ML12261A472
| ML12261A472 | |
| Person / Time | |
|---|---|
| Site: | River Bend  |
| Issue date: | 12/05/2012 |
| From: | Wang A Plant Licensing Branch IV |
| To: | Entergy Operations |
| Wang A | |
| References | |
| TAC ME8942 | |
| Download: ML12261A472 (11) | |
Text
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 December 5, 2012 Vice President, Operations Entergy Operations, Inc.
River Bend Station 5485 US Highway 61 N St. Francisville, LA 70775
SUBJECT:
RIVER BEND STATION, UNIT 1 -ISSUANCE OF AMENDMENT RE:
REVISION TO MILESTONE NO.6 OF THE CYBER SECURITY PLAN (TAC NO. ME8942)
Dear Sir or Madam:
The Commission has issued the enclosed Amendment No. 177 to Facility Operating License No. NPF-47 for the River Bend Station, Unit 1. The amendment consists of changes to the facility operating license in response to your application dated June 20, 2012.
The amendment revises the scope of Cyber Security Plan (CSP) Implementation Schedule Milestone #6 and paragraph 2.E of the facility operating license. The amendment modifies the scope of Milestone #6 to apply to the technical cyber security controls only. The operational and management controls, as described in Nuclear Energy Institute (NEI) 08-09, Revision 6, would be implemented concurrent with the full implementation of the cyber security program (Milestone #8). Thus, all CSP activities would be fully implemented by the completion date, currently identified in Milestone #8 of the licensee's CSP implementation schedule.
A copy of our related Safety Evaluation is enclosed. The Notice of Issuance will be included in the Commission's next biweekly Federal Register notice.
Sincerely.
Alan B. Wang, Project Manager Plant Licensing Branch IV Division of Operating Reactor licensing Office of Nuclear Reactor Regulation Docket No. 50-458
Enclosures:
- 1. Amendment No. 177 to NPF-47
- 2. Safety Evaluation cc w/encls: Distribution via Listserv
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 ENTERGY GULF STATES LOUISIANA, LLC AND ENTERGY OPERATIONS, INC.
DOCKET NO. 50-458 RIVER BEND STATION, UNIT 1 AMENDMENT TO FACILITY OPERATING LICENSE Amendment No. 177 License No. NPF-47
- 1.
The Nuclear Regulatory Commission (the Commission) has found that:
A, The application for amendment by Entergy Operations, Inc. (the licensee), dated June 20, 2012, complies with the standards and requirements of the Atomic Energy Act of 1954, as amended (the Act), and the Commission's rules and regulations set forth in 10 CFR Chapter I; B.
The facility will operate in conformity with the application, as amended, the provisions of the Act, and the rules and regulations of the Commission; C.
There is reasonable assurance (i) that the activities authorized by this amendment can be conducted without endangering the health and safety of the public, and (ii) that such activities will be conducted in compliance with the Commission's regulations; D.
The issuance of this license amendment will not be inimical to the common defense and security or to the health and safety of the public; and E.
The issuance of this amendment is in accordance with 10 C FR Part 51 of the Commission's regulations and all applicable requirements have been satisfied.
- 2
- 2.
Accordingly, the license is amended as indicated in the attachment to this license amendment and Paragraph 2.E of Facility Operating License No. NPF-47 is hereby amended to read as follows:
E.
The licensee shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The licensee's CSP was approved by License Amendment No. 171 as supplemented by a change approved by License Amendment No. 177.
- 3.
The license amendment is effective as of its date of issuance and shall be implemented by December 31,2012.
FOR THE NUCLEAR REGULATORY COMMISSION Michael T. Markley, Chief Plant Licensing Branch IV Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation
Attachment:
Changes to the Facility Operating License No. NPF-47 Date of Issuance: December 5, 2012
ATTACHMENT TO LICENSE AMENDMENT NO. 177 FACILITY OPERATING LICENSE NO. NPF-47 DOCKET NO. 50-458 Replace the following page of the Facility Operating License No. NPF-47 with the attached revised page. The revised page is identified by amendment number and contains marginal lines indicating the areas of change.
Facility Operating License Remove -4
-7 D.
The licensee shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to the provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans, which contain Safeguards Information protected under 10 CFR 73.21, is entitled: "Physical Security, Safeguards Contingency and Training &Qualification Plan," submitted by letter dated May 16, 2006.
E.
The licensee shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The licensee's CSP was approved by License Amendment No. 171 as supplemented by a change approved by license Amendment No. 177.
F.
