Proposed License Amendment Regarding Cyber Security Plan

ML093340070
Person / Time
Site:	Indian Point
Issue date:	11/19/2009
From:	Joseph E Pollock Entergy Nuclear Northeast, Entergy Nuclear Operations
To:	Document Control Desk, NRC/FSME, Office of Nuclear Reactor Regulation
References
NL-09-147
Download: ML093340070 (12)
v • d • e

Text

Enteray Nuclear Northeast Indian Point Energy Center 450 Broadway, GSB P.O. Box 249 Buchanan, NY 10511-0249 Tel 914 734 6700 Joseph Pollock Site Vice President Administration SECURITY-RELATED INFORMATION -WITHHOLD UNDER 10 CFR 2.390 November 19, 2009 NL-09-147 U.S. Nuclear Regulatory Commission ATTN: Document Control Desk Washington, DC 20555-0001

SUBJECT:

Proposed License Amendment Regarding Cyber Security Plan Indian Point Generating Unit Nos. 1, 2 and 3 Docket Nos.50-003, 50-247 and 50-286 License Nos. DPR-5, DPR-26 and DPR-64

Dear Sir or Madam:

Pursuant to 10 CFR 50.90, Entergy Nuclear Operations, Inc, (Entergy) hereby requests a License Amendment for Indian Point Nuclear Generating Units No. 1 (IP1), 2 (IP2) and 3 (IP3). This proposed amendment requests NRC approval of the Indian Point Cyber Security Plan and Implementation Schedule, and requests approval of an additional sentence to the existing Facility Operating License (FOL) Physical Protection license condition to require Entergy to fully implement the Cyber Security plan in accordance with the approved schedule and to maintain in effect all provisions of the Commission approved Cyber Security Plan.

Entergy has evaluated the proposed change in accordance with 10 CFR 50.91 (a)(1) using the criteria of 10 CFR 50.92 (c) and determined that this proposed change involves no significant hazards considerations, as described in Attachment 1. The marked-up pages showing the proposed change to the facility operating licenses are provided in Attachment 2. Attachment 3 provides a copy of the Indian Point Cyber Security Plan which is a standalone document that will be incorporated by reference into the Indian Point Security Plan upon approval. Attachment 4 provides deviations from the guidance used to develop the Cyber Security Plan. Attachment 5 provides the implementation schedule for the proposed Indian Point Cyber Security Plan as commitments. Entergy requests that Attachments 3, 4, and 5, which contain security related information, be withheld from public disclosure in accordance with 10 CFR 2.390.

SECURITY-RELATED INFORMATION -WITHHOLD UNDER 10 CFR 2.390 When Attachments 3, 4 and, 5 are removed, this letter no longer contains security related material

NL-09-147 Docket Nos.50-003, 50-247 and 50-286 Page 2 of 2 SECURITY-RELATED INFORMATION -WITHHOLD UNDER 10 CFR 2.390 A copy of this application and the associated attachments are being submitted to the designated New York State official in accordance with 10 CFR 50.91. If you have any questions or require additional information, please contact Mr. Robert Walpole, Manager, Licensing at (914) 734-6710.

I declare under penalty of perjury that the foregoing is true and correct. Executed on Il/ic 2009.

Sincerely, JEP/sp Attachments:

1.

2.

3.

4.

5.

Evaluation of the Proposed Change Marked up Facility Operating License Pages Indian Point Cyber Security Plan Deviations From NEI 08-09, Revision 3, Appendix A Indian Point Cyber Security Plan Commitments To An Implementation Schedule cc:

Mr. John P. Boska, Senior Project Manager, NRC NRR DORL Mr. Theodore Smith, Project Manager, NRC FSME DWMEP DURLD Mr. Samuel J. Collins, Regional Administrator, NRC Region 1 NRC Resident Inspectors Mr. Francis J. Murray, Jr., President and CEO, NYSERDA Mr: Paul Eddy, New York State Dept. of Public Service SECURITY-RELATED INFORMATION -WITHHOLD UNDER 10 CFR 2.390 When Attachments 3, 4, and 5 are removed this letter no longer contains security related material

ATTACHMENT 1 TO NL-09-147 EVALUATION OF THE PROPOSED CHANGE ENTERGY NUCLEAR OPERATIONS, INC.

