ML17335A505

From kanterella
Jump to navigation Jump to search

Enclosusafety Evaluation by the Office of Nuclear Material Safety and Safeguards Entergy Nuclear Operations, Inc. Vermont Yankee Nuclear Power Station
ML17335A505
Person / Time
Site: Vermont Yankee Entergy icon.png
Issue date: 12/15/2017
From: Jack Parrott
Reactor Decommissioning Branch
To:
Entergy Nuclear Operations
Jack Parrott
Shared Package
ML17339A097 List:
References
EPID NO. L-2017-SPR-0005
Download: ML17335A505 (8)
v  d  e


Text

SAFETY EVALUATION BY THE OFFICE OF NUCLEAR MATERIAL SAFETY AND SAFEGUARDS ENTERGY NUCLEAR OPERATONS, INC.

VERMONT YANKEE NUCLEAR POWER STATION

1.0 INTRODUCTION

By letter dated May 1, 2017 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML17124A429), Entergy Nuclear Operations, Inc. (ENO, the licensee) requested a change to the renewed facility operating licenses (FOL) for the Vermont Yankee Nuclear Power Station (VY).

The U.S. Nuclear Regulatory Commission (NRC, the Commission) staff initially reviewed and approved the licensees original cyber security plan (CSP) implementation schedule by license amendment (LA) No. 247 dated July 20, 2011 (ADAMS Accession No. ML111801094), to renewed FOL DPR-28 concurrent with the incorporation of the CSP into the facilitys current licensing basis. The NRC staff reviewed and approved LA No. 259 to initially extend the Milestone 8 implementation to November 12, 2014. The NRC staff then reviewed and approved the licensees current CSP implementation schedule by LA No. 265 dated March 14, 2016 (ADAMS Accession No. ML16014A169). This schedule required VY to fully implement and maintain all provisions of the CSP no later than December 15, 2017.

The proposed change would revise the date of CSP implementation schedule Milestone 8 and paragraph 3.G in the renewed FOL from December 15, 2017 to July 31, 2019. Milestone 8 of the CSP implementation schedule concerns the full implementation of the CSP. The NRC issued a proposed finding that the amendment involves no significant hazards consideration, published in the Federal Register on August 15, 2017 (82 FR 38717). The NRC is currently processing a separate request submitted by ENO on July 13, 2017 to remove the license condition requiring implementation of the CSP (ML17198A020).

2.0 REGULATORY EVALUATION

The NRC staff considered the following regulatory requirements and guidance in its review of the license amendment request (LAR) to modify the existing CSP implementation schedule:

  • Title 10 of the Code of Federal Regulations (10 CFR), Section 73.54, Protection of digital computer and communication systems and networks, which states, in part:

Each [CSP] submittal must include a proposed implementation schedule. Implementation of the licensees cyber security program must be consistent with the approved schedule.

  • The licensee's renewed FOL includes a license condition that requires the licensee Enclosure 2

to fully implement and maintain in effect all provisions of the Commission-approved CSP.

  • Review criteria provided by the NRC staff's internal memorandum, Review Criteria for Title 10 of the Code of Federal Regulations Section 73.54, Cyber Security Implementation Schedule Milestone 8 LARs, dated October 24, 2013 (ADAMS Accession No. ML13295A467), to be considered for evaluating licensees requests to postpone their cyber security program implementation date (commonly known as Milestone 8).

The NRC staff does not regard the CSP milestone implementation dates as regulatory commitments that can be changed unilaterally by the licensee, particularly in light of the regulatory requirement at 10 CFR 73.54, that states, in part, that [i]mplementation of the licensees cyber security program must be consistent with the approved schedule. As the NRC staff explained in its letter to all operating reactor licensees dated May 9, 2011 (ADAMS Accession No. ML110980538), the implementation of the plan, including the key intermediate milestone dates and the full implementation date, shall be in accordance with the implementation schedule submitted by the licensee and approved by the NRC. All subsequent changes to the NRC-approved CSP implementation schedule, thus, will require prior NRC approval as required by 10 CFR 50.90, Application for amendment of license, construction permit, or early site permit.

