ML15145A002
| ML15145A002 | |
| Person / Time | |
|---|---|
| Site: | Fermi  |
| Issue date: | 05/05/2015 |
| From: | Hassoun A Detroit Edison |
| To: | Jennivine Rankin Plant Licensing Branch III |
| References | |
| TAC MF4366 | |
| Download: ML15145A002 (16) | |
Text
NRR-PMDAPEm Resource From: Alan I Hassoun [hassouna@dteenergy.com]
Sent: Tuesday, May 05, 2015 11:32 AM To: Rankin, Jennivine
Subject:
Re: Fermi 2 Draft Safety Evaluation for Approval of Revised Cyber Security Plan Implementation Schedule (Tac No. MF4366)
Attachments: MF4366 SE DRAFT.docx Hi Jennie, We've reviewed the draft SE and concur with the NRC's determination on security related content in the document.
Thanks.
Alan I. (Sam) Hassoun, P. E.
Supervisor - Nuclear Licensing DTE Energy - Fermi 2 Nuclear Power Plant Office: 734 586-4287
- PROPRIETARY, CONFIDENTIAL OR PRIVILEGED COMMUNICATION ***
This communication may contain proprietary, privileged or confidential information protected by law. It is solely for the use of the intended recipient named above.
Any review, dissemination, distribution, forwarding, or copying of this communication by someone other than the intended recipient, or the individual responsible for delivering this communication to the intended recipient, is prohibited. If you have received this communication in error, please immediately notify the sender via email, then destroy the original message.
"Rankin, Jennivine" <Jennivine.Rankin@nrc.gov> wrote: -----
To: "Alan I Hassoun (hassouna@dteenergy.com)" <hassouna@dteenergy.com>
From: "Rankin, Jennivine" <Jennivine.Rankin@nrc.gov>
Date: 05/04/2015 09:52AM
Subject:
Fermi 2 Draft Safety Evaluation for Approval of Revised Cyber Security Plan Implementation Schedule (Tac No. MF4366)
(See attached file: MF4366 SE DRAFT.docx)
The Attachment May Contain Security-Related Information And Should Be Handled Accordingly
- Sam, Attached is a copy of the Draft safety evaluation (SE) for the subject license amendment. The information in section 3.0 of the draft SE, as well as the Milestone 8 implementation date, was identified as security-related in your application dated July 2, 2014 (ADAMS Accession No. ML14183B528). The NRC staff does not consider this information to be security-related and the information is likely to be included in the final NRC staff SE which will be publicly available.
1
Please review the Draft SE and confirm by e-mail that you agree with the NRC staffs determination and none of the information contained in the attached Draft SE is security related. Alternatively, if you believe that information in the enclosure is security-related, please identify such information line-by-line.
Since the NRC review is not yet complete, this letter and the enclosure do not convey or represent an NRC staff position regarding the licensees request. Should the amendment be approved, the NRC staff will issue a publicly available version of the SE. The final SE will be issued after making any necessary changes and be made publicly available.
If you have any questions, please contact me at 301.415.1530. Please provide your agreement/disagreement with the NRCs determination on security-related content in the attached document by COB Wednesday May 6, 2015, or earlier.
Thank you, Jennie Jennie Rankin, Project Manager Plant Licensing Branch III-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation 2
Hearing Identifier: NRR_PMDA Email Number: 2103 Mail Envelope Properties (OF030D21E2.16D26547-ON85257E3C.0054FDD4-85257E3C.0055556B)
Subject:
Re: Fermi 2 Draft Safety Evaluation for Approval of Revised Cyber Security Plan Implementation Schedule (Tac No. MF4366)
Sent Date: 5/5/2015 11:32:04 AM Received Date: 5/5/2015 11:32:13 AM From: Alan I Hassoun Created By: hassouna@dteenergy.com Recipients:
"Rankin, Jennivine" <Jennivine.Rankin@nrc.gov>
Tracking Status: None Post Office: dteenergy.com Files Size Date & Time MESSAGE 3068 5/5/2015 11:32:13 AM MF4366 SE DRAFT.docx 71871 Options Priority: Standard Return Notification: No Reply Requested: No Sensitivity: Normal Expiration Date:
Recipients Received:
DRAFT Paul Fessler Senior Vice President and Chief Nuclear Officer DTE Electric Company Fermi 2 - 210 NOC 6400 North Dixie Highway Newport, MI 48166
SUBJECT:
FERMI 2 - ISSUANCE OF AMENDMENT RE: CYBER SECURITY PLAN IMPLEMENTATION SCHEDULE (TAC NO. MF4366)
Dear Mr. Fessler:
The U.S. Nuclear Regulatory Commission has issued the enclosed Amendment No. 200to Facility Operating License No. NPF-43 for the Fermi 2 facility. The amendment consists of changes to the facility operating license in response to your application dated July 2, 2014.
