ML17093A870
| ML17093A870 | |
| Person / Time | |
|---|---|
| Site: | Salem, Hope Creek  |
| Issue date: | 05/16/2017 |
| From: | Carleen Parker Plant Licensing Branch 1 |
| To: | Sena P Public Service Enterprise Group |
| Parker C, NRR/DORL/LPLI, 415-1603 | |
| References | |
| CAC MF8071, CAC MF8072, CAC MF8073 | |
| Download: ML17093A870 (21) | |
Text
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 May 16, 2017 Mr. Peter P. Sena, Ill President and Chief Nuclear Officer PSEG Nuclear LLC - N09 P.O. Box 236 Hancocks Bridge, NJ 08038
SUBJECT:
HOPE CREEK GENERATING STATION AND SALEM NUCLEAR GENERATING STATION, UNIT NOS. 1AND2- ISSUANCE OF AMENDMENTS RE: REVISED PSEG NUCLEAR LLC CYBER SECURITY PLAN MILESTONE 8 IMPLEMENTATION SCHEDULE (CAC NOS. MF8071, MF8072, AND MF8073)
Dear Mr. Sena:
The U.S. Nuclear Commission (Commission) has issued the enclosed Amendment Nos. 204, 318, and 299, to Renewed Facility Operating License Nos. NPF-57, DPR-70, and DPR-75, for the Hope Creek Generating Station (Hope Creek) and Salem Nuclear Generating Station (Salem), Unit Nos. 1 and 2, respectively. These amendments consist of changes to the Cyber Security Plan (CSP) in response to your application dated June 30, 2016.
The amendments revise the CSP Milestone 8 implementation schedule for Hope Creek and Salem, Unit Nos. 1 and 2. Specifically, this change extends the PSEG Nuclear LLC (PSEG)
CSP Milestone 8 full implementation date, as set forth in the PSEG CSP implementation schedule, and revises the renewed facility operating licenses.
A copy of our related safety evaluation is also enclosed. Notice of Issuance will be included in the Commission's biweekly Federal Register notice.
Carleen J. Parker, Project Manager Plant Licensing Branch I Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket Nos. 50-354, 50-272, and 50-311
Enclosures:
- 1. Amendment No. 204 to Renewed NPF-57
- 2. Amendment No. 318 to Renewed DPR-70
- 3. Amendment No. 299 to Renewed DPR-75
- 4. Safety Evaluation cc w/enclosures: Distribution via Listserv
SUBJECT:
HOPE CREEK GENERATING STATION AND SALEM NUCLEAR GENERATING STATION, UNIT NOS. 1AND2- ISSUANCE OF AMENDMENTS RE: REVISED PSEG NUCLEAR LLC CYBER SECURITY PLAN MILESTONE 8 IMPLEMENTATION SCHEDULE (CAC NOS. MF8071, MF8072, AND MF8073) DATED MAY 16, 2017 DISTRIBUTION:
Public LPLI R/F RidsACRS_MailCTR Resource RidsNrrDssStsb Resource RidsNrrDorlLpl1 Resource RidsRgn1 MailCenter Resource RidsNsir Resource RidsNrrPMSalem Resource RidsNrrLALRonewicz Resource JRycyna, NSIR ADAMS Access1on No.: ML17093A870 *b,v e-ma1*1 d ate d OFFICE NRR/DORL/LPL 1/PM NRR/DORL/LPL 1/LA NSIR/CSD/DD* OGC NAME CParker LRonewicz JBeardslev CSafford DATE 04/12/17 04/05/17 02/23/17 05/15/17 OFFICE NRR/DORL/LPL 1/BC NRR/DORL/LPL 1/PM NAME JDanna CParker (LReaner for)
DATE 05/16/17 05/16/17 OFFICIAL RECORD COPY
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 PSEG NUCLEAR LLC DOCKET NO. 50-354 HOPE CREEK GENERATING STATION AMENDMENT TO FACILITY OPERATING LICENSE Amendment No. 204 Renewed License No. NPF-57
- 1. The U.S. Nuclear Regulatory Commission (NRC or the Commission) has found that:
A. The application for amendment filed by PSEG Nuclear LLC dated June 30, 2016, complies with the standards and requirements of the Atomic Energy Act of 1954, as amended (the Act), and the Commission's rules and regulations set forth in 10 CFR Chapter I; B. The facility will operate in conformity with the application, the provisions of the Act, and the rules and regulations of the Commission; C. There is reasonable assurance: (i) that the activities authorized by this amendment can be conducted without endangering the health and safety of the public, and (ii) that such activities will be conducted in compliance with the Commission's regulations set forth in 10 CFR Chapter I; D. The issuance of this amendment will not be inimical to the common defense and security or to the health and safety of the public; and E. The issuance of this amendment is in accordance with 10 CFR Part 51 of the Commission's regulations and all applicable requirements have been satisfied.
