSIONAL REVIEW ACT
This RIS is not a rule as designated by the Congressional Review Act (5 U.S.C. §§ 801-808)
and, therefore, is not subject to the Act.
PAPERWORK REDUCTION ACT STATEMENT
This RIS does not contain information collections and, therefore, is not subject to the requirements of the Paperwork Reduction Act of 1995 (44 U.S.C. 3501, et seq.).
PUBLIC PROTECTION NOTIFICATION
The NRC may not conduct or sponsor, and a person is not required to respond to, a request for information or an information collection requirement unless the requesting document displays a current valid Office of Management and Budget control number.
CONTACT
Please direct any questions about this matter to one of the technical contacts listed below.
/RA by OTabatabai for/
/RA/
Glenn M. Tracy, Director
Timothy J. McGinty, Director Division of Construction Inspection
Division of Policy and Rulemaking and Operational Programs
Office of Nuclear Reactor Regulation Office of New Reactors
Technical Contacts: Roberto Figueroa
(301) 415-6075
E-mail: roberto.figueroa@nrc.gov
(301) 415-6411
E-mail: robert.stransky@nrc.gov
CONTACT
Please direct any questions about this matter to one of the technical contacts listed below.
/RA by OTabatabai for/
/RA/
Glenn M. Tracy, Director
Timothy J. McGinty, Director Division of Construction Inspection
Division of Policy and Rulemaking and Operational Programs
Office of Nuclear Reactor Regulation Office of New Reactors
Technical Contacts: Roberto Figueroa
NSIR/PMDA/ITB
(301) 415-6075
E-mail: Roberto.figueroa@nrc.gov
(301) 415-6411
NSIR/DPR/OB
E-mail: robert.stransky@nrc.gov
Adams Accession ML092670124 Sec Log #2477 ME1278
OFFICE
IR/DPR
ITB/PMDA
ITB/PMDA
PMDA
CB/IR
DD/IR/DPR
NAME
RStransky RFigueroa CBrown VHuth WGott BMcDermott
DATE
05/18/09
05/18/09
05/20/09
5/ 20 /09
5/21/09
05/28/09
OFFICE
D/DPR/NSIR
Tech Editor OGC/CRA
OGC/NLO
D/DORL
NAME
MLeach KAzariah- Kribbs TRothschild HBenowitz JGiitter SMagruder
DATE
06/3/09
06/8/09
06/17/09
06/26/09
06/30/09
06/30/09
OFFICE
OIS
PMDA/NRR
PGCB/LA
PGCB
BC/PGCB
NAME
TBoyce OTabatabai for GTracy LHill CHawes SStuchell MMurphy
DATE
06/26/09
06/29/09
07/07/09
07/08/09
09/23/09
09/24/09
OFFICE
D/DPR
NAME
TMcGinty
DATE
09/28/09 OFFICIAL RECORD COPY