ML15121A182: Difference between revisions

From kanterella
Jump to navigation Jump to search
(Created page by program invented by StriderTol)
 
(StriderTol Bot change)
 
(16 intermediate revisions by the same user not shown)
Line 2: Line 2:
| number = ML15121A182
| number = ML15121A182
| issue date = 06/05/2015
| issue date = 06/05/2015
| title = St. Lucie-Issuance of Amendments to Revise the Cyber Security Milestone 8 Completion Date in the Renewed Facility Operating Licenses (TAC Nos. MF4334 and MF4335)
| title = Issuance of Amendments to Revise the Cyber Security Milestone 8 Completion Date in the Renewed Facility Operating Licenses
| author name = Saba F E, Tam P S
| author name = Saba F, Tam P
| author affiliation = NRC/NRR/DORL/LPLII-2
| author affiliation = NRC/NRR/DORL/LPLII-2
| addressee name = Nazar M
| addressee name = Nazar M
Line 9: Line 9:
| docket = 05000335, 05000389
| docket = 05000335, 05000389
| license number = DPR-067, NPF-016
| license number = DPR-067, NPF-016
| contact person = Tam P S
| contact person = Tam P
| case reference number = TAC MF4334, TAC MF4335
| case reference number = TAC MF4334, TAC MF4335
| document type = Letter, License-Operating (New/Renewal/Amendments) DKT 50, Safety Evaluation, Technical Specifications
| document type = Letter, License-Operating (New/Renewal/Amendments) DKT 50, Safety Evaluation, Technical Specifications
| page count = 20
| page count = 20
| project = TAC:MF4334, TAC:MF4335
| stage = Approval
}}
}}
=Text=
{{#Wiki_filter:UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 June 5, 2015 Mr. Mano Nazar President and Chief Nuclear Officer Nuclear Division NextEra Energy P.O. Box 14000 Juno Beach, FL 33408-0420
==SUBJECT:==
ST. LUCIE PLANT, UNIT NOS. 1 AND 2 - ISSUANCE OF AMENDMENTS TO REVISE THE CYBER SECURITY MILESTONE 8 COMPLETION DATE IN THE RENEWED FACILITY OPERATING LICENSES (TAC NOS. MF4334 AND MF4335)
==Dear Mr. Nazar:==
The U.S. Nuclear Regulatory Commission (NRC) has issued the enclosed Amendment Nos. 222 and 172 to Renewed Facility Operating License Nos. DPR-67 and NPF-16 for the St. Lucie Plant, Unit Nos. 1 and 2, respectively. These amendments consist of changes to the Renewed Operating Licenses in response to your application dated June 30, 2014, as supplemented by letter dated August 19, 2014.
The amendments revise the completion date for Milestone 8, full implementation, of the Cyber Security Plan from December 31, 2015, to December 17, 2017.
The NRC staff's related safety evaluation of the amendments is enclosed. The Notice of Issuance will be included in the Commission's biweekly Federal Register notice.
QY* *y "y 1-'\/'c<; -,;~~
Fa~~ ~aba,          Senior P~~ct Manager Plant Licensing Branch 11-2 Division of Operator Reactor Licensing Office of Nuclear Reactor Regulation Docket Nos. 50-335 and 50-389
==Enclosures:==
: 1. Amendment No. 222 to DPR-67
: 2. Amendment No. 172 to NPF-16
: 3. Safety Evaluation cc w/enclosures: Distribution via Listserv
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 FLORIDA POWER & LIGHT COMPANY DOCKET NO. 50-335 ST. LUCIE PLANT. UNIT NO. 1 AMENDMENT TO RENEWED FACILITY OPERATING LICENSE Amendment No. 222 Renewed License No. DPR-67
: 1. The Nuclear Regulatory Commission (the Commission) has found that:
A. The application for amendment by Florida Power & Light Company (FPL, the licensee), dated June 30, 2014, as supplemented on August 19, 2014, complies with the standards and requirements of the Atomic Energy Act of 1954, as amended (the Act) and the Commission's rules and regulations set forth in 10 CFR Chapter I; B. The facility will operate in conformity with the application, the provisions of the Act, and the rules and regulations of the Commission; C. There is reasonable assurance (i) that the activities authorized by this amendment can be conducted without endangering the health and safety of the public, and (ii) that such activities will be conducted in compliance with the Commission's regulations; D. The issuance of this amendment will not be inimical to the common defense and security or to the health and safety of the public; and E. The issuance of this amendment is in accordance with 10 CFR Part 51 of the Commission's regulations and all applicable requirements have been satisfied.
Enclosure 1
: 2. Accordingly, Renewed Facility Operating License No. DPR-67 is amended by changing paragraph 3.B to read as follows:
B.      Technical Specifications The Technical Specifications contained in Appendices A and B, as revised through Amendment No. 222 , are hereby incorporated in the renewed license.
FPL shall operate the facility in accordance with the Technical Specifications.
: 3. Accordingly, Renewed Facility Operating License No. DPR-67 is also amended by changing the last sentence of paragraph 3.F, Physical Protection, to read as follows:
The St. Lucie CSP was approved by License Amendment No. 211 as supplemented by clarifications approved by License Amendment Nos. 214 and 222.
: 4. This license amendment is effective as of its date of issuance and shall be implemented within 60 days.
FOR THE NUCLEAR REGULA TORY COMMISSION Shana R. Helton, Chief Plant Licensing Branch 11-2 Division of Operator Reactor Licensing Office of Nuclear Reactor Regulation
==Attachment:==
Changes to the Renewed Facility Operating License Date of Issuance: June 5, 2015
ATTACHMENT TO LICENSE AMENDMENT NO. 222 TO RENEWED FACILITY OPERATING LICENSE NO. DPR-67 DOCKET NO. 50-335 Replace the following pages of Renewed Facility Operating License DPR-67 with the attached pages. The revised pages are identified by amendment number and contain vertical lines indicating the areas of change.
Remove Pages                            Insert Pages 3                                        3 4                                        4
applicable provisions of the Act and to the rules, regulations, and orders of the Commission now or hereafter in effect; and is subject to the additional conditions specified or incorporated below:
A.      Maxjmum Power Leyel FPL is authorized to operate the facility at steady state reactor core power levels not in excess of 3020 megawatts (thermal).
B. Technical Specifications The Technical Specifications contained in Appendices A and B, as revised through Amendment No. 222 are hereby incorporated in the renewed license. FPL shall operate the facility in accordance with the Technical Specifications.
Appendix B, the Environmental Protection Plan (Non-Radiological), contains environmental conditions of the renewed license. If significant detrimental effects or evidence of irreversible damage are detected by the monitoring programs required by Appendix B of this license, FPL will provide the Commission with an analysis of the problem and plan of action to be taken subject to Commission approval to eliminate or significantly reduce the detrimental effects or damage.
C.      Updated Final Safety Analysis Report The Updated Final Safety Analysis Report supplement submitted pursuant to 10 CFR 54.21(d), as revised on March 28, 2003, describes certain future activities to be completed before the period of extended operation. FPL shall complete these* activities no later than March 1, 2016, and shall notify the NRC in writing when implementation of these activities is complete and can be verified by NRC inspection.
The Updated Final Safety Analysis Report supplement as revised on March 28, 2003, described above, shall be included in the next scheduled update to the Updated Final Safety Analysis Report required by 10 CFR 50.71(e)(4), following issuance of this renewed license. Until that update is complete, FPL may make changes to the programs described in such supplement without prior Commission approval, provided that FPL evaluates each such change pursuant to the criteria set forth in 10 CFR 50.59 and otherwise complies with the requirements in that section.
D.      Systained Core Uncoverv Actjons Procedural guidance shall be in place to instruct operators to implement actions that are designed to mitigate a small-break loss-of-coolant accident prior to a calculated time of sustained core uncovery.
Renewed License No. DPR-67 Amendment No. 222
E. Fire Protection FPL shall implement and maintain in effect all provisions of the approved fire protection program as described in the Updated Final Safety Analysis Report for the facility (The fire protection program and features were originally described in FPL submittals L-83-514 dated October 7, 1983, L-83-227 dated April 12, 1983, L-83-261 dated April 25, 1983, L-83-453 dated August 24, 1983, L-83-488 dated September 16,1983, L-83-588 dated December 14,1983, L-84-346 dated November28, 1984, L-84-390 dated December31, 1984, and L-85-71 dated February 21, 1985) and as approved by NRC letter dated July. 17, 1984, and supplemented by NRC letters dated February 21, 1985, March 5, 1987, and October 4, 1988, subject to the following provision:
FPL may make changes to the approved fire protection program without prior approval of the Commission only if those changes would not adversely affect the ability to achieve and maintain safe shutdown in the event of a fire.
