WO 10-0048, Revision to Renewed Facility Operating License and Request for Approval of the Cyber Security Plan

From kanterella
(Redirected from WO 10-0048)
Jump to navigation Jump to search
Revision to Renewed Facility Operating License and Request for Approval of the Cyber Security Plan
ML11201A167
Person / Time
Site: Wolf Creek Wolf Creek Nuclear Operating Corporation icon.png
Issue date: 07/19/2010
From: Hedges S
Wolf Creek
To:
Document Control Desk, Office of Nuclear Reactor Regulation
References
WO 10-0048
Download: ML11201A167 (14)
v  d  e


Text

WO LF CREEK 'NUCLEAR OPERATING CORPORATION July 19, 2010 Stephen E. Hedges Site Vice President WO 10-0048 U. S. Nuclear Regulatory Commission ATTN: Document Control Desk Washington, DC 20555

Reference:

1) Letter WO 09-0044, dated November 23, 2009, from -M. W.

Sunseri, WCNOC to NRC

2) Letter dated May 20, 2010, from B. K. Singal, NRC, to M. W.

Sunseri, WCNOC

3) NEI 08-09, "Cyber Security Plan for Nuclear Power Reactors,"

Revision 6

Subject:

Docket No. 50-482: Revision to Renewed Facility Operating License and Request for Approval of the Cyber Security Plan Gentlemen:

Reference 1 submitted Wolf Creek Nuclear Operating Corporation's (WCNOC) request for revision to Renewed Facility Operating License and request for approval of the Cyber Security plan. Reference 2 identified that this submittal had been based on an earlier version Nuclear Energy Institute guidance with which the NRC staff had significant concerns. Therefore, WCNOC wishes to withdraw the request made by reference 1 and resubmit the attached, revised, application pursuant to 10 CFR 50.90.

WCNOC is submitting a request for an amendment to Renewed Facility Operating License No.

NPF-42 for the Wolf Creek Generating Station (WCGS) and requesting Commission review and approval of a cyber security plan in accordance with 10 CFR 73.54. WCNOC is proposing to revise Section 2.E. of the Renewed Facility Operating License to incorporate the provisions for implementing and maintaining in effect the provisions of the approved cyber security plan.

Attachment I provides an evaluation of the proposed change. Attachment II provides the existing, Renewed Facility Operating License marked up to show the proposed change.

Attachment III provides the Renewed Facility Operating License changes in final typed format.

Attachment IV provides a List of Regulatory Commitments made in this submittal.

P.O. Box 411 / Burlington, KS 66839 / Phone: (620) 364-8831 An Equal Opportunity Employer M/F/HCNET

WO 10-0048 Page 2 of 3 Enclosure I provides a copy of the Cyber Security Plan for Wolf Creek Nuclear Operating Corporation, Wolf Creek Generating Station, which is a standalone document that will be incorporated by reference into the Wolf Creek Security Plan, Training and Qualification Plan, and Safeguards Contingency Plan upon approval. The cyber security plan is consistent with guidance in Reference 3. Enclosure Ii provides a copy of the Cyber Security Plan Implementation Schedule. Enclosure III provides a Deviation Table which includes a description of changes to the un-bracketed text of Nuclear Energy Institute (NEI) 08-09, Revision 6.

It has been determined that this amendment application does not involve a significant hazard consideration as determined per 10 CFR 50.92. This amendment application was reviewed by the Plant Safety Review Committee. In accordance with 10 CFR 50.91, a copy of this amendment application, with attachments, is being provided to the designated Kansas State official.

If you have any questions concerning this matter, please contact me at (620) 364-4190, or Mr.

Richard D. Flannigan, Manager Regulatory Affairs at (620) 364-4117.

Sincerely, St h E. Hedges SEH/rlt

Attachment:

I Evaluation of Proposed Change II Proposed Renewed Facility Operating License Changes (Mark-up)

III Retyped Renewed Facility Operating License Changes IV List of Regulatory Commitments

Enclosure:

I Cyber Security Plan for Wolf Creek Nuclear Operating Corporation, Wolf Creek Generating Station II Cyber Security Plan Implementation Schedule III Deviation Table (Description of Changes to Un-Bracketed Text of NEI 08-09, Revision 6) cc: E. E. Collins (NRC), w/a, w/e T. A. Conley, (KDHE), w/a G. B. Miller (NRC), w/a, w/e B. K. Singal (NRC), w/a, w/e Senior Resident Inspector (NRC), w/a, w/e

WO 10-0048 Page 3 of 3 STATE OF KANSAS )

COUNTY OF COFFEY )

Stephen E. Hedges, of lawful age, being first duly sworn upon oath says that he is Site Vice President of Wolf Creek Nuclear Operating Corporation; that he has read the foregoing document and knows the contents thereof; that he has executed the same for and on behalf of said Corporation with full power and authority to do so; and that the facts therein stated are true and correct to the best of his knowledge, information and belief.

