ML20126G485
| ML20126G485 | |
| Person / Time | |
|---|---|
| Site: | Vogtle  |
| Issue date: | 04/30/2020 |
| From: | Bill Gleaves NRC/NRR/VPOB |
| To: | City of Dalton, GA, Georgia Power Co, MEAG Power, Oglethorpe Power Corp, Southern Nuclear Operating Co |
| Billy Gleaves x5848 | |
| Shared Package | |
| ML20057E069 | List: |
| References | |
| EPID L-2019-LLA-0287, LAR-19-020 | |
| Download: ML20126G485 (10) | |
Text
SECURITY RELATED INFORMATION WITHHOLD UNDER 10 CFR 2.390 SECURITY RELATED INFORMATION WITHHOLD UNDER 10 CFR 2.39 SAFETY EVALUATION BY THE OFFICE OF NEW REACTORS RELATED TO AMENDMENT NOS. 179 AND 178 TO THE COMBINED LICENSE NOS. NPF-91 AND NPF-92, RESPECTIVELY SOUTHERN NUCLEAR OPERATING COMPANY, INC.
GEORGIA POWER COMPANY OGLETHORPE POWER CORPORATION MEAG POWER SPVM, LLC MEAG POWER SPVJ, LLC MEAG POWER SPVP, LLC CITY OF DALTON, GEORGIA VOGTLE ELECTRIC GENERATING PLANT UNITS 3 AND 4 DOCKET NOS.52-025 AND 52-026
1.0 INTRODUCTION
On December 20, 2019 (Agencywide Documents Access and Management System (ADAMS)
Accession No. ML19354B986), Southern Nuclear Operating Company (SNC) submitted by letter to the U.S. Nuclear Regulatory Commission (NRC) a license amendment request (LAR) to Facility Operating License Nos. NPF-91 and NPF-92, issued to SNC, for the Vogtle Electric Generating Plant (VEGP), Units 3 and 4. The proposed amendment is titled, Cyber Security Plan Changes (LAR-19-020). LAR-19-020 requests changes to the VEGP Units 3 and 4 Cyber Security Plan (CSP) to identify the VEGP Units 1 and 2 CSP for cyber security protection of digital assets in systems common to VEGP Units 1 through 4, to align language in the VEGP Units 3 and 4 CSP with the corresponding elements of the CSP template approved for use by NRC contained in Nuclear Energy Institute (NEI) 08-09, Revision 6, including Addendum 1, and to enhance certain controls for the VEGP Units 3 and 4 protection and safety monitoring system (PMS).
SECURITY RELATED INFORMATION WITHHOLD UNDER 10 CFR 2.390 SECURITY RELATED INFORMATION WITHHOLD UNDER 10 CFR 2.39
2.0 REGULATORY EVALUATION
The license amendment request proposes changes to the VEGP Units 3 and 4 CSP to identify the VEGP Units 1 and 2 CSP for cyber security protection of digital assets in systems common to VEGP Units 1 through 4, to align language in the VEGP Units 3 and 4 CSP with the corresponding elements of NEI-08-09, Revision 6, including Addendum 1, and to enhance certain controls for the VEGP Units 3 and 4 PMS.
The requested amendment involves a departure from Tier 2 information requiring a license amendment under paragraph B.5.b; specifically, the departure from Tier 2 would result in a departure from a method of evaluation described in the plant-specific DCD used in establishing the design bases or in the safety analyses. Therefore, NRC approval is required prior to making the change to Tier 2 information.
The NRC staff considered the following regulatory requirements and guidance specific to its review of the December 20, 2019, license amendment request to accommodate proposed changes to the VEGP Units 3 and 4 CSP:
Part 52, Appendix D,Section VIII.B.5.a allows an applicant or licensee who references this appendix to depart from Tier 2 information, without prior NRC approval, unless the proposed departure involves a change to or departure from Tier 1 information, Tier 2* information, or the Technical Specifications, or requires a license amendment under paragraphs B.5.b or B.5.c of the section.