INDIAN POINT NUCLEAR GENERATING UNITS NO. 1, 2 and 3 DOCKET NOs.50-003, 50-247, and 50-286

NL-09-147 Dockets50-003, 50-247 and 50-286 Page 1 of 5 INDIAN POINT ENERGY CENTER CYBER SECURITY PLAN SUBMITTAL EVALUATION OF PROPOSED CHANGE 1.0

SUMMARY

DESCRIPTION The proposed license amendment request (LAR) includes the proposed Indian Point Energy Center Cyber Security Plan (Plan), an Implementation Schedule, and a proposed sentence to be added to the existing FOL Physical Protection license condition.

2.0 DETAILED DESCRIPTION The proposed license amendment request (LAR) includes three parts: the proposed Plan, an Implementation Schedule, and a proposed sentence to be added to the existing FOL Physical Protection license condition to require Entergy Nuclear Operations Inc. (Entergy) to fully implement and maintain in effect all provisions of the Commission approved cyber security plan as required by 10 CFR 73.54. Federal Register notice issued the final rule that amended 10 CFR Part 73. The regulations in 10 CFR 73.54, "Protection of digital computer and communication systems and networks," establish the requirements for a cyber security program. This regulation specifically requires each licensee currently licensed to operate a nuclear power plant under Part 50 of this chapter to submit a cyber security plan that satisfies the requirements of the Rule. Each submittal must include a proposed implementation schedule and implementation of the licensee's cyber security program must be consistent with the approved schedule. The background for this application is addressed by the NRC Notice of Availability published on March 27, 2009, 74 FR 13926 (Reference 1).

3.0 TECHNICAL EVALUATION

Federal Register notice 74 FR 13926 issued the final rule that amended 10 CFR Part 73. Cyber security requirements are codified as new 10 CFR 73.54 and are designed to provide high assurance that digital computer and communication systems and networks are adequately protected against cyber attacks up to and including the design basis threat established by 10 CFR 73.1 (a)(1 (v). These requirements are substantial improvements upon the requirements imposed by EA-02-026 (Reference 2).

This proposed amendment conforms to the model Cyber Security Plan contained in Appendix A of NEI 08-09, "Cyber Security Plan Template", Revision 3, dated September 2009, for use by licensees in development of their own cyber security plans with deviations as identified and justified in Attachment 4. Deviations to Appendices D and E of NEI 08-09, Revision 3 are detailed in Attachment 1 of the IPEC Cyber Security Plan found in Attachment 3.

This LAR includes the proposed Plan (Attachment 3) that conforms to the template provided in NEI 08-09. In addition the LAR includes the proposed change to the existing FOL license condition for "Physical Protection" (Attachment 2). The LAR contains the proposed Implementation Schedule (Attachment 5) as required by 10 CFR 73.54. Attachment 4 explains deviations from NEI 08-09, Revision 3, Appendix A

NL-09-147 Dockets50-003, 50-247 and 50-286 Page 2 of 5

4.0 REGULATORY EVALUATION

4.1 Applicable Requlatory Requirements/Criteria This LAR is submitted pursuant to 10 CFR 73.54 which requires licensees currently licensed to operate a nuclear power plant under 10 CFR Part 50 to submit a Cyber Security Plan as specified in 10 CFR 50.4 and 10 CFR 50.90.

4.2 Significant Safety Hazards Consideration Entergy Nuclear Operations, Inc. (Entergy) has evaluated the proposed changes using the criteria in 10 CFR 50.92 and has determined that the proposed changes do not involve a significant hazards consideration. An analysis of the issue of no significant hazards consideration is presented below:

1.

Does the proposed change involve a significant increase in the probability or consequences of an accident previously evaluated?

Response: No.

The proposed change is required by 10 CFR 73.54 and includes three parts. The first part is the submittal of the Plan for NRC review and approval. The Plan conforms to the template provided in NEI 08-09 and provides a description of how the requirements'of the Rule will be implemented at Indian Point Energy Center. The Plan establishes the licensing basis for the Indian Point Energy Center Cyber Security Program. The Plan establishes how to achieve high assurance that nuclear'power plant digital computer and communication systems and networks associated with the following are adequately protected against cyber attacks up to and including the design basis threat:

1. Safety-related and important-to-safety functions,

2. Security functions,

3. Emergency preparedness functions including offsite communications, and

4. Support systems and equipment which if compromised, would adversely impact safety, security, or emergency preparedness functions.