- 2. Accordingly, the license is amended by changes as indicated in the attachment to this license amendment, and paragraph 2.E of Facility Operating License No. NPF-57 is hereby amended to read as follows:
E. The licensee shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The plans, submitted by letter dated May 19, 2006 are entitled: "Salem-Hope Creek Nuclear Generating Station Security Training and Qualification Plan," and "Salem-Hope Creek Nuclear Generating Station Enclosure 1
Security Contingency Plan." The plans contain Safeguards Information protected under 10 CFR 73.21.
PSEG Nuclear LLC shall fully implement and maintain in effect all provisions of the Commission-approved Cyber Security Plan (CSP}, including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p}. The Salem-Hope Creek CSP was approved by License Amendment No. 189 as supplemented by changes approved by License Amendment Nos. 192, 197, and 204.
- 3. This license amendment is effective as of its date of issuance and shall be implemented within 60 days. The implementation of the CSP, including the key intermediate milestone dates and the full implementation date, shall be in accordance with the implementation schedule, as submitted by the licensee by letter dated June 6, 2011, as revised by letters dated July 26, 2012, December 24, 2013, June 30, 2016, and as approved by the NRG staff with this license amendment. All subsequent changes to the NRG-approved CSP implementation schedule will require prior NRG approval, pursuant to 10 CFR 50.90.
FOR THE NUCLEAR REGULATORY COMMISSION
<f~w~
James G. Danna, Chief Plant Licensing Branch I Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation
Attachment:
Changes to the Renewed Facility Operating License Date of Issuance: May 16, 201 7
ATTACHMENT TO LICENSE AMENDMENT NO. 204 HOPE CREEK GENERATING STATION RENEWED FACILITY OPERATING LICENSE NO. NPF-57 DOCKET NO. 50-354 Replace the following page of the Renewed Facility Operating License with the attached revised page as indicated. The revised page is identified by amendment number and contains marginal lines indicating the areas of change.
Remove Insert 16 16
exempting Type C testing for instrument lines and lines containing excess flow check valves (Section 6.2.6 of SSER 5); and an exemption from Appendix J, exempting Type C testing of thermal relief valves (Section 6.2.6 of SSER 5).
These exemptions are authorized by law, will not present an undue risk to the public health and safety, and are consistent with the common defense and security. These exemptions are hereby granted. The special circumstances regarding each exemption are identified in the referenced section of the safety evaluation report and the supplements thereto. These exemptions are granted pursuant to 10 CFR 50.12. With these exemptions, the facility will operate, to the extent authorized herein, in conformity with the application, as amended, the provisions of the Act, and the rules and regulations of the Commission.
E. The licensee shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The plans, submitted by letter dated May 19, 2006 are entitled: "Salem-Hope Creek Nuclear Generating Station Security Training and Qualification Plan," and "Salem-Hope Creek Nuclear Generating Station Security Contingency Plan." The plans contain Safeguards Information protected under 10 CFR 73.21.
PSEG Nuclear LLC shall fully implement and maintain in effect all provisions of the Commission-approved Cyber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The Salem-Hope Creek CSP was approved by License Amendment No. 189 as supplemented by changes approved by License Amendment Nos. 192, 197, and 204.
F. DELETED G. The licensees shall have and maintain financial protection of such type and in such amounts as the Commission shall require in accordance with Section 170 of the Atomic Energy Act of 1954, as amended, to cover public liability claims.
