ML102110090: Difference between revisions
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
StriderTol (talk | contribs) (StriderTol Bot change) |
||
Line 52: | Line 52: | ||
: 6. PNP Cyber Security Plan cc: Administrator, Region Ill, USNRC Project Manager, Palisades, USNRC Resident Inspector, Palisades, USNRC Designated Michigan Officials This letter contains security-sensitive information - Attachments 4, 5, and 6 are withheld from public disclosure per 10CFR2.390 | : 6. PNP Cyber Security Plan cc: Administrator, Region Ill, USNRC Project Manager, Palisades, USNRC Resident Inspector, Palisades, USNRC Designated Michigan Officials This letter contains security-sensitive information - Attachments 4, 5, and 6 are withheld from public disclosure per 10CFR2.390 | ||
Attachment 1 Analysis of Proposed Renewed Facility Operating License Change | Attachment 1 Analysis of Proposed Renewed Facility Operating License Change Page 1 of 4 1.0 | ||
Page 1 of 4 1.0 | |||
==SUMMARY== | ==SUMMARY== | ||
Line 67: | Line 65: | ||
This proposed amendment conforms to the model Cyber Security Plan contained in Appendix A of Nuclear Energy Institute (NEI) 08-09, "Cyber Security Plan for Nuclear Power Reactors," Revision 6, dated April 2010, for use by licensees in development of their own Cyber Security Plans. A deviation to Appendix B of NEI 08-09, Revision 6, is the use of a revised definition of "cyber attack", as delineated in NRC letter dated June 7, 2010 (Reference 3). The revised definition of cyber attack is "any event in which there is reason to believe that an adversary has committed or caused, or attempted to commit or cause, or has made a credible threat to commit or cause malicious exploitation of a CDA." | This proposed amendment conforms to the model Cyber Security Plan contained in Appendix A of Nuclear Energy Institute (NEI) 08-09, "Cyber Security Plan for Nuclear Power Reactors," Revision 6, dated April 2010, for use by licensees in development of their own Cyber Security Plans. A deviation to Appendix B of NEI 08-09, Revision 6, is the use of a revised definition of "cyber attack", as delineated in NRC letter dated June 7, 2010 (Reference 3). The revised definition of cyber attack is "any event in which there is reason to believe that an adversary has committed or caused, or attempted to commit or cause, or has made a credible threat to commit or cause malicious exploitation of a CDA." | ||
This LAR includes the proposed PNP Cyber Security Plan (Attachment 6) that conforms to the template provided in Appendix A of NEI 08-09, Revision 6. In addition, the LAR includes the proposed change to the existing operating license condition for "Physical Protection" (Attachments 2 and 3) for PNP. The LAR contains the proposed implementation schedule (Attachment 5) as required by 10 CFR 73.54. The LAR also provides a list of regulatory commitments (Attachment 4). | This LAR includes the proposed PNP Cyber Security Plan (Attachment 6) that conforms to the template provided in Appendix A of NEI 08-09, Revision 6. In addition, the LAR includes the proposed change to the existing operating license condition for "Physical Protection" (Attachments 2 and 3) for PNP. The LAR contains the proposed implementation schedule (Attachment 5) as required by 10 CFR 73.54. The LAR also provides a list of regulatory commitments (Attachment 4). | ||
Page 2 of 4 | Page 2 of 4 | ||
Line 81: | Line 78: | ||
Response: No. | Response: No. | ||
As required by 10 CFR 73.54 ENO has submitted a Cyber Security Plan for NRC review and approval for PNP. The PNP Cyber Security Plan does not alter accident analysis assumptions, add any initiators, or affect the function of plant systems or the manner in which systems are operated, maintained, modified, tested, or inspected. | As required by 10 CFR 73.54 ENO has submitted a Cyber Security Plan for NRC review and approval for PNP. The PNP Cyber Security Plan does not alter accident analysis assumptions, add any initiators, or affect the function of plant systems or the manner in which systems are operated, maintained, modified, tested, or inspected. | ||
The PNP Cyber Security Plan does not require any plant modifications which affect the performance capability of the structures, systems, and components relied upon to mitigate the consequences of postulated accidents. The PNP Cyber Security Plan is | The PNP Cyber Security Plan does not require any plant modifications which affect the performance capability of the structures, systems, and components relied upon to mitigate the consequences of postulated accidents. The PNP Cyber Security Plan is Page 3 of 4 designed to achieve high assurance that the systems within the scope of the 10 CFR 73.54 Rule are protected from cyber attacks and does not create the possibility of a new or different kind of accident from any accident previously evaluated. | ||
