ML16172A075

From kanterella
Jump to navigation Jump to search

Amendment Applications 271 and 256 - Proposed Changes to Cyber Security Plan - Implementation Schedule Completion Date - San Onofre Nuclear Generating Station, Units 2 and 3
ML16172A075
Person / Time
Site: San Onofre  Southern California Edison icon.png
Issue date: 06/16/2016
From: Thomas J. Palmisano
Southern California Edison Co
To:
Document Control Desk, Office of Nuclear Reactor Regulation
References
PCN-610
Download: ML16172A075 (23)
v  d  e


Text

~I SOUTHERN CALIFORNIA Thomas J. Palmisano U EDISON Vice President Decommissioning &

Chief Nuclear Officer An EDISON INTERNATIONAL Company June 16, 2016 10 CFR 50.90 .

U. S. Nuclear Regulatory Commission ATTN: Document Control Desk Washington, D.C. 20555

Subject:

Docket No. 50-361 and 50-362 Amendment Applications 271 and 256 Proposed Changes to Cyber Security Plan

  • Implementation Schedule Completion Date San Onofre Nuclear Generating Station, Units 2 and 3 Re,ferences: (1) Letter from James R. Hall (NRC) to Peter T. Dietrich (SCE), dated July 28, 2011;

Subject:

San Onofre Nuclear Generating Station, Units 2 and 3 - Issuance of Amendment RE: Approval of Cyber Security Plan (TAC Nos. ME4426 and ME4427) (ADAMS Accession No. ML111960323)

(2) Letter from M.G. Vaaler (NRC) to T. J. Palmisano (SCE) dated .October 1, 2015;

Subject:

San Onofre Nuclear Generating Station, Units 2 and 3 ....:

Issuance of Amendments to Revise the Cyber Security Plan Milestone 8

  • *completion Date in the Facility Operating Licenses (ADAMS Accession Number ML15209A935)

Dear Sir or Madam:

Pursuant to 10 CFR 50.90, Southern California Edison (SCE) hereby submits license amendment application 271 to operating license NPF-10 for San Onofre Nuclear Generating Station (SONGS) Unit 2 and license amendment 256 to operating license NPF-15 for SONGS Unit 3. These License Amendment Requests consist.of Proposed Change Number (PCN)-610.

PCN-610 proposes a change to the Cyber Security Plan Implementation Schedule Milestone 8 completion date that was approved by the NRC in Reference 1 and modified in Reference 2.

The Enclosure provides an evaluation of the proposed amendment. Attachment 1 to the Enclosure contains the proposed mark-up for the requested changes to Paragraph 2.E of Facility Operating License Nos. NPF-10 and NPF-15 (Units 2 and 3, respectively). Attachment 2 to the Enclosure contains the proposed clean-typed Facility Operating License pages.

Attachment 3 to the Enclosure contains the change to the completion date of Implementation Milestone 8.

SCE has determined that there is no significant hazard consideration associated with the proposed change and that the change is exempt from environmental review pursuant to 10 CFR 51.22(c)(12).

P.O. Box 128 San Clemente, CA 92674 (949) 368-6575 Fax: (949) 368-6183 tom.palmisano@sce.com

Document Control Desk 2 June 16, 2016 SCE requests a decision on these amendment applications by December 31, 2016, in order to allow time for completion of implementation of Milestone 8 within the current due date, if necessary.

In accordance with 10 CFR 50.91 (b), SCE is notifying the State of California of this request for license amendment by providing a copy of this letter and its enclosures.

There are no new regulatory commitments in this letter or the Enclosure.

Should you have any questions, or require additional information, please contact Mr. Jim Kay at (949) 368-7418.

I declare under penalty of perjury that the foregoing is true and correct.

Executed on 0-16-201~

Sincerely,

Enclosures:

PCN-610 with Attachments cc: M. Dapas, Regional Administrator, NRC Region IV M. Vaaler, NRC Project Manager, SONGS Units 1, 2 and 3 S. Y. Hsu, California Department of Public Health, Radiologic Health Branch

ENCLOSURE Evaluation of the Proposed Amendment PCN-610 License Amendment Request (LAR} for Revision to Cyber Security Plan Implementation Schedule Completion Date 1.0 Summary Description 2.0 Detailed Description 3.0 Technical Evaluation 3.1 Introduction 3.2 Justification 4.0 Regulatory Evaluation 4.1 Applicable Regulatory Requirements and Criteria 4.2 No Significant Hazards Consideration 4.3