Except as otherwise provided in the Technical Specifications or Environmental Protection Plan, EOI shall report any violations of the requirements contained in Section 2, Items C.(1); C.(3) through (9); and C.(11) through (16) of this license in the following manner: initial notification shall be made within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> to the NRC Operations Center via the Emergency Notification System with written followup within 60 days in accordance with the procedures described in 10 CFR 50.73(b), (c) and (e).
G.
The licensee shall have and maintain financial protection of such type and in such amounts as the Commission shall require in accordance with Section 170 of the Atomic Energy Act of 1954, as amended, to cover public liability claims.
H.
This license is effective as of the date of issuance and shall expire at midnight on August 29, 2025.
FOR THE NUCLEAR REGULATORY COMMISSION Harold R. Denton, Director Office of Nuclear Reactor Regulation
Enclosures:
- 1.
Attachments 1-5
- 2.
Appendix A - Technical Specifications (NUREG-1172)
- 3.
Appendix B - Environmental Prot~ction Plan'
- 4.
Appendix C - Antitrust Conditions Date of Issuance: November 20, 1985 Revised: December 16, 1993 Amendment No. 70 79 05119135171,177 Revised by letter dated October 28,2004 Revised by letter dated Nmvember 1 Q, 2004 Revised by letter dated JaRl:Iary 24, 2007
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 SAFETY EVALUATION BY THE OFFICE OF NUCLEAR REACTOR REGULATION RELATED TO AMENDMENT NO. 177 TO FACILITY OPERATING LICENSE NO. NPF-47 ENTERGY OPERATIONS, INC.
RIVER BEND STATION. UNIT 1 DOCKET NO. 50-458
1.0 INTRODUCTION
By application dated June 20, 2012 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML12191A122), Entergy Operations, Inc. (Entergy, the licensee) requested changes to the facility operating license for River Bend Station, Unit 1 (RBS). The proposed change would revise the scope of Cyber Security Plan (CSP) Implementation Schedule Milestone #6 and the existing license condition in the facility operating license.
Milestone #6 of the CSP implementation schedule concerns the identification, documentation, and implementation of cyber security controls (technical, operational, and management) for critical digital assets (CDAs) related to target set equipment. Entergy is requesting to modify the scope of Milestone #6 to apply to the technical cyber security controls only. The operational and management controls, as described in Nuclear Energy Institute (NEI) 08-09, Revision 6, would be implemented concurrent with the full implementation of the Cyber Security Program (Milestone #8). Thus, all CSP activities would be fully implemented by the completion date, identified in Milestone #8 of the licensee's CSP implementation schedule.
Portions of the letter dated June 20,2012, contain sensitive unclassified non-safeguards information and, accordingly, those portions are withheld from public disclosure.
2.0 REGULATORY EVALUATION
The U.S. Nuclear Regulatory Commission (NRC) staff reviewed and approved the licensee's existing CSP implementation schedule by License Amendment No. 171 dated July 29, 2011 (ADAMS Accession No. ML111940200), concurrent with the incorporation of the CSP into the facility current licensing basis. The NRC staff considered the following regulatory requirements and guidance in its review of the current license amendment request to modify the existing CSP implementation schedule:
Title 10 of the Code of Federal Regulations (10 CFR) 73.54 states: "Each [CSP]
submittal must include a proposed implementation schedule. Implementation of
-2 the licensee's cyber security program must be consistent with the approved schedule."
The licensee's facility operating license includes a license condition that requires the licensee to fully implement and maintain in effect all provisions of the Commission-approved CSP.
Amendment No. 171, dated July 29,2011, which approved the licensee's CSP and implementation schedule, included the following statement: "The implementation of the cyber security plan (CSP), including the key intermediate milestone dates and the full implementation date, shall be in accordance with the implementation schedule submitted by the licensee on April 4, 2011, and approved by the NRC staff with this license amendment. All subsequent changes to the NRC-approved CSP implementation schedule will require prior NRC approval pursuant to 10 CFR 50.90."
In a letter to NEI dated March 1, 2011 (ADAMS Accession No. ML110070348),
the NRC staff acknowledged that the cyber security implementation schedule template was "written generically and licensees that use the template to develop their proposed implementation schedules may need to make changes to ensure the submitted schedule accurately accounts for site-specific activities."
