ML17290A487
| ML17290A487 | |
| Person / Time | |
|---|---|
| Site: | Pilgrim |
| Issue date: | 12/15/2017 |
| From: | John Lamb Special Projects and Process Branch |
| To: | Brian Sullivan Entergy Nuclear Operations |
| Lamb J, NRR/DORL/LSPB, 301-415-3100 | |
| References | |
| CAC MF9587, EPID L-2017-LLA-0194 | |
| Download: ML17290A487 (14) | |
Text
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 December 15, 2017 Mr. Brian R. Sullivan Site Vice President Entergy Nuclear Operations, Inc.
Pilgrim Nuclear Power Station 600 Rocky Hill Road Plymouth, MA 02360-5508
SUBJECT:
PILGRIM NUCLEAR POWER STATION-ISSUANCE OF AMENDMENT REGARDING REQUEST TO REVISE CYBER SECURITY PLAN MILESTONE 8 COMPLETION DATE (CAC NO. MF9587; EPID L-2017-LLA-0194)
Dear Mr. Sullivan:
The U.S. Nuclear Regulatory Commission (Commission) has issued the enclosed Amendment No. 247 to Renewed Facility Operating License No. DPR-35 for the Pilgrim Nuclear Power Station (Pilgrim). The amendment consists of changes to the renewed facility operating license in response to your application dated March 30, 2017.
The amendment revises Pilgrim's renewed facility operating license for the Cyber Security Plan (CSP) Milestone 8 full implementation completion date, as set forth in the CSP implementation schedule, and revises the physical protection license condition. The amendment revises the CPS Milestone 8 completion date from December 15, 2017, to December 31, 2020.
A copy of the related Safety Evaluation is enclosed. The Notice of Issuance will be included in the Commission's next biweekly Federal Register notice.
Docket No. 50-293
Enclosures:
- 1. Amendment No. 247 to Renewed Facility Operating License No. DPR-35
- 2. Safety Evaluation cc: Listserv
. Lamb, Senior Project Manager Sp c* I Projects and Process Branch Divi on of Operating Reactor Licensing Office of Nuclear Reactor Regulation
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 ENTERGY NUCLEAR GENERATION COMPANY ENTERGY NUCLEAR OPERATIONS, INC.
PILGRIM NUCLEAR POWER STATION DOCKET NO. 50-293 AMENDMENT TO RENEWED FACILITY OPERATING LICENSE Amendment No. 247 Renewed License No. DPR-35
- 1.
The U.S. Nuclear Regulatory Commission (the Commission) has found that:
A.
The application for amendment filed by Entergy Nuclear Operations, Inc. (the licensee), dated March 30, 2017, complies with the standards and requirements of the Atomic Energy Act of 1954, as amended (the Act), and the Commission's rules and regulations set forth in 10 CFR Chapter I; B.
The facility will operate in conformity with the application, the provisions of the Act, and the rules and regulations of the Commission; C.
There is reasonable assurance: (i) that the activities authorized by this amendment can be conducted without endangering the health and safety of the public, and (ii) that such activities will be conducted in compliance with the Commission's regulations; D.
The issuance of this amendment will not be inimical to the common defense and security or to the health and safety of the public; and E.
The issuance of this amendment is in accordance with 10 CFR Part 51 of the Commission's regulations and all applicable requirements have been satisfied.
- 2.
Accordingly, the license is amended by changes as indicated in the attachment to this license amendment, and paragraph 3.B of Renewed Facility Operating License No. DPR-35 is hereby amended to read as follows:
B.
Technical Specifications The Technical Specifications contained in Appendix A, as revised through Amendment No. 247, are hereby incorporated in the renewed operating license. The licensee shall operate the facility in accordance with the Technical Specifications.
Further, paragraph 3.G is hereby amended, in part, to read as follows:
The licensee shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p).
The licensee's CSP was approved by License Amendment No. 236, as supplemented by changes approved by License Amendment Nos. 238, 241, 244, and 247.
- 3.