F. Physical Protection The licensee shall fully Implement and maintain in effect all provisions of the Commission-approved physical security. training and qualification, and safeguards contingency plans including amendments made pursuant to provision of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans, which contains Safeguards Information protected under 10 CFR 73.21, is entitled: "Florida Power and Light &
FPL Energy Seabrook Physical Security Plan, Training and Qualification Plan and Safeguards Contingency Plan - Revision 3," submitted by letter dated May 18. 2006. St. Lucie shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The St. Lucie CSP was approved by License Amendment No. 211 as supplemented by clarifications approved by License Amendment Nos. 214 and 222.
G. Mitigation Strategy License Condition Develop and maintain strategies for addressing large fires and explosions and that include the following key areas:
(a)      Fire fighting response strategy with the following elements:
: 1.      Pre-defined coordinated fire response strategy and guidance
: 2.      Assessment of mutual aid fire fighting assets
: 3.      Designated staging areas for equipment and materials
: 4.      Command and control
: 5.      Training of response personnel (b)      Operations to mitigate fuel damage considering the following:
: 1.      Protection and use of personnel assets
: 2.      Communications
: 3.      Minimizing fire spread
: 4.      Procedures for implementing integrated fire response strategy
: 5.      Identification of readily-available pre-staged equipment Renewed License No. DPR-67 Amendment No. 2G2, &!-+, 244, 222
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 FLORIDA POWER & LIGHT COMPANY DOCKET NO. 50-389 ST. LUCIE PLANT. UNIT NO. 2 AMENDMENT TO RENEWED FACILITY OPERATING LICENSE Amendment No. 172 Renewed License No. NPF-16
: 1. The Nuclear Regulatory Commission (the Commission) has found that:
A. The application for amendment by Florida Power & Light Company (FPL, the licensee), dated June 30, 2014, as supplemented on August 19, 2014, complies with the standards and requirements of the Atomic Energy Act of 1954, as amended (the Act) and the Commission's rules and regulations set forth in 10 CFR Chapter I; B. The facility will operate in conformity with the application, the provisions of the Act, and the rules and regulations of the Commission; C. There is reasonable assurance (i) that the activities authorized by this amendment can be conducted without endangering the health and safety of the public, and (ii) that such activities will be conducted in compliance with the Commission's regulations; D. The issuance of this amendment will not be inimical to the common defense and security or to the health and safety of the public; and E. The issuance of this amendment is in accordance with 10 CFR Part 51 of the Commission's regulations and all applicable requirements have been satisfied.
Enclosure 2
: 2. Accordingly, Renewed Facility Operating License No. NPF-16 is amended by changing paragraph 3.B to read as follows:
B.      Technical Specifications The Technical Specifications contained in Appendices A and B, as revised through Amendment No.172 are hereby incorporated in the renewed license.
FPL shall operate the facility in accordance with the Technical Specifications.
: 3. Accordingly, Renewed Facility Operating License No. NPF-16 is also amended by changing the last sentence of paragraph 3.F, Physical Protection, to read as follows:
St. Lucie CSP was approved by License Amendment No. 160 as supplemented by clarifications approved by License Amendment Nos. 164 and 172 *
: 4. This license amendment is effective as of its date of issuance and shall be implemented within 60 days.
FOR THE NUCLEAR REGULA TORY COMMISSION Shana R. Helton, Chief Plant Licensing Branch 11-2 Division of Operator Reactor Licensing Office of Nuclear Reactor Regulation
==Attachment:==
Changes to the Renewed Facility Operating License Date of Issuance: June 5, 2015
ATTACHMENT TO LICENSE AMENDMENT N0.172 TO RENEWED FACILITY OPERATING LICENSE NO. NPF-16 DOCKET NO. 50-389 Replace pages of Renewed Operating License NPF-16 as follows. The revised pages are identified by amendment number and contain vertical lines indicating the areas of change.
Remove Pages                      Insert Pages 3                                  3 5                                  5
neutron sources for reactor startup, sealed .sources for reactor instrumentation and radiation monitoring equipment calibration, and as fission detectors in amounts as required.
D.      Pursuant to the Act and 10 CFR Parts 30, 40, and 70, FPL to receive, possess, and use in amounts as required any byproduct, source, or special nuclear material without restriction to chemical or physical form, for sample analysis or instrument calibration or associated with radioactive apparatus or components; and E.      Pursuant to the Act and 10 CFR Parts 30, 40, and 70, FPL to possess, but not separate, such byproduct and special nuclear materials as may be produced by the operation of the facility.
: 3. This renewed license shall be deemed to contain and is subject to the conditions specified in the following Commission's regulations: 10 CFR Part 20, Section 30.34 of 10 CFR Part 30, Section 40.41 of 10 CFR Part 40, Section 50.54 and 50.59 of 10 CFR Part 50, and Section 70.32 of 10 CFR Part 70; and is subject to all applicable provisions of the Act and to the rules, regulations, and orders of the Commission now or hereafter in effect; and is subject to the additional conditions specified below:
A.      Maxjmum Power Level FPL is authorized to operate the facility at steady state reactor core power levels not in excess of 3020 megawatts (thermal).
B.      Technical Specifications The Technical Specifications contained in Appendices A and B, as revised through Amendment No. 172are hereby incorporated in the renewed license.
FPL shall operate the facility in accordance with the Technical Specifications.
Renewed License No. NPF-16 Amendment No. t 72
F. Physical Protection The licensee shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provision of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans, which contains Safeguards Information protected under 10 CFR 73.21, is entitled: "Florida Power and Light &
FPL Energy Seabrook Physical Security Plan, Training and Qualification Plan and Safeguards Contingency Plan - Revision 3," submitted by letter dated May 18, 2006. St. Lucie shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). St. Lucie CSP was approved by License Amendment No. 160 as supplemented by clarifications approved by License Amendment Nos. 164 and 172.
G. Before engaging in additional construction or operational activities which may result in a significant adverse environmental impact that was not evaluated or that is significantly greater than that evaluated in the Final Environmental Statement dated April 1982, FPL shall provide written notification to the Office of Nuclear Reactor Regulation.
H. DELETED I. FPL shall notify the Commission, as soon as possible but not later than one hour, of any accident at this facility which could result in an unplanned release of quantities of fission products in excess of allowable limits for normal operation established by the Commission.
J. FPL shall have and maintain financial protection of such type and in such amounts as the Commission shall require in accordance with Section 170 of the Atomic Energy Act of 1954, as amended, to cover public liability claims.
K. The use of ZIRLO' clad fuel at St. Lucie Unit 2 will be subject to the following restrictions:
FPL will limit the fuel duty for St. Lucie Unit 2 to a baseline modified Fuel Duty Index (mFDI) of 600 with a provision for adequate margin to account for variations in core design (e.g., cycle length, plant operating conditions, etc.).
This limit will be applicable until data is available demonstrating the performance of ZIRLO' cladding at Combustion Engineering 16x16 plants.
FPL will restrict the mFDI of each ZIRLOTM clad fuel pin to 110 percent of the baseline mFDI of 600.
For a fraction of the fuel pins in a limited number of assemblies (8), FPL will restrict the fuel duty of ZIRLO' clad fuel pins to 120 percent of the baseline mFDI of 600.
Renewed License No. NPF-16 Amendment No. 4-W, 400, 4-64, 172
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 SAFETY EVALUATION BY THE OFFICE OF NUCLEAR REACTOR REGULATION RELATED TO AMENDMENT NOS. 222            AND 172 TO RENEWED FACILITY OPERATING LICENSE NOS. DPR-67 AND NPF-16 FLORIDA POWER AND LIGHT COMPANY ST. LUCIE PLANT. UNIT NOS. 1 AND 2 DOCKET NOS. 50-335 AND 50-389
==1.0    INTRODUCTION==
By letter dated June 30, 2014 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML14192A022), as supplemented by letter dated August 19, 2014 (ADAMS Accession No. ML14241A422), Florida Power & Light Company (FPL, the licensee) submitted an application for amendment to revise the implementation date of Cyber Security Plan (CSP) Milestone 8. Milestone 8 of the CSP is concerned with the full implementation of the CSP.
