ML111710110

From kanterella
Jump to navigation Jump to search

Issuance of Amendment Nos. 185, 185, and 185, Revise License Condition and Approval of Cyber Security Plan and Associated Implementation Schedule
ML111710110
Person / Time
Site: Palo Verde  Arizona Public Service icon.png
Issue date: 07/26/2011
From: Lauren Gibson
Plant Licensing Branch IV
To: Edington R
Arizona Public Service Co
Gibson, Lauren, NRR/DORL/LPL4, 415-1056
References
TAC ME4428, TAC ME4429, TAC ME4430
Download: ML111710110 (34)
v  d  e


Text

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 July 26, 2011 Mr. Randall K. Edington Executive Vice President Nuclear/

Chief Nuclear Officer Mail Station 7602 Arizona Public Service Company P.O. Box 52034 Phoenix, AZ 85072-2034

SUBJECT:

PALO VERDE NUCLEAR GENERATING STATION, UNITS 1, 2, AND 3 ISSUANCE OF AMENDMENTS RE: APPROVAL OF CYBER SECURITY PLAN (TAC NOS. ME4428, ME4429, AND ME4430)

Dear Mr. Edington:

The U.S. Nuclear Regulatory Commission (NRC) has issued the enclosed Amendment No. 185 to Renewed Facility Operating License No. NPF-41, Amendment No. 185 to Renewed Facility Operating License No. NPF-51, and Amendment No. 185 to Renewed Facility Operating License No. NPF-74 for the Palo Verde Nuclear Generating Station, Units 1, 2, and 3, respectively. The amendments consist of changes to the facility operating licenses in response to your application dated July 22, 2010, as supplemented by letters dated September 29 and November 30, 2010, and January 20, March 31, and June 29, 2011.

The amendments approve the cyber security plan and assoclafed implementation schedule, and revise a license condition to require the licensee to fully implement and maintain in effect all provisions of the NRC-approved Cyber Security Plan. The proposed change is generally consistent with Nuclear Energy Institute (NEI) 08-09, Revision 6, "Cyber Security Plan for Nuclear Power Reactors."

R. Edington -2 A copy of the related Safety Evaluation is also enclosed. The Notice of Issuance will be included in the Commission's next biweekly Federal Register notice.

Sincerely, Lauren K. Gibson, Project Manager Plant Licensing Branch IV Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket Nos. STN 50-528, STN 50-529, and STN 50-530

Enclosures:

1. Amendment No. 185 to NPF-41
2. Amendment No. 185 to NPF-51
3. Amendment No. 185 to NPF-74
4. Safety Evaluation cc w/encls: Distribution via Listserv

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 ARIZONA PUBLIC SERVICE COMPANY, ET AL.

DOCKET NO. STN 50-528 PALO VERDE NUCLEAR GENERATING STATION, UNIT 1 AMENDMENT TO RENEWED FACILITY OPERATING LICENSE Amendment No. 185 License No. NPF-41

1. The Nuclear Regulatory Commission (the Commission) has found that:

A. The application for amendment by the Arizona Public Service Company (APS or the licensee) on behalf of itself and the Salt River Project Agricultural Improvement and Power District, EI Paso Electric Company, Southern California Edison Company, Public Service Company of New Mexico, Los Angeles Department of Water and Power, and Southern California Public Power Authority dated July 22,2010, as supplemented by letters dated September 29 and November 30, 2010, and January 20, March 31, and June 29, 2011, complies with the standards and requirements of the Atomic Energy Act of 1954, as amended (the Act) and the Commission's regulations set forth in 10 CFR Chapter I; B. The facility will operate in conformity with the application, the provisions of the Act, and the rules and regulations of the Commission; C. There is reasonable assurance (i) that the activities authorized by this amendment can be conducted without endangering the health and safety of the public, and (ii) that such activities will be conducted in compliance with the Commission's regulations; D. The issuance of this amendment will not be inimical to the common defense and security or to the health and safety of the public; and E. The issuance of this amendment is in accordance with 10 CFR Part 51 of the Commission's regulations and all applicable requirements have been satisfied.

Enclosure 1

-2

2. Accordingly, the license is amended as indicated in the attachment to this license amendment, and Paragraph 2.C(2) of Renewed Facility Operating License No. NPF-41 is hereby amended to read as follows:

(2) Technical Specifications and Environmental Protection Plan The Technical Specifications contained in Appendix A, as revised through Amendment No. 185, and the Environmental Protection Plan contained in Appendix B, are hereby incorporated into this license. APS shall operate the facility in accordance with the Technical Specifications and the Environmental Protection Plan, except where otherwise stated in specific license conditions.

3. In addition, Paragraph 2.E of Renewed Facility Operating License No. NPF-41 is hereby amended with additional text to read as follows:

APS shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p).

The APS CSP was approved by License Amendment No. 185.

4. This license amendment is effective as of the date of its issuance. The implementation of the cyber security plan (CSP), including the key intermediate milestone dates and the full implementation date, shall be in accordance with the implementation schedule submitted by the licensee on March 31, 2011, and approved by the NRC staff with this license amendment. All subsequent changes to the NRC-approved CSP implementation schedule will require prior NRC approval pursuant to 10 CFR 50.90.

FOR THE NUCLEAR REGULATORY COMMISSION Michael T. Markley, Chief Plant Licensing Branch IV Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation

Attachment:

Changes to the Renewed FacUity Operating License No. NPF-41 and Technical Specifications Date of Issuance: Jul y 26, 2011

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 ARIZONA PUBLIC SERVICE COMPANY, ET AL.

DOCKET NO. STN 50-529 PALO VERDE NUCLEAR GENERATING STATION, UNIT 2 AMENDMENT TO RENEWED FACILITY OPERATING LICENSE Amendment No. 185 License No. NPF-51

1. The Nuclear Regulatory Commission (the Commission) has found that:

A. The application for amendment by the Arizona Public Service Company (APS or the licensee) on behalf of itself and the Salt River Project Agricultural Improvement and Power District, EI Paso Electric Company, Southern California Edison Company, Public Service Company of New Mexico, Los Angeles Department of Water and Power, and Southern California Public Power Authority dated July 22,2010, as supplemented by letters dated September 29 and November 30, 2010, and January 20, March 31, and June 29, 2011, complies with the standards and requirements of the Atomic Energy Act of 1954, as amended (the Act) and the Commission's regulations set forth in 10 CFR Chapter I;

8. The facility will operate in conformity with the application, the provisions of the Act, and the rules and regulations of the Commission; C. There is reasonable assurance (i) that the activities authorized by this amendment can be conducted without endangering the health and safety of the public, and (ii) that such activities will be conducted in compliance with the Commission's regulations; D. The issuance of this amendment will not be inimical to the common defense and security or to the health and safety of the public; and E. The issuance of this amendment is in accordance with 10 CFR Part 51 of the Commission's regulations and all applicable requirements have been satisfied.

Enclosure 2

-2

2. Accordingly, the license is amended as indicated in the attachment to this license amendment, and Paragraph 2.C(2) of Renewed Facility Operating License No. NPF-S1 is hereby amended to read as follows:

(2) Technical Specifications and Environmental Protection Plan The Technical Specifications contained in Appendix A, as revised through Amendment No. 18S, and the Environmental Protection Plan contained in Appendix B, are hereby incorporated into this license. APS shall operate the facility in accordance with the Technical Specifications and the Environmental Protection Plan, except where otherwise stated in specific license conditions.

3. In addition, Paragraph 2.E of Renewed Facility Operating License No. NPF-S1 is hereby amended with additional text to read as follows:

APS shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR SO.90 and 10 CFR SO.S4(p).

The APS CSP was approved by License Amendment No. 18S.

