Issuance of Amendment Approval of Cyber Security Plan Milestones 3 and 6

ML12265A298
Person / Time
Site:	Susquehanna
Issue date:	10/17/2012
From:	Jeffrey Whited Plant Licensing Branch 1
To:	Rausch T Susquehanna
Whited J
References
TAC ME8521, TAC ME8522
Download: ML12265A298 (19)
v • d • e

Text

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 October 17,2012 Mr. Timothy S. Rausch Senior Vice President and Chief Nuclear Officer PPL Susquehanna, LLC 769 Salem Boulevard Berwick, PA 18603-0467

SUBJECT:

SUSQUEHANNA STEAM ELECTRIC STATION, UNITS 1 AND 2 - ISSUANCE OF AMENDMENTS RE: APPROVAL OF CYBER SECURITY PLAN MILESTONES 3 AND 6 (TAC NOS. ME8521 AND ME8522)

Dear Mr. Rausch:

The U,S. Nuclear Regulatory Commission (NRC, the Commission) has issued the enclosed Amendment No. 258 to Renewed Facility Operating License No. NPF-14 and Amendment No. 239, to Renewed Facility Operating License No. NPF-22 for Susquehanna Steam Electric Station (SSES), Units 1 and 2. The amendments consist of changes to the Renewed Facility Operating Licenses in response to your application dated, April 30, 2012, as supplemented by letter dated August 15, 2012.1 The amendments revise the Cyber Security Plan Implementation Schedule, and the corresponding section of the Cyber Security Plan, for Milestones 3 and 6 at SSES. Specifically, for Milestone 3, PPL Susquehanna, LLC (PPL) will install a deterministic data diode appliance between Layers 3 and 2 instead of between Layers 3 and 4, with no change to the approved implementation date. For Milestone 6, PPL will implement the technical controls for critical digital assets (CDAs) by the approved implementation date, and implement the operational and management controls for the CDAs in conjunction with the full implementation of the Cyber Security Program. The NRC considers changes of this nature to be site-specific changes, and the changes to Milestone 6 are reviewed as such.

Portions of the letter dated April 30, 2012, contain sensitive unclassified non-safeguards information and, accordingly, those portions are withheld from public disclosure.

1 Agencywide Documents Access and Management System (ADAMS) Accession Nos. ML12122A011 and ML12228A602, respectively.

T. Rausch - 2 A copy of our safety evaluation is also enclosed. The Notice of Issuance will be included in the Commission's next regular biweekly Federal Register Notice.

Sincerely,

/l~-~/~4/"

f/~//~/ / /

~tJ/.---

/. .

/

/

J~ . Whited, Project Manager Plant Licensing Branch 1-2 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket Nos. 50-387 and 50-388

Enclosures:

1. Amendment No. 258 to Renewed NPF-14

2. Amendment No. 239 to Renewed NPF-22

3. Safety Evaluation cc w/encls: Distribution via Listserv

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 PPLSUSQUEHANNALLC ALLEGHENY ELECTRIC COOPERATIVE, INC.

DOCKET NO. 50-387 SUSQUEHANNA STEAM ELECTRIC STATION, UNIT 1 AMENDMENT TO FACILITY OPERATING LICENSE Amendment No. 258 Renewed License No. NPF-14

1. The Nuclear Regulatory Commission (the Commission or the NRC) having found that:

A. The application for amendment by PPL Susquehanna, LLC, dated April 30, 2012, as supplemented by letter dated August 15, 2012, complies with the standards and requirements of the Atomic Energy Act of 1954, as amended (the Act), and the Commission's regulations set forth in 10 CFR Chapter I; B. The facility will operate in conformity with the application, the provisions of the Act, and the regulations of the Commission; C. There is reasonable assurance: (i) that the activities authorized by this amendment can be conducted without endangering the health and safety of the public, and (ii) that such activities will be conducted in compliance with the Commission's regulations set forth in 10 CFR Chapter I; D. The issuance of this amendment will not be inimical to the common defense and security or to the health and safety of the public; and E. The issuance of this amendment is in accordance with 10 CFR Part 51 of the Commission's regulations and all applicable reqUirements have been satisfied.

