Protection of Digital Computer and Communication Systems and Networks, 56525-56526 [2014-22523]

Download as PDF asabaliauskas on DSK5VPTVN1PROD with RULES Federal Register / Vol. 79, No. 183 / Monday, September 22, 2014 / Proposed Rules technetium and rubidium generators; and changes that would allow ARSOs to be named on a medical license, as well as other clarifying and conforming amendments. Third, the NRC is considering a request filed in a petition for rulemaking (PRM–35–20) to ‘‘grandfather’’ certain board-certified individuals. The NRC is seeking public comment on the potential impact of the information collections contained in the proposed rule and on the following issues: 1. Is the proposed information collection necessary for the proper performance of the functions of the NRC, including whether the information will have practical utility? 2. Is the estimate of burden accurate? 3. Is there a way to enhance the quality, utility, and clarity of the information to be collected? 4. How can the burden of the information collection be minimized, including the use of automated collection techniques? The public may examine and have copied, for a fee, publicly-available documents, including the draft supporting statement, at the NRC’s PDR, One White Flint North, 11555 Rockville Pike, Room O–1 F21, Rockville, Maryland 20852. The OMB clearance package and rule are available at the NRC’s Web site: http://www.nrc.gov/ public-involve/doc-comment/omb/ index.html for 60 days after the signature date of this notice. Send comments on any aspect of these proposed information collections, including suggestions for reducing the burden and on the above issues, by October 22, 2014 to the FOIA, Privacy, and Information Collections Branch (T–5 F53), U.S. Nuclear Regulatory Commission, Washington, DC 20555– 0001, or by Internet electronic mail to INFOCOLLECTS.RESOURCE@NRC.GOV and to the Desk Officer, Danielle Y. Jones, Office of Information and Regulatory Affairs, NEOB–10202, (3150–AI63), Office of Management and Budget, Washington, DC 20503. Comments received after this date will be considered if it is practical to do so, but assurance of consideration cannot be given to comments received after this date. You may also email comments to Danielle Y. Jones@ omb.eop.gov or comment by telephone at 202–395–1741. Dated at Rockville, Maryland, this 15th day of September, 2014. VerDate Sep<11>2014 16:54 Sep 19, 2014 Jkt 232001 For the Nuclear Regulatory Commission. Annette Vietti-Cook, Secretary of the Commission. [FR Doc. 2014–22522 Filed 9–19–14; 8:45 am] BILLING CODE 7590–01–P NUCLEAR REGULATORY COMMISSION 10 CFR Part 73 [Docket No. PRM–73–18; NRC–2014–0165] Protection of Digital Computer and Communication Systems and Networks Nuclear Regulatory Commission. ACTION: Petition for rulemaking; docketing, and request for comment. AGENCY: The U.S. Nuclear Regulatory Commission (NRC) has received a petition for rulemaking (PRM) from Anthony Pietrangelo, filed on behalf of the Nuclear Energy Institute (NEI or the petitioner) on June 12, 2014. The petitioner requests that the NRC revise its cyber security requirements to ensure that its regulations prevent radiological sabotage and adequately protect the public health and safety and common defense and security. The NRC is requesting public comment on the petition for rulemaking. DATES: Submit comments by December 8, 2014. Comments received after this date will be considered if it is practical to do so, but the NRC is able to assure consideration only for comments received on or before this date. ADDRESSES: You may submit comments by any of the following methods: • Federal rulemaking Web site: Go to http://www.regulations.gov and search for Docket ID NRC–2014–0165. Address questions about NRC dockets to Carol Gallagher; telephone: 301–492–3668; email: Carol.Gallagher@nrc.gov. For technical questions, contact the individual listed in the FOR FURTHER INFORMATION CONTACT section of this document. • Email comments to: Rulemaking.Comments@nrc.gov. If you do not receive an automatic email reply confirming receipt, then contact us at 301–415–1677. • Fax comments to: Secretary, U.S. Nuclear Regulatory Commission at 301– 415–1101. • Mail comments to: Secretary, U.S. Nuclear Regulatory Commission, Washington, DC 20555–0001, ATTN: Rulemakings and Adjudications Staff. • Hand deliver comments to: 11555 Rockville Pike, Rockville, Maryland SUMMARY: PO 00000 Frm 00002 Fmt 4702 Sfmt 4702 56525 20852, between 7:30 a.m. and 4:15 p.m. (Eastern Time) Federal workdays; telephone: 301–415–1677. For additional direction on obtaining information and