By Stephe .' I-edges Site Vice P sident SUBSCRIBED and sworn to before me this 19 tv day of TU Iq ,2010.

Notary Public RHONDA L.TIEMEYER 01,~OFCIL MY COMMISSION EXPIRES Expiration Date km ) iLI/ '01A/

Attachment I to WO 10-0048 Page 1 of 5 EVALUATION OF PROPOSED CHANGE

Subject:

Revision to Renewed Facility Operating License and Request for Approval of the Cyber Security Plan

1.

SUMMARY

DESCRIPTION

2. DETAILED DESCRIPTION
3. TECHNICAL EVALUATION
4. REGULATORY EVALUATION 4.1 Applicable Regulatory Requirements/Criteria 4.2 Significant Hazards Consideration 4.3 Conclusions
5. ENVIRONMENTAL CONSIDERATION
6. REFERENCES

Attachment I to WO 10-0048 Page 2 of 5

1.

SUMMARY

DESCRIPTION Pursuant to 10 CFR 50.90, Wolf Creek Nuclea..r Operating Corporation (WCNOC) is submitting a request for an amendment to Renewed Facility Operating License No. NPF-42 for the Wolf Creek Generating Station (WCGS) and requesting Commission review and approval of a cyber security plan in accordance with 10 CFR 73.54. WCNOC is proposing to revise Section 2.E. of the Renewed Facility Operating License to incorporate the provisions for implementing and maintaining in effect the provisions of the approved cyber security plan.

2. DETAILED DESCRIPTION The proposed license amendment request (LAR) includes three parts: the proposed cyber security plan, proposed changes to Section 2.E. of the Renewed Facility Operating License, and a Cyber Security Plan Implementation Schedule.

A new paragraph is proposed to be added to paragraph 2.E. of the Renewed Facility Operating License as follows:

The licensee shall fully implement and maintain in effect all provisions of the Commission-approved Cyber Security Plan, including amendments made pursuant to provision of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10.CFR 50.54(p). The Cyber Security Plan entitled: "Cyber Security Plan for Wolf Creek Nuclear Operating Corporation, Wolf Creek Generating Station," was submitted on July .1.9, 2010.

The regulations in 10 CFR 73.54, "Protection of digital computer and communication systems and networks," establish the requirements for a cyber security program. This regulation specifically requires each licensee currently licensed to operate a nuclear power plant under Part 50 of this chapter to submit a cyber security plan that satisfies the requirements of the Rule. Each submittal must include a proposed implementation schedule and implementation of the cyber security program must be consistent with the approved schedule. Enclosure I provides the "Cyber Security Plan for Wolf Creek Nuclear Operating Corporation, Wolf Creek Generating Station," (hereafter referred to as Cyber Security Plan). Enclosure II provides the Cyber Security Plan Implementation Schedule.

3. TECHNICAL EVALUATION Federal Register notice 74 FR 13926 (Reference 1) issued the final rule that amended 10 CFR Part 73. Cyber security requirements are codified as new 10 CFR 73.54 and are designed to provide high assurance that digital computer and communication systems and networks are adequately protected against cyber attacks up to and including the design basis threat established by § 73.1(a)(1)(v). These requirements are substantial improvements upon the requirements imposed by EA-02-026 (Reference 2).

Attachment I to WO 10-0048 Page 3 of55 Nuclear Energy Institute (NEI) 08-09, Revision 6, April 2010, "Cyber Security Plan for Nuclear Power Plants," (Reference 3) has been issued for use by licensees in development of their own cyber security plans. NEI 08-09 describes a defensive strategy that consists of a defensive architecture and set of security controls that are based on the NIST SP 800-82, Final Public Draft, dated September 29, 2008, "Guide to Industrial Control System Security," and NIST SP 800-53, Revision 2, "Recommended Security Controls for Federal Information Systems" standards. The security controls contained, in NEI 08-09 Appendices D and E are tailored for use in nuclear facilities and are based on NIST SP 800-82 and NIST SP 800-53.