Renewed License No. NPF-57 Amendment No. 204
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 PSEG NUCLEAR LLC EXELON GENERATION COMPANY. LLC DOCKET NO. 50-272 SALEM NUCLEAR GENERATING STATION. UNIT NO. 1 AMENDMENT TO FACILITY OPERATING LICENSE Amendment No. 318 Renewed License No. DPR-70
- 1. The U.S. Nuclear Regulatory Commission (NRC or the Commission) has found that:
A. The application for amendment filed by PSEG Nuclear LLC, acting on behalf of itself and Exelon Generation Company, LLC (the licensees), dated June 30, 2016, complies with the standards and requirements of the Atomic Energy Act of 1954, as amended (the Act), and the Commission's rules and regulations set forth in 10 CFR Chapter I; B. The facility will operate in conformity with the application, the provisions of the Act, and the rules and regulations of the Commission; C. There is reasonable assurance: (i) that the activities authorized by this amendment can be conducted without endangering the health and safety of the public, and (ii) that such activities will be conducted in compliance with the Commission's regulations set forth in 10 CFR Chapter I; D. The issuance of this amendment will not be inimical to the common defense and security or to the health and safety of the public; and E. The issuance of this amendment is in accordance with 10 CFR Part 51 of the Commission's regulations and all applicable requirements have been satisfied.
- 2. Accordingly, the license is amended by changes as indicated in the attachment to this license amendment, and paragraph 2.E of Facility Operating License No. DPR-70 is hereby amended to read as follows:
Enclosure 2
E. The licensee shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The plans, submitted by letter dated May 19, 2006, are entitled: "Salem-Hope Creek Nuclear Generating Station Security Plan," "Salem-Hope Creek Nuclear Generating Station Security Training and Qualification Plan," and "Salem-Hope Creek Nuclear Generating Station Security Contingency Plan." The plans contain Safeguards Information protected under 10 CFR 73.21.
PSEG Nuclear LLC shall fully implement and maintain in effect all provisions of the Commission-approved Cyber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The Salem-Hope Creek CSP was approved by License Amendment No. 300 as supplemented by changes approved by License Amendment Nos. 302, 306, and 318.
- 3. This license amendment is effective as of its date of issuance and shall be implemented within 60 days. The implementation of the CSP, including the key intermediate milestone dates and the full implementation date, shall be in accordance with the implementation schedule, as submitted by the licensee by letter dated June 6, 2011 , as revised by letters dated July 26, 2012, December 24, 2013, June 30, 2016, and as approved by the NRC staff with this license amendment. All subsequent changes to the NRG-approved CSP implementation schedule will require prior NRC approval, pursuant to 10 CFR 50.90.
FOR THE NUCLEAR REGULATORY COMMISSION
,/\ ~
C.1~u~
Jame( G. Danna, Chief Plant Licensing Branch I Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation
Attachment:
Changes to Renewed Facility Operating License Date of Issuance: May 1 6, 2o1 7
ATTACHMENT TO LICENSE AMENDMENT NO. 318 SALEM NUCLEAR GENERATING STATION, UNIT NO. 1 RENEWED FACILITY OPERATING LICENSE NO. DPR-70 DOCKET NO. 50-272 Replace the following page of Renewed Facility Operating License No. DPR-70 with the attached revised page as indicated. The revised page is identified by amendment number and contains marginal lines indicating the areas of change.
Remove Insert 9 9
specimens in the capsule. Any changes to the capsule withdrawal schedule, including spare capsules, must be approved by the NRC prior to implementation. All capsules placed in storage must be maintained for future insertion. Any changes to storage requirements must be approved by the NRC. Changes to the withdrawal schedule or storage requirements shall be submitted to the NRC as a report in accordance with 10 CFR 50.4.
(21) PSEG Nuclear LLC shall take one core sample in the Unit 1 spent fuel pool west wall, by the end of 2013, and one core sample in the east wall where there have been indications of borated water ingress through the concrete, by the end of 2015. The core samples (east and west walls) will expose the rebar, which will be examined for signs of corrosion. Any sample showing signs of concrete degradation and/or rebar corrosion will be entered into the licensee's corrective action program for further evaluation. PSEG Nuclear LLC shall submit a report in accordance with 10 CFR 50.4 no later than three months after each sample is taken on the results, recommendations, and any additional planned actions.
(22) Concurrent with the first use of the chilled water cross-tie as allowed by Technical Specification 3. 7 .10c, PSEG shall confirm the required performance of the chilled water system cross-tie.
D. Paragraph 2.D. has been combined with paragraph 2.E. per Amendment No. 86, June 27, 1988.
E. The licensee shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The plans, submitted by letter dated May 19, 2006, are entitled: "Salem-Hope Creek Nuclear Generating Station Security Plan," "Salem-Hope Creek Nuclear Generating Station Security Training and Qualification Plan," and "Salem-Hope Creek Nuclear Generating Station Security Contingency Plan." The plans contain Safeguards Information protected under 10 CFR 73.21.