3.0 TECHNICAL EVALUATION

3.1 Licensees Requested Change The NRC staff issued LA No. 247 to renewed FOL No. DPR-28 by letter dated July 20, 2011. This amendment approved the CSP and associated implementation schedule, and added a license condition requiring the licensee to fully implement and maintain the Commission-approved CSP. The implementation schedule was based on a template prepared by the Nuclear Energy Institute (NEI), which was transmitted to the NRC by letter dated February 28, 2011 (ADAMS Accession No. ML110600206). By letter dated March 1, 2011, the NRC staff found the NEI template acceptable for licensees to use to develop their CSP implementation schedules (ADAMS Accession No. ML110070348). The licensees proposed implementation schedule for the CSP identified completion dates and bases for the following eight milestones:

1) Establish the cyber security assessment team;
2) Identify critical systems and critical digital assets (CDAs);
3) Install deterministic one-way devices between lower level devices and higher level devices;
4) Implement the security control Access Control For Portable And Mobile Devices;
5) Implement observation and identification of obvious cyber-related tampering to existing insider mitigation rounds by incorporating the appropriate elements;
6) Identify, document, and implement technical cyber security controls in accordance with Mitigation of Vulnerabilities and Application of Cyber Security Controls, for CDAs that could adversely impact the design function of physical security target set equipment;
7) Ongoing monitoring and assessment activities for those target set CDAs whose security controls have been implemented; and
8) Fully implement the CSP.

Currently, Milestone 8 of the VY CSP requires the licensee to fully implement the CSP by December 15, 2017. By letter dated May 1, 2017, the licensee proposed to modify the Milestone 8 completion date to July 31, 2019.

The licensee provided the following information pertinent to each of the criteria identified in the NRC guidance memorandum dated October 24, 2013:

1) Identification of the specific requirement or requirements of the cyber security plan that the licensee needs additional time to implement.

The licensee stated that CSP Section 3, Analyzing Digital Computer Systems and Networks and Applying Cyber Security Controls, requires additional time to implement and therefore the licensee requested that implementation of the CSP requirements be rescheduled from December 15, 2017, to July 31, 2019. During this additional period the requirements of Milestones 1-7 will be maintained, as well as additional Milestone 8 activities that have been implemented to date.

The licensee stated that the number of CDAs has been reduced due to permanent cessation of reactor operations. Site assets that require cyber protection are those associated with security, Emergency Preparedness functions and systems supporting the operation of the spent fuel pool.

The VY decommissioning plan supports moving the spent fuel from the spent fuel pool to the independent spent fuel storage installation (ISFSI) by late 2018. Once the transition to an ISFSl-only configuration is complete, the licensee stated that a majority of the remaining CDAs will no longer be necessary and may be removed from service.

2) Detailed justification that describes the reason the licensee requires additional time to implement the specific requirement or requirements identified.

The licensee proposed a Milestone 8 completion date of July 31, 2019, in order to help to avoid the diversion of resources needed to assess and mitigate those CDAs slated for retirement in the ISFSI-only configuration that will not be fully retired by the current Milestone 8 completion date of December 15, 2017. The VY decommissioning plan supports moving the spent fuel from the spent fuel pool to the ISFSI by the July 31, 2019, at which time implemented system mitigations associated with safety, security and emergency preparedness (SSEP) functions will be removed from service.

3) A proposed completion date for Milestone 8 consistent with the remaining scope of

work to be conducted and the resources available.

The licensee proposed a Milestone 8 completion date of July 31, 2019. The licensee stated that the transfer of all spent fuel from the spent fuel pool to the ISFSI will have been completed by that date. ENO submitted a separate license amendment request to remove the CSP license condition from the renewed FOL based on VYs certifications of permanent cessation of power operations and permanent removal of fuel from the reactor vessel and further supported by the significant decay time of the spent fuel.