This license amendment is effective as of the date of issuance and shall be implemented within 30 days from the date of issuance.
Attachment:
Changes to Renewed Facility Operating License No. DPR-35 FOR THE NUCLEAR REGULATORY COMMISSION
'Ya/~-
Douglas A. Broaddus, Chief Special Projects and Process Branch Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Date of Issuance: December 1 5, 2 O 1 7
ATTACHMENT TO LICENSE AMENDMENT NO. 247 PILGRIM NUCLEAR POWER STATION RENEWED FACILITY OPERATING LICENSE NO. DPR-35 DOCKET NO. 50-293 Replace the following page of the Renewed Facility Operating License No. DPR-35 with the attached revised page. The revised page is identified by amendment number and contains marginal lines indicating the areas of change.
Renewed Facility Operating License No. DPR-35 REMOVE INSERT provisions of the Act and to the rules, regulations, and orders of the Commission now or hereafter in effect; and is subject to the additional conditions specified below:
A.
Maximum Power Level ENO is authorized to operate the facility at steady state power levels not to exceed 2028 megawatts thermal.
B.
Technical Specifications The Technical Specifications contained in Appendix A, as revised through Amendment No. 247, are hereby incorporated in the renewed operating license.
The licensee shall operate the facility in accordance with the Technical Specifications.
C.
Records D.
E.
F.
G.
ENO shall keep facility operating records in accordance with the requirements of the Technical Specifications.
Equalizer Valve Restriction - DELETED Recirculation Loop Inoperable - DELETED Fire Protection ENO shall implement and maintain in effect all provisions of the approved fire protection program as described in the Final Safety Analysis Report for the facility and as approved in the SER dated December 21, 1978 as supplemented subject to the following provision:
ENO may make changes to the approved fire protection program without prior approval of the Commission only if those changes would not adversely affect the ability to achieve and maintain safe shutdown in the event of a fire.
Physical Protection The licensee shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans, which contain Safeguards Information protected under 10 CFR 73.21, is entitled: "Pilgrim Nuclear Power Station Physical Security, Training and Qualification, and Safeguards Contingency Plan, Revision O" submitted by letter dated October 13, 2004, as supplemented by letter dated May 15, 2006.
The licensee shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The licensee's CSP was approved by License Amendment No. 236, as supplemented by changes approved by Amendment Nos. 238, 241, 244, and 247.
Amendment No. 247 Renewed License No. DPR-35
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 SAFETY EVALUATION BY THE OFFICE OF NUCLEAR REACTOR REGULATION RELATED TO AMENDMENT NO. 247 TO RENEWED FACILITY OPERATING LICENSE NO. DPR-35 ENTERGY NUCLEAR GENERATION COMPANY
1.0 INTRODUCTION
ENTERGY NUCLEAR OPERATIONS, INC.
PILGRIM NUCLEAR POWER STATION DOCKET NO. 50-293 By application dated March 30, 2017 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML17101A608), Entergy Nuclear Operations, Inc. (Entergy or the licensee), submitted a request for changes to the Pilgrim Nuclear Power Station (Pilgrim)
Renewed Facility Operating License (FOL) No. DPR-35. The licensee requested an amendment to revise the Pilgrim Renewed FOL for the Cyber Security Plan (CSP) Milestone 8 (MS8) full implementation completion date, as set forth in the CSP implementation schedule, and revise the physical protection license condition. The proposed amendment would revise the CPS MS8 completion date from December 15, 2017, to December 31, 2020.
2.0 BACKGROUND
By letter dated November 10, 2015 (ADAMS Accession No. ML15328A053), pursuant to Title 10 of the Code of Federal Regulations (10 CFR) paragraph 50.82(a)(1 )(i), the licensee submitted Notification of Permanent Cessation of Power Operations for Pilgrim. In this letter, Entergy notified the U.S. Nuclear Regulatory Commission (NRC) of its intent to permanently cease power operations no later than June 1, 2019. After certifications of permanent cessation of power operations and permanent removal of fuel from the reactor vessel for Pilgrim are submitted in accordance with 10 CFR 50.82(a)(1)(i) and (ii), the 10 CFR Part 50 license will no longer authorize reactor operation or placement or retention of fuel in the reactor vessel.