  • Conclusion 5.0 Environmental Consideration 6.0 References Attachments:
1. Proposed Facility Operating License Mark-up Pages 2 Proposed Facility Operating License Clean-Typed Pages
3. Revised Cyber Security Plan Milestone 8 Implementation Schedule Page E1-1

1.0

SUMMARY

DESCRIPTION The proposed license amendment request includes the proposed completion date change to an implementation schedule milestone of the Cyber Security Plan (Attachment 3) and a proposed revision to facility operating license physical protection license condition (Paragraph 2.E of Facility Operating License Nos. NPF-10 and NPF-15) as shown in Attachments 1 (Mark-Up pages) and 2 (Clean-Typed pages).

Specifically, SCE proposes an extension to the Implementation Milestone 8 completion date by two years to December 31, 2019.

This request is justified as SONGS is actively constructing an ISFSI and is expected to have all spent fuel moved to the ISFSI by 2019 (with a potential early finish of mid 2018). Implementing mitigations solely to meet the current Milestone only to remove the associated CDAs from service shortly thereafter in the ISFSl-only configuration is not an effective use of resources.

Furthermore, SONGS is cyber secure with the completion of Milestones 1 - 7 (providing a high degree of protection against cyber-attack) and will continue to ensure that appropriate digital computer and communications systems and networks are adequately protected against cyber-attacks. Finally, the consequences of a successful cyber-attack are low due to the permanently-defueled configuration of SONGS.

The details of the proposed action and our evaluation are presented below.

2.0 DETAILED DESCRIPTION In Reference 1, the Cyber Security Plan (CSP) for Southern California Edison (SCE), San Onofre Nuclear Generating Station (SONGS), and associated implementation schedule were approved by the U.S. Nuclear Regulatory Commission (NRC). Because the Cyber Security Plan Implementation Schedule contained in References 2 and 3 was utilized as a portion of the basis for the NRC safety evaluation provided by Reference 1, and Reference 1 specifically stated that any changes to the NRG-approved CSP implementation schedule would require prior NRC approval pursuant to 10 CFR 50.90, this proposed amendment request includes: 1) a proposed change to the existing facility operating license condition for the physical protection license condition to reference a deviation for the completion date for an implementation schedule milestone and 2) a proposed Revised Cyber Security Plan Implementation Schedule for the completion date of Implementation Milestone 8. Implementation Schedule Milestone 8 currently requires the full implementation of the SCE Cyber Security Plan for all Safety, Security-and Emergency Preparedness (SSEP) functions (i.e., safety-related and important-to-safety functions, security functions, and emergency preparedness functions including offsite communications) by no later than December 31, 2017. This change proposes a revision to the completion date of Implementation Schedule Milestone 8. SCE proposes to revise the completion date to December 31, 2019.

3.0 TECHNICAL EVALUATION

3.1 Introduction 3.1.1 SONGS current status SONGS Unit 1 permanently ceased operations in 1992 and is in the decommissioning phase.

Above-ground structures have been dismantled. Unit 1 fuel is stored in the SONGS Page E1-2

Transnuclear Independent Spent Fuel Storage Installation (ISFSI) and in the GE-Hitachi Morris facility. There is no requirement for a Cyber Security Plan in the Unit 1 license.

SCE submitted certifications that SONGS Units 2 and 3 permanently ceased operations on June 12, 2013, and submitted certifications that the Units have been permanently defueled on June 28, 2013 and July 22, 2013. Neither unit has operated since January 2012. Units 2 and 3 spent fuel is stored in the Units 2 and 3 spent fuel pools and the SONGS Transnuclear ISFSI.

Since permanent cessation of operations, several major changes have taken place at the station. Safety-related equipment has largely been re-classified as non-safety-related or removed from service. A new independent spent fuel pool cooling system (a "spent fuel pool cooling island") has been installed and is providing cooling in place of the previous once-through forced cooling system.

SONGS is currently constructing a new Holtec UMAX ISFSI to provide additional storage capacity and support the transition of all remaining Units 2 and 3 spent fuel and Greater Than Class C (GTCC) waste into dry storage. The SONGS decommissioning plan supports moving the spent fuel from the spent fuel pool to the newly constructed Holtec ISFSI by the end of 2019, with a potential early finish date of mid-2018. Once the transition to an ISFSl-only configuration is complete, a majority of the currently remaining Critical Digital Assets (CDA) will no longer be necessary and may be removed from service.