4) An evaluation of the impact that the additional time to implement the requirements will have on the effectiveness of the licensee's overall cyber security program in the context of milestones already completed.

The licensee stated that based on the CSP implementation plan activities completed under Milestones 1 through 7, the VY cyber security defensive posture is secure. The licensee provided that the completed activities provide a high degree of protection against cyber security attacks. The licensee stated that it will continue to ensure that digital computer and communication systems and networks covered by the CSP at VY are adequately protected against cyber attacks. Additionally, the licensee stated that the reduction in the number of digital computers and communication systems and networks due to the shutdown status reduces the number of attack pathways for a cyber attack during the decommissioning of a power reactor, up to and including the design basis threat described in 10 CFR 73.1.

Additionally, ENO has already initiated activities that are part of Milestone 8. These activities include CDA configuration management, cyber security incident response and recovery, cyber security training, and they provide additional protection of CDAs, and stated that these will also be maintained during the extension period.

5) A description of the licensees methodology for prioritizing completion of work for CDAs associated with SSEP consequences and with reactivity effects in the balance of plant.

ENO stated that it made a decision to permanently cease reactor operations on December 29, 2014. On January 12, 2015, ENO submitted certifications of permanent cessation of power operations at VY and permanent defueling of the VY reactor vessel to NRC, under 10 CFR 50.82(a)(1) (ADAMS Accession No. ML15013A426). ENO notified the NRC that all fuel was permanently removed from the VY reactor vessel and placed into the spent fuel pool.

The licensee said completion of work for CDAs follows the established work management process that places the highest priority on apparent conditions adverse to quality in structure, system and component design function and related factors such as safety risk and nuclear defense-in-depth. The licensee also stated that a high priority is placed on maintenance of one-way or air-gapped configurations and implementing controls over portable media and mobile devices. Additionally, a high focus is maintained on the prompt attention to any emergent issue with CDAs that potentially challenge the established cyber protective barriers.

The licensee stated that the number of CDAs has been reduced and site assets that require

cyber protection are primarily those associated with security, emergency preparedness functions and those systems supporting operation of the SFP. In addition, the number of digital computers and communication systems and networks has reduced the number of pathways for a cyber attack while the site is undergoing decommissioning activities since VY is in a permanently shutdown and defueled condition.

6) A discussion of the VY cyber security program performance up to the date of the LAR.

The licensee said no compromise of SSEP function by cyber means has been identified. ENO conducted quality assurance audits that included a CSP review in 2013, 2014, and 2015, and no significant findings related to overall cyber security performance and effectiveness were found.

7) A discussion of cyber security issues pending in the licensees CAP.

The licensee said there are no cyber security issues that would constitute a threat to proper CDA function or that would call into question cyber security program effectiveness are currently pending in the CAP.

8) A discussion of modifications completed to support the cyber security program and a discussion of pending cyber security modifications.

The licensee said there are no modifications pending. Modifications to deterministically isolate Level 3 and 4 CDAs are complete, and modifications associated with the transition to dry fuel storage are in progress to be implemented after all spent fuel has been transferred to the ISFSI. The requested extension allows for the implementation of these changes prior to the Milestone 8 implementation date, as revised.

3.2 NRC Staff Evaluation of Requested Change The NRC staff evaluated the licensee's application using the regulatory requirements and guidance cited in Section 2.0 of this Safety Evaluation. The NRC staffs evaluation concludes that the licensees site is more secure due to the reduced risk profile presented by VYs permanent shutdown status and defueled configuration, by reduction in number of CDAs, and the protection provided by the completion of Milestones 1-7 as well as additional activities described below.

ENO stated that it made a decision to permanently cease reactor operations on December 29, 2014. . On January 12, 2015 (ADAMS Accession No. ML15013A426), ENO submitted certifications of permanent cessation of power operations at VY and permanent defueling of the VY reactor vessel to NRC, under 10 CFR 50.82(a)(1). At that time, ENO notified the NRC that all fuel had been permanently removed from the VY reactor vessel and placed into the spent fuel pool.

