ML16258A340
| ML16258A340 | |
| Person / Time | |
|---|---|
| Site: | Cook  |
| Issue date: | 11/02/2016 |
| From: | Dietrich A Plant Licensing Branch III |
| To: | Gebbie J Indiana Michigan Power Co |
| Dietrich A, NRR/DORL/LPLIII-1, 415-2846 | |
| References | |
| CAC MF7473, CAC MF7474 | |
| Download: ML16258A340 (18) | |
Text
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 November 2, 201 6 Mr. Joel P. Gebbie Senior Vice President and Chief Nuclear Officer Indiana Michigan Power Company Nuclear Generation Group One Cook Place Bridgman, Ml 49106
SUBJECT:
DONALD C. COOK NUCLEAR PLANT, UNITS 1 AND 2 - ISSUANCE OF AMENDMENTS RE: CYBER SECURITY IMPLEMENTATION SCHEDULE (CAC NOS. MF7473 AND MF7474)
Dear Mr. Gebbie:
The U.S. Nuclear Regulatory Commission (NRC) has issued the enclosed Amendment No. 333 to Renewed Facility Operating License No. DPR-58, and Amendment No. 315 to Renewed Facility Operating License No. DPR-74, for the Donald C. Cook Nuclear Plant (CNP), Units 1 and 2, respectively. The amendments consist of changes to the renewed facility operating licenses in response to your application dated March 14, 2016, as supplemented by letter dated October 28, 2016.
The amendments approve a revised schedule for full implementation of the cyber security plan (CSP), and revise Paragraph 2.D of Renewed Facility Operating License Nos. DPR-58 and DPR-74. The amendments approve an extension of the date of full implementation of the CSP from December 31, 2016, to December 31, 2017. The CSP and associated implementation schedule for CNP were previously approved by letters dated July 28, 2011, December 13, 2012, and December 18, 2014.
J. Gebbie A copy of our related safety evaluation is also enclosed. A Notice of Issuance will be included in the Commission's biweekly Federal Register notice.
Sincerely, flu fiU>
Allison W. Dietrich, Project Manager Plant Licensing Branch 111-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket Nos. 50-315 and 50-316
Enclosures:
- 1. Amendment No. 333 to DPR-58
- 2. Amendment No. 315 to DPR-74
- 3. Safety Evaluation cc w/encls: Distribution via ListServ
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 INDIANA MICHIGAN POWER COMPANY DOCKET NO. 50-315 DONALD C. COOK NUCLEAR PLANT. UNIT 1 AMENDMENT TO RENEWED FACILITY OPERATING LICENSE Amendment No. 333 License No. DPR-58
- 1. The U.S. Nuclear Regulatory Commission (the Commission) has found that:
A. The application for amendment by Indiana Michigan Power Company (the licensee) dated March 14, 2016, as supplemented by letter dated October 28, 2016, complies with the standards and requirements of the Atomic Energy Act of 1954, as amended (the Act), and the Commission's rules and regulations set forth in 10 CFR Chapter I; B. The facility will operate in conformity with the application, the provisions of the Act, and the rules and regulations of the Commission; C. There is reasonable assurance (i) that the activities authorized by this amendment can be conducted without endangering the health and safety of the public, and (ii) that such activities will be conducted in compliance with the Commission's regulations; D. The issuance of this amendment will not be inimical to the common defense and security or to the health and safety of the public; and E. The issuance of this amendment is in accordance with 10 CFR Part 51 of the Commission's regulations and all applicable requirements have been satisfied.
- 2. Accordingly, the license is amended by changes as indicated in the attachment to this license amendment, and Paragraph 2.D of Renewed Facility Operating License No. DPR-58 is hereby amended to read as follows:
The Indiana and Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission-approved Donald C.
Cook Nuclear Plant Cyber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The Donald C. Cook Nuclear Plant CSP was approved by License Enclosure 1
Amendment No. 315 as supplemented by changes approved by License Amendment Nos. 319, 325, and 333.