The amendment revises the schedule for full implementation of the cyber security plan (CSP) and revises Paragraph 2.E of Facility Operating License No.NPF-43 for Fermi 2, to incorporate the revised CSP implementation schedule.
A copy of our safety evaluation is also enclosed. The Notice of Issuance will be included in the Commissions biweekly FederalRegister notice.
Sincerely, Jennivine K. Rankin, Project Manager Plant Licensing Branch III-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket No. 50-341
Enclosures:
- 1. Amendment No. 200 to NPF-43
- 2. Safety Evaluation cc w/encls: Distribution via ListServ
Paul Fessler Senior Vice President and Chief Nuclear Officer DTE Electric Company Fermi 2 - 210 NOC 6400 North Dixie Highway Newport, MI 48166
SUBJECT:
FERMI 2 - ISSUANCE OF AMENDMENT RE: CYBER SECURITY PLAN IMPLEMENTATION SCHEDULE (TAC NO. MF4366)
Dear Mr. Fessler:
The U.S. Nuclear Regulatory Commission has issued the enclosed Amendment No. 200 to Facility Operating License No. NPF-43 for the Fermi 2 facility. The amendment consists of changes to the facility operating license in response to your application dated July 2, 2014.
The amendment revises the schedule for full implementation of the cyber security plan (CSP) and revises Paragraph 2.E of Facility Operating License No. NPF-43 for Fermi 2, to incorporate the revised CSP implementation schedule.
A copy of our safety evaluation is also enclosed. The Notice of Issuance will be included in the Commissions biweekly FederalRegister notice.
Sincerely, Jennivine K. Rankin, Project Manager Plant Licensing Branch III-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket No. 50-341
Enclosures:
- 1. Amendment No. 200 to NPF-43
- 2. Safety Evaluation cc w/encls: Distribution via ListServ DISTRIBUTION:
PUBLIC LPL3-1 R/F RidsAcrsAcnw_MailCTR Resource RidsNrrDorlDpr Resource RidsNrrDorlLpl3-1 Resource RidsNrrPMFermi2 Resource RidsNrrLAMHenderson Resource RidsRgn3MailCenter Resource RidsNsirCsd Resource ADAMSAccession No.: ML15096A043 OFFICE LPL3-1/PM LPL3-1/PM LPL3-1/LA NSIR/CSD/DD NAME ADietrich JRankin MHenderson RFelts DATE 03/31/2015 04/ /2015 04/ /2015 04/ /2015 OFFICE OGC LPL3-1/BC LPL3-1/PM NAME DPelton JRankin DATE 04/ /2015 04/ /2015 04/ /2015 OFFICIAL RECORD COPY
DTE ELECTRIC COMPANY DOCKET NO. 50-341 FERMI 2 AMENDMENT TO FACILITY OPERATING LICENSE Amendment No. 200 License No. NPF-43
- 1. The U.S. Nuclear Regulatory Commission (the Commission) has found that:
A. The application for amendment by the DTE Electric Company(DTE, the licensee) dated July 2, 2014,complies with the standards and requirements of the Atomic Energy Act of 1954, as amended (the Act), and the Commissions rules and regulations set forth in Title 10 of the Code of Federal Regulations (10 CFR)
Chapter I; B. The facility will operate in conformity with the application, the provisions of the Act, and the rules and regulations of the Commission; C. There is reasonable assurance (i) that the activities authorized by this amendment can be conducted without endangering the health and safety of the public, and (ii) that such activities will be conducted in compliance with the Commissions regulations; D. The issuance of this amendment will not be inimical to the common defense and security or to the health and safety of the public; and E. The issuance of this amendment is in accordance with 10 CFR Part 51 of the Commissions regulations and all applicable requirements have been satisfied.