Portions of the licensee's June 30 and August 19, 2014, letters contain sensitive unclassified non-safeguards information and, accordingly, those portions are withheld from public disclosure in accordance with the provisions of Title 10 of the Code of Federal Regulations (10 CFR)
Section 2.390(d)(1 ). The accession numbers cited in the above paragraph refer to the publicly available redacted version.
For the subject application, as supplemented, the U.S. Nuclear Regulatory Commission (NRC) published its proposed no significant hazards consideration in the Federal Register on November 4, 2014 (79 FR 65431). No public comments were received.
==2.0    REGULATORY EVALUATION==
The NRC staff had previously reviewed and approved the licensee's CSP implementation schedule in Amendment Nos. 211 and 160 to the licenses for the St. Lucie Plant, Unit Nos. 1 and 2 (SL-1 and 2), respectively, and concurrently with the incorporation of the CSP into the current licensing bases. Subsequently, the NRC staff issued Amendment Nos. 214 and 164 to revise Milestone 6 for each unit, respectively.
The NRC staff considered the following regulatory requirements and guidance in its review of the current application for amendment to modify the existing CSP implementation schedule.
Enclosure 3
(1)    It states in 10 CFR 73.54:
                ..... Each [CSP] submittal must include a proposed implementation schedule. Implementation of the licensee's cyber security program must be consistent with the approved schedule.
(2)    Amendment No. 211 and Amendment No. 160, dated August 31, 2011, which approved the licensee's CSP and implementation schedule, added the following text to the operating licenses: "St. Lucie shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p)."
(3)    In a publicly available NRC memorandum from R. Felts to B. Westreich, dated October 24, 2013 (ADAMS Accession No. ML13295A467), the NRC staff listed criteria that it would consider during its evaluations of licensees' requests to postpone their cyber security program implementation date (commonly known as Milestone 8). See Section 3.1 below for details of these criteria.
==3.0    TECHNICAL EVALUATION==
3.1    Licensee's Requested Change By Amendment Nos. 211 (for Unit 1) and 160 (for Unit 2), the NRC staff approved the licensee's CSP implementation schedule as discussed in the safety evaluation issued concurrently with those amendments. The implementation schedule had been submitted by the licensee based on a template (ADAMS Accession No. ML110600218) prepared by the Nuclear Energy Institute, which the NRC staff found acceptable (letter, R. P. Correia to C. E. Earls, March 1, 2011; ADAMS Accession No. 110070348) for licensees to use to develop their CSP implementation schedules. The licensee's proposed implementation schedule for the SL-1 and 2 CSP identified completion dates and bases for the following eight milestones:
: 1) Establish the Cyber Security Assessment Team;
: 2) Identify Critical Systems and Critical Digital Assets (CDAs);
: 3) Install a data diode device between lower level devices and higher level devices;
: 4) Implement the security control "Access Control for Portable and Mobile Devices";
: 5)  Implement observation and identification of obvious cyber-related tampering to existing insider mitigation rounds;
: 6) Identify, document, and implement cyber security controls in accordance with "Mitigation of Vulnerabilities and Application of Cyber Security Controls" for CDAs that could adversely impact the design function of physical security target set equipment;
: 7) Ongoing monitoring and assessment activities for those target set CDAs whose security controls have been implemented; and
: 8) Fully implement the CSP.
Currently, Milestone 8 of the licensee's CSP requires the licensee to fully implement the CSP by December 31, 2015. In its June 30, 2014, application, the licensee proposed to change the Milestone 8 completion date to December 31, 2017.
The licensee's application addressed each of the criteria identified in the NRC's October 24, 2014, guidance memorandum cited in Section 2.0 above.
(1)    Identification of the specific requirement or requirements of the CSP that the licensee needs additional time to implement.
The licensee stated that the specific CSP requirement requiring additional time to implement is CSP Section 3.1, "Analyzing Digital Computer Systems and Networks Applying Cyber Security Controls." The licensee provided a list of activities required to implement the CSP requirements.
(2)    Detailed justification that describes the reason the licensee requires additional time to implement the specific requirement or requirements identified.
The licensee stated that CDA assessment work is resource-intensive. SL-1 and 2 have approximately 2,250 CDAs. The licensee additionally stated that:
* Assessment is challenging due to uncertainty surrounding security controls interpretation.
* The licensee underestimated the level of effort necessary to address security controls.
* Rework is a major concern - budgets are approved in advance on a defined scope of work.
* The licensee will have to increase resources to cope with magnitude of the work identified.
The licensee stated that remediation activities need to be carefully considered because:
* Security controls modifications are unique and new to the plant and suppliers.
* Plant modifications cannot affect plant safety and operation.
The licensee stated that there are change management challenges, such as:
* Integrating cyber security into day-to-day plant operations, maintenance, engineering and procurement activities.
* The integration of controls takes longer than anticipated due to work control process and maintenance activities.
* The additional burden on maintenance to address security controls integrity during work on CDAs.
* Implementing cyber security and controls on CDAs are new to maintenance, engineering, and operations.
* Work control planners are challenged by the nuances associated with cyber security controls.
* Training and qualifications of maintenance personnel is a challenge.
* Modifications that added security controls have added new change management issues.
The licensee stated that site training and schedules need to be revised and training resources need to be addressed.
(3) A proposed completion date for Milestone 8 consistent with the remaining scope of work to be conducted and the resources available.
The licensee proposed a Milestone 8 completion date of December 31, 2017. The licensee also stated that changing the completion date of Milestone 8 will encompass two additional refueling outages per unit and provides adequate time to complete CDA assessment, implement design modifications based on assessment results, update existing procedures, and develop new procedures to complete full implementation of the CSP.
(4) An evaluation of the impact that the additional time to implement the requirements will have on the effectiveness of the licensee's overall cyber security program in the context of milestones already completed.
The licensee stated that based on the CSP program implementation activities already completed and activities currently in progress, SL-1 and 2 are secure and FPL will continue to ensure that digital computer and communications systems and networks are adequately protected against cyber attacks during implementation of the remainder of the program by the proposed Milestone 8 date of December 31, 2017. The completed activities provide a high degree of protection against cyber-attacks while SL-1 and 2 implement the full CSP. The licensee provided details about implementation of each of the milestones.
(5) A description of the licensee's methodology for prioritizing completion of work for critical digital assets associated with significant safety consequences and with reactivity effects in the balance of plant.
The licensee stated that its methodology for prioritizing the St. Lucie CSP Milestone 8 activities is centered on considerations for safety, security, emergency preparedness (EP), and balance-of-plant (continuity of power) consequences. The methodology is based on defense-in-depth, installed configuration of the CDA, and susceptibility to commonly identified threat vectors. Prioritization of CDA assessments begins with safety-related CDAs and continues through the lower priority non-safety-related and EP CDAs as follows:
* Safety-related CDAs
* Physical security CDAs
* Important-to-safety CDAs (including balance-of-plant CDAs that directly impact continuity of power and control system CDAs)
* Non-safety-related and EP CDAs
(6)    A discussion of the licensee's cyber security program performance up to the date of the license amendment request.
