L-15-149, Unit 1 - Supplement to Requests to Change Cyber Security Implementation Plan Milestone 8 Completion Date
| ML15127A202 | |
| Person / Time | |
|---|---|
| Site: | Beaver Valley, Davis Besse, Perry |
| Issue date: | 05/06/2015 |
| From: | Halnon G FirstEnergy Nuclear Operating Co |
| To: | Document Control Desk, Office of Nuclear Reactor Regulation |
| References | |
| L-15-149, TAC MF5557, TAC MF5879, TAC MF5880, TAC MF5892 | |
| Download: ML15127A202 (8) | |
Text
FENOC 341 White Pond Dr.
Akron, Ohio 44320 Frsf Fnerg/ /Urc/a, Op"o,rng Cot May 6, 2015 L-15-149 ATTN: Document Control Desk U.S. Nuclear Regulatory Commission Washington, DC 20555-0001
SUBJECT:
Beaver Valley Power Station, Unit Nos. 1 and 2 Docket No. 50-334, License No. DpR-66 Docket No. 50-412, License No. NpF-73 Davis-Besse Nuclear Power Station Docket No. 50-346, License No. NpF-3 Perry Nuclear Power Plant, Unit No. 1 Docket No.50-440, License No. NpF-58 10 cFR 50.90 han Secu tion Plan MF MF588O.
MF MF5557 fn fetters dated March 19,2015 for the Beaver Valley Power Station, Unit Nos. 1 andZ (BVPS), March 12,2015 for the Davis-Besse Nuclear Power Station (DBNpS),
and January 9,2015, for the Perry Nuclear Power Plant (PNPP), FirstEnergy Nuclear Operating Company (FENOC) requested amendments to the Facility Operating Licenses in accordance with Title 10 of the Code of Federat Regulations (10 CFi), Part-Sg, Section 50.90, "Application for amendment of license, construction permit, or early site permit." The requested amendments proposed to change the cyber security implementation plan milestone 8 completion date.
The requested amendments were submitted in accordance with 10 CFR 2.390, "Public inspections, exemptions, requests for withholding,"
because significant portions of the amendments contain security-refated information.
Attachment 1 contains a copy of the Significant Hazards Consideration Analysis for BVPS that does not contain security-related information, which may be made public. Attachment 2 contains a copy of the Significant Hazards Consideration Analysis for DBNPS that does not contain security-related information, which may be made public. Attachment 3 contains a copy of the Significant Hazards Consideration Analysis for PNPP that does not contain security-related information, which may be made public.
Beaver Valley Power Station, Unit Nos. I and Z Davis-Besse Nuclear Power Station Perry Nuclear Power Plant L-1 5-149 Page 2 There are no regulatory commitments contained in this letter. lf there are any questions or if additional information is required, please contact Mr. Thomas A. Lentz, Manager Fleet Licensing at (330) 315-0810.
Sincerely, Gregory H. Halnon Director - Fleet Regulatory Affairs Attachments:
1 Significant Hazards Consideration Analysis for Beaver Valley Power Station, Unit Nos. 1 and 2 2 Significant Hazards Consideration Analysis for Davis-Besse Nuclear Power Station 3 Significant Hazards Consideration Analysis for Perry Nuclear Power Plant cc:
NRC Region I Administrator NRC Region lll Administrator Nuclear Reactor Regulation project Manager - BVps Nuclear Reactor Regulation Project Manager
- DBNPS and pNpp NRC Resident Inspector
- BVpS NRC Resident Inspector
- DBNPS NRC Resident Inspector
- pNpp Executive
Director BRP/DEP Site BRP/DEP Representative L-15-',149 Significant Hazards Consideration Analysis for Beaver Valley Power Station Unit Nos. 1 and 2 Page 1 of 2 FirstEnergy Nuclear Operating Company has evaluated whether or not a significant hazards consideration is involved with the proposed amendment by focusing on the three standards set forth in 10 CFR 50.92, "lssuance of amendment,"
as discussed below.
- 1. Does the proposed amendment involve a significant increase in the probability or consequences of an accident previously evaluated?
Response
No.
The proposed amendment extends the completion date for milestone 8 of the Cyber Security Plan (CSP) implementation schedule.
Revising the full implementation date for the CSP does not involve modifications to any safety-related structures, systems, or components (SSCs). The implementation schedule provides a timeline for fully implementing the CSP. The CSP describes how the requirements of 10 CFR 73.54 are to be implemented to identify,
- evaluate, and mitigate cyber attacks up to and including the design basis cyber attack threat; thereby achieving high assurance that the facility's digital computer and communications systems and networks are protected from cyber attacks.
