CNL-16-016, License Amendment Request (BFN TS-509) to Change the Completion Date of Cyber Security Plan Implementation Milestone 8
| ML16197A372 | |
| Person / Time | |
|---|---|
| Site: | Browns Ferry  (DPR-033, DPR-052, DPR-068) |
| Issue date: | 07/14/2016 |
| From: | James Shea Tennessee Valley Authority |
| To: | Document Control Desk, Office of Nuclear Reactor Regulation |
| Shared Package | |
| ML16197A371 | List: |
| References | |
| BFN TS-509, CNL-16-016, TAC ME4952, TAC ME4953, TAC ME4954 | |
| Download: ML16197A372 (12) | |
Text
SECURITY-RELATED INFORMATION - WITHHOLD UNDER 10 CFR 2.390 This letter is decontrolled when separated from Enclosures 1 and 4 Tennessee Valley Authority, 1101 Market Street, Chattanooga, Tennessee 37402 CNL-16-016 July 14, 2016 10 CFR 50.90 ATTN: Document Control Desk U.S. Nuclear Regulatory Commission Washington, D.C. 20555-0001 Browns Ferry Nuclear Plant, Units 1, 2, and 3 Renewed Facility Operating License Nos. DPR-33, DPR-52, and DPR-68 NRC Docket Nos. 50-259, 50-260, and 50-296
Subject:
License Amendment Request (BFN TS-509) to Change the Completion Date of Cyber Security Plan Implementation Milestone 8
Reference:
Letter from NRC to TVA, Browns Ferry Nuclear Plant, Units 1, 2, and 3 -
Issuance of Amendments Regarding The Cyber Security Plan (TS-470)
(TAC Nos. ME4952, ME4953, and ME4954), dated July 29, 2011.
In accordance with the provisions of Title 10 of the Code of Federal Regulations (CFR) 50.90, "Application for amendment of license, construction permit, or early site permit," Tennessee Valley Authority (TVA) is submitting a request for amendment to Renewed Facility Operating License Nos. DPR-33, DPR-52, and DPR-68 for the Browns Ferry Nuclear Plant (BFN), Units 1, 2, and 3, respectively. This submittal satisfies the requirement to request prior Nuclear Regulatory Commission (NRC) approval for changes to the BFN, Units 1, 2, and 3, Cyber Security Plan (CSP) milestone implementation schedule as prescribed in the Reference letter.
The proposed license amendment revises the BFN CSP Implementation Schedule for Milestone 8 and updates the Facility Operating Licenses. to this letter provides a description and technical evaluation of the proposed changes. Enclosure 2 provides the regulatory evaluation and environmental consideration of the proposed changes. Enclosure 3 to this letter contains a proposed markup of BFN, Units 1, 2, and 3, Renewed Facility Operating License Nos. DPR-33, DPR-52, and DPR-68. Enclosure 4 provides the revised BFN, Units 1, 2, and 3, CSP implementation schedule for Milestone 8.
SECURITY-RELATED INFORMATION - WITHHOLD UNDER 10 CFR 2.390 This letter is decontrolled when separated from Enclosures 1 and 4 U. S. Nuclear Regulatory Commission Page 2 CNL-16-016 July 14, 2016 The proposed change has been evaluated in accordance with 10 CFR 50.91(a)(1) using criteria in 10 CFR 50.92(c). TVA has determined that the change involves no significant hazards consideration and that the change qualifies for a categorical exclusion from environmental review pursuant to the provisions of 10 CFR 51.22(c)(12). In accordance with 10 CFR 50.91(b)(1), TVA is sending a copy of this letter and Enclosures 2 and 3 to the Alabama Department of Public Health.
Enclosures 1 and 4 contain security related information and, as such, TVA requests that they be withheld from public disclosure pursuant to 10 CFR 2.390(d)(1).
TVA requests the NRC approve this amendment by June 30, 2017, with implementation within 30 days of issuance.
There are no new regulatory commitments associated with this submittal. Please address any questions regarding this request to Edward D. Schrull at (423) 751-3850.
I declare under penalty of perjury that the foregoing is true and correct. Executed on this 14th day of July 2016.
Respectfully, J. W. Shea Vice President, Nuclear Licensing
Enclosures:
- 1.
Technical Evaluation of Proposed Change
- 2.
Regulatory Evaluation and Environmental Consideration
- 3.
Proposed Facility Operating License Changes (Mark-up)
- 4.