3.1.2 Cyber Security Plan Remaining Implementation Actions The current Cyber Security Plan Implementation Schedule would require assessment and mitigation of current CDAs by December 31, 2017 (Milestone 8). There are currently approximately 2000 CDAs left at SONGS (reduced from approximately 3350 CDAs as described in SCE's previous extension request). SONGS is actively working to further reduce the number of CDAs to approximately 850 by the first quarter of 2017 as a result of the decommissioning activities at *the plant.

An effort associated with documentation of CDA assessment and analysis using the deterministic process in Cyber Security Plan, Section 3.1 is underway for each of SONGS remaining CDAs (i.e., those remaining after retirement, reconfiguration, and replacement of existing CSs at the plant). SCE expects to complete the required CDA assessments by early 2017.

Implementation of mitigation activities following completion of the CDA assessments, however, requires significant costs and resources because cyber security controls modifications may be unique and new to each plant and supplier, and because plant modifications must be carefully implemented to ensure they do not impact plant safety and security.

3.1.3 SONGS Cyber Security in the ISFSl-only configuration The purpose of the SONGS Cyber Security Plan is to provide protection against cyber-attacks for CDAs in Structures, Systems, and Components (SSCs) that provide a significant Safety, Security, or Emergency Preparedness (SSEP) function at Units 2 and 3 and the ISFSI.

Following transition to an ISFSl-only configuration, Critical Systems (CS) that performed SSEP functions at Units 2 and 3 will no longer be required and, consequently, the current CDAs associated with those functions will no longer be protected subject to 10 CFR 73.54.

Page E1-3

The SONGS decommissioning plan supports moving the spent fuel from the spent fuel pool to the Independent Spent Fuel Storage Installation (ISFSI) by the end of 2019 (with a potential early finish date of mid-2018) at which time implemented system mitigations associated with SSEP functions at Units 2 and 3 (i.e., a majority of mitigations) will be removed from service. As the decommissioning agent, SONGS believes that resources allocated to mitigation of CDAs that will shortly be removed from service is not a prudent use of resources. The proposed extension would allow SCE to forego mitigation of those CDAs that would no longer be required in an ISFSl-only configuration, as the associated SSEP functions would be eliminated by transition to an ISFSl-only configuration prior to the time that the mitigations are required to be completed.

3.2 Evaluation of acceptability of proposed change SCE considers that the proposed Milestone 8 completion date is acceptable for the following reasons:

  • The effectiveness of the Cyber Security Plan in the context of milestones already completed
  • The significantly reduced risk profile presented by SONGS in the permanently shutdown configuration.

3.2.1 SONGS is Cyber Secure Based on the cyber securi~y implementation activities completed to date, and the ongoing cyber security project activities, SONGS is cyber secure and will continue to ensure that digital computer and communication systems and networks are adequately protected against cyber-attacks.

SONGS successfully completed the implementation of the interim Implementation Milestones 1 through 7 by December 31, 2012, as required by References 1, 2, and 3 and License Condition 2.E. The implementation of these milestones provides a high degree of protection against cyber-attacks. The completed activities include:

o Implementation Milestone 1: Establish Cyber Security Assessment Team (CSAT) o Cyber Security Program procedure and CDA assessment procedure establishing the CSAT is issued o CSAT in place, training developed and delivered o Implementation Milestone 2: Identify Critical Systems (CSs) and CDAs o An engineering document for identifying CSs and CDAs was issued o CSs and CDAs have been identified and documented o CDA defensive levels were determined and documented using the SONGS Cyber Security Defensive Strategy. SONGS has identified five (5) defensive levels in the cyber security defensive architecture o Implementation Milestone 3: Implement cyber security defense-in-depth architecture including deterministic boundary isolation devices (i.e., diodes) o Implemented design change packages for installation of boundary isolation devices (diodes) to deterministically eliminate bi-directional communication pathways between Security Level 4 to Security Level 3 and between Security Level 3 to Security Level 2 Page E1-4

  • Security Level 4 to Security Level 3 communication pathways boundary isolation device
  • A boundary isolation device (diode) was installed, as part of milestone 3, for the Plant Computer System Application (R*time) User Datagram Protocol (UDP) data stream from the Plant Computer System (PCS) network in the plant (Level 4) outbound only to the receive side of the diode providing communications to Security Level 3 [This connection was removed from service in 2015 during the elimination of the Emergency Operations Facility]
  • Security Level 3 to Security Level 2 communication pathways boundary isolation devices
  • A boundary isolation device (diode) was installed, as part of milestone 3, for Plant Computer System R*time UDP data stream from the PCS network (Security Level 3) outbound only to the receive side of the diode providing communications to Security Level 2 [This connection was removed from service in 2015 during the elimination of the Emergency Operations Facility]
  • Provides a UDP data stream from the Gamma Spectroscopy System (Security Level 3) network outbound only to the receive side of the diode providing communications to Security Level 2 o A Connectivity analysis completed to verify no unauthorized communication pathways or bypasses present o Implementation Milestone 4: Implement Portable Media and Mobile Device (PMD) Control Program o Portable media scanning is accomplished through the implementation of scanning kiosks
  • Kiosks are stand-alone isolated scanning stations with no network connectivity.