The licensee stated that implementation of the requirements of Milestones 1 through 7 has been completed and these improvements are providing a high degree of protection against cyber attacks, until full program implementation. Further, the licensee stated it has completed a comprehensive self-assessment for all seven milestones to ensure completeness and effectiveness. Self-assessment issues were entered into the Corrective Action Program (CAP) and addressed for program improvement. Ongoing monitoring and periodic actions provide continuing program performance monitoring.
(7)    A discussion of cyber security issues pending in the licensee's CAP.
The licensee stated that the SL-1 and 2 CAP is used to document all cyber issues in order to trend, correct, and improve the SL-1 and 2 CSP. The CAP database documents and tracks, from initiation to closure, all cyber security required actions, including issues identified during ongoing program assessment activities. Adverse trends are monitored for program improvement and addressed via the CAP process.
Examples of issues and activities pending in the CAP were provided.
(8)    A discussion of modifications completed to support the cyber security program and a discussion of pending cyber security modifications.
The licensee provided a discussion of a completed modification.
3.2    NRC Staff Evaluation The NRC staff evaluated the licensee's application using the regulatory requirements and the guidance cited in Section 2.0 above.
The licensee stated that the CSP requirement regarding additional time to implement is found in CSP Section 3.1, "Analyzing Digital Computer Systems and Networks Applying Cyber Security Controls." The licensee provided a list of additional activities required to implement the CSP requirement.
The licensee indicated that completion of the activities associated with the CSP, as described in Milestones 1 through 7 and completed prior to December 31, 2012, provides a high degree of protection to ensure that the most significant digital computer and communication systems and networks associated with safety, security, and emergency preparedness systems are already protected against cyber attacks. It detailed activities completed for each milestone and noted that several elements of Milestone 8 have already been implemented or will be implemented by the original Milestone 8 date of September 30, 2014. It provided details about the completed milestones and elements. On such bases, the NRC staff finds that the licensee's site is much more secure after implementation of Milestones 1 through 7, because the activities the licensee completed will mitigate the most significant cyber attack vectors for the most significant CDAs.
The licensee proposed a Milestone 8 completion date of December 31, 2017. The licensee stated that changing the completion date of Milestone 8 allows for two additional refueling
outages per unit and provides adequate time to complete CDA assessment, implement design modifications based on assessment results, update existing procedures, and develop new procedures to complete full implementation of the CSP. The NRC staff has had extensive interaction with the nuclear industry since licensees first developed their CSP implementation schedules. Based on this interaction, the NRC staff recognizes that CDA assessment work is much more complex and resource-intensive than originally anticipated. The licensee has a large number of CDAs and underestimated the level of effort to address security controls for each of the CDAs when developing its CSP implementation schedule. The NRC staff finds that the licensee's request for additional time to implement Milestone 8 is reasonable, given the unanticipated complexity and scope of the work required to come into full compliance with its CSP.
The licensee stated that its methodology for prioritizing the SL-1 and 2 CSP Milestone 8 activities is centered on considerations for safety, security, emergency preparedness, and balance-of-plant (continuity of power) consequences. The methodology is based on defense-in-depth installed configuration of the CDA and susceptibility to five commonly identified threat vectors. Prioritization of CDA assessments begins with safety-related CDAs and continues through the lower priority non-safety-related CDAs. The NRC staff finds that based on the large number of digital assets described above and the limited resources with the appropriate expertise to perform these activities, the licensee's methodology for prioritizing work on CDAs is appropriate. The NRC staff further finds that the licensee's request to delay final implementation of the CSP until December 31, 2017, is reasonable, given the complexity of the remaining unanticipated work and the need to perform certain work, including design changes, during scheduled fuel outages.
3.3      Revision to License Condition The licensee proposed to modify part of License Condition 3.F of Renewed Facility Operating License No. DPR-67 as follows:
St. Lucie shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p ). The St. Lucie CSP was approved by License Amendment No. 211 as supplemented by a-Clarifications approved by License Amendment Nos. 214 and 222 .
The licensee proposed to modify part of License Condition 3.F of Renewed Facility Operating License NPF-16 as follows:
St. Lucie shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). St. Lucie CSP was approved by License Amendment No. 160 as supplemented by a-Clarifications approved by License Amendment Nos. 164 and -11.2_.
3.4      Summary of Technical Evaluation The NRC staff determines that the licensee's request to delay full implementation of its CSP until December 31, 2017, is reasonable for the following reasons: (i) the licensee's implementation of Milestones 1 through 7 already provides mitigation for significant cyber attack vectors for the most significant CDAs, as discussed above; (ii) the scope of the work required to come into full compliance with the CSP implementation schedule was much more complicated than anticipated and not reasonably foreseeable; and (iii) the licensee has reasonably prioritized and scheduled the work required to come into full compliance with its CSP implementation schedule.
Based on its review of the application, as supplemented, the NRC staff concludes that the licensee's implementation of Milestones 1 through 7 has added additional protection that provides mitigation for significant cyber attack vectors for the most significant CDAs, that the licensee's explanation of the need for additional time is compelling, and that it is acceptable for the licensee to complete implementation of Milestone 8, full implementation of the CSP, by December 31, 2017. The NRC staff also concludes that, upon full implementation of the licensee's cyber security program, the requirements of the licensee's CSP and 10 CFR 73.54 will be met. Therefore, the NRC staff finds the proposed change acceptable.
The NRC staff does not regard the CSP milestone implementation dates as regulatory commitments that can be changed unilaterally by the licensee, particularly in light of the regulatory requirement at 10 CFR 73.54, that, "[i]mplementation of the licensee's cyber security program must be consistent with the approved schedule." As the NRC staff explained in its letter to all operating reactor licensees dated May 9, 2011 (ADAMS Accession No. ML110980538), the implementation of the plan, including the key intermediate milestone dates and the full implementation date shall be in accordance with the implementation schedule submitted by the licensee and approved by the NRC. All subsequent changes to the NRG-approved CSP implementation schedule, thus, will require prior NRC approval as required by 10 CFR 50.90.
==4.0      STATE CONSULTATION==
In accordance with the Commission's regulations, the State of Florida official was notified of the proposed issuance of the amendment. The State official had no comment.
==5.0    ENVIRONMENTAL CONSIDERATION==
These amendments relate solely to safeguards matters and do not involve any significant construction impacts. Accordingly, these amendments meet the eligibility criteria for categorical exclusion set forth in 10 CFR 51.22(c)(12). Pursuant to 10 CFR 51.22(b), no environmental impact statement or environmental assessment need be prepared in connection with the issuance of these amendments.
==6.0    CONCLUSION==
The Commission has concluded, based on the considerations discussed above, that (1) there is reasonable assurance that the health and safety of the public will not be endangered by
operation in the proposed manner, (2) there is reasonable assurance that such activities will be conducted in compliance with the Commission's regulations, and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public.
Principal Contributor: John Rycyna, NSIR Date:  June 5, 2015
ML15121A182      *By e-mail (Accession No. ML15126A002)  **NLO by e-mail OFFICE      LPL2-2/PM        LPL2-2/LA              LPL2-2/LA          NSIR/CSD/DD*
NAME        PT am            LRonewicz              BClayton            RFelts DATE        5/1/15          6/1 /15                5/5/15              5/4/15 OFFICE      OGC**            LPL2-2/BC              LPL2-2/PM NAME        NSt.Amour        SHelton                PTam DATE        5/27/15          6/3/15                6/5/15}}