PSEG Nuclear LLC shall fully implement and maintain in effect all provisions of the Commission-approved Cyber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The Salem-Hope Creek CSP was approved by License Amendment No. 300 as supplemented by changes approved by License Amendment Nos. 302, 306, and 318.
Renewed License No. DPR-70 Amendment No. 318
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 PSEG NUCLEAR LLC EXELON GENERATION COMPANY, LLC DOCKET NO. 50-311 SALEM NUCLEAR GENERATING STATION, UNIT NO. 2 AMENDMENT TO FACILITY OPERATING LICENSE Amendment No. 299 Renewed License No. DPR-75
- 1. The U.S. Nuclear Regulatory Commission (NRC or the Commission) has found that:
A. The application for amendment filed by PSEG Nuclear LLC, acting on behalf of itself and Exelon Generation Company, LLC (the licensees), dated June 30, 2016, complies with the standards and requirements of the Atomic Energy Act of 1954, as amended (the Act), and the Commission's rules and regulations set forth in 10 CFR Chapter I; B. The facility will operate in conformity with the application, the provisions of the Act, and the rules and regulations of the Commission; C. There is reasonable assurance: (i) that the activities authorized by this amendment can be conducted without endangering the health and safety of the public, and (ii) that such activities will be conducted in compliance with the Commission's regulations set forth in 10 CFR Chapter I; D. The issuance of this amendment will not be inimical to the common defense and security or to the health and safety of the public; and E. The issuance of this amendment is in accordance with 10 CFR Part 51 of the Commission's regulations and all applicable requirements have been satisfied.
- 2. Accordingly, the license is amended by changes as indicated in the attachment to this license amendment, and paragraph 2.E of Facility Operating License No. DPR-75 is hereby amended to read as follows:
E. The licensee shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The plans, submitted by Enclosure 3
letter dated May 19, 2006, are entitled: "Salem-Hope Creek Nuclear Generating Station Security Plan," "Salem-Hope Creek Nuclear Generating Station Security Training and Qualification Plan," and "Salem-Hope Creek Nuclear Generating Station Security Contingency Plan." The plans Contain Safeguards Information protected under 10 CFR 73.21.
PSEG Nuclear LLC shall fully implement and maintain in effect all provisions of the Commission-approved Cyber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The Salem-Hope Creek CSP was approved by License Amendment No. 283 as supplemented by changes approved by License Amendment Nos. 285, 288, and 299.
- 3. This license amendment is effective as of its date of issuance and shall be implemented within 60 days. The implementation of the CSP, including the key intermediate milestone dates and the full implementation date, shall be in accordance with the implementation schedule, as submitted by the licensee by letter dated June 6, 2011, as revised by letters dated July 26, 2012, December 24, 2013, June 30, 2016, and as approved by the NRC staff with this license amendment. All subsequent changes to the NRG-approved CSP implementation schedule will require prior NRC approval, pursuant to 10 CFR 50.90.
FOR THE NUCLEAR REGULATORY COMMISSION c-~~~*~~
Jamk G. Danna, Chief Plant Licensing Branch I Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation
Attachment:
Changes to Renewed Facility Operating License Date of Issuance: May 1 6, 2O1 7
ATTACHMENT TO LICENSE AMENDMENT NO. 299 SALEM NUCLEAR GENERATING STATION, UNIT NO. 2 RENEWED FACILITY OPERATING LICENSE NO. DPR-75 DOCKET NO. 50-311 Replace the following page of Renewed Facility Operating License No. DPR-75 with the attached revised page as indicated. The revised page is identified by amendment number and contains marginal lines indicating the areas of change.
Remove Insert 11 11
issuance of the License for Fuel-Loading and Low-Power Testing, dated April 18, 1980. The facility will operate, to the extent authorized herein, in conformity with the application as amended, the provisions of the Act, and the regulations of the Commission.
E. The licensee shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The plans, submitted by letter dated May 19, 2006, are entitled: "Salem-Hope Creek Nuclear Generating Station Security Plan," "Salem-Hope Creek Nuclear Generating Station Security Training and Qualification Plan," and "Salem-Hope Creek Nuclear Generating Station Security Contingency Plan." The plans Contain Safeguards Information protected under 10 CFR 73.21.
PSEG Nuclear LLC shall fully implement and maintain in effect all provisions of the Commission-approved Cyber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The Salem-Hope Creek CSP was approved by License Amendment No. 283 as supplemented by changes approved by License Amendment Nos. 285, 288, and 299.