Updates are performed via an approved manual process

  • Kiosks use eight scanning engines, six of which are heuristic o Mobile device scanning is accomplished through implementation of malware scanning tools o PMD scanning tools and scanning kiosks further minimize the threat from PMDs that connect to CDAs o Implementation Milestone 5: Implement observation program for obvious cyber-related tampering o Training developed and delivered to Security personnel (subsequent to Milestone 5 completion, Operations personnel were also trained to observe for obvious cyber-related tampering) o Authorized individual roles and responsibilities established o Implementation Milestone 6: Identify, document, and implement cyber security controls for CDAs within scope of physical security target set equipment o SONGS procedure S023-IV-2.1, Revision 2, "Security Target Sets," requires the Target Set Expert Panel to meet on an annual basis. Additional meetings may be held at the request of any member of the Target Set Expert Panel. Additionally, target set review is required by the procedure to identify changes to plant configurations or modifications to systems and components, which require review by the Target Set Expert Panel. The Target Set Expert Panel met on July 17, 2013, to address changes to the plant because SONGS is no longer an operating plant. It was determined by the Expert Panel that SONGS no longer has physical security target set equipment that contains CDAs.

Page E1-5

o Implementation Milestone 7: Ongoing monitoring and assessment activities for target set CDAs o The ongoing monitoring and assessment activities program for target set CDAs is no longer required as a result of the findings from the Target Set Expert Panel meeting on July 17, 2013 o Implementation Milestone 8: Full Program Implementation o Assessments for all remaining CDAs are underway and will be completed by the commitment date of December 31, 2017. The Program infrastructure integrating the Cyber Security procedures and training into the plant processes is underway and will be completed by the current Milestone 8 completion date of December 31, 2017 o The new spent fuel pool cooling system CDAs have been assessed and mitigated o The SONGS decommissioning plan supports moving the spent fuel from the spent fuel pool to the Independent Spent Fuel Storage Installation (ISFSI) by the end of 2019 (with a potential early finish date of mid-2018) at which time any implemented system mitigation will be removed from service. As the decommissioning agent, SONGS believes that resources allocated to mitigation of CDAs that will shortly be removed from service is not a prudent use of resources o SONGS fully implemented 10 CFR 73. 77 Cyber Security Event Notification rule which provides the NRC with notification of cyber-attacks in order to inform the U.S.

Department of Homeland Security (DHS) and federal intelligence and law enforcement agencies of cyber security-related events that could (1.) endanger public health and safety or the common defense and security, (2) provide information for threat-assessment processes, or (3) generate public or media inquiries.

The proposed extension to the Implementation of Milestone 8 will not impact the over-all effectiveness of the cyber security program.

3.2.2 Permanently Defueled Accident Analyses The Cyber Security Plan Implementation Schedule for SONGS Units 2 and 3 was originally proposed and approved by the NRC when the units were still operating reactors, and reflects the risks associated with operating reactors. SONGS Units 2 and 3 permanently ceased operations on June 12, 2013, and have not operated since January 2012. As a result, SONGS Units 2 and 3 present a significantly different risk profile than previously envisioned.

Since permanent cessation of operations, several major changes have taken place at the station. Safety-related structures, systems, and components have largely been re-classified as non-safety-related and removed from service. Due to the more than four years of decay time since the last operation of the reactors the decay heat load has significantly decreased in the spent fuel pools. The time-to-boil in the spent fuel pool has consequently increased from a matter of a few hours to several days. This has allowed SCE to install a spent fuel pool cooling system "island" that no longer relies on once-through cooling from the Pacific Ocean.

To reflect the permanently shut-down status of SONGS, SCE revised the design basis accident analyses for Units 2 and 3, and partly on the basis of those revised accident analyses, submitted changes to the Technical Specifications and Emergency Plan. Those changes have been reviewed and approved by the NRC and fully implemented by SCE.

