RBG-47047, License Amendment Withdrawal and Request - Cyber Security Plan

From kanterella
(Redirected from ML102080483)
Jump to navigation Jump to search

License Amendment Withdrawal and Request - Cyber Security Plan
ML102080483
Person / Time
Site: River Bend Entergy icon.png
Issue date: 07/22/2010
From: Mike Perito
Entergy Operations
To:
Document Control Desk, Office of Nuclear Reactor Regulation
References
RBG-47047
Download: ML102080483 (12)
v  d  e


Text

Entergya Entergy Operations, Inc.

River Bend Station 5485 U.S. Highway 61 N St. Francisville, LA 70775 Tel 225 381 4374 Michael Perito Vice President, Operations River Bend Station RBG-47047 July 22, 2010 U.S. Nuclear Regulatory Commission Attn: Document Control Desk Washington, DC 20555

SUBJECT:

Reference:

License Amendment Withdrawal and Request - Cyber Security Plan River Bend Station - Unit 1 License No. NPF-47 Docket No. 50-458

1. Entergy letter dated December 9, 2009 (RBG-46983), License Amendment Request - Cyber Security Plan
2.

NRC letter dated May 24, 2010 (RBC-50823), License Amendment Request for Approval of the Cyber Security Plan (TAC Nos. ME2632)

3. NRC letter to Nuclear Energy Institute (NEI) dated June 7, 2010, NEI 08-09, Revision 6, "Cyber Security Plan for Nuclear Power Reactors"

Dear Sir or Madam:

In accordance with the 60-day request provided in Reference 2, Entergy Operations, Inc.

(Entergy) is hereby withdrawing the request for an amendment to the operating license for River Bend Station (RBS), Unit 1 as submitted in Reference 1, and in accordance with the

,provisions of 10 CFR 50.4 and 10 CFR 50.90, Entergy is submitting a new request for an amendment to the operating license for RBS. The proposed amendment requests NRC approval of the RBS Cyber Security Plan, provides an implementation schedule, and revises the existing operating license's Physical Protection license condition to require Entergy to fully implement and maintain in effect all provisions of the Commission-approved cyber security plan for RBS. Entergy utilized NEI 08-09, "Cyber Security Plan for Nuclear Power Reactors," Revision 6, in development of the RBS Cyber Security Plan which resolves the NRC's generic issues (Reference 2) with the previous submittal (Reference 1). In addition, Entergy is also providing a detailed milestone implementation schedule as requested.

Therefore, this submittal supersedes, in its entirety, the previous submittal (Reference 1).

This letter contains security-sensitive information - Attachments 4, 5, and 6 are withheld from public disclosure per 10 CFR 2.390

RBG-47047 Page 2 of 3 provides an evaluation of the proposed change. Attachment 2 provides the existing RBS operating license page marked-up to show the proposed change. Attachment 3 provides the proposed operating license change in final typed format for RBS. Attachment 4 provides the list of new regulatory commitments made in this submittal. Attachment 5 provides the RBS Cyber Security Plan implementation schedule. Attachment 6 provides a copy of the RBS Cyber Security Plan which is a standalone document that has been incorporated by reference into the RBS Security Plan. In addition, Entergy is utilizing the definition of "cyber attack" as.delineated in Reference 3. Entergy requests that Attachments 4, 5, and 6, which contain security-related information, be withheld from public disclosure in accordance with 10 CFR 2.390.

The proposed changes have been evaluated in accordance with 10 CFR 50.91 (a)(1) using criteria in 10 CFR 50.92(c), and it has been determined that the changes involve no significant hazards consideration. The bases for these determinations are included in.

Once approved, the amendment will be implemented in accordance with the approved implementation schedule. Although this request is neither exigent nor emergency, your review is requested within approximately one year of this submittal.

If you have any questions or require additional information, please contact David Lorfing at (225) 381-4157.

I I declare under penalty of perjury that the foregoing is true and correct. Executed on July 22, 2010.