submitting comments, see ‘‘Obtaining Information and Submitting Comments’’ in the SUPPLEMENTARY INFORMATION section of this document. FOR FURTHER INFORMATION CONTACT: Robert Beall, Office of Nuclear Reactor Regulations, U.S. Nuclear Regulatory Commission, Washington, DC 20555– 0001; telephone: 301–415–3874, email: Robert.Beall@nrc.gov. SUPPLEMENTARY INFORMATION: I. Obtaining Information and Submitting Comments A. Obtaining Information Please refer to Docket ID NRC–2014– 0165 when contacting the NRC about the availability of information for this petition for rulemaking. You may obtain publicly available information related to this action by any of the following methods: • Federal Rulemaking Web site: Go to http://www.regulations.gov and search for Docket ID NRC–2014–0165. • NRC’s Agencywide Documents Access and Management System (ADAMS): You may obtain publicly available documents online in the ADAMS Public Documents collection at http://www.nrc.gov/reading-rm/ adams.html. To begin the search, select ‘‘ADAMS Public Documents’’ and then select ‘‘Begin Web-based ADAMS Search.’’ For problems with ADAMS, please contact the NRC’s Public Document Room (PDR) reference staff at 1–800–397–4209, at 301–415–4737, or by email to pdr.resource@nrc.gov. The Petition to Amend section 73.54 of Title 10 of the Code of Federal Regulations (10 CFR), ‘‘Protection of Digital Computer and Communication Systems and Networks,’’ is available in ADAMS under Accession No. ML14184B120. • NRC’s PDR: You may examine and purchase copies of public documents at the NRC’s PDR, Room O1–F21, One White Flint North, 11555 Rockville Pike, Rockville, Maryland 20852. B. Submitting Comments Please include Docket ID NRC–2014– 0165 in the subject line of your comment submission, in order to ensure that the NRC is able to make your comment submission available to the public in this docket. The NRC cautions you not to include identifying or contact information that you do not want to be publicly disclosed in you comment submission. The NRC will post all comment E:\FR\FM\22SEP1.SGM 22SEP1 56526 Federal Register / Vol. 79, No. 183 / Monday, September 22, 2014 / Proposed Rules submissions at http:// www.regulations.gov as well as enter the comment submissions into ADAMS. The NRC does not routinely edit comment submissions to remove identifying or contact information. If you are requesting or aggregating comments from other persons for submission to the NRC, then you should inform those persons not to include identifying or contact information that they do not want to be publicly disclosed in their comment submission. Your request should state that the NRC does not routinely edit comment submissions to remove such information before making the comment submissions available to the public or entering the comment submissions into ADAMS. II. The Petition Anthony R. Pietrangelo, Vice President, and Chief Nuclear Officer, NEI, submitted a PRM dated June 12, 2014 (ADAMS Accession No. ML14184B120), requesting that the NRC revise its cyber security requirements. Specifically, the petitioner requests that the NRC revise 10 CFR 73.54(a) to ensure the regulation is not overly burdensome for NRC licensees, and adequately protects the public health and safety and common defense and security. The petitioner requests that the NRC promptly initiate rulemaking to resolve this matter. The NRC has determined that the petition meets the threshold sufficiency requirements for a petition for rulemaking under 10 CFR 2.802 ‘‘Petition for rulemaking,’’ and the petition has been docketed as PRM–73– 18. The NRC is requesting public comment on the petition for rulemaking. asabaliauskas on DSK5VPTVN1PROD with RULES III. The Petitioner The petition states that NEI ‘‘is responsible for establishing a unified industry position on matters affecting the nuclear energy industry, including the regulatory aspects of generic operational and technical issues.’’ The petition further states that ‘‘NEI member companies are specifically affected by the NRC’s cyber security regulations.’’ The NEI claims it provides a ‘‘principal interface between power reactor licensees and the NRC on matters of policy, including cyber security-related policy.’’ IV. Discussion of the Petition The petitioner states that power reactor licensees are required to establish and maintain a physical protection program to protect against the design basis threat of radiological sabotage, and summarizes the physical protection program and the attributes of VerDate Sep<11>2014 16:54 Sep 19, 2014 Jkt 232001 the design basis threat of radiological sabotage described in 10 CFR 73.1, which include: (1) An external physical assault, (2) an internal threat, (3) a land vehicle bomb assault, (4) a waterborne vehicle bomb assault, and (5) a cyber attack. The petitioner asserts that to prevent radiological sabotage, licensees have well-established programs to identify the set of personnel systems, and equipment that must be protected against the design basis threat in order to prevent significant core damage and spent fuel sabotage. The petitioner noted that NRC’s cyber security requirements, found in 10 CFR 73.54, provide the programmatic requirements to defend against the design basis threat of radiological sabotage through a cyber attack, and that Section 73.54(a)(1) requires licensees to protect certain digital assets against cyber attack even though those digital assets, if compromised, would not adversely impact the systems and equipment necessary to prevent significant core damage and spent fuel sabotage. The petitioner asserts that the current regulations require NRC licensees to protect one set of systems and equipment against the effects of four of the attributes of the design basis threat (physical assault; internal threat; land vehicle bomb assault; waterborne vehicle bomb assault), and a substantially broader set of assets against the fifth design basis threat attribute, cyber attack. Further, the petitioner contends that this regulatory language is inconsistent with both the agency’s intent in promulgating the cyber security requirements and the NRC’s programmatic requirements to defend against other attributes of the radiological sabotage design basis threat. The petitioner argues that the language in 10 CFR 73.54(a)(1) unnecessarily diverts NRC licensee attention and resources away from the protection of assets that have a nexus to radiological safety. The petitioner asserts that this provision burdens NRC reactor licensees without providing a commensurate enhancement in the protection of the public health and safety, or plant security. Furthermore, the petitioner claims that for digital assets that do not reasonably require protection against radiological sabotage, the considerable time, resources, and cost needed to protect them against cyber attack is unjustified. In this regard, the petitioner asserts that the current cyber security regulations fail to comply with the Commission’s Principles of Good Regulation. The petitioner states that the industry has brought to the attention of the NRC staff the significant problems created by PO 00000 Frm 00003 Fmt 4702 Sfmt 4702 the current scoping language in 10 CFR 73.54(a), and has determined that revisions to NRC regulations are needed to address this problem. The petitioner further states that implementing the revisions proposed herein will not adversely affect NRC licensees’ ability to ensure that public health, safety, and security are being adequately protected. NEI contends that the change proposed in its petition is the single most important near-term regulatory improvement that can be made in the area of cyber security. The petitioner claims that it would provide a substantial benefit to regulatory clarity and stability by assuring that licensees have protected those assets that, if compromised by a cyber attack, would be inimical to the health and safety of the public. The complete text of the petition is available for review as described in Section I.A. of this document. Because the petitioner has satisfied the docketing criteria in 10 CFR 2.802, ‘‘Petition for rulemaking,’’ the NRC has docketed this petition as PRM–73–18. The NRC is reviewing the issues raised by the petitioner to determine whether they should be considered in the NRC’s rulemaking process. Dated at Rockville, Maryland, this 15th day of September, 2014. For the Nuclear Regulatory Commission. Annette L. Vietti-Cook, Secretary of the Commission. [FR Doc. 2014–22523 Filed 9–19–14; 8:45 am] BILLING CODE 7590–01–P DEPARTMENT OF TRANSPORTATION Federal Aviation Administration 14 CFR Part 39 [Docket No. FAA–2014–0648; Directorate Identifier 2013–NM–136–AD] RIN 2120–AA64 Airworthiness Directives; Airbus Airplanes Federal Aviation Administration (FAA), DOT. ACTION: Notice of proposed rulemaking (NPRM). AGENCY: We propose to supersede Airworthiness Directive (AD) 2010–06– 04, for certain Airbus Model A300 B2– 1C, B2–203, B2K–3C, B4–103, B4–203, B4–2C airplanes; Model A310 series airplanes; Model A300 B4–600 series airplanes; and Model A300 B4–600R series airplanes. AD 2010–06–04 currently requires repetitive inspections to detect cracks of the pylon side panels SUMMARY: E:\FR\FM\22SEP1.SGM 22SEP1