Latest revision as of 12:40, 19 March 2020

Issuance of Amendments to Revise the Cyber Security Milestone 8 Completion Date in the Renewed Facility Operating Licenses
ML15121A182
Person / Time
Site: Saint Lucie  NextEra Energy icon.png
Issue date: 06/05/2015
From: Farideh Saba, Tam P
Plant Licensing Branch II
To: Nazar M
Florida Power & Light Co
Tam P
References
TAC MF4334, TAC MF4335
Download: ML15121A182 (20)


Text

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 June 5, 2015 Mr. Mano Nazar President and Chief Nuclear Officer Nuclear Division NextEra Energy P.O. Box 14000 Juno Beach, FL 33408-0420

SUBJECT:

ST. LUCIE PLANT, UNIT NOS. 1 AND 2 - ISSUANCE OF AMENDMENTS TO REVISE THE CYBER SECURITY MILESTONE 8 COMPLETION DATE IN THE RENEWED FACILITY OPERATING LICENSES (TAC NOS. MF4334 AND MF4335)

Dear Mr. Nazar:

The U.S. Nuclear Regulatory Commission (NRC) has issued the enclosed Amendment Nos. 222 and 172 to Renewed Facility Operating License Nos. DPR-67 and NPF-16 for the St. Lucie Plant, Unit Nos. 1 and 2, respectively. These amendments consist of changes to the Renewed Operating Licenses in response to your application dated June 30, 2014, as supplemented by letter dated August 19, 2014.

The amendments revise the completion date for Milestone 8, full implementation, of the Cyber Security Plan from December 31, 2015, to December 17, 2017.

The NRC staff's related safety evaluation of the amendments is enclosed. The Notice of Issuance will be included in the Commission's biweekly Federal Register notice.

QY* *y "y 1-'\/'c<; -,;~~

Fa~~ ~aba, Senior P~~ct Manager Plant Licensing Branch 11-2 Division of Operator Reactor Licensing Office of Nuclear Reactor Regulation Docket Nos. 50-335 and 50-389

Enclosures:

1. Amendment No. 222 to DPR-67
2. Amendment No. 172 to NPF-16
3. Safety Evaluation cc w/enclosures: Distribution via Listserv

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 FLORIDA POWER & LIGHT COMPANY DOCKET NO. 50-335 ST. LUCIE PLANT. UNIT NO. 1 AMENDMENT TO RENEWED FACILITY OPERATING LICENSE Amendment No. 222 Renewed License No. DPR-67

1. The Nuclear Regulatory Commission (the Commission) has found that:

A. The application for amendment by Florida Power & Light Company (FPL, the licensee), dated June 30, 2014, as supplemented on August 19, 2014, complies with the standards and requirements of the Atomic Energy Act of 1954, as amended (the Act) and the Commission's rules and regulations set forth in 10 CFR Chapter I; B. The facility will operate in conformity with the application, the provisions of the Act, and the rules and regulations of the Commission; C. There is reasonable assurance (i) that the activities authorized by this amendment can be conducted without endangering the health and safety of the public, and (ii) that such activities will be conducted in compliance with the Commission's regulations; D. The issuance of this amendment will not be inimical to the common defense and security or to the health and safety of the public; and E. The issuance of this amendment is in accordance with 10 CFR Part 51 of the Commission's regulations and all applicable requirements have been satisfied.

Enclosure 1

2. Accordingly, Renewed Facility Operating License No. DPR-67 is amended by changing paragraph 3.B to read as follows:

B. Technical Specifications The Technical Specifications contained in Appendices A and B, as revised through Amendment No. 222 , are hereby incorporated in the renewed license.

FPL shall operate the facility in accordance with the Technical Specifications.