This amendment request includes a proposed Cyber Security Plan (Enclosure I) that is consistent with the template provided in NEI 08-09, Revision 6. In addition, the amendment request includes proposed changes to paragraph 2.E. of the existing Renewed Facility Operating License (Attachment II). A proposed Cyber Security Plan Implementation Schedule as required by 10 CFR 73.54 is provided in Enclosure I1. Enclosure III provides a Deviation Table that provides a description of the changes to the un-bracketed text of NEI 08-09, Revision 6, and a justification for those changes.

4. REGULATORY EVALUATION 4.1 Applicable Regulatory Requirements/Criteria 10 CFR 73.54 requires licensees currently licensed to operate a nuclear power plant under 10 CFR Part 50 to submit a cyber security plan as specified in 50.4 and 50.90. 10 CFR 50.73(a) requires each licensee subject to the requirements of this section shall provide high assurance that digital computer and communication systems and networks are adequately protected against cyber attacks, up to and including the design basis threat as described in 10 CFR 73.1.

4.2 No Significant Hazards Consideration Federal Register notice 74 FR 13926 issued the final rule that amended 10 CFR Part 73.

Cyber security requirements are codified as new 10 CFR 73.54 and are designed to provide high assurance that digital computer and communication systems and networks are adequately protected against cyber attacks up to and including the design basis threat established by 10 CFR 73.1(a)(1)(v). This application requests NRC approval of the "Cyber Security Plan for Wolf Creek Nuclear Operating Corporation, Wolf Creek Generating Station," (hereafter referred to as Cyber Security Plan) in accordance with 10 CFR 73.54 and proposes changes to Section 2.E of the Renewed Facility Operating License No. NPF-42 for the Wolf Creek Generating Station (WCGS) to incorporate the provisions for implementing and maintaining in effect the provisions of the approved Cyber Security Plan. The cyber security plan is consistent with the template provided in Nuclear Energy Institute (NEI) 08-09, Revision 6, April 2010, "Cyber Security Plan for Nuclear Power Plants," and provides a: description of how the requirements of the Rule will be implemented at WCGS.

WCNOC has evaluated whether or not a significant hazards consideration is involved with the proposed amendment by focusing on the three standards set forth in 10 CFR 50.92, Issuance of amendment, as discussed below:

1. Do the proposed changes involve a significant increase in the probability or consequences of an accident previously evaluated?

Attachment I to WO 10-0048 Page 4 of 5 Response: No The proposed change incorporates a new requirement in the Renewed Facility Operating License to implement and maintain the Cyber Security Plan as part of the facility's overall program for physical protection* Inclusion of the Cyber Security Plan in the Renewed Facility Operating License itself does not involve any modifications to the safety related structures, systems or components (SSCs). Rather, the Cyber Security Plan describes how the requirements of 10 CFR 73.54 are to be implemented to identify, evaluate, and mitigate cyber attacks up to and including the design basis cyber attack threat, thereby achieving high assurance that the facility's digital computer and communications systems and networks are protected from cyber attacks. The implementation and incorporation of the Cyber Security Plan into the Renewed Facility Operating License will not alter previously evaluated Updated Safety Analysis Report (USAR) design basis accident analysis assumptions, add any accident initiators, or affect the function of the plant safety related SSCs as to how they are operated, maintained, modified, tested, or inspected.

Therefore, the proposed changes do not involve a significant increase in the probability or consequences of an accident previously evaluated.

2. Do the proposed changes create the possibility of a new or different kind of accident from any accident previously evaluated?

Response: No This proposed amendment provides assurance that safety related SSCs are protected from cyber attacks. Implementation of 10 CFR 73.54 and the inclusion of the Cyber Security Plan in the Renewed Facility Operating License do not result in the need of any new or different USAR design basis accident analysis. It does not introduce new equipment that could create a new or different kind of accident, and no new equipment failure modes are created. As a result, no new accident scenarios, failure mechanisms, or limiting single failures are introduced as a result of this proposed amendment.

Therefore, the proposed change does not create the possibility of a new or different kind of accident from any previously evaluated.