Page E1-6

Summary descriptions of the revised accident analyses were provided as part of an exemption request associated with the Permanently Defueled Emergency Plan (Reference 4) and several supplements (References 5, 6, 7, 8, and 9). Specifically, Reference 4, Enclosure 1, Section 3.0, provides a summary of the remaining design basis accident analyses. The summary demonstrates that radiological dose consequences of the remaining design basis accidents are fractions of the regulatory limits for these events.

In the same exemption request (Reference 4, Enclosure 1, Section 4.0), SCE also provided a description of calculations performed for the beyond-design-basis spent fuel pool draindown event. This analysis showed that with no air-cooling of the fuel (i.e., the "adiabatic heatup case") there would be at least 10 hours1.157407e-4 days <br />0.00278 hours <br />1.653439e-5 weeks <br />3.805e-6 months <br /> to take mitigating action before the fuel cladding reached a temperature where runaway oxidation might occur (900°C). SCE also provided an analysis to determine the potential radiological impact due to loss of shielding to the public for a spent fuel pool draindown event.

In a response to an NRG Request for Additional Information (RAI), SCE provided a table (Reference 5, Enclosure 1, response to RAl-15) that shows the time to reach 900°C for the adiabatic heatup case as a function of decay time. The purpose of the table was to show that while the initial results of the analysis demonstrated at least 10 hours1.157407e-4 days <br />0.00278 hours <br />1.653439e-5 weeks <br />3.805e-6 months <br /> were available, additional time for mitigation following an event would be available as spent fuel continues to decay. As of June 12, 2016, more than 28 hours3.240741e-4 days <br />0.00778 hours <br />4.62963e-5 weeks <br />1.0654e-5 months <br /> are available to take mitigating action following a spent fuel pool draindown event.

In a separate RAI response (Reference 6, Enclosure 1, response to RAI 11 ), SCE provided a description of a spent fuel pool draindown analysis that took credit for air-cooling of the spent fuel. This analysis determined that as of August 31, 2014, the temperature of the cladding would not exceed the temperature for initial cladding oxidation (565°C) following a total loss of water from the Spent Fuel Pool.

Based on the potential consequences of the remaining design-basis and beyond-design-basis analyses, SCE concludes that the overall risk profile of the station supports the proposed extension of the Cyber Security Plan Implementation Schedule Milestone 8.

4.0 REGULATORY EVALUATION

4.1 Applicable Regulatory Requirements and Criteria 10 CFR 73.54 requires licensees to maintain and implement a cyber security plan. San Onofre Nuclear Generating Station (SONGS), Units 2 and 3 Facility Operating Licenses include a physical protection license condition (Paragraph 2.E of the Facility Operating License Nos. NPF-10 and NPF-15) that requires Southern California Edison (SCE) to fully implement and maintain in effect all provisions of the Commission-approved cyber security.plan, including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p).

4.2 No Significant Hazards Consideration Southern California Edison (SCE) has evaluated whether or not a significant hazards consideration exists with the proposed change by addressing the three standards set forth in 10 CFR 50.92, "Issuance of Amendment," as discussed below:

Page E1-7

1. Does the proposed change involve a significant increase in the probability or consequences of an accident previously evaluated?

Response: No The proposed change to the San Onofre Nuclear Generating Station (SONGS) Cyber Security Plan Implementation Schedule is administrative in nature. This change does not alter accident analysis assumptions, add any initiators, or affect the function of plant systems or the manner in which systems are operated, maintained, modified, tested, or inspected. The proposed change does not require any plant modifications which affect the performance capability of the structures, systems, and components (SSCs) relied upon to mitigate the consequences of postulated accidents, and has no impact on the probability or consequences of an accident previously evaluated.

Therefore, the proposed changes do not involve a significant increase in the probability or consequences of an accident previously evaluated.

2. Does the proposed change create the possibility of a new or different kind of accident from any accident previously evaluated?

Response: No The proposed change to the SONGS Cyber Security Plan Implementation Schedule is administrative in nature. This proposed change does not alter accident analysis assumptions, add any initiators, or affect the function of plant systems or the manner in which systems are operated, maintained, modified, tested, or inspected. The proposed change does not require any plant modifications which affect the performance capability of the SSCs relied upon to mitigate the consequences of postulated accidents, and does not create the possibility of a new or different kind of accident from any accident previously evaluated.

Therefore, the proposed change does not create the possibility of a new or different kind of accident from any previously evaluated.

