Protection of Digital Computer and Communication Systems and Networks, 56525-56526 [2014-22523]
Download as PDF
<![CDATA[
asabaliauskas on DSK5VPTVN1PROD with RULES
Federal Register / Vol. 79, No. 183 / Monday, September 22, 2014 / Proposed Rules
technetium and rubidium generators;
and changes that would allow ARSOs to
be named on a medical license, as well
as other clarifying and conforming
amendments. Third, the NRC is
considering a request filed in a petition
for rulemaking (PRM–35–20) to
‘‘grandfather’’ certain board-certified
individuals.
The NRC is seeking public comment
on the potential impact of the
information collections contained in the
proposed rule and on the following
issues:
1. Is the proposed information
collection necessary for the proper
performance of the functions of the
NRC, including whether the information
will have practical utility?
2. Is the estimate of burden accurate?
3. Is there a way to enhance the
quality, utility, and clarity of the
information to be collected?
4. How can the burden of the
information collection be minimized,
including the use of automated
collection techniques?
The public may examine and have
copied, for a fee, publicly-available
documents, including the draft
supporting statement, at the NRC’s PDR,
One White Flint North, 11555 Rockville
Pike, Room O–1 F21, Rockville,
Maryland 20852. The OMB clearance
package and rule are available at the
NRC’s Web site: https://www.nrc.gov/
public-involve/doc-comment/omb/
index.html for 60 days after the
signature date of this notice.
Send comments on any aspect of
these proposed information collections,
including suggestions for reducing the
burden and on the above issues, by
October 22, 2014 to the FOIA, Privacy,
and Information Collections Branch
(T–5 F53), U.S. Nuclear Regulatory
Commission, Washington, DC 20555–
0001, or by Internet electronic mail to
INFOCOLLECTS.RESOURCE@NRC.GOV
and to the Desk Officer, Danielle Y.
Jones, Office of Information and
Regulatory Affairs, NEOB–10202,
(3150–AI63), Office of Management and
Budget, Washington, DC 20503.
Comments received after this date
will be considered if it is practical to do
so, but assurance of consideration
cannot be given to comments received
after this date. You may also email
comments to Danielle Y. Jones@
omb.eop.gov or comment by telephone
at 202–395–1741.
Dated at Rockville, Maryland, this 15th day
of September, 2014.
VerDate Sep<11>2014
16:54 Sep 19, 2014
Jkt 232001
For the Nuclear Regulatory Commission.
Annette Vietti-Cook,
Secretary of the Commission.
[FR Doc. 2014–22522 Filed 9–19–14; 8:45 am]
BILLING CODE 7590–01–P
NUCLEAR REGULATORY
COMMISSION
10 CFR Part 73
[Docket No. PRM–73–18; NRC–2014–0165]
Protection of Digital Computer and
Communication Systems and
Networks
Nuclear Regulatory
Commission.
ACTION: Petition for rulemaking;
docketing, and request for comment.
AGENCY:
The U.S. Nuclear Regulatory
Commission (NRC) has received a
petition for rulemaking (PRM) from
Anthony Pietrangelo, filed on behalf of
the Nuclear Energy Institute (NEI or the
petitioner) on June 12, 2014. The
petitioner requests that the NRC revise
its cyber security requirements to ensure
that its regulations prevent radiological
sabotage and adequately protect the
public health and safety and common
defense and security. The NRC is
requesting public comment on the
petition for rulemaking.
DATES: Submit comments by December
8, 2014. Comments received after this
date will be considered if it is practical
to do so, but the NRC is able to assure
consideration only for comments
received on or before this date.
ADDRESSES: You may submit comments
by any of the following methods:
• Federal rulemaking Web site: Go to
https://www.regulations.gov and search
for Docket ID NRC–2014–0165. Address
questions about NRC dockets to Carol
Gallagher; telephone: 301–492–3668;
email: Carol.Gallagher@nrc.gov. For
technical questions, contact the
individual listed in the FOR FURTHER
INFORMATION CONTACT section of this
document.
• Email comments to:
Rulemaking.Comments@nrc.gov. If you
do not receive an automatic email reply
confirming receipt, then contact us at
301–415–1677.
• Fax comments to: Secretary, U.S.
Nuclear Regulatory Commission at 301–
415–1101.
• Mail comments to: Secretary, U.S.
Nuclear Regulatory Commission,
Washington, DC 20555–0001, ATTN:
Rulemakings and Adjudications Staff.
• Hand deliver comments to: 11555
Rockville Pike, Rockville, Maryland
SUMMARY:
PO 00000
Frm 00002
Fmt 4702
Sfmt 4702
56525
20852, between 7:30 a.m. and 4:15 p.m.
