License Amendment Request (LAR) for Revision to Cyber Security Plan Implementation Schedule Completion Date Amendment Application Numbers 269 and 254

ML14321A015
Person / Time
Site:	San Onofre
Issue date:	11/12/2014
From:	Thomas J. Palmisano Southern California Edison Co
To:	Document Control Desk, Office of Nuclear Reactor Regulation
References
Download: ML14321A015 (37)
v • d • e

Text

,SOUTHERN CALIFORNIA Thomas l. Palmisano EDISON Vice President & Chief Nuclear Officer An EDISON INTERNATIONAL Company Security-Related Information - Withhold from Public Disclosure Under 10 CFR 2.390 (Decontrolled when separated from Enclosure 1 and Attachment 3)

November 12, 2014 10 CFR 50.90 U. S. Nuclear Regulatory Commission ATTN: Document Control Desk Washington, D.C. 20555

Subject:

Docket Nos. 50-361 and 50-362 License Amendment Request (LAR) for Revision to Cyber Security Plan Implementation Schedule Completion Date Amendment Application Numbers 269 and 254 San Onofre Nuclear Generating Station, Units 2 and 3

Reference:

(1) Letter from James R. Hall (NRC) to Peter T. Dietrich (SCE), dated July 28, 2011;

Subject:

San Onofre Nuclear Generating Station, Units 2 and 3 - Issuance of Amendment RE: Approval of Cyber Security Plant (TAC Nos. ME4426 and ME4427) (ADAMS Accession No. ML111960323)

(2) Letter from Douglas R. Bauder (SCE) to Document Control Desk (NRC) dated March 31, 2011;

Subject:

Docket Nos. 50-361 and 50-362, Response to Request for Additional Information Regarding Request for Approval of the Cyber Security Plan, San Onofre Nuclear Generating Station, Units 2 and 3 (ADAMS Accession No. ML11112A028)

(3) Letter from Douglas R. Bauder (SCE) to Document Control Desk (NRC) dated June 16, 2011;

Subject:

Docket Nos. 50-361 and 50-362, Supplement to Request for Approval of the Cyber Security Plan, San Onofre Nuclear Generating Station, Units 2 and 3 (ADAMS Accession No. ML11171A191)

Dear Sir or Madam:

By letter dated July 28, 2011 (Reference 1), the Nuclear Regulatory Commission (NRC) issued Amendment 225 to Facility Operating License No. NPF-10 and Amendment 218 to Facility Operating License No. NPF-1 5 for San Onofre Nuclear Generating Station (SONGS), Units 2 and 3, respectively. These Amendments approved the Cyber Security Plan. The Cyber Security Plan Implementation Schedule contained in Reference 2, as modified by Reference 3, was utilized as part of the basis for the NRC Safety Evaluation provided in Reference 1.

P.O. Box 128 San Clemente, CA 92672 (949) 368-6575 PAX 86575 ISDIDI-ýv Fax: (949) 368-6183 Tomn.Palmisano@sce.coni ýJd-

Document Control Desk 2 November 12, 2014 Pursuant to 10 CFR 50.90, Southern California Edison (SCE) submits License Amendment Requests 269 and 254 for SONGS Units 2 and 3, respectively (Proposed Change Number 608).

These License Amendment Requests propose a change to the Cyber Security Plan for SONGS Units 2 and 3 Implementation Milestone 8 completion date. The Enclosure provides an evaluation of the proposed amendment. Attachment 1 to the Enclosure contains the proposed mark-up for the requested changes to Paragraph 2.E of Facility Operating License Nos. NPF-10 and NPF-15 (Units 2 and 3, respectively). Attachment 2 to the Enclosure contains the proposed clean-typed Facility Operating License pages. Attachment 3 to the Enclosure contains the change to the completion date of Implementation Milestone 8.

Furthermore, Enclosure 1 (including Attachment 3) contains security-related information and should be withheld from public disclosure under 10 CFR 2.390. Enclosure 2 provides a redacted version of Enclosure 1 suitable for public disclosure.

SCE has determined that there is no significant hazard consideration associated with the proposed change and that the change is exempt from environmental review pursuant to 10 CFR 51.22(c)(12).

In accordance with 10 CFR 50.91(b), SCE is notifying the State of California of this request for license amendment by providing a copy of this letter and its enclosures.

There are no new regulatory commitments in this submittal.

Should you have any questions, or require additional information, please contact Ms. Andrea Sterdis at (949) 368-9985.

I declare under penalty of perjury that the foregoing is true and correct.