4. This license amendment is effective as of the date of its issuance. The implementation of the cyber security plan (CSP), including the key intermediate milestone dates and the full implementation date, shall be in accordance with the implementation schedule submitted by the licensee on March 31, 2011, and approved by the NRC staff with this license amendment. All subsequent changes to the NRC-approved CSP implementation schedule will require prior NRC approval pursuant to 10 CFR SO.90.

FOR THE NUCLEAR REGULATORY COMMISSION Michael T. Markley, Chief Plant Licensing Branch IV Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation

Attachment:

Changes to the Renewed Facility Operating License No. NPF-S1 and Technical Specifications Date of Issuance: Jul y 26, 2011

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 ARIZONA PUBLIC SERVICE COMPANY, ET AL.

DOCKET NO. STN 50-530 PALO VERDE NUCLEAR GENERATING STATION, UNIT 3 AMENDMENT TO RENEWED FACILITY OPERATING LICENSE Amendment No. 185 License No. NPF-74

1. The Nuclear Regulatory Commission (the Commission) has found that:

A. The application for amendment by the Arizona Public Service Company (APS or the licensee) on behalf of itself and the Salt River Project Agricultural Improvement and Power District, EI Paso Electric Company, Southern California Edison Company, Public Service Company of New Mexico, Los Angeles Department of Water and Power, and Southern California Public Power Authority dated July 22,2010, as supplemented by letters dated September 29 and November 30, 2010, and January 20, March 31, and June 29, 2011, complies with the standards and requirements of the Atomic Energy Act of 1954, as amended (the Act) and the Commission's regulations set forth in 10 CFR Chapter I; B. The facility will operate in conformity with the application, the provisions of the Act, and the rules and regulations of the Commission; C. There is reasonable assurance (i) that the activities authorized by this amendment can be conducted without endangering the health and safety of the public, and (ii) that such activities will be conducted in compliance with the Commission's regulations; D. The issuance of this amendment will not be inimical to the common defense and security or to the health and safety of the public; and E. The issuance of this amendment is in accordance with 10 CFR Part 51 of the Commission's regulations and all applicable requirements have been satisfied.

Enclosure 3

-2

2. Accordingly, the license is amended as indicated in the attachment to this license amendment, and Paragraph 2.C(2) of Renewed Facility Operating License No. NPF-74 is hereby amended to read as follows:

(2) Technical Specifications and Environmental Protection Plan The Technical Specifications contained in Appendix A, as revised through Amendment No. 185, and the Environmental Protection Plan contained in Appendix B, are hereby incorporated into this license. APS shall operate the facility in accordance with the Technical Specifications and the Environmental Protection Plan, except where otherwise stated in specific license conditions.

3. In addition, Paragraph 2.E of Renewed Facility Operating License No. NPF-74 is hereby amended to read as follows:

APS shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p).

The APS CSP was approved by License Amendment No. 185.

4. This license amendment is effective as of the date of its issuance. The implementation of the cyber security plan (CSP), including the key intermediate milestone dates and the full implementation date, shall be in accordance with the implementation schedule submitted by the licensee on March 31, 2011, and approved by the NRC staff with this license amendment. All subsequent changes to the NRC-approved CSP implementation schedule will require prior NRC approval pursuant to 10 CFR 50.90.

FOR THE NUCLEAR REGULATORY COMMISSION Michael T. Markley, Chief Plant Licensing Branch IV Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation

Attachment:

Changes to the Renewed Facility Operating License No. NPF-74 and Technical Specifications Date of Issuance: Jul y 26, 2011

ATTACHMENT TO LICENSE AMENDMENT NOS. 185. 185. AND 185 RENEWED FACILITY OPERATING LICENSE NOS. NPF-41. NPF-51. AND NPF-74 DOCKET NOS. STN 50-528. STN 50-529. AND STN 50-530 Replace the following pages of the Renewed Facility Operating Licenses Nos. NPF-41, NPF-51, and NPF-74, and Appendix A Technical Specifications with the attached revised pages. The revised pages are identified by amendment number and contain marginal lines indicating the areas of change.

Renewed Facility Operating License No. NPF-41 REMOVE INSERT 5 5 8 8 Renewed Facility Operating License No. NPF-51 REMOVE INSERT 6 6 9 9 Renewed Facility Operating License No. NPF-74 REMOVE INSERT 4 4 6 6 7 7 Technical Specifications REMOVE INSERT

-5 (1) Maximum Power Level Arizona Public Service Company (APS) is authorized to operate the facility at reactor core power levels not in excess of 3990 megawatts thermal (100% power), in accordance with the conditions specified herein.

(2) Technical Specifications and Environmental Protection Plan The Technical Specifications contained in Appendix A, as revised through Amendment No. 185, and the Environmental Protection Plan contained in Appendix S, are hereby incorporated into this renewed operating license.

APS shall operate the facility in accordance with the Technical Specifications and the Environmental Protection Plan, except where otherwise stated in specific license conditions.

(3) Antitrust Conditions This renewed operating license is subject to the antitrust conditions delineated in Appendix C to this renewed license.

(4) Operating Staff Experience Requirements Deleted (5) Post-Fuel-Loading Initial Test Program (Section 14. SER and SSER 2)'

Deleted (6) Environmental Qualification Deleted (7) Fire Protection Program APS shall implement and maintain in effect all provisions of the approved fire protection program as described in the Final Safety Analysis Report for the facility, as supplemented and amended, and as approved in the SER through Supplement 11, subject to the following provision:

APS may make changes to the approved fire protection program without prior approval of the Commission only if those changes would not adversely affect the ability to achieve and maintain safe shutdown in the event of a fire.

The parenthetical notation following the title of many license conditions denotes the section of the Safety Evaluation Report and/or its supplements wherein the license condition is discussed.

Renewed Facility Operating License No. NPF-41 Amendment No. 185

-8 and will not endanger life or property or the common defense and security and is otherwise in the public interest. This exemption is, therefore, hereby granted pursuant to 10 CFR 50.12. With the granting of this exemption, the facility will operate, to the extent authorized herein, in conformity with the application, as amended, the provisions of the Act, and the rules and regulations of the Commission.

E. The licensees shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans, which contains Safeguards Information protected under 10 CFR 73.21, is entitled: "Palo Verde Nuclear Station Security Plan, Training and Qualification Plan, Safeguards Contingency Plan and Independent Spent Fuel Storage Installation Security Program Revision 3," submitted by letter dated May 16, 2006.

APS shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The APS CSP was approved by License Amendment No. 185.

F. Deleted G. The licensees shall have and maintain financial protection of such type and in such amounts as the Commission shall require in accordance with Section 170 of the Atomic Energy Act of 1954, as amended, to cover public liability claims; and H. This renewed operating license is effective as of the date of issuance and shall expire at midnight on June 1, 2045.

FOR THE NUCLEAR REGULATORY COMMISSION IRA!

Eric J. Leeds, Director Office of Nuclear Reactor Regulation Attachments:

1. Attachment 1 - [Requirements for Initial Mode 1 Entry] - Deleted
2. Attachment 2 - [Operating Staff Experience Requirements] - Deleted
3. Attachment 3 - [Emergency Response Capabilities] - Deleted
4. Appendix A - Technical Specifications
5. Appendix B - Environmental Protection Plan
6. Appendix C - Antitrust Conditions
7. Appendix D - Additional Conditions Date of Issuance: April 21, 2011 Renewed Facility Operating License No. NPF-41 Amendment No. 185

-6 (1) Maximum Power Level Arizona Public Service Company (APS) is authorized to operate the facility at reactor core power levels not in excess of 3990 megawatts thermal (100% power) in accordance with the conditions specified herein.

(2) Technical Specifications and Environmental Protection Plan The Technical Specifications contained in Appendix A, as revised through Amendment No. 185, and the Environmental Protection Plan contained in Appendix B, are hereby incorporated into this renewed operating license.