3. Accordingly, Renewed Facility Operating License No. DPR-67 is also amended by changing the last sentence of paragraph 3.F, Physical Protection, to read as follows:

The St. Lucie CSP was approved by License Amendment No. 211 as supplemented by clarifications approved by License Amendment Nos. 214 and 222.

4. This license amendment is effective as of its date of issuance and shall be implemented within 60 days.

FOR THE NUCLEAR REGULA TORY COMMISSION Shana R. Helton, Chief Plant Licensing Branch 11-2 Division of Operator Reactor Licensing Office of Nuclear Reactor Regulation

Attachment:

Changes to the Renewed Facility Operating License Date of Issuance: June 5, 2015

ATTACHMENT TO LICENSE AMENDMENT NO. 222 TO RENEWED FACILITY OPERATING LICENSE NO. DPR-67 DOCKET NO. 50-335 Replace the following pages of Renewed Facility Operating License DPR-67 with the attached pages. The revised pages are identified by amendment number and contain vertical lines indicating the areas of change.

Remove Pages Insert Pages 3 3 4 4

applicable provisions of the Act and to the rules, regulations, and orders of the Commission now or hereafter in effect; and is subject to the additional conditions specified or incorporated below:

A. Maxjmum Power Leyel FPL is authorized to operate the facility at steady state reactor core power levels not in excess of 3020 megawatts (thermal).

B. Technical Specifications The Technical Specifications contained in Appendices A and B, as revised through Amendment No. 222 are hereby incorporated in the renewed license. FPL shall operate the facility in accordance with the Technical Specifications.

Appendix B, the Environmental Protection Plan (Non-Radiological), contains environmental conditions of the renewed license. If significant detrimental effects or evidence of irreversible damage are detected by the monitoring programs required by Appendix B of this license, FPL will provide the Commission with an analysis of the problem and plan of action to be taken subject to Commission approval to eliminate or significantly reduce the detrimental effects or damage.

C. Updated Final Safety Analysis Report The Updated Final Safety Analysis Report supplement submitted pursuant to 10 CFR 54.21(d), as revised on March 28, 2003, describes certain future activities to be completed before the period of extended operation. FPL shall complete these* activities no later than March 1, 2016, and shall notify the NRC in writing when implementation of these activities is complete and can be verified by NRC inspection.

The Updated Final Safety Analysis Report supplement as revised on March 28, 2003, described above, shall be included in the next scheduled update to the Updated Final Safety Analysis Report required by 10 CFR 50.71(e)(4), following issuance of this renewed license. Until that update is complete, FPL may make changes to the programs described in such supplement without prior Commission approval, provided that FPL evaluates each such change pursuant to the criteria set forth in 10 CFR 50.59 and otherwise complies with the requirements in that section.

D. Systained Core Uncoverv Actjons Procedural guidance shall be in place to instruct operators to implement actions that are designed to mitigate a small-break loss-of-coolant accident prior to a calculated time of sustained core uncovery.

Renewed License No. DPR-67 Amendment No. 222

E. Fire Protection FPL shall implement and maintain in effect all provisions of the approved fire protection program as described in the Updated Final Safety Analysis Report for the facility (The fire protection program and features were originally described in FPL submittals L-83-514 dated October 7, 1983, L-83-227 dated April 12, 1983, L-83-261 dated April 25, 1983, L-83-453 dated August 24, 1983, L-83-488 dated September 16,1983, L-83-588 dated December 14,1983, L-84-346 dated November28, 1984, L-84-390 dated December31, 1984, and L-85-71 dated February 21, 1985) and as approved by NRC letter dated July. 17, 1984, and supplemented by NRC letters dated February 21, 1985, March 5, 1987, and October 4, 1988, subject to the following provision:

FPL may make changes to the approved fire protection program without prior approval of the Commission only if those changes would not adversely affect the ability to achieve and maintain safe shutdown in the event of a fire.

F. Physical Protection The licensee shall fully Implement and maintain in effect all provisions of the Commission-approved physical security. training and qualification, and safeguards contingency plans including amendments made pursuant to provision of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans, which contains Safeguards Information protected under 10 CFR 73.21, is entitled: "Florida Power and Light &

FPL Energy Seabrook Physical Security Plan, Training and Qualification Plan and Safeguards Contingency Plan - Revision 3," submitted by letter dated May 18. 2006. St. Lucie shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The St. Lucie CSP was approved by License Amendment No. 211 as supplemented by clarifications approved by License Amendment Nos. 214 and 222.

G. Mitigation Strategy License Condition Develop and maintain strategies for addressing large fires and explosions and that include the following key areas:

(a) Fire fighting response strategy with the following elements:

1. Pre-defined coordinated fire response strategy and guidance
2. Assessment of mutual aid fire fighting assets
3. Designated staging areas for equipment and materials
4. Command and control
5. Training of response personnel (b) Operations to mitigate fuel damage considering the following:
1. Protection and use of personnel assets
2. Communications
3. Minimizing fire spread
4. Procedures for implementing integrated fire response strategy
5. Identification of readily-available pre-staged equipment Renewed License No. DPR-67 Amendment No. 2G2, &!-+, 244, 222

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 FLORIDA POWER & LIGHT COMPANY DOCKET NO. 50-389 ST. LUCIE PLANT. UNIT NO. 2 AMENDMENT TO RENEWED FACILITY OPERATING LICENSE Amendment No. 172 Renewed License No. NPF-16

1. The Nuclear Regulatory Commission (the Commission) has found that:

A. The application for amendment by Florida Power & Light Company (FPL, the licensee), dated June 30, 2014, as supplemented on August 19, 2014, complies with the standards and requirements of the Atomic Energy Act of 1954, as amended (the Act) and the Commission's rules and regulations set forth in 10 CFR Chapter I; B. The facility will operate in conformity with the application, the provisions of the Act, and the rules and regulations of the Commission; C. There is reasonable assurance (i) that the activities authorized by this amendment can be conducted without endangering the health and safety of the public, and (ii) that such activities will be conducted in compliance with the Commission's regulations; D. The issuance of this amendment will not be inimical to the common defense and security or to the health and safety of the public; and E. The issuance of this amendment is in accordance with 10 CFR Part 51 of the Commission's regulations and all applicable requirements have been satisfied.

Enclosure 2

2. Accordingly, Renewed Facility Operating License No. NPF-16 is amended by changing paragraph 3.B to read as follows:

B. Technical Specifications The Technical Specifications contained in Appendices A and B, as revised through Amendment No.172 are hereby incorporated in the renewed license.

FPL shall operate the facility in accordance with the Technical Specifications.