Executed on __O_

Sincerely, EAmed wtAa : Evaluation of the Proposed Amendment with Attachments : Redacted Version of Evaluation of the Proposed Amendment with Attachments cc: M. L. Dapas, Regional Administrator, NRC Region IV T. J. Wengert, NRC Project Manager, SONGS Units 2 and 3 R. E. Lantz, NRC Region IV, San Onofre Units 2 and 3 G. G. Warnick, NRC Senior Resident Inspector, SONGS Units 2 and 3 S. Y. Hsu, California Department of Public Health, Radiologic Health Branch

ATTACHMENT 1 Proposed Facility Operating License Mark-Up Pages 0

Unit 2 Facility Operating License Page E. SCE shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans which contain Safeguards Information protected under 10 CFR 73.21 is entitled:

"San Onofre Nuclear Generating Station Security, Training and Qualification and Safeguards Contingency Plan Revision 2" submitted by letter dated May 15, 2006. SCE shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The SONGS CSP was approved by License Amendment 225it _andLicense AmendmnentXXX I F. This license is subject to the following additional condition for the protection of the environment:

Before engaging in activities that may result in a significant adverse environmental impact that was not evaluated or that is significantl greater than that evaluated in the Final Environmental Statement SCE shall provide a written notification of such activities to the NRC Office of Nuclear Reactor Regulation and receive written approval from that office before proceeding with such activities.

G. DELETED H. SCE shall notify the Commission, as soon as possible but not later than one hour, of any accident at this facility which could result in an unplanned release of quantities of fission products in excess of allowable limits for normal operation established by the Commission.

I. SCE shall have and maintain financial protection of such type and in such amounts as the Commission shall require in accordance with Section 170 of the Atomic Energy Act of 1954, as amended, to cover public liability claims.

J. This license is effective as of the date of issuance and shall expire at midnight on February 16, 2022.

FOR THE NUCLEAR REGULATORY COMMISSION Original Signed by Harold R. Denton Harold R. Denton, Director Office of Nuclear Reactor Regulation

Enclosures:

1. Appendix A (Technical Specifications)

2. Appendix B (Environmental Protection Plan)

3. Appendix C (Antitrust Conditions)

Date of Issuance: FEB 16 1982 On September 29, 1983, the Safeguards Contingency Plan was made a separate, companion document to the Physical Security Plan pursuant to the authority of 10 CFR 50.54.

Amendment No. 5 Revised by letter dated July 26, 2007

Unit 3 Facility Operating License Page Report. These exemptions are authorized by law and will not endanger life or property or the common defense and security and are otherwise in the public interest. Therefore, these exemptions are hereby granted. The facility will operate, to the extent authorized herein, in conformity with the application, as amended, the provisions of the Act, and the regulations of the Commission.

E. SCE shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authorit of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans, which contain Safeguards Information protected under 10 CFR 73.21 is entitled: "San Onofre Nuclear Generating Station Security, Training and Qualification, and Safeguards Contingency Plan, Revision 2" submitted by letter May 15, 2006. SCE shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made ursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The SONGS CSP was approved by License Amendment 218k and License Amendment XXX F. This license is subject to the following additional condition for the protection of the environment:

Before engaging in activities that may result in a significant adverse environmental impact that was not evaluated or that is significantly greater than that evaluated in the Final Environmental Statement, SCE shall provide a written notification of such activities to the NRC Office of Nuclear Reactor Regulation and receive written approval from that office before proceeding with such activities.

G. DELETED H. SCE shall notify the Commission, as soon as possible but not later than one hour, of any accident at this facility which could result in an unplanned release of quantities of fission products in excess of allowable limits for normal operation established by the Commission.

I. SCE shall have and maintain financial protection of such type and in such amounts as the Commission shall require in accordance with Section 170 of the Atomic Energy Act of 1954, as amended, to cover public liability claims.

On September 29, 1983, the Safeguards Contingency Plan was made a separate, companion document to the Physical Security Plan pursuant to the authority of 10 CFR 50.54.

Amendment No. -- Revised by letter dated July 26, 2007

ATTACHMENT 2 Proposed Facility Operating License Clean-Typed Pages

Unit 2 Facility Operating License Page E. SCE shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans which contain Safeguards Information protected under 10 CFR 73.21 is entitled:

"San Onofre Nuclear Generating Station Security, Training and Qualification and Safeguards Contingency Plan Revision 2" submitted by letter dated May 15,2006. SCE shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The SONGS CSP was approved by License Amendment 225 and License Amendment XXX.

