NOC-AE-10002568, Submittal of License Amendment Request for Approval of Cyber Security Plan

From kanterella
Jump to navigation Jump to search
Submittal of License Amendment Request for Approval of Cyber Security Plan
ML102150159
Person / Time
Site: South Texas  STP Nuclear Operating Company icon.png
Issue date: 07/27/2010
From: Gerry Powell
South Texas
To:
Document Control Desk, Office of Nuclear Reactor Regulation
References
NOC-AE-10002568
Download: ML102150159 (12)
v  d  e


Text

ATTACHMENT 2 OF ENCLOSURE 1 AND ENCLOSURE 2 CONTAIN SECURITY-RELATED INFORMATION - WITHHOLD UNDER 10 CFR 2.390 Nuclear Operating Company South Texas Pmo/ect Electric Generatin$Station P.. Box 289 Wadsworth, Texas 77483 July 27, 2010 NOC-AE-10002568 10 CFR 50.90 U. S. Nuclear Regulatory Commission Attention: Document Control Desk One White Flint North 11555 Rockville Pike Rockville, MD 20852 South Texas Project Units 1 and 2 Docket Nos. STN 50-498, STN 50-499 Submittal of License Amendment Request for Approval of Cyber Security Plan

Reference:

1. Letter from STP Nuclear Operating Company to the NRC Document Control Desk, "License Amendment Request for Approval of Cyber Security Plan," dated November 19, 2009 (NOC-AE-09002480)
2. Letter-from STP Nuclear Operating Company to the NRC Document Control Desk, "Revised License Amendment Request for Approval of Cyber Security Plan," dated January 25, 2010 (NOC-AE-10002502)

In the referenced letters, STP Nuclear Operating Company (STPNOC) requested a license amendment to the Facility Operating Licenses (FOL) for South Texas Project Units 1 and 2. The proposed amendment requested NRC approval to implement the STPNOC Cyber Security Plan.

STPNOC hereby withdraws this previously submitted amendment request and proposes instead the License Amendment Request found in Enclosure 1 of this letter. provides an evaluation of the proposed change. Enclosure 1 also contains the following attachments:

" Attachment 1 provides the existing FOL pages marked up to show the proposed change.

" Attachment 2 provides the STPNOC Cyber Security Plan Implementation Schedule.

" Attachment 3 provides the STPNOC Cyber Security Plan Commitment Schedule.

STI: 32695793 A member of the STARS (Strategic Teaming and Resource Sharing) Alliance 4 Callaway - Comanche Peak - Diablo Canyon - Palo Verde - San Onofre - South Texas Project - Wolf Creek

ATTACHMENT 2 OF ENCLOSURE 1 AND ENCLOSURE 2 CONTAIN SECURITY-RELATED INFORMATION - WITHHOLD UNDER 10 CFR 2.390 NOC-AE-10002568 Page 2 of 3 provides a copy of the STPNOC Cyber Security Plan which is a standalone document that will be incorporated by reference into the STPNOC Physical Security Plan upon approval. Enclosure 2 also contains Attachment 1 which provides a description of changes to un-bracketed text of NEI 08-09, Revision 6. of Enclosure 1 provides a copy of the STPNOC Cyber Security Plan Implementation Schedule. STPNOC requests that Attachment 2 of Enclosure 1, which contains security sensitive information, be withheld from public disclosure in accordance with 10 CFR 2.390. provides a copy of the STPNOC Cyber Security Plan which is a standalone document that will be incorporated by reference into the STPNOC Physical Security Plan upon approval. STPNOC requests that Enclosure 2, which contains security sensitive information, be withheld from public disclosure in accordance with 10 CFR 2.390.

The commitment in this letter is contained in Attachment 3 of Enclosure 1.

In accordance with 10 CFR 50.91(b), STPNOC is notifying the State of Texas of this request for license amendment by providing a copy of this letter and its attachments.

STPNOC requests an implementation period of 90 days following NRC approval of the license amendment.

If there are any questions regarding the proposed amendment, please contact Mr. Wayne Harrison at (361) 972-7298 or me at (361) 972-8720 I declare under penalty of perjury that the foregoing is true and correct.

Executed on J4 Date G. T. Powell Vice President, Engineering tck/ - Evaluation of Proposed Change - STPNOC Cyber Security Plan

ATTACHMENT 2 OF ENCLOSURE I AND ENCLOSURE 2 CONTAIN SECURITY-RELATED INFORMATION - WITHHOLD UNDER 10 CFR 2.390 NOC-AE-10002568 Page 3 of 3 cc:

(paper copy) (electronic copy)

Regional Administrator, Region IV A. H. Gutterman, Esquire.