Title 10 of the Code of Federal Regulations (10 CFR) 52.79, Contents of applications; technical information in final safety analysis report, which states that the application must contain a final safety analysis report that describes the facility, presents the design bases and the limits on its operation, and presents a safety analysis of the structures, systems, and components of the facility as a whole. The final safety analysis report shall include the following information, which includes in part, a cyber security plan, requirements for its protection against unauthorized disclosure, and the details of its implementation.
10 CFR 73.1(a)(1)(v), A cyber attack. This part prescribes requirements for the establishment and maintenance of a physical protection system which, in part, will have capabilities for the protection of special nuclear material at fixed sites in which special nuclear material is used. A cyber attack is one of the design basis threats to be mitigated in the design of safeguards systems used to protect against acts of radiological sabotage and to prevent the theft or diversion of special nuclear material.
10 CFR 73.54(a), Protection of digital computer and communication systems and networks, which requires a licensee to develop a cyber security plan that will provide high assurance that digital computer and communication systems and networks are adequately protected against cyber attacks, up to and including the design basis threat as described in 10 CFR 73.1.
10 CFR 73.55, Requirements for Physical Protection of Licensed Activities in Nuclear Power Reactors against Radiological Sabotage. 10 CFR 73.55(a)(1) requires, in part, that each nuclear power reactor licensee shall implement the requirements of this section through its Commission-approved Cyber Security Plan. 10 CFR 73.55(b)(8) further requires these licensees to establish, maintain, and implement a cyber security program in accordance with 10 CFR 73.54. 10 CFR 73.55(m), Security program reviews, further requires, in part, that as a minimum the licensee shall review each element of the physical protection program at least
SECURITY RELATED INFORMATION WITHHOLD UNDER 10 CFR 2.390 SECURITY RELATED INFORMATION WITHHOLD UNDER 10 CFR 2.39 determined that the amendment involves no significant increase in the amounts, and no significant change in the types, of any effluents that may be released offsite, and that there is no significant increase in individual or cumulative occupational radiation exposure. The Commission has previously issued a proposed finding that the amendment involves no significant hazards consideration, and there has been no public comment on such finding, 85 FR 144 dated January 2, 2020. Accordingly, the amendment meets the eligibility criteria for categorical exclusion set forth in 10 CFR 51.22(c)(9). Pursuant to 10 CFR 51.22(b), no environmental impact statement or environmental assessment need be prepared in connection with the issuance of the amendment.
6.0 CONCLUSION
The staff has concluded, based on the considerations discussed in Section 3.1 that there is reasonable assurance that: (1) the health and safety of the public will not be endangered by operation in the proposed manner, (2) there is reasonable assurance that such activities will be conducted in compliance with the Commissions regulations, and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public. Therefore, the staff finds the changes proposed in this license amendment acceptable.2
7.0 REFERENCES
- 1. Southern Nuclear Operating Company, Vogtle Electric Generating Plant Units 3 and 4, Request for License Amendment: Cyber Security Plan Changes (LAR-19-020),
December 20, 2019 (ADAMS Accession No. ML19354B986).
- 2. Vogtle Electric Generating Plant Units 3 and 4, Cyber Security Plan, Revision 2, December 20, 2018 (non-public ADAMS Accession No. ML19038A402).
- 3. Nuclear Energy Institute, 08-09, Revision 6, Addendum 1 Markup, Cyber Security Plan for Nuclear Power Reactors, March 2017 (ADAMS Accession No. ML17079A423).
- 4. Combined License NPF-91 for Vogtle Electric Generating Plant Unit 3, Southern Nuclear Operating Company (ADAMS Accession No. ML14100A106).
- 5. Combined License NPF-92 for Vogtle Electric Generating Plant Unit 4, Southern Nuclear Operating Company (ADAMS Accession No. ML14100A135).
- 6. NRC Regulatory Guide 5.71, Revision 0, Cyber Security Programs for Nuclear Facilities, dated January 2010.
2 The staff notes that in various locations in the LAR submittal letter and its enclosures, SNC has stated, in different ways, the following:
SNC has reviewed the changes proposed in this LAR and determined that the proposed changes do not decrease the safeguards effectiveness of the plan; however, SNC has determined that a request for prior NRC approval constitutes the most prudent path forward.
Based on the nature of the proposed changes, the staff finds that the changes were appropriately submitted as part of a LAR.