The NRC staff initially reviewed and approved the licensee's original CSP implementation schedule by License Amendment No. 236, dated July 22, 2011 (ADAMS Accession No. ML11152A043), to the Pilgrim Renewed FOL concurrent with the incorporation of the CSP into the facility's current licensing basis. The NRC staff then reviewed and approved the licensee's current CSP implementation schedule by Amendment No. 238, dated November 13, 2012 (ADAMS Accession No. ML12261A130); Amendment No. 241, dated December 11, 2014 (ADAMS Accession No. ML14336A661 ); and Amendment No. 244, dated June 6, 2016 (ADAMS Accession No. ML16082A460). This schedule required the licensee to fully implement and maintain in effect all provisions of the CSP no later than December 15, 2017.
3.0 REGULATORY EVALUATION
The NRC staff considered the following regulatory requirements and guidance in its review of the license amendment request to modify the existing CSP implementation schedule:
The regulations in 10 CFR Section 73.54, "Protection of digital computer and communication systems and networks," which states, in part:
Each [CSP] submittal must include a proposed implementation schedule.
Implementation of the licensee's cyber security program must be consistent with the approved schedule.
Review criteria provided by the NRC staff's internal memorandum, "Review Criteria for Title 10 of the Code of Federal Regulations 73.54, Cyber Security Implementation Schedule Milestone 8 License Amendment Requests," dated October 24, 2013 (ADAMS Accession No. ML13295A467), to be considered for evaluating licensees' requests to postpone their cyber security program implementation date (commonly known as MS8).
The licensee's renewed FOL includes a license condition that requires the licensee to fully implement and maintain in effect all provisions of the Commission approved CSP.
The NRC staff does not regard the CSP milestone implementation dates as regulatory commitments that can be changed unilaterally by the licensee, particularly in light of the regulatory requirement at 10 CFR 73.54, which states, in part, that "[i]mplementation of the licensee's cyber security program must be consistent with the approved schedule." As the NRC staff explained in its letter to all operating reactor licensees dated May 9, 2011 (ADAMS Accession No. ML110980538), the implementation of the plan, including the key intermediate milestone dates and the full implementation date shall be in accordance with the implementation schedule submitted by the licensee and approved by the NRC. All subsequent changes to the NRG-approved CSP implementation schedule, thus, will require prior NRC approval as required by 10 CFR 50.90, "Application for amendment of licensee, construction permit, or early site permit."
4.0
4.1 TECHNICAL EVALUATION
Licensee's Requested Change The NRC staff issued Amendment No. 244 to Renewed FOL No. DPR-35 by letter dated June 6, 2016. This amendment approved the CSP and associated implementation schedule, and added a license condition requiring the licensee to fully implement and maintain in effect the Commission-approved CSP. The licensee's implementation schedule was based on a template prepared by the Nuclear Energy Institute (NEI), which was transmitted to the NRC by letter dated February 28, 2011 (ADAMS Accession No. ML110600206). By letter dated March 1, 2011, the NRC staff found the NEI template acceptable for licensees to use to develop their CSP implementation schedules (ADAMS Accession No. ML110070348).
The licensee's implementation schedule for the CSP, as amended by Amendment No. 238, dated November 13, 2012, identified completion dates and bases for the following eight milestones:
- 1.
Establish the Cyber Security Assessment Team;
- 2.
Identify Critical Systems (CSs) and Critical Digital Assets (CDAs);
- 3.
Install deterministic one-way devices between lower-level devices and higher-level devices;
- 4.
Implement the security control "Access Control For Portable And Mobile Devices";
- 5.
Implement observation and identification of obvious cyber-related tampering to existing insider mitigation rounds by incorporating the appropriate elements;
- 6.
