ML12184A130

From kanterella
Jump to navigation Jump to search
Correction of Safety Evaluation Regarding Cyber Security Plan License Amendment
ML12184A130
Person / Time
Site: Summer South Carolina Electric & Gas Company icon.png
Issue date: 07/12/2012
From: Martin R
Plant Licensing Branch II
To: Gatlin T
South Carolina Electric & Gas Co
Martin R
Shared Package
ML12195A027 List:
References
Download: ML12184A130 (4)
v  d  e


Text

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 July 12, 2012 Mr. Thomas D. Gatlin Vice President, Nuclear Operations South Carolina Electric & Gas Company Virgil C. Summer Nuclear Station Post Office Box 88 Jenkinsville, SC 29065

SUBJECT:

VIRGIL C. SUMMER NUCLEAR STATION, UNIT NO.1, CORRECTION OF SAFETY EVALUATION REGARDING CYBER SECURITY PLAN LICENSE AMENDMENT

Dear Mr. Gatlin:

On August 24, 2011, the U.S. Nuclear Regulatory Commission (NRC) issued Amendment No. 184 to Renewed Facility Operating License No. NPF-12 for the Virgil C. Summer Nuclear Station (VCSNS), Unit 1. The amendment revised the facility operating license to reflect approval of the Cyber Security Plan (CSP) and the associated Implementation Schedule.

The NRC staff has determined that an error was made in the Safety Evaluation for Amendment No. 184. Enclosed please find corrected safety evaluation pages 12 and 13. Corrections are noted by bars in the left margin. The error affects the scope of activities to be performed to complete Milestone 6 of the VCSNS CSP. The correction of this error does not affect the NRC staffs conclusions regarding the adequacy of the VCSNS CSP, nor does it require a change to the CSP license condition for VCSNS Unit 1.

Sincerely, (J1ab~::m~~ject Plant Licensing Branch 11-1 Manager Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket No. 50-395

Enclosure:

Corrected Safety Evaluation pages 12 and 13 cc w/encls: Distribution via Listserv

-12

  • Install a deterministic one-way device between lower level devices and higher level devices;
  • Implement the security control "Access Control For Portable And Mobile Devices";
  • Implement observation and identification of obvious cyber related tampering to existing insider mitigation rounds by incorporating the appropriate elements;
  • Identify, document, and implement cyber security controls as per "Mitigation of Vulnerabilities and Application of Cyber Security Controls" for CDAs that could adversely impact the design function of physical security target set equipment; and
  • Commence ongoing monitoring and assessment activities for those target set CDAs whose security controls have been implemented.

The NRC staff considers this March 28, 2011 supplement the approved schedule as required by 10 CFR 73.54.

The NRC staff acknowledges that, in its submittals, the licensee proposed several CSP milestone implementation dates as regulatory commitments. The NRC staff does not regard the CSP milestone implementation dates as regulatory commitments that can be changed unilaterally by the licensee, particularly in light of the regulatory requirement at 10 CFR 73.54, that "[i]mplementation of the licensee's cyber security program must be consistent with the approved schedule." As the NRC staff explained in its letter to all operating reactor licensees dated May 9,2011 (ADAMS Accession No. ML110980538), the implementation of the plan, including the key intermediate milestone dates and the full implementation date, shall be in accordance with the implementation schedule submitted by the licensee and approved by the NRC. All subsequent changes to the NRC-approved CSP implementation schedule thus will require prior NRC approval pursuant in 10 CFR 50.90.

Based on the provided schedule ensuring timely implementation of these protective measures that provide a higher degree of protection against radiological sabotage, the NRC staff finds the Cyber Security Program implementation schedule is satisfactory.

3.23 Revision to License Condition By letter dated August 5,2010, the licensee proposed to add a paragraph to Paragraph 2.E of Facility Operating License No. NPF-12 for VCSNS, Unit 1, to provide a license condition to require the licensee to fully implement and maintain in effect all provisions of the NRC-approved CSP. The NRC staff modified the proposed wording of the license condition described in the licensee's Enclosure

- 13 submittal dated August 5, 2010, and the licensee agreed with the revised license condition proposed by the NRC staff.

The following paragraph is added to Paragraph 2.E of Facility Operating license No. NPF-12 for VCSNS, Unit 1:

SCE&G shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The SCE&G CSP was approved by license Amendment No. 184.

Based on the information in Section 3.0 of this safety evaluation and the modified license condition described above, the NRC concludes this is acceptable.

4.0 DIFFERENCES FROM NEI 08*09, REVISION 6 The NRC staff notes the following additional differences between the licensee's submission and NEI 08-09, Revision 6:

  • In Section 3.1, "Scope and Purpose," the licensee clarified the definition of important-to-safety functions, consistent with SRM-COMWCO-10-0001.
  • In Section 3.21, "Document Control and Records Retention and Handling," the licensee clarified the definition of records and supporting documentation that will be retained to conform to the requirements of 10 CFR 73.54.
  • In Section 3.22, "Implementation Schedule," the licensee submitted a revised implementation schedule, specifying the interim milestones and the final implementation date, including supporting rationale.

The NRC staff finds all of these deviations to be acceptable as discussed in the respective sections.

5.0 STATE CONSULTATION

In accordance with the Commission's regulations, the State of South Carolina official was notified of the proposed issuance of the amendment. The State official had no comments.

6.0 ENVIRONMENTAL CONSIDERATION

The amendments by incorporation of the NRC-approved CSP and the NRC-approved CSP implementation schedule in the licensee's bases, involve (1) changes in a requirement with respect to installation or use of a facility component located within the restricted area as defined in 10 CFR Part 20 and changes in surveillance requirements, (2) changes in record keeping, reporting, or administrative procedures or requirements, and (3) solely related to safeguards matters (protection against sabotage) involving (a) Organizational and Procedural matters, (b)

Modifications to systems used for security, and (c) Administrative Changes. The NRC staff has determined that the amendments involve no significant increase in the amounts, and no significant change in the types of any effluents that may be released offsite, and that there is no

ML12195A027 Amendment ML11201A312 Letter ML12184A130

  • NSIR Memo dated OFFICE NRRlLPL2*1/PM NRRlLPL2-1/LA I OGC I NSIRIDSP/BC NRRlLPL2-1/BC NRRlLPL2-1/PM NAME RMartin SFigueroa I BMizuno I CErlanger NSalgadp RMartin DATE 07109/12 07/10/12 I 07/10/12 I 06/27/11
  • 07/12/12 07/12/12
Retrieved from "https://kanterella.com/w/index.php?title=ML12184A130&oldid=2098167"