Page 3 of 4 designed to achieve high assurance that the systems within the scope of the 10 CFR 73.54 Rule are protected from cyber attacks and does not create the possibility of a new or different kind of accident from any accident previously evaluated. | |||
The second part of the proposed change is an implementation schedule, and the third part adds a sentence to the Renewed Facility Operating License condition for Physical Protection. Both of these changes are administrative in nature and do not create the possibility of a new or different kind of accident from any accident previously evaluated. | The second part of the proposed change is an implementation schedule, and the third part adds a sentence to the Renewed Facility Operating License condition for Physical Protection. Both of these changes are administrative in nature and do not create the possibility of a new or different kind of accident from any accident previously evaluated. | ||
: 3. Does the proposed change involve a significant reduction in a margin of safety? | : 3. Does the proposed change involve a significant reduction in a margin of safety? | ||
Line 91: | Line 86: | ||
Based on the above, ENO concludes that the proposed change presents no significant hazards consideration Under the standards set forth in 10CFR50.92(c), and accordingly, a finding of "no significant hazards consideration" is justified. | Based on the above, ENO concludes that the proposed change presents no significant hazards consideration Under the standards set forth in 10CFR50.92(c), and accordingly, a finding of "no significant hazards consideration" is justified. | ||
4.3 Conclusion In conclusion, based on the considerations discussed above: (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner; (2) such activities will be conducted in compliance with the Commission's regulations; and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public. | 4.3 Conclusion In conclusion, based on the considerations discussed above: (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner; (2) such activities will be conducted in compliance with the Commission's regulations; and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public. | ||
Page 4 of 4 | Page 4 of 4 | ||
Latest revision as of 20:43, 11 March 2020
ML102110090 | |
Person / Time | |
---|---|
Site: | Palisades |
Issue date: | 07/26/2010 |
From: | Schwarz C Entergy Nuclear Operations |
To: | Document Control Desk, Office of Nuclear Reactor Regulation, Office of Nuclear Security and Incident Response |
References | |
TAC ME2635 | |
Download: ML102110090 (11) | |
Text
Entergy Nuclear Operations, Inc.
Entergy 27780 Blue Star Memorial Highway.
Covert, MI 49043 Tel 269 764 2000 Christopher J Schwarz Vice President, Operations Palisades Nuclear Plant July 26, 2010 U.S. Nuclear Regulatory Commission Attn: Document Control Desk Washington, DC 20555-0001
SUBJECT:
License Amendment Withdrawal and Request - Cyber Security Plan Entergy Nuclear Operations, Inc.
Palisades Nuclear Plant Docket 50-255 License No. DPR-20
Reference:
- 1. Entergy letter dated November 19, 2009, License Amendment Request -
Cyber Security Plan Submittal
- 2. NRC letter dated May 28, 2010, Palisades Nuclear Plant - License Amendment Request for Approval of the Cyber Security Plan (TAC No.
ME2635)
- 3. NRC letter to Nuclear Energy Institute (NEI) dated June 7, 2010, NEI 08-09, Revision 6, "Cyber Security Plan for Nuclear Power Reactors"
Dear Sir or Madam:
In accordance with the 60-day request provided in Reference 2, Entergy Nuclear Operations, Inc. (ENO) is hereby withdrawing the request for an amendment to the Renewed Facility Operating License (RFOL) for Palisades Nuclear Plant (PNP), as submitted in Reference 1, in accordance with the provisions of 10 CFR 50.4 and 10 CFR 50.90, and ENO is submitting a new request for an amendment to the RFOL for PNP. The proposed amendment requests NRC approval of the PNP Cyber Security Plan, provides an implementation schedule, and revises the existing RFOL Physical Protection license condition to require ENO to fully implement and maintain in effect all provisions of the NRC-approved Cyber Security Plan for PNP. ENO used NEI 08-09, "Cyber Security Plan for Nuclear Power Reactors," Revision 6, in development of the PNP Cyber Security Plan, which resolves the NRC's generic issues (Reference 2) with the previous submittal (Reference 1). In addition, ENO is providing a detailed milestone implementation schedule, as requested. Therefore, this submittal supersedes, in its entirety, the previous submittal (Reference 1).