Revised Browns Ferry Nuclear Plant Cyber Security Plan Implementation Schedule (Milestone 8)
Enclosures cc (Enclosures):
NRC Regional Administrator - Region II NRC Senior Resident Inspector - Browns Ferry Nuclear Plant State Health Officer - Alabama Department of Public Health (w/o Enclosures 1 and 3)
Joseph W.
Shea Digitally signed by Joseph W. Shea DN: cn=Joseph W. Shea, o=Tennessee Valley Authority, ou=Nuclear Licensing, email=jwshea@tva.gov, c=US Date: 2016.07.14 16:20:57 -04'00'
SECURITY-RELATED INFORMATION - WITHHOLD UNDER 10 CFR 2.390 CNL-16-016 E4-2 BROWNS FERRY NUCLEAR PLANT UNITS 1, 2, AND 3 Technical Evaluation of Proposed Change
Subject:
License Amendment Request (BFN TS-509) to Change the Completion Date of Cyber Security Plan Implementation Milestone 8 CNL-16-016 E2-1 TENNESSEE VALLEY AUTHORITY BROWNS FERRY NUCLEAR PLANT UNITS 1, 2, AND 3 Regulatory Evaluation and Environmental Consideration
Subject:
License Amendment Request (BFN TS-509) to Change the Completion Date of Cyber Security Plan Implementation Milestone 8
- 1.
REGULATORY EVALUATION 1.1 Applicable Regulatory Requirements/Criteria 1.2 Precedent 1.3 Significant Hazards Consideration 1.4 Conclusions
- 2.
ENVIRONMENTAL CONSIDERATION CNL-16-016 E2-2
1.0 REGULATORY EVALUATION
1.1 Applicable Regulatory Requirements/Criteria 10 CFR 73.54 requires licensees to maintain and implement a cyber security plan.
License Condition 2.C(11)(b) for Browns Ferry Nuclear Plant (BFN), Units 1 and 2 Facility Operating License Nos. DPR-77 and DPR-79, and License Condition 2.C(6)(b) for BFN Unit 3 Facility Operating License No. DPR-68, require BFN Units 1, 2, and 3 to fully implement and maintain in effect all provisions of the Commission approved CSP, including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p).
1.2 Precedent Based on a review performed by the Nuclear Energy Institute (NEI) Cyber Security Task Force, 64 of the 103 industry nuclear units have an NRC approved Milestone 8 completion date of December 31, 2017. This proposed change to the BFN implementation is consistent with previously approved industry peers.
1.3 Significant Hazards Consideration Tennessee Valley Authority (TVA) proposes to modify the Browns Ferry Nuclear Plant (BFN) Cyber Security Plan (CSP) implementation date for Milestone 8. These changes are being proposed to allow for adequate time to assess, methodically plan, schedule, and implement the required changes based on resolution of industry generic issues and lessons learned from planned Milestone 8 industry workshops.
TVA has concluded that the change to the BFN CSP implementation date for Milestone 8 does not involve a significant hazards consideration. TVAs conclusion is based on its evaluation in accordance with 10 CFR 50.91(a)(1) of the three standards set forth in 10 CFR 50.92, "Issuance of Amendment," as discussed below:
- 1.
Does the proposed amendment involve a significant increase in the probability or consequence of an accident previously evaluated?
Response: No.
The proposed change revises the CSP Milestone 8 implementation date.
This change does not alter accident analysis assumptions, add any initiators, or affect the function of plant systems or the manner in which systems are operated, maintained, modified, tested, or inspected. The proposed change is an extension to the completion date of implementation Milestone 8, that in itself does not require any plant modifications which affect the performance capability of the structures, systems, and components relied upon to mitigate the consequences of postulated accidents and have no impact on the probability or consequences of an accident previously evaluated.
Therefore, the proposed change does not involve a significant increase in the probability or consequences of an accident previously evaluated.
CNL-16-016 E2-3
- 2.
Does the proposed amendment create the possibility of a new or different kind of accident from any accident previously evaluated?
Response: No.
The proposed change revises the CSP Implementation Schedule. This proposed change to extend the completion date of implementation Milestone 8 does not alter accident analysis assumptions, add any initiators, or affect the function of plant systems or the manner in which systems are operated, maintained, modified, tested, or inspected. The proposed change does not require any plant modifications which affect the performance capability of the structures, systems and components relied upon to mitigate the consequences of postulated accidents. This change also does not create the possibility of a new or different kind of accident from any accident previously evaluated.
Therefore, the proposed change does not create the possibility of a new or different kind of accident from any accident previously evaluated.