U. S. Nuclear Regulatory Commission Morgan, Lewis & Bockius LLP 612 East Lamar Blvd, Suite 400 Arlington, Texas 76011-4125 Mohan C. Thadani U. S. Nuclear Regulatory Commission Mohan C. Thadani John Ragan Senior Project Manager Catherine Callaway U.S. Nuclear Regulatory Commission Jim von Suskil One White Flint North (MS 8B1A) NRG South Texas LP 11555 Rockville Pike Rockville, MD 20852 Ed Alarcon Senior Resident Inspector Kevin Polio U. S. Nuclear Regulatory Commission Richard Pena P. 0. Box 289, Mail Code: MN1 16 City Public Service Wadsworth, TX 77483 Peter Nemeth Carin, Caton, & James Jon C. Wood Cox Smith Matthews C. Mele City of Austin C. M. Canady Richard A. Ratliff City of Austin Texas Department of State Health Electric Utility Department Services 721 Barton Springs Road Austin, TX 78704 Alice Rogers Texas Department of State Health Services

NOC-AE-10002568 Enclosure 1 Evaluation of Proposed Change Request for Approval of the STPNOC Cyber Security Plan 1.0 Summary Description-2.0 Detailed Description 3.0 Technical Evaluation 4.0 Regulatory Evaluation 4.1 Applicable Regulatory Requirements / Criteria 4.2 Significant Hazards Consideration 5.0 Environmental Consideration 6.0 References ATTACHMENTS - Marked FOL pages - STPNOC Cyber Security Plan Implementation Schedule. - STPNOC Cyber Security Plan commitment schedule.

NOC-AE-10002568 Enclosure 1 Page 1 of 4 1.0

SUMMARY

DESCRIPTION The proposed license amendment request (LAR) includes the proposed STPNOC Cyber Security Plan, an Implementation Schedule, and a proposed sentence to be added to the existing FOL Physical Protection license condition.

2.0 DETAILED DESCRIPTION The proposed license amendment request (LAR) includes three parts: the proposed Plan, an Implementation Schedule, and a proposed sentence to be added to the existing FOL Physical Protection license condition to require STPNOC to fully implement and maintain in effect all provisions of the Commission-approved cyber security plan as required by 10 CFR §73.54. The regulations in 10 CFR §73.54, "Protection of digital computer and communication systems and networks," establish the requirements for a cyber security program. This regulation specifically requires each licensee currently licensed to operate a nuclear power plant under Part 50 of this chapter to submit a cyber security plan that satisfies the requirements of the Rule. Each submittal must include a proposed implementation schedule and implementation of the licensee's cyber security program must be consistent with the approved schedule. The background for this application is addressed by the NRC Notice of Availability published on March 27, 2009, 74 FR 13926 (Reference 1).

3.0 TECHNICAL EVALUATION

FederalRegister notice 74 FR 13926 issued the final rule that amended 10 CFR Part 73. Cyber security requirements are codified as new §73.54 and are designed to provide high assurance that digital computer and communication systems and networks are adequately protected against cyber attacks up to and including the design-basis threat established by § 73.1 (a)(1)(v). These requirements are substantial improvements upon the requirements imposed by NRC Order EA-02-026 (Reference 2).

This LAR includes the proposed Plan (Enclosure 2) that is derived from the template provided in NEI 08-09, Rev. 6. In addition, the LAR includes the proposed change to the existing FOL license condition for "Physical Protection" (Attachment 1) and the proposed Implementation Schedule (Attachment 2) as required by 10 CFR §73.54.

4.0 REGULATORY EVALUATION

4.1 APPLICABLE REGULATORY REQUIREMENTS / CRITERIA This LAR is submitted pursuant to 10 CFR §73.54 which requires licensees currently licensed to operate a nuclear power plant under 10 CFR Part 50 to submit a Cyber Security Plan as specified in

§50.4 and §50.90.

NOC-AE- 10002568 Enclosure I Page 2 of 4 4.2 SIGNIFICANT HAZARDS CONSIDERATION Federal Register Notice 74 FR 13926 issued the final rule that amended 10 CFR Part 73. Cyber security requirements are codified as new 10 CFR 73.54 and are designed to provide high assurance that digital computer and communication systems and networks are adequately protected against cyber attacks up to and including the design basis threat established by 10 CFR 73.1(a)(1)(v). This application requests NRC approval of the Cyber Security Plan for the South Texas Project in accordance with 10 CFR 73.54 and proposes changes to section F of the FOL Nos. NPF-76 and NPF-80 for the South Texas Project Electric Generating Station Unit 1 and Unit 2 respectively to incorporate the provisions for implementing and maintaining in effect the provisions of the approved Cyber Security Plan. The Cyber Security Plan is consistent with the template provided in Nuclear Energy Institute (NEI) 08-09, Revision 6, April 2010, "Cyber Security Plan for Nuclear Power Plants," and provides a description of how the requirements of the Rule will be implemented at STPNOC.