The revision of the CSP lmplementation Schedule will not alter previously evaluated design basis accident analysis assumptions, add any accident initiators, modify the function of the plant safety-related SSCs, or affect how any plant safety-related SSCs are operated, maintained, tested, or inspected.
As the proposed change does not directly impact SSCs, and milestones 1
through 7 provide significant protection against cyber attacks, the proposed change does not involve a significant increase in the probability or consequences of an accident previously evaluated.
- 2. Does the proposed amendment create the possibility of a new or different kind of accident from any accident previously evaluated?
Response
No The proposed change does not introduce a new mode of plant operation or involve a physical modification to the plant. New equipment is not installed with the proposed amendment, nor does the proposed amendment cause existing equipment to be operated in a new or different manner. The change to cyber security implementation plan milestone 8 is administrative in nature and relies on the significant protection against cyber attacks that has been gained through the implementation of CSP milestones 1 through 7. Since the proposed amendment does not involve a change to the plant design or operation, no new system interactions are created by this change. The proposed changes do not result in L-15-149 Significant Hazards Consideration Analysis for Beaver Valley Power Station Page 2 oI 2 any new failure modes, and thus cannot initiate an accident different from those previously evaluated Therefore, the proposed change does not create the possibility of a new or different kind of accident from any previously evaluated.
- 3. Does the proposed amendment involve a significant reduction in a margin of safety?
Response
No.
The proposed amendment does not affect the performance of any structures, systems or components as described in the design basis analyses.
The change to milestone 8 of the cyber security implementation plan is administrative in nature.
The proposed change does not introduce a new mode of plant operation or involve a physical modification to the plant. The proposed amendment does not introduce changes to limits established in the accident analysis. Since there is no impact to any SSCs, or any maintenance or operational
- practice, there is also no reduction in any margin of safety.
As the proposed change does not directly impact SSCs, and milestones 1
through 7 provide significant protection against cyber attacks, the proposed change does not involve a significant reduction in a margin of safety.
Based on the above, FirstEnergy Nuclear Operating Company concludes that the proposed amendment does not involve a significant hazards consideration under the standards set forth in 10 CFR 50.92(c),
and, accordingly, a finding of "no significant hazards consideration" is justified.
L-15-149 Significant Hazards Consideration Analysis for Davis-Besse Nuclear Power Station Page 1 of 2 FirstEnergy Nuclear Operating Company has evaluated whether or not a significant hazards consideration is involved with the proposed amendment by focusin! on the three standards set forth in 10 CFR 50.92,."lssuance of amendment,"
as disiussed below.
- 1. Does the proposed amendment involve a significant increase in the probability or consequences of an accident previously evaluated?
Response
No.
Ih" proposed amendment extends the completion date for milestone 8 of the Cyber Security Plan (CSP) implementation schedule.
Revising the full implementation date for the CSP does not involve modifications to any safety-related structures, systems, or components (SSCs). The implementation schedule provides a timeline for fully implementing the CSP. The CSp describes how the requirements of 10 CFR 73.54 are to be implemented to identify,
- evaluate, and mitigate cyber attacks up to and including the design basis cyber attack threat; thereby achieving high assurance that the facility's Oigitat computer and communications systems and networks are protected from cyber attacks.
The revision of the CSP lmplementation Scheduie will not alter pieviously evaluated design basis accident analysis assumptions, add any accideni initiators, modify the function of the plant safety-ielated SSCs, br affect how any plant safety-related SSCs are operated, maintained, tested, or inspected As the proposed change does not directly impact SSCs, and milestones 1
through 7 provide significant protection against cyber attacks, the proposed change does not involve a significant increase in the probability or consequences of an accident previously evaluated.
- 2. Does the proposed amendment create the possibility of a new or different kind of accident from any accident previously evaluated?
Response
No The proposed change does not introduce a new mode of plant operation or involve a physical modification to the plant. New equipment is not installed w1h the proposed amendment, nor does the proposed amendment cause existing equipment to be operated in a new or different manner. The change to cybei security implementation plan milestone 8 is administrative in nature and relies on the significant prole_c]ion against cyber attacks that has been gained through the implementation of CSP milestones 1 through 7. Since the profosed amendment does not involve a change to the plant design or operation, no new system interactions are created by this change. The proposed changes do not result in
Attachm ent 2 L-15-149 SignificantHazards Consideration Analysis for Davis-Besse Nuclear Power Station Page 2 of 2 any new failure modes, and thus cannot initiate an accident different from those previously evaluated.
