ML101670113
| ML101670113 | |
| Person / Time | |
|---|---|
| Site: | Oconee, Mcguire, Catawba, McGuire  |
| Issue date: | 06/16/2010 |
| From: | Stang J Plant Licensing Branch II |
| To: | Baxter D, Morris J, Repko R Duke Energy Carolinas |
| Stang J, NRR/DORL, 415-1345 | |
| References | |
| TAC ME2889, TAC ME2890, TAC ME2891, TAC ME2892, TAC ME2893, TAC ME2894, TAC ME2895 | |
| Download: ML101670113 (4) | |
Text
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 June 16, 2010 Mr. J. R. Morris Site Vice President Catawba Nuclear Station Duke Energy Carolinas, LLC 4800 Concord Road York, SC 29745 Mr. Regis 1. Repko Vice President McGuire Nuclear Station Duke Energy Carolinas, LLC 12700 Hagers Ferry Road Huntersville, NC 28078 Mr. Dave Baxter Vice President Oconee Nuclear Station Duke Energy Carolinas, LLC 7800 Rochester Highway Seneca, SC 29672 SUB..IECT:
CATAWBA NUCLEAR STATION, UNITS 1 AND 2, MCGUIRE NUCLEAR STATION, UNITS 1 AND 2, AND OCONEE NUCLEAR STATION, UNITS 1, 2, AND 3, REGARDING AMENDMENT REQUEST FOR APPROVAL OF THE CYBER-SECURITY PLAN (TAC NOS. ME2889, ME2890, ME2891, ME2892, ME2893, ME2894, AND ME2895)
Dear Messrs. Morris,
Repko, and Baxter:
By letter dated November 20, 2009, (Agencywide Documents Access and Management System (ADAMS), Accession No. ML093410250), Duke Energy Carolinas, LLC (Duke) submitted a license amendment request (LAR) for Catawba Nuclear Station, Units 1 and 2 (Catawba),
McGuire Nuclear Station, Units 1 and 2 (McGuire), and Oconee Nuclear Station, Units 1, 2, and 3 (Oconee). The proposed LAR includes the Cyber-Security Plan, proposed changes to Section 2.E of the Renewed Facility Operating Licenses, and a proposed Cyber-Security Plan Implementation Schedule. The proposed Cyber-Security Plan has been submitted in accordance with Title 10 of the Code ofFederal Regulations (10 CFR), Part 73, Section 73.54. The purpose of this letter is to inform you that the U.S. Nuclear Regulatory Commission (NRC) staff has completed an initial review of this LAR. In accordance with the Office of Nuclear Reactor Regulation's Office Instruction L1C-109, "Acceptance Review Procedures," (ADAMS Accession No. ML091810088), Section 3.1.3, the NRC staff has decided to forgo the traditional acceptance review due to the complexity and "first-of-a-kind" nature of this application. While the NRC staff has docketed your application, we are not rendering a judgment as to the acceptability of the submittal within the context of an acceptance review.
J. Morris, et al.
- 2 The Cyber-Security Plan submittal prepared for Catawba, McGuire, and Oconee is based on an earlier version of Nuclear Energy Institute's (NEl's) guidance. The NRC staff had significant generic concerns with this guidance. As a result of NRC staff discussions with NEI and the Executive Task Force of the industry Nuclear Security Working Group (NSWG), NEI and NSWG committed to representing operating power reactor licensees in resolving these concerns.
Through numerous interactions, the NRC staff has communicated their generic concerns with the NEI guidance. The security-related nature of the information required these interactions to be conducted in closed meetings not open to the public. A publicly available list of the specific issues discussed with NEI and NSWG was communicated to the licensees via e-mail dated March 9, 2010 (ADAMS Accession No. ML100680284).
By letters dated April 28, 2010 (ADAMS Accession Nos. ML101180434 and ML101180437), NEI submitted Revision 6 to NEI 08-09 which contains changes that address the NRC staff's concerns associated with previous versions. Based on a technical review of the document, the Office of Nuclear Security and Incident Response in its letter dated May 5,2010 (ADAMS Accession No. ML101190371) concluded that submission of a Cyber-Security Plan using the template provided in NEI 08-09, Revision 6, dated April 2010, would be acceptable for use by licensees to comply with the requirements of 10 CFR 73.54, with the exception of the definition of "cyber attack."
Therefore, to resolve the NRC staff's concerns with the requested LAR, Duke is requested to review the list of generic issues provided to the industry's cyber-security writing team and forwarded to all licensees via e-mail dated March 9, 2010, and provide a revised submittal. For those generic issues that will not be addressed in the revised submittal, please provide additional information or justification in the revised submittal.
For any changes to the Cyber-Security Plan proposed in the LAR, Duke is requested to indicate that the revised submittal supersedes, in its entirety, the previous submittal (or indicate what portions are superseded).
As an alternative to, and a potentially less resource-intensive method than, addressing the individual issues, Duke may submit a revised Cyber-Security Plan consistent with Regulatory Guide (RG) 5.71 1, or submit a revised Cyber-Security Plan consistent with I\\IEI 08-09, Revision 6.
However, if this option is exercised, the NRC staff expects that the existing application will be withdrawn and the revised application resubmitted at the same time.
The NRC staff requests that Duke's response or revised application be submitted within 60 days of the date of this letter. Please contact me if circumstances result in the need to revise the requested response date.
1 In January, 2010, the NRC staff issued RG 5.71, "Cyber Security Programs for Nuclear Facilities" (ADAMS Accession No. ML090340159). This guidance provides an approach that the NRC staff deems acceptable for complying with the Commission's regulations regarding the protection of digital computers, communications systems, and networks from a cyber-security attack.
J. Morris, et al.
- 3 Following receipt and review of your response, you will be advised by separate correspondence if any further information is needed to support the NRC staff's detailed technical review.
If you have any questions, please call me at 301-415-1345.
Sincerely,
()~~~~
7,*r '-
.-fo I' John Stang, Senior Project Manager Plant Licensing Branch 11-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket Nos. 50-413, 50-414, 50-369, 50-370, 50-269,50-270, and 50-287 cc: Distribution via Listserv
J. Morris, et al.
- 3 Following receipt and review of your response, you will be advised by separate correspondence if any further information is needed to support the NRC staff's detailed technical review.
If you have any questions, please call me at 301-415-1345.
Sincerely, IRA by JThompson fori John Stang, Senior Project Manager Plant Licensing Branch 11-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket Nos. 50-413, 50-414, 50-369, 50-370, 50-269, 50-270, and 50-287 cc: Distribution via Listserv DISTRIBUTION:
PUBLIC LPLlI-1 R/F RidsNrrDorlLp2-1 Resource RidsNrrDirsltsb Resource RidsNrrDorlDpr Resource RidsNrrltsb Resource RidsOgcRp Resource RidsRgn2MailCenter Resource RidsNrrPMOconee Resource RidsNrrPMMcGuire Resource RidsNrrPMCatawba Resource RidsNrrLAMOBrien Resource RidsAcrsAcnw_MailCtr Resource P. Pederson, NSIR C. Erlanger, NSIR ADAMS Accession No ML101670113 OFFICE NRR/LPL2-1/PM NRR/LPL2-1/PM NRR/LPL2-1/LA NRR/LPL2-1/BC NRR/LPL2-1/PM NAME JStang (JThompson for)
JThompson MO'Brien GKulesa JStang (JThompson for)
DATE 06/16/10 06/16/10 06/16/10 06/16/10 06/16/10 OFFICIAL RECORD COpy