APS shall operate the facility in accordance with the Technical Specifications and the Environmental Protection Plan, except where otherwise stated in specific license conditions.

(3) Antitrust Conditions This renewed operating license is subject to the antitrust conditions delineated in Appendix C to this renewed operating license.

(4) Operating Staff Experience Requirements (Section 13.1.2. SSER 9)'

Deleted (5) Initial Test Program (Section 14. SER and SSER 2)

Deleted (6) Fire Protection Program APS shall implement and maintain in effect all provisions of the approved fire protection program as described in the Final Safety Analysis Report for the facility, as supplemented and amended, and as approved in the SER through Supplement 11, subject to the following provision:

APS may make changes to the approved fire protection program without prior approval of the Commission only if those changes would not adversely affect the ability to achieve and maintain safe shutdown in the event of a fire.

(7) Inservice Inspection Program (Sections 5.2.4 and 6.6. SER and SSER 9)

Deleted The parenthetical notation following the title of many license conditions denotes the section of the Safety Evaluation Report and/or its supplements wherein the license condition is discussed.

Renewed Facility Operating License No. NPF-51 Amendment No. 185

- 9 E. The licensees shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans, which contains Safeguards Information protected under 10 CFR 73.21, is entitled: "Palo Verde Nuclear Station Security Plan, Training and Qualification Plan, Safeguards Contingency Plan and Independent Spent Fuel Storage Installation Security Program Revision 3,"

submitted by letter dated May 16, 2006.

APS shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The APS CSP was approved by License Amendment No. 185.

F. Deleted G. The licensees shall have and maintain financial protection of such type and in such amounts as the Commission shall require in accordance with Section 170 of the Atomic Energy Act of 1954, as amended, to cover public liability claims; and H. This renewed operating license is effective as of the date of issuance and shall expire at midnight on April 24, 2046.

FOR THE NUCLEAR REGULATORY COMMISSION IRA!

Eric J. Leeds, Director Office of Nuclear Reactor Regulation Attachments:

1. [Requirements for Initial Mode 1 Entry] - Deleted
2. [Schedule for NUREG-0737, Sup. 1, Requirement (SPDS)] - Deleted
3. Appendix A - Technical Specifications
4. Appendix B - Environmental Protection Plan
5. Appendix C - Antitrust Conditions
6. Appendix D - Additional Conditions Date of Issuance: April 21, 2011 Renewed Facility Operating License No. NPF-51 Amendment No. 185

-4 (4) Pursuant to the Act and 10 CFR Part 30, 40, and 70, APS to receive, possess, and use in amounts required any byproduct, source or special nuclear material without restriction to chemical or physical form, for sample analysis or instrument calibration or associated with radioactive apparatus or components; and (5) Pursuant to the Act and 10 CFR Parts 30, 40, and 70, APS to possess, but not separate, such byproduct and special nuclear materials as may be produced by the operation of the facility.

C. This renewed operating license shall be deemed to contain and is subject to the conditions specified in the Commission's regulations set forth in 10 CFR Chapter I and is subject to all applicable provisions of the Act and to the rules, regulations, and orders of the Commission now or hereafter in effect; and is subject to the additional conditions specified or incorporated below:

(1) Maximum Power Level Arizona Public Service Company (APS) is authorized to operate the facility at reactor core power levels not in excess of 3990 megawatts thermal (100% power), in accordance with the conditions specified herein.

(2) Technical Specifications and Environmental Protection Plan The Technical Specifications contained in Appendix A, as revised through Amendment No. 185, and the Environmental Protection Plan contained in Appendix B, are hereby incorporated into this renewed operating license.

APS shall operate the facility in accordance with the Technical Specifications and the Environmental Protection Plan, except where otherwise stated in specific license conditions.

(3) Antitrust Conditions This renewed operating license is subject to the antitrust conditions delineated in Appendix C to this renewed operating license.

(4) Initial Test Program (Section 14, SER and SSER 2)

Deleted (5) Additional Conditions The Additional Conditions contained in Appendix D, as revised through Amendment No. 171, are hereby incorporated into this renewed operating license. The licensee shall operate the facility in accordance with the Additional Conditions.

Renewed Facility Operating License No. NPF-74 Amendment No. 185

-6 (b) The UFSAR supplement, as revised, submitted pursuant to 10 CFR 54.21 (d), describes certain future activities to be completed prior to and/or during the period of extended operation.

The licensee shall complete these activities in accordance with Appendix A of NUREG-1961, "Safety Evaluation Report Related to the License Renewal of Palo Verde Nuclear Generating Station, Units 1, 2, and 3," issued April 2011. The licensee shall notify the NRC in writing when activities to be completed prior to the period of extended operation are complete and can be verified by NRC inspection.

(c) All capsules in the reactor vessel that are removed and tested must meet the test procedures and reporting requirements of American Society for Testing and Materials (ASTM) E 185-82 to the extent practicable for the configuration of the specimens in the capsule. The NRC must approve any changes to the capsule withdrawal schedule, including spare capsules, prior to implementation. All capsules placed in storage must be maintained for future insertion. The NRC must approve any changes to storage requirements.

D. APS has previously been granted an exemption from Paragraph III.D.2(b)(ii) of Appendix J to 10 CFR Part 50. This exemption was previously granted in Facility Operating License NPF-65 pursuant to 10 CFR 50.12.

With the granting of this exemption, the facility will operate, to the extent authorized herein, in conformity with the application, as amended, the provisions of the Act, and the rules and regulations of the Commission.

E. The licensees shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans, which contains Safeguards Information protected under 10 CFR 73.21, is entitled: "Palo Verde Nuclear Station Security Plan, Training and Qualification Plan, Safeguards Contingency Plan and Independent Spent Fuel Storage Installation Security Program Revision 3,"

submitted by letter dated May 16, 2006.

APS shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The APS CSP was approved by License Amendment No. 185.

Renewed Facility Operating License No. NPF-74 Amendment No. 185

-7 F. APS shall implement and maintain in effect all provisions of the approved fire protection program as described in the Final Safety Analysis Report for the facility, as supplemented and amended, and as approved in the SER through Supplement 11, subject to the following provision:

APS may make changes to the approved fire protection program without approval of the Commission only if those changes would not adversely affect the ability to achieve and maintain safe shutdown in the event of a fire.

G. Deleted H. The licensees shall have and maintain financial protection of such type and in such amounts as the Commission shall require in accordance with Section 170 of the Atomic Energy Act of 1954, as amended, to cover public liability claims; and I. This renewed operating license is effective as of the date of issuance and shall expire at midnight on November 25, 2047.

FOR THE NUCLEAR REGULATORY COMMISSION IRA!

Eric J. Leeds, Director Office of Nuclear Reactor Regulation Attachments:

1. [Requirements for Initial Mode 1 Entry] - Deleted
2. Appendix A - Technical Specifications
3. Appendix B - Environmental Protection Plan
4. Appendix C - Antitrust Conditions
5. Appendix D - Additional Conditions Date of Issuance: April 21, 2011 Renewed Facility Operating License No. NPF-74 Amendment No. 185

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 SAFETY EVALUATION BY THE OFFICE OF NUCLEAR REACTOR REGULATION RELATED TO AMENDMENT NOS. 185, 185, AND 185 TO RENEWED FACILITY OPERATING LICENSE NOS. NPF-41, NPF-51, AND NPF-74 ARIZONA PUBLIC SERVICE COMPANY, ET AL.

PALO VERDE NUCLEAR GENERATING STATION, UNITS 1, 2, AND 3 DOCKET NOS. STN 50-528, STN 50-529, AND STN 50-530

1.0 INTRODUCTION

By application dated July 22,2010, as supplemented by letters dated September 29 and November 30,2010, and January 20, March 31, and June 29, 2011 (Agencywide Documents Access and Management System (ADAMS) Accession Nos. ML102150230, ML102810308, ML103420060, ML110320077, ML11103A009, and ML111890116 respectively), Arizona Public Service Company (APS, the licensee) submitted a license amendment request for Palo Verde Nuclear Generating Station (Palo Verde), Units 1, 2, and 3. Included in that license amendment request was a request for approval of the licensee's Cyber Security Plan (CSP) and Implementation Schedule for the Palo Verde, Units 1, 2, and 3 as required by Section 73.54, "Protection of Digital Computer and Communication Systems and Networks," of Title 10 of the Code of Federal Regulations (10 CFR). On March 31, 2011, the licensee supplemented its CSP, to address: 1) scope of systems in response to the October 21, 2010, Commission decision (Reference 1); 2) records retention; and 3) implementation schedule. Additionally, on June 29, 2011, the licensee submitted a revision of the CSP incorporating all of the changes and/or additional information. Portions of the letters dated July 22, 2010, and March 31 and June 29, 2011, contain sensitive unclassified non-safeguards information and, accordingly, are withheld from public disclosure.

The supplemental letters dated September 29 and November 30, 2010, and January 20, March 31, and June 29, 2011, provided additional information that clarified the application, did not expand the scope of the application as originally noticed, and did not change the U.S. Nuclear Regulatory Commission's (NRC) staff's original proposed no significant hazards consideration determination as published in the Federal Register on November 9,2010 (75 FR 68833).

The amendments would approve the CSP and associated implementation schedule, and revise Paragraph 2.E of Facility Operating License Nos. NPF-41, NPF-51, and NPF-74 for Palo Verde, Units 1, 2, and 3, respectively, to provide a license condition to require the licensee to fully Enclosure 4

-2 implement and maintain in effect all provisions of the NRC-approved Cyber Security Plan. The proposed amendment is generally consistent with Nuclear Energy Institute (NEI) 08-09, Revision 6, "Cyber Security Plan for Nuclear Power Reactors."

2.0 REGULATORY EVALUATION

2.1 General Requirements Consistent with 10 CFR 73.54(a), the licensee must provide high assurance that digital computer and communication systems, and networks are adequately protected against cyber attacks, up to and including the design basis threat (DBT), as described in 10 CFR 73.1. The licensee shall protect digital computer and communication systems and networks associated with: (i) safety-related and important-to-safety functions; (ii) security functions; (iii) emergency preparedness functions, including offsite communications; and (iv) support systems and equipment which, if compromised, would adversely impact safety, security, or emergency preparedness (SSEP) functions. The rule specifies that digital computer and communication systems and networks associated with these functions must be protected from cyber attacks that would adversely impact the integrity or confidentiality of data and software; deny access to systems, services, or data; or provide an adverse impact to the operations of systems, networks, and associated equipment.

In the Staff Requirements Memorandum (SRM) COMWCO-1 0-0001, "Regulation of Cyber Security at Nuclear Power Plants," dated October 21, 2010 (Reference 1), the Commission stated that the NRC's cyber security rule at 10 CFR 73.54 should be interpreted to include structures, systems, and components (SSCs) in the balance of plant (BOP) that have a nexus to radiological health and safety. The NRC staff determined that SSCs in the BOP that have a nexus to radiological health and safety are those that could directly or indirectly affect reactivity of a nuclear power plant (NPP), and are therefore within the scope of important-to-safety functions described in 10 CFR 73.54(a)(1).

2.2 Elements of a CSP As stated in 10 CFR 73.54(e), the licensee must establish, implement, and maintain a CSP that satisfies the Cyber Security Program requirements of this regulation. In addition, the CSP must describe how the licensee will implement the requirements of the regulation and must account for the site-specific conditions that affect implementation. One method of complying with this regulation is to describe within the CSP how the licensee will achieve high assurance that all SSEP functions are protected from cyber attacks.

2.3 Regulatory Guide 5.71 and Nuclear Energy Institute (NEI) 08-09, Revision 6 NRC Regulatory Guide (RG) 5.71, "Cyber Security Programs for Nuclear Facilities" (Reference 2), describes a regulatory position that promotes a defensive strategy consisting of a defensive architecture and a set of security controls based on standards provided in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, "Recommended Security Controls for Federal Information Systems and Organizations," and NIST SP 800-82, "Guide to Industrial Control Systems Security," dated September 29,2008.

NIST SP 800-53 and NIST SP 800-82 are based on well-understood cyber threats, risks, and

-3 vulnerabilities, coupled with equally well-understood countermeasures and protective techniques. RG 5.71 divides the above-noted security controls into three broad categories:

technical, operational, and management.

RG 5.71 provides a framework to aid in the identification of those digital assets that licensees must protect from cyber attacks. These identified digital assets are referred to as "critical digital assets" (CDAs). Licensees should address the potential cyber security risks to CDAs by applying the defensive architecture and addressing the collection of security controls identified in RG 5.71. RG 5.71 includes a CSP template that provides one method for preparing an acceptable CSP.

The organization of RG 5.71 reflects the steps necessary to meet the requirements of 10 CFR 73.54. Section C.3 of RG 5.71 describes an acceptable method for implementing the security controls, as detailed in Appendix B, "Technical Controls," and Appendix C, "Operational and Management Controls." Section CA of RG 5.71 discusses the need to maintain the established cyber security program, including comprehensive monitoring of the CDAs and the effectiveness of their security protection measures, ensuring that changes to the CDAs or the environment are controlled, coordinated, and periodically reviewed for continued protection from cyber attacks.

Section C.5 of RG 5.71 provides licensees and applicants with guidance for retaining records associated with their cyber security programs. Appendix A to RG 5.71 provides a template for a generic cyber security plan which licensees may use to comply with the licensing requirements of 10 CFR 73.54. Appendices Band C provide an acceptable set of security controls, which are based on well-understood threats, vulnerabilities, and attacks, coupled with equally well understood and vetted countermeasures and protective techniques.

NEI 08-09, Revision 6, closely maps with RG 5.71; Appendix A of NEI 08-09, Revision 6, contains a cyber security plan template that is comparable to Appendix A of RG 5.71.

Appendix D of NEI 08-09, Revision 6, contains technical cyber security controls that are comparable to Appendix B of RG 5.71. Appendix E of NEI 08-09, Revision 6, contains operational and management cyber security controls that are comparable to Appendix C of RG 5.71.

In its letter to the Nuclear Energy Institute dated May 5,2010 (Reference 3), the NRC stated that licensees may use the template in NEI 08-09, Revision 6 (Reference 4), to prepare an acceptable CSP, with the exception of the definition of "cyber attack." The NRC staff subsequently reviewed and approved, by letter dated June 7, 2010 (Reference 5), a definition for "cyber attack" to be used in submissions based on NEI 08-09, Revision 6. The licensee submitted a CSP for the Palo Verde, Units 1, 2, and 3 that was based on the template provided in NEI 08-09, Revision 6, and included a definition of cyber attack acceptable to the NRC staff (Reference 5), in the deviation table within the licensee's CSP. Additionally, the licensee submitted a supplement to its CSP on March 31,2011, to include information on SSCs in the BOP that, if compromised, could affect NPP reactivity.

RG 5.71 and NEI 08-09, Revision 6, are comparable documents; both are based on essentially the same general approach and the same set of technical, operational, and management security controls. The CSP submitted by the licensee was reviewed against the corresponding sections in RG 5.71.

-4

3.0 TECHNICAL EVALUATION

The NRC staff performed a technical evaluation of the licensee's submittal. The licensee's submittal, with the exceptions of deviations described in Section 4.0, generally conformed to the guidance in NEI 08-09, Revision 6, which was found to be acceptable by the NRC staff and comparable to RG 5.71 to satisfy the requirements contained in 10 CFR 73.54. The staff reviewed the licensee's submittal against the requirements of 10 CFR 73.54 following the guidance contained in RG 5.71. The staff's evaluation of each section of the CSP submitted by the licensee is discussed below.

3.1 Scope and Purpose The licensee's CSP establishes a means to achieve high assurance that digital computer and communication systems and networks associated with the following functions are adequately protected against cyber attacks up to and including the DBT:

1. Safety-related and important-to-safety functions;
2. Security functions;
3. Emergency preparedness functions, including offsite communications; and
4. Support systems and equipment which, if compromised, would adversely impact SSEP functions.

The CSP submitted by the licensee describes achievement of high assurance of adequate protection of systems associated with the above functions from cyber attacks by:

  • Implementing and documenting the "baseline" security controls as described in Section 3.1.6 of NEI 08-09, Revision 6, which is comparable to Regulatory Position C.3.3 described in RG 5.71; and
  • Implementing and documenting a Cyber Security Program to maintain the established cyber security controls through a comprehensive life cycle approach as described in Section 4 of NEI 08-09, Revision 6, which is comparable to Appendix A, Section A.2.1 of RG 5.71.

Thus, the licensee's CSP, as originally submitted, is comparable to the CSP in NEI-08-09, Revision 6. However, in its submittal dated March 31, 2011, the licensee clarified its original submission and indicated that the scope of systems includes those BOP SSCs that have an impact on NPP reactivity if compromised. This is in response to and consistent with SRM COMWCO-10-0001, in which the Commission stated that the NRC's cyber security rule at 10 CFR 73.54 should be interpreted to include SSCs in the BOP that have a nexus to radiological health and safety. The NRC staff determined that this is defined as those systems that have a nexus to radiological health and safety are those that could directly or indirectly affect reactivity of a NPP, and are therefore within the scope of important-to-safety functions described in 10 CFR 73.54(a){1).

- 5 The NRC staff reviewed the CSP and the supplemental information submitted by the licensee and found no deviation from Regulatory Position C.3.3 in RG 5.71 and Appendix A, Section A.2.1 of RG 5.71. The NRC staff concludes that the licensee established adequate measures to implement and document the Cyber Security Program, including baseline security controls.

Based on the above, the NRC staff concludes that the licensee's CSP adequately establishes the Cyber Security Program, including baseline security controls.

3.2 Analyzing Digital Computer Systems and Networks and Applying Cyber Security Controls The licensee's CSP states that the Cyber Security Program is established, implemented, and maintained as described in Section 3.1 of NEI 08-09, Revision 6, which is comparable to Regulatory Position C.1 described in RG 5.71 to:

  • Analyze digital computer and communications systems and networks; and

The CSP submitted by the licensee describes how the cyber security controls in Appendices 0 and E of NEI 08-09, Revision 6, which are comparable to Appendices Band C in RG 5.71, are addressed to protect COAs from cyber attacks.

This section of the CSP submitted by the licensee is comparable to Regulatory Position C.1 in RG 5.71 without deviation.

Based on the above, the NRC staff concludes that the licensee's CSP adequately addresses security controls.

3.3 Cyber Security Assessment and Authorization The licensee provided information addressing the creation of a formal, documented, cyber security assessment and authorization policy. This included a description concerning the creation of a formal, documented procedure comparable to Section 3.1.1 of NEI 08-09, Revision 6.

The NRC staff concludes that the licensee established adequate measures to define and address the purpose, scope, roles, responsibilities, management commitment, and coordination, and to facilitate the implementation of the cyber security assessment and authorization policy.

The NRC staff reviewed the above information and found no deviation from Section 3.1.1 of NEI 08-09, Revision 6, which is comparable to Regulatory Position C.3.1.1 and Appendix A, SectionA.3.1.10fRG5.71.

- 6 Based on the above, the NRC staff concludes that the licensee's CSP adequately established controls to develop, disseminate, and periodically update the cyber security assessment and authorization policy and implementing procedure.

3.4 Cyber Security Assessment Team The Cyber Security Assessment Team (CSAT) responsibilities include conducting the cyber security assessment, documenting key findings during the assessment, and evaluating assumptions and conclusions about cyber security threats. The CSP submitted by the licensee outlines the requirements, roles and responsibilities of the CSAT comparable to Section 3.1.2 of NEI 08-09, Revision 6. It also describes that the CSAT has the authority to conduct an independent assessment.

The CSP submitted by the licensee describes that the CSAT will consist of individuals with knowledge about information and digital systems technology; NPP operations, engineering, and plant technical specifications; and physical security and emergency preparedness systems and programs. The CSAT description in the CSP is comparable to Regulatory Position C.3.1.2 in RG 5.71.

The CSP submitted by the licensee lists the roles and responsibilities for the CSAT which included performing and overseeing the cyber security assessment process; documenting key observations; evaluating information about cyber security threats and vulnerabilities; confirming information obtained during tabletop reviews, walk-downs, or electronic validation of CDAs; and identifying potential new cyber security controls.

This section of the CSP submitted by the licensee is comparable to Regulatory Position C.3.1.2 in RG 5.71 without deviation.

Based on the above, the NRC staff concludes that the licensee's CSP adequately establishes the requirements, roles, and responsibilities of the CSAT.

3.5 Identification of CDAs The CSP submitted by the licensee states that the licensee will identify and document CDAs and critical systems (CSs), including a general description, the overall function, the overall consequences if a compromise were to occur, and the security functional requirements or specifications as described in Section 3.1.3 of NEI 08-09, Revision 6, which is comparable to Regulatory Position C.3.1.3 of RG 5.71.

Based on the above, the NRC staff concludes that the licensee's CSP adequately describes the process to identify CDAs.

3.6 Examination of Cyber Security Practices The CSP submitted by the licensee describes how the CSAT will examine and document the existing cyber security policies, procedures, and practices; existing cyber security controls; detailed descriptions of network and communication architectures (or network/communication architecture drawings); information on security devices; and any other information that may be

-7 helpful during the cyber security assessment process as described in Section 3.1.4 of NEI 08-09, Revision 6, which is comparable to Regulatory Position C.3.1.2 of RG 5.71. The examinations will include an analysis of the effectiveness of the existing Cyber Security Program and cyber security controls. The CSAT will document the collected cyber security information and the results of their examination of the collected information.

This section of the CSP submitted by the licensee is comparable to Regulatory Position C.3.1.2 in RG 5.71 without deviation.

Based on the above, the NRC staff concludes that the licensee's CSP adequately describes the examination of cyber security practices.

3.7 Tabletop Reviews and Validation Testing The CSP submitted by the licensee describes tabletop reviews and validation testing, which confirm the direct and indirect connectivity of each CDA and identify direct and indirect pathways to CDAs. The CSP states that validation testing will be performed electronically or by physical walkdowns. The licensee's plan for tabletop reviews and validation testing is comparable to Section 3.1.5 of NEI 08-09, Revision 6, which is comparable to Regulatory Position C.3.1.4 of RG 5.71.

Based on the above, the NRC staff concludes that the licensee's CSP adequately describes tabletop reviews and validation testing.

3.8 Mitigation of Vulnerabilities and Application of Cyber Security Controls The CSP submitted by the licensee describes the use of information collected during the cyber security assessment process (e.g., disposition of cyber security controls, defensive models, defensive strategy measures, site and corporate network architectures) to implement security controls in accordance with Section 3.1.6 of NEI 08-09, Revision 6, which is comparable to Regulatory Position C.3.3 and Appendix A.3.1.6 to RG 5.71. The CSP describes the process that will be applied in cases where security controls cannot be implemented.

The CSP submitted by the licensee notes that before the licensee can implement security controls on a CDA, it will assess the potential for adverse impact in accordance with Section 3.1.6 of NEI 08-09, Revision 6, which is comparable to Regulatory Position C.3.3 of RG 5.71.

Based on the above, the NRC staff concludes that the licensee's CSP adequately describes mitigation of vulnerabilities and application of security controls.

3.9 Incorporating the Cyber Security Program into the Physical Protection Program The CSP submitted by the licensee states that the Cyber Security Program will be reviewed as a component of the Physical Security Program in accordance with the requirements of 10 CFR 73.55(m). This is comparable to Section 4.1 of NEI 08-09, Revision 6, which is comparable to Regulatory Position C.3.4 of RG 5.71.

- 8 This section of the CSP submitted by the licensee is comparable to Appendix A, Section A.3.2 in RG 5.71 without deviation.

Based on the above, the NRC staff concludes that the licensee's CSP adequately describes review of the CSP as a component of the physical security program.

3.10 Cyber Security Controls The CSP submitted by the licensee describes how the technical, operational, and management cyber security controls contained in Appendices D and E of NEI 08-09, Revision 6, that are comparable to Appendices Band C in RG 5.71, are evaluated and dispositioned based on site specific conditions during all phases of the Cyber Security Program. The CSP states that many security controls have actions that are required to be performed on specific frequencies and that the frequency of a security control is satisfied if the action is performed within 1.25 times the frequency specified in the control, as applied, and as measured from the previous performance of the action as described in Section 4.2 of NEI 08-09, Revision 6.

This section of the CSP submitted by the licensee is comparable to Appendix A, Section A.3.1.6 in RG 5.71 without deviation.

Based on the above, the NRC staff concludes that the licensee's CSP adequately describes implementation of cyber security controls.

3.11 Defense-in-Depth Protective Strategies The CSP submitted by the licensee describes the implementation of defensive strategies that ensure the capability to detect, respond to, and recover from a cyber attack. The CSP specifies that the defensive strategies consist of security controls, defense-in-depth measures, and the defensive architecture. The submitted CSP notes that the defensive architecture establishes the logical and physical boundaries to control the data transfer between these boundaries.

The licensee established defense-in-depth strategies by: implementing and documenting a defensive architecture as described in Section 4.3 of NEI 08-09, Revision 6, which is comparable to Regulatory Position C.3.2 in RG 5.71; a physical security program, including physical barriers; the operational and management controls described in Appendix E of NEI 08-09, Revision 6, which is comparable to Appendix C to RG 5.71; and the technical controls described in Appendix D of NEI 08-09, Revision 6, which is comparable to Appendix B to RG 5.71.

This section of the CSP submitted by the licensee is comparable to Regulatory Position C.3.2 and Appendix A, Section A.3.1.5 in RG 5.71 without deviation.

Based on the above, the NRC staff concludes that the licensee's CSP adequately describes implementation of defense-in-depth protective strategies.

- 9 3.12 Ongoing Monitoring and Assessment The CSP submitted by the licensee describes how ongoing monitoring of cyber security controls to support CDAs is implemented comparable to Appendix E of NEI OS-09, Revision 6, which is comparable to Regulatory Positions CA.1 and CA.2 of RG 5.71. The ongoing monitoring program includes configuration management and change control; cyber security impact analysis of changes and changed environments; ongoing assessments of cyber security controls; effectiveness analysis (to monitor and confirm that the cyber security controls are implemented correctly, operating as intended, and achieving the desired outcome) and vulnerability scans to identify new vulnerabilities that could affect the security posture of CDAs.

This section of the CSP submitted by the licensee is comparable to Regulatory Positions CA.1 and CA.2 of RG 5.71 without deviation.

Based on the above, the NRC staff concludes that the licensee's CSP adequately describes ongoing monitoring and assessment.

3.13 Modification of Digital Assets The CSP submitted by the licensee describes how cyber security controls are established, implemented, and maintained to protect CDAs. These security controls ensure that modifications to CDAs are evaluated before implementation, the cyber security performance objectives are maintained, and acquired CDAs have cyber security requirements in place to achieve the site's Cyber Security Program objectives. This is comparable to Section 4.5 of NEI OS-09, Revision 6, which is comparable to Appendices AA.2.5 and AA.2.6 of RG 5.71.

Based on the above, the NRC staff concludes that the licensee's CSP adequately describes modification of digital assets.

3.14 Attack Mitigation and Incident Response The CSP submitted by the licensee describes the process to ensure that SSEP functions are not adversely impacted due to cyber attacks in accordance with Section 4.6 of NEI OS-09, Revision 6, which is comparable to Appendix C, Section C.S of RG 5.71. The CSP includes a discussion about creating incident response policy and procedures, and addresses training, testing and drills, incident handling, incident monitoring, and incident response assistance. It also describes identification, detection, response, containment, eradication, and recovery activities comparable to Section 4.6 of NEI OS-09, Revision 6.

This section of the CSP submitted by the licensee is comparable to Appendix C, Section C.S of RG 5.71 without deviation.

Based on the above, the NRC staff concludes that the licensee's CSP adequately describes attack mitigation and incident response.

- 10 3.15 Cyber Security Contingency Plan The submitted CSP describes creation of a Cyber Security Contingency Plan and policy that protects CDAs from the adverse impacts of a cyber attack described in Section 4.7 of NEI 08 09, Revision 6, which is comparable to Regulatory Position C.3.3.2.7 and Appendix C.9 of RG 5.71. The licensee describes the Cyber Security Contingency Plan that would include a response to events.

This section of the plan deviates from NEI 08-09, Revision 6, in three places. The first deviation states that a contingency plan mitigates CDAs from adverse impacts from cyber attack, rather than protects; this deviation is acceptable as it is technically accurate.

The second deviation removes a bullet about what a cyber security contingency plan includes; rather than having procedures for operating the CDAs in manual mode with external electronic communications connections severed until secure conditions can be restored, the licensee states that it will have procedures for severing external electronic communications connections, where allowed, until secure conditions can be restored. The NRC staff concludes that this deviation is acceptable based on the justification provided by the licensee that the action, as written in the template, would likely violate the Technical Specifications and plant operating procedures. Severing external electronic communications connections until secure conditions can be restored would be acceptable to the NRC staff in lieu of operating CDAs in manual mode.

The third deviation states that rather than maintaining current versions of processes and procedures for the backup and secure storage of information, complete and up-to-date logical diagrams depicting network connectivity, and current configuration information for components, the licensee intends to provide instructions for locating these documents instead. The NRC staff concludes that this deviation is acceptable based on the justification provided by the licensee that they are not going to maintain current versions of these documents within the contingency plan. The licensee states that these documents are maintained current under the station Configuration Management Program.

This section of the CSP submitted by the licensee is comparable to Regulatory Position C.3.3.2.7 of RG 5.71, with deviations.

Based on the above, the NRC staff concludes that the CSP adequately describes the cyber security contingency plan.

3.16 Cyber Security Training and Awareness The CSP submitted by the licensee describes a program that establishes the training requirements necessary for the licensee's personnel and contractors to perform their assigned duties and responsibilities in implementing the Cyber Security Program in accordance with Section 4.8 of NEI 08-09, Revision 6, which is comparable to Regulatory Position C.3.3.2.8 of RG 5.71.

The CSP states that individuals will be trained with a level of cyber security knowledge commensurate with their assigned responsibilities in order to provide high assurance that

- 11 individuals are able to perform their job functions in accordance with Appendix E of NEI 08-09, Revision 6, which is comparable to Regulatory Position C.3.3.2.8 of RG 5.71 and describes three levels of training: awareness training, technical training, and specialized cyber security training.