Sincerely, MP/dnl/wjf Attachments: 1. Analysis of Proposed Operating License Change

2. Proposed RBS Operating License Changes (mark-up)
3. Revised RBS Operating License Pages
4. List of Regulatory Commitments
5. Implementation Schedule
6. RBS Cyber Security Plan' This letter contains security-sensitive information - Attachments 4, 5, and 6 are withheld from public disclosure per 10CFR2.390

RBG-47047 Page 3 of 3 cc:

Regional Administrator U. S. Nuclear Regulatory Commission Region IV 612 E. Lamar Blvd., Suite 400 Arlington, TX 76011-4125 NRC Senior Resident Inspector PO Box 1050 St. Francisville, LA 70775 U. S. Nuclear Regulatory Commission Attn: Mr. Alan B. Wang, Project Manager MS 0-8 B1 One White Flint North 11555 Rockville Pike Rockville, MD 20852 Mr. Jeffrey P. Meyers (w/o Attachments 4, 5, and 6)

Louisiana Department of Environmental Quality Office of Environmental Compliance Attn. OEC - ERSD P. O. Box 4312 Baton Rouge, LA 70821-4312 This letter contains security-sensitive information - Attachments 4, 5, and 6 are withheld from public disclosure per 10CFR2.390 RBG-47047 Analysis of Proposed Operating License Change to RBG-47047 Page 1 of 4 1.0

SUMMARY

DESCRIPTION The proposed license amendment request (LAR) includes the proposed River Bend Station (RBS) Cyber Security Plan, an implementation schedule, and a proposed sentence to be added to the existing operating license.

2.0 DETAILED DESCRIPTION The proposed LAR includes three parts: the proposed RBS Cyber Security Plan, an implementation schedule, and a proposed sentence to be added to the existing operating license for RBS to require Entergy to fully implement and maintain in effect all provisions of the Commission-approved RBS Cyber Security Plan as required by 10 CFR 73.54. Federal Register notice dated March 27, 2009, issued the final rule that amended 10 CFR Part 73.

The regulations in 10 CFR 73.54, "Protection of Digital Computer and Communication Systems and Networks," establish the requirements for a cyber security program. This regulation specifically requires each licensee currently licensed to operate a nuclear power plant under Part 50 of this chapter to submit a cyber security plan that satisfies the requirements of the Rule. Each submittal must include a proposed implementation schedule and implementation of the licensee's cyber security program must be consistent with the approved schedule. The background for this application is addressed by the NRC Notice of Availability published on March 27, 2009, 74FR13926 (Reference 1).

3.0 TECHNICAL EVALUATION

Federal Register notice 74FR13926 issued the final rule that amended 10 CFR Part 73.

Cyber security requirements are codified as new 10 CFR 73.54 and are designed to provide high assurance that digital computer and communication systems and networks are adequately protected against cyber attacks up to and including the design basis threat established by 10 CFR 73.1(a)(1)(v). These requirements are more in depth than the requirements imposed by NRC Order EA-02-026 (Reference 2).

This proposed amendment conforms to the model Cyber Security Plan contained in Appendix A of Nuclear Energy Institute (NEI) 08-09, "Cyber Security Plan for Nuclear Power Reactors," Revision 6, dated April 2010, for use by licensees in development of their own cyber security plans. A deviation to Appendix B of NEI 08-09, Revision 6 is the use of a revised definition of "cyber attack" as delineated in NRC letter dated June 7, 2010 (Reference 3). The revised definition of cyber attack is "any event in which there is reason to believe that an adversary has committed or caused, or attempted to commit or cause, or has made a credible threat to commit or cause malicious exploitation of a critical digital asset."

This LAR includes the proposed RBS Cyber Security Plan (Attachment 6) that conforms to the template provided in Appendix A of NEI 08-09, Revision 6. In addition, the LAR includes the proposed change to the existing operating license condition for "Physical Protection" (Attachments 2 and 3) for RBS. The LAR contains the proposed implementation schedule (Attachment 5) as required by 10 CFR 73.54. The LAR also provides a list of regulatory commitments (Attachment 4).

to RBG-47047 Page 2 of 4

4.0 REGULATORY EVALUATION

4.1 Applicable Regulatory Requirements/Criteria This license amendment request is submitted pursuant to 10 CFR 73.54 which requires licensees currently licensed to operate a nuclear power plant under 10 CFR Part 50 to submit a cyber security plan as specified in 10 CFR 50.4 and 10 CFR 50.90.