This letter contains security-sensitive information - Attachments 4, 5, and 6 are withheld from public disclosure per 10CFR2.390
Page 2 of 2 Attachment 1 provides an analysis of the proposed change. Attachment 2 provides the existing PNP RFOL pages marked-up to show the proposed change. Attachment 3 provides the proposed operating license changes in final format. Attachment 4 provides the list of new regulatory commitments made in this submittal. Attachment 5 provides the PNP Cyber Security Plan implementation schedule.' Attachment 6 provides a copy of the PNP Cyber Security Plan, which is a stand-alone document that has been incorporated by reference into the PNP Physical Security Plan. In addition, ENO is utilizing the definition of "cyber attack" as delineated in Reference 3. ENO requests that Attachments 4, 5, and 6, which contain security-related information, be withheld from public disclosure in accordance with 10 CFR 2.390.
The proposed changes have been evaluated in accordance with 10 CFR 50.91 (a)(1) using criteria in 10 CFR 50.92(c), and it has been determined that the changes involve no significant hazards consideration. The bases for these determinations are included in Attachment 1.
ENO requests the approved license amendment be effective as of its date of issuance.
Once approved, the amendment will be implemented in accordance with the implementation schedule. Review of the proposed license amendment is requested within approximately one year of this submittal.
A copy of this request has been provided to the designated representative of the State of Michigan.
'This letter contains one commitment and no revisions to existing commitments.
I declare under penalty of perjury that the foregoing is true and correct. Executed on July 26, 2010.
Sincerely, 6JS/rbh Attachments: 1. Analysis of Proposed Renewed Facility Operating License Change
- 2. Proposed PNP Renewed Facility Operating License Changes (mark-up)
- 3. Revised PNP Renewed Facility Operating License Pages
- 4. List of Regulatory Commitments
- 5. Implementation Schedule
- 6. PNP Cyber Security Plan cc: Administrator, Region Ill, USNRC Project Manager, Palisades, USNRC Resident Inspector, Palisades, USNRC Designated Michigan Officials This letter contains security-sensitive information - Attachments 4, 5, and 6 are withheld from public disclosure per 10CFR2.390
Attachment 1 Analysis of Proposed Renewed Facility Operating License Change Page 1 of 4 1.0
SUMMARY
DESCRIPTION The proposed license amendment request (LAR) includes the proposed Palisades Nuclear Plant (PNP) Cyber Security Plan, an implementation schedule, and a proposed sentence to be added to the Renewed Facility Operating License (RFOL) Physical Protection license condition.
2.0 DETAILED DESCRIPTION The LAR includes three parts: the proposed PNP Cyber Security Plan, an implementation schedule, and'a proposed sentence to be added to the RFOL Physical Protection license condition for ENO to fully implement and maintain in effect all provisions of the Commission-approved PNP Cyber Security Plan as required by 10 CFR 73.54. FederalRegister notice dated March 27, 2009, issued the final rule that amended 10 CFR Part 73. The regulations in 10 CFR 73.54, "Protection of Digital Computer and Communication Systems and Networks",
establish the requirements for a Cyber Security Program. This regulation specifically requires each licensee currently licensed to operate a nuclear power plant under Part 50 to submit a Cyber Security Plan that satisfies the requirements of the Rule. The regulation also requires that each submittal include a proposed implementation schedule, and the implementation of the licensee's Cyber Security Program must be consistent with the approved schedule. The background for this application is addressed by the NRC Notice of Availability published on March 27, 2009, 74FR13926 (Reference 1).
3.0 TECHNICAL EVALUATION
FederalRegister notice 74FR1 3926 issued the final rule that amended 10 CFR Part 73.
Cyber security requirements are codified as 10 CFR 73.54 and are designed to provide high assurance that digital computer and communication systems and networks are adequately protected against cyber attacks, up to and including the design basis threat established by 10 CFR 73.1(a)(1)(v). These requirements are more in depth than the requirements imposed by NRC Order EA-02-026 (Reference 2).
This proposed amendment conforms to the model Cyber Security Plan contained in Appendix A of Nuclear Energy Institute (NEI) 08-09, "Cyber Security Plan for Nuclear Power Reactors," Revision 6, dated April 2010, for use by licensees in development of their own Cyber Security Plans. A deviation to Appendix B of NEI 08-09, Revision 6, is the use of a revised definition of "cyber attack", as delineated in NRC letter dated June 7, 2010 (Reference 3). The revised definition of cyber attack is "any event in which there is reason to believe that an adversary has committed or caused, or attempted to commit or cause, or has made a credible threat to commit or cause malicious exploitation of a CDA."