3. Does the proposed change involve a significant reduction in a margin of safety?

Response: No Plant safety margins are established through limiting conditions for operation, limiting safety system settings, and safety limits specified in the technical specifications. The proposed change to the SONGS Cyber Security Plan Implementation Schedule is administrative in nature. Since the proposed change is administrative in nature, there is no change to these established safety margins. Therefore the proposed change does not involve a significant reduction in a margin of safety.

Based on the above evaluations, SCE concludes that the proposed amendment does not involve a significant hazards consideration under the standards set forth in 10 CFR 50.92(c).

Accordingly, a finding of "no significant hazards consideration" is justified.

Page E1-8

4.3 Conclusion In conclusion, based on the considerations discussed above: (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner, (2) such activities will be conducted in compliance with the Commission's regulations, and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public.

5.0 ENVIRONMENTAL CONSIDERATION

10 CFR 51.22(c)(9) provides criteria for and identification of licensing and regulatory actions eligible for categorical exclusion from performing an environmental assessment. A proposed license amendment requires no environmental assessment provided that (i) the license amendment involves no significant hazards consideration, (ii) there is no significant change in the types or significant increase in the amounts of any effluents that may be released offsite, and (iii) there is no significant increase in individual or cumulative occupational radiation exposure.

SCE has reviewed the proposed change and has determined that it meets the eligibility criteria for categorical exclusion set forth in 10 CFR 51.22(c)(9). Pursuant to10 CFR 51.22, rio environmental impact statement or environmental assessment needs to be prepared in connection with. the issuance of the proposed license amendment. The following is the basis for this determination:

(i) The amendment applications do not involve a significant hazards consideration, as described in the Significant Hazards Evaluation in Section 4.2 above.

(ii) There will be no significant change in the types or a significant increase in the amounts of any effluents released offsite. Effluent flow and flow-paths have been substantially reduced and will be reduced further in coming months. There will be no significant change in the types or increase in the amounts of any effluents that may be released offsite and the proposed license amendment does not involve irreversible environmental consequences beyond those already associated with the SONGS Final Environmental Statement and the Generic EIS on Decommissioning of Nuclear Facilities (NUREG-0586, Supplement 1, 2002).

(iii) The amendment applications do not result in a significant increase to the individual or cumulative occupational radiation exposure because the proposed change involves changes to the Cyber Security Plan Implementation Schedule, which are of administrative nature with no significant impact on occupational radiation exposure.

Therefore, the amendment applications do not result in a significant increase to the individual or cumulative occupational radiation exposure.

6.0 REFERENCES

1. Letter from J. R. Hall, (NRC), to Peter T. Dietrich (SCE), "San Onofre Nuclear Generating Station, Units 2 and 3 - Issuance of Amendments RE: Approval of Cyber Security Plan (TAC Nos. ME4426 and ME4427)," dated July 28, 2011 (ADAMS Accession No. ML111960323).

Page E1-9

2. Letter from D. R. Bauder (SCE) to Document Control Desk (NRC), "Response to Request for Additional Information Regarding License Amendment Request for Approval of the Cyber Security Plan, San Onofre Nuclear Generating Station, Units 2 and 3," dated March 31, 2011 (ADAMS Accession No. ML11112A028).
3. Letter from D. R. Bauder (SCE) to Document Control Desk (NRC), "Supplement to Request for Approval of the Cyber Security Plan, San Onofre Nuclear Generating Station, Units 2 and 3," dated June 16, 2011 (ADAMS Accession No. ML11171A191 ).
4. Letter from T. J. Palmisano (SCE) to Document Control Desk (NRC) dated March 31, 2014;

Subject:

Docket Nos. 50-206, 50-361, 50-362, and 72-041, Emergency Planning Exemption Request, San Onofre Nuclear Generating Station, Units 1, 2, and 3 and Independent Spent Fuel Storage Installation (ADAMS Accession No. ML14092A332)

5. Letter from T. J. Palmisano (SCE) to Document Control Desk (NRC) dated October 6, 2014;

Subject:

Docket Nos. 50-206, 50-361, 50-362, and 72-041, Response to Request for Additional Information, Proposed Exemptions from Certain Portions of 10 CFR 50.47 and Appendix E (Publicly available version submitted December 15, 2014, ADAMS Accession No. ML14351A078)

6. Letter from T. J. Palmisano (SCE) to Document Control Desk (NRC) dated S~ptember 9, 2014;

Subject:

Docket Nos. 50-206, 50-361, 50-362, and 72-041, Response to Request for Additional Information Regarding Emergency Planning Exemption Request, San Onofre Nuclear Generating Station, Units 1, 2, 3 and ISFSI (ADAMS Accession No. ML14258A003).