STPNOC has evaluated the proposed changes using the criteria in 10 CFR 50.92 and has determined that the proposed changes do not involve a significant hazards consideration. An analysis of the issue of no significant hazards consideration is presented below:

1. Do the proposed changes involve a significant increase in the probability or consequences of an accident previously evaluated?

Response: No The proposed change incorporates a new requirement in the FOL to implement and maintain the Cyber Security Plan as part of the facility's overall program for physical protection. Inclusion of the Cyber Security Plan in the FOL itself does not involve any modifications to the safety related structures, systems or components (SSCs). Rather, the Cyber Security Plan describes how the requirements of 10 CFR 73.54 are to be implemented to identify, evaluate, and mitigate cyber attacks up to and including the design basis cyber attack threat, thereby achieving high assurance that the facility's digital computer and communications systems and networks are protected from cyber attacks. The implementation and incorporation of the Cyber Security Plan into the FOL will not alter previously evaluated Updated Final Safety Analysis Report (UFSAR) design basis accident analysis assumptions, add any accident initiators, or affect the function of the plant safety related SSCs as to how they are operated, maintained, modified, tested, or inspected.

Therefore, the proposed changes do not involve a significant increase in the probability or consequences of an accident previously evaluated.

NOC-AE- 10002568 Enclosure 1 Page 3 of 4

2. Do the proposed changes create the possibility of a new or different kind of accident from any accident previously evaluated?

Response: No This proposed amendment provides assurance that safety related SSCs are protected from cyber attacks. Implementation of 10 CFR 73.54 and the inclusion of the Cyber Security Plan in the FOL do not result in the need of any new or different UFSAR design basis accident analysis. It does not introduce new equipment that could create a new or different kind of accident, and no new equipment failure modes are created. As a result, no new accident scenarios, failure mechanisms, or limiting single failures are introduced as a result of this proposed amendment.

Therefore, the proposed change does not create the possibility of a new or different kind of accident from any previously evaluated.

3. Do the proposed changes involve a significant reduction in a margin of safety?

Response: No The margin of safety is associated with the confidence in the ability of the fission product barriers (i.e., fuel cladding, reactor coolant pressure boundary, and containment structure) to limit the level of radiation -to the public. The proposed amendment would not alter the way any safety related SSC functions and would not alter the way the plant is operated. The amendment provides assurance that safety related SSCs are protected from cyber attacks. The proposed amendment would not introduce any new uncertainties or change any existing uncertainties associated with any safety limit. The proposed amendment would have no impact on the structural integrity of the fuel cladding, reactor coolant pressure boundary, or containment structure. Based on the above considerations, the proposed amendment would not degrade the confidence in the ability of the fission product barriers to limit the level of radiation to the public.

Therefore the proposed change does not involve a reduction in a margin of safety.

Based on the above evaluations, STPNOC concludes that the proposed amendment presents no significant hazards under the standards set forth in 10 CFR 50.92(c) and, accordingly, a finding of "no significant hazards consideration" is justified

4.3 CONCLUSION

In conclusion, based on the considerations discussed above: (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner; (2) such activities will be conducted in compliance with the Commission's regulations; and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public.

NOC-AE- 10002568 Enclosure 1 Page 4 of 4

5.0 ENVIRONMENTAL CONSIDERATION

The proposed amendment establishes the licensing basis for a Cyber Security Program for the South Texas Project and will be a part of the Physical Security Plan. This proposed amendment will not involve any significant construction impacts. Pursuant to 10 CFR 51.22(b)(12), no environmental impact statement or environmental assessment need be prepared in connection with the issuance of the amendment.

6.0 REFERENCES

1. Federal Register Notice, Final Rule 10 CFR Part 73, Power Reactor Security Requirements, published on March 27, 2009, 74 FR 13926.
2. EA-02-026, Order Modifying Licenses, Safeguards and Security Plan Requirements, issued February 25, 2002.

NOC-AE-10002568 Attachment 1 Page 1 of 4 Attachment 1 Operating Licenses Marked with Proposed Changes

NOC-AE-10002568 Attachment 1 Page 2 of 4 SOUTH TEXAS LICENSE (1) The facility has been granted a schedular exemption from Section 50.71 (e)(3)(i) of 10 CFR 50 to extend the date for submittal of the updated Final Safety Analysis Report to no later than one year after the date of issuance of a low power license for the South Texas Project, Unit 2. This exemption is effective until August 1990. The staff's environmental assessment was published on December 16, 1987 (52 FR 47805).