3.0 TECHNICAL EVALUATION
3.1 Background
Amendment No. 171 to Facility Operating License No. NPF-47 for RBS was issued on July 29, 2011. The NRC staff also approved the licensee's CSP implementation schedule, as discussed in the safety evaluation issued with the amendment. The implementation schedule had been submitted by the licensee based on a template prepared by NEI, which the NRC staff found acceptable for licensees to use to develop their CSP implementation schedules (ADAMS Accession No. ML110600218). The licensee's proposed implementation schedule for the Cyber Security Program identified completion dates and bases for the following eight milestones:
- 1)
Establish the Cyber Security Assessment Team (CSAT);
- 2)
Identify Critical Systems and CDAs;
- 3)
Install a deterministic one-way device between lower level devices and higher level devices;
- 4)
Implement the security control "Access Control For Portable And Mobile Devices";
- 5)
Implement observation and identification of obvious cyber related tampering to existing insider mitigation rounds by incorporating the appropriate elements;
- 3
- 6)
Identify, document, and implement cyber security controls as per "Mitigation of Vulnerabilities and Application of Cyber Security Controls" for CDAs that could adversely impact the design function of physical security target set equipment;
- 7)
Commence ongoing monitoring and assessment activities for those target set CDAs whose security controls have been implemented; and
- 8)
Fully implement the CSP.
3.2 licensee's Proposed Change Currently, Milestone #6 of RBS's CSP requires Entergy to identify, document, and implement cyber security controls for CDAs that could adversely impact the design function of physical security target set equipment by December 31,2012. These cyber security controls consist of technical, operational and management security controls. In its application dated June 20, 2012, Entergy proposed to modify Milestone #6 to change the scope of the cyber security controls due to be implemented on December 31,2012, to include only the NEI 08-09, Revision 6, Appendix D technical security controls. Entergy proposes to amend its CSP to provide that operational and management security controls, identified in Milestone #6, will be fully implemented by a later date, which is the completion date identified in Milestone #8 of the CSP implementation schedule. The licensee stated that implementing the technical cyber security controls for target set CDAs provides a high degree of protection against cyber-related attacks that could lead to radiological sabotage. The licensee further stated that many of its existing programs are primarily procedure-based programs and must be implemented in coordination with the comprehensive Cyber Security Program. The licensee also stated that the existing programs currently in place at RBS (e.g., physical protection, maintenance, configuration management, and operating experience) provide sufficient operational and management cyber security protection during the interim period until the Cyber Security Program is fully implemented.
3.3 Detailed Description of Facility Operating license Changes Current paragraph 2.E of Facility Operating license NPF-47 states that The licensee shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR SO.90 and 10 CFR SO.S4(p). The licensee's CSP was approved by license Amendment No. 171.
Revised paragraph 2.E of Facility Operating license NPF-47 would state that The licensee shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR SO.90 and 10 CFR SO.S4(p). The licensee's CSP was approved by license Amendment No. 171 as supplemented by a change approved by license Amendment No. 177.
- 3
- 7)
Commence ongoing monitoring and assessment activities for those target set CDAs whose security controls have been implemented; and
- 8)
Fully implement the CSP.
3.2 Licensee's Proposed Change Currently, Milestone #6 of RBSs CSP requires Entergy to identify, document, and implement cyber security controls for CDAs that could adversely impact the design function of physical security target set equipment by December 31,2012. These cyber security controls consist of technical, operational and management security controls. In its application dated June 20, 2012, Entergy proposed to modify Milestone #6 to change the scope of the cyber security controls due to be implemented on December 31,2012, to include only the NEI 08-09, Revision 6, Appendix D technical security controls. Entergy proposes to amend its CSP to provide that operational and management security controls, identified in Milestone #6, will be fully implemented by a later date, which is the completion date identified in Milestone #8 of the CSP implementation schedule. The licensee stated that implementing the technical cyber security controls for target set CDAs provides a high degree of protection against cyber-related attacks that could lead to radiological sabotage. The licensee further stated that many of its existing programs are primarily procedure-based programs and must be implemented in coordination with the comprehensive Cyber Security Program. The licensee also stated that the existing programs currently in place at RBS (e.g., physical protection, maintenance, configuration management, and operating experience) provide sufficient operational and management cyber security protection during the interim period until the Cyber Security Program is fully implemented.
3.3 Detailed Description of Facility Operating License Changes Current paragraph 2.E of Facility Operating License NPF-47 states that The licensee shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR SO.90 and 10 CFR SO.S4(p). The licensee's CSP was approved by License Amendment No. 171.
Revised paragraph 2.E of Facility Operating License NPF-47 would state that The licensee shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR SO.90 and 10 CFR SO.S4(p). The licensee's CSP was approved by License Amendment No. 171 as supplemented by a change approved by License Amendment No. 177.
