NOC-AE-10002502, Revised License Amendment Request for Approval of Cyber Security Plan
| ML100290367 | |
| Person / Time | |
|---|---|
| Site: | South Texas  |
| Issue date: | 01/25/2010 |
| From: | Bowman C South Texas |
| To: | Document Control Desk, Office of Nuclear Reactor Regulation |
| References | |
| NOC-AE-10002502, STI: 32596507 | |
| Download: ML100290367 (12) | |
Text
Nuclear Operating Company South Texas ProjectA'IctricGencrating Station P.. Box 289 Wadsworth, TeWas 77483 -
January 25, 2010 NOC-AE-10002502 10CFR50.90 U. S. Nuclear Regulatory Commission Attention: Document Control Desk One White Flint North 11555 Rockville Pike Rockville, MD 20852 South Texas Project Units 1 and 2 Docket Nos. STN 50-498, STN 50-499 Revised License Amendment Request for Approval of Cyber Security Plan
Reference:
Letter from STP Nuclear Operating Company to the NRC Document Control Desk, "License Amendment Request for Approval of Cyber Security Plan," dated November 19, 2009 (NOC-AE-09002480)
In the referenced letter, STP Nuclear Operating Company (STPNOC) requested an amendment to the Facility Operating Licenses (FOL) for South Texas Project Units 1 and 2. The submittal requested NRC approval of the STPNOC Cyber Security Plan, provided an Implementation Schedule, and added a sentence to the current FOL Physical Protection license condition requiring STPNOC to fully implement and maintain in effect all provisions of the Commission-approved Cyber Security Plan. Enclosure 1 to the referenced letter provided STPNOC's evaluation of the proposed change, including a determination that the proposed change does not involve a significant hazard consideration. As a result of subsequent discussions between the NRC Staff and the Nuclear Energy Institute on December 9, 2009, STPNOC has revised the determination of no significant hazards consideration included in the Regulatory Evaluation provided in Enclosure 1. of this submittal replaces Enclosure 1 of the referenced letter. Changes are indicated by revision bars in the right-hand margin. The final conclusions from the Regulatory Evaluation provided in the referenced letter remain valid and are not affected by the revised evaluation enclosed with this submittal. There are no changes in Attachments 1, 2, and 3 of Enclosure 1 to the referenced letter; they remain applicable to the amendment as requested. The attachments are incorporated in this submittal by reference only.
This letter contains no commitments.
STI: 32596507 4 A member of the STARS (Strategic Teaming and Resource Sharing) Alliance Callaway - Comanche Peak - Diablo Canyon - Palo Verde - San Onofre - South Texas Project - Wolf Creek
NOC-AE- 10002502 Page 2 of 3 In accordance with 10 CFR 50.91(b), STPNOC is notifying the State of Texas of this request for license amendment by providing a copy of this letter and its attachments.
If there are any questions regarding the proposed amendment, please contact Mr. Wayne Harrison at (361) 972-7298 or me at (361) 972-7454.
I declare under penalty of perjury that the foregoing is true and correct.
Executedon -JCW2ai4*j26.
DO Charles T. Bowman General Manager, Oversight tck/
Attachments: - Revised Evaluation of Proposed Change - STPNOC Cyber Security Plan
NOC-AE- 10002502 Page 3 of 3 cc:
(paper copy) (electronic copy)
Regional Administrator, Region IV A. H. Gutterman, Esquire U. S. Nuclear Regulatory Commission Morgan, Lewis & Bockius LLP 612 East Lamar Blvd, Suite 400 Arlington, Texas 76011-4125 Mohan C. Thadani U. S. Nuclear Regulatory Commission Mohan C. Thadani Kevin Howell Senior Project Manager Catherine Callaway U.S. Nuclear Regulatory Commission Jim von Suskil One White Flint North (MS 8B1 A) NRG South Texas LP 11555 Rockville Pike Rockville, MD 20852 Ed Alarcon Senior Resident Inspector J. J. Nesrsta U. S. Nuclear Regulatory Commission R. K. Temple P. O. Box 289, Mail Code: MN116 Kevin Polio Wadsworth, TX 77483 City Public Service oC. M. Canady Jon C. Wood City of Austin Cox Smith Matthews Electric Utility Department 721 Barton Springs Road C. Mele Austin, TX 78704 City of Austin Richard A. Ratliff Texas Department of State Health Services Alice Rogers Texas Department of State Health Services
NOC-AE- 10002502 Enclosure 1 Evaluation of Proposed Change Request for Approval of the STPNOC Cyber Security Plan 1.0 Summary Description 2.0 Detailed Description 3.0 Technical Evaluation 4.0 Regulatory Evaluation 4.1 Applicable Regulatory Requirements / Criteria 4.2 Significant Hazards Consideration 4.3 Conclusion 5.0 Environmental Consideration 6.0 References ATTACHMENTS - Marked FOL Pages - STPNOC Cyber Security Plan Implementation Schedule - STPNOC Cyber Security Plan Commitment Schedule
NOC-AE-10002502 Enclosure 1 Page 1 of 4 SOUTH TEXAS PROJECT UNITS 1 AND 2 REVISED LICENSE AMENDMENT REQUEST FOR APPROVAL OF CYBER SECURITY PLAN 1.0
SUMMARY
DESCRIPTION The proposed license amendment request (LAR) includes the proposed STPNOC Cyber Security Plan, an Implementation Schedule, and a proposed sentence to be added to the existing Facility Operating Licenses (FOL) Physical Protection license condition.
