ML12222A086
| ML12222A086 | |
| Person / Time | |
|---|---|
| Site: | Cook  |
| Issue date: | 08/13/2012 |
| From: | Tam P Plant Licensing Branch III |
| To: | Weber L Indiana Michigan Power Co |
| Tam P | |
| References | |
| TAC ME4275, TAC ME4276 | |
| Download: ML12222A086 (4) | |
Text
~",R REGUt UNITED STATES
,>v'-
"I)
">~,
O~.L NUCLEAR REGULATORY COMMISSION t:!
(>
WASHINGTON, D.C. 20555-0001
<f 0
s:
~
~
~
~
August 13, 2012
+"
~O
- 1<
Mr. Lawrence J. Weber Senior Vice President and Chief Nuclear Officer Indiana Michigan Power Company Nuclear Generation Group One Cook Place Bridgman, MI 49106
SUBJECT:
DONALD C. COOK NUCLEAR PLANT, UNITS 1 AND 2 - ISSUANCE OF AMENDMENTS RE: CYBER SECURITY PLAN (TAC NOS. ME4275 AND ME4276)
Dear Mr. Weber:
On July 28, 2011, the U.S. Nuclear Regulatory Commission (NRC) issued an amendment identified as No. 315 to Renewed Facility Operating License No. DPR-58 and No. 299 to Renewed Facility Operating License No. DPR-74 for the Donald C. Cook Nuclear Plant, Units 1 and 2. The amendment revised the subject licenses to reflect approval of the Cyber Security Plan (CSP) and associated Implementation Schedule in response to the application dated July 19, 2010, as supplemented by letters dated September 28,2010, November 30,2010, and April 8, 2011.
The NRC staff has determined that an error was made in the safety evaluation (SE) issued to support the subject amendment. Enclosed, please find the corrected pages, 12 and 13, of the SE. The error affects the scope of activities to be performed to complete Milestone 6 of the Donald C. Cook Nuclear Plant CSP. The correction of this error does not affect the NRC staffs conclusions regarding the adequacy of the Donald C. Cook Nuclear Plant CSP, nor does it require a change to the CSP license condition imposed by the subject amendment.
However, if Indiana Michigan Power Company wishes to modify the implementation schedule for Milestone 6, as included in the currently approved Donald C. Cook Nuclear Plant CSP, it should be requested pursuant to Title 10 of the Code of Federal Regulations, Section 50.90.
~~
Peter S. Tam, Senior Project Manager Plant Licensing Branch 111-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket Nos. 50-315 and 50-316
Enclosures:
Corrected pages, 12 and 13, of the CSP SE cc w/encls: Distribution via ListServ
- 12 Implement the security control "Access Control For Portable And Mobile Devices";
Implement observation and identification of obvious cyber-related tampering to existing insider mitigation rounds by incorporating the appropriate elements; Identify, document, and implement cyber security controls as per "Mitigation of Vulnerabilities and Application of Cyber Security Controls" for CDAs that could adversely impact the design function of physical security target set equipment; and Commence ongoing monitoring and assessment activities for those target set CDAs whose security controls have been implemented.
The NRC staff considers this April 8, 2011, supplement the approved schedule as required by 10 CFR 73.54. Based on the provided schedule ensuring timely implementation of those protective measures that provide a higher degree of protection against radiological sabotage, the NRC staff finds the Cyber Security Program implementation schedule is satisfactory.
The NRC staff acknowledges that, in its submittal dated April 8, 2011, the licensee proposed several CSP milestone implementation dates as regulatory commitments. The NRC staff does not regard the CSP milestone implementation dates as regulatory commitments that can be changed unilaterally by the licensee, particularly in light of the regulatory requirement at 10 CFR 73.54, that "[i]mplementation of the licensee's cyber security program must be consistent with the approved schedule." As the NRC staff explained in its letter to all operating reactor licensees dated May 9, 2011 (ADAMS Accession No. ML110980538), the implementation of the plan, including the key intermediate milestone dates and the full implementation date, shall be in accordance with the implementation schedule submitted by the licensee and approved by the NRC. All subsequent changes to the NRC-approved CSP implementation schedule, thus, will require prior NRC approval pursuant in 10 CFR 50.90 4.0
SUMMARY
OF TECHNICAL EVALUATION 4.1 Differences from NEI 08-09, Revision 6 The NRC staff notes the following additional differences between the licensee's submission and NEI 08-09, Revision 6:
Corrected by letter of 8/13/2012
- 13 In Section 3.1! "Scope and Purpose," the licensee clarified the definition of important-to-safety functions, consistent with SRM-COMWCO-10-0001.
In Section 3.21, "Document Control and Records Retention and Handling," the licensee clarified the definition of records and supporting documentation that will be retained to conform to the requirements of 10 CFR 73.54.
In Section 3.22, "Implementation Schedule," the licensee submitted a revised implementation schedule, specifying the interim milestones and the final implementation date, including supporting rationale.
