CNL-15-091, Additional Information Regarding Cyber Security Plan and Associated Watts Bar Nuclear Plant Unit 1 License Condition (WBN-TS-15-005)

From kanterella
(Redirected from ML15127A511)
Jump to navigation Jump to search

Additional Information Regarding Cyber Security Plan and Associated Watts Bar Nuclear Plant Unit 1 License Condition (WBN-TS-15-005)
ML15127A511
Person / Time
Site: Watts Bar Tennessee Valley Authority icon.png
Issue date: 05/07/2015
From: James Shea
Tennessee Valley Authority
To:
Document Control Desk, Office of Nuclear Reactor Regulation
References
CNL-15-091, WBN-TS-15-005
Download: ML15127A511 (5)


Text

Tennessee Valley Authority, 1101 Market Street, Chattanooga, Tennessee 37402 CNL-15-091 May 7 , 2015 10 CFR 50.90 ATTN : Document Control Desk U.S. Nuclear Regulatory Commission Washington , D.C. 20555-001 Watts Bar Nuclear Plant, Unit 1 Facility Operating License No. NPF-90 NRC Docket No. 50-390

Subject:

WATTS BAR NUCLEAR PLANT (WBN) UNIT 1 -ADDITIONAL INFORMATION REGARDING CYBER SECURITY PLAN AND ASSOCIATED WATTS BAR NUCLEAR PLANT UNIT 1 LICENSE CONDITION (WBN-TS-15-005)

Reference:

TVA letter dated April 1, 2015, "Request for Approval of the Revised Watts Bar Nuclear Plant Cyber Security Plan (CSP) and associated Watts Bar Nuclear Plant Unit 1 License Condition (WBN-TS-15-005)"

On April 1, 2015, TVA submitted the referenced request for approval of a revised Cyber Security Plan and requested that it be withheld under 10 Code of Federal Regulation 2.390 since it contained security related information. Discussions with the Staff have indicated the need to publish certain portions of the reference as publically available information on the docket. The purpose of this letter is to provide Section 4.0, "Regulatory Evaluation," and Section 5.0, "Environmental Consideration," of Enclosure 1 of the reference as a publically available document. TVA has reviewed and determined that these sections do not contain any security related information.

There are no new regulatory commitments made in this letter. Should you have questions regarding this response, please contact Gordon Arent at (423) 365-2004.

Respectfully,

//z/JZ7/fl. fj~ .f/,e11 J. W . Shea Vice President, Nuclear Licensing

Enclosure:

Watts Bar Nuclear Plant, Letter dated April 1, 2015, Excerpts from Enclosure 1, Section 4.0, "Regulatory Evaluation" and Section 5.0, "Environmental Consideration" cc: See Page 2

U.S. Nuclear Regulatory Commission CNL-15-091 Page 2 May 7, 2015 cc (Enclosure):

NRC Regional Administrator - Region II NRC Project Manager - Watts Bar Nuclear Plant, Unit 1 NRC Project Manager- Watts Bar Nuclear Plant, Unit 2 NRC Senior Resident Inspector- Watts Bar Nuclear Plant, Unit 1 NRC Senior Resident Inspector - Watts Bar Nuclear Plant, Unit 2 Director, Division of Radiological Health - Tennessee State Department of Environment and Conservation

Enclosure Watts Bar Nuclear Plant, Letter dated April 1, 2015 Excerpts from Enclosure 1, Section 4.0, "Regulatory Evaluation" and Section 5.0, "Environmental Consideration"

4.0 REGULATORY EVALUATION

4.1 Applicable Regulatory Requirements/Criteria In 10 CFR 73.54, licensees are required to maintain and implement a cyber security plan.

The Watts Bar Nuclear Plant (WBN) Unit 1 Facility Operating License No. NPF-90 includes a Physical Protection license condition that requires WBN to fully implement and maintain in effect all provisions of the Commission approved cyber security plan, including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p).