- 3. This license amendment is effective as of its date of issuance and shall be implemented within 60 days. The full implementation of the CSP shall be in accordance with the implementation schedule submitted by the licensee on March 14, 2016, and approved by the NRC staff with this license amendment. All subsequent changes to the NRC-approved CSP implementation schedule will require NRC approval pursuant to 10 CFR 50.90.
FOR THE NUCLEAR REGULATORY COMMISSION 0Jq~~
David J. Wrona, Chief Plant Licensing Branch 111-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation
Attachment:
Changes to Renewed Facility Operating License No. DPR-58 Date of Issuance: November 2 , 2O1 6
ATTACHMENT TO LICENSE AMENDMENT NO. 333 DONALD C. COOK NUCLEAR PLANT, UNIT 1 RENEWED FACILITY OPERATING LICENSE NO. DPR-58 DOCKET NO. 50-315 Replace the following page of the Renewed Facility Operating License No. DPR-58 with the attached revised page. The revised page is identified by amendment number and contains a marginal line indicating the area of change.
REMOVE INSERT 9 9
(19) Operation with Vacuum Fill:
The licensee is authorized to operate the facility using Reactor Coolant System (RCS) vacuum fill operation in accordance with TS 3.4.3, "RCS Pressure and Temperature (PIT) Limits," with corresponding revisions to Figure 3.4.3-1, "Reactor Coolant System Pressure versus Temperature Limits - Heatup Limit, Criticality Limit, and Leak Test Limit (Applicable for service period up to 32 EFPY)," and Figure 3.4.3-2, "Reactor Coolant System Pressure versus Temperature Limits - Various Cooldown Rates Limits (Applicable for service period up to 32 EFPY)," as approved in License Amendment No. 323 to Renewed Facility Operating License No. DPR-58. This includes an approved extension to -14.7 pounds per square inch gage to bound the RCS conditions required to support vacuum fill operation. The licensee shall submit an analysis of the PIT curves in Figures 3.4.3-1 and 3.4.3-2 within one year of the date of issuance of License Amendment No. 323, which demonstrates consideration of all ferritic reactor vessel materials as defined in Appendix G to 10 CFR Part 50, including non-beltline ferritic reactor vessel materials."
D. Physical Protection The Indiana Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revision to 10 CFR 73.55 (51 FR 27817 and 27822), and the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans 1, which contain Safeguards Information protected under 10 CFR 73.21, is entitled: "Donald C. Cook Nuclear Plant Security Plan, Training and Qualification Plan, and Safeguards Contingency Plan, Revision 1,"
submitted by letter dated May 10, 2006.
The Indiana and Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission-approved Donald C. Cook Nuclear Plant Cyber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The Donald C. Cook Nuclear Plant CSP was approved by License Amendment No. 315 as supplemented by changes approved by License Amendment Nos. 319, 325, and 333.
E. Deleted by Amendment No. 80 F. Deleted by Amendment No. 80 G. In all places of this renewed operating license, the reference to the Indiana and Michigan Electric Company is amended to read Indiana Michigan Power Company.
H. Deleted by Amendment No. 287 1
The Training and Qualification Plan and Safeguards Contingency Plan are Appendices to the Security Plan Renewed License No. DPR-58 Amendment No. a4-a, J.W, ~. ~. ~. 333
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 INDIANA MICHIGAN POWER COMPANY DOCKET NO. 50-316 DONALD C. COOK NUCLEAR PLANT, UNIT 2 AMENDMENT TO RENEWED FACILITY OPERATING LICENSE Amendment No. 315 License No. DPR-74
- 1. The U.S. Nuclear Regulatory Commission (the Commission) has found that:
A The application for amendment by Indiana Michigan Power Company (the licensee) dated March 14, 2016, as supplemented by letter dated October 28, 2016, complies with the standards and requirements of the Atomic Energy Act of 1954, as amended (the Act), and the Commission's rules and regulations set forth in 10 CFR Chapter I; B. The facility will operate in conformity with the application, the provisions of the Act, and the rules and regulations of the Commission; C. There is reasonable assurance (i) that the activities authorized by this amendment can be conducted without endangering the health and safety of the public, and (ii) that such activities will be conducted in compliance with the Commission's regulations; D. The issuance of this amendment will not be inimical to the common defense and security or to the health and safety of the public; and E. The issuance of this amendment is in accordance with 10 CFR Part 51 of the Commission's regulations and all applicable requirements have been satisfied.