Identify, document, and implement technical cyber security controls in accordance with Mitigation of Vulnerabilities and Application of Cyber Security Controls for CDAs that could adversely impact the design function of physical security target set equipment;
- 7.
Ongoing monitoring and assessment activities for those target set CDAs whose security controls have been implemented; and
- 8.
Fully implement the CSP.
Currently, MS8 of the Pilgrim CSP requires the licensee to fully implement the CSP by December 15, 2017. By letter dated March 30, 2017, the licensee proposed to modify the MS8 completion date to December 31, 2020.
The licensee provided the following information pertinent to each of the criteria identified in the NRC guidance memorandum dated October 24, 2013.
- 1.
Identification of the specific requirement or requirements of the CSP that the licensee needs additional time to implement.
The licensee requested that full implementation of the CSP requirements be rescheduled from December 15, 2017, to December 31, 2020, for the requirement described in CSP, Section 3.1, "Analyzing Digital Computer Systems and Networks and Applying Cyber Security Controls."
During this additional 3-year period, the licensee will continue to comply with the requirements of Milestones 1 through 7, as well as certain parts of MS8.
- 2.
Detailed justification that describes the reason additional time is required to implement the specific requirement or requirements identified.
The licensee stated that on November 10, 2015, Entergy notified NRC of its intention to permanently cease power operations at Pilgrim no later than June 1, 2019. Entergy stated that completing the remaining MS8 actions by December 31, 2017, is not a prudent use of its resources because digital assets that have been identified as CDAs while the reactor is operating will not be required for significant safety, security, and emergency preparedness (SSEP) functions after the reactor is certified to be permanently shut down and defueled. The licensee stated that CDAs associated with those functions will no longer be required and will no longer be protected subject to 10 CFR 73.54 after the 10 CFR 50.82 certifications have been submitted. The licensee also stated that extending the remaining MS8 actions to December 31, 2020, has no adverse effect on nuclear safety given that Entergy is required to maintain the previously implemented actions for Milestones 1 through 7.
- 3.
Proposed completion date for MS8 consistent with the remaining scope of work to be conducted and the resources available.
The licensee stated that the proposed completion date for MS8 is December 31, 2020. The licensee pointed out that by this date, the reactor will have been defueled and the decay heat from the fuel stored in the spent fuel pool is expected to be capable of being removed by air cooling. The licensee stated that once this plant condition is achieved, the CSP license condition is no longer required and Entergy plans to submit a license amendment request to remove the condition from Pilgrim's Renewed FOL.
- 4.
An evaluation of the impact that the additional time to implement the requirements will have on the effectiveness of the overall cyber security program in the context of milestones already completed.
Entergy stated that cyber security protections provided by the completion and maintenance of Milestones 1 through 7 actions ensure that the program will continue to be effective in significantly mitigating the risk of the design-basis threat via cyber means. The licensee stated that safety-related, important-to-safety, and security CDAs will continue to be deterministically isolated from external networks; stringent control of portable media and mobile devices connected to CDAs will continue; and implementation of technical cyber security controls and security officer observation for CDAs that support physical security target set functions will also continue. Additionally, the licensee stated that it has implemented procedures governing CDA configuration management, cyber security incident response and recovery, and cyber security training that are required as part of MS8.
- 5.
Description of the methodology for prioritizing completion of work for CDAs associated with significant safety, security and emergency preparedness consequences and with reactivity effects in the balance of plant.
The licensee stated that CDAs are plant components that are subject to the maintenance prioritization and normal work management process. The licensee stated this places the highest priority on apparent conditions adverse to quality in system, structure, and component design function and factors such as safety risk, nuclear defense-in-depth, and continuity of electric power generation in the balance-of-plant (BOP). The licensee stated that in regard to deterministic isolation and control of portable media and mobile devices for safety-related, important-to-safety (including BOP), and security CDAs, maintenance of one-way or air-gapped configurations and implementation of controls remains a high priority. Additionally, Entergy says it continues to give prompt attention to any emergent issue with CDAs that would potentially challenge the established cyber protective barriers.