F. This license is subject to the following additional condition for the protection of the environment:

Before engaging in activities that may result in a significant adverse environmental impact that was not evaluated or that is significantly greater than that evaluated in the Final Environmental Statement SCE shall provide a written notification of such activities to the NRC Office of Nuclear Reactor Regulation and receive written approval from that office before proceeding with such activities.

G. DELETED H. SCE shall notify the Commission, as soon as possible but not later than one hour, of any accident at this facility which could result in an unplanned release of quantities of fission products in excess of allowable limits for normal operation established by the Commission.

I. SCE shall have and maintain financial protection of such type and in such amounts as the Commission shall reguire in accordance with Section 170 of the Atomic Energy Act of 1954, as amended, to cover public liability claims.

J. This license is effective as of the date of issuance and shall expire at midnight on February 16, 2022.

FOR THE NUCLEAR REGULATORY COMMISSION Original Signed by Harold R. Denton Harold R. Denton, Director Office of Nuclear Reactor Regulation

Enclosures:

I. Appendix A (Technical Specifications)

2. Appendix B (Environmental Protection Plan)

3. Appendix C (Antitrust Conditions)

Date of Issuance: FEB 16 1982 On September 29, 1983, the Safeguards Contingency Plan was made a separate, companion document to the Physical Security Plan pursuant to the authority of 10 CFR 50.54.

Amendment No. 2-2-5 Revised by letter dated Jul, 26, 2007

Unit 3 Facility Operating License Page Report. These exemptions are authorized by law and will not endanger life or property or the common defense and security and are otherwise in the public interest. Therefore, these exemptions are hereby granted. The facility will operate, to the extent authorized herein, in conformity with the application, as amended, the provisions of the Act, and the regulations of the Commission.

E. SCE shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans, which contain Safeguards Information protected under 10 CFR 73.21 is entitled: "San Onofre Nuclear Generating Station Security, Training and Qualification, and Safeguards Contingency Plan, Revision 2" submitted by letter May 15, 2006. SCE shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The SONGS CSP was approved by License Amendment 218 and License Amendment XXX.

F. This license is subject to the following additional condition for the protection of the environment:

Before engaging in activities that may result in a significant adverse environmental impact that was not evaluated or that is significantly greater than that evaluated in the Final Environmental Statement, SCE shall provide a written notification of such activities to the NRC Office of Nuclear Reactor Regulation and receive written approval from that office before proceeding with such activities.

G. DELETED H. SCE shall notify the Commission, as soon as possible but not later than one hour, of any accident at this facility which could result in an unplanned release of quantities of fission products in excess of allowable limits for normal operation established by the Commission.

I. SCE shall have and maintain financial protection of such type and in such amounts as the Commission shall require in accordance with Section 170 of the Atomic Energy Act of 1954, as amended, to cover public liability claims.

On September 29, 1983, the Safeguards Contingency Plan was made a separate, companion document to the Physical Security Plan pursuant to the authority of 10 CFR 50.54.

Amendment No. 2-1-8 Revised by letter dated july 26, 2007

.. ithheld- fremr Public. Disci.essure Under 10 CFR :2.390 Security Related InfErm~atien. W ENCLOSURE 2 Redacted Version of Evaluation of the Proposed Amendment PCN-608 License Amendment Request (LAR) for Revision to Cyber Security Plan Implementation Schedule Completion Date 1.0 Summary Description 2.0 Detailed Description 3.0 Technical Evaluation 3.1 Background 3.2 Discussion 4.0 Regulatory Analysis 4.1 Applicable Regulatory Requirements and Criteria 4.2 Precedents 4.3 No Significant Hazards Consideration 4.4 Conclusions 5.0 Environmental Consideration 6.0 References Attachments:

1. Proposed Facility Operating License Markup Pages 2 Proposed Facility Operating License Clean-Typed Pages

3. Revised Cyber Security Plan Milestone 8 Implementation Schedule Page E2-1

• AI=ll I I I f

• I le *D o~ata inormaionW~thhnld trom R-i-'ri Qrcisro1F-r undor 10 i-F :2 290

~ocuitv 1.0

SUMMARY

DESCRIPTION The proposed license amendment request includes the proposed completion date change to an implementation schedule milestone of the Cyber Security Plan (Attachment 3) and a proposed revision to facility operating license physical protection license condition (Paragraph 2.E of Facility Operating License Nos. NPF-10 and NPF-15) as shown in Attachments 1 (Mark-Up pages) and 2 (Clean-Typed pages).