3. Accordingly, Renewed Facility Operating License No. NPF-16 is also amended by changing the last sentence of paragraph 3.F, Physical Protection, to read as follows:

St. Lucie CSP was approved by License Amendment No. 160 as supplemented by clarifications approved by License Amendment Nos. 164 and 172 *

4. This license amendment is effective as of its date of issuance and shall be implemented within 60 days.

FOR THE NUCLEAR REGULA TORY COMMISSION Shana R. Helton, Chief Plant Licensing Branch 11-2 Division of Operator Reactor Licensing Office of Nuclear Reactor Regulation

Attachment:

Changes to the Renewed Facility Operating License Date of Issuance: June 5, 2015

ATTACHMENT TO LICENSE AMENDMENT N0.172 TO RENEWED FACILITY OPERATING LICENSE NO. NPF-16 DOCKET NO. 50-389 Replace pages of Renewed Operating License NPF-16 as follows. The revised pages are identified by amendment number and contain vertical lines indicating the areas of change.

Remove Pages Insert Pages 3 3 5 5

neutron sources for reactor startup, sealed .sources for reactor instrumentation and radiation monitoring equipment calibration, and as fission detectors in amounts as required.

D. Pursuant to the Act and 10 CFR Parts 30, 40, and 70, FPL to receive, possess, and use in amounts as required any byproduct, source, or special nuclear material without restriction to chemical or physical form, for sample analysis or instrument calibration or associated with radioactive apparatus or components; and E. Pursuant to the Act and 10 CFR Parts 30, 40, and 70, FPL to possess, but not separate, such byproduct and special nuclear materials as may be produced by the operation of the facility.

3. This renewed license shall be deemed to contain and is subject to the conditions specified in the following Commission's regulations: 10 CFR Part 20, Section 30.34 of 10 CFR Part 30, Section 40.41 of 10 CFR Part 40, Section 50.54 and 50.59 of 10 CFR Part 50, and Section 70.32 of 10 CFR Part 70; and is subject to all applicable provisions of the Act and to the rules, regulations, and orders of the Commission now or hereafter in effect; and is subject to the additional conditions specified below:

A. Maxjmum Power Level FPL is authorized to operate the facility at steady state reactor core power levels not in excess of 3020 megawatts (thermal).

B. Technical Specifications The Technical Specifications contained in Appendices A and B, as revised through Amendment No. 172are hereby incorporated in the renewed license.

FPL shall operate the facility in accordance with the Technical Specifications.

Renewed License No. NPF-16 Amendment No. t 72

F. Physical Protection The licensee shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provision of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans, which contains Safeguards Information protected under 10 CFR 73.21, is entitled: "Florida Power and Light &

FPL Energy Seabrook Physical Security Plan, Training and Qualification Plan and Safeguards Contingency Plan - Revision 3," submitted by letter dated May 18, 2006. St. Lucie shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). St. Lucie CSP was approved by License Amendment No. 160 as supplemented by clarifications approved by License Amendment Nos. 164 and 172.

G. Before engaging in additional construction or operational activities which may result in a significant adverse environmental impact that was not evaluated or that is significantly greater than that evaluated in the Final Environmental Statement dated April 1982, FPL shall provide written notification to the Office of Nuclear Reactor Regulation.

H. DELETED I. FPL shall notify the Commission, as soon as possible but not later than one hour, of any accident at this facility which could result in an unplanned release of quantities of fission products in excess of allowable limits for normal operation established by the Commission.

J. FPL shall have and maintain financial protection of such type and in such amounts as the Commission shall require in accordance with Section 170 of the Atomic Energy Act of 1954, as amended, to cover public liability claims.

K. The use of ZIRLO' clad fuel at St. Lucie Unit 2 will be subject to the following restrictions:

FPL will limit the fuel duty for St. Lucie Unit 2 to a baseline modified Fuel Duty Index (mFDI) of 600 with a provision for adequate margin to account for variations in core design (e.g., cycle length, plant operating conditions, etc.).

This limit will be applicable until data is available demonstrating the performance of ZIRLO' cladding at Combustion Engineering 16x16 plants.

FPL will restrict the mFDI of each ZIRLOTM clad fuel pin to 110 percent of the baseline mFDI of 600.

For a fraction of the fuel pins in a limited number of assemblies (8), FPL will restrict the fuel duty of ZIRLO' clad fuel pins to 120 percent of the baseline mFDI of 600.

Renewed License No. NPF-16 Amendment No. 4-W, 400, 4-64, 172

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 SAFETY EVALUATION BY THE OFFICE OF NUCLEAR REACTOR REGULATION RELATED TO AMENDMENT NOS. 222 AND 172 TO RENEWED FACILITY OPERATING LICENSE NOS. DPR-67 AND NPF-16 FLORIDA POWER AND LIGHT COMPANY ST. LUCIE PLANT. UNIT NOS. 1 AND 2 DOCKET NOS. 50-335 AND 50-389

1.0 INTRODUCTION

By letter dated June 30, 2014 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML14192A022), as supplemented by letter dated August 19, 2014 (ADAMS Accession No. ML14241A422), Florida Power & Light Company (FPL, the licensee) submitted an application for amendment to revise the implementation date of Cyber Security Plan (CSP) Milestone 8. Milestone 8 of the CSP is concerned with the full implementation of the CSP.

Portions of the licensee's June 30 and August 19, 2014, letters contain sensitive unclassified non-safeguards information and, accordingly, those portions are withheld from public disclosure in accordance with the provisions of Title 10 of the Code of Federal Regulations (10 CFR)

Section 2.390(d)(1 ). The accession numbers cited in the above paragraph refer to the publicly available redacted version.

For the subject application, as supplemented, the U.S. Nuclear Regulatory Commission (NRC) published its proposed no significant hazards consideration in the Federal Register on November 4, 2014 (79 FR 65431). No public comments were received.

2.0 REGULATORY EVALUATION

The NRC staff had previously reviewed and approved the licensee's CSP implementation schedule in Amendment Nos. 211 and 160 to the licenses for the St. Lucie Plant, Unit Nos. 1 and 2 (SL-1 and 2), respectively, and concurrently with the incorporation of the CSP into the current licensing bases. Subsequently, the NRC staff issued Amendment Nos. 214 and 164 to revise Milestone 6 for each unit, respectively.

The NRC staff considered the following regulatory requirements and guidance in its review of the current application for amendment to modify the existing CSP implementation schedule.

Enclosure 3

(1) It states in 10 CFR 73.54:

..... Each [CSP] submittal must include a proposed implementation schedule. Implementation of the licensee's cyber security program must be consistent with the approved schedule.

(2) Amendment No. 211 and Amendment No. 160, dated August 31, 2011, which approved the licensee's CSP and implementation schedule, added the following text to the operating licenses: "St. Lucie shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p)."

(3) In a publicly available NRC memorandum from R. Felts to B. Westreich, dated October 24, 2013 (ADAMS Accession No. ML13295A467), the NRC staff listed criteria that it would consider during its evaluations of licensees' requests to postpone their cyber security program implementation date (commonly known as Milestone 8). See Section 3.1 below for details of these criteria.