- 2

2. Accordingly, the license is amended as indicated in the attachment to this license amendment, and paragraph 2.C.(2) of Renewed Facility Operating License No. NPF-14 is hereby amended to read as follows:

(2) Technical Specifications and Environmental Protection Plan The Technical Specifications contained in Appendix A, as revised through Amendment No. 258, and the Environmental Protection Plan contained in Appendix B, are hereby incorporated in the license. PPL Susquehanna, LLC shall operate the facility in accordance with the Technical Specifications and the Environmental Protection Plan.

3. In addition, the second paragraph of 2.D in Renewed Facility Operating License No.

NPF-14 is hereby amended to read as follows:

The operating licensee shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The PPL Susquehanna, LLC CSP was approved by License Amendment No. 258.

4. This license amendment is effective as of the date of its issuance and shall be implemented by December 31,2012.

FOR THE NUCLEAR REGULATORY COMMISSION iB~

O.rMeena Khanna, Chief Plant Licensing Branch 1-2 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation

Attachment:

Changes to Renewed NPF-14 and Technical Specifications Date of Issuance: October 17, 2012

ATTACHMENT TO LICENSE AMENDMENT NO. 258 RENEWED FACILITY OPERATING LICENSE NO. NPF-14 DOCKET NO. 50-387 Replace the following pages of Renewed Facility Operating License with the attached revised pages. The revised pages are identified by amendment number and contain marginal lines indicating the areas of change.

REMOVE INSERT Page 3 Page 3 Page 19 Page 19

- 3 (3) PPL Susquehanna, LLC, pursuant to the Act and 10 CFR Parts 30,40, and 70, to receive, possess, and use at any time any byproduct, source and special nuclear material as sealed neutron sources for reactor startup, sealed neutron sources for reactor instrumentation and radiation monitoring equipment calibration, and as fission detectors in amounts as required; (4) PPL Susquehanna, LLC, pursuant to the Act and 10 CFR Parts 30, 40, and 70 to receive, possess, and use in amounts as required any byproduct, source or special nuclear material without restriction to chemical or physical form, for sample analysis or instrument calibration or associated with radioactive apparatus or components; and (5) PPL Susquehanna, LLC, pursuant to the Act and 10 CFR Parts 30,40, and 70 to possess, but not separate, such byproduct and special nuclear materials as may be produced by the operation of the facility.

C. This license shall be deemed to contain and is subject to the conditions specified in the Commission's regulations set forth in 10 CFR Chapter I and is subject to all applicable provisions of the Act and to the rules, regulations and orders of the Commission now or hereafter in effect; and is subject to the additional conditions specified or incorporated below:

(1) Maximum Power Level PPL Susquehanna, LLC is authorized to operate the facility at reactor core power levels not in excess of 3952 megawatts thermal in accordance with the conditions specified herein. The preoperational tests, startup tests and other items identified in License Conditions 2.C.(36), 2.C.(37), 2.C.(38), and 2.C.(39) to this license shall be completed as specified.

(2) Technical Specifications and Environmental Protection Plan The Technical SpeCifications contained in Appendix A, as revised through Amendment No. 258, and the Environmental Protection Plan contained in Appendix B are hereby incorporated in the license. PPL Susquehanna, LLC shall operate the facility in accordance with the Technical Specifications and the Environmental Protection Plan.

For Surveillance Requirements (SRs) that are new in Amendment 178 to Facility Operating License No. NPF-14, the first performance is due at the end of the first surveillance interval that begins at implementation of Amendment 178. For SRs that existed prior to Amendment 178, including SRs with modified acceptance criteria and SRs whose frequency of performance is being extended, the first performance is due at the end of the first surveillance interval that begins on the date the Surveillance was last performed prior to implementation of Amendment 178.