2.0 DETAILED DESCRIPTION In Reference 1, the Cyber Security Plan (CSP) for Southern California Edison (SCE), San Onofre Nuclear Generating Station (SONGS), and associated implementation schedule were approved by the U.S. Nuclear Regulatory Commission (NRC). Because the Cyber Security Plan Implementation Schedule contained in References 2 and 3 was utilized as a portion of the basis for the NRC safety evaluation provided by Reference 1, and Reference 1 specifically stated that any changes to the NRC-approved CSP implementation schedule would require prior NRC approval pursuant to 10 CFR 50.90, this proposed amendment request includes: 1) a proposed change to the existing facility operating license condition for the physical protection license condition to reference a deviation for the completion date for an implementation schedule milestone and 2) a proposed Revised Cyber Security Plan Implementation Schedule for the completion date of Implementation Milestone 8. Implementation Milestone 8 requires the full implementation of the SCE Cyber Security Plan for all Safety, Security and Emergency Preparedness (SSEP) functions (i.e., safety-related and important-to-safety functions, security functions, and emergency preparedness functions including offsite communications) I F_ 1. This change proposes a revision to the completion date of Implementation Milestone 8.

The Basis column for Implementation Milestone 8 (shown in Reference 2) included a reference that some remediation actions required a refueling outage to implement and included two notes, one concerning future refueling outage dates and the other concerning implementation of cyber-security improvements. These two notes and the reference to refueling outages have been deleted as they are no longer applicable as SONGS Units 2 and 3 are in a permanently defueled condition.

3.0 TECHNICAL EVALUATION

3.1 Background In Reference 4, the Nuclear Energy Institute (NEI) transmitted to the NRC an implementation schedule template to aid compliance with the NRC's cyber security regulations codified in 10 CFR 73.54, which was acknowledged and accepted by the NRC in Reference 5. NEI engaged the industry in an effort to ensure that utilities submit an implementation schedule consistent with the template provided in Reference 4. SCE provided the requested Page E2-2

A Id

• m d n I

• O.... .. p . ... . .

SecurFit'; Related Intormat-on -W.ithhrild- trom I-UDNrc ofiscloesure UnIdo~r 10 12F :2 29 implementation schedule for SONGS in References 2 and 3 in accordance with the NEI implementation schedule template.

SCE proposes a revision to the Implementation Milestone 8 completion date of the SONGS Cyber Security Plan Implementation Schedule (Attachment 3). The current license condition requires SCE to fully implement the Cyber Security Plan F in accordance with the implementation schedule submitted with References 2 and 3. The proposed revised completion date for Implementation Milestone 8 of the Cyber Security Plan is I ]. In addition, the Basis for the Milestone has been revised to delete the reference to refueling outages and the two notes.

3.2 Discussion An NRC memorandum (Reference 6) provides eight criteria for the review of license amendment requests to revise the schedule for the Implementation Milestone 8 completion date. The following technical evaluation provides information concerning the eight criteria that explains the current status of the SONGS cyber security program and the need for the Implementation Milestone 8 completion date revision. The evaluation describes how prioritization of both the SONGS complete and planned implementation actions will provide assurance that digital computer and communication systems and networks are adequately protected against cyber attacks up to and including the design basis threat established by 10 CFR 73.1(a)(1)(v), until the full program is implemented.

3.2.1 Identification of the Specific Requirements of the Cyber Security Plan that SCE needs Additional Time to Implement (Criterion 1)

Page E2-3

Iicosr 40"FIU Aww

• *L L IAEIdL I I I F

• I I* *=

~ecurtv t-1iatAi~rmA;in vithnnoia from PUWiC undor '

3.2.2 Detailed Justification that Describes the Reason SCE Requires Additional Time to Implement the Specific Requirements (Criterion 2)

Page E2-4

A ,, I AIWdI n na P

• a ng

• n scrty Kelatecd inmorat-An Wwthhrlld WornmR -hIic Uiclosre'r UpI nder 1U UH-r= 2.90~

