License Amendment Request - Cyber Security Plan Implementation Schedule Milestones

ML12192A102
Person / Time
Site:	Arkansas Nuclear
Issue date:	06/18/2012
From:	Schwarz C Entergy Operations
To:	Document Control Desk, Office of Nuclear Reactor Regulation
References
0CAN061204
Download: ML12192A102 (16)
v • d • e

Text

I~'fft~1J~/Entergy Operations, Inc.

Entergy1448 S.R. 333 Russellville, AR 72802 Tel 47M-858-3110 Christopher J. Schwarz Vice President, Operations Arkansas Nuclear One 10 CFR 2.390 Attachments Withheld OCAN061204 June 18, 2012 U.S. Nuclear Regulatory Commission Attn: Document Control Desk Washington, DC 20555

SUBJECT:

License Amendment Request - Cyber Security Plan Implementation Schedule Milestones Arkansas Nuclear One - Units 1 and 2 Docket Nos. 50-313 and 50-368 License Nos. DPR-51 and NPF-6

References:

1. NRC letter to Entergy, Issuance of Amendment Re: Approval of Cyber Security Plan, dated July 27, 2011 (OCAN071106)

2. Entergy letter to NRC, Response to Additional Requests for Additional Information and Revision to the ANO Cyber Security Plan, dated April 1,2011 (OCAN041101)

Dear Sir or Madam:

In Reference 1, the NRC issued license Amendment No. 244 and No. 294 to the Renewed Facility Operating Licenses for Arkansas Nuclear One, Unit 1 (ANO-1) and Unit 2 (ANO-2),

respectively, that approved the ANO Cyber Security Plan and associated implementation milestone schedule. The Cyber Security Plan Implementation Schedule contained in Reference 2 was utilized, as a portion of the basis for the NRC's safety evaluation report provided by Reference 1. Entergy Operations, Inc. (Entergy) is planning to implement the requirements of Implementation Schedule Milestone 6 in a slightly different manner than described in the approved Implementation Schedule. Although no change to the Implementation Schedule date is proposed, the change to the description of the milestone activity is conservatively considered to be a change to the Implementation Schedule, and in accordance with the provisions of 10 CFR 50.4 and 10 CFR 50.90, Entergy is submitting this request for an amendment to the Facility Operating Licenses for ANO-1 and ANO-2. The ANO Cyber Security Plan, Revision 0 was previously provided in Reference 2. provides an evaluation of the proposed change. Attachment 2 contains proposed marked-up operating license pages for the Physical Protection license condition for ANO-1 and ANO-2 to reference the commitment change provided in this submittal.

This letter contains security-related information - Attachments 1 and 4 are withheld from public disclosure per 10 CFR 2.390

OCAN061204 Page 2 of 3 This letter contains security-related information - Attachments 1 and 4 are withheld from public disclosure per 10 CFR 2.390 contains the proposed revised operating license pages. Attachment 4 contains a change to the scope of Implementation Milestone 6. Entergy requests that Attachments 1 (Sections 1, 2, and 3) and 4 which contain security-related information (SRI) be withheld from public disclosure in accordance with 10 CFR 2.390.

The proposed changes have been evaluated in accordance with 10 CFR 50.91 (a)(1) using criteria in 10 CFR 50.92(c), and it has been determined that the changes involve no significant hazards consideration. The bases for these determinations are included in.

Entergy requests this license amendment be effective as of its date of issuance. Although this request is neither exigent nor emergency, your review and approval is requested prior to December 31, 2012.

The revised commitment contained in this submittal is summarized in Attachment 5. Should you have any questions concerning this letter, or require additional information, please contact Stephenie Pyle at 479.858.4704.

I declare under penalty of perjury that the foregoing is true and correct. Executed on June 18, 2012.

Sincerely, CJS/nbm Attachments:

1.

2.

3.

4.

5.

Analysis of Proposed Operating License Change (contains SRI)

Proposed ANO-1 and ANO-2 Operating License Changes (mark-up)

Revised ANO-1 and ANO-2 Operating License Pages Revised Cyber Security Plan Implementation Schedule (contains SRI)

List of Regulatory Commitments This letter contains security-related information - Attachments 1 and 4 are withheld from public disclosure per 10 CFR 2.390

OCAN061204 Page 3 of 3 This letter contains security-related information - Attachments 1 and 4 are withheld from public disclosure per 10 CFR 2.390 cc:

Mr. Elmo Collins Regional Administrator U. S. Nuclear Regulatory Commission, Region IV 1600 East Lamar Boulevard Arlington, TX 76011-4511 NRC Senior Resident Inspector Arkansas Nuclear One P.O. Box 310 London, AR 72847 U. S. Nuclear Regulatory Commission Attn: Mr. Kaly Kalyanam MS 0-8 B1 One White Flint North 11555 Rockville Pike Rockville, MD 20852 Mr. Bernard R. Bevill Arkansas Department of Health Radiation Control Section 4815 West Markham Street Slot #30 Little Rock, AR 72205 This letter contains security-related information - Attachments 1 and 4 are withheld from public disclosure per 10 CFR 2.390

Sections 1, 2, and 3 of this attachment contain security-related information and are withheld from public disclosure per 10 CFR 2.390 OCAN061204 Analysis of Proposed Operating License Change Sections 1, 2, and 3 of this attachment contain security-related information and are withheld from public disclosure per 10 CFR 2.390 to OCAN061204 Page 3 of 5

4.0 REGULATORY EVALUATION

4.1 Applicable Regulatory Requirements/Criteria 10 CFR 73.54 requires licensees to maintain and implement a cyber security plan. Arkansas Nuclear One, Unit 1 (ANO-1) and Unit 2 (ANO-2) Facility Operating License Nos. DPR-51 and NPF-6, respectively, include a Physical Protection license condition that requires Entergy Operations, Inc. (Entergy) to fully implement and maintain in effect all provisions of the Commission-approved cyber security plan, including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p).

4.2 Precedent Amendment No. 203 for the Callaway Plant (Reference 5) approved an implementation schedule using the Nuclear Energy Institute (NEI) template (Reference 3), with the exception of Milestone 6. The Callaway Plant deviated from the template for Milestone 6 to address only the NEI 08-09, Revision 6, Appendix D technical controls, excepting for the operational and management controls, on the basis that implementing the technical controls for the target set critical digital assets provides a high degree of protection against cyber related attacks that could lead to radiological sabotage.

The changes being proposed by Entergy in this amendment request are similar to those approved in the Callaway Plant Amendment No. 203.

4.3 Significant Safety Hazards Consideration Entergy is requesting an amendment to the ANO-1 and ANO-2 Facility Operating Licenses to revise the Physical Protection license condition as it relates to the cyber security plan. This change includes a proposed deviation to the scope of a Cyber Security Plan Implementation Schedule milestone and a proposed revision to the ANO-1 and ANO-2 Facility Operating Licenses to include the proposed deviation. Specifically, Entergy proposes a change to the scope of Implementation Milestone 6 to apply to only technical cyber security controls.

Entergy has evaluated whether or not a significant hazards consideration is involved with the proposed amendment by focusing on the three standards set forth in 10 CFR 50.92, "Issuance of Amendment," as discussed below:

1.

Does the proposed change involve a significant increase in the probability or consequences of an accident previously evaluated?

Response: No.

The proposed change to the Cyber Security Plan Implementation Schedule is administrative in nature. This change does not alter accident analysis assumptions, add any initiators, or affect the function of plant systems or the manner in which systems are operated, maintained, modified, tested, or inspected. The proposed change does not require any plant modifications which affect the performance capability of the structures, systems, and components relied upon to mitigate the consequences of postulated to 0CAN061204 Page 4 of 5 accidents and has no impact on the probability or consequences of an accident previously evaluated.

Therefore, the proposed change does not involve a significant increase in the probability or consequences of an accident previously evaluated.

2.

Does the proposed change create the possibility of a new or different kind of accident from any accident previously evaluated?

Response: No.

The proposed change to the Cyber Security Plan Implementation Schedule is administrative in nature. This proposed change does not alter accident analysis assumptions, add any initiators, or affect the function of plant systems or the manner in which systems are operated, maintained, modified, tested, or inspected. The proposed change does not require any plant modifications which affect the performance capability of the structures, systems, and components relied upon to mitigate the consequences of postulated accidents and does not create the possibility of a new or different kind of accident from any accident previously evaluated.

Therefore, the proposed change does not create the possibility of a new or different kind of accident from any accident previously evaluated.

3.

Does the proposed change involve a significant reduction in a margin of safety?

Response: No.

Plant safety margins are established through limiting conditions for operation, limiting safety system settings, and safety limits specified in the technical specifications. The proposed change to the Cyber Security Plan Implementation Schedule is administrative in nature. Because there is no change to established safety margins as a result of this change, the proposed change does not involve a significant reduction in a margin of safety.

Therefore, the proposed change does not involve a significant reduction in a margin of safety.

Based on the above, Entergy concludes that the proposed change presents no significant hazards consideration under the standards set forth in 10 CFR 50.92(c), and accordingly, a finding of "no significant hazards consideration" is justified.

4.4 Conclusion In conclusion, based on the considerations discussed above: (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner; (2) such activities will be conducted in compliance with the Commission's regulations; and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public.

to 0CAN061204 Page 5 of 5

5.0 ENVIRONMENTAL CONSIDERATION

The proposed amendment provides a change to the Cyber Security Plan Implementation Schedule. The proposed amendment meets the eligibility criterion for a categorical exclusion set forth in 10 CFR 51.22(c)(12). Therefore, pursuant to 10 CFR 51.22(b) no environmental impact statement or environmental assessment need be prepared in connection with the issuance of the amendment.

6.0 REFERENCES

1. NRC letter to Entergy, Issuance of Amendment Re: Approval of Cyber Security Plan, dated July 27, 2011 (OCAN071106)

2. Entergy letter to NRC, Response to Additional Requests for Additional Information and Revision to the ANO Cyber Security Plan, dated April 1, 2011 (OCAN041 101)

3. Letter from Chris Earls (NEI) to Richard P. Correia (NRC), Template for the Cyber Security Plan Implementation Schedule, dated February 28, 2011 (ADAMS Accession No. ML110600211)

4. Letter from Richard P. Correia (NRC) to Chris Earls (NEI), Template for the Cyber Security Plan Implementation Schedule, dated March 1, 2011 (ADAMS Accession No. ML110070348)

5. NRC letter from M. C. Thadani, USNRC, to A. C. Heflin, Union Electric Company, "Callaway Plant, Unit 1 - Issuance of Amendment Re: Approval of Cyber Security Plan (TAC NO. ME4536)," August 17, 2011 (ADAMS Accession No. ML112140087)

OCAN061204 Proposed ANO-1 and ANO-2 Operating License Changes (mark-up)

EOI shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p).

The EOI CSP was approved by License Amendment No. 244 a.as supplemented by a change approved by License Amendment No. xxx.

(5)

Implementation of the Improved Technical Specifications (ITS)

The licensee is authorized to relocate certain Technical Specification requirements previously included in Appendix A to licensee controlled documents, as described in Table R, Relocated Specifications, and Table LA, Removal of Details, attached to the Safety Evaluation for Amendment No. 215. These requirements shall be relocated to the appropriate documents as part of the implementation of the ITS.

The schedule for performing Surveillance Requirements (SRs) that are new or revised in Amendment No. 215 shall be as follows:

1.

For SRs that are new in this amendment, the first performance shall be due at the end of the first surveillance interval, which begins on the date of implementation of this amendment.

2.

For SRs that existed prior to this amendment whose intervals of performance are being reduced, the first reduced surveillance interval shall begin upon completion of the first surveillance performed after implementation of this amendment.

3.

For SRs that existed prior to this amendment that contained modified acceptance criteria, the performance shall be due at the end of the first surveillance interval that began on the date the surveillance was last performed prior to the implementation of this amendment.

4.

For SRs that existed prior to this amendment whose interval of performance are being extended, the first extended surveillance interval shall begin upon completion of the last surveillance performed prior to the implementation of this amendment.

(6)

Deleted (7)

Deleted Renewed License No. DPR-51 Amendment No. 245,244, Rovicod by WOWor dated C*O*coo 28, 2004, November 22, 200.,FebruFa' 7, 2007, jI 18l, 20Q7

8 D.

Physical Protection EOI shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans, including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans, which contains Safeguards Information protected under 10 CFR 73.21, is entitled: "Arkansas Nuclear One Physical Security, Safeguards Contingency and Training & Qualification Plan," as submitted on May 4, 2006.

EOI shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The EOI CSP was approved by License Amendment No. 294 as supplemented by a change approved by License Amendment No. xxx.

E.

This renewed license is subject to the following additional condition for the protection of the environment:

Before engaging in additional construction or operational activities which may result in an environmental impact that was not evaluated by the Commission, EOI will prepare and record an environmental evaluation for such activity. When the evaluation indicates that such activity may result in a significant adverse environmental impact that was not evaluated, or that is significantly greater than that evaluated, in the Final Environmental Statement (NUREG-0254) or any addendum thereto, and other NRC environmental impact assessments, EOI shall provide a written evaluation of such activities and obtain prior approval from the Director, Office of Nuclear Reactor Regulation.

F.

Updated Final Safety Analysis Report Supplement The Final Safety Analysis Report supplement, as revised, shall be included in the next scheduled update to the Final Safety Analysis Report required by 10 CFR 50.71 (e)(4) following issuance of this renewed license. Until that update is complete, ANO-2 may make changes to the programs and activities described in the supplement without prior Commission approval, provided that ANO-2 evaluates each such change pursuant to the criteria set forth in 10 CFR 50.59 and otherwise complies with the requirements of that section.

The ANO-2 Final Safety Analysis Report supplement, submitted pursuant to 10 CFR 54.21 (d), describes certain future activities to be completed prior to the period of extended operation. ANO-2 shall complete these activities no later than July 17, 2018, and shall notify the NRC in writing when implementation of these activities is complete and can be verified by NRC inspection.

Renewed License No. NPF-6 Amendment No. 288,294, OCAN061204 Revised ANO-1 and ANO-2 Operating License Pages EOI shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p).

The E0I CSP was approved by License Amendment No. 244 as supplemented by a change approved by License Amendment No. xxx.

(5)

Implementation of the Improved Technical Specifications (ITS)

The licensee is authorized to relocate certain Technical Specification requirements previously included in Appendix A to licensee controlled documents, as described in Table R, Relocated Specifications, and Table LA, Removal of Details, attached to the Safety Evaluation for Amendment No. 215. These requirements shall be relocated to the appropriate documents as part of the implementation of the ITS.

The schedule for performing Surveillance Requirements (SRs) that are new or revised in Amendment No. 215 shall be as follows:

1.

For SRs that are new in this amendment, the first performance shall be due at the end of the first surveillance interval, which begins on the date of implementation of this amendment.

2.

For SRs that existed prior to this amendment whose intervals of performance are being reduced, the first reduced surveillance interval shall begin upon completion of the first surveillance performed after implementation of this amendment.

3.

For SRs that existed prior to this amendment that contained modified acceptance criteria, the performance shall be due at the end of the first surveillance interval that began on the date the surveillance was last performed prior to the implementation of this amendment.

4.

For SRs that existed prior to this amendment whose interval of performance are being extended, the first extended surveillance interval shall begin upon completion of the last surveillance performed prior to the implementation of this amendment.

(6)

Deleted (7)

Deleted Renewed License No. DPR-51 Amendment No. 24-5,244, R,,ovid by letter dat*d October 28, 2004, Noyomber 22, 2001,,Fbrua,'y 7, 2007, J

8I,-

2O*O7

8 D.

Physical Protection EOI shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans, including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans, which contains Safeguards Information protected under 10 CFR 73.21, is entitled: "Arkansas Nuclear One Physical Security, Safeguards Contingency and Training & Qualification Plan," as submitted on May 4, 2006.

EOI shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The EOI CSP was approved by License Amendment No. 294 as supplemented by a change approved by License Amendment No. xxx.

E.

This renewed license is subject to the following additional condition for the protection of the environment:

Before engaging in additional construction or operational activities which may result in an environmental impact that was not evaluated by the Commission, EOI will prepare and record an environmental evaluation for such activity. When the evaluation indicates that such activity may result in a significant adverse environmental impact that was not evaluated, or that is significantly greater than that evaluated, in the Final Environmental Statement (NUREG-0254) or any addendum thereto, and other NRC environmental impact assessments, EOI shall provide a written evaluation of such activities and obtain prior approval from the Director, Office of Nuclear Reactor Regulation.

F.

Updated Final Safety Analysis Report Supplement The Final Safety Analysis Report supplement, as revised, shall be included in the next scheduled update to the Final Safety Analysis Report required by 10 CFR 50.71 (e)(4) following issuance of this renewed license. Until that update is complete, ANO-2 may make changes to the programs and activities described in the supplement without prior Commission approval, provided that ANO-2 evaluates each such change pursuant to the criteria set forth in 10 CFR 50.59 and otherwise complies with the requirements of that section.

The ANO-2 Final Safety Analysis Report supplement, submitted pursuant to 10 CFR 54.21 (d), describes certain future activities to be completed prior to the period of extended operation. ANO-2 shall complete these activities no later than July 17, 2018, and shall notify the NRC in writing when implementation of these activities is complete and can be verified by NRC inspection.

Renewed License No. NPF-6 Amendment No. 288,2-94,

This attachment contains security-related information and is withheld from public disclosure per 10 CFR 2.390 OCAN061204 Revised Cyber Security Plan Implementation Schedule This attachment contains security-related information and is withheld from public disclosure per 10 CFR 2.390 OCAN061204 List of Regulatory Commitments to OCAN061204 Page 1 of 1 List of Regulatory Commitments The following table identifies those actions committed to by Entergy in this document. Any other statements in this submittal are provided for information purposes and are not considered to be regulatory commitments.

TYPE SCHEDULED (Check One)

COMPLETION COMMITMENT ONE-DATE TIME CONTINUING (If Required)

ACTION COMPLIANCE Entergy will implement milestones 1, 2, 3, X

December 31, 2012 4, 5, and 7 described in Attachment 4 of letter dated April 1,2011 (OCAN041101),

and the revised Milestone 6 in of this submittal.