- 3.
Does the proposed amendment involve a significant reduction in a margin of safety?
Response: No.
Plant safety margins are established through limiting conditions for operation, limiting safety system settings, and safety limits specified in the technical specifications. The proposed change extends the CSP Implementation Schedule. Because there is no change to these established safety margins as result of this change, the proposed change does not involve a significant reduction in a margin of safety.
Therefore, the proposed change does not involve a significant reduction in a margin of safety.
Based on the above, TVA concludes that the proposed extension presents no significant hazards consideration under the standards set forth in 10 CFR 50.92(c),
and accordingly, a finding of no significant hazards consideration is justified.
1.4 Conclusions 10 CFR 73.54 requires that each licensee shall provide high assurance that digital computer and communication systems and networks are adequately protected against cyber attacks up to and including the design basis threat established by 10 CFR 73.1(a)(1)(v).
The proposed change amends the CSP Implementation Schedule and does not change any feature of the CSP that meets the requirements of 10 CFR 73.54 as previously approved by the NRC.
CNL-16-016 E2-4 The proposed change has been evaluated in accordance with 10 CFR 50.91(a)(1) using criteria in 10 CFR 50.92(c), and it has been determined that the changes involve no significant hazards consideration.
In conclusion, based on the considerations discussed above: (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner; (2) such activities will be conducted in compliance with the Commission's regulations; and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public.
2.0 ENVIRONMENTAL CONSIDERATION
The proposed amendment changes the CSP Implementation Schedule for Milestone 8. The proposed amendment meets the eligibility criterion for a categorical exclusion set forth in 10 CFR 51.22(c)(12). Therefore, pursuant to 10 CFR 51.22(b),
no environmental impact statement or environmental assessment needs to be prepared in connection with the issuance of the amendment.
CNL-16-016 E3-1 Browns Ferry Nuclear Plant, Units 1, 2, and 3 Proposed Facility Operating License Changes (Mark-up)
BFN-UNIT 1 Renewed License No. DPR-33 Amendment No. 290 XXX October 28, 2015 June 30, 2017 (8)
Deleted.
(9)
Deleted.
(10)
Deleted.
(11)(a) The licensee shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans, which contains Safeguards Information protected under 10 CFR 73.21, is entitled: "Browns Ferry Nuclear Plant Physical Security Plan, Training and Qualification Plan, and Contingency Plan," submitted by letter dated April 28, 2006.
(b) The licensee shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The licensee CSP was approved by License Amendment No. 279, as amended by changes approved by License Amendment Nos. 286 and XXX.
(12)
Deleted.
(13)
TVA Browns Ferry Nuclear Plant shall implement and maintain in effect all provisions of the approved fire protection program that comply with 10 CFR 50.48(a) and 10 CFR 50.48(c), as specified in the license amendment request dated March 27, 2013, as supplemented by letters dated May 16, 2013; December 20, 2013; January 10, 2014; January 14, 2014; February 13, 2014; March 14, 2014; May 30, 2014; June 13, 2014; July 10, 2014; August 29, 2014; September 16, 2014; October 6, 2014; December 17, 2014; March 26, 2015; April 9, 2015; June 19, 2015; August 18, 2015; September 8, 2015; and October 20, 2015, as approved in the Safety Evaluation dated October 28, 2015.
Except where NRC approval for changes or deviations is required by 10 CFR 50.48(c), and provided no other regulation, technical specification, license condition or requirement would require prior NRC approval, the licensee may make changes to the fire protection program without prior approval of the Commission if those changes satisfy the provisions set forth in 10 CFR 50.48(a) and 10 CFR 50.48(c), the change does not require a change to a technical specification or a license condition, and the criteria listed below are satisfied.
Risk-Informed Changes that May Be Made Without Prior NRC Approval A risk assessment of the change must demonstrate that the acceptance criteria below are met. The risk assessment approach, methods, and data shall be acceptable to the NRC and shall be appropriate for the nature and scope of the change being evaluated; be based on the as-built, as-operated, and maintained plant; and reflect the operating experience at the plant. Acceptable methods to assess the risk of the change may include methods that have been used in the CNL-16-016 E3-2
BFN-UNIT 2 Renewed License No. DPR-52 Amendment No. 315 XXX October 28, 2015 June 30, 2017 (8)
Deleted.
(9)
Deleted.
(10)
Deleted.