4.2 Significant Hazard Consideration Tennessee Valley Authority (TVA) proposes to modify the WBN Cyber Security Plan. These changes are being proposed to clarify the demarcation point (i.e., "Bright-Line") between those digital assets under the Nuclear Regulatory Commission's (NRC) jurisdiction and those cyber assets under the North American Electric Reliability Corporation's (NERC) jurisdiction.

TVA has concluded that the change to clarify the demarcation point (i.e., "Bright-Line") in the WBN Cyber Security Plan does not involve a significant hazards consideration. This conclusion is based on its evaluation in accordance with 10 CFR 50.91(a)(1) of the three standards set forth in 10 CFR 50.92, "Issuance of Amendment," as discussed below.

1. Does the proposed amendment involve a significant increase in the probability or consequence of an accident previously evaluated?

Response: No.

The proposed change revises WBN's Cyber Security Plan by clarifying the "Bright-Line" demarcation point. This change does not alter accident analysis assumptions, add any initiators, or affect the function of plant systems or the manner in which systems are operated, maintained, modified, tested, or inspected. The proposed change is to clarify the demarcation point, that in itself, does not require any plant modifications which affect the performance capability of the structures, systems, and components relied upon to mitigate the consequences of postulated accidents and has no impact on the probability or consequences of an accident previously evaluated.

Therefore, the proposed change does not involve a significant increase in the probability or consequences of an accident previously evaluated.

CNL-15-091 E-1

2. Does the proposed amendment create the possibility of a new or different kind of accident from any accident previously evaluated?

Response: No.

The proposed change revises the WBN Cyber Security Plan to clarify the "Bright-Line" demarcation point. This proposed change to clarify the demarcation point does not alter accident analysis assumptions, add any initiators, or affect the function of plant systems or the manner in which systems are operated, maintained, modified, tested, or inspected. The proposed change does not require any plant modifications which affect the performance capability of the structures, systems, and components relied upon to mitigate the consequences of postulated accidents. This change also does not create the possibility of a new or different kind of accident from any accident previously evaluated.

Therefore, the proposed change does not create the possibility of a new or different kind of accident from any accident previously evaluated.

3. Does the proposed amendment involve a significant reduction in a margin of safety?

Response: No.

Plant safety margins are established through limiting conditions for operation, limiting safety system settings, and safety limits specified in the technical specifications. The proposed change is to clarify the "Bright-Line" demarcation point in the WBN Cyber Security Plan.

Because there is no change to these established safety margins as a result of this change, the proposed change does not involve a significant reduction in a margin of safety.

Therefore, the proposed change does not involve a significant reduction in a margin of safety.

Based on the above, TVA concludes that the proposed change presents no significant hazards consideration under the standards set forth in 10 CFR 50.92(c), and accordingly, a finding of "no significant hazards consideration" is justified.

4.3 Conclusions In 10 CFR 73.54, licensees are required to provide high assurance that digital computer and communication systems and networks are adequately protected against cyber attacks up to and including the design basis threat established by 10 CFR 73.1.

The proposed change amends the WBN Cyber Security Plan and does not change any feature of the Cyber Security Plan required to meet 10 CFR 73.54 as previously approved by the NRC.

The proposed change has been evaluated in accordance with 10 CFR 50.91(a)(1) using criteria in 10 CFR 50.92(c}, and it has been determined that the change involves no significant hazards consideration.

In conclusion, based on the considerations discussed above: (1) There is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner; (2) Such activities will be conducted in compliance with the Commission's regulations; and (3) The issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public.

CNL-15-091 E-2

5.0 ENVIRONMENTAL CONSIDERATION

The proposed amendment provides a change to clarify the "Bright-Line" demarcation point between NRC and NERC jurisdiction in the WBN's Cyber Security Plan. The proposed amendment relates solely to safeguards matters (i.e., protection against sabotage or loss or diversion of special nuclear material) and meets the eligibility criterion for a categorical exclusion set forth in 10 CFR 51.22(c)(12). Therefore, pursuant to 10 CFR 51.22(b) no environmental impact statement or environmental assessment need be prepared in connection with the issuance of the amendment.

CNL-15-091 E-3