E. Fire Protection STPNOC shall implement and maintain in effect all provisions of the approved fire protection program as described in the Final Safety Analysis Report through Amendment No. 55 and the Fire Hazards Analysis Report through Amendment No. 19, and submittals dated April 29, May 7, 8 and 29, June 11, 25 and 26, 1987, February 3, March 3, and November 20, 2009; January 20, 2010; and as approved in the SER (NUREG-0781) dated April 1986 and its Supplements, subject to the following provision:

STPNOC may make changes to the approved fire protection program without prior approval of the Commission, only if those changes would not adversely affect the ability to achieve and maintain safe shutdown in the event of a fire.

F. Physical Security STPNOC shall fully implement and maintain in effect all provisions of the physical security, guard training and qualification, and safeguards contingency plans previously approved by the Commission and all amendments and revisions to such plans made pursuant to the authority under 10 CFR 50.90 and 10 CFR 50.54(p).

The licensee shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822), and the authority of 10 CFR 50.90 and 10 CFR 50.54(p) . The combined set of plans, which contains Safeguards Information protected under 10 CFR 73 .21, is entitled: "South Texas Project Electric Generating Station Security, Training and Qualification, and Safeguards Contingency Plan, Revision 2" submitted by letters dated May 17 and 18, 2006.

SftP-5NOC shall fully-impleme~nt and maiintain in ef-fect all provisions of the' comms~sin-ap~ovd SPNOC, yber Securit Plan submitted by letter dated July Amendment No. M

NOC-AE-10002568 Attachment 1 Page 3 of 4 SOUTH TEXAS LICENSE G. Not Used H. Financial Protection The owners shall have and maintain financial protection of such type and in such amounts as the Commission shall require in accordance with Section 170 of the Atomic Energy Act of 1954, as amended, to cover public liability claims.

1. Effective Date and Expiration This license is effective as of the date of issuance and shall expire at midnight on August 20, 2027.

FOR THE NUCLEAR REGULATORY COMMISSION original signed by Thomas E. Murley, Director Office of Nuclear Reactor Regulation

Enclosures:

1. Appendix A, Technical Specifications (NUREG-1305)
2. Appendix B, Environmental Protection Plan Date of Issuance: March 22, 1988 Amendment No.

NOC-AE- 10002568 Attachment 1 Page 4 of 4 (2) The facility was previously granted exemption from the criticality monitoring requirements of 10 CFR 70.24 (See Materials License No. SNM-1 983 dated August 30, 1988 and Section III.E. of the SER dated August 30, 1988). The South Texas Project Unit 2 is hereby exempted from the criticality monitoring provisions of 10 CFR 70.24 as applied to fuel assemblies held under this license.

(3) The facility requires a temporary exemption from the schedular requirements of the decommissioning planning rule, 10 CFR 50.33(k) and 10 CFR 50.75. The justification for this exemption is contained in Section 22.2 of Supplement 6 to the Safety Evaluation Report. The staff's environmental assessment was published on December 16, 1988 (53 FR 50604). Therefore, pursuant to 10 CFR 50.12(a)(1),

50.12(a)(2)(ii) and 50.12(a)(2)(v), the South Texas Project, Unit 2 is hereby granted a temporary exemption from the schedular requirements of 10 CFR 50.33(k) and 10 CFR 50.75 and is required to submit the decommissioning plan for both South Texas Project, Units 1 and 2 on or before July 26, 1990.

E. Fire Protection STPNOC shall implement and maintain in effect all provisions of the approved fire protection program as described in the Final Safety Analysis Report through Amendment No. 62 and the Fire Hazards Analysis Report through Amendment No. 19, and submittals dated April 29, May 7, 8 and 29, June 11, 25 and 26, 1987, February 3, March 3, and November 20, 2009; January 20, 2010; and as approved in the SER (NUREG-0781) dated April 1986 and its Supplements, subject to the following provisions:

STPNOC may make changes to the approved fire protection program without prior approval of the Commission, only if those changes would not adversely affect the ability to achieve and maintain safe shutdown in the event of a fire.

F. Physical Security The licensee shall fully implement and maintain in effect all provisions of the Commission-.

approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822), and the authority of 10 CFR 50.90 and 10 CFR 50 .54(p) . The combined set of plans, which contain Safeguards Information protected under 10 CFR 73 .21, is entitled: "South Texas Project Electric Generating Station Security, Training and Qualification, and Safeguards Contingency Plan, Revision 2" submitted by letters dated May 17 and 18, 2006.

~TPOCshal full -imntadmintin inheffect all provisions of the Commission-a stte proved S Plan submitted by dated Ju G. Not Used Amendment No. 1i

Retrieved from "https://kanterella.com/w/index.php?title=NOC-AE-10002568,_Submittal_of_License_Amendment_Request_for_Approval_of_Cyber_Security_Plan&oldid=2129837"