(11)(a) The licensee shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans, which contains Safeguards Information protected under 10 CFR 73.21, is entitled:
"Browns Ferry Nuclear Plant Physical Security Plan, Training and Qualification Plan, and Contingency Plan," submitted by letter dated April 28, 2006.
(b) The licensee shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The licensee CSP was approved by License Amendment No. 306, as amended by changes approved by License Amendment Nos. 312 and XXX.
(12)
Deleted.
(13)
Deleted.
(14)
TVA Browns Ferry Nuclear Plant shall implement and maintain in effect all provisions of the approved fire protection program that comply with 10 CFR 50.48(a) and 10 CFR 50.48(c), as specified in the license amendment request dated March 27, 2013, as supplemented by letters dated May 16, 2013; December 20, 2013; January 10, 2014; January 14, 2014; February 13, 2014; March 14, 2014; May 30, 2014; June 13, 2014; July 10, 2014; August 29, 2014; September 16, 2014; October 6, 2014; December 17, 2014; March 26, 2015; April 9, 2015; June 19, 2015; August 18, 2015; September 8, 2015; and October 20, 2015, as approved in the Safety Evaluation dated October 28, 2015. Except where NRC approval for changes or deviations is required by 10 CFR 50.48(c), and provided no other regulation, technical specification, license condition or requirement would require prior NRC approval, the licensee may make changes to the fire protection program without prior approval of the Commission if those changes satisfy the provisions set forth in 10 CFR 50.48(a) and 10 CFR 50.48(c), the change does not require a change to a technical specification or a license condition, and the criteria listed below are satisfied.
Risk-Informed Changes that May Be Made Without Prior NRC Approval A risk assessment of the change must demonstrate that the acceptance criteria below are met. The risk assessment approach, methods, and data shall be CNL-16-016 E3-3 BFN-UNIT 3 Renewed License No. DPR-68 Amendment No. 273 XXX October 28, 2015 June 30, 2017 (3)
The licensee is authorized to relocate certain requirements included in Appendix A and the former Appendix B to licensee-controlled documents. Implementation of this amendment shall include the relocation of these requirements to the appropriate documents, as described in the licensee's application dated September 6, 1996; as supplemented May 1, August 14, November 5 and 14, December 3, 4, 11, 22, 23, 29, and 30, 1997; January 23, March 12, April 16, 20, and 28, May 7, 14, 19, and 27, and June 2, 5, 10 and 19, 1998; evaluated in the NRC staff's Safety Evaluation enclosed with this amendment. This amendment is effective immediately and shall be implemented within 90 days of the date of this amendment.
(4)
Deleted.
(5)
Classroom and simulator training on all power uprate related changes that affect operator performance will be conducted prior to operating at uprated conditions.
Simulator changes that are consistent with power uprate conditions will be made and simulator fidelity will be validated in accordance with ANSI/ANS 3.5-1985. Training and the plant simulator will be modified, as necessary, to incorporate changes identified during startup testing. This amendment is effective immediately.
(6)(a) The licensee shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p).
The combined set of plans, which contains Safeguards Information protected under 10 CFR 73.21, is entitled: "Browns Ferry Nuclear Plant Physical Security Plan, Training and Qualification Plan, and Contingency Plan, Revision 4, submitted by letter dated April 28, 2006.
(b) The licensee shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The licensee CSP was approved by License Amendment No. 265, as amended by changes approved by License Amendment Nos. 271 and XXX.
(7)
TVA Browns Ferry Nuclear Plant shall implement and maintain in effect all provisions of the approved fire protection program that comply with 10 CFR 50.48(a) and 10 CFR 50.48(c), as specified in the license amendment request dated March 27, 2013, as supplemented by letters dated May 16, 2013; December 20, 2013; January 10, 2014; January 14, 2014; February 13, 2014; March 14, 2014; May 30, 2014; June 13, 2014; July 10, 2014; August 29, 2014; September 16, 2014; October 6, 2014; December 17, 2014; March 26, 2015; April 9, 2015; June 19, 2015; August 18, 2015; September 8, 2015; and October 20, 2015, as approved in the Safety Evaluation dated October 28, 2015. Except where NRC approval for changes or deviations is required by 10 CFR 50.48(c), and provided no other regulation, technical specification, license condition or requirement would require prior NRC approval, the licensee CNL-16-016 E3-4
SECURITY-RELATED INFORMATION - WITHHOLD UNDER 10 CFR 2.390 CNL-16-016 E4-1 Revised Browns Ferry Nuclear Plant Cyber Security Plan Implementation Schedule (Milestone 8)