3.4
NRC Staff Evaluation
The intent of the cyber security implementation schedule was for licensees to demonstrate ongoing implementation of their cyber security program prior to full implementation, which is set for the date specified in Milestone #8. In addition to Milestone #6 and its associated activities,
- 5 program, the requirements of the licensee's CSP and 10 CFR 73.54 will be met. Therefore, the NRC staff concludes that the proposed changes are acceptable.
4.0 REGULATORY COMMITMENT In its letter dated June 20, 2012, Entergy made the following regulatory commitment:
River Bend will implement Milestones 1, 2, 3, 4, 5, and 7 described in of letter dated April 4, 2011, and the revised Milestone 6 in of this submittal.
The NRC staff concludes that reasonable controls for the implementation and for subsequent evaluation of proposed changes pertaining to the above regulatory commitment are best provided by the licensee's administrative processes, including its commitment management program. The above regulatory commitment does not warrant the creation of regulatory requirements (items requiring prior NRC approval of subsequent changes).
5.0 STATE CONSULTATION
In accordance with the Commission's regulations, the Louisiana State official was notified of the proposed issuance of the amendment. The State official had no comments.
6.0 ENVIRONMENTAL CONSIDERATION
This amendment relates solely to safeguards matters and does not involve any significant construction impacts. The Commission has previously issued a proposed finding that the amendment involves no significant hazards consideration, and there has been no public comment on such finding published in the Federal Register on September 11, 2012 (77 FR 55867). Accordingly, the amendment meets the eligibility criteria for categorical exclusion set forth in 10 CFR 51.22(c){12). Pursuant to 10 CFR 51.22{b), no environmental impact statement or environmental assessment need be prepared in connection with the issuance of the amendment.
7.0 CONCLUSION
The NRC staff has concluded, based on the considerations discussed above, that: (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner, (2) there is reasonable assurance that such activities will be conducted in compliance with the Commission's regulations, and (3) the issuance of the amendments will not be inimical to the common defense and security or to the health and safety of the public.
Principal Contributor: Monika Coflin Date: December 5,2012
December 5, 2012 Vice President, Operations Entergy Operations, Inc.
River Bend Station 5485 US Highway 61 N St Francisville, LA 70775
SUBJECT:
RIVER BEND STATION, UNIT 1 -ISSUANCE OF AMENDMENT RE:
REVISION TO MILESTONE NO.6 OF THE CYBER SECURITY PLAN (TAC NO. ME8942)
Dear Sir or Madam:
The Commission has issued the enclosed Amendment No. 177 to Facility Operating License No. NPF-47 for the River Bend Station, Unit 1. The amendment consists of changes to the facility operating license in response to your application dated June 20, 2012.
The amendment revises the scope of Cyber Security Plan (CSP) Implementation Schedule Milestone #6 and paragraph 2.E of the facility operating license. The amendment modifies the scope of Milestone #6 to apply to the technical cyber security controls only_ The operational and management controls, as described in Nuclear Energy Institute (NEI) 08-09, Revision 6, would be implemented concurrent with the full implementation of the cyber security program (Milestone #8). Thus, all CSP activities would be fully implemented by the completion date, currently identified in Milestone #8 of the licensee's CSP implementation schedule.
A copy of our related Safety Evaluation is enclosed. The Notice of Issuance will be included in the Commission's next biweekly Federal Register notice.
Sincerely, IRA!
Alan B. Wang, Project Manager Plant Licensing Branch IV Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket No. 50-458
Enclosures:
- 1. Amendment No. 177 to NPF-47
- 2. Safety Evaluation cc w/encls: Distribution via Listserv OISTRIBUTION:
PUBLIC LPLIV rlt RidsAcrsAcnw_MailCTR Resource RidsNrrDorlDpr Resource RidsNrrDorlLpl4 Resource RidsNrrLAJBurkhardt Resource RidsNrrPMRiverBend Resource RidsNsirDsp Resource RidsOgcRp Resource RidsRgn4MailCenter Resource MCoflin, NSIRIDSP/CSIRB TWenger, NRRlDORL JPoole, NRRlDORL ADAMS Accession No. ML12261A472 E
NRRlLPL4/PM NRRlLPL4/LA NSIRIDSP/CSIRB/BC OGC NLO ABWang JBurkhardt CErlanger BMizuno 11/14/12 11/9/12 12012 11/16/12 OFFICIAL AGENCY RECORD NRR/LPL4/BC NRRlLPL4/PM MMarkley ABWang 12/5/12 12/5/12