- 6.
Discussion of the cyber security program performance up to the date of the license amendment request.
The licensee stated that no compromise of SSEP function by cyber means has been identified.
Entergy stated that an NRC inspection of its compliance with Milestones 1 through 7 was completed on January 30, 2015, and findings from the inspection were designated as having a very low safety significance (green non-cited, granted enforcement discretion). Additionally, the licensee stated that an annual Entergy quality assurance audit has been conducted every year since 2013, pursuant to the requirements of 10 CFR 73.55(m), "Security program reviews." The licensee stated there have been no significant audit findings related to the overall cyber security program performance and effectiveness during these audits.
- 7.
Discussion of cyber security issues pending in the corrective action program.
The licensee stated that no cyber security issues that would constitute a threat to proper CDA function or that would call into question cyber security program effectiveness are currently pending in the corrective action program.
- 8.
Discussion of modifications completed to support the cyber security program and a discussion of pending cyber security modifications.
The licensee stated that modifications completed include those required to deterministically isolate Levels 3 and 4 CDAs as required by nuclear cyber security implementation schedule interim Milestone 3. The licensee stated that no modifications are pending.
4.2
NRC Staff Evaluation
The NRC staff has evaluated the licensee's application using the regulatory requirements and guidance cited in Section 3.0 of this safety evaluation. For the reasons described below, the NRC staff finds that Entergy's implementation of Milestones 1 through 7 and completion of additional activities are effective in significantly mitigating the risk of the design basis threat via cyber means.
On November 10, 2015, the licensee notified the NRC of its intent to permanently cease power operations no later than June 1, 2019. Thus, the extension period requested by Entergy for Pilgrim includes 1 year and 5 months of operation and 1 year and 7 months of decommissioning activities.
Entergy has completed implementation of Milestones 1 through 7. The NRC staff finds that implementation of Milestones 1 through 7 provides a high degree of protection against cyber attacks because the activities completed under Milestones 1 through 7 mitigate the most significant cyber attack vectors for the most significant CDAs. During the extension period, the licensee will continue to comply with Milestones 1 through 7. This includes, for example, continuing to ensure that safety-related, important-to-safety (including BOP), and security CDAs are deterministically isolated from external networks; and continuing the use of controls of portable media and mobile devices connected to CDAs, including controls for the use of stand-alone scanning kiosks and media. This also includes the continuation of security officer observations for CDAs supporting security functions and the implementation of technical cyber security controls.
In addition, Entergy has already implemented some of the required MS8 activities. Specifically, many of the CDAs deterministically isolated from external networks described above are part of MS8 scope of work. Additional MS8 activities that Entergy has implemented including (1) CDA configuration management; (2) cyber security incident response and recovery; (3) cyber security training; (4) maintenance prioritization and normal work management processes that place priority on conditions adverse to quality in system, structure, and component design function, as well as threats to continuity of electric power generation in the balance-of-plant; and (5) prompt attention to any emergent issue with CDAs that would potentially challenge the established cyber protective barriers. Entergy stated that it will continue to implement these MS8 activities during the extension period. The NRC staff finds that implementation of Milestones 1 through 7 and the additional MS8 activities will continue to provide protection against the most significant cyber attack vectors during the extension period.
Once Pilgrim permanently ceases operation no later than June 1, 2019, and permanently removes the fuel from the reactor vessel, there is a significant reduction in radiological risk and consequences of an accident or security event as compared to when it was operating. The reactor, reactor coolant system, steam system, turbine generator, and supporting systems are no longer in operation and have no function related to the storage of the spent fuel, and the spectrum of possible accidents is significantly smaller. There will be a corresponding decrease in the number of digital computers, communication systems, and networks. As a result, the NRC staff finds that there will be a reduction in the number of attack pathways for cyber attack and the potential risk from a cyber attack at Pilgrim will be reduced.