(Eastern Time) Federal workdays;
telephone: 301–415–1677.
For additional direction on obtaining
information and submitting comments,
see ‘‘Obtaining Information and
Submitting Comments’’ in the
SUPPLEMENTARY INFORMATION section of
this document.
FOR FURTHER INFORMATION CONTACT:
Robert Beall, Office of Nuclear Reactor
Regulations, U.S. Nuclear Regulatory
Commission, Washington, DC 20555–
0001; telephone: 301–415–3874, email:
Robert.Beall@nrc.gov.
SUPPLEMENTARY INFORMATION:
I. Obtaining Information and
Submitting Comments
A. Obtaining Information
Please refer to Docket ID NRC–2014–
0165 when contacting the NRC about
the availability of information for this
petition for rulemaking. You may obtain
publicly available information related to
this action by any of the following
methods:
• Federal Rulemaking Web site: Go to
https://www.regulations.gov and search
for Docket ID NRC–2014–0165.
• NRC’s Agencywide Documents
Access and Management System
(ADAMS): You may obtain publicly
available documents online in the
ADAMS Public Documents collection at
https://www.nrc.gov/reading-rm/
adams.html. To begin the search, select
‘‘ADAMS Public Documents’’ and then
select ‘‘Begin Web-based ADAMS
Search.’’ For problems with ADAMS,
please contact the NRC’s Public
Document Room (PDR) reference staff at
1–800–397–4209, at 301–415–4737, or
by email to pdr.resource@nrc.gov. The
Petition to Amend section 73.54 of Title
10 of the Code of Federal Regulations
(10 CFR), ‘‘Protection of Digital
Computer and Communication Systems
and Networks,’’ is available in ADAMS
under Accession No. ML14184B120.
• NRC’s PDR: You may examine and
purchase copies of public documents at
the NRC’s PDR, Room O1–F21, One
White Flint North, 11555 Rockville
Pike, Rockville, Maryland 20852.
B. Submitting Comments
Please include Docket ID NRC–2014–
0165 in the subject line of your
comment submission, in order to ensure
that the NRC is able to make your
comment submission available to the
public in this docket.
The NRC cautions you not to include
identifying or contact information that
you do not want to be publicly
disclosed in you comment submission.
The NRC will post all comment
E:\FR\FM\22SEP1.SGM
22SEP1
56526
Federal Register / Vol. 79, No. 183 / Monday, September 22, 2014 / Proposed Rules
submissions at https://
www.regulations.gov as well as enter the
comment submissions into ADAMS.
The NRC does not routinely edit
comment submissions to remove
identifying or contact information.
If you are requesting or aggregating
comments from other persons for
submission to the NRC, then you should
inform those persons not to include
identifying or contact information that
they do not want to be publicly
disclosed in their comment submission.
Your request should state that the NRC
does not routinely edit comment
submissions to remove such information
before making the comment
submissions available to the public or
entering the comment submissions into
ADAMS.
II. The Petition
Anthony R. Pietrangelo, Vice
President, and Chief Nuclear Officer,
NEI, submitted a PRM dated June 12,
2014 (ADAMS Accession No.
ML14184B120), requesting that the NRC
revise its cyber security requirements.
Specifically, the petitioner requests that
the NRC revise 10 CFR 73.54(a) to
ensure the regulation is not overly
burdensome for NRC licensees, and
adequately protects the public health
and safety and common defense and
security. The petitioner requests that the
NRC promptly initiate rulemaking to
resolve this matter. The NRC has
determined that the petition meets the
threshold sufficiency requirements for a
petition for rulemaking under 10 CFR
2.802 ‘‘Petition for rulemaking,’’ and the
petition has been docketed as PRM–73–
18. The NRC is requesting public
comment on the petition for rulemaking.
asabaliauskas on DSK5VPTVN1PROD with RULES
III. The Petitioner
The petition states that NEI ‘‘is
responsible for establishing a unified
industry position on matters affecting
the nuclear energy industry, including
the regulatory aspects of generic
operational and technical issues.’’ The
petition further states that ‘‘NEI member
companies are specifically affected by
the NRC’s cyber security regulations.’’
The NEI claims it provides a ‘‘principal
interface between power reactor
licensees and the NRC on matters of
policy, including cyber security-related
policy.’’