Page E2-5

I f

~

~~~ecuritv i*

~~ ~

vvt2o~~~~~~l~~ ~~ 2Qm()nicuei~ueuco iIQito 1n2rma=R 3.2.3 A Proposed Completion Date for Milestone 8 Consistent with the Remaining Scope of the Work to be Continued and Resources Available (Criterion 3) 3.2.4 An Evaluation of the Impact that Additional Time to Implement the Requirements will have on the Effectiveness of the SCE Overall Cyber Security Program in the Context of Milestones Already Completed (Criterion 4)

Page E2-6

SecurFity Relatted Inomtn Wihhl from Public D~,Inclsu ro U ndeAr 10 C-FR :2.390 Page E2-7

Security Related InAfo-rmation W ithhold-fromPuli DiecloceureA Under 10 CFR 2.390 3.2.5 A Description of the SCE Methodology for Prioritizing Completion of the Work for Critical Digital Assets Associated with Significant Safety, Security, or Emergency Preparedness Consequences and with Reactivity Effects in the Balance of Plant (Criterion 5)

Page E2-8

aeG-InIry m-lanoajr

• 4r.4nnrr jtIrRn *u*tnnnuH +

Trnm r nulgi uLnciouurO unuor i4W kr-M A A ll 3.2.6 A Discussion of the SCE Cyber Security Program Performance up to the Date of the License Amendment Request (Criterion 6)

Page E2-9

I I I I

• I=

• I Io *I

~~cuitv~oitoainrrmaionvv;i;tnni rrom Ru-lin Qicciocure unIoIAGA 4Wu -0K zA The NRC issued an inspection report of the SONGS Implementation of Milestones 1 through 7 on April 15, 2013 (Reference 9), and no NRC-identified or self-revealing findings were identified during the inspection. While a single licensee-identified violation was listed in the inspection report, the NRC determined the violation to be of very low security significance (i.e., Green as determined by the Physical Protection Significance Determination Process) and was treated as a non-cited violation. Inspection observations were entered into the SONGS CAP. An independent self-assessment of the program for Implementation Milestones 1 through 7 has recently been performed, and the final report should be issued to SCE within the next month.

SCE intends to enter into the SONGS CAP all identified findings and recommendations.

3.2.7 A Discussion of Cyber Security Issues Pending in the SCE Corrective Action Program (CAP) (Criterion 7)

SONGS uses the CAP to document cyber security issues to trend, correct, and improve the SONGS cyber security program. The CAP documents and tracks from initiation through closure, cyber security required actions including issues identified during on-going program assessment activities. Adverse trends are monitored for program improvement and addressed through the CAP process. Examples of resolved issues and activities pending in the CAP are:

3.2.8 A Discussion of Modifications Completed to Support the Cyber Security Program and a Discussion of Pending Cyber Security Modifications (Criterion 8)

Modifications completed to support the cyber security program:

Page E2-10

Z)GGuritV Keliaea InTEormaiin -Alitnnoio f-rom W-H'UDIIC uiciourouner 4Wu"_P-r-K

4.0 REGULATORY EVALUATION

4.1 Applicable Regulatory Requirements and Criteria 10 CFR 73.54 requires licensees to maintain and implement a cyber security plan. San Onofre Nuclear Generating Station (SONGS), Units 2 and 3 Facility Operating Licenses include a physical protection license condition (Paragraph 2.E of the Facility Operating License Nos. NPF-10 and NPF-15) that requires Southern California Edison (SCE) to fully implement and maintain in effect all provisions of the Commission-approved cyber security plan, including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p).

4.2 No Significant Hazards Consideration Southern California Edison (SCE) has evaluated whether a significant hazards consideration is posed by granting the license amendment requested. SCE has evaluated whether or not a significant hazards consideration exists with the proposed change by addressing the three standards set forth in 10 CFR 50.92, "Issuance of Amendment," as discussed below:

1. Does the proposed change involve a significant increase in the probability or consequences of an accident previously evaluated?

Response: No The proposed change to the San Onofre Nuclear Generating Station (SONGS) Cyber Security Plan Implementation Schedule is administrative in nature. This change does not alter accident analysis assumptions, add any initiators, or affect the function of plant systems or the manner in which systems are operated, maintained, modified, tested, or inspected. The proposed change does not require any plant modifications which affect the performance capability of the structures, systems, and components (SSCs) relied upon to Page E2-11

Socurity R Iatod* Info-rmation Withol fr,"om Public P-Ic.o ure Under 10 CFIR 2.290 mitigate the consequences of postulated accidents, and has no impact on the probability or consequences of an accident previously evaluated.

Therefore, the proposed changes do not involve a significant increase in the probability or consequences of an accident previously evaluated.

2. Does the proposed change create the possibility of a new or different kind of accident from any accident previously evaluated?