Renewed Operating License No. NPF-14 Amendment No. 2M, 2ee, 2a+, 2581

-19 (39) Containment Operability for EPU PPL shall ensure that the CPPU containment analysis is consistent with the SSES 1 and 2 operating and emergency procedures. Prior to operation above CLTP, for each respective unit, PPL shall notify the NRC project manager that all appropriate actions have been completed.

(40) Primary Containment Leakage Rate Testing Program Those primary containment local leak rate program tests (Type B - leakage boundary and Type C - containment isolation valves) as modified by approved exemptions, required by 10 CFR Part 50, Appendix J, Option B and Technical Specification 5.5.12, are not required to be performed at the CPPU peak calculated containment internal pressure of 48.6 psig (Amendment No. 246 to this Operating License) until their next required performance.

D. The operating licensee shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The plan, which contains Safeguards Information protected under 10 CFR 73.21, is entitled:

"Physical Security Plan, Training and Qualification Plan, Safeguards Contingency Plan and Security and Contingency Plan for Independent Spent Fuel Storage Facility," and was submitted October 8, 2004.

The operating licensee shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The PPL Susquehanna, LLC CSP was approved by License Amendment No. 258.

E. Exemptions from certain requirements of Appendices G and H to 10 CFR Part 50 are described in the Safety Evaluation Report and Supplements 1 and 2 to the Safety Evaluation Report. In addition, an exemption was requested until receipt of new fuel for first refueling from the requirements for criticality monitors in the spent fuel pool area, 10 CFR Part 70.24. Also, an exemption was requested from the requirements of Appendix J of 10 CFR Part 50 for the first fuel cycle when performing local leak rate testing of Residual Heat Removal (RHR) relief valves in accordance with Technical Specification 4.6.1.2. This latter exemption is described in the safety evaluation of license Amendment No. 13. These exemptions are authorized by law and will not endanger life or property or the common defense and security and are otherwise in the public interest and have been granted pursuant to 10 CFR 50.12. Except as here exempted, the facility will operate, to the extent authorized herein, in conformity with the application, as amended, and the rules and regulations of the Commission and the provisions of the Act.

Renewed Operating License No. NPF-14 Amendment No. ~, 258 I Corrected by letter dated July 28, 2011

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555*0001 PPL SUSQUEHANNA, LLC ALLEGHENY ELECTRIC COOPERATIVE, INC.

DOCKET NO. 50-388 SUSQUEHANNA STEAM ELECTRIC STATION, UNIT 2 AMENDMENT TO FACILITY OPERATII\lG LICENSE Amendment No. 239 Renewed License No. NPF-22

1. The Nuclear Regulatory Commission (the Commission or the NRC) has found that:

A. The application for the amendment filed by the PPL Susquehanna, LLC, dated April 30, 2012, as supplemented by letter dated August 15, 2012, complies with the standards and requirements of the Atomic Energy Act of 1954, as amended (the Act), and the Commission's regulations set forth in 10 CFR Chapter I; B. The facility will operate in conformity with the application, the provisions of the Act, and the regulations of the Commission; C. There is reasonable assurance: (i) that the activities authorized by this amendment can be conducted without endangering the health and safety of the public, and Oi) that such activities will be conducted in compliance with the Commission's regulations set forth in 10 CFR Chapter I; D. The issuance of this amendment will not be inimical to the common defense and security or to the health and safety of the public; and E. The issuance of this amendment is in accordance with 10 CFR Part 51 of the Commission's regulations and all applicable requirements have been satisfied.

-2

2. Accordingly, the license is amended as indicated in the attachment to this license amendment, and paragraph 2.C.(2) of the Renewed Facility Operating License No. NPF 22 is hereby amended to read as follows:

(2) Technical Specifications and Environmental Protection Plan The Technical Specifications contained in Appendix A, as revised through Amendment No. 239 and the Environmental Protection Plan contained in Appendix B, are hereby incorporated in the license. PPL Susquehanna, LLC shall operate the facility in accordance with the Technical Specifications and the Environmental Protection Plan.

3. In addition, the second paragraph of 2.0 in Renewed Facility Operating License No.

NPF-22 is hereby amended to read as follows:

The operating licensee shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The PPL Susquehanna, LLC CSP was approved by License Amendment No. 239.

4. This license amendment is effective as of the date of its issuance and shall be implemented by December 31,2012.

FOR THE NUCLEAR REGULATORY COMMISSION

.-m~

G-r Meena Khanna, Chief Plant Licensing Branch 1-2 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation

Attachment:

Changes to the Renewed NPF-22 and Technical Specifications Date of Issuance: October 17, 2012

ATTACHMENT TO LICENSE AMENDMENT NO. 239 RENEWED FACILITY OPERATING LICENSE NO. NPF-22 DOCKET NO. 50-388 Replace the following pages of Renewed Facility Operating License with the attached revised pages. The revised pages are identified by amendment number and contain marginal lines indicating the areas of change.

REMOVE INSERT Page 3 Page 3 Page 15 Page 15

-3 (3) PPL Susquehanna, LLC, pursuant to the Act and 10 CFR Parts 30, 40, and 70, to receive, possess, and use at any time any byproduct, source and special nuclear material as sealed neutron sources for reactor startup, sealed neutron sources for reactor instrumentation and radiation monitoring equipment calibration, and as fission detectors in amounts as required; (4) PPL Susquehanna, LLC, pursuant to the Act and 10 CFR Parts 30,40, and 70, to receive, possess, and use in amounts as required any byproduct, source or special nuclear material without restriction to chemical or physical form, for sample analysis or instrument calibration or associated with radioactive apparatus or components; and (5) PPL Susquehanna, LLC, pursuant to the Act and 10 CFR Parts 30,40, and 70, to possess, but not separate, such byproduct and special nuclear materials as may be produced by the operation of the facility.

C. This license shall be deemed to contain and is subject to the conditions specified in the Commission's regulations set forth in 10 CFR Chapter I and is subject to all applicable provisions of the Act and to the rules, regulations and orders of the Commission now or hereafter in effect; and is subject to the additional conditions specified or incorporated below:

(1 ) Maximum Power Level PPL Susquehanna, LLC is authorized to operate the facility at reactor core power levels not in excess of 3952 megawatts thermal in accordance with the conditions specified herein. The preoperational test, startup tests and other items identified in License Conditions 2.C.(20), 2.C.(21), 2.C.(22), and 2.C.(23) to this license shall be completed as specified.

(2) Technical Specifications and Environmental Protection Plan The Technical Specifications contained in Appendix A, as revised through Amendment No. 239, and the Environmental Protection Plan contained in Appendix B, are hereby incorporated in the license. PPL Susquehanna, LLC shall operate the facility in accordance with the Technical Specifications and the Environmental Protection Plan.

For Surveillance Requirements (SRs) that are new in Amendment 151 to Facility Operating License No. NPF-22, the first performance is due at the end of the first surveillance interval that begins at implementation of Amendment 151. For SRs that existed prior to Amendment 151, including SRs with modified acceptance criteria and SRs whose frequency of performance is being extended, the first performance is due at the end of the first surveillance interval that begins on the date the Surveillance was last performed prior to implementation of Amendment 151.

Renewed Operating License No. NPF-22 Amendment No.~, 2*, a3+, ~, 2391

- 15 EMF-2209{P), Revision 2, Addendum 1 is published and PPL verifies that the additive constants from the approved report have been incorporated in the cycle specific analyses.

D. The operating licensee shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54{p). The plan, which contains Safeguards Information protected under 10 CFR 73.21, is entitled: "Physical Security Plan, Training and Qualification Plan, Safeguards Contingency Plan and Security and Contingency Plan for Independent Spent Fuel Storage Facility," and was submitted October 8,2004.

The operating licensee shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The PPL Susquehanna, LLC CSP was approved by License Amendment No. 239.

E. DELETED F. PPL Susquehanna, LLC shall have and maintain financial protection of such type and in such amounts as the Commission shall require in accordance with Section 170 of the Atomic Energy Act of 1954, as amended, to cover public liability claims.

G. The information in the Updated Final Safety Analysis Report (UFSAR) supplement, as revised, submitted pursuant to 10 CFR 54.21 (d), shall be incorporated into the UFSAR no later than the next scheduled update required by 10 CFR 50.71 (e) following the issuance of this renewed operating license. Until this update is complete, PPL Susquehanna, LLC, may not make changes to the information in the supplement.

Following incorporation into the UFSAR, the need for prior Commission approval of any changes will be governed by 10 CFR 50.59.

H. The UFSAR supplement, as revised, submitted pursuant to 10 CFR 54.21 (d),

describes certain future activities to be completed prior to and/or during the period of extended operation. The licensee shall complete these activities in accordance with Appendix A of NUREG-1931, "Safety Evaluation Report Related to the Susquehanna Steam Electric Station, Units 1 and 2," dated November, 2009. The licensee shall notify the NRC in writing when activities to be completed prior to the period of extended operation are complete and can be verified by NRC inspection.

I. All capsules in the reactor vessel that are removed and tested must meet the requirements of American Society for Testing and Materials (ASTM) E 185-82 to the extent practicable for the configuration of the specimens in the capsule. Any changes to the capsule withdrawal schedule, including spare capsules, must be approved by the staff prior to implementation. All capsules placed in storage must be maintained for future insertion. Any changes to storage requirements must be approved by the staff, as required by 10 CFR Part 50, Appendix H.

Renewed Operating License No. NPF-22 Amendment No. ~, 2391 Corrected by letter dated July 28, 2011

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 SAFETY EVALUATION BY THE OFFICE OF NUCLEAR REACTOR REGULATION RELATED TO AIVIENDMENT NO. 258 TO RENEWED FACILITY OPERATING LICENSE NO. NPF-14 AND AMENDMENT NO. 239 TO RENEWED FACILITY OPERATING LICENSE NO. NPF-22 PPL SUSQUEHANNA, LLC ALLEGHENY ELECTRIC COOPERATIVE, INC.

SUSQUEHANNA STEAM ELECTRIC STATION, UNITS 1 AND 2 DOCKET NOS. 50-387 AND 50-388

1.0 INTRODUCTION

By application dated April 30, 2012, as supplemented by letter dated August 15, 2012,1 PPL Susquehanna, LLC (PPL, the licensee) requested changes to the Renewed Facility Operating Licenses for Susquehanna Steam Electric Station (SSES), Units 1 and 2. The proposed changes would revise the scope of the Cyber Security Plan (CSP) Implementation Schedule Milestones 3 and 6 and the existing license conditions in the Renewed Facility Operating Licenses. Milestone 3 of the CSP implementation schedule concerns the installation of deterministic devices between lower level devices and higher level devices with the defensive architecture. Milestone 6 of the CSP implementation schedule concerns the identification, documentation, and implementation of cyber security controls (technical, operational, and management) for critical digital assets (CDAs) related to target set equipment. PPL is requesting to modify their defensive architecture and the placement of their deterministic devices within that architecture as required by Milestone 3. PPL is also requesting to modify the scope of Milestone 6 to apply to the technical cyber security controls only. The operational and management controls, as described in Nuclear Energy Institute (NEI) 08-09, Revision 6, "Cyber Security Plan for Nuclear Power Reactors," would be implemented concurrent with the full implementation of the Cyber Security Program (Milestone 8). Thus, all CSP activities would be fully implemented by the completion date, identified in Milestone 8 of the licensee's CSP implementation schedule.

1 Agencywide Documents Access and Management System (ADAMS) Accession Nos. ML12122A011 and ML12228A602, respectively.

- 2 Portions of the letter dated April 30, 2012, contain sensitive unclassified non-safeguards information and, accordingly, those portions are withheld from public disclosure.

The supplement dated August 15, 2012, provided additional information that clarified the application, did not expand the scope of the application as originally noticed, and did not change the Nuclear Regulatory Commission (NRC or the Commission) staff's original proposed no significant hazards consideration determination as published in the Federal Register on August 14, 2012 (77 FR 48560) .

2.0 REGULATORY EVALUATION

The NRC staff reviewed and approved the licensee's existing CSP implementation schedule by License Amendment Nos. 255 and 235 dated July 21, 2011,2 concurrent with the incorporation of the CSP into the facility current licensing basis. The NRC staff considered the following regulatory requirements and guidance in its review of the current license amendment request to modify the existing CSP implementation schedule:

• Title 10 of the Code of Federal Regulations (10 CFR) 73.54 states: "Each [CSP]

submittal must include a proposed implementation schedule. Implementation of the licensee's cyber security program must be consistent with the approved schedule."

• The licensee's facility operating licenses includes a license condition that requires the licensee to fully implement and maintain in effect all provisions of the Commission approved CSP.

• Amendment Nos. 255 and 235, dated July 21, 2011, which approved the licensee's CSP and implementation schedule, included the following statement: 'The implementation of the cyber security plan (CSP), including the key intermediate milestone dates and the full implementation date, shall be in accordance with the implementation schedule submitted by the licensee by letter July 22, 2010, as supplemented by letter dated April 4, 2011, and approved by the NRC staff with this license amendment. All subsequent changes to the NRC-approved CSP implementation schedule will require prior NRC approval pursuant to 10 CFR 50.90."

• In a letter to NEI dated March 1, 2011,3 the NRC staff acknowledged that the cyber security implementation schedule template was "written generically, and licensees that use the template to develop their proposed implementation schedules may need to make changes to ensure the submitted schedule accurately accounts for site-specific activities,"

3.0 TECHNICAL EVALUATION

The NRC staff approved the licensee's CSP implementation schedule, as discussed in the safety evaluation issued with Amendment Nos. 255 and 235 to Renewed Facility Operating License Nos. NPF-14 and NPF-22 for SSES on July 21,2011. The implementation schedule 2 ADAMS Accession No. ML11152A009 3 ADAMS Accession No. ML110070348

- 3 was submitted by the licensee based on a template prepared by NEI, which the NRC staff found acceptable for licensees to use to develop their CSP implementation schedules. 4 The licensee's proposed implementation schedule for the cyber security program identified completion dates and bases for the following eight milestones:

1) Establish the Cyber Security Assessment Team;

2) Identify Critical Systems and CDAs;

3) Install a deterministic one-way device between lower level devices and higher level devices;

4) Implement the security control "Access Control For Portable And Mobile Devices;"

5) Implement observation and identification of obvious cyber related tampering to existing insider mitigation rounds by incorporating the appropriate elements;

6) Identify, document, and implement cyber security controls in accordance with "Mitigation of Vulnerabilities and Application of Cyber Security Controls" for CDAs that could adversely impact the design function of physical security target set equipment;

7) Commence ongoing monitoring and assessment activities for those target set CDAs whose security controls have been implemented; and

8) Fully implement the CSP.

3.1 Licensee's Proposed Change Currently, Milestone 3 of SSES's Cyber Security Implementation Schedule requires PPL to install a deterministic one-way device between lower level devices and higher level devices as described in Section 4.3, "Defense-in-Depth Protective Strategies" of the CSP. Lower security level devices that bypass the deterministic device and connect to Level 3 or 4 are required to be modified to prevent the digital connectivity to the higher level or will be modified to meet cyber security requirements commensurate with Level 3 or 4 devices to which they connect. As per their implementation schedule, design modifications that are not finished by the completion date are required to be documented in the site configuration management plan and/or change control program to assure completion of the design modification as soon as possible, but no later than the final implementation date. Milestone 3 is to be completed no later than December 31, 2012.

In the approved SSES CSP, Section 4.3, the licensee described a site defensive model that consists of 4 layers, with layer 4 having the greatest level of protection. Safety and security CDAs are both in Level 4; safety and security CDAs are isolated from all other CDAs through the use of a deterministic boundary device (i.e., data diodes, air gaps, etc). Information flows between Level 3 and 2 and between Level 2 and 1 are restricted through the use of a firewall and network-based intrusion detection system.

In their April 30, 2012, application, PPL proposed to modify Milestone 3 by revising Section 4.3 of the SSES CSP, but proposed no changes to the actual milestone language or the milestone completion date. In Section 4.3 of the revised SSES CSP the licensee describes a site defensive model that still consists of 4 levels, with Level 4 having the greatest level of protection. Safety and security CDAs remain in Level 4. For security CDAs, the boundary between Level 4 and 3 is implemented by one or more deterministic devices. Information flows 4 ADAMS Accession No. ML110600218.

-4 between Level 3 and lower levels are restricted through the use of a firewall and network-based intrusion detection system. For non-Security CDAs, the boundary between Level 3 and 2 is implemented by one or more deterministic devices. Information flows between Level 3 and 4 and between Level 2 and 1 are restricted through the use of a firewall and a network-based intrusion detection system. NRC staff requested additional information about how the proposed changes to the defensive architecture would provide the same level of protection as the current, approved defensive architecture. In their August 15, 2012, letter PPL responded that security CDAs would not be affected by this change and that all other CDAs would be provided an overall increase in cyber security protection for CDAs associated with safety and important-to safety equipment by placing both of these types of CDAs behind the deterministic boundary control device. The licensee also stated that important-to-safety CDAs are in Levels 3 and 4; and security CDAs in Level 4 would have no connectivity to other CDAs in Level 4.

Currently, Milestone 6 of SSES's CSP requires PPL to identify, document, and implement cyber security controls for CDAs that could adversely impact the design function of physical security target set equipment by December 31,2012. These cyber security controls consist of technical, operational and management security controls. In its April 30, 2012, application, PPL proposed to modify Milestone 6 to change the scope of the cyber security controls due to be implemented on December 31,2012, to include only the NEI OB-09, Revision 6, Appendix D technical security controls. PPL proposes to amend its CSP to provide that operational and management security controls, identified in Milestone 6, will be fully implemented by a later date, which is the completion date identified in Milestone B of the CSP implementation schedule. The licensee stated that implementing the technical cyber security controls for target set CDAs provides a high degree of protection against cyber-related attacks that could lead to radiological sabotage.

The licensee further stated that many of its existing programs are primarily procedure-based programs and must be implemented in coordination with the comprehensive Cyber Security Program. The licensee also stated that the existing programs currently in place at SSES (e.g.,

physical protection, maintenance, configuration management, and operating experience) provide sufficient operational and management cyber security protection during the interim period until the Cyber Security Program is fully implemented.

3.2 NRC Staff Evaluation The intent of the Cyber Security Implementation Schedule was for licensees to demonstrate ongoing implementation of their CSP prior to full implementation, which is set for the date specified in Milestone B. In addition to Milestone 6 and its associated activities, licensees will be completing six other milestones (Milestones 1 through 5 and Milestone 7) by December 31, 2012. Activities include establishing a Cyber Security Assessment Team, identifying critical systems and CDAs, installing deterministic one-way devices between defensive levels, implementing access control for portable and mobile devices, implementing methods to observe and identify obvious cyber related tampering, and conducting ongoing monitoring and assessment activities for target set CDAs. In their aggregate, the interim milestones demonstrate ongoing implementation of the cyber security program at SSES.

The NRC staff has reviewed the licensee's evaluation of the proposed change in its submittal dated April 30,2012, with respect to Milestone 3 of the Cyber Security Implementation Schedule and Section 4.3, "Defense-in-Depth Protective Strategies" of the CSP and finds that the proposed changes to the SSES defensive architecture will provide the same level of protection

-5 as the current, approved defensive architecture. By allocating safety and security CDAs to Level 4 and implementing deterministic devices to restrict data flows between levels, the licensee's defensive architecture demonstrates defense-in-depth strategies to protect CDAs from cyber attack. For these reasons, the NRC staff concludes that the licensee's approach is acceptable.

The NRC staff has reviewed the licensee's evaluation of the proposed change in its submittal dated April 30, 2012, and finds that by completing Milestones 1 through 5, Milestone 6 with implementation of technical controls to target set CDAs, and Milestone 7, SSES will have an acceptable level of cyber security protection until full program implementation is achieved.

Technical cyber security controls include access controls, audit and accountability, CDA and communications protection, identification and authentication, and system hardening. These controls are executed by computer systems, as opposed to people, and consist of hardware and software controls that provide automated protection to a system or application. Implementation of technical cyber security controls promotes standardization, trust, interoperability, connectivity, automation, and increased efficiency. For these reasons, the NRC staff concludes that the licensee's approach is acceptable.

The NRC staff also recognizes that full implementation of operational and management cyber security controls in accordance with requirements of the SSES CSP will be achieved with full implementation of the SSES Cyber Security Program by the date set in Milestone 8. That is, all required elements for the operational and management cyber security controls in accordance with the SSES CSP will be implemented in their entirety at the time of full implementation of the CSP.

The NRC staff does not regard the CSP milestone implementation dates as regulatory commitments that can be changed unilaterally by the licensee, particularly in light of the regulatory requirement at 10 CFR 73.54, that "[i]mplementation of the licensee's cyber security program must be consistent with the approved schedule." As the NRC staff explained in its letter to all operating reactor licensees dated May 9, 2011,5 the implementation of the plan, including the key intermediate milestone dates and the full implementation date shall be in accordance with the implementation schedule submitted by the licensee and approved by the NRC. All subsequent changes to the NRC-approved CSP implementation schedule, thus, will require prior NRC approval pursuant in 10 CFR 50.90.

3.3 Revision to License Condition By letter dated April 30, 2012, the licensee proposed to modify Paragraph 2.D of Facility Operating License Nos. NPF-14 and NPF-22 for SSES, Units 1 and 2, respectively, which provides a license condition to require the licensee to fully implement and maintain in effect all provisions of the NRC-approved CSP.

The license condition in Paragraph 2.D of Renewed Operating License No. NPF-14 for SSES, Unit 1 is modified as follows:

5 ADAMS Accession No. ML110980538

- 6 The operating licensee shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The PPL Susquehanna, LLC CSP was approved by License Amendment No. 258.

The license condition in Paragraph 2.0 of Renewed Operating License No. NPF-22 for SSES, Unit 2 is modified as follows:

The operating licensee shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The PPL Susquehanna, LLC CSP was approved by License Amendment No. 239.

3.4 Summary Based on its review of the licensee's submissions, the NRC staff concludes that the proposed changes to Milestones 3 and 6 of the licensee's CSP implementation schedule are acceptable.

The NRC staff also concludes that, upon full implementation of the licensee's cyber security program, the requirements of the licensee's CSP and 10 CFR 73.54 will be met. Therefore, the NRC staff finds the proposed changes acceptable.

4.0 STATE CONSULTATION

In accordance with the Commission's regulations, the Pennsylvania State official was notified of the proposed issuance of the amendments. The State official had no comments.

5.0 ENVIRONMENTAL CONSIDERATION

This amendment relates solely to safeguards matters and does not involve any significant construction impacts. Accordingly, this amendment meets the eligibility criteria for categorical exclusion set for in 10 CFR 51.22(c)(12). Pursuant to 10 CFR 51.22(b), no environmental assessment need to be prepared in connection with the issuance of this amendment.

6.0 CONCLUSION

The Commission has concluded, based on the considerations discussed above, that: (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner, (2) there is reasonable assurance that such activities will be conducted in compliance with the Commission's regulations, and (3) the issuance of the amendments will not be inimical to the common defense and security or to the health and safety of the public.

Principal Contributor: Monika Coflin Date: October 17, 2012

ML12265A298 *By Memo Dated **via email OFFICE LPL1-1/PM LPL1-1ILAit LPL 1-1/LA NSIR/DSP/CSIRB OGC (NLO) LPL 1-1/BC LPL 1-1/PM MKhanna NAME JWhited SLent ABaxter** CErianger* MSmith JWhited (REnnis for)

I DATE 1010912012 10109/2012 10/09/2012 813012012 10/11/2012 10/17/2012 10/17/2012