F. A temporary exemption from General Design Criterion 57 found in Appendix A to 10 CFR Part 50 is described in the Office of Nuclear Reactor Regulation's Safety Evaluation Report, Supplement No. 5, Section 6.2.3.1. This Exemption is authorized by law and will not endanger life or property or the common defense and security and is otherwise in the public interest. The exemption, therefore, is hereby granted and shall remain in effect through the first refueling outage as discussed in Section 6.2.3.1 of Supplement 5 to the Safety Evaluation Report. The granting of the exemption is authorized with the issuance of the Facility Operating License, dated May 20, 1981. The facility will operate, to the extent authorized herein, in conformity with the application as amended, the provisions of the Act, and the regulations of the Commission.
G. This renewed license is subject to the following additional condition for the protection of the environment:
Before engaging in additional construction or operational activities which may result in an environmental impact that was not evaluated by the Commission, PSEG Nuclear LLC shall prepare and record an environmental evaluation of such activity. When the evaluation indicates that such activity may result in a significant adverse environmental impact that was not evaluated, or that is significantly greater than that evaluated in the Final Environmental Statement or any addendum thereto, PSEG Nuclear LLC shall provide a written evaluation of such activities and obtain prior approval from the Director of Nuclear Reactor Regulation.
H. If PSEG Nuclear LLC plans to remove or to make significant changes in the normal operation of equipment that controls the amount of radioactivity in effluents from the Salem Nuclear Generation Station, the NRC shall be notified in writing regardless of whether the change affects the amount of radioactivity in effluents.
I. DELETED Renewed License No. DPR-75 Amendment No. 299
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 SAFETY EVALUATION BY THE OFFICE OF NUCLEAR REACTOR REGULATION RELATED TO AMENDMENT NOS. 204, 318, AND 299 TO RENEWED FACILITY OPERATING LICENSE NOS. NPF-57, DPR-70, AND DPR-75 PSEG NUCLEAR LLC HOPE CREEK GENERATING STATION AND PSEG NUCLEAR LLC EXELON GENERATION COMPANY, LLC SALEM NUCLEAR GENERATING STATION, UNIT NOS. 1AND2 DOCKET NOS. 50-354, 50-272, AND 50-311
1.0 INTRODUCTION
By letter dated June 30, 2016, 1 PSEG Nuclear LLC (PSEG or the licensee) submitted a request for changes to the Hope Creek Generating Station (Hope Creek) and Salem Nuclear Generating Station (Salem), Unit Nos. 1 and 2, Renewed Facility Operating Licenses (FOLs). The requested changes would revise the Cyber Security Plan (CSP) Milestone 8 implementation schedule for Hope Creek and Salem, Unit Nos. 1 and 2. Specifically, this change extends the PSEG CSP Milestone 8 full implementation date, as set forth in the PSEG CSP implementation schedule, and revises the Renewed FOLs.
The U.S. Nuclear Regulatory Commission (NRC or the Commission) staff initially reviewed and approved the PSEG CSP and associated implementation schedule on July 28, 2011. 2 Subsequently, the NRC staff reviewed and approved changes to the CSP and associated implementation schedule on December 10, 2012, 3 and December 23, 2014. 4 The revised schedule requires PSEG to fully implement and maintain all provisions of the CSP no later than June 30, 2017.
Portions of the letter dated June 30, 2016, contain sensitive unclassified non-safeguards (security-related) information and, accordingly, those portions are withheld from public disclosure pursuant to Title 10 of the Code of Federal Regulations (10 CFR) Section 2.390(d)(1 ). The NRC issued a proposed finding that the amendment involves no significant hazards consideration in 1 Agencywide Document Access and Management System (ADAMS) Accession No. ML16190A248 2 ADAMS Accession No. ML111861560 3 ADAMS Accession No. ML12335A221 4 ADAMS Accession No. ML14323A974 Enclosure 4
the Federal Register (FR) on October 4, 2016 (81 FR 68471 ). The NRC has not received any public comments on this determination.
2.0 REGULATORY EVALUATION
The NRC staff reviewed and approved the licensee's CSP implementation schedule by License Amendment Nos. 189, 300, and 283, dated July 28, 2011, and incorporated the CSP into the facilities' current licensing bases. The NRC staff reviewed and approved the licensee's revised CSP by License Amendment Nos. 192, 302, and 285, dated December 10, 2012, and License Amendment Nos. 197, 306, 288, dated December 23, 2014.