Agencies

[Federal Register Volume 79, Number 183 (Monday, September 22, 2014)]
[Proposed Rules]
[Pages 56525-56526]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2014-22523]


-----------------------------------------------------------------------

NUCLEAR REGULATORY COMMISSION

10 CFR Part 73

[Docket No. PRM-73-18; NRC-2014-0165]


Protection of Digital Computer and Communication Systems and 
Networks

AGENCY: Nuclear Regulatory Commission.

ACTION: Petition for rulemaking; docketing, and request for comment.

-----------------------------------------------------------------------

SUMMARY: The U.S. Nuclear Regulatory Commission (NRC) has received a 
petition for rulemaking (PRM) from Anthony Pietrangelo, filed on behalf 
of the Nuclear Energy Institute (NEI or the petitioner) on June 12, 
2014. The petitioner requests that the NRC revise its cyber security 
requirements to ensure that its regulations prevent radiological 
sabotage and adequately protect the public health and safety and common 
defense and security. The NRC is requesting public comment on the 
petition for rulemaking.

DATES: Submit comments by December 8, 2014. Comments received after 
this date will be considered if it is practical to do so, but the NRC 
is able to assure consideration only for comments received on or before 
this date.

ADDRESSES: You may submit comments by any of the following methods:
     Federal rulemaking Web site: Go to http://www.regulations.gov and search for Docket ID NRC-2014-0165. Address 
questions about NRC dockets to Carol Gallagher; telephone: 301-492-
3668; email: Carol.Gallagher@nrc.gov. For technical questions, contact 
the individual listed in the FOR FURTHER INFORMATION CONTACT section of 
this document.
     Email comments to: Rulemaking.Comments@nrc.gov. If you do 
not receive an automatic email reply confirming receipt, then contact 
us at 301-415-1677.
     Fax comments to: Secretary, U.S. Nuclear Regulatory 
Commission at 301-415-1101.
     Mail comments to: Secretary, U.S. Nuclear Regulatory 
Commission, Washington, DC 20555-0001, ATTN: Rulemakings and 
Adjudications Staff.
     Hand deliver comments to: 11555 Rockville Pike, Rockville, 
Maryland 20852, between 7:30 a.m. and 4:15 p.m. (Eastern Time) Federal 
workdays; telephone: 301-415-1677.
    For additional direction on obtaining information and submitting 
comments, see ``Obtaining Information and Submitting Comments'' in the 
SUPPLEMENTARY INFORMATION section of this document.

FOR FURTHER INFORMATION CONTACT: Robert Beall, Office of Nuclear 
Reactor Regulations, U.S. Nuclear Regulatory Commission, Washington, DC 
20555-0001; telephone: 301-415-3874, email: Robert.Beall@nrc.gov.

SUPPLEMENTARY INFORMATION: 

I. Obtaining Information and Submitting Comments

A. Obtaining Information

    Please refer to Docket ID NRC-2014-0165 when contacting the NRC 
about the availability of information for this petition for rulemaking. 
You may obtain publicly available information related to this action by 
any of the following methods:
     Federal Rulemaking Web site: Go to http://www.regulations.gov and search for Docket ID NRC-2014-0165.
     NRC's Agencywide Documents Access and Management System 
(ADAMS): You may obtain publicly available documents online in the 
ADAMS Public Documents collection at http://www.nrc.gov/reading-rm/adams.html. To begin the search, select ``ADAMS Public Documents'' and 
then select ``Begin Web-based ADAMS Search.'' For problems with ADAMS, 
please contact the NRC's Public Document Room (PDR) reference staff at 
1-800-397-4209, at 301-415-4737, or by email to pdr.resource@nrc.gov. 
The Petition to Amend section 73.54 of Title 10 of the Code of Federal 
Regulations (10 CFR), ``Protection of Digital Computer and 
Communication Systems and Networks,'' is available in ADAMS under 
Accession No. ML14184B120.
     NRC's PDR: You may examine and purchase copies of public 
documents at the NRC's PDR, Room O1-F21, One White Flint North, 11555 
Rockville Pike, Rockville, Maryland 20852.

B. Submitting Comments

    Please include Docket ID NRC-2014-0165 in the subject line of your 
comment submission, in order to ensure that the NRC is able to make 
your comment submission available to the public in this docket.
    The NRC cautions you not to include identifying or contact 
information that you do not want to be publicly disclosed in you 
comment submission. The NRC will post all comment

[[Page 56526]]

submissions at http://www.regulations.gov as well as enter the comment 
submissions into ADAMS. The NRC does not routinely edit comment 
submissions to remove identifying or contact information.
    If you are requesting or aggregating comments from other persons 
for submission to the NRC, then you should inform those persons not to 
include identifying or contact information that they do not want to be 
publicly disclosed in their comment submission. Your request should 
state that the NRC does not routinely edit comment submissions to 
remove such information before making the comment submissions available 
to the public or entering the comment submissions into ADAMS.

II. The Petition

    Anthony R. Pietrangelo, Vice President, and Chief Nuclear Officer, 
NEI, submitted a PRM dated June 12, 2014 (ADAMS Accession No. 
ML14184B120), requesting that the NRC revise its cyber security 
requirements. Specifically, the petitioner requests that the NRC revise 
10 CFR 73.54(a) to ensure the regulation is not overly burdensome for 
NRC licensees, and adequately protects the public health and safety and 
common defense and security. The petitioner requests that the NRC 
promptly initiate rulemaking to resolve this matter. The NRC has 
determined that the petition meets the threshold sufficiency 
requirements for a petition for rulemaking under 10 CFR 2.802 
``Petition for rulemaking,'' and the petition has been docketed as PRM-
73-18. The NRC is requesting public comment on the petition for 
rulemaking.

III. The Petitioner

    The petition states that NEI ``is responsible for establishing a 
unified industry position on matters affecting the nuclear energy 
industry, including the regulatory aspects of generic operational and 
technical issues.'' The petition further states that ``NEI member 
companies are specifically affected by the NRC's cyber security 
regulations.'' The NEI claims it provides a ``principal interface 
between power reactor licensees and the NRC on matters of policy, 
including cyber security-related policy.''

IV. Discussion of the Petition

    The petitioner states that power reactor licensees are required to 
establish and maintain a physical protection program to protect against 
the design basis threat of radiological sabotage, and summarizes the 
physical protection program and the attributes of the design basis 
threat of radiological sabotage described in 10 CFR 73.1, which 
include: (1) An external physical assault, (2) an internal threat, (3) 
a land vehicle bomb assault, (4) a waterborne vehicle bomb assault, and 
(5) a cyber attack. The petitioner asserts that to prevent radiological 
sabotage, licensees have well-established programs to identify the set 
of personnel systems, and equipment that must be protected against the 
design basis threat in order to prevent significant core damage and 
spent fuel sabotage.
    The petitioner noted that NRC's cyber security requirements, found 
in 10 CFR 73.54, provide the programmatic requirements to defend 
against the design basis threat of radiological sabotage through a 
cyber attack, and that Section 73.54(a)(1) requires licensees to 
protect certain digital assets against cyber attack even though those 
digital assets, if compromised, would not adversely impact the systems 
and equipment necessary to prevent significant core damage and spent 
fuel sabotage. The petitioner asserts that the current regulations 
require NRC licensees to protect one set of systems and equipment 
against the effects of four of the attributes of the design basis 
threat (physical assault; internal threat; land vehicle bomb assault; 
waterborne vehicle bomb assault), and a substantially broader set of 
assets against the fifth design basis threat attribute, cyber attack. 
Further, the petitioner contends that this regulatory language is 
inconsistent with both the agency's intent in promulgating the cyber 
security requirements and the NRC's programmatic requirements to defend 
against other attributes of the radiological sabotage design basis 
threat.
    The petitioner argues that the language in 10 CFR 73.54(a)(1) 
unnecessarily diverts NRC licensee attention and resources away from 
the protection of assets that have a nexus to radiological safety. The 
petitioner asserts that this provision burdens NRC reactor licensees 
without providing a commensurate enhancement in the protection of the 
public health and safety, or plant security. Furthermore, the 
petitioner claims that for digital assets that do not reasonably 
require protection against radiological sabotage, the considerable 
time, resources, and cost needed to protect them against cyber attack 
is unjustified. In this regard, the petitioner asserts that the current 
cyber security regulations fail to comply with the Commission's 
Principles of Good Regulation.
    The petitioner states that the industry has brought to the 
attention of the NRC staff the significant problems created by the 
current scoping language in 10 CFR 73.54(a), and has determined that 
revisions to NRC regulations are needed to address this problem. The 
petitioner further states that implementing the revisions proposed 
herein will not adversely affect NRC licensees' ability to ensure that 
public health, safety, and security are being adequately protected.
    NEI contends that the change proposed in its petition is the single 
most important near-term regulatory improvement that can be made in the 
area of cyber security. The petitioner claims that it would provide a 
substantial benefit to regulatory clarity and stability by assuring 
that licensees have protected those assets that, if compromised by a 
cyber attack, would be inimical to the health and safety of the public.
    The complete text of the petition is available for review as 
described in Section I.A. of this document.
    Because the petitioner has satisfied the docketing criteria in 10 
CFR 2.802, ``Petition for rulemaking,'' the NRC has docketed this 
petition as PRM-73-18. The NRC is reviewing the issues raised by the 
petitioner to determine whether they should be considered in the NRC's 
rulemaking process.

    Dated at Rockville, Maryland, this 15th day of September, 2014.

    For the Nuclear Regulatory Commission.
Annette L. Vietti-Cook,
Secretary of the Commission.
[FR Doc. 2014-22523 Filed 9-19-14; 8:45 am]
BILLING CODE 7590-01-P