- 2. Accordingly, the license is amended by changes as indicated in the attachment to this license amendment, and paragraph 2.E of Facility Operating License No. NPF-43 is hereby amended to read, in part, as follows:
The licensee shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p).
The Fermi 2 CSP was approved by License Amendment No. 185, as supplemented by License Amendment 200.
Enclosure 1
- 3. This license amendment is effective as of its date of issuance and shall be implemented within 60days from the date of issuance. The full implementation of the CSP shall be in accordance with the implementation schedule submitted by the licensee on July 2, 2014, and approved by the NRC with this license amendment. All subsequent changes to the NRC-approved CSP implementation schedule will require NRC approval pursuant to 10 CFR 50.90.
FOR THE NUCLEAR REGULATORY COMMISSION David L. Pelton,Chief Plant Licensing Branch III-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation
Attachment:
Changes to the Facility Operating License No.NPF-43 Date of Issuance:
ATTACHMENT TO LICENSE AMENDMENT NO. 200 FACILITY OPERATING LICENSE NO. NPF-43 DOCKET NO. 50-341 Replace the following page of the Facility Operating License No. NPF-43 with the attached revised page. The revised page is identified by amendment number and containsa marginal line indicating the area of change.
REMOVE INSERT SAFETY EVALUATION BY THE OFFICE OF NUCLEAR REACTOR REGULATION RELATED TO AMENDMENT NO. 200 TO FACILITY OPERATING LICENSE NO. NPF-43 DTE ELECTRIC COMPANY FERMI 2 DOCKET NO. 50-341
1.0 INTRODUCTION
By application dated July 2, 2014 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML14183B528),the DTE Electric Company (DTE, the licensee) requested a change to the facility operating license (FOL) for Fermi 2. The proposed change would revise the date of Cyber Security Plan (CSP) Implementation Schedule Milestone 8 and Paragraph 2.E in the facility operating license. Milestone 8 of the CSP implementation schedule concerns the full implementation of the CSP.
Portions of the license amendment request dated July 2, 2014,contain sensitive unclassified non-safeguards information and, accordingly, those portions are withheld from public disclosure in accordance with Title 10 of the Code of Federal Regulations(10CFR),Section 2.390(d)(1).
2.0 REGULATORY EVALUATION
The U.S. Nuclear Regulatory Commission (NRC) staff reviewed and approved the licensees existing CSP implementation schedule by License Amendment No. 185 to FOL No. NPF-43 for Fermi 2, concurrent with the incorporation of the CSP into the facilitys current licensing basis.The NRC staff considered the following regulatory requirements and guidance in its review of the license amendment request (LAR) to modify the existing CSP implementation schedule:
- 10CFR73.54, Protection of digital computer and communication systems and networks, which states, in part:
Each [CSP] submittal must include a proposed implementation schedule.
Implementation of the licensees cyber security program must be consistent with the approved schedule.
Enclosure 2
- The license condition in the FOLParagraph 2.E that requires the licensee to fully implement and maintain in effect all provisions of the Commission-approved CSP.
- Review criteria provided by the NRC staffs internal memorandum, Review Criteria for Title 10 of the Code of Federal Regulations Part 73.54, Cyber Security Implementation Schedule Milestone 8 License Amendment Requests,dated October 24, 2013 (ADAMS Accession No. ML13295A467), to be considered for evaluating licensees requests to postpone their CSP implementation date (commonly known as Milestone 8).
