Staff Audit Summary Related to License Amendment Request to Extend Milestone 8 Full Implementation Date

ML17245A001
Person / Time
Site:	Indian Point
Issue date:	09/15/2017
From:	Richard Guzman Plant Licensing Branch 1
To:	Entergy Nuclear Operations
Guzman R, NRR/DORL/LPL1
References
CAC MF9656, CAC MF9657, CAC MF9658
Download: ML17245A001 (10)
v • d • e

Text

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 Vice President, Operations Entergy Nuclear Operations, Inc.

Indian Point Energy Center 450 Broadway, GSB P.O. Box 249 Buchanan, NY 10511-0249 September 15, 2017

SUBJECT:

INDIAN POINT NUCLEAR GENERATING UNIT NOS. 1, 2 AND 3 - STAFF REGULATORY AUDIT

SUMMARY

RELATED TO LICENSE AMENDMENT REQUEST TO EXTEND MILESTONE 8 FULL IMPLEMENTATION DATE (CAC NOS. MF9656, MF9657, AND MF9658)

Dear Sir or Madam:

By application dated April 28, 2017 (Agencywide Documents Access and Management System Accession (ADAMS) No. ML17129A612), Entergy Nuclear Operations, Inc. submitted a license amendment request to implement a change to the Indian Point Energy Center Cyber Security Plan implementation schedule Milestone 8 full implementation date.

To support its review of the license amendment request, the U.S. Nuclear Regulatory Commission (NRC) staff conducted a regulatory audit at the Indian Point Energy Center in Buchanan, New York, on July 10, 2017, and July 11, 2017, in order to gain a better understanding of the licensee's approach to implementing proposed changes to its Cyber Security Plan implementation schedule.

The audit was performed in accordance with the audit plan, which was sent to Indian Point Energy Center on July 5, 2017 (ADAMS Accession No. ML17187A195). The enclosure to this letter describes the results of the NRC staff's regulatory audit and some of the key technical issues highlighted by the staff during the audit.

Please contact me at (301) 415-1030 or Richard.Guzman@nrc.gov if you have any questions regarding this matter.

Docket Nos.50-003, 50-247, and 50-286

Enclosure:

Regulatory Audit Summary cc w/encl: Distribution via Listserv Sincerely, e.__,\\(,~V~" U0v-~~ ~

Richa(d V. Guzman, Senior Project Manager Plant Licensing Branch I Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation

REGULATORY AUDIT

SUMMARY

RELATED TO LICENSE AMENDMENT REQUEST TO IMPLEMENT A CHANGE TO THE INDIAN POINT ENERGY CENTER CYBER SECURITY PLAN IMPLEMENTATION SCHEDULE MILESTONE 8

Background

FULL IMPLEMENTATION DATE ENTERGY NUCLEAR OPERATIONS. INC.

INDIAN POINT NUCLEAR GENERATING UNIT NOS. 1, 2. AND 3 DOCKET NOS.50-003, 50-247, AND 50-286 Entergy Nuclear Operations, Inc. (Entergy, the licensee) submitted a license amendment request (LAR) (Reference 1) to change the Indian Point Energy Center (IPEC) Cyber Security Plan (CSP) Milestone 8 full implementation date as set forth in the CSP implementation schedule approved by Reference 2 and as amended by References 3, 4, and 5. Entergy also proposed implementing a graded approach to full implementation of the CSP based on a risk-informed screening approach. In its review of the LAR, the U.S. Nuclear Regulatory Commission (NRC) staff identified several areas (described below) for which a re'gulatory audit would assist in gaining understanding, verifying information, and identifying additional information that will require docketing to support the basis of a licensing decision.

Regulatory Audit Basis To support its review of the LAR, NRC staff conducted the regulatory audit in accordance with the NRC Office of Nuclear Reactor Regulation Office Instruction LIC-111, "Regulatory Audits" (Reference 6). The purpose of this audit was to gain a better understanding of the licensee's proposed change to the implementation schedule. The audit was performed in accordance with the audit plan, which was sent to IPEC on July 5, 2017 (Reference 7).

A regulatory audit is a planned license or regulation-related activity that includes the examination and evaluation of primarily non-docketed information. A regulatory audit is conducted with the intent to gain understanding, verify information, and/or identify information that will require docketing to support the basis of a licensing or regulatory decision. Performing a regulatory audit of the licensee's information is expected to assist the staff in efficiently

(

conducting its review or gain insights on the licensee's processes or procedures.

Audit Logistics The audit was conducted on July 10, 2017, and July 11, 2017, at IPEC in Buchanan, New York.