For the reasons described above, the NRC has reasonable assurance that extending the date for implementation of the CSP to December 31, 2020, will provide adequate protection of the public health and safety and common defense and security. Therefore, the NRC staff finds the proposed change acceptable. As noted above, Entergy notified the NRC staff of its intent to permanently cease power operations at Pilgrim no later than June 1, 2019. Entergy has also notified the NRC staff of its intent to subsequently submit a license amendment request to remove Condition 3.G from the Pilgrim Renewed FOL. Pursuant to this amendment, Entergy will be required to implement MS8 by December 31, 2020, unless the NRC staff reviews and approves a subsequent license amendment to remove the requirement.
4.3 Revision to License Condition 3.G By letter dated March 30, 2017, the licensee proposed to modify paragraph 3.G of Renewed FOL No. DPR-35 for Pilgrim which provides a license condition to require the licensees to fully implement and maintain in effect all provisions of the NRG-approved CSP.
The current license condition in paragraph 3.G of Renewed FOL No. DPR-35 for Pilgrim, states, in part:
The licensee shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The licensee's CSP was approved by License Amendment No. 236, as supplemented by changes approved by: License Amendment Nos. 238, 241, and 244.
The license condition in paragraph 3.G of Renewed FOL No. DPR-35 for Pilgrim is modified, in part, as follows:
The licensee shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The licensee's CSP was approved by License Amendment No. 236, as supplemented by changes approved by License Amendment Nos. 238,241,244, and 247.
4.4 NRC Staff Technical Evaluation Conclusion The NRC staff concludes that the licensee's request to extend Pilgrim MS8 implementation date to December 31, 2020, provides reasonable assurance that adequate protection of the public health and safety and common defense and security for the following reasons: (i) the licensee's completion of Milestones 1 through 7 activities mitigate the most significant cyber attack vectors for the most significant CDAs; (ii) the licensee stated it will continue to ensure safety-related, important-to-safety, and security CDAs will be deterministically isolated from external networks, controls of portable media and mobile devices connected to CDAs will be continued, including controls for the use of stand-alone scanning kiosks and media; (iii) the implementation of technical cyber security controls and security officer observations by the licensee for CDAs supporting security functions will be continued during the proposed extension; and (iv) Entergy has already implemented certain MS8 activities including CDA configuration management, cyber security incident response and recovery and cyber security training.
5.0 STATE CONSULTATION
In accordance with the Commission's regulations, the Commonwealth of Massachusetts official was notified of the proposed issuance of the amendment on September 6, 2017. The Commonwealth of Massachusetts official had no comments.
6.0 ENVIRONMENTAL CONSIDERATION
The amendment relates solely to safeguards matters and does not involve any significant construction impacts. This amendment is an administrative change to extend the date by which the licensee must have its CSP fully implemented. The Commission has previously issued a proposed finding that the amendment involves no significant hazards consideration, and there has been no public comment on such finding published in the Federal Register on May 23, 2017 (82 FR 23624). Accordingly, the amendment meets the eligibility criteria for categorical exclusion set forth in 10 CFR 51.22(c)(12). Pursuant to 10 CFR 51.22(b), no environmental impact statement or environmental assessment need be prepared in connection with the issuance of the amendment.
7.0 CONCLUSION
The Commission has concluded, based on the considerations discussed above, that: (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner, (2) there is reasonable assurance that such activities will be conducted in compliance with the Commission's regulations, and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public.
Principal Contributor: S. Coker, NSIR/DPCP/CSB Date: December 15, 2017
- via memorandum **via email OFFICE NRR/DORL/LSPB/PM NRR/DORL/LSPB/LAiT NRR/DORL/LSPB/LA ** NSIR/DPCP/CSB/BC*
NAME Jlamb I Betts JBurkhardt JBeardsley DATE 12/13/17 10/25/17 12/14/17 11/15/17 OFFICE OGC-NLO**
NRR/DORL/LSPB/BC NRR/DORL/LSPB/PM NAME NNoelliste DBroaddus Jlamb DATE 12/14/17 12/15/17 12/15/17