2.0 DETAILED DESCRIPTION The proposed license amendment request (LAR) includes three parts: the proposed Plan, an Implementation Schedule, and a proposed sentence to be added to the existing FOL Physical Protection license condition to require STPNOC to fully implement and maintain in effect all.
provisions of the Commission-approved cyber security plan as required by 10 CFR §73.54. The regulations in 10 CFR §73.54, "Protection of digital computer and communication systems and networks," establish the requirements for a cyber security program. This regulation specifically
,,requires each licensee currently licensed to operate a nuclear power plant under Part 50 of this chapter to submit a cyber security plan that satisfies the requirements of the Rule. Each submittal must include a proposed implementation schedule and implementation of the licensee's cyber security plan must be consistent with the approved schedule. The background for this application is addressed by the NRC Notice of Availability published on March 27, 2009, as 74 FR 13926 (Reference 1).
3.0 TECHNICAL EVALUATION
FederalRegister notice 74 FR 13926 issued the final rule that amended 10 CFR Part 73. Cyber security requirements are codified as new §73.54 and are designed to provide high assurance that digital computer and communication systems and networks are adequately protected against cyber attacks up to and including the design-basis threat established by §73.1 (a)(1)(v). These requirements are substantial improvements upon the requirements imposed by NRC Order EA 026 (Reference 2).
This LAR includes the proposed Plan (Enclosure 2) that is derived from the template provided in NEI 08-09, Rev. 3. In addition, the LAR includes the proposed change to the existing FOL license condition for "Physical Protection" (Attachment 1) and the proposed Implementation Schedule (Attachment 2) as required by 10 CFR §73.54.
NOC-AE- 10002502 Enclosure 1 Page 2 of 4
4.0 REGULATORY EVALUATION
4.1 APPLICABLE REGULATORY REQUIREMENTS / CRITERIA This LAR is submitted pursuant to 10 CFR §73.54 which requires licensees currently licensed to operate a nuclear power plant under 10 CFR Part 50 to submit a Cyber Security Plan as specified in §50.4 and §50.90.
4.2 SIGNIFICANT HAZARDS CONSIDERATION Federal Register Notice 74 FR 13926 issued the final rule that amended 10 CFR Part .73. Cyber security requirements are codified as new 10 CFR 73.54 and are designed to provide high assurance that digital computer and communication systems and networks are adequately protected against cyber attacks up to and including the design basis threat established by 10 CFR 73.1(a)(1)(v). This application requests NRC approval of the Cyber Security Plan for the South Texas Project (hereafter referred to as the Cyber Security Plan) in accordance with 10 CFR 73.54 and proposes changes to section F of Facility Operating Licenses NPF-76 and NPF-80 for South Texas Project Unit 1 and Unit 2, respectively, to incorporate the provisions for implementing and maintaining in effect the provisions of the approved Cyber Security Plan. The Cyber Security Plan is consistent with the template provided in Nuclear Energy Institute (NEI) 08-09, Revision 3, September 2009, "Cyber Security Plan for Nuclear Power Plants," and provides a description of how the requirements of the Rule will be implemented by STPNOC.
STPNOC has evaluated the proposed changes using the criteria in 10 CFR 50.92 and has determined that the proposed changes do not involve a significant hazards consideration. An
-analysis of the issue of no significant hazards consideration is presented below:
- 1. Do the proposed changes involve a significant increase in the probability or consequences of an accident previously evaluated?