ENO has completed implementation of Milestones 1-7. The NRC staff finds that implementation of Milestones 1 through 7 provides a high degree of protection against cyber attacks because the activities completed under Milestones 1 through 7 mitigate the most significant cyber attack vectors for the most significant CDAs. Specifically, the most significant digital computer and communication systems and networks associated with SSEP systems are

already protected against cyber attacks while VY completes its decommissioning activities and continues to implement its cyber security program. During the extension period the licensee stated that it will continue to implement Milestones 1-7. The NRC staff finds that the continued implementation of Milestones 1-7 will help ensure safety-related, important-to-safety, and security CDAs are deterministically isolated from external networks. In addition, the monitoring of portable media and mobile devices connected to CDAs will continue, including the use of stand-alone scanning kiosks and media. The implementation of technical cyber security controls and security officer observations for CDAs supporting security functions will also continue during the extension. In addition, ENO has already implemented some of the required Milestone 8 activities, including CDA configuration management, cyber security incident response and recovery, and cyber security training. The NRC staff finds that implementation of Milestones 1 through 7 and the additional Milestone 8 activities will continue to provide protection against the most significant cyber attack vectors during the extension period.

ENO also stated that the number of CDAs decreased and will continue to decrease given the facility has permanently ceased operations and fuel has been permanently removed from the reactor vessel and placed in the spent fuel pool. The NRC staff finds that the reduction in the number of CDAs reduces the number of attack pathways for cyber-attack during the decommissioning of the power reactor.

The licensee stated that decommissioning activities are focused on efforts to reduce plant equipment that will further reduce plant risk and potential consequences of a cyber-attack. The licensees prioritization of completion of work for CDAs follows an established work management process for ensuring focus is maintained on emergent issues with CDAs that could challenge the established cyber protective barriers. The NRC staff finds that the licensees methodology for prioritizing work on CDAs is appropriate because it ensures continued protection of significant and emergent issues.

For the reasons described above, the NRC staff concludes that the licensee's request to delay final implementation of the CSP until July 31, 2019, is reasonable given the status of the plant, the reduction in number of CDAs, and resultant reduction in attack pathways, and the protection provided by the cyber security program. Therefore, the NRC has reasonable assurance that extending the date for implementation of the CSP to July 31, 2019, will provide adequate protection of the public health and safety and the common defense and security.

3.3 Summary of Technical Evaluation Based on its review of the licensees submittal, the NRC staff concludes that the licensee's request to extend Milestone 8 implementation until July 31, 2019 provides reasonable assurance that adequate protection of the public health and safety and common defense and security for the following reasons: (1) the licensees implementation of Milestones 1 through 7 provides a high degree of protection against cyber security attacks while VY completes its decommissioning activities, as discussed in the staff evaluation above; (2) ENO has already implemented certain Milestone 8 activities including CDA configuration management, cyber security incident response and recovery, and cyber security training; and (3) the status of the plant, i.e., permanently shutdown and defueled configuration, the reduction in number of CDAs and resultant reduction in attack pathways. Therefore, the NRC has reasonable assurance that extending the date for implementation of the CSP to July 31, 2019, will provide adequate protection of the public health and safety and the common defense and security.

3.4 Revision to License Condition Paragraph 3.G By letter dated May 1, 2017, the licensee proposed to modify paragraph 3.G of renewed FOL No. DPR-28, which provides a license condition to require the licensee to fully implement and maintain in effect all provisions of the NRC-approved CSP.

The current license condition in paragraph 3.G of renewed FOL No. DPR-28 for VY, states, in part:

Entergy Nuclear Operations, Inc. shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP),

including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). Entergy Nuclear Operations, Inc. CSP was approved by License Amendment No. 247, as supplemented by changes approved by License Amendment Nos. 251, 259, and 265.