This LAR includes the proposed PNP Cyber Security Plan (Attachment 6) that conforms to the template provided in Appendix A of NEI 08-09, Revision 6. In addition, the LAR includes the proposed change to the existing operating license condition for "Physical Protection" (Attachments 2 and 3) for PNP. The LAR contains the proposed implementation schedule (Attachment 5) as required by 10 CFR 73.54. The LAR also provides a list of regulatory commitments (Attachment 4).
Page 2 of 4
4.0 REGULATORY EVALUATION
4.1 Applicable Regulatory Requirements/Criteria This proposed Palisades Nuclear Plant (PNP) Cyber Security Plan License Amendment Request is submitted pursuant to 10 CFR 73.54 "Protection of Digital Computer and Communication Systems-and Networks" requires licensees currently licensed to operate a nuclear power plant under 10 CFR Part 50 to submit a cyber security plan as specified in 10 CFR 50.4 and 10 CFR 50.90.
4.2 Significant Safety Hazards Consideration Entergy Nuclear Operations (ENO) has evaluated whether or not a significant hazards consideration is involved with the proposed amendment by focusing on the three standards set forth in 10 CFR 50.92, "Issuance of Amendment," as discussed below:
- 1. Does the proposed change involve a significant increase in the probability or consequences of an accident previously evaluated?
Response: No.
As required by 10 CFR 73.54 ENO has submitted a Cyber Security Plan for NRC review and approval for PNP. The PNP Cyber Security Plan does not alter accident analysis assumptions, add any initiators, or affect the function of the plant systems or the manner in which systems are operated, maintained, modified, tested, or inspected. The PNP Cyber Security Plan does not require any plant modifications which affect the performance capability of the.structures, systems, and components relied upon to mitigate the consequences of postulated accidents. The PNP Cyber Security Plan is designed to achieve high assurance that the systems within the scope of the 10 CFR 73.54 Rule are protected from cyber attacks and has no impact on the probability or consequences of an accident previously evaluated.
The second part of the proposed change is an implementation schedule, and the third part adds a sentence to the Renewed Facility Operating License for Physical Protection. Both of these changes are administrative in nature and do not involve a significant increase in the probability or consequences of an accident previously evaluated.
- 2. Does the proposed change create the possibility of a new or different kind of accident from any accident previously evaluated?
Response: No.
As required by 10 CFR 73.54 ENO has submitted a Cyber Security Plan for NRC review and approval for PNP. The PNP Cyber Security Plan does not alter accident analysis assumptions, add any initiators, or affect the function of plant systems or the manner in which systems are operated, maintained, modified, tested, or inspected.
The PNP Cyber Security Plan does not require any plant modifications which affect the performance capability of the structures, systems, and components relied upon to mitigate the consequences of postulated accidents. The PNP Cyber Security Plan is Page 3 of 4 designed to achieve high assurance that the systems within the scope of the 10 CFR 73.54 Rule are protected from cyber attacks and does not create the possibility of a new or different kind of accident from any accident previously evaluated.
The second part of the proposed change is an implementation schedule, and the third part adds a sentence to the Renewed Facility Operating License condition for Physical Protection. Both of these changes are administrative in nature and do not create the possibility of a new or different kind of accident from any accident previously evaluated.
- 3. Does the proposed change involve a significant reduction in a margin of safety?
Response: No.
As required by 10 CFR 73.54 ENO has submitted a Cyber Security Plan for NRC review and approval for PNP. Plant safety margins are established through limiting conditions for operation, limiting safety system settings, and safety limits specified in the Technical Specifications. Because there is no change to these established safety margins as result of the implementation of the PNP Cyber Security Plan,. the proposed change does not involve a significant reduction in a margin of safety.
The second part of the proposed change is an implementation schedule, and the third part adds a sentence to the Renewed Facility Operating License condition for Physical Protection. Both of these changes are administrative in nature and do not involve a significant reduction in a margin of safety.
Based on the above, ENO concludes that the proposed change presents no significant hazards consideration Under the standards set forth in 10CFR50.92(c), and accordingly, a finding of "no significant hazards consideration" is justified.
4.3 Conclusion In conclusion, based on the considerations discussed above: (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner; (2) such activities will be conducted in compliance with the Commission's regulations; and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public.
Page 4 of 4
5.0 ENVIRONMENTAL CONSIDERATION
The proposed amendment establishes the licensing basis for a Cyber Security Program for PNP and will be a part of the PNP Cyber Security Plan. The proposed amendment meets the eligibility criterion for a categorical exclusion set forth in 10 CFR 51.22(c)(12). Therefore, pursuant to 10 CFR 51.22(b) no environmental impact statement or environmental assessment need be prepared in connection with the issuance of the amendment.