- 2. Accordingly, the license is amended by changes as indicated in the attachment to this license amendment, and Paragraph 2.D of Renewed Facility Operating License No. DPR-7 4 is hereby amended to read as follows:
The Indiana and Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission-approved Donald C.
Cook Nuclear Plant Cyber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The Donald C. Cook Nuclear Plant CSP was approved by License Enclosure 2
Amendment No. 299 as supplemented by changes approved by License Amendment Nos. 303, 308, and 315.
- 3. This license amendment is effective as of its date of issuance and shall be implemented within 60 days. The full implementation of the CSP shall be in accordance with the implementation schedule submitted by the licensee on March 14, 2016, and approved by the NRC staff with this license amendment. All subsequent changes to the NRG-approved CSP implementation schedule will require NRC approval pursuant to 10 CFR 50.90.
FOR THE NUCLEAR REGULATORY COMMISSION 6J9. o/~
David J. Wrona, Chief Plant Licensing Branch 111-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation
Attachment:
Changes to Renewed Facility Operating License No. DPR-74 Date of Issuance: November 2, 2o1 6
ATTACHMENT TO LICENSE AMENDMENT NO. 315 DONALD C. COOK NUCLEAR PLANT, UNIT 2 RENEWED FACILITY OPERATING LICENSE NO. DPR-74 DOCKET NO. 50-316 Replace the following page of the Renewed Facility Operating License No. DPR-74 with the attached revised page. The revised page is identified by amendment number and contains a marginal line indicating the area of change.
REMOVE INSERT 10 10
(Ill) The first performance of the periodic measurement of CRE pressure, TS 5.5.16.d, shall be within 24 months, plus the 182 days allowed by SR 3.0.2, as measured from the date of the most recent successful pressure measurement test, or within 182 days if not performed previously.
(gg) Operation with Vacuum Fill:
The licensee is authorized to operate the facility using Reactor Coolant System (RCS) vacuum fill operation in accordance with TS 3.4.3, "RCS Pressure and Temperature (PIT) Limits," with corresponding revisions to Figure 3.4.3-1, "Reactor Coolant System Pressure versus Temperature Limits
- Heatup Limit, Criticality Limit, and Leak Test Limit (Applicable for service period up to 32 EFPY)," and Figure 3.4.3-2, "Reactor Coolant System Pressure versus Temperature Limits - Various Cooldown Rates Limits (Applicable for service period up to 32 EFPY)," as approved in License Amendment No. 306 to Renewed Facility Operating License No. DPR-74.
This includes an approved extension to -14.7 pounds per square inch gage to bound the RCS conditions required to support vacuum fill operation. The licensee shall submit an analysis of the P/T curves in Figures 3.4.3-1 and 3.4.3-2 within one year of the date of issuance of License Amendment No.
306, which demonstrates consideration of all ferritic reactor vessel materials as defined in Appendix G to 10 CFR Part 50, including non-beltline ferritic reactor vessel materials."
D. Physical Protection The Indiana Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822), and the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans 1 , which contain Safeguards Information protected under 10 CFR 73.21, is entitled: "Donald C. Cook Nuclear Plant Security Plan, Training and Qualification Plan, and Safeguards Contingency Plan, Revision 1,"
submitted by letter dated May 10, 2006.
The Indiana and Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission-approved Donald C. Cook Nuclear Plant Cyber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The Donald C. Cook Nuclear Plant CSP was approved by License Amendment No. 299 as supplemented by changes approved by License Amendment Nos. 303, 308, and 315.
E. Deleted by Amendment No. 63 F. In all places of this renewed operating license, the reference to the Indiana and Michigan Electric Company is amended to read Indiana Michigan Power Company.