Part one of the proposed change is designed to achieve high assurance that the systems are protected from cyber attacks. The Plan itself does not require any plant modifications.

However, the Plan does describe how plant modifications which involve digital computer systems are reviewed to provide high assurance of adequate protection against cyber attacks, up to and including the design basis threat as defined in the Rule. The proposed change does not alter the plant configuration, require new plant equipment to be installed, alter accident analysis assumptions, add any initiators, or effect the function of plant systems or the manner in which systems are operated, maintained, modified, tested, or inspected. The first part of the proposed change is designed to achieve high assurance that the systems within the scope of the Rule are protected from cyber attacks and has no impact on the probability or consequences of an accident previously evaluated.

The second part of the proposed change is an Implementation Schedule. The third part

NL-09-147 Dockets50-003, 50-247 and 50-286 Page 3 of 5 adds a sentence to the existing FOL license condition for Physical Protection. Both of these changes are administrative and have no impact on the probability or consequences of an accident previously evaluated.

Therefore, it is concluded that this change does not involve a significant increase in the probability or consequences of an accident previously evaluated.

2.

Does the proposed change create the possibility of a new or different kind of accident from any accident previously evaluated?

Response: No.

The proposed change is required by 10 CFR 73.54 and includes three parts. The first part is the submittal of the Plan for NRC review and approval. The Plan conforms to the template provided by NEI 08-09 and provides a description of how the requirements of the Rule will be implemented at Indian Point Energy Center. The Plan establishes the licensing basis for the Indian Point Energy Center Cyber Security Program. The Plan establishes how to achieve high assurance that nuclear power plant digital computer and communication systems and networks associated with the following are adequately protected against cyber attacks up to and including the design basis threat:

1. Safety-related and important-to-safety functions,

2. Security functions,

3. Emergency preparedness functions including offsite communications, and

4. Support systems and equipment which if compromised, would adversely impact safety, security, or emergency preparedness functions.

Part one of the proposed change is designed to achieve high assurance that the systems within the scope of the Rule are protected from cyber attacks. The Plan itself does not require any plant modifications. However, the Plan does describe how plant modifications involved digital computer systems are reviewed to provide high assurance of adequate protection against cyber attacks, up to and including the design basis threat defined in the Rule. The proposed change does not alter the plant configuration, require new plant equipment to be installed, alter accident analysis assumptions, add any initiators, or effect the function of plant systems or the manner in which systems are operated, maintained, modified, tested, or inspected. The first part of the proposed change is designed to achieve high assurance that the systems within the scope of the Rule are protected from cyber attacks and does not create the possibility of a new or different kind of accident from any previously evaluated.

The second part of the proposed change is an Implementation Schedule. The third part adds a sentence to the existing FOL license condition for Physical Protection. Both of these changes are administrative and do not create the possibility of a new or different kind of accident from any previously evaluated.

Therefore, the proposed change does not create the possibility of a new or different kind of accident from any previously evaluated.

NL-09-147 Dockets50-003, 50-247 and 50-286 Page 4 of 5

3.

Does the proposed change involve a significant reduction in a margin of safety?

Response: No.

The proposed change is required by 10 CFR 73.54 and includes three parts. The first part is the submittal of the Plan for NRC review and approval. The Plan conforms to the template provided by NEI 08-09 and provides a description of how the requirements of the Rule will be implemented at Indian Point Energy Center. The Plan establishes the licensing basis for the Indian Point Energy Center Cyber Security Program. The Plan establishes how to achieve high assurance that nuclear power plant digital computer and communication systems and networks associated with the following are adequately protected against cyber attacks up to and including the design basis threat:

1. Safety-related and important-to-safety functions,

2. Security functions,

3. Emergency preparedness functions including offsite communications, and

4. Support systems and equipment which if compromised, would adversely impact safety, security, or emergency preparedness functions.