Based on the above, the NRC staff concludes that the licensee's CSP adequately describes the cyber security training and awareness program.

3.17 Evaluate and Manage Cyber Risk The CSP submitted by the licensee describes how cyber risk is evaluated and managed utilizing site programs and procedures comparable to Section 4.9 of NEI 08-09, Revision 6, which is comparable to Regulatory Position C.4 and Appendix C, Section C.13 of RG 5.71. The CSP describes the Threat and Vulnerability Management Program, Risk Mitigation, Operational Experience Program; and the Corrective Action Program and how each will be used to evaluate and manage risk.

This section of the CSP submitted by the licensee is comparable to Regulatory Position C.4 and Appendix C, Section C.13 of RG 5.71 without deviation.

Based on the above, the NRC staff concludes that the licensee's CSP adequately describes evaluation and management of cyber risk.

3.18 Policies and Implementing Procedures The CSP describes development and implementation of policies and procedures to meet security control objectives in accordance with Section 4.10 of NEI 08-09, Revision 6, which is comparable to Regulatory Position C.3.5 and Appendix A, Section A.3.3 of RG 5.71. This includes the process to document, review, approve, issue, use, and revise policies and procedures.

The CSP also describes the licensee's procedures to establish specific responsibilities for positions described in Section 4.11 of NEI 08-09, Revision 6, which is comparable to Appendix C, Section C.10.10 of RG 5.71.

This section of the CSP submitted by the licensee is comparable to Regulatory Position C.3.5, Appendix A, Section A.3.3, and Appendix C, Section C.10.10 of RG 5.71 without deviation.

Based on the above, the NRC staff concludes that the licensee's CSP adequately describes cyber security policies and implementing procedures.

3.19 Roles and Responsibilities The CSP submitted by the licensee describes the roles and responsibilities for the qualified and experienced personnel, including the Cyber Security Program Sponsor, the Cyber Security Program Manager, Cyber Security Specialists, the Cyber Security Incident Response Team (CSIRT), and other positions as needed. The CSIRT initiates in accordance with the Incident Response Plan and initiates emergency action when required to safeguard CDAs from cyber

- 12 security compromise and to assist with the eventual recovery of compromised systems.

Implementing procedures establish roles and responsibilities for each of the cyber security roles in accordance with Section 4.11 of NEI 08-09, Revision 6, which is comparable to Regulatory Position C.3.1.2, Appendix A, Section A.3.1.2, and Appendix C, Section C.1 0.1 0 of RG 5.71.

Based on the above, the NRC staff concludes that the licensee's CSP adequately describes cyber security roles and responsibilities.

3.20 Cyber Security Program Review The CSP submitted by the licensee describes how the Cyber Security Program establishes the necessary procedures to implement reviews of applicable program elements in accordance with Section 4.12 of NEI 08-09, Revision 6, which is comparable to Regulatory Position C.4.3 and Appendix A, Section A.4.3 of RG 5.71.

Based on the above, the NRC staff concludes that the licensee's CSP adequately describes Cyber Security Program review.

3.21 Document Control and Records Retention and Handling The CSP submitted by the licensee describes that the licensee has established the necessary measures and governing procedures to ensure that sufficient records of items and activities affecting cyber security are developed, reviewed, approved, issued, used, and revised to reflect completed work. The CSP states that superseded portions of certain records will be retained for at least 3 years after the record is superseded, while audit records will be retained for no less than 12 months in accordance with Section 4.13 of NEI 08-09, Revision 6. However, this guidance provided by industry to licensees did not fully comply with the requirements of 10 CFR 73.54.

In a letter dated February 28,2011 (ADAMS Accession No. ML110600204), NEI sent to the NRC proposed language for licensees' use to respond to the generic records retention issue, to which the NRC had no technical objection (

Reference:

Letter from NRC dated March 1, 2011, ADAMS Accession No. ML110490337). The proposed language clarified the requirement by providing examples (without providing an all-inclusive list) of the records and supporting technical documentation that are needed to satisfy the requirements of 10 CFR 73.54. All records will be retained until the Commission terminates the license, and the licensee shall maintain superseded portions of these records for at least 3 years after the record is superseded, unless otherwise specified by the Commission. By retaining accurate and complete records and technical documentation until the license is terminated, inspectors, auditors, or assessors will have the ability to evaluate incidents, events, and other activities that are related to any of the cyber security elements described, referenced, and contained within the licensee's NRC-approved CSP. It will also allow the licensee to maintain the ability to detect and respond to cyber attacks in a timely manner, in the case of an event. In a letter dated March 31, 2011, the licensee responded to the records retention issue using the language proposed by NEI in its letter dated February 28, 2011.

This section of the CSP submitted by the licensee is comparable to Regulatory Position C.5 and Appendix A, Section A.5 of RG 5.71 without deviation.

- 13 Based on the above, the NRC staff concludes that the language the licensee proposes to adopt provides for adequate records retention and will support the licensee's ability to detect and respond to cyber attacks. The NRC staff further concludes that this section is comparable to Regulatory Position C.5 and Appendix A, Section A.5 of RG 5.71 without deviation.

Accordingly, the NRC staff concludes that the licensee's CSP adequately describes cyber security document control and records retention and handling.

3.22 Implementation Schedule The CSP submitted by the licensee provides a proposed implementation schedule for the Cyber Security Program. In a letter dated February 28,2011 (ADAMS Accession No. ML110600206),

NEI sent to the NRC a template for licensees to use to submit their CSP implementation schedules, to which the NRC had no technical objection (

Reference:

Letter from NRC dated March 1,2011, ADAMS Accession No. ML110070348). These key milestones include:

  • Install a deterministic one-way device between lower level devices and higher level devices;
  • Implement the security control "Access Control For Portable And Mobile Devices";
  • Implement observation and identification of obvious cyber related tampering to existing insider mitigation rounds by incorporating the appropriate elements;
  • Identify, document, and implement cyber security controls as per "Mitigation of Vulnerabilities and Application of Cyber Security Controls" for CDAs that could adversely impact the design function of physical security target set equipment; and
  • Commence ongoing monitoring and assessment activities for those target set CDAs whose security controls have been implemented.

In its letter dated March 31, 2011, the licensee provided a revised implementation schedule using the NEI template. The NRC staff considers this March 31, 2011, supplement to be the approved schedule as required by 10 CFR 73.54. Based on the provided schedule ensuring timely implementation of those protective measures that provide a higher degree of protection against radiological sabotage, the NRC staff concludes that the Cyber Security Program implementation schedule is satisfactory.

The NRC staff acknowledges that, in its submittal dated July 22,2010, APS proposed a CSP implementation date as a regulatory commitment and that, in its supplemental letter dated March 31, 2011, APS provided several CSP milestone implementation dates. The NRC staff does not regard the CSP milestone implementation dates as regulatory commitments that can

- 14 be changed unilaterally by the licensee, particularly in light of the reg ulatory requirement at 10 CFR 73.54, that U[i]mplementation of the licensee's cyber security program must be consistent with the approved schedule." As the NRC staff explained in its letter to all operating reactor licensees dated May 9,2011 (ADAMS Accession No. ML110980538), "the implementation of the plan, including the key intermediate milestone dates and the full implementation date, shall be in accordance with the implementation schedule submitted by the licensee and approved by the NRC. All subsequent changes to the NRC-approved CSP implementation schedule thus will require prior NRC approval pursuant in 10 CFR 50.90."

3.23 Revision to License Condition 2.E By letter dated July 22,2010, the licensee proposed to add a paragraph to Paragraph 2.E of Facility Operating License Nos. NPF-41, NPF-51, and NPF-74, for Palo Verde, Units 1, 2, and 3, respectively, to provide a license condition to require the licensee to fully implement and maintain in effect all provisions of the NRC-approved CSP. The NRC staff modified the proposed wording of the license condition described in the licensee's submittal dated July 22, 2010, and the licensee agreed with the revised license condition proposed by the NRC staff.