6.0 REFERENCES
- 1. Federal Register Notice, Final Rule. 10 CFR Part 73, Power Reactor Security Requirements, P5ublished on March 27, 2009, 74 FR 13926
- 2. Federal EA-02-026, Order Modifying Licenses, Safeguards and Security Plan Requirements, issued February 25, 2002
- 3. NRC letter to NEI dated June 7, 2010,.NEI 08-09, Revision 6, "Cyber Security Plan for Nuclear Power Reactors" 7
Attachment 2 Proposed PNP Renewed Facility Operating License Change (mark-up)
D. The facility has been granted certain exemptions from the requirements of Section III, G of Appendix R to 10 CFR Part 50, "Fire Protection Program for Nuclear Power Facilities Operating Prior to January 1, 1979." This section relates to fire protection features for ensuring the systems and-associated circuits used to achieve and maintain safe shutdown are free of fire damage. These exemptions were granted in letters dated February 8, 1983, July 12, 1985, and July 23, 1985.
In addition, the facility has been granted certain exemptions fromAppendix J to 10 CFR Part 50, "Primary Reactor Containment Leakage Testing for Water Cooled Power Reactors." This section contains leakage test requirements, schedules and acceptance criteria for tests of the leak-tight integrity of the primary reactor containment and systems and components which penetrate the containment. These exemptions were granted in a letter dated December 6, 1989.
These exemptions granted pursuant to 10 CFR 50.12, are authorized by law, will not present an undue risk to the public health and safety, and are consistent with the common defense and security. With these exemptions, the facility will operate, to the extent authorized herein, in conformity with the application, as amended, the provisions of the Act, and the rules and regulations of the Commission.
E. ENO shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p).
The combined set of plans, which contains Safeguards Information protected under 10 CFR 73.21, is entitled: "Nuclear Management Company Palisades Nuclear Plant Physical Security Plan, Revision 2," submitted by letter dated May 10, 2006.
ENO shall fully implement in accordance with an NRC-approved implementation schedule and maintain in effect all provisions of the Commission-approved Palisades Nuclear Plant Cyber Security Plan submitted by letter dated July 26, 20 G. ENP and ENO shall have and maintain financial protection of such type and in such amounts 4as the Commission shall require in accordance with Section 170 of the Atomic Energy Act of 1954, as amended, to cover public liability claims.
Renewed License No. DPR-20 Amendment No. 224, 233
Attachment 3 Revised PNP Renewed Facility Operating License Page
D. The facility has been granted certain exemptions from the requirements of Section Ill, G of Appendix R to 10 CFR Part 50, "Fire Protection Program for Nuclear Power Facilities Operating Prior to January 1, 1979." This section, relates to fire protection features for ensuring the systems and associated circuits used to achieve and maintain safe shutdown are free of fire damage. These exemptions were granted in letters dated February 8, 1983, July 12, 1985, and July 23, 1985.
In addition, the facility has been granted certain exemptions from Appendix J to 10 CFR Part 50, "Primary Reactor Containment Leakage Testing for Water Cooled Power Reactors." This section contains leakage test requirements, schedules and acceptance criteria for tests of the leak-tight integrity of the primary reactor containment and systems and components which penetrate the containment. These exemptions were granted in a letter dated December 6, 1989.
These exemptions granted pursuant to 10 CFR 50.12, are authorized by law, will not present an undue risk to the public~health and safety, and are consistent with the common defense and security. With these exemptions, the facility will operate, to the extent authorized herein, in conformity with the application, as amended, the provisions of the Act, and the rules and regulations of the Commission.
E. ENO shall fullyimplement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p).
The combined set of plans, which contains Safeguards Information protected under 10 CFR 73.21, is entitled: "Nuclear Management Company Palisades Nuclear Plant Physical Security Plan, Revision 2," submitted by letter dated May 10, 2006.
ENO shall fully implement in accordance with an NRC-approved implementation schedule and maintain in effect all provisions of the Commission-approved Palisades Nuclear Plant Cyber Security Plan submitted by letter dated July 26, 2010.
F. [deleted]
G. ENP and ENO shall have and maintain financial protection of such type and in such amounts as the Commission shall require in accordance with Section 170 of the Atomic Energy Act of 1954, as amended, to cover public liability claims.
Renewed License No. DPR-20 Amendment No. 224, 233, XXX