7. Letter from T. J. Palmisano (SCE) to Document Control Desk (NRC) dated October 2, 2014;

Subject:

Docket Nos. 50-206, 50-361, 50-362, and 72-041, Response to Request for Additional Information Regarding Emergency Planning Exemption Request, San Onofre Nuclear Generating Station, Units 1, 2, 3 and ISFSI (ADAMS Accession No. ML14280A265).

8. Letter from T. J. Palmisano (SCE) to Document Control Desk (NRC) dated October 27, 2014;

Subject:

Docket Nos. 50-206, 50-361, 50-362, and 72-041, Response to Requests for Clarification of October 6, 2014 RAI Responses Concerning Emergency Planning Exemption Request, San Onofre Nuclear Generating Station, Units 1, 2, 3 and ISFSI (ADAMS Accession No. ML14303A257).

9. Letter from T. J. Palmisano (SCE) to Document Control Desk (NRC) dated November 3, 2014;

Subject:

Docket Nos. 50-206, 50-361, 50-362, and 72-041, Response to Request for Additional Information Regarding Emergency Planning Exemption Request, San Onofre Nuclear Generating Station, Units 1, 2, 3 and ISFSI (ADAMS Accession No. ML14309A195).

Page E1-10

ATTACHMENT 1 Proposed Facility Operating License Mark-Up Pages

Unit 2 Facility Operating License Page E. SCE shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans, which contain Safeguards Information protected under 10 CFR 73.21 is entitled: "San Onofre Nuclear Generating.Station Security, Training and Qualification, and Safeguards Contingency Plan, Revision 2" submitted by letter dated May 15, 2006. SCE shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP),

including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The SONGS CSP was approved by License Amendment No. 225 as supplemented by a-.change§ approved by License Amendment§ 231_

andXXX.

Pursuant to NRC's Order EA-13-092, dated June 5, 2013, NRC reviewed and approved the license amendment 232 that permitted the security personnel of the licensee to possess and use certain specific firearms, ammunition, and other devices, such as large-capacity ammunition feeding devices, notwithstanding local, State, and certain Federal firearms laws that may prohibit such possession and use.

F. This license is subject to the following additional condition for the protection of the environment:

Before engaging in activities that may result in a significant adverse environmental impact that was not evaluated or that is significantly greater than that evaluated in the Final Environmental Statement, SCE shall provide a written notification of such activities to the NRC Office of Nuclear Reactor Regulation and receive written approval from that office before proceeding with such activities.

G. DELETED H. SCE shall notify the Commission, as soon as possible but not later than one hour, of any accident at this facility which could result in an unplanned release of quantities of fission products in excess of allowable limits for normal operation established by the Commission.

I. SCE shall have and maintain financial protection of such type and in such amounts as the Commission shall require in accordance with Section 170 of the Atomic Energy Act of 1954, as amended, to cover public liability claims.

J. Deleted

Amendment No. XXX

Unit 3 Facility Operating License Page Report. These exemptions are authorized by law and will not endanger life or property or the common defense and security and are otherwise in the public interest.

Therefore, these exemptions are hereby granted. The facility will operate, to the extent authorized herein, in conformity with the application, as amended, the provisions of the Act, and the regulations of the Commission.

E. SCE shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans, which contain Safeguards Information protected under 10 CFR 73.21 is entitled: "San Onofre Nuclear Generating Station Security, Training and Qualification, and Safeguards Contingency Plan, Revision 2" submitted by letter dated May 15, 2006. SCE shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The SONGS CSP was approved by License Amendment No. 218, as supplemented by a-change.§ approved by License Amendment.§ 224 and XXX.

Pursuant to NRC's Order EA-13-092, dated June 5, 2013, NRC reviewed and approved the license amendment 225 that permitted the security personnel of the licensee to possess and use certain specific firearms, ammunition, and other devices, such as large-capacity ammunition feeding devices, notWithstanding local, State, and certain Federal firearms laws that may prohibit such possession and use.

F. This license is subject to the following additional condition for the protection of the environment:

Before engaging in activities that may result in a significant adverse environmental impact that was not evaluated or that is significantly greater than that evaluated in the Final Environmental Statement, SCE shall provide a written notification of such activities to the NRC Office of Nuclear Reactor Regulation and receive written approval from that office before proceeding with such activities.