IV. Discussion of the Petition
The petitioner states that power
reactor licensees are required to
establish and maintain a physical
protection program to protect against
the design basis threat of radiological
sabotage, and summarizes the physical
protection program and the attributes of
VerDate Sep<11>2014
16:54 Sep 19, 2014
Jkt 232001
the design basis threat of radiological
sabotage described in 10 CFR 73.1,
which include: (1) An external physical
assault, (2) an internal threat, (3) a land
vehicle bomb assault, (4) a waterborne
vehicle bomb assault, and (5) a cyber
attack. The petitioner asserts that to
prevent radiological sabotage, licensees
have well-established programs to
identify the set of personnel systems,
and equipment that must be protected
against the design basis threat in order
to prevent significant core damage and
spent fuel sabotage.
The petitioner noted that NRC’s cyber
security requirements, found in 10 CFR
73.54, provide the programmatic
requirements to defend against the
design basis threat of radiological
sabotage through a cyber attack, and that
Section 73.54(a)(1) requires licensees to
protect certain digital assets against
cyber attack even though those digital
assets, if compromised, would not
adversely impact the systems and
equipment necessary to prevent
significant core damage and spent fuel
sabotage. The petitioner asserts that the
current regulations require NRC
licensees to protect one set of systems
and equipment against the effects of
four of the attributes of the design basis
threat (physical assault; internal threat;
land vehicle bomb assault; waterborne
vehicle bomb assault), and a
substantially broader set of assets
against the fifth design basis threat
attribute, cyber attack. Further, the
petitioner contends that this regulatory
language is inconsistent with both the
agency’s intent in promulgating the
cyber security requirements and the
NRC’s programmatic requirements to
defend against other attributes of the
radiological sabotage design basis threat.
The petitioner argues that the
language in 10 CFR 73.54(a)(1)
unnecessarily diverts NRC licensee
attention and resources away from the
protection of assets that have a nexus to
radiological safety. The petitioner
asserts that this provision burdens NRC
reactor licensees without providing a
commensurate enhancement in the
protection of the public health and
safety, or plant security. Furthermore,
the petitioner claims that for digital
assets that do not reasonably require
protection against radiological sabotage,
the considerable time, resources, and
cost needed to protect them against
cyber attack is unjustified. In this
regard, the petitioner asserts that the
current cyber security regulations fail to
comply with the Commission’s
Principles of Good Regulation.
The petitioner states that the industry
has brought to the attention of the NRC
staff the significant problems created by
PO 00000
Frm 00003
Fmt 4702
Sfmt 4702
the current scoping language in 10 CFR
73.54(a), and has determined that
revisions to NRC regulations are needed
to address this problem. The petitioner
further states that implementing the
revisions proposed herein will not
adversely affect NRC licensees’ ability to
ensure that public health, safety, and
security are being adequately protected.
NEI contends that the change
proposed in its petition is the single
most important near-term regulatory
improvement that can be made in the
area of cyber security. The petitioner
claims that it would provide a
substantial benefit to regulatory clarity
and stability by assuring that licensees
have protected those assets that, if
compromised by a cyber attack, would
be inimical to the health and safety of
the public.
The complete text of the petition is
available for review as described in
Section I.A. of this document.
Because the petitioner has satisfied
the docketing criteria in 10 CFR 2.802,
‘‘Petition for rulemaking,’’ the NRC has
docketed this petition as PRM–73–18.
The NRC is reviewing the issues raised
by the petitioner to determine whether
they should be considered in the NRC’s
rulemaking process.
Dated at Rockville, Maryland, this 15th day
of September, 2014.
For the Nuclear Regulatory Commission.
Annette L. Vietti-Cook,
Secretary of the Commission.
[FR Doc. 2014–22523 Filed 9–19–14; 8:45 am]
BILLING CODE 7590–01–P
DEPARTMENT OF TRANSPORTATION
Federal Aviation Administration
14 CFR Part 39
[Docket No. FAA–2014–0648; Directorate
Identifier 2013–NM–136–AD]
RIN 2120–AA64
Airworthiness Directives; Airbus
Airplanes
Federal Aviation
Administration (FAA), DOT.
ACTION: Notice of proposed rulemaking
(NPRM).
AGENCY:
We propose to supersede
Airworthiness Directive (AD) 2010–06–
04, for certain Airbus Model A300 B2–
1C, B2–203, B2K–3C, B4–103, B4–203,
B4–2C airplanes; Model A310 series
airplanes; Model A300 B4–600 series
airplanes; and Model A300 B4–600R
series airplanes. AD 2010–06–04
currently requires repetitive inspections
to detect cracks of the pylon side panels
SUMMARY:
E:\FR\FM\22SEP1.SGM
22SEP1
]]>Agencies
[Federal Register Volume 79, Number 183 (Monday, September 22, 2014)]
[Proposed Rules]
[Pages 56525-56526]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2014-22523]
-----------------------------------------------------------------------
NUCLEAR REGULATORY COMMISSION
10 CFR Part 73
[Docket No. PRM-73-18; NRC-2014-0165]
Protection of Digital Computer and Communication Systems and
Networks
AGENCY: Nuclear Regulatory Commission.