3. Do the proposed changes involve a significant reduction in a margin of safety?

Response: No The margin of safety is associated with the confidence in the ability of the fission product barriers (i.e., fuel cladding, reactor coolant pressure boundary, and containment structure) to limit the level of radiation to the public. The proposed amendment would not alter the way any safety related SSC functions and would not alter the way the plant is operated. The amendment provides assurance that safety related SSCs are protected from cyber attacks.

The proposed amendment would not introduce any new uncertainties or change any existing uncertainties associated with any safety limit. The proposed amendment would have no impact on the structural integrity of the fuel cladding, reactor coolant pressure boundary, or containment structure. Based on the above considerations, the proposed amendment would not degrade the confidence in the ability of the fission product barriers to limit the level of radiation to the public.

Attachment I to WO 10-0048 Page 5 of 5 Therefore the proposed change does not involve a reduction in a margin of safety.

Based on the above evaluations, WCNOC concludes that the proposed amendment presents no significant hazards under the standards set forth in 10 CFR 50.92(c) and, accordingly, a finding of "no significant hazards consideration" is justified.

4.3 Conclusions The proposed licensing action requests an amendment to Renewed Facility Operating License No. NPF-42 for the WCGS and requests Commission review and approval of a cyber security plan in accordance with 10 CFR 73.54. In conclusion, based on the considerations discussed above, (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner, (2) such activities will be conducted in compliance with the Commission's regulations, and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public.

5. ENVIRONMENTAL CONSIDERATION WCNOC has evaluated the proposed change and has determined that the change does not involve (i) a significant hazards consideration, (ii) a significant change in the types or significant increase in the amount of effluent that may be released offsite, or (iii) a significant increase in the individual or cumulative occupational radiation exposure. Accordingly, the proposed changes meets the eligibility criterion for categorical exclusion set forth in 10 CFR 51.22(c)(9).

Therefore, pursuant to 10 CFR 51.22(b), an environmental assessment of the proposed change is not required.

6. REFERENCES
1. Federal Register Notice, Final Rule 10 CFR Part 73, Power Reactor Security Requirements, published on March 27, 2009, 74 FR 13926.
2. EA-02-026, Order Modifying Licenses, Safeguards and Security Plan Requirements, issued February 25, 2002.
3. NEI 08-09, Revision 6, April 2010, "Cyber Security Plan for Nuclear Power Reactors"

Attachment II to WO 10-0048 Page 1 of 3 PROPOSED RENEWED FACILITY OPERATING LICENSE CHANGES (MARK-UP)

j.%, '. * '." .o Attachment II to WO 10-0048 Page 2 of 3 7

(16) Additional conditions The Additional Conditions contained In Appendix D, as revised through Amendment No. 163, are hereby incorporated into this license. Wolf Creek Nuclear Operating Corporation shall operate the facility in Accordance with the Additional Conditions.

D. Exemptions from certain requirements of Appendix J to 10 CFR Part 50, and from a portion of the requirements of General Design Criterion 4 of Appendix A to 10 CFR Part 50, are described in the Safety Evaluation Report. These exemptions are authorized by law and will not endanger life or property or the common defense and security and are otherwise in the public interest. Therefore, these exemptions are hereby granted pursuant to 10 CFR 50.12. With the granting of these exemptions the facility will operate, to the extent authorized herein, -in conformity with the application, as amended, the provisions of the Act, and the rules and regulations of the Commission.

E. The licensee shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The set of combined plans, which contains Safeguards Information protected under 10 CFR 73.21, Is entitled: "Wolf Creek Security Plan, Training and Qualification Plan, and Safeguard Contingency Plan," and was submitted on May 17, 2006.

F. Deleted per Amendment No. 141.

G. The licensees shall have and maintain financial protection of such type and In such

  • amounts as the Commission shall require In accordance with Section 170 of the Atomic Energy Act of 1954, as amended, to cover public liability claims.

H. The Updated Safety Analysis Report (USAR) supplement, as revised, submitted pursuant to 10 CFR 54.21(d), shall be Included in the rnext scheduled update to the USAR required by 10 CFR 50.71 (e)(4), as appropriate, following the issuance of this renewed operating license. Until that update is complete, WCNOC may make changes to the programs and activities described in the supplement without prior Commission approval, provided that WCNOC evaluates such changes pursuant to the criteria set forth in 10 CFR 50.59 and otherwise complies with the requirements in that section.