The revised portion of the license condition in paragraph 3.G of renewed FOL Nos. DPR-28 for VY, would state, in part:

Entergy Nuclear Operations, Inc. shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP),

including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). Entergy Nuclear Operations, Inc. CSP was approved by License Amendment No. 247, as supplemented by changes approved by License Amendment Nos. 251, 259, 265 and 266.

3.5 Regulatory Commitments By letter dated May 1, 2017, the licensee made the following regulatory commitment:

  • Fully implement the [VY] CSP for all SSEP functions.
  • Scheduled Completion Date: July 31, 2019.

The above stated commitment is consistent with the revised Milestone 8 implementation date proposed by the licensee and evaluated by the NRC staff.

4.0 STATE CONSULTATION

In accordance with the Commissions regulations, the Vermont State Liaison Officer to the NRC was notified of the proposed issuance of the amendment on November 8, 2017 and provided with a draft of this Safety Evaluation. The State Liaison Officer responded by letter dated November 27, 2017 (ADAMS Accession No. ML17332A084).

The State of Vermont (State) did not raise technical objections to the amendment request. The State did, however, say that it observed items that it requested be considered. Two of these items related to consistency and editorial matters, which have been addressed. In its enclosed observations, the State also referred to VYs spent fuel zirconium-water reaction fire (Zirc-Fire) evaluation (Attachment 2 to the May 14, 2014, ENO request to allow VY to reduce emergency planning requirements and subsequently revise the VY Emergency Plan consistent with the

anticipated permanently defueled condition of the station, document at ADAMS Accession No. ML14080A141), which was referenced by ENO to support its current amendment request.

The State noted that it filed contentions indicating that the Zirc-Fire evaluation does not adequately consider spent fuel fires resulting from hostile actions. The State did, however, recognize that a subsequent agreement between the licensee and the Vermont Department of Emergency Management and Homeland Security mitigates the States concern in this area. In addition, the State noted that the 2014 evaluation does not credit that more than half of the licensees spent fuel inventory has been moved to dry cask storage systems, which according to the State, mitigates but does not eliminate its concern regarding Zirc-Fires.

The NRC staff issued the emergency planning exemption referenced by the State to VY on December 10, 2015 (ADAMS Accession No. ML15180A054). On June 23, 2016, in CLI-16-12 (ADAMS Accession No. ML16175A294), the Commission ruled that the State had not raised an admissible contention, sustained its approval of the Staffs recommendation to grant the exemption, and terminated the proceeding. The NRC staff further notes that it did not rely on the 2014 VY Zirc-Fire evaluation as a basis to support its finding for this Milestone 8 implementation schedule license amendment request. Accordingly, the NRC staff finds that the concerns identified by the State official do not impact the staffs safety conclusions for the proposed license amendment.

5.0 ENVIRONMENTAL CONSIDERATION

This amendment relates solely to safeguards matters and does not involve any significant construction impacts. This amendment is an administrative change to extend the date by which the licensee must have its CSP implemented. The Commission has previously issued a proposed finding that the amendment involves no significant hazards consideration, and there has been no public comment on such finding published in the Federal Register on August 15, 2017 (82 FR 38717). Accordingly, the amendments meet the eligibility criteria for categorical exclusion set forth in 10 CFR 51.22(c)(12). Pursuant to 10 CFR 51.22(b), no environmental impact statement or environmental assessment need be prepared in connection with the issuance of the amendments.

6.0 CONCLUSION

The Commission has concluded, based on the considerations discussed above, that: (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner; (2) there is reasonable assurance that such activities will be conducted in compliance with the Commissions regulations; and (3) the issuance of the amendments will not be inimical to the common defense and security or to the health and safety of the public.

Principal Contributor: Shyrl Coker, NSIR/DPCP/CSB

Retrieved from "https://kanterella.com/w/index.php?title=ML17335A505&oldid=2424822"