The NRC staff who participated in this audit were:

James Beardsley, Team Leader, Chief, NSIR/DPCP/CSB Cathy Allen, Cyber Security Specialist, NSIR/DPCP/CSB Kim Lawson-Jenkins, Cyber Security Specialist, NSIR/DPCP/CSB Enclosure I

Jeff Rady, Reactor Inspector, Engineering Branch 2, Region I Candace de Messieres, Reliability and Risk Analyst, NRR/DRA/APLB, Risk-Informed Licensing Initiatives Team Richard Guzman, Senior Project Manager, NRR, Division of Operating Reactor Licensing*

Eric Lee, Sr. Cyber Security Specialist, NSIR/DPCP/CSB *

• participated by virtual conference The IPEC staff and licensee staff who participated in this audit were:

Valerie Myers. IT Manager Joe Orlando, IT Supervisor John Bretti, Entergy PRA Steve Manzione, Entergy Consultant Bob Walpole, Regulatory Assurance Manager Tom Ras, Entergy Consultant Sparky Soudah, Senior Manager IT (by telephone)

Roosevelt Holmes, IT Program Manager (by teleconference)

Summary of Audit Activities The licensee provided a slide presentation, documentation, and information addressing the following topics:

Definition of "high risk safety-related" critical digital assets (CDAs).

The risk-informed screening methodology summarized in Section 2.0 of the LAR entitled "Detailed Description" (additional discussion below).

Lists of CDA screening results, including CDAs screened into the high risk safety-related category.

Impact to safety, security, and emergency preparedness functions of CDAs excluded from the high risk safety-related CDAs group.

Balance of plant (BOP) CDAs that cause a direct turbine trip versus BOP CDAs that can indirectly cause a turbine trip.

Specific controls that are implemented in the Entergy fleet Milestone 8 program.

Cyber security issues pending in the corrective action program.

A description of how the proposed plan addressed each of the attack vectors.

The timeline for modifications pending to support the cyber security program.

The licensee describes a risk-informed approach to screening CDAs in Section 2.0 of the LAR entitled "Detailed Description." After initial review, the NRC staff did not understand the basis for the methodology and considered that additional information may need to be docketed to support a licensing decision. Specifically, Regulatory Guide (RG) 1.17 4, Revision 2, "An Approach for Using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis" (Reference 8), provides general guidance for one approach that the NRC has determined to be acceptable for analyzing issues associated with proposed changes to a plant's licensing basis and for assessing the impact of such proposed changes on the risk associated with plant design and operation.

RG 1.17 4 states that in implementing risk-informed decisionmaking, licensing basis changes are expected to meet a set of key principles. These principles include the following:

1. The proposed change meets the current regulations unless it is explicitly related to a requested exemption (i.e., a specific exemption under 10 CFR 50.12, "Specific Exemptions").

2. The proposed change is consistent with a defense-in-depth philosophy.

3. The proposed change maintains sufficient safety margins.

4. When proposed changes result in an increase in CDF or risk, the increases should be small and consistent with the intent of the Commission's Safety Goal Policy Statement ["Safety Goals for the Operations of Nuclear Power Plants; Policy Statement," August 4, 1986, 51 FR 30028].

5. The impact of the proposed change should be monitored using performance measurement strategies.

The NRC staff asked the licensee to describe how its approach considered each of the five key principles of risk-informed decisionmaking. The licensee presented information regarding how each of the five principles applied to its screening approach. From this exchange with the licensee, the NRC staff understood what additional information needed to be req~ested and how to describe the request such that the licensee would clearly understand what information should be provided.

The NRC staff informed the licensee that RG 1.174 describes technical acceptability considerations regarding the use of a probabilistic risk assessment (PRA). Specifically, RG 1.17 4 states:

... the technical adequacy [technical acceptability] of a PRA analysis used to support an application is measured in terms of its appropriateness with respect to scope, level of detail, technical adequacy, and plant representation. The scope, level of detail, and technical adequacy of the PRA are to be commensurate with the application for which it is intended and the role the PRA results play in the integrated decision process.

The NRC staff also noted that RG 1.200, Revision 2, "An Approach for Determining the Technical Adequacy of Probabilistic Risk Assessment Results for Risk-Informed Activities" (Reference 9), provides additional information for determining whether the techni~al adequacy of a PRA is sufficient to provide confidence in the results and lists information that the NRC staff expects to be included in risk-informed submittals (RG 1.200, Revision 2, page 40).

The licensee discussed the technical acceptability of the IPEC PRAs used to support the risk-informed approach described in its LAR. From this exchange with the licensee, the NRC staff understood what additional information needed to be requested and how to describe the request such that the licensee would clearly understand what information should be provided.

The licensee also discussed details regarding its proposed risk-informed screening methodology. Specifically, the licensee presented information on how CDAs were equated to systems, structures, and components modeled in the IPEC PRAs and on the rationale for using the following risk screening threshold metrics: Risk Achievement Worth (RAW)~ 2 and Risk Reduction Worth (RRW) ~ 1.005 for components; RAW~ 20 and Fussell-Vesely (FV) ~.05 for systems. The NRC staff noted that the licensee's approach reflects a first-of-a-kind methodology and that no existing NRC-approved guidance documents are available in this area.

(

exchange with the licensee, the NRG staff understood what additional information needed to be requested and how to describe the request such that the licensee would clearly understand what information should be provided.

Conclusion During this audit, the staff did not make any regulatory decisions regarding the proposed license amendment. However, the NRG staff found that the audit provided a better understanding of Entergy's graded approach to full implementation of the CSP based on a risk-informed screening approach. There was open communication throughout the audit. After the audit, the licensee indicated that supplemental information to the LAR would be forthcoming.

Reference

1.

Letter from Anthony J. Vitale, Site Vice President, Entergy, of the Indian Point Energy to NRG, "License Amendment Request - Cyber Security Plan Implementation Schedule,"

April 28, 2017 (ADAMS Accession No. ML17129A612).

2.

NRG letter to Entergy, "Indian Point Nuclear Generating Unit Nos. 1, 2 and 3 -

Issuance of Amendments Re: License Amendment Request - Cyber Security Plan (TAC Nos ME4212, ME4213, and ME4214," August 2, 2011 (ADAMS Accession No. ML11152A027).

3.

NRG letter to Entergy, "Indian Point Nuclear Generating Unit Nos. 1, 2 and 3 -

Issuance of Amendments Re: Cyber Security Plan Implementation Schedule Milestones (TAC Nos. ME8885, ME8886, and ME8887)," November 28, 2012 (ADAMS Accession No. ML12258A268).

4.

NRG Internal Memorandum to Barry Westreich from Russell Felts, "Review Criteria for 1 O CFR 73.54, Cyber Security Implementation Schedule Milestone 8 License Amendment Requests," October 24, 2013 (ADAMS Accession No. ML13295A467).

5.

NRG letter to Entergy, "Indian Point Nuclear Generating Unit Nos. 1, 2 and 3 - Issuance of Amendments Re: Cyber Security Plan Implementation Schedule (TAC Nos. MF3409 and MF341 O)," December 11, 2014 (ADAMS Accession No. ML14316A526).

6.

NRG Office of Nuclear Reactor Regulation Office Instruction, LIC-111, "Regulatory Audits," December 29, 2008 (ADAMS Accession No. ML082900195).

7.

NRG letter to Entergy, "Indian Point Nuclear Generating Unit Nos. 1, 2 and 3 -

Regulatory Audit Plan for July 10-11, 2017, Audit in Support of License Amendment Request to Extend Milestone 8 Implementation Date (CAC Nos. MF9656, MF9657, and MF9658)," July 6, 2017 (ADAMS Accession No. ML17187A195).

8.

Regulatory Guide 1.17 4, Revision 2, "An Approach for Using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis," May 2011 (ADAMS Accession No. ML100910006).

9.

Regulatory Guide 1.200, Revision 2, "An Approach for Determining the Technical Adequacy of Probabilistic Risk Assessment Results for Risk-Informed Activities,"

March 2009 (ADAMS Accession No. ML090410014).

SUBJECT:

INDIAN POINT NUCLEAR GENERATING UNIT NOS. 1, 2 AND 3,- STAFF AUDIT

SUMMARY

RELATED TO LICENSE AMENDMENT REQUEST TO EXTEND MILESTONE 8 FULL IMPLEMENTATION DATE (CAC NOS. MF9656, MF9657, AND MF9658) DATED SEPTEMBER 15, 2017 DISTRIBUTION:

PUBLIC RidsACRS_MailCTR Resource RidsNrrDorlLpl1 Resource RidsNrrDraAplb Resource RidsNrrLALRonewicz Resource RidsNrrPMlndianPoint Resource RidsRgn1 MailCenter Resource JBeardsley, NSIR CAiien, NSIR KLawson-Jenkins, NSIR CDeMessieres, NRR JRady, R-1 ELee, NSIR ADAMS A ccess1on N ML17245A001 o.:

OFFICE NRR/DORL/LPL 1/PM NRR/DORL/LPL 1/LA NAME RGuzman LRonewicz DATE 09/11/2017 09/13/2017 OFFICE NSIR/DPCP/CSB/BC*

NRR/DORL/LPL 1 /BC NAME JBeardsley JDanna DATE 09/05/2017 09/15/2017 OFFICIAL RECORD COPY

• b

• 1 1y e-ma1 NRR/DRA/APLB/BC*

GCasto 09/11/2017 NRR/DORL/LPL 1/PM RGuzman (JDanna for) 09/15/2017