The NRC staff does not regard the CSP milestone implementation dates as regulatorycommitments that can be changed unilaterally by the licensee, particularly in light of the regulatory requirement of 10 CFR 73.54, that states, in part, Implementation of the licensees cybersecurity program must be consistent with the approved schedule.As the NRC staff explainedin its letter to all operating reactor licensees dated May 9, 2011 (ADAMS Accession No. ML110980538), the implementation of the plan, including the key intermediate milestonedates and the full implementation date, shall be in accordance with the implementation schedulesubmitted by the licensee and approved by the NRC. All subsequent changes to the NRC-approvedCSP implementation schedule, thus, require prior NRC approval as required by 10 CFR 50.90.
3.0 TECHNICAL EVALUATION
3.1 Licensees Requested Change The NRC staff issued Amendment No. 185 to FOL NPF-43 for Fermi 2 by letter dated July 28, 2011. This amendmentapproved the CSPand its associated implementation schedule, and added a license condition requiring the licensee to fully implement and maintain the Commission-approved CSP.The implementation schedule was based on a template prepared by the Nuclear Energy Institute(NEI), which was transmitted to the NRC by letter dated February 28, 2011 (ADAMS Accession No. ML110600206.) By letter dated March 1, 2011, the NRC staff found the NEI template acceptable for licensees to use to develop their CSP implementation schedules (ADAMS Accession No. ML110070348). The licensees proposed implementation schedule for the CSP identified completion dates and bases for the following eight milestones:
- 1) Establish the Cyber Security Assessment Team (CSAT);
- 3) Install a deterministic one-way devicebetween lower level devices and a firewall between higher level devices;
- 4) Implement the security control Access Control For Portable And Mobile Devices;
- 5) Implement observation and identification of obvious cyber-related tampering to existing insider mitigation rounds;
- 6) Identify, document, and implement cyber security controls in accordance withMitigation of Vulnerabilities and Application of Cyber Security Controls for CDAs that could adversely impact the design function of physical security target set equipment;
- 7) Ongoing monitoring and assessment activities for those target set CDAs whose security controls have been implemented; and
- 8) Fully implement the CSP.
Currently, Milestone 8 of the licensees CSP requires the licensee to fully implement the CSP by December 31, 2015. In itsJuly 2, 2014, application, DTErequested to change the Milestone 8 completion date to December 31, 2017.
The licensee provided the following information pertinent to each of the criteria identified in the NRC guidance memorandum dated October 24, 2013 (ADAMS Accession No. ML13295A467).
- 1. Identification of the specific requirement or requirements of the cyber security plan that the licensee needs additional time to implement.
The licensee stated that the CSP requirement requiring additional time to implement isCSP Section 3.1,Analyzing Digital Computer Systems and Networks and Applying Cyber Security Controls.The tasks identified by the licensee as needing additional time includeCDA assessment; design, planning, and scheduling of remediation activities; change management; and training.
- 2. Detailed justification that describes the reason the licensee requires additional time to implement the specific requirement or requirements identified.
The licensee stated that it is experiencing several challenges meeting the current implementation date for Milestone 8 and described the followingspecific challenges to justify its need for additional time. The licensee explained that the CDA assessment work is resource intensive and stated the following:
Fermi 2 has identified over 1,000 CDAs. While some of these CDAs can be grouped to reduce assessment burden, completing assessments using the Section 3.1.6 methodology is resource intensive.
The large number of CDAs (over 1,000 at Fermi 2) has resulted in a significant level of effort to complete tabletop reviews and validation testing described in Section 3.1.5 of NEI 08-09, Revision 6.
The licensee also noted that its technical bases for required remediation activities need to be well-defined and provide a clear safety benefit, which would require additional time. The licensee stated the following:
Plant modifications must be carefully implemented to ensure they do not impact plant safety and operation.
CDA security control modifications are new to both plant personnel and equipment suppliers.
DTE has experienced challenges with cyber security equipment suppliers understanding of their own products and their limitations. These challenges have resulted in delays in the implementation of the CSP. Additionally, suppliers are releasing products that have not been adequately documented and tested, which results in corrective action investigations and potential regulatory compliance challenges.
In addition, the licensee described challenges that have been encountered during incorporation of Cyber Security Controls in the plant processes. The licenseeprovided the following as examples of some of the challenges:
Cyber security is challenging because it requires integration with daily plant operations, maintenance, engineering, and procurement activities.