The NRC staff finds all of these deviations to be acceptable as discussed in the respective sections above.
4.2 Conclusion of Technical Evaluation The NRC staffs review and evaluation of the licensee's CSP was conducted using the staff positions established in the relevant sections of RG 5.71. Based on its review, the NRC staff finds that the licensee had addressed the relevant information necessary to satisfy the requirements of 10 CFR 73.54, 10 CFR 73.55(a)(1), 10 CFR 73.55(b)(8), and 10 CFR 73.55(m),
as applicable and that the licensee's Cyber Security Program provides high assurance that digital computer and communication systems and networks associated with the following are adequately protected against cyber attacks, up to and including the DBT as described in 10 CFR 73.1. This includes protecting digital computer and communication systems and networks associated with: (i) safety-related and important-to-safety functions; (ii) security functions; (iii) emergency preparedness functions, including offsite communications; and (iv) support systems and equipment which, if compromised, would adversely impact SSEP functions.
Therefore, the NRC staff finds the information contained in this CSP to be acceptable and upon successful implementation of this program, operation of the Donald C. Cook Nuclear Plant, Units 1 and 2, will not be inimical to the common defense and security.
5.0 STATE CONSULTATION
In accordance with the Commission's regulations, the Michigan State official was notified of the proposed issuance of the amendments. The State official had no comments.
6.0 ENVIRONMENTAL CONSIDERATION
The amendments change the requirements with respect to use of a facility component located within the restricted area as defined in 10 CFR Part 20. The NRC staff has determined that the amendments involve no significant increase in the amounts, and no significant change in the types, of any effluents that may be released offsite, and that there is no significant increase in individual or cumulative occupational radiation exposure. The Commission has previously issued a proposed finding that the amendments involve no significant hazards consideration and Corrected by letter of 8/13/2012
Mr. Lawrence J. Weber August 13, 2012 Senior Vice President and Chief Nuclear Officer Indiana Michigan Power Company Nuclear Generation Group One Cook Place Bridgman, MI 49106
SUBJECT:
DONALD C. COOK NUCLEAR PLANT, UNITS 1 AND 2 - ISSUANCE OF AMENDMENTS RE: CYBER SECURITY PLAN (TAC NOS. ME4275 AND ME4276)
Dear Mr. Weber:
On July 28, 2011, the U.S. Nuclear Regulatory Commission (NRC) issued an amendment identified as No. 315 to Renewed Facility Operating License No. DPR-58 and No. 299 to Renewed Facility Operating License No. DPR-74 for the Donald C. Cook Nuclear Plant, Units 1 and 2. The amendment revised the subject licenses to reflect approval of the Cyber Security Plan (CSP) and associated Implementation Schedule in response to the application dated July 19, 2010, as supplemented by letters dated September 28,2010, November 30,2010, and April 8, 2011.
The NRC staff has determined that an error was made in the safety evaluation (SE) issued to support the subject amendment. Enclosed, please find the corrected pages, 12 and 13, of the SE. The error affects the scope of activities to be performed to complete Milestone 6 of the Donald C. Cook Nuclear Plant CSP. The correction of this error does not affect the NRC staffs conclusions regarding the adequacy of the Oonald C. Cook Nuclear Plant CSP, nor does it require a change to the CSP license condition imposed by the subject amendment.
However, if Indiana Michigan Power Company wishes to modify the implementation schedule for Milestone 6, as included in the currently approved Donald C. Cook Nuclear Plant CSP, it should be requested pursuant to Title 10 of the Code of Federal Regulations, Section 50.90.
Sincerely, IRAJ Peter S. Tam, Senior Project Manager Plant Licensing Branch 111-1 Division of Operating Reactor licensing Office of Nuclear Reactor Regulation Docket Nos. 50-315 and 50-316
Enclosures:
Corrected pages, 12 and 13, of the CSP SE cc w/encls: Distribution via ListServ DISTRIBUTION:
PUBLIC LPL3-1 rtf RidsNrrDorlLpl3-1 Resource RidsNrrPMDCCook Resource RidsNrrLABTulJy Resource RidsOgcRp Resource RidsAcrsAcnw_MailCTR Resource RidsNrrDirsltsb Resource RidsNrrDorlDprResource R. Harren, NSIR C. Erlanger, NSIR RidsRgn3MailCenter Resource RidsNrrDssScvb Resource T. Wengert, NRR M. Coflin. NSIR ADAMS ACCESSION NUMBER ML12222A086
. OFFICE LPL3/1/PM LPU3-1/LA NSIR/DSP/ISCPB/BC LPL3-1/BC(A)
LPL3-1 i NAME PTam BTullv/SRohrer If I CErlanger*
IFrankl PTam I DATE 8/10/12 8/9/12 8/3/12*
8/13/12 8/10/12
- Corrected SE Pages 12 and 13 transmitted by memo of 8/3/12 (Accession NO. ML12215A156)..
OFFICIAL RECORD COpy