The revised amendments included the following statement:
The implementation of the Cyber Security Plan (CSP), including the key intermediate milestone dates and the full implementation date, shall be in accordance with the implementation schedule, as submitted by the licensee by letter dated June 6, 2011, as revised by letters dated July 26, 2012, and December 24, 2013, and as approved by the NRC staff with this license amendment. All subsequent changes to the NRG-approved CSP implementation schedule will require prior NRC approval, pursuant to 10 CFR 50.90.
The NRC staff considered the following regulatory requirements and guidance in its review of the current license amendment request to modify the existing CSP implementation schedule:
- The regulations at 10 CFR 73.54, "Protection of digital computer and communication systems and networks," state, in part, that "[e]ach [CSP] submittal must include a proposed implementation schedule. Implementation of the licensee's cyber security program must be consistent with the approved schedule."
- The licensee's Renewed FOLs include License Condition 2.E, which requires the licensee to fully implement and maintain in effect all provisions of the Commission-approved CSP.
- Review criteria provided by the NRC staff in a memorandum dated October 24, 2013, "Review Criteria for Title 10 of The Code of Federal Regulations Part 73.54, Cyber Security Implementation Schedule Milestone 8 License Amendment Requests," 5 to be considered for evaluating licensees' requests to postpone their CSP implementation date (commonly known as Milestone 8).
The NRC staff does not regard the CSP milestone implementation dates as regulatory commitments that can be changed unilaterally by the licensee, particularly in light of the regulatory requirement at 10 CFR 73.54, that "[i]mplementation of the licensee's cyber security program must be consistent with the approved schedule." As the NRC staff explained in its letter to all operating reactor licensees dated May 9, 2011, 6 the implementation of the plan, including the key intermediate milestone dates and the full implementation date, shall be in accordance with the implementation schedule submitted by the licensee and approved by the NRC. All subsequent changes to the NRG-approved CSP implementation schedule, thus, will require prior NRC approval as required by 10 CFR 50.90.
5 ADAMS Accession No. ML13295A467 6
ADAMS Accession No. ML110980538
3.0 TECHNICAL EVALUATION
3.1 Background As noted above, Amendment Nos. 189, 300, and 283 were issued on July 28, 2011, to Renewed FOLs for Hope Creek and Salem, Unit Nos. 1 and 2, respectively. The NRC staff approved the licensee's initial CSP implementation schedule, as discussed in the safety evaluation issued with the amendments. The implementation schedule was based on a template prepared by Nuclear Energy Institute (NEI), which the NRC staff found acceptable for licensees to use to develop their CSP implementation schedules. 7 The licensee's proposed implementation schedule for the Cyber Security Program identified completion dates and bases for the following eight milestones:
- 1) Establish the Cyber Security Assessment Team (CSAT);
- 2) Identify Critical Systems and Critical Digital Assets (CDAs);
- 3) Install a deterministic one-way device between lower level devices and higher level devices;
- 4) Implement the security control "Access Control For Portable And Mobile Devices";
- 5) Implement observation and identification of obvious cyber-related tampering to existing insider mitigation rounds;
- 6) Identify, document, and implement cyber security controls in accordance with "Mitigation of Vulnerabilities and Application of Cyber Security Controls" for CDAs that could adversely impact the design function of physical security target set equipment;
- 7) Ongoing monitoring and assessment activities for those target-set CDAs whose security controls have been implemented; and
- 8) Fully implement the CSP (Milestone 8).
Amendment Nos. 192, 302, and 285, dated December 10, 2012, revised the scope of Milestone 6. Amendment Nos. 197, 306, and 288, dated December 23, 2014, revised the implementation date of Milestone 8 to June 30, 2017.
3.2 Licensee's Proposed Change Currently, Milestone 8 of the licensee's CSP requires PSEG to fully implement the CSP by June 30, 2017. In its June 30, 2016, application, PSEG proposed to change the Milestone 8 completion date to December 15, 2017. The licensee's application addressed the eight criteria in the NRC's October 24, 2013, guidance memorandum.
The licensee provided the following information pertinent to each of the criteria identified in the NRC guidance memorandum.
(1) Identification of the specific requirement or requirements of the CSP that the licensee needs additional time to implement.
7 ADAMS Accession No. ML110600218
The licensee stated that CSP, Section 3, "Analyzing Digital Computer Systems and Networks," and Section 4, "Establishing, Implementing, and Maintaining the Cyber Security Program," describe requirements for application and maintenance of cyber security controls listed in NEI 08-09, Revision 6, "Cyber Security Plan for Nuclear Power Reactors," Appendices D and E. 8 The licensee also stated that application of the controls is accomplished after completion of detailed analyses (the cyber security assessment process) that identify "gaps," or the difference between current configuration and a configuration that satisfies each cyber security control. Gap closure can require any combination of physical, logical (software-related), or programmatic/procedural changes.
(2) Detailed justification that describes the reason the licensee requires additional time to implement the specific requirement or requirements identified.
The licensee said that it has identified the need to modify two security computer systems.
The licensee also stated that during 2015, Salem and Hope Creek had an inspection of compliance with interim Milestones 1 through 7. The preparation for and support of those inspections required a significant commitment of time from PSEG's most knowledgeable subject matter experts on nuclear cyber security, exceeding the estimate previously developed and therefore, drawing those resources away from Milestone 8 implementation activities.
(3) A proposed completion date for Milestone 8 consistent with the remaining scope of work to be conducted and the resources available.
The licensee's proposed completion date for Milestone 8 is December 15, 2017.
(4) An evaluation of the impact that the additional time to implement the requirements will have on the effectiveness of the licensee's overall cyber security program in the context of milestones already completed.
The licensee stated that the impact of the requested additional implementation time on the effectiveness of the overall cyber security program is considered to be very low, because the Interim Milestones already completed have resulted in a high degree of protection of safety-related, important-to-safety, and security and emergency planning CDAs against the most common threat vectors .... Additionally, extensive physical and administrative measures are already in place for CDAs pursuant to the Salem/Hope Creek Security Plan and Technical Specification requirements. The licensee provided details about the completed milestones.
(5) A description of the licensee's methodology for prioritizing completion of work for critical digital assets associated with significant safety consequences and with reactivity effects in the balance of plant.
The licensee stated that because CDAs are plant components, prioritization follows the normal work management process that places the highest priority on apparent conditions adverse to quality in system, structure, and component design function and related factors such as safety risk and nuclear defense-in-depth, as well as threats to continuity of electric power generation in the balance-of-plant (BOP).
8 ADAMS Accession No. ML101180437
(6) A discussion of the licensee's cyber security program performance up to the date of the license amendment request.
The licensee stated that no compromise of SSEP [safety, security, and emergency preparedness] function by cyber means has been identified. Additionally, a Quality Assurance (QA) audit was conducted in the fourth quarter of 2014 pursuant to the physical security program review required by 10 CFR 73.55(m). The QA audit included review of cyber security program implementation. There were no significant findings related to overall cyber security program performance and effectiveness.
(7) A discussion of cyber security issues pending in the licensee's corrective action program (CAP).
The licensee indicated that no significant (with 'significant' meaning constituting a threat to a CDA via cyber means or calling into question program effectiveness) nuclear cyber security issues are currently pending in the CAP. Several non-significant issues identified during the QA audit described above and identified during NRC inspections of compliance with nuclear cyber security Interim Milestones 1 through 7 have been entered into CAP.
(8) A discussion of modifications completed to support the cyber security program and a discussion of pending cyber security modifications.
The licensee provided a discussion of completed modifications and pending modifications.
3.3 NRC Staff Evaluation The NRC staff has evaluated the licensee's application using the regulatory requirements and the guidance set forth above. The NRC staff's evaluation is below. The staff finds that the actions the licensee noted as being required to implement CSP, Section 3, "Analyzing Digital Computer Systems and Networks" and Section 4, "Establishing, Implementing and Maintaining the Cyber Security Program" are reasonable as discussed below.
The licensee stated that it has completed CSP Interim Milestones 1 through 7 for Hope Creek and Salem, Unit Nos. 1 and 2 and that extensive physical and administrative measures are already in place for CDAs pursuant to the Salem/Hope Creek Security Plan and Technical Specification requirements. The NRC staff finds that Hope Creek and Salem, Unit Nos. 1 and 2, are much more secure after implementation of Milestones 1 through 7, because the activities PSEG completed mitigate the most significant cyber-attack vectors for the most significant CDAs. However, the licensee stated that additional time is needed to complete CDA security control assessments; identify remediation scope; and support design, installation, and testing of plant configuration changes associated with remediation actions as identified by the PSEG CSAT assessments. The licensee stated that because CDAs are plant components, prioritization follows the normal work management process that places the highest priority on apparent conditions adverse to quality in system, structure, and component design function, and related factors such as safety risk and nuclear defense-in-depth, as well as threats to continuity of electric power generation in the balance-of-plant.
The NRC staff has had extensive interaction with the nuclear industry since licensees first developed their CSP implementation schedules. Based on this interaction, the NRC staff
recognizes that CDA security control design remediation actions are much more complex and resource intensive than originally anticipated and that the licensee has a large number of additional tasks not originally considered when developing its current CSP implementation schedule. Accordingly, the NRC staff finds that the licensee's request for additional time to implement Milestone 8 is reasonable given the unanticipated complexity and scope of the work required to come into full compliance with its CSP.
The licensee proposed a Milestone 8 completion date of December 15, 2017, which bounds the completion of all individual asset security control design remediation actions. The staff has had extensive interaction with the nuclear industry since licensees first developed their CSP implementation schedules. Based on this interaction, the staff recognizes that critical digital asset security control design remediation actions are much more complex and resource intensive than originally anticipated and that the licensee has to undertake additional tasks not originally considered when developing its current CSP implementation schedule. The staff finds that based on the unanticipated complexity and scope of the work required to be completed to come into full compliance with the CSP and the limited resources with the appropriate expertise to perform these activities, the licensee's methodology for prioritizing work on critical digital assets is appropriate.
The NRC staff finds that based on the unanticipated complexity and scope of the work required to be completed to come into full compliance with the CSP and the limited resources with the appropriate expertise to perform these activities, the licensee's methodology for prioritizing work on CDAs is appropriate and that the licensee's request to delay final implementation of the CSP until December 15, 2017, is reasonable.
3.4 NRC Staff Conclusion
The NRC staff concludes that the licensee's request to delay full implementation of its CSP until December 15, 2017, is reasonable for the following reasons: (i) the licensee's implementation of Milestones 1 through 7 provides mitigation for significant cyber-attack vectors for the most significant CDAs as discussed above, (ii) the scope of the work required to come into full compliance with the CSP implementation schedule was much more complicated than anticipated and not reasonably foreseeable, and (iii) the licensee has reasonably prioritized and scheduled the work required to come into full compliance with its CSP implementation schedule.
The NRC staff also concludes that, upon full implementation of the licensee's cyber security program, the requirements of the licensee's CSP and the regulations in 10 CFR 73.54 will be met. Therefore, the NRC staff finds the proposed change acceptable.
3.5 Revision to License Condition By letter dated June 30, 2016, the licensee proposed to modify paragraph 2.E of each of the Renewed FOLs, which provide license conditions to require the licensee to fully implement and maintain in effect all provisions of the NRG-approved CSP.
The license condition in paragraph 2.E of Renewed FOL No. NPF-57 for Hope Creek is modified as follows:
PSEG Nuclear LLC shall fully implement and maintain in effect all provisions of the Commission-approved Cyber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The
supplemented by changes approved by License Amendment Nos. 192, 197, and 204.
The license condition in paragraph 2. E of Renewed FOL No. DPR 70 for Salem, Unit No. 1, is modified as follows:
PSEG Nuclear LLC shall fully implement and maintain in effect all provisions of the Commission-approved Cyber Security Plan (CSP}, including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The Salem-Hope Creek CSP was approved by License Amendment No. 300 as supplemented by changes approved by License Amendment Nos. 302. 306, and 318.
The license condition in paragraph 2.E of Renewed FOL No. DPR-75 for Salem, Unit No. 2, is modified as follows:
PSEG Nuclear LLC shall fully implement and maintain in effect all provisions of the Commission-approved Cyber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The Salem-Hope Creek CSP was approved by License Amendment No. 283 as supplemented by changes approved by License Amendment Nos. 285, 288, and 299.
4.0 STATE CONSULTATION
In accordance with the Commission's regulations, the New Jersey State official was notified of the proposed issuance of the amendments on September 12, 2016. The State official had no comments.
5.0 ENVIRONMENTAL CONSIDERATION
The amendments relate solely to safeguards matters and do not involve any significant construction impacts. Accordingly, these amendments meet the eligibility criteria for categorical exclusion set forth in 10 CFR 51.22(c)(12). Pursuant to 10 CFR 51.22(b), no environmental impact statement or environmental assessment need to be prepared in connection with the issuance of these amendments.
6.0 CONCLUSION
The Commission has concluded, based on the considerations discussed above, that: (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner, (2) there is reasonable assurance that such activities will be conducted in compliance with the Commission's regulations, and (3) the issuance of the amendments will not be inimical to the common defense and security or to the health and safety of the public.
Principal Contributor: John Rycyna, NSIR Date: May 16, 2017