Response: No The proposed change incorporates a new requirement in the Facility Operating Licenses to implement and maintain the Cyber Security Plan as part of the facility's overall program for physical protection. Inclusion of the Cyber Security Plan in the Facility Operating License itself does not involve any modifications to the safety related structures, systems or components (SSCs). Rather, the Cyber Security Plan describes how the requirements of 10 CFR 73.54 are to be implemented to identify, evaluate, and mitigate cyber attacks up to and including the design basis cyber attack threat, thereby achieving high assurance that the facility's digital computer and communications systems and networks are protected from cyber attacks. The implementation and incorporation of the Cyber Security Plan into the Facility Operating License will not alter previously evaluated Updated Final Safety Analysis Report (UFSAR) design basis accident analysis assumptions, add any accident initiators, or affect the function of the plant safety related SSCs as to how they are operated, maintained, modified, tested, or inspected.
NOC-AE-10002502 Enclosure I Page 3 of 4 Therefore, the proposed changes do not involve a significant increase in the probability or consequences of an accident previously evaluated.
- 2. Do the proposed changes create the possibility of a new or different kind of accident from any accident previously evaluated?
Response: No This proposed amendment provides assurance that safety related SSCs are protected from cyber attacks. Implementation of 10 CFR 73.54 and inclusion of the Cyber Security Plan in the Facility Operating Licenses do not result in the need for any new or different UFSAR design basis accident analysis. It does not introduce new equipment that could create a new or different kind of accident, and no new equipment failure modes are created. As aresult, no new accident scenarios, failure mechanisms, or limiting single failures are introduced as a result of this proposed amendment.
Therefore, the proposed change does not create the possibility of a new or different kind of accident from any previously evaluated.
.13. Do the proposed changes involve a significant reduction in a margin of safety?
Response: No The margin of safety is associated with the confidence in the ability of the fission product barriers (i.e., fuel cladding, reactor coolant pressure boundary, and containment structure) to limit the level of radiation to the public. The proposed amendment would not alter the way any safety related SSC functions and would not alter the way the plant is operated. The amendment provides assurance that safety related SSCs are protected from cyber attacks. The proposed amendment would not introduce any new uncertainties or change any existing uncertainties associated with any safety limit. The proposed amendment would have no impact on the structural integrity of the fuel cladding, reactor coolant pressure boundary, or containment structure. Based on the above considerations, the proposed amendment would not degrade the confidence in the ability of the fission product barriers to limit the level of radiation to the public.
Therefore the proposed change does not involve a reduction in a margin of safety.
Based on the above evaluations, STPNOC concludes that the proposed amendment presents no significant hazards under the standards set forth in 10 CFR 50.92(c) and, accordingly, a finding of "no significant hazards consideration" is justified.
4.3 CONCLUSION
In conclusion, based on the considerations discussed above: (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner; (2) such activities will be conducted in compliance with the Commission's regulations; and (3) the
NOC-AE-10002502 Enclosure 1 Page 4 of 4 issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public.
5.0 ENVIRONMENTAL CONSIDERATION
The proposed amendment establishes the licensing basis for a Cyber Security Plan for the South Texas Project and will be a part of the Physical Security Plan. This proposed amendment will not involve any significant construction impacts. Pursuant to 10 CFR 51.22(b)(12), no environmental impact statement or environmental assessment need be prepared in connection with the issuance of the amendment.
6.0 REFERENCES
- 1. Federal Register Notice, Final Rule 10 CFR Part 73, Power Reactor Security Requirements, published on March 27, 2009, 74 FR 13926
- 2. EA-02-026, Order Modifying Licenses, Safeguards and Security Plan Requirements, issued February 25, 2002
NOC-AE- 10002502 Page 1 of 1 ATTACHMENT 1 MARKED FOL PAGES Refer to previous correspondence dated November 19, 2009 (NOC-AE-09002480).
NOC-AE- 10002502 Page 1 of 1 ATTACHMENT 2 CYBER SECURITY PLAN IMPLEMENTATION SCHEDULE Refer to previous correspondence dated November 19, 2009 (NOC-AE-09002480).
NOC-AE- 10002502 Page 1 of 1 ATTACHMENT 3 STPNOC CYBER SECURITY PLAN COMMITMENT SCHEDULE Refer to previous correspondence dated November 19, 2009 (NOC-AE-09002480).
NOC-AE- 10002502 Page 1 of I ENCLOSURE 2 STPNOC Cyber Security Plan Refer to previous correspondence dated November 19, 2009 (NOC-AE-09002480).