1 The Training and Qualification Plan and Safeguards Contingency Plan are Appendices to the Security Plan Renewed License No. DPR-74 Amendment No. ~JW. ~.JOO, JQ.g, 315
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 SAFETY EVALUATION BY THE OFFICE OF NUCLEAR REACTOR REGULATION RELATED TO AMENDMENT NO. 333 TO RENEWED FACILITY OPERATING LICENSE NO. DPR-58 AND AMENDMENT NO. 315 TO RENEWED FACILITY OPERATING LICENSE NO. DPR-74 INDIANA MICHIGAN POWER COMPANY DONALD C. COOK NUCLEAR PLANT, UNITS 1 AND 2 DOCKET NOS. 50-315 AND 50-316
1.0 INTRODUCTION
By letter dated March 14, 2016 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML16077A029), as supplemented by letter dated October 28, 2016 (ADAMS Accession No. ML16305A365), Indiana Michigan Power Company (l&M, the licensee) requested a change to the renewed facility operating licenses for the Donald C. Cook Nuclear Plant (CNP), Units 1 and 2. The proposed change would revise the date of cyber security plan (CSP) Implementation Schedule Milestone 8 and Paragraph 2.D in the renewed facility operating licenses. Milestone 8 of the CSP implementation schedule concerns the full implementation of the CSP.
The U.S. Nuclear Regulatory Commission (NRC or the Commission) staff initially reviewed and approved the licensee's CSP implementation schedule by CNP, Unit 1, License Amendment No. 315 and CNP, Unit 2, License Amendment No. 299, dated July 28, 2011 (ADAMS Accession No. ML11182A178). Subsequently, the NRC staff reviewed and approved CNP, Unit 1, License Amendment No. 325 and CNP, Unit 2, License Amendment No. 308, dated December 18, 2014 (ADAMS Accession No. ML14317A551), which modified the implementation schedule. This schedule required CNP to fully implement and maintain all provisions of the CSP no later than December 31, 2016. The proposed change would extend the date of full implementation of CSP Milestone 8 at CNP to December 31, 2017.
Portions of the letter dated March 14, 2016, contain sensitive unclassified non-safeguards (security-related) information and, accordingly, those portions are withheld from public disclosure in accordance with Title 10 of the Code of Federal Regulations (1 O CFR),
Section 2.390(d)(1). The supplemental letter dated October 28, 2016, provided additional information that clarified the application, did not expand the scope of the application as originally noticed, and did not change the NRC staff's original proposed no significant hazards consideration determination as published in the Federal Register on June 7, 2016 (81 FR 36605).
Enclosure 3
2.0 REGULATORY EVALUATION
The NRC staff considered the following regulatory requirements and guidance in its review of the license amendment request (LAR) to modify the existing CSP implementation schedule:
- 10 CFR 73.54, "Protection of digital computer and communication systems and networks," which states, in part:
Each [CSP] submittal must include a proposed implementation schedule.
Implementation of the licensee's cyber security program must be consistent with the approved schedule.
- The renewed facility operating licenses include license conditions that require the licensee to fully implement and maintain in effect all provisions of the Commission-approved CSP.
- Review criteria provided by the NRC staff's internal memorandum, "Review Criteria for Title 1O of the Code of Federal Regulations Part 73.54, Cyber Security Implementation Schedule Milestone 8 License Amendment Requests," dated October 24, 2013 (ADAMS Accession No. ML13295A467). This memorandum lists criteria to consider when evaluating licensees' requests to postpone their CSP implementation date (commonly known as Milestone 8).
The NRC staff does not regard the CSP milestone implementation dates as regulatory commitments that can be changed unilaterally by the licensee, particularly in light of the regulatory requirement at 10 CFR 73.54, that states, "[i]mplementation of the licensee's cyber security program must be consistent with the approved schedule." As the NRC staff explained in its letter to all operating reactor licensees dated May 9, 2011 (ADAMS Accession No. ML110980538), the implementation of the plan, including the key intermediate milestone dates and the full implementation date shall be in accordance with the implementation schedule submitted by the licensee and approved by the NRC. All subsequent changes to the NRG-approved CSP implementation schedule, thus, require prior NRC approval pursuant to 10 CFR 50.90, "Application for amendment of license, construction permit, or early site permit."