Response: No The proposed change to the SONGS Cyber Security Plan Implementation Schedule is administrative in nature. This proposed change does not alter accident analysis assumptions, add any initiators, or affect the function of plant systems or the manner in which systems are operated, maintained, modified, tested, or inspected. The proposed change does not require any plant modifications which affect the performance capability of the SSCs relied upon to mitigate the consequences of postulated accidents, and does not create the possibility of a new or different kind of accident from any accident previously evaluated.

Therefore, the proposed change does not create the possibility of a new or different kind of accident from any previously evaluated.

3. Does the proposed change involve a significant reduction in a margin of safety?

Response: No Plant safety margins are established through limiting conditions for operation limiting safety system settings, and safety limits specified in the technical specifications. The proposed change to the SONGS Cyber Security Plan Implementation Schedule is administrative in nature. Since the proposed change is administrative in nature, there is no change to these established safety margins. Therefore the proposed change does not involve a significant reduction in a margin of safety.

Based on the above evaluations, SCE concludes that the proposed amendment does not involve a significant hazards consideration under the standards set forth in 10 CFR 50.92(c).

Accordingly, a finding of "no significant hazards consideration" is justified.

4.3 Precedent The proposed amendment is consistent with the amendment request submitted by Wolf Creek Nuclear Operating Corporation for the Wolf Creek Generating Station (NPF-42) dated January 23, 2014, and approved by the NRC as documented in the Safety Evaluation dated August 14, 2014 (Reference 10).

4.4 Conclusions In conclusion, based on the considerations discussed above: (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner, (2) such activities will be conducted in compliance with the Commission's regulations, Page E2-12

Socurity Rolatod Info~rmation -WAithhold- fromn Public- Diecplocsure Under 10 CFR 2390 and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public.

5.0 ENVIRONMENTAL CONSIDERATION

10 CFR 51.22(c)(9) provides criteria for and identification of licensing and regulatory actions eligible for categorical exclusion from performing an environmental assessment. A proposed license amendment requires no environmental assessment provided that (i) the license amendment involves no significant hazards consideration, (ii)there is no significant change in the types or significant increase in the amounts of any effluents that may be released offsite, and (iii) there is no significant increase in individual or cumulative occupational radiation exposure.

SCE has reviewed the proposed change and has determined that it meets the eligibility criteria for categorical exclusion set forth in 10 CFR 51.22(c)(9). Pursuant tol 0 CFR 51.22, no environmental impact statement or environmental assessment needs to be prepared in connection with the issuance of the proposed license amendment. The following is the basis for this determination:

(i) The amendment applications do not involve a significant hazards consideration, as described in the Significant Hazards Evaluation in Section 4.2 above.

(ii) There will be no significant change in the types or a significant increase in the amounts of any effluents released offsite. Effluent flow and flow-paths have been substantially reduced and will be reduced further in coming months. There will be no significant change in the types or increase in the amounts of any effluents that may be released offsite and the proposed license amendment does not involve irreversible environmental consequences beyond those already associated with the SONGS Final Environmental Statement and the Generic EIS on Decommissioning of Nuclear Facilities (NUREG-0586, Supplement 1, 2002).

(iii) The amendment applications do not result in a significant increase to the individual or cumulative occupational radiation exposure because the proposed change involves changes to the Cyber Security Plan Implementation Schedule, which are of administrative nature with no significant impact on occupational radiation exposure.

Therefore, the amendment applications do not result in a significant increase to the individual or cumulative occupational radiation exposure.

6.0 REFERENCES

1. Letter from J. R. Hall, (NRC), to Peter T. Dietrich (SCE), "San Onofre Nuclear Generating Station, Units 2 and 3 - Issuance of Amendments RE: Approval of Cyber Security Plan (TAC Nos. ME4426 and ME4427)," dated July 28, 2011 (ADAMS Accession No. ML111960323).

2. Letter from D. R Bauder (SCE) to Document Control Desk (NRC), "Response to Request for Additional Information Regarding License Amendment Request for Approval of the Cyber Security Plan, San Onofre Nuclear Generating Station, Units 2 and 3," dated March 31, 2011 (ADAMS Accession No. ML11112A028).

Page E2-13

Security Relatod InformationA W

.. ithhold froIm.Pbi DOGieclouro UnIdor 10 CFPR :2.390

3. Letter from D. R. Bauder (SCE) to Document Control Desk (NRC), "Supplement to Request for Approval of the Cyber Security Plan, San Onofre Nuclear Generating Station, Units 2 and 3," dated June 16, 2011 (ADAMS Accession No. ML11171A191).