I. The USAR supplement, as revised, describes certain future activities to be completed prior to the period of extended operation. WCNOC shall complete these activities by the dates specified in the applicable USAR section,. but In no event, any later than March 11, 2025. WCNOC shall notify the Nuclear Regulatory Commission (NRC) in writing when implementation of these activities is complete and can be verified by NRC inspection.

Renewed License No. NPF-42

Attachment II to WO 10-0048 Page 3 of 3 INSERT A The licensee shall fully implement and maintainin effect all provisions of the Commission-approved Cyber Security Plan, including amendments made pursuant to provision of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The Cyber Security Plan entitled: "Cyber Security Plan for Wolf Creek Nuclear Operating Corporation, Wolf Creek Generating Station," was submitted on July 19, 2010.

Attachment III to WO 10-0048 Page 1 of 2 RETYPED RENEWED FACILITY OPERATING LICENSE CHANGES

Attachment III to WO 10-0048 Page 2 of 2 7

(16) Additional Conditions The Additional Conditions contained in Appendix D,as revised through Amendment No. 163, are hereby incorporated into this license. Wolf Creek Nuclear Operating Corporation shall operate the facility in Accordance with the Additional Conditions.

D. Exemptions from certain requirements of Appendix J to 10 CFR Part 50, and from a portion of the requirements of General Design Criterion 4 of Appendix A to 10 CFR Part 50, are described in the Safety Evaluation Report. These exemptions are authorized by law and will not endanger life or property or the common defense and security and are otherwise in the public interest. Therefore, these exemptions are hereby granted pursuant to 10 CFR 50.12. With the granting of these exemptions the facility will operate, to the extent authorized herein, in conformity with the application, as amended, the provisions of the Act, and the rules and regulations of the Commission.

E. The licensee shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The set of combined plans, which contains Safeguards Information protected under 10 CFR 73.21, is entitled: "Wolf Creek Security Plan, Training and Qualification Plan, and Safeguard Contingency Plan," and was submitted on May 17, 2006.

The licensee shall fully implement and maintain in effect all provisions of the Commission-approved Cyber Security Plan, including amendments made pursuant to provision of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The Cyber Security Plan entitled: "Cyber Security Plan for Wolf Creek Nuclear Operating Corporation, Wolf Creek Generating Station," which contains Security-Related Information is withheld from public disclosure in accordance with 10 CFR 2.390, was submitted on July 19, 2010.

F. Deleted per Amendment No. 141.

G. The licensees shall have and maintain financial protection of such type and in such amounts as the Commission shall require in accordance with Section 170 of the Atomic Energy Act of 1954, as amended, to cover public liability claims.

H. The Updated Safety Analysis Report (USAR) supplement, as revised, submitted pursuant to 10 CFR 54.21(d), shall be included in the next scheduled update to the USAR required by 10 CFR 50.71(e)(4), as appropriate, following the issuance of this renewed operating license. Until that update is complete, WCNOC may make changes to the programs and activities described in the supplement without prior Commission approval, provided that WCNOC evaluates such changes pursuant to the criteria set forth in 10 CFR 50.59 and otherwise complies with the requirements in that section.

The USAR supplement, as revised, describes certain future activities to be completed prior to the period of extended operation. WCNOC shall complete these activities by the dates specified in the applicable USAR section, but in no event, any later than March 11, 2025. WCNOC shall notify the Nuclear Regulatory Commission (NRC) in writing when implementation of these activities is complete and can be verified by NRC inspection.

Renewed License No. NPF-42

Attachment IV to WO 10-0048 Page 1 of 1 LIST OF REGULATORY COMMITMENTS The following table identifies those actions committed to by WCNOC in this document. Any other statements in this submittal are provided for information purposes and are not considered to be regulatory commitments. Please direct questions regarding these commitments to Mr.

Richard Flannigan at (620) 364-4117.

Regulatory Commitments Due Date I Event Complete the implementation and enter the maintenance phase of August, 2014 the WCGS NRC approved Cyber Security Program.

  • All required modifications implemented
  • All required procedures updated All required training completed
Retrieved from "https://kanterella.com/w/index.php?title=WO_10-0048,_Revision_to_Renewed_Facility_Operating_License_and_Request_for_Approval_of_the_Cyber_Security_Plan&oldid=2115131"