3.0 TECHNICAL EVALUATION
3.1 Proposed Change The NRC staff issued Amendment No. 315 for CNP Unit 1, and Amendment No. 299 for CNP Unit 2, by letter dated July 28, 2011. These amendments approved the CSP and associated implementation schedule, and added license conditions requiring the licensee to fully implement and maintain the Commission-approved CSP. The implementation schedule was based on a template prepared by the Nuclear Energy Institute (NEI), which was transmitted to the NRC by letter dated February 28, 2011 (ADAMS Accession No. ML110600206). By letter dated March 1, 2011, the NRC staff found the NEI template acceptable for licensees to use to develop their CSP implementation schedules (ADAMS Accession No. ML110070348). The licensee's proposed implementation schedule for the CSP identified completion dates and bases for the following eight milestones:
- 1. Establish the Cyber Security Assessment Team;
- 2. Identify Critical Systems and Critical Digital Assets (CDAs);
- 3. Install deterministic one-way devices between lower level devices and higher level devices;
- 4. Implement the security control "Access Control For Portable And Mobile Devices";
- 5. Implement observation and identification of obvious cyber related tampering to existing insider mitigation rounds by incorporating the appropriate elements;
- 6. Identify, document, and implement technical cyber security controls in accordance with "Mitigation of Vulnerabilities and Application of Cyber Security Controls" for CDAs that could adversely impact the design function of physical security target set equipment;
- 7. Ongoing monitoring and assessment activities for those target set CDAs whose security controls have been implemented;
- 8. Fully implement the CSP.
Currently, Milestone 8 of the CNP CSP requires the licensee to fully implement the CSP by December 31, 2016. By letter dated March 14, 2016, the licensee requested to modify the Milestone 8 completion date to December 31, 2017.
The licensee provided information pertinent to each of the criteria identified in the NRC guidance memorandum dated October 24, 2013, as summarized below.
- 1. Identification of the specific requirement or requirements of the CSP that the licensee needs additional time to implement.
The licensee stated that CSP Section 3.1, "Analyzing Digital Computer Systems and Networks and Applying Cyber Security Controls," and CSP Section 4, "Establishing, Implementing, and Maintaining the Cyber Security Program," need additional time to implement.
- 2. Detailed justification that describes the reason the licensee requires additional time to implement the specific requirement or requirements identified.
The licensee stated that l&M is experiencing challenges with respect to full implementation of Milestone 8. The primary contributing factors to these challenges include the 2015 NRC Cyber Security Inspection covering Milestones 1-7, which resulted in numerous findings. This resulted in an increased scope of work to be completed before the current implementation date of December 31, 2016. The findings identified a need for rework of Milestone 2, identification of critical systems and CDAs, and documentation of the CDA assessments. There may be additional modifications identified during the assessments. Additionally, there is uncertainty within the industry regarding the acceptable interpretation of controls. This ambiguity has resulted in the inconsistent implementation of controls, and has led to rework once clear interpretations have been made.
- 3. A proposed completion date for Milestone 8 consistent with the remaining scope of work to be conducted and the resources available.
The licensee stated that in order to complete full implementation of the CSP, resolution of all 2015 NRC Cyber Security Inspection findings, and any additional modifications that are identified during the CDA assessments, l&M is requesting a change to the Milestone 8 completion date from December 31, 2016, to December 31, 2017.
- 4. An evaluation of the impact that the additional time to implement the requirements will have on the effectiveness of the licensee's overall CSP in the context of milestones already completed.
The licensee said that based on the implementation activities already completed, and activities currently in progress, l&M is secure and will continue to ensure that digital computer and communication systems and networks are adequately protected against cyber attacks during implementation of the remainder of the program. l&M completed the implementation of the interim Milestones 1-7 by December 31, 2012. The 2015 NRC Cyber Security Inspection identified findings in several of the milestones. These findings have been, or are in the process of being, remediated. In conjunction with the completed activities, l&M is being provided a high degree of protection against cyber security attacks while l&M implements the full program. The licensee provided details about implementation of each milestone, and described implementation of modifications for Milestone 8 as well as ongoing modifications.
- 5. A discussion of the licensee's methodology for prioritizing completion of work for critical digital assets associated with significant safety, security, and emergency preparedness (SSEP) consequences and with reactivity effects in the balance of plant (BOP).
The licensee said that the methodology for prioritizing CNP Milestone 8 activities is centered on considerations for SSEP and BOP consequences. The methodology is based on defense in depth, installed configuration of the CDA, and susceptibility to commonly identified threat vectors. Prioritization of CDA assessments begins with safety related CDAs and continues through the lower priority non-safety and emergency preparedness CDAs as follows: safety related CDAs, physical security CDAs, important to safety CDAs (including BOP CDAs that directly impact continuity of power) and control system CDAs, and nonsafety-related CDAs and SSEP CDAs.
- 6. A discussion of cyber security program performance up to the date of the LAR.
The licensee described a malware incident that occurred and was resolved in 2013. The licensee also said that a Performance Assurance (PA) audit was conducted in 2014 to evaluate the performance of the cyber security program. This PA audit identified weaknesses in the implementation of the Cyber Security Assessment Team and the Removable Media and Mobile Device Program which had the potential to affect program implementation. Corrective actions were promptly taken to address these weaknesses.
A quick-hit self-assessment in preparation for the NRC Cyber Security Inspection was performed in March 2015, with assistance from industry peers to assess the readiness of the CNP cyber security program. The assessment produced several recommendations to improve the cyber security program which were entered into the Corrective Action Program (CAP).
- 7. A discussion of cyber security issues pending in the CNP CAP.
The licensee stated that the site CAP is used to document all cyber issues in order to trend, correct, and improve the CNP cyber security program. The CAP database documents and tracks, from initiation through closure, all cyber security required actions, including issues identified during ongoing program assessment activities. Adverse trends are monitored for program improvement and addressed via the CAP process.
Examples of issues and activities pending in the CNP CAP database which are related to cyber security were provided.
- 8. A discussion of modifications completed to support the cyber security program and a discussion of pending cyber security modifications.
The licensee listed and discussed completed modifications and listed systems and equipment pending modifications. These are consistent with the discussion above and the CSP.
3.2 NRC Staff Evaluation The NRC staff has evaluated the licensee's application using the regulatory requirements and guidance above. The NRC staff finds that the actions necessary for full compliance with the CNP CSP are reasonable as discussed below.
The licensee indicated that based on activities already completed and currently in progress, l&M is secure and will continue to ensure that digital computer and communication systems and networks are adequately protected against cyber attacks. The NRC staff concludes that the licensee's site is more secure after the implementation of Milestones 1 through 7, because the activities the licensee has completed mitigate the most significant cyber attack vectors for the most significant CDAs. Therefore, there is reasonable assurance that full implementation of the CSP by December 31, 2017, will provide adequate protection of the public health and safety and the common defense and security.
The licensee stated that it is experiencing challenges with respect to full implementation of Milestone 8. The 2015 NRC Cyber Security Inspection covering Milestones 1-7 resulted in numerous findings, which resulted in an increased scope of work. The findings identified the need for rework of Milestone 2, identification of critical systems and CDAs, and documentation of the CDA assessments. There may be additional modifications identified during the assessments, which may also affect Milestone 8 implementation. The NRC staff concludes that the licensee's request for additional time to implement Milestone 8 is reasonable given the unanticipated complexity, volume, and scope of the remaining work required to fully implement its CSP.
The licensee proposed a Milestone 8 completion date of December 31, 2017. The licensee stated that changing the completion date of Milestone 8 will allow for sufficient time to complete full implementation of the cyber security program, resolve all 2015 NRC Cyber Security Inspection findings, and complete any additional modifications that may be identified during the CDA assessments. The licensee stated that its methodology for prioritizing CNP Milestone 8 activities is centered on considerations for SSEP and BOP consequences. The methodology is based on defense in depth, installed configuration of the CDA, and susceptibility to commonly
identified threat vectors. The NRC staff concludes that based on the large number of tasks required, and the limited resources with the appropriate expertise to perform these activities, the licensee's methodology for prioritizing work on CDAs is appropriate. The staff further concludes that the licensee's request to delay final implementation of the CSP until December 31, 2017, is reasonable given the complexity of the remaining unanticipated work.