Part one of the proposed change is designed to achieve high assurance that the systems within the scope of the Rule are protected from cyber attacks. Plant safety margins are established through Limiting Conditions for Operation, Limiting Safety System Settings and Safety limits specified in the Technical Specifications. Because there is no change to these established safety margins, the proposed change does not involve a significant reduction in a margin of safety.

The second part of the proposed change is an Implementation Schedule. The third part adds a sentence to the existing FOL license condition for Physical Protection. Both of these changes are administrative and do not involve a significant reduction in a margin of safety.

Therefore, the proposed change does not involve a significant reduction in a margin of safety.

Based on the above, ENO concludes that the proposed change presents no significant hazards consideration under the standards set forth in 10 CFR 50.92(c), and accordingly, a finding of no significant hazards consideration is justified.

4.3 Conclusion In conclusion, based on the considerations discussed above: (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner; (2) such activities will be conducted in compliance with the Commission's regulations; and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public.

NL-09-147 Dockets50-003, 50-247 and 50-286 Page 5 of 5

5.0 ENVIRONMENTAL CONSIDERATION

The proposed amendment establishes the licensing basis for a Cyber Security Program for Indian Point Energy Center and will be a part of the Physical Security Plan. This proposed amendment will not involve any significant construction impacts. Accordingly, the proposed Amendment meets the requirements of 10 CFR 51.22(c)(12). Pursuant to 10 CFR 51.22(b) no environmental impact statement or environmental assessment need be prepared in connection with the issuance of the amendment.

6.0 REFERENCES

1. Federal Register Notice, Final Rule 10 CFR Part 73, Power Reactor Security Requirements, published on March 27, 2009, 74 FR 13926.

2. EA-02-026, Order Modifying Licenses, Safeguards and Security Plan Requirements, issued February 25, 2002

ATTACHMENT 2 TO NL-09-146 MARKED UP FACILITY OPERATING LICENSE PAGES Affected Pages IP1 FOL Page 3 IP2 FOL Page 5 IP3 FOL Page 4 Additions are underlined and deletions are double strikeout ENTERGY NUCLEAR OPERATIONS, INC.

INDIAN POINT NUCLEAR GENERATING UNITS NO. 1, 2 and 3 DOCKET NOs.50-003, 50-247, and 50-286 and period of operation at each power level.

2.

Records showing the radioactivity released or discharged into the air or water beyond the effective control of ENO as measured at or prior to the point of such release or discharge.

3. Records of scrams, including reasons therefor.

4. Records of principal maintenance operations involving substitution or replacement of facility equipment or components and the reasons therefor.

5.

Records of radioactivity measurements at on-site and off-site monitoring stations.

6. Records of facility tests and measurements performed pursuant to the requirements of the Technical Specifications.

d)

ENO.hall fully implement and maintain in offect all provisions of the phySical SGcurtuard tIinin g an d qualification, ard saf'guards aontingRocY plans previously approved by the Commigsion -and-al amncudimnt aend reViions to such plans made pursuant to-thae of 10 F0R 5d0.90 and OCFR 50.54(p). The plans, whicontainfrt Safpouaeds Infmation protctedd uundoC 10 C7FR 73.21, a" s

entitled:

"Indian Point Station, Units 1 and 2 Physical SecurityPan"wtreion ubiedthrough July 26, 1989; "Indian Point Station, UiJRts 1 and 2, Security Guard Training and Qualification Plan, "with reSvisionsu Cngbmclad through December 8, 1986; and "Indian Point Station, Units 1 and 2,.

Safeguards Contingency Plan," with revisioens submidated thoug November 7,b6 1

dd.

ENO shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822), and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans' for the Indian Point Energy Center, which contain Safeguards Information protected under 10 CFR 73.21, is entitled: "Physical Security, Training and Qualification, and Safeguards Contingency Plan, Revision 0," and was submitted by letter dated October 14, 2004, as supplemented by letter dated May 18, 2006. ENO shall fully implement in accordance with an NRC approved implementation schedule and maintain in effect all provisions of the Comm ission-approved Indian Point Energy Center Cyber Security Plan submitted by letter dated November 19,2009 and withheld from public disclosure in accordance with 1 OCFR2.390.