Integration of cyber security controls is taking longer than expected due to impacts on the work control process and maintenance activities.
Cyber security for plant CDAs is new, and the security controls being implemented on the plant CDAs are new to Maintenance, System Engineering, and Operations. Modifications must be implemented with careful planning to ensure safe reliable operation of plant equipment. Before modifications are implemented, significant verification analysis and testing must be performed to minimize potential impacts to plant equipment.
Lastly, the licensee described how training requirements for new programs, processes, and procedures are more extensive than originally anticipated. The licensee stated the following:
Site training needs and schedules are normally established up to a year in advance and are presented to, and approved by, Fermi 2 training review committees. Cyber security training adds a new burden on training resources that was not fully understood when the new cyber-related processes and procedures were first being developed. Cyber security training needs can be accommodated outside of normal training cycles, but this adds an unanticipated burden on training resources.
- 3. A proposed completion date for Milestone 8 consistent with the remaining scope of work to be conducted and the resources available.
DTE is requesting a change to the Milestone 8 completion date from December 31, 2015, toDecember 31, 2017. The licensee stated that the additional time will be used to perform the following:
[C]ompleteCDA assessments; define required remediationscope; develop final
design modifications that address assessment gaps; plan andschedule modification installation and testing; revise assessment procedures; developnew program procedures to complete full implementation of the cyber securityprogram; and complete training.
The revised implementation period also includes an additional refueling outage,which would providesufficient time to plan and incorporate the necessary design changesidentified as a result of the CDA assessments.
- 4. An evaluation of the impact that theadditional timetoimplement therequirementswill haveon theeffectivenessofthelicensees overallcyber security program in the context of milestones already completed.
The licensee stated the following:
Based on the cyber security implementation activities already completedand theprogress of current implementation activities, Fermi 2 is secure and will continue toensure that digital computer and communication systems and networks are adequatelyprotected against cyber attacks during implementation of the remainder of theprogram by the proposed [Milestone] 8 date of December 31, 2017.
CSP actions taken to date will not be impacted by the proposed LAR. DTE hascompleted implementation of the interim milestones 1 thru 7 and continues toimprove the protection provided via these interim milestone activities as furtherguidance and industry experience becomes available. The completed activitiesprovide a high degree of protection against cyber security attacks while Fermi 2implements the full program.
The licensee provided additional details about implementation of each milestone.
- 5. A description of the licensees methodology for prioritizing completion of work for critical digital assets associated with significant safety consequences and with reactivity effects in the balance of plant.
The licensee stated the following:
DTEs methodology for prioritizing [Milestone] 8 activities is based on installed configurationof the CDAs and considerations for safety, security, emergency preparedness, andBalance of Plant (BOP) consequences (continuity of power).
Priorities are generallyassigned in the following order;
- 1. Safety-related and important-to-safety CDAs,
- 2. Security related CDAs,
- 4. Emergency Preparedness CDAs, including offsite communications, and
- 6. A discussion of the licensees cyber security program performance up to the date of the license amendment request.
The licensee stated the following:
Interim CSP milestones 1 through 7 actions were successfully completed byDecember 31, 2012. DTE continues to improve the protection provided via theseinterim milestone activities as further guidance and industry experience becomeavailable. These actions provide a high degree of protection against cyber security related attacks while full program actions to provide defense-in-depth protection arein progress.
The licensee provided a discussion of two self-assessments that verified that CSP Milestones 1 through 7 were adequately implemented, and a Nuclear Quality Assurance Audit that verified that the CSP implementation to date is adequate. Program deficiencies discovered through these audits were tracked in the Corrective Action Program (CAP), and subsequently corrected.
- 7. A discussion of cyber security issues pending in the licensees CAP.
The licensee stated the following:
Fermi 2 uses the site Corrective Action Program (CAP) to document cyber issuesin order to trend, correct, and improve the Fermi 2 Cyber Security Program. TheCAP database documents and tracks, from initiation through closure, CSP required actions including issues identified during on-going programassessment activities. Adverse trends are monitored for program improvement andaddressed via the CAP process.
The licensee provided examples of CSP activities currentlytracked in the CAP.