3.3 Technical Evaluation Conclusion The NRC staff concludes that the licensee's request to delay full implementation of its CSP until December 31, 2017, is reasonable for the following reasons: (1) the licensee's implementation of Milestones 1 through 7 provides mitigation for significant cyber attack vectors for the most significant CDAs as discussed in the staff evaluation above; (2) the scope of the work required to come into full compliance with the CSP implementation schedule was much more complicated than anticipated and not reasonably foreseeable when the CSP implementation schedule was originally developed; and (3) the licensee has reasonably prioritized and scheduled the work required to come into full compliance with its CSP implementation schedule.
3.3.1 Revision to License Condition 2.D By letter dated March 14, 2016, as supplemented by letter dated October 28, 2016, the licensee proposed to modify Paragraph 2.D of renewed facility operating license Nos. DPR-58 for CNP, Unit 1, and DPR-74, for CNP, Unit 2. The license condition in Paragraph 2.D requires the licensee to fully implement and maintain in effect all provisions of the NRG-approved CSP.
The license condition in Paragraph 2.D of Renewed Operating License No. DPR-58 for CNP, Unit 1, is modified to read as follows:
The Indiana and Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission-approved Donald C. Cook Nuclear Plant Cyber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The Donald C. Cook Nuclear Plant CSP was approved by License Amendment No. 315 as supplemented by changes approved by License Amendment Nos. 319, 325, and 333.
The license condition in Paragraph 2.D of Renewed Operating License No. DPR-74 for CNP, Unit No. 2, is modified to read as follows:
The Indiana and Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission-approved Donald C. Cook Nuclear Plant Cyber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The Donald C. Cook Nuclear Plant CSP was approved by License Amendment No. 299 as supplemented by changes approved by License Amendment Nos. 303, 308, and 315.
4.0 REGULATORY COMMITMENTS By letter dated March 14, 2016, the licensee made the following regulatory commitment:
Full implementation of the Donald C. Cook Nuclear Plant Cyber Security Plan for all safety, security, and emergency preparedness functions will be achieved.
Scheduled Completion Date: December 31, 2017 This commitment is consistent with the revised Milestone 8 implementation date proposed by the licensee and evaluated by the NRC staff.
5.0 STATE CONSULTATION
In accordance with the Commission's regulations, the Michigan State official was notified of the proposed issuance of the amendments. The State official had no comments.
6.0 ENVIRONMENTAL CONSIDERATION
This is an amendment of a 10 CFR Part 50 license that relates solely to safeguards matters and does not involve any significant construction impacts. This amendment is an administrative change to extend the date by which the licensee must have its CSP fully implemented.
Accordingly, this amendment meets the eligibility criteria for categorical exclusion set forth in 10 CFR 51.22(c)(12). Pursuant to 10 CFR 51.22(b), no environmental impact statement or environmental assessment need be prepared in connection with the issuance of this amendment.
7.0 CONCLUSION
The Commission has concluded, based on the considerations discussed above, that: (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner, (2) there is reasonable assurance that such activities will be conducted in compliance with the Commission's regulations, and (3) the issuance of the amendments will not be inimical to the common defense and security or to the health and safety of the public.
Principal Contributor: J. Rycyna, NSIR/CSD Date of issuance: November 2, 2O1 6
ML16258A340 *via email OFFICE DORL/LPL3-1 /PM DORL/LPL3-1/LA NSIR/CSD/DD*
NAME ADietrich SRohrer JBeardsley DATE 09/14/16 09/15/16 09/01/16 OFFICE OGC- NLO DORL/LPL3-1/BC DORL/LPL3-1 /PM NAME BHarris DWrona ADietrich DATE 09/19/16 11/02/16 11/02/16