1 The Training and Qualification Plan and Safeguards Contingency Plan are Appendices to the Security Plan.

Amendment No. 64 Indian Point Energy Center, which contain Safeguards Information protected under 10 CFR 73.21, is entitled: "Physical Security, Training and Qualification, and Safeguards Contingency Plan, Revision 0," and was submitted by letter dated October 14, 2004, as supplemented by letter dated May 18, 2006. ENO shall fully implement in accordance with an NRC approved implementation schedule and maintain in effect all provisions of the Commission-approved Indian Point Energy Center Cyber Security Plan submitted by letter dated November 19, 2009 and withheld from public disclosure in accordance with 10CFR2.390.

1.

Deleted per Amdt. 133, 7-6-88.

J.

Deleted per Amdt. 133, 7-6-88.

K.

ENO shall implement and maintain in effect all provisions of the NRC-approved fire protection program as described in the Updated Final Safety Analysis Report for the facility and as approved in the Safety Evaluations Reports dated November 30, 1977, February 3, 1978, January 31, 1979, October 31, 1980, August 22, 1983, March 30, 1984, October 16, 1984, September 16, 1985, November 13, 1985, March 4, 1987, January 12, 1989, and March 26, 1996.

ENO may make changes to the NRC-approved fire protection program without prior approval of the Commission only if those changes would not adversely affect the ability to achieve and maintain safe shutdown in the event of a fire.

L.

Deleted per Amendment 238 M.

Deleted per Amendment 238 N.

Mitigation Strategy License Condition The licensee shall develop and maintain strategies for addressing large fires and explosions and that include the following key areas:

(a) Fire fighting response strategy with the following elements:

1. Pre-defined coordinated fire response strategy and guidance

2. Assessment of mutual aid fire fighting assets

3. Designated staging areas for equipment and materials

4. Command and control

5. Training of response personnel (b) Operations to mitigate fuel damage considering the following:

1. Protection and use of personnel assets

2. Communications

3. Minimizing fire spread

4. Procedures for implementing integrated fire response strategy

5. Identification of readily-available pre-staged equipment

6. Training on integrated fire response strategy (c) Actions to minimize release to include consideration of:

1. Water spray scrubbing

2. Dose to onsite responders Revised by letter dated July 11, 2007 G.

ENO shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822), and to the authority of 10 CFR 50.90 and CFR 50.54(p). The combined set of plans1 for the Indian Point Energy Center, which contain Safeguards Information protected under 10 CFR 73.21, is entitled: "Physical Security, Training and Qualification, and Safeguards Contingency Plan, Revision 0," and was submitted by letter dated October 14, 2004, as supplemented by letter dated May 18, 2006. ENO shall fully implement in accordance with an NRC approved implementation schedule and maintain in effect all provisions of the Commission-approved Indian Point Energy Center Cyber Security Plan submitted by letter dated November 19, 2009 and withheld from public disclosure in accordance with 10CFR2.390.

H.

ENO shall implement and maintain in effect all provisions of the approved Fire Protection Program as described in the Final Safety Analysis Report for Indian Point Nuclear Generating Unit No. 3 and as approved in NRC fire protection safety evaluations (SEs) dated September 21, 1973, March 6. 1979, May 2, 1980, November 18, 1982, December 30, 1982, February 2, 1984, April 16, 1984, January 7, 1987, September 9, 1988, October 21, 1991, April 20, 1994, January 5, 1995, and supplements thereto, subject to the following provision:

ENO may make changes to the approved Fire Protection Program without prior approval of the Commission only if those changes would not adversely affect the ability to achieve and maintain safe shutdown in the event of a fire.

(DELETED)

Amdt. 205 2/27/01 J.

(DELETED)

Amdt. 205 2/27/01 K.

(DELETED)

Amdt.49 5-25-84 L.

(DELETED)

Amdt. 205 2/27/01 M.

(DELETED)

Amdt. 205 2/27/01 N.

(DELETED)

Amdt. 49 5-25-84 1 The Training and Qualification Plan and Safeguards Contingency Plan are Appendices to the Security Plan.

Revised by letter dated December 21, 2006