4.2 Significant Safety Hazards Consideration Entergy Operations, Inc. (Entergy) has evaluated whether or not a significant hazards consideration is involved with the proposed amendment by focusing on the three standards set forth in 10 CFR 50.92, "Issuance of Amendment," as discussed below:

1.

Does the proposed change involve a significant increase in the probability or consequences of an accident previously evaluated?

Response: No.

As required by 10 CFR 73.54 Entergy has submitted a cyber security plan for NRC review and approval for River Bend Station (RBS). The RBS Cyber Security Plan does not alter accident analysis assumptions, add any initiators, or affect the function of plant systems or the manner in which systems are operated, maintained, modified, tested, or inspected. The RBS Cyber Security Plan does not require any plant modifications whichaffect the performance capability of the structures, systems, and components relied upon to mitigate the consequences of postulated accidents. The RBS Cyber Security Plan is designed to achieve high assurance that the systems within the scope of the 10 CFR 73.54 Rule are protected from cyber attacks and has no impact on the probability or consequences of an accident previously evaluated.

The second part of the proposed change is an implementation schedule, and the third part adds a sentence to the existing operating license condition for Physical Protection. Both of these changes are administrative in nature and have no impact on the probability or consequences of an accident previously evaluated.

Therefore, the proposed change'does not involve a significant increase in the probability or consequences of an accident previously evaluated.

2.

Does the proposed change create the possibility of a new or different kind of accident from any accident previously evaluated?

Response: No.

As required by 10 CFR 73.54 Entergy has submitted a cyber security plan for NRC review and approval for RBS. The RBS Cyber Security Plan does not alter accident analysis assumptions, add any initiators, or affect the function of plant systems or the manner in which systems are operated, maintained, modified, tested, or inspected.

The RBS Cyber Security Plan does not require any plant modifications which affect the performance capability of the structures, systems, and components relied upon to to RBG-47047 Page 3 of 4 mitigate the consequences of postulated accidents. The RBS Cyber Security Plan is designed to achieve high assurance that the systems within the scope of the 10 CFR 73.54 Rule are protected from cyber attacks and does not create the possibility of a new or different kind of accident from any accident previously evaluated.

The second part of the proposed change is an implementation schedule, and the third part adds a sentence to the existing operating license condition for Physical Protection. Both of these changes are administrative in nature and do not create the possibility of a new or different kind of accident from any accident previously evaluated.

Therefore, the proposed change does not create the possibility of a new or different kind of accident from any accident previously evaluated.

3.

Does the proposed change involve a significant reduction in a margin of safety?

Response: No.

As required by 10 CFR 73.54 Entergy has submitted a cyber security plan for NRC review and approval for RBS. Plant safety margins are established through limiting conditions for operation, limiting safety system settings, and safety limits specified in the technical specifications. Because there is no change to these established safety margins, the proposed change does not involve a significant reduction in a margin of safety.

I The second part of the proposed change is an implementation schedule, and the third part adds a sentence to the existing operating license condition for Physical Protection. Both of these changes are administrative in nature and do not involve a significant reduction in a margin of safety.

Therefore, the proposed change does not involve a significant reduction in a margin of safety.

Based on the above, Entergy concludes that the proposed change presents no significant hazards consideration under the standards set forth in 10CFR50.92(c), and accordingly, a finding of "no significant hazards consideration" is justified.

4.3 Conclusion In conclusion, based on the considerations discussed above: (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner; (2) such activities will be conducted in compliance with the Commission's regulations; and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public.

to RBG-47047 Page 4 of 4

5.0 ENVIRONMENTAL CONSIDERATION

The proposed amendment establishes the licensing basis for a Cyber Security Program for RBS and will be a part of the RBS Cyber Security Plan. The proposed amendment meets the eligibility criterion for a categorical exclusion set forth in 10 CFR 51.22(c)(12). Therefore, pursuant to 10 CFR 51.22(b) no environmental impact statement or environmental assessment need be prepared in connection with the issuance of the amendment.