G. DELETED H. SCE shall notify the Commission, as soon as possible but not later than one hour, of any accident at this facility which could result in an unplanned release of quantities of fission products in excess of allowable limits for normal operation established by the Commission.

I. SCE shall have and maintain financial protection of such type and in such amounts as the Commission shall require in accordance with Section 170 of the Atomic Energy Act of 1954, as amended, to cover public liability claims.

Amendment No. XXX

ATTACHMENT 2 Proposed Facility Operating License Clean-Typed Pages

Unit 2 Facility Operating License Page E. SCE shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p ). The combined set of plans, which contain Safeguards Information protected under 10 CFR 73.21 is entitled: "San Onofre Nuclear Generating Station Security, Training and Qualification, and Safeguards Contingency Plan, Revision 2" submitted by letter dated May 15, 2006. SCE shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP),

including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The SONGS CSP was approved by License Amendment No. 225 as supplemented by a changes approved by License Amendments 231 andXXX.

Pursuant to NRC's Order EA-13-092, dated June 5, 2013, NRC reviewed and approved the license amendment 232 that permitted the security personnel of the licensee to possess and use certain specific firearms, ammunition, and other devices, such as large-capacity ammunition feeding devices, notwithstanding local, State, and certain Federal firearms laws that may prohibit such possession and use.

F. This license is subject to the following additional condition for the protection of the environment:

Before engaging in activities that may result in a significant adverse environmental impact that was not evaluated or that is significantly greater than that evaluated in the Final Environmental Statement, SCE shall provide a written notification of such activities to the NRC Office of Nuclear Reactor Regulation and receive written approval from that office before proceeding with such activities.

G. DELETED H. SCE shall notify the Commission, as soon as possible but not later than one hour, of any accident at this facility which could result in an unplanned release of quantities of fission products in excess of allowable limits for normal operation established by the Commission.

I. SCE shall have and maintain financial protection of such type and in such amounts as the Commission shall require in accordance with Section 170 of the Atomic Energy Act of 1954, as amended, to cover public liability claims.

J. Deleted

Amendment No. XXX

Unit 3 Facility Operating License Page

. Report. These exemptions are authorized by law and will not endanger life or property or the common defense and security and are otherwise in the public interest.

Therefore, these exemptions are hereby granted. The facility will operate, to the extent authorized herein, in conformity with the application, as amended, the provisions of the Act, and the regulations of the Commission.

E. SCE shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans, which contain Safeguards Information protected under 10 CFR 73.21 is entitled: "San Onofre Nuclear Generating Station Security, Training and Qualification, and Safeguards Contingency Plan, Revision 2" submitted by letter dated May 15, 2006. SCE shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The SONGS CSP was approved by License Amendment No. 218, as supplemented by a changes approved by License Amendments 224 and xxx.

Pursuant to NRC's Order EA-13-092, dated June 5, 2013, NRC reviewed and approved the license amendment 225 that permitted the security personnel of the licensee to possess and use certain specific firearms, ammunition, and other devices, such as large-capacity ammunition feeding devices, notwithstanding local, State, and certain Federal firearms laws that may prohibit such possession and use.

F. This license is subject to the following additional condition for the protection of the environment:

Before engaging in activities that may result in a significant adverse environmental impact that was not evaluated or that is significantly greater than that evaluated in the

. Final Environmental Statement, SCE shall provide a written notification of such activities to the NRC Office of Nuclear Reactor Regulation and receive written approval from that office before proceeding with such activities.

G. DELETED H. SCE shall notify the Commission, as soon as possible but not later than one hour, of any accident at this facility which could result in an unplanned release of quantities of fission products in excess of allowable limits for normal operation established by the Commission.

I. SCE shall have and maintain financial protection of such type and in such amounts as the Commission shall require in accordance with Section 170 of the Atomic Energy Act of 1954, as amended, to cover public liability claims.

Amendment No. XXX I

ATTACHMENT 3 Revised Cyber Security Plan Milestone 8 Implementation Schedule

  1. Implementation Milestone Completion Date Basis 8 Full implementation of SONGS No later than December By the completion date, Cyber Security Plan for all SSEP 31, 2019 the SONGS Cyber functions will be achieved Security Plan will be fully implemented for all SSEP functions in accordance with 10 CFR 73.54. This date also bounds the completion of all individual asset security control design mitigation actions.

E2A3-1

Retrieved from "https://kanterella.com/w/index.php?title=ML16172A075&oldid=2443699"