4. Letter from C. E. Earls (NEI) to R. P. Correia, (NRC), "Template for the Cyber Security Plan Implementation Schedule," dated February 28, 2011 (ADAMS Accession No. ML110600211).

5. Letter from R. P. Correia (NRC) to C. E. Earls (NEI), "Template for the Cyber Security Plan Implementation Schedule," dated March 1,2011 (ADAMS Accession No. ML110070348).

6. Memorandum from R. Felts (NRC) to B. Westreich (NRC), "Review Criteria for Title 10 of the Code of Federal Regulations Part 73.54, Cyber Security Implementation Schedule Milestone 8 License Amendment Requests," dated October 24, 2013 (ADAMS Accession No. ML13295A467).

7. Letter from T. J. Palmisano (SCE) to the Document Control Desk (NRC), "Amendment Application Numbers 223, 267, and 252, Permanently Defueled Emergency Plan, San Onofre Nuclear Generating Station, Units 1, 2, and 3 and Independent Spent Fuel Storage Installation," dated March 31, 2014 (ADAMS Accession No. ML14092A314).

8. Nuclear Energy Institute (NEI) 08-09, Revision 6, April 2010, "Cyber Security Plan for Nuclear Power Plants" (ADAMS Accession No. ML101180437).

9. Letter from G. Miller (NRC) to P. Dietrich (SCE), "SONGS, Units 2 and 3 - NRC Temporary Instruction 2201/004, "Inspection of Implementation of Interim Cyber Security Milestones 1-7," Report 05000361/2013405 and 05000362/2013405, dated April 15, 2013 (ADAMS Accession No. ML13105A433).

10. Letter from C. F. Lyon (NRC) to A. C. Heflin (WCNOC), "Wolf Creek Generating Station -

Issuance of Amendment RE: Revision to Cyber Security Plan Implementation Schedule Completion Date (TAC No. MF3392)," dated April 14, 2014 (ADAMS Accession No. ML14209A023).

Page E2-14

U) 0)

a.

z 0)

I- 0.

0 L-a.

Unit 2 Facility Operating License Page E. SCE shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51FR 27817 ald 27822) and to the authority of 10 CFR 50.90 and iO CFR 50.54(p). The combined set of plans which contain Safeguards Information protected under 10 ChR 73.21 is entitled:

"San Onofre Nuclear Generating Station Security, Training and Qualification and Safeguards Contingency Plan Revision 2" submitted by letter dated May 15, 2006. SCE shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The SONGS CSP was approved by License Amendment 225i ,and License Amendment XXX I F. This license is subject to the following additional condition for the protection of the environment:

Before engaging in activities that may result in a significant adverse environmental impact that was not evaluated or that is significantl greater than that evaluated in the Final Environmental Statement SCE shall provide a written notification of such activities to the NRC Office of Nuclear Reactor Regulation and receive written approval from that office before proceeding with such activities.

G. DELETED H. SCE shall notify the Commission, as soon as possible but not later than one hour, of any accident at this facility which could result in an unplanned release of quantities of fission products in excess of allowable limits for normal operation established by the Commission.

I. SCE shall have and maintain financial protection of such type and in such amounts as the Commission shall require in accordance with Section 170 of the Atomic Energy Act of 1954, as amended, to cover public liability claims.

J. This license is effective as of the date of issuance and shall expire at midnight on February 16, 2022.

FOR THE NUCLEAR REGULATORY COMMISSION Original Signed by Harold R. Denton Harold R. Denton, Director Office of Nuclear Reactor Regulation

Enclosures:

I. Appendix A (Technical Specifications)

2. Appendix B (Environmental Protection Plan)

3. Appendix C RAntitrust Conditions)

Date of Issuance: FEB 16 1982 On September 29, 1983, the Safeguards Contingency Plan was made a separate, companion document to the Physical Security Plan pursuant to the authority of 10 CFR 50.54.

Amendment No.---5 Revised by letter dated July 26, 2007

Unit 3 Facility Operating License Page Report. These exemptions are authorized by law and will not endanger life or property or the common defense and security and are otherwise in the public interest. Therefore, these exemptions are hereby granted. The facility will operate, to the extent authorized herein, in conformity with the application, as amended, the provisions of the Act, and the regulations of the Commission.

E. SCE shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans, which contain Safeguards Information protected under 10 CFR 73.21 is entitled: "San Onofre Nuclear Generating Station Security, Training and Qualification, and Safeguards Contingency Plan, Revision 2" submitted by letter May 15, 2006. SCE shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The SONGS CSP was approved by License Amendment 218_and License Amendment XXX F. This license is subject to the following additional condition for the protection of the environment:

Before engaging in activities that may result in a significant adverse environmental impact that was not evaluated or that is significantly greater than that evaluated in the Final Environmental Statement, SCE shall provide a written notification of such activities to the NRC Office of Nuclear Reactor Regulation and receive written approval from that office before proceeding with such activities.

