Text

Revised Supplemental Information for License Amendment Request - Cyber Security Plan Implementation Schedule
	ML17277A140
Person / Time
Site:	Indian Point
Issue date:	09/28/2017
From:	Vitale A; Entergy Nuclear Northeast
To:	; Document Control Desk, Office of Nuclear Material Safety and Safeguards, Office of Nuclear Reactor Regulation
Shared Package
ML17277A128	List: NL-17-124, Revised Supplemental Information for License Amendment Request - Cyber Security Plan Implementation Schedule;
References
	CAC MF9656, CAC MF9657, CAC MF9658, NL-17-124
	Download: ML17277A140 (13)
	v • d • e

~Entergy:

Entergy Nuclear Northeast Indian Point Energy Center 450 Broadway, GSB P.O. Box249 Buchanan, NY 10511-0249 Tel 914 254 6700 Anthony J. Vitale Site Vice President SECURITY-RELATED INFORMATION-WITHHOLD UNDER 10 CFR 2.390 September 28, 2017 NL-17-124 U.S. Nuclear Regulatory Commission ATTN: Document Control Desk 11555 Rockville Pike, OWFN-2 F1 Rockville, MD 20852-2738

SUBJECT:

Revised Supplemental Information for License Amendment Request-Cyber Security Plan Implementation Schedule (CAC Nos. MF9656, MF9657, MF9658)

Indian Point Unit Nos. 1, 2, and 3 Docket Nos.50-003, 50-24 7 and. 50-286 License Nos. DPR-5, DPR-26, and DPR-64

REFERENCE:

1. Entergy Letter NL-17-049 to NRC, "License Amendment Request-Cyber Security Plan Implementation Schedule," dated April 28, 2017 (ML17129A612)

2. NRC letter to Entergy, "Indian Point Nuclear Generating Unit Nos. 1, 2 and 3 - Issuance of Amendments Re: License Amendment Request -

Cyber Security Plan (TAC Nos ME4212, ME4213, and ME4214),"

dated August 2, 2011 (ML11152A027)

3. NRC letter to Entergy, "Issuance of Amendments Re: Cyber Security Plan Implementation Schedule Milestones," dated November 28, 2012 (ML12258A268)

4. NRC letter to Entergy, "Issuance of Amendments - Cyber Security Plan Implementation Schedule," dated December 11, 2014 (ML14316A526)

5. NRC letter to Entergy, "Indian Point Nuclear Generating Unit Nos. 1, 2 and 3 - Issuance of Amendments Re: Cyber Security Plan Implementation Schedule," dated April 12, 2016(ML16064A215)

S DD I /1-tJiVt 5 SD I SECURITY-RELATED INFORMATION-WITHHOLD UNDER 10 CFR 2.390 f\\)/lf<-

, When Attachments 1 through 5 are detached, this letter is no longer security-related

,Vfvf SS

NL-17-124 Docket Nos.50-003, 50-247 and 50-286 Page 2 of 4 SECURITY-RELATED INFORMATION-WITHHOLD UNDER 10 CFR 2.390

6. Entergy Letter NL-17-096 to NRC, "Supplemental Information for License Amendment Request - Cyber Security Plan Implementation Schedule (CAC Nos. MF9656, MF9657, MF 9658)," dated August 9, 2017 (ML17228A044)

Dear Sir or Madam:

Pursuant to 10 CFR 50.90, Application for amendment of license, construction permit, or early site permit, Entergy Nuclear Operations, Inc. (Entergy) requested a License Amendment for Indian Point Unit No. 1 (IP1), Operating License (OL) DPR-5, Docket No.50-003, for Indian Point Unit No. 2 (IP2), OL DPR-26, Docket No. 50-247, and for Indian Point Unit No. 3 (IP3), OL DPR-64, Docket No. 50-286. The License Amendment Request (LAR) (Reference 1) proposed a change to the Indian Point Energy Center (IPEC) Cyber Security Plan (CSP) Milestone 8 full implementation date as set forth in the CSP Implementation Schedule approved by Reference 2, and as amended by References 3, 4 and 5. A License Amendment is required because the Nuclear Regulatory Commission (NRC) Safety Evaluation Report (SER) provided in Reference 2, states that "All subsequent changes to the NRG-approved CSP implementation schedule will require prior NRC approval pursuant to 10 CFR 50.90.

An NRC onsite audit of the IPEC CSP implementation process was conducted on July 10 and 11, 2017. As a result of discussions between IPEC staff and NRC staff during the audit, Entergy revised the Reference 1 LAR to simplify the approach used to present the Milestone 8 partial implementation schedule. This simplified approach replaced and superseded the "High Risk Safety Related CDAs" approach described in Section 2.0 of the Reference 1 LAR. The revised approach specifically identified the Critical Digital Assets (CDAs) planned for completion of the Milestone 8 actions by the partial implementation completion date, and also identified those CDAs proposed for deferral of the Milestone 8 actions to the full implementation completion date. The supplemental information was previously provided in Attachments 1 through 5 to the Reference 6 letter, and these attachments are being resubmitted in their entirety with this letter, with no changes, as the information continues to represent the current plant configuration and approach to implementing the IPEC CSP Milestone 8 actions.