- 8. A discussion of modifications completed to support the cyber security program and a discussion of pending cyber security modifications.
The licensee provided a brief discussion of completed and pending modifications.
3.2 NRC Staff Evaluation The NRC staff has evaluated the licensees application using the regulatory requirements and guidance discussed in Section 2.0 of this safety evaluation. The NRC staffs evaluation is below.
The licensee stated implementation of Milestones 1 through 7 activities was completed by December 31, 2012. The NRC staff finds that Fermi 2 is more secure after implementation of Milestones 1 through 7, because the activities the licensee completed mitigate the most significant cyber-attak vectors for the most significant CDAs.
The licensee stated in its application that the large number of CDAs (over 1,000) is a primary reason that an extension is needed for the Milestone 8 implementation date. The NRC staff has had extensive interaction with the nuclear industry since licensees first developed their CSP implementation schedules. Based on this interaction, the NRC staff recognizes that CDA assessment work is much more complex and resource-intensive than originally anticipated, and that, consequently,implementation of Milestone 8 requires a large number of additional tasks not originally considered. There are implementation challenges caused by the need to address security controls for each CDA. The NRC staff finds that the licensees request for additional time to implement Milestone 8 is reasonable given the unanticipated complexity and scop of the work required to come into full compliance with the CSP.Delaying final implementationof the CSPuntil December 31, 2017, will provide the time required to complete the implementation safely and thoroughly.
In addition, the NRC staff finds that the licensee is using the tools at its disposal to prioritize, implement, verify, and improve the CSP.The NRC staff finds that based on the large number of digital assets described above, the licensees methodology for prioritizing work on CDAs is appropriate. The licensees application describes a functioning CAP, and demonstrates that the licensees progress toward full implementation is adequate. Based on the licensees effective use of self-assessments and audits in conjunction with the CAP, there is evidence that the impact of the requested additional implementation time on the overall CSP will besufficiently managed.
3.3 Technical Evaluation Conclusion The NRC staff concludes that the licensees request to delay full implementation of its CSP until December 30, 2017, is acceptable for the following reasons: (i) the licensees implementation of Milestones 1 through 7 provides mitigation for cyber attacks; and (ii) the scope of the work required to come into full compliance with the CSP implementation schedule is greater than anticipated and was not reasonably foreseeable when the CSP implementation schedule was originally developed; and (iii) the licensee is utilizing tools to sufficiently manage the impact of the requested additional implementation time on the overall CSP.
3.4 Revision to License Condition 2.E By letter dated July 2, 2014, the licensee proposed to modify Paragraph 2.E of FOL No. NPF-43, whichincludes a license condition to require the licensee to fully implement and maintain in effect all provisions of the NRC-approved CSP.
The current license condition in Paragraph 2.E of FOL No. NPF-43 for Fermi 2 states, in part:
The licensee shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP),including changes made pursuant to the authority of 10 CFR 50.90 and10 CFR 50.54(p). The Fermi 2 CSP was approved by License AmendmentNo. 185.
The revised license condition in Paragraph 2.E of FOL No.NPF-43for Fermi 2would state, in part:
The licensee shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The Fermi 2 CSP was approved by License Amendment No. 185, as supplemented by License Amendment 200.
4.0 STATE CONSULTATION
In accordance with the Commissions regulations, the Michigan State official was notified of the proposed issuance of the amendment. The State official had no comments.
5.0 ENVIRONMENTALCONSIDERATION This is an amendment to a 10 CFR Part 50 license that relates solely to safeguards matters and does not involve any significantconstruction impacts. This amendment is an administrative change to extend the date by which the licensee must have its CSP fully implemented.
Accordingly, this amendment meets the eligibility criteria for categoricalexclusion set forth in 10 CFR 51.22(c)(12). Pursuant to 10 CFR 51.22(b), no environmental impact statement or environmental assessment need be prepared in connection with theissuance of this amendment.
6.0 CONCLUSION
The Commission has concluded, based on the considerations discussed above, that: (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner, (2) there is reasonable assurance that such activities will be conducted in compliance with the Commissions regulations, and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public.
Principal Contributor: John Rycyna, NSIR Date: