ML101460072
| ML101460072 | |
| Person / Time | |
|---|---|
| Site: | Callaway  |
| Issue date: | 06/16/2010 |
| From: | Thadani M Plant Licensing Branch IV |
| To: | Heflin A Union Electric Co |
| Thadani, M C, NRR/DORL/LP4, 415-1476 | |
| References | |
| TAC ME2663 | |
| Download: ML101460072 (3) | |
Text
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 June 16, 2010 Mr. Adam C. Heflin Senior Vice President and Chief Nuclear Officer Union Electric Company P.O. Box 620 Fulton, MO 65251
SUBJECT:
CALLAWAY PLANT, UNIT 1 - LICENSE AMENDMENT REQUEST FOR APPROVAL OF THE CYBER SECURITY PLAN (TAC NO. ME2663)
Dear Mr. Heflin:
By letter dated November 19, 2009 (non-publicly available), as supplemented by letters dated January 21 and June 9, 2010 (Agencywide Documents Access and Management System (ADAMS Accession Nos. ML100210818 and ML101610642, respectively), Union Electric Company (the licensee) submitted a license amendment request (LAR) for its Callaway Plant, Unit 1. The proposed LAR includes the cyber security plan, proposed changes to paragraph 2.E of the Facility Operating License No. NPF-30, and a proposed Cyber Security Plan Implementation Schedule. The proposed cyber security plan has been submitted in accordance with Title 10 of the Code of Federal Regulations (10 CFR), Section 73.54. The purpose of this letter is to inform you that the U.S. Nuclear Regulatory Commission (NRC) staff has completed an initial review of this LAR. In accordance with the Office of Nuclear Reactor Regulation's Office Instruction LlC-109, "Acceptance Review Procedures" (ADAMS Accession No. ML091810088),
Section 3.1.3, the NRC staff has decided to forgo the traditional acceptance review due to the complexity and "first-of-a-kind" nature of this application. While the NRC staff has docketed your application, it is not rendering a judgment at this time as to the acceptability of the submittal within the context of an acceptance review.
The cyber security plan submittal prepared for Callaway Plant, Unit 1, is based on an earlier version of Nuclear Energy Institute (NEI) guidance. The NRC staff had significant generic concerns with that guidance. As a result of NRC staff's discussions with NEI and the Executive Task Force of the industry Nuclear Security Working Group (NSWG), NEI and NSWG committed to represent operating power reactor licensees in resolving the NRC's concerns.
Through numerous interactions, the NRC staff has communicated its generic concerns with the NEI guidance. Due to the security-related nature of the information required, these interactions had to be conducted in meetings not open to the public. A publicly available list of the specific issues discussed with NEI and NSWG was communicated to the licensees via e-mail dated March 9, 2010 (ADAMS Accession No. ML100680284).
By letter dated April 28, 2010 (ADAMS Accession Nos. ML101180434), NEI submitted Revision 6 to NEI 08-09, "Cyber Security Plan for Nuclear Power Reactors" (ADAMS Accession No. ML101180437), which contains changes that address the NRC staff's concerns associated with previous versions. Based on a technical review of the document, the NRC's Office of Nuclear Security and Incident Response, in its letter dated May 5, 2010 (ADAMS Accession
A. Heflin -2 No. ML101190371), concluded that submission of a cyber security plan using the template provided in NEI 08-09, Revision 6, dated April 2010, would be acceptable for use by licensees to comply with the requirements of 10 CFR 73.54, with the exception of the definition of "cyber attack."
Therefore, to resolve the NRC staff's concerns with the previously submitted LAR, the licensee is requested to review the list of generic issues provided via e-mail dated March 9, 2010, and provide a revised submittal. Please provide justification for any generic issues that will not be addressed in the revised submittal.
For any changes to the Cyber Security Plan proposed in the LAR, the licensee is requested to indicate that the revised submittal supersedes, in its entirety, the previous submittal or indicate what portions are superseded.
As an alternative to addressing the individual generic issues, the licensee may submit a revised Cyber Security Plan consistent with NRC Regulatory Guide (RG) 5.71* or submit a revised Cyber Security Plan consistent with NEI 08-09, Revision 6. However, if this option is exercised, the NRC staff expects that the existing application will be withdrawn and the revised application resubmitted at the same time.
The NRC staff requests that the licensee's response or revised application be submitted within 60 days of the date of this letter. Please contact me if circumstances result in the need to revise the requested response date.
Following receipt and review of your response, you will be advised by separate correspondence if any further information is needed to support the NRC staff's detailed technical review.
If you have any questions regarding this matter, I may be reached at (301) 415-1476.
Sincerely, Mohan C. Thadani, Senior Project Manager Plant Licensing Branch IV Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket No. 50-483 cc: Distribution via ListServ
- In January 2010, the NRC staff issued RG 5.71, "Cyber Security Programs for Nuclear Facilities" (ADAMS Accession No. ML090340159). This guidance provides an approach that the NRC staff deems acceptable for complying with the Commission's regulations regarding the protection of digital computers, communications systems, and networks from a cyber security attack.
A. Heflin -2 No. ML101190371), concluded that submission of a cyber security plan using the template provided in NEI 08-09, Revision 6, dated April 2010, would be acceptable for use by licensees to comply with the requirements of 10 CFR 73.54, with the exception of the definition of "cyber attack."
Therefore, to resolve the NRC staff's concerns with the previously submitted LAR, the licensee is requested to review the list of generic issues provided via e-mail dated March 9, 2010, and provide a revised submittal. Please provide justification for any generic issues that will not be addressed in the revised submittal.
For any changes to the Cyber Security Plan proposed in the LAR, the licensee is requested to indicate that the revised submittal supersedes, in its entirety, the previous submittal or indicate what portions are superseded.
As an alternative to addressing the individual generic issues, the licensee may submit a revised Cyber Security Plan consistent with NRC Regulatory Guide (RG) 5.71* or submit a revised Cyber Security Plan consistent with NEI 08-09, Revision 6. However, if this option is exercised, the NRC staff expects that the existing application will be withdrawn and the revised application resubmitted at the same time.
The NRC staff requests that the licensee's response or revised application be submitted within 60 days of the date of this letter. Please contact me if circumstances result in the need to revise the requested response date.
Following receipt and review of your response, you will be advised by separate correspondence if any further information is needed to support the NRC staff's detailed technical review.
If you have any questions regarding this matter, I may be reached at (301) 415-1476.
Sincerely, IRA!
Mohan C. Thadani, Senior Project Manager Plant Licensing Branch IV Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket No. 50-483 cc: Distribution via ListServ
- In January 2010, the NRC staff issued RG 5.71, "Cyber Security Programs for Nuclear Facilities" (ADAMS Accession No. ML090340159). This guidance provides an approach that the NRC staff deems acceptable for complying with the Commission's regulations regarding the protection of digital computers, communications systems, and networks from a cyber security attack.
DISTRIBUTION:
PUBLIC RidsNrrDorlLpl4 Resource RidsRgn4MailCenter Resource LPL4 Reading RidsNrrLAJBurkhardt Resource C. Erlanger, NSIRIDSPIISCPB RidsAcrsAcnw_MailCTR Resource RidsNrrPMCallaway Resource P. Pederson, NSIR/DSPIISCPB RidsNrrDirsltsb Resource RidsNsirDsp Resource RidsNrrDorlDpr Resource RidsOgcRp Resource ADAMS Accession No ML101460072 OFFICE NRR/LPL4/PM NRR/LPL4/LA NRRlLPL4/BC NRRlLPL4/PM NAME MThadani JBurkhardt MMarkley MThadani DATE 5/26/10 5/26/10 6/16/10 6/16/10 OFFICIAL RECORD COpy