Attachments 1 through 4 provide the identified in scope IPEC security system, safety related, hard wired direct trip (causes turbine/reactor trip), and important to safety CDAs, respectively, that will be in full compliance with the Milestone 8 assessment and remediation actions by December 31, 2017, as previously committed in Attachment 3 of the Reference 1 LAR. The selection criteria used for the CDAs listed in Attachments 1 through 4 to this letter (same as provided in Reference 6) are as follows:

: The listed CDAs were identified as being in scope due to their association with the security system.

: The listed safety related CDAs were identified by Operations as being in scope due to their importance to plant operations and safety.

SECURITY-RELATED INFORMATION-WITHHOLD UNDER 10 CFR 2.390 When Attachments 1 through 5 are detached, this letter is no longer security-related

NL-17-124 Docket Nos.50-003, 50-247 and 50-286 Page 3 of 4 SECURITY-RELATED INFORMATION-WITHHOLD UNDER 10 CFR 2.390

: The listed CDAs were identified as being in scope due to their single point potential to cause a direct turbine or reactor trip. These CDAs were selected based on reviews of the IP2 and IP3 turbine trip and reactor trip logic diagrams.

: The listed non-safety related CDAs were identified by Operations as being in scope due to their importance to plant operations and safety.

The purpose of this letter is to revise the Milestone 8 full implementation commitment date previously provided in Attachment 3 of the Reference 1 LAR. Entergy has reassessed its progress toward completing the IPEC CSP Milestone 8 actions and determined that the expected completion date can be improved upon. Accordingly, the previous request to extend the Milestone 8 full implementation completion date to December 31, 2022 is not needed, and Entergy now proposes a one year extension of the completion date to December 31, 2018. Attachment 5 to this letter provides the identified IPEC CDAs that are proposed to have their Milestone 8 assessment and remediation actions deferred to the revised December 31, 2018 commitment date. The Milestone 1 through 7 actions will continue to be maintained during the interim one year deferral period. The CDAs listed in are those that did not meet the selection criteria for Attachments 1 through 4. contains the proposed revised IPEC CSP schedule date for full implementation of Milestone 8. Attachment 7 contains one revised commitment for the IPEC CSP full implementation of Milestone 8.

The supplemental information provided in Attachments 1 through 5 to this letter was previously reviewed for adequacy and approved by the IPEC Cyber Security Assessment Team and On Site Review Committee.

Entergy has determined that the supplemental information provided in this letter does not alter the conclusion reached in the original LAR (Reference 1) that the proposed change presents no significant hazards consideration und~r the standards set forth in 10 CFR 50.92(c). The supplemental information also does not alter the original LAR's bases for concluding that, pursuant to 10 CFR 51.22(b), no environmental impact statement or environmental assessment need be prepared in connection with issuance of the amendment.

In accordance with 10 CFR 50.91 (b), State consultation, a copy of this request and the associated Attachments is being submitted to the designated New York State official.

Should you have any questions concerning this letter or require additional information, please contact Mr. Robert Walpole, Manager, Regulatory Assurance at (914) 254-6710.

I declare under Senalty of perjury that the foregoing is true and correct. Executed on September -z, 2017 SECURITY-RELATED INFORMATION-WITHHOLD UNDER 10 CFR 2.390 When Attachments 1 through 5 are detached, this letter is no longer security-related

NL-17-124 Docket Nos.50-003, 50-247 and 50-286 Page 4 of 4 SECURITY-RELATED INFORMATION-WITHHOLD UNDER 10 CFR 2.390 Sincerely, AJV/cdm Attachments: 1. In Scope Security System Critical Digital Assets

2. In Scope Safety Related Critical Digital Assets

3.

In Scope Hard Wired Direct Trip Critical Digital Assets

4. In Scope Important to Safety Critical Digital Assets

5. Critical Digital Assets Proposed for Deferral of Milestone 8 Actions (Maintain Milestone 1-7 Actions)

6. Revised Cyber Security Plan Implementation Schedule

7. List of Regulatory Commitments cc:

Mr. Richard Guzman, Senior Project Manager, NRC NRR DORL Ms. Kimberly A. Conway, Project Manager, NRC FSME DWMEP DURLD Mr. Daniel H. Dorman, Regional Administrator, NRC Region 1 NRC Resident Inspector's Office Ms. Alicia Barton, President and CEO, NYSERDA Ms. Bridget Frymire, New York State Dept. of Public Service SECURITY-RELATED INFORMATION-WITHHOLD UNDER 10 CFR 2.390 When Attachments 1 through 5 are detached, this letter is no longer security-related

SECURITY-RELATED INFORMATION - WITHHOLD UNDER 10 CFR 2.390 ATTACHMENT 1 TO NL-17-124 (18 PAGES)

IN SCOPE SECURITY SYSTEM CRITICAL DIGITAL ASSETS ENTERGY NUCLEAR OPERATIONS, INC.