The following paragraph is added to Paragraph 2.E of Facility Operating License No. NPF-41 for Palo Verde, Unit 1:

APS shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The APS CSP was approved by License Amendment No. 185.

The following paragraph is added to Paragraph 2.E of Facility Operating License No. NPF-51 for Palo Verde, Unit 2:

APS shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The APS CSP was approved by License Amendment No. 185.

The following paragraph is added to Paragraph 2.E of Facility Operating License No. NPF-74 for Palo Verde. Unit 3:

APS shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The APS CSP was approved by License Amendment No. 185.

Based on the information in Section 3.0 of this safety evaluation and the modified license condition described above, the NRC concludes this is acceptable.

- 15 4.0 DIFFERENCES FROM NEI 08-09, REVISION 6 The licensee provided a table of deviations in Enclosure 4 of the licensee's CSP. The NRC staff notes the following additional differences between the licensee's submission and NEI 08-09, Revision 6:

  • In Section 3.1, "Scope and Purpose," the licensee clarified the definition of important-to-safety functions, consistent with SRM-COMWCO-10-0001.
  • In Section 3.15, "Cyber Security Contingency Plan," the licensee changed the word "protects" to "mitigates" in a statement "contingency plan mitigates CDAs from adverse impacts from cyber attack." The licensee, rather than having procedures for operating the CDAs in manual mode with external electronic communications connections severed until secure conditions can be restored, will have procedures for severing external electronic communications connections, where allowed, until secure conditions can be restored. Also, rather than maintaining current versions of processes and procedures for the backup and secure storage of information, complete and up-to-date logical diagrams depicting network connectivity, and current configuration information for components, the licensee intends to provide instructions for locating these documents instead.
  • In Section 3.21, "Document Control and Records Retention and Handling," the licensee clarified the definition of records and supporting documentation that will beretained to conform to the requirements of 10 CFR 73.54.
  • In Section 3.22, "Implementation Schedule," the licensee submitted a revised implementation schedule, specifying the interim milestones and the final implementation date, including supporting rationale.

The NRC staff concludes that all of these deviations are acceptable as discussed in the respective sections of this safety evaluation.

5.0 STATE CONSULTATION

In accordance with the Commission's regulations, the Arizona State official was notified of the proposed issuance of the amendment. The State official had no comments.

6.0 ENVIRONMENTAL CONSIDERATION

The amendments change a requirement with respect to installation or use of a facility component located within the restricted area as defined in 10 CFR Part 20. The NRC staff has determined that the amendments involve no significant increase in the amounts, and no significant change in the types, of any effluents that may be released offsite, and that there is no significant increase in individual or cumulative occupational radiation exposure. The Commission has previously issued a proposed finding that the amendments involve no significant hazards consideration, and there has been no public comment on such finding

~ 16 ~

published in the Federal Register on November 9,2010 (75 FR 68833). Also, this amendment relates to safeguards matters and does not involve any significant construction impacts and relates to changes in recordkeeping, reporting, or administrative procedures or requirements.

Accordingly, the amendment meets the eligibility criteria for categorical exclusion set forth in 10 CFR 51.22{c)(9), (10), and (12). Pursuant to 10 CFR 51.22(b), no environmental impact statement or environmental assessment need be prepared in connection with the issuance of the amendments.

7.0 CONCLUSION

The NRC staff's review and evaluation of the licensee's CSP was conducted using the staff positions established in the relevant sections of RG 5.71. Based on the NRC staff's review, the NRC concludes that the licensee addressed the relevant information necessary to satisfy the requirements of 10 CFR 73.54, 10 CFR 73.55{a)(1), 10 CFR 73.55{b){8), and 10 CFR 73.55{m),

as applicable, and that the licensee's Cyber Security Program provides high assurance that digital computer and communication systems and networks associated with the following are adequately protected against cyber attacks, up to and including the DBT as described in 10 CFR 73.1. This includes protecting digital computer and communication systems and networks associated with: (i) safety~related and important~to~safety functions; (ii) security functions; (iii) emergency preparedness functions, including offsite communications; and (iv) support systems and equipment which, if compromised, would adversely impact SSEP functions.

Therefore, the NRC staff concludes that the information contained in this CSP to be acceptable and upon successful implementation of this program, operation of the Palo Verde, Units 1, 2, and 3 will not be inimical to the common defense and security. The Commission has concluded, based on the considerations discussed above, that: (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner, (2) such activities will be conducted in compliance with the Commission's regulations, and (3) the issuance of the amendments will not be inimical to the common defense and security or to the health and safety of the public.

- 17

8.0 REFERENCES

1. Vietti-Cook, A. L., memorandum to R W. Borchardt, U.S. Nuclear Regulatory Commission, "Staff Requirements - COMWCO-10-000 - Regulation of Cyber Security at Nuclear Power Plants," dated October 21,2010 (ADAMS Accession No. ML102940009).
2. U.S. Nuclear Regulatory Commission, Regulatory Guide 5.71, "Cyber Security Programs for Nuclear Facilities," dated January 2010 (ADAMS Accession No. ML090340159).
3. Correia, R, U.S. Nuclear Regulatory Commission, letter to Jack Roe, Nuclear Energy Institute, "Nuclear Energy Institute 08-09, 'Cyber Security Plan Template; Revision 6,'"

dated May 5,2010 (ADAMS Accession No. ML101190371).

4. Roe, J., Nuclear Energy Institute, letter to Scott Morris, U.S. Nuclear Regulatory Commission, "NEI 08-09, Revision 6, 'Cyber Security Plan for Nuclear Power Reactors; April 2010,'" dated April 28, 2010 (ADAMS Accession No. ML101180434).
5. Correia, R, U.S. Nuclear Regulatory Commission, letter to Christopher E. Earls, Nuclear Energy Institute, "Nuclear Energy Institute 08-09, 'Cyber Security Plan Template; Rev. 6,'" dated June 7,2010 (ADAMS Accession No. ML101550052).

Principal Contributor: Robert Harren, NSIR Date: July 26, 2011

R. Edington -2 A copy of the related Safety Evaluation is also enclosed. The Notice of Issuance will be included in the Commission's next biweekly Federal Register notice.

Sincerely, IRA!

Lauren K. Gibson, Project Manager Plant Licensing Branch IV Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket Nos. STN 50-528, STN 50-529, and STN 50-530

Enclosures:

1. Amendment No. 185 to NPF-41
2. Amendment No. 185 to NPF-51
3. Amendment No. 185 to NPF-74
4. Safety Evaluation cc w/encls: Distribution via Listserv DISTRIBUTION:

PUBLIC LPLIV Reading RidsAcrsAcnw_MaiICTR Resource RidsNsirDsp Resource RidsNrrDorlDpr Resource RidsNrrDorlLpl4 Resource RidsNrrPMPaloVerde Resource RidsNrrLAJBurkhardt Resource RidsOgcRp Resource RidsRgn4MailCenter Resource PPederson, NSIRIDSPIISCPB RHarren, NSIRIDSP/ISCPB ADAMS Accession No' ML111710110 *concurrence with changes made since SE memo dated 6/15/11 OFFICE NRR/LPL4/PM NRR/LPL4/LA NSIR/DSP/lSCPB/BC !OGC NLO NRR/LPL4/BC NRR/LPL4/PM NAME LKGibson JBurkhardt CErlanger* 'BMizuno MMarkley LKGibson DATE 7/11/11 6/29/11 7/8111 7/21/11 7/26/11 7/26/11 OFFICIAL RECORD COpy

Retrieved from "https://kanterella.com/w/index.php?title=ML111710110&oldid=2642781"