6.0 REFERENCES

1. Federal Register Notice, Final Rule 1 OCFR Part 73, Power Reactor Security Requirements, published on March 27, 2009, 74FR13926
2. Federal EA-02-026, Order Modifying Licenses, Safeguards and Security Plan Requirements, issued February 25, 2002
3. NRC letter to NEI dated June 7, 2010, NEI 08-09, Revision 6, "Cyber Security Plan for Nuclear Power Reactors" C

'Attachment 2 RBG-47047 Proposed RBS Operating License Changes (mark-up)

D.

The licensee shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to the provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55,(51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans, which contain Safeguards Information protected under 10 CFR 73.21, is entitled:

"Physical Security, Safeguards Contingency and Training & Qualification Plan "submitted b letter dated Ma 16 2006.

E.

EOI shall fully implement in accordance with an NRC-approved Simplementation schedule and maintain in effect all provisions of the

[

Commis~sion-appr~oved RBS C~yber Security Plan submitted by letter dated -

  • "July 22, 2010, and withheld from public disclosure in :accordance with 10 CFR 2.390.

E-F.

Except as otherwise provided in the Technical Specifications or Environmental Protection Plan, EOI shall report any violations of the requirements contained in Section 2, Items C.(1); C.(3) through (9); and C.(11) through (16) of this license in the following manner: initial notification shall be made within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> to the NRC Operations Center via the Emergency Notification System with written followup within 60 days in accordance with the procedures described in 10 CFR 50.73(b), (c) and (e).

FG.

The licensee shall have and maintain financial protection of such type and in such amounts as the Commission shall require in accordance with Section 170 of the Atomic Energy Act of 1954, as amended, to cover public liability claims.

GH.

This license is effective as of the date of issuance and shall expire at midnight on August 29, 2025.

FOR THE NUCLEAR REGULATORY COMMISSION Harold R. Denton, Director Office of Nuclear Reactor Regulation

Enclosures:

1.

Attachments 1-5

2.

Appendix A -Technical Specifications (NUREG-1 172)

3.

Appendix B - Environmental Protection Plan

4.

Appendix C - Antitrust Conditions Date of Issuance: November 20, 1985 Revised: December 16, 1993 Amendment No. 70 795 119 135 Revised by letter dated October 28, 2004 Revised by letter dated November 19, 2001 Revised by letter dated Januar,' 24, 20 Revised by letter dated RBG-47047 Revised RBS Operating License Pages D.

The licensee shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to the provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans, which contain Safeguards Information protected under 10 CFR 73.21, is entitled:

"Physical Security, Safeguards Contingency and Training & Qualification Plan," submitted by letter dated May 16, 2006.

E.

EOI shall fully implement in accordance with an NRC-approved implementation schedule and maintain in effect all provisions of the Commission-approved RBS Cyber Security Plan submitted by letter dated July 22, 2010, and withheld from public disclosure in accordance with 10 CFR 2.390.

F.

Except as otherwise provided in the Technical Specifications or Environmental Protection Plan, EOI shall report any violations of the requirements contained in Section 2, Items C.(1); C.(3) through (9); and C.(11) through (16) of this license in the following manner: initial notification shall be made within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> to the NRC Operations Center via the Emergency Notification System with written followup within 60 days in accordance with the procedures described in 1 0'CFR 50.73(b), (c) and (e).

G.

The licensee shall have and maintain financial protection of such type and in such amounts as the Commission shall require in accordance with Section 170 of the Atomic Energy Act of 1954, as amended, to cover public liability claims.

H.

This license is effective as of the date of issuance and shall expire at midnight on August 29, 2025.

FOR THE NUCLEAR REGULATORY COMMISSION Harold R. Denton, Director Office of Nuclear Reactor Regulation

Enclosures:

5.

Attachments 1-5

6.

Appendix A - Technical Specifications (NUREG-1 172)

7.

Appendix B - Environmental Protection Plan

8.

Appendix C - Antitrust Conditions Date of Issuance: November 20, 1985 Revised: December 16, 1993 Amendment No. 70 79 85 119 135 Revised by letter dated October 28, 2004 Revised by letter dated November 19, 2004 Revised by letter dated Januar,' 21, 2007 Revised by letter dated

Retrieved from "https://kanterella.com/w/index.php?title=RBG-47047,_License_Amendment_Withdrawal_and_Request_-_Cyber_Security_Plan&oldid=5295455"