Therefore, the proposed change does not create the possibility of a new or different kind of accident from any previously evaluated.
- 3. Does the proposed amendment involve a significant reduction in a margin of safety?
Response
No.
The proposed amendment does not affect the performance of any structures, systems or components as described in the design basis analyses.
The change to milestone 8 of the cyber security implementation plan is administrative in nature.
The proposed change does not introduce a new mode of plant operation or involve a physical modification to the plant. The proposed amendment does not introduce changes to limits established in the accident analysis. Since there is no impact to any SSCs, or any maintenance or operational
- practice, there is also no reduction in any margin of safety.
As the proposed change does not directly impact SSCs, and milestones 1
through 7 provide significant protection against cyber attacks, the proposed change does not involve a significant reduction in a margin of safety.
Based on the above, FirstEnergy Nuclear Operating Company concludes that the proposed amendment does not involve a significant hazards consideration under the standards set forth in 10 CFR 50.92(c),
and, accordingly, a finding of "no significant hazards consideration" is justified.
Attachment 3
L-15-149 Significant Hazards Consideration Analysis for Perry Nuclear Power Plant Page 1 of 2 FirstEnergy Nuclear Operating Company has evaluated whether or not a significant hazards consideration is involved with the proposed amendment by focusing on the three standards set forth in 10 CFR 50.92, "lssuance of amendment,"
as discussed below.
- 1. Does the proposed amendment involve a significant increase in the probability or consequences of an accident previously evaluated?
Response
No.
The proposed amendment extends the completion date for milestone I of the Cyber Security Plan (CSP) implementation schedule.
Revising the full implementation date for the CSP does not involve modifications to any safety-related structures, systems, or components (SSCs). The implementation schedule provides a timeline for fully implementing the CSP. The CSP describes how the requirements of 10 CFR 73.54 are to be implemented to identify,
- evaluate, and mitigate cyber attacks up to and including the design basis cyber attack threat; thereby achieving high assurance that the facility's digital computer and communications systems and networks are protected from cyber attacks.
The revision of the CSP lmplementation Schedule will not alter previously evaluated design basis accident analysis assumptions, add any accident initiators, modify the function of the plant safety-related SSCs, or affect how any plant safety-related SSCs are operated, maintained, tested, or inspected.
As the proposed change does not directly impact SSCs, and milestones 1
through 7 provide significant protection against cyber attacks, the proposed change does not involve a significant increase in the probability or consequences of an accident previously evaluated.
- 2. Does the proposed amendment create the possibility of a new or different kind of accident from any accident previously evaluated?
Response
No The proposed change does not introduce a new mode of plant operation or involve a physical modification to the plant. New equipment is not installed with the proposed amendment, nor does the proposed amendment cause existing equipment to be operated in a new or different manner. The change to cyber security implementation plan milestone 8 is administrative in nature and relies on the significant protection against cyber attacks that has been gained through the implementation of CSP milestones 1 through 7. Since the proposed amendment does not involve a change to the plant design or operation, no new system interactions are created by this change. The proposed changes do not result in L-15-149 Significant Hazards Consideration Analysis for Perry Nuclear Power Plant Page 2 of 2 any new failure modes, and thus cannot initiate an accident different from those previously evaluated.
Therefore, the proposed change does not create the possibility of a new or different kind of accident from any previously evaluated.
- 3. poes the proposed amendment involve a significant reduction in a margin of safety?
Response
No.
The proposed amendment does not affect the performance of any structures, systems or components as described in the design basis analyses.
The change to milestone 8 of the cyber security implementation plan is administrative in nature.
The proposed change does not introduce a new mode of plant operation or involve a physical modification to the plant. The proposed amendment does not introduce changes to limits established in the accident analysis. Since there is no impact to any SSCs, or any maintenance or operational
- practice, there is also no reduction in any margin of safety.
As the proposed change does not directly impact SSCs, and milestones 1
through 7 provide significant protection against cyber attacks, the proposed change does not involve a significant reduction in a margin of safety.
Based on the above, FirstEnergy Nuclear Operating Company conciudes that the proposed amendment does not involve a significant hazards consideration under the standards set forth in 10 cFR 50.g2(c),
and, accordi ingly, a finding of "no significant hazards consideration" is justified.