G. DELETED H. SCE shall notify the Commission, as soon as possible but not later than one hour, of any accident at this facility which could result in an unplanned release of quantities of fission products in excess of allowable limits for normal operation established by the Commission.

I. SCE shall have and maintain financial protection of such type and in such amounts as the Commission shall require in accordance with Section 170 of the Atomic Energy Act of 1954, as amended, to cover public liability claims.

• On September 29, 1983, the Safeguards Contingency Plan was made.a separate, companion document to the Physical Security Plan pursuant to the authority of 10 CFR 50.54.

Amendment No.--l Revised by letter dated july 26, 200

ATTACHMENT 2 Proposed Facility Operating License Clean-Typed Pages

Unit 2 Facility Operating License Page E. SCE shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and iO CFR 50.54(p). The combined set of plans which contain Safeguards Information protected under 10 CFR 73.21 is entitled:

"San Onofre Nuclear Generating Station Security, Training and Qualification and Safeguards Contingency Plan Revision 2" submitted by letter dated May 15, 2006. SCE shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 1 CFR 50.90 and 10 CFR 50.54(p). The SONGS CSP was approved by License Amendment 225 and License Amendment XXX.

F. This license is subject to the following additional condition for the protection of the environment:

Before engaging in activities that may result in a significant adverse environmental impact that was not evaluated or that is significantly greater than that evaluated in the Final Environmental Statement SCE shall provide a written notification of such activities to the NRC Office of Nuclear Reactor Regulation and receive written approval from that office before proceeding with such activities.

G. DELETED H. SCE shall notify the Commission, as soon as possible but not later than one hour, of any accident at this facility which could result in an unplanned release of quantities of fission products in excess of allowable limits for normal operation established by the Commission.

I. SCE shall have and maintain financial protection of such type and in such amounts as the Commission shall require in accordance with Section 170 of the Atomic Energy Act of 19 4, as amended, to cover public liability claims.

J. This license is effective as of the date of issuance and shall expire at midnight on February 16, 2022.

FOR THE NUCLEAR REGULATORY COMMISSION Original Signed by Harold R. Denton Harold R. Denton, Director Office of Nuclear Reactor Regulation

Enclosures:

1. Appendix A (Technical Specifications)

2. Appendix B (Environmental Protection Plan)

3. Appendix C (Antitrust Conditions)

Date of Issuance: FEB 16 1982 On September 29, 1983, the Safeguards Contingency Plan was made a separate, companion document to the Physical Security Plan pursuant to the authority of 10 CFR 50.54. Amendment No. 2-2-5 Rlevised by letter dated July 26, 2007

Unit 3 Facility Operating License Page Report. These exemptions are authorized by law and will not endanger life or property or the common defense and security and are otherwise in the public interest. Therefore, these exemptions are hereby granted. The facility will operate, to the extent authorized herein, in conformity withthe application, as amended, the provisions bf the Act, and the regulations of the Commission.

E. SCE shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans, which contain Safeguards Information protected under 10 CFR 73.21 is entitled: "San Onofre Nuclear Generating Station Security, Training and Qualification, and Safeguards Contingency Plan, Revision 2" submitted by letter May 15, 2006. SCE shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The SONGS CSP was approved by License Amendment 218 and License Amendment XXX.

F. This license is subject to the following additional condition for the protection of the environment:

Before engaging in activities that may result in a significant adverse environmental impact that was not evaluated or that is significantly greater than that evaluated in the Final Environmental Statement, SCE shall provide a written notification of such activities to the NRC Office of Nuclear Reactor Regulation and receive written approval from that office before proceeding with such activities.

G. DELETED H. SCE shall notify the Commission, as soon as possible but not later than one hour, of any accident at this facility which could result in an unplanned release of quantities of fission products in excess of allowable limits for normal operation established by the Commission.

I. SCE shall have and maintain financial protection of such type and in such amounts as the Commission shall require in accordance with Section 170 of the Atomic Energy Act of 1954, as amended, to cover public liability claims.

On September 29, 1983, the Safeguards Contingency Plan was made a separate, companion document to the Physical Security Plan pursuant to the authority of 10 CFR 50.54.

Amendment No. 2+B Revised by letter dated July 26, 200

S.curity IReleated Informat-in vitrhheloI fro*m PublIh uelosurc UnIdr d1 cF1.-I- 2.3U ATTACHMENT 3 Revised Cyber Security Plan Milestone 8 Implementation Schedule E2A3-1