ACTION: Petition for rulemaking; docketing, and request for comment.
-----------------------------------------------------------------------
SUMMARY: The U.S. Nuclear Regulatory Commission (NRC) has received a
petition for rulemaking (PRM) from Anthony Pietrangelo, filed on behalf
of the Nuclear Energy Institute (NEI or the petitioner) on June 12,
2014. The petitioner requests that the NRC revise its cyber security
requirements to ensure that its regulations prevent radiological
sabotage and adequately protect the public health and safety and common
defense and security. The NRC is requesting public comment on the
petition for rulemaking.
DATES: Submit comments by December 8, 2014. Comments received after
this date will be considered if it is practical to do so, but the NRC
is able to assure consideration only for comments received on or before
this date.
ADDRESSES: You may submit comments by any of the following methods:
Federal rulemaking Web site: Go to https://www.regulations.gov and search for Docket ID NRC-2014-0165. Address
questions about NRC dockets to Carol Gallagher; telephone: 301-492-
3668; email: Carol.Gallagher@nrc.gov. For technical questions, contact
the individual listed in the FOR FURTHER INFORMATION CONTACT section of
this document.
Email comments to: Rulemaking.Comments@nrc.gov. If you do
not receive an automatic email reply confirming receipt, then contact
us at 301-415-1677.
Fax comments to: Secretary, U.S. Nuclear Regulatory
Commission at 301-415-1101.
Mail comments to: Secretary, U.S. Nuclear Regulatory
Commission, Washington, DC 20555-0001, ATTN: Rulemakings and
Adjudications Staff.
Hand deliver comments to: 11555 Rockville Pike, Rockville,
Maryland 20852, between 7:30 a.m. and 4:15 p.m. (Eastern Time) Federal
workdays; telephone: 301-415-1677.
For additional direction on obtaining information and submitting
comments, see ``Obtaining Information and Submitting Comments'' in the
SUPPLEMENTARY INFORMATION section of this document.
FOR FURTHER INFORMATION CONTACT: Robert Beall, Office of Nuclear
Reactor Regulations, U.S. Nuclear Regulatory Commission, Washington, DC
20555-0001; telephone: 301-415-3874, email: Robert.Beall@nrc.gov.
SUPPLEMENTARY INFORMATION:
I. Obtaining Information and Submitting Comments
A. Obtaining Information
Please refer to Docket ID NRC-2014-0165 when contacting the NRC
about the availability of information for this petition for rulemaking.
You may obtain publicly available information related to this action by
any of the following methods:
Federal Rulemaking Web site: Go to https://www.regulations.gov and search for Docket ID NRC-2014-0165.
NRC's Agencywide Documents Access and Management System
(ADAMS): You may obtain publicly available documents online in the
ADAMS Public Documents collection at https://www.nrc.gov/reading-rm/adams.html. To begin the search, select ``ADAMS Public Documents'' and
then select ``Begin Web-based ADAMS Search.'' For problems with ADAMS,
please contact the NRC's Public Document Room (PDR) reference staff at
1-800-397-4209, at 301-415-4737, or by email to pdr.resource@nrc.gov.
The Petition to Amend section 73.54 of Title 10 of the Code of Federal
Regulations (10 CFR), ``Protection of Digital Computer and
Communication Systems and Networks,'' is available in ADAMS under
Accession No. ML14184B120.
NRC's PDR: You may examine and purchase copies of public
documents at the NRC's PDR, Room O1-F21, One White Flint North, 11555
Rockville Pike, Rockville, Maryland 20852.
B. Submitting Comments
Please include Docket ID NRC-2014-0165 in the subject line of your
comment submission, in order to ensure that the NRC is able to make
your comment submission available to the public in this docket.
The NRC cautions you not to include identifying or contact
information that you do not want to be publicly disclosed in you
comment submission. The NRC will post all comment
[[Page 56526]]
submissions at https://www.regulations.gov as well as enter the comment
submissions into ADAMS. The NRC does not routinely edit comment
submissions to remove identifying or contact information.
If you are requesting or aggregating comments from other persons
for submission to the NRC, then you should inform those persons not to
include identifying or contact information that they do not want to be
publicly disclosed in their comment submission. Your request should
state that the NRC does not routinely edit comment submissions to
remove such information before making the comment submissions available
to the public or entering the comment submissions into ADAMS.
II. The Petition
Anthony R. Pietrangelo, Vice President, and Chief Nuclear Officer,
NEI, submitted a PRM dated June 12, 2014 (ADAMS Accession No.
ML14184B120), requesting that the NRC revise its cyber security
requirements. Specifically, the petitioner requests that the NRC revise
10 CFR 73.54(a) to ensure the regulation is not overly burdensome for
NRC licensees, and adequately protects the public health and safety and
common defense and security. The petitioner requests that the NRC
promptly initiate rulemaking to resolve this matter. The NRC has
determined that the petition meets the threshold sufficiency
requirements for a petition for rulemaking under 10 CFR 2.802
``Petition for rulemaking,'' and the petition has been docketed as PRM-
73-18. The NRC is requesting public comment on the petition for
rulemaking.
III. The Petitioner
The petition states that NEI ``is responsible for establishing a
unified industry position on matters affecting the nuclear energy
industry, including the regulatory aspects of generic operational and
technical issues.'' The petition further states that ``NEI member
companies are specifically affected by the NRC's cyber security
regulations.'' The NEI claims it provides a ``principal interface
between power reactor licensees and the NRC on matters of policy,
including cyber security-related policy.''
IV. Discussion of the Petition
The petitioner states that power reactor licensees are required to
establish and maintain a physical protection program to protect against
the design basis threat of radiological sabotage, and summarizes the
physical protection program and the attributes of the design basis
threat of radiological sabotage described in 10 CFR 73.1, which
include: (1) An external physical assault, (2) an internal threat, (3)
a land vehicle bomb assault, (4) a waterborne vehicle bomb assault, and
(5) a cyber attack. The petitioner asserts that to prevent radiological
sabotage, licensees have well-established programs to identify the set
of personnel systems, and equipment that must be protected against the
design basis threat in order to prevent significant core damage and
spent fuel sabotage.
The petitioner noted that NRC's cyber security requirements, found
in 10 CFR 73.54, provide the programmatic requirements to defend
against the design basis threat of radiological sabotage through a
cyber attack, and that Section 73.54(a)(1) requires licensees to
protect certain digital assets against cyber attack even though those
digital assets, if compromised, would not adversely impact the systems
and equipment necessary to prevent significant core damage and spent
fuel sabotage. The petitioner asserts that the current regulations
require NRC licensees to protect one set of systems and equipment
against the effects of four of the attributes of the design basis
threat (physical assault; internal threat; land vehicle bomb assault;
waterborne vehicle bomb assault), and a substantially broader set of
assets against the fifth design basis threat attribute, cyber attack.
Further, the petitioner contends that this regulatory language is
inconsistent with both the agency's intent in promulgating the cyber
security requirements and the NRC's programmatic requirements to defend
against other attributes of the radiological sabotage design basis
threat.
The petitioner argues that the language in 10 CFR 73.54(a)(1)
unnecessarily diverts NRC licensee attention and resources away from
the protection of assets that have a nexus to radiological safety. The
petitioner asserts that this provision burdens NRC reactor licensees
without providing a commensurate enhancement in the protection of the
public health and safety, or plant security. Furthermore, the
petitioner claims that for digital assets that do not reasonably
require protection against radiological sabotage, the considerable
time, resources, and cost needed to protect them against cyber attack
is unjustified. In this regard, the petitioner asserts that the current
cyber security regulations fail to comply with the Commission's
Principles of Good Regulation.
The petitioner states that the industry has brought to the
attention of the NRC staff the significant problems created by the
current scoping language in 10 CFR 73.54(a), and has determined that
revisions to NRC regulations are needed to address this problem. The
petitioner further states that implementing the revisions proposed
herein will not adversely affect NRC licensees' ability to ensure that
public health, safety, and security are being adequately protected.
NEI contends that the change proposed in its petition is the single
most important near-term regulatory improvement that can be made in the
area of cyber security. The petitioner claims that it would provide a
substantial benefit to regulatory clarity and stability by assuring
that licensees have protected those assets that, if compromised by a
cyber attack, would be inimical to the health and safety of the public.
The complete text of the petition is available for review as
described in Section I.A. of this document.
Because the petitioner has satisfied the docketing criteria in 10
CFR 2.802, ``Petition for rulemaking,'' the NRC has docketed this
petition as PRM-73-18. The NRC is reviewing the issues raised by the
petitioner to determine whether they should be considered in the NRC's
rulemaking process.
Dated at Rockville, Maryland, this 15th day of September, 2014.
For the Nuclear Regulatory Commission.
Annette L. Vietti-Cook,
Secretary of the Commission.
[FR Doc. 2014-22523 Filed 9-19-14; 8:45 am]
BILLING CODE 7590-01-P