3.0 TECHNICAL EVALUATION

3.1 Licensee's Requested Change By Amendment Nos. 211 (for Unit 1) and 160 (for Unit 2), the NRC staff approved the licensee's CSP implementation schedule as discussed in the safety evaluation issued concurrently with those amendments. The implementation schedule had been submitted by the licensee based on a template (ADAMS Accession No. ML110600218) prepared by the Nuclear Energy Institute, which the NRC staff found acceptable (letter, R. P. Correia to C. E. Earls, March 1, 2011; ADAMS Accession No. 110070348) for licensees to use to develop their CSP implementation schedules. The licensee's proposed implementation schedule for the SL-1 and 2 CSP identified completion dates and bases for the following eight milestones:

1) Establish the Cyber Security Assessment Team;
2) Identify Critical Systems and Critical Digital Assets (CDAs);
3) Install a data diode device between lower level devices and higher level devices;
4) Implement the security control "Access Control for Portable and Mobile Devices";
5) Implement observation and identification of obvious cyber-related tampering to existing insider mitigation rounds;
6) Identify, document, and implement cyber security controls in accordance with "Mitigation of Vulnerabilities and Application of Cyber Security Controls" for CDAs that could adversely impact the design function of physical security target set equipment;
7) Ongoing monitoring and assessment activities for those target set CDAs whose security controls have been implemented; and
8) Fully implement the CSP.

Currently, Milestone 8 of the licensee's CSP requires the licensee to fully implement the CSP by December 31, 2015. In its June 30, 2014, application, the licensee proposed to change the Milestone 8 completion date to December 31, 2017.

The licensee's application addressed each of the criteria identified in the NRC's October 24, 2014, guidance memorandum cited in Section 2.0 above.

(1) Identification of the specific requirement or requirements of the CSP that the licensee needs additional time to implement.

The licensee stated that the specific CSP requirement requiring additional time to implement is CSP Section 3.1, "Analyzing Digital Computer Systems and Networks Applying Cyber Security Controls." The licensee provided a list of activities required to implement the CSP requirements.

(2) Detailed justification that describes the reason the licensee requires additional time to implement the specific requirement or requirements identified.

The licensee stated that CDA assessment work is resource-intensive. SL-1 and 2 have approximately 2,250 CDAs. The licensee additionally stated that:

  • Assessment is challenging due to uncertainty surrounding security controls interpretation.
  • The licensee underestimated the level of effort necessary to address security controls.
  • Rework is a major concern - budgets are approved in advance on a defined scope of work.
  • The licensee will have to increase resources to cope with magnitude of the work identified.

The licensee stated that remediation activities need to be carefully considered because:

  • Security controls modifications are unique and new to the plant and suppliers.
  • Plant modifications cannot affect plant safety and operation.

The licensee stated that there are change management challenges, such as:

  • Integrating cyber security into day-to-day plant operations, maintenance, engineering and procurement activities.
  • The integration of controls takes longer than anticipated due to work control process and maintenance activities.
  • The additional burden on maintenance to address security controls integrity during work on CDAs.
  • Implementing cyber security and controls on CDAs are new to maintenance, engineering, and operations.
  • Work control planners are challenged by the nuances associated with cyber security controls.
  • Training and qualifications of maintenance personnel is a challenge.
  • Modifications that added security controls have added new change management issues.

The licensee stated that site training and schedules need to be revised and training resources need to be addressed.

(3) A proposed completion date for Milestone 8 consistent with the remaining scope of work to be conducted and the resources available.

The licensee proposed a Milestone 8 completion date of December 31, 2017. The licensee also stated that changing the completion date of Milestone 8 will encompass two additional refueling outages per unit and provides adequate time to complete CDA assessment, implement design modifications based on assessment results, update existing procedures, and develop new procedures to complete full implementation of the CSP.

(4) An evaluation of the impact that the additional time to implement the requirements will have on the effectiveness of the licensee's overall cyber security program in the context of milestones already completed.

The licensee stated that based on the CSP program implementation activities already completed and activities currently in progress, SL-1 and 2 are secure and FPL will continue to ensure that digital computer and communications systems and networks are adequately protected against cyber attacks during implementation of the remainder of the program by the proposed Milestone 8 date of December 31, 2017. The completed activities provide a high degree of protection against cyber-attacks while SL-1 and 2 implement the full CSP. The licensee provided details about implementation of each of the milestones.

(5) A description of the licensee's methodology for prioritizing completion of work for critical digital assets associated with significant safety consequences and with reactivity effects in the balance of plant.

The licensee stated that its methodology for prioritizing the St. Lucie CSP Milestone 8 activities is centered on considerations for safety, security, emergency preparedness (EP), and balance-of-plant (continuity of power) consequences. The methodology is based on defense-in-depth, installed configuration of the CDA, and susceptibility to commonly identified threat vectors. Prioritization of CDA assessments begins with safety-related CDAs and continues through the lower priority non-safety-related and EP CDAs as follows:

  • Physical security CDAs
  • Important-to-safety CDAs (including balance-of-plant CDAs that directly impact continuity of power and control system CDAs)
  • Non-safety-related and EP CDAs

(6) A discussion of the licensee's cyber security program performance up to the date of the license amendment request.

The licensee stated that implementation of the requirements of Milestones 1 through 7 has been completed and these improvements are providing a high degree of protection against cyber attacks, until full program implementation. Further, the licensee stated it has completed a comprehensive self-assessment for all seven milestones to ensure completeness and effectiveness. Self-assessment issues were entered into the Corrective Action Program (CAP) and addressed for program improvement. Ongoing monitoring and periodic actions provide continuing program performance monitoring.

(7) A discussion of cyber security issues pending in the licensee's CAP.

The licensee stated that the SL-1 and 2 CAP is used to document all cyber issues in order to trend, correct, and improve the SL-1 and 2 CSP. The CAP database documents and tracks, from initiation to closure, all cyber security required actions, including issues identified during ongoing program assessment activities. Adverse trends are monitored for program improvement and addressed via the CAP process.

Examples of issues and activities pending in the CAP were provided.

(8) A discussion of modifications completed to support the cyber security program and a discussion of pending cyber security modifications.

The licensee provided a discussion of a completed modification.

3.2 NRC Staff Evaluation The NRC staff evaluated the licensee's application using the regulatory requirements and the guidance cited in Section 2.0 above.

The licensee stated that the CSP requirement regarding additional time to implement is found in CSP Section 3.1, "Analyzing Digital Computer Systems and Networks Applying Cyber Security Controls." The licensee provided a list of additional activities required to implement the CSP requirement.

The licensee indicated that completion of the activities associated with the CSP, as described in Milestones 1 through 7 and completed prior to December 31, 2012, provides a high degree of protection to ensure that the most significant digital computer and communication systems and networks associated with safety, security, and emergency preparedness systems are already protected against cyber attacks. It detailed activities completed for each milestone and noted that several elements of Milestone 8 have already been implemented or will be implemented by the original Milestone 8 date of September 30, 2014. It provided details about the completed milestones and elements. On such bases, the NRC staff finds that the licensee's site is much more secure after implementation of Milestones 1 through 7, because the activities the licensee completed will mitigate the most significant cyber attack vectors for the most significant CDAs.

The licensee proposed a Milestone 8 completion date of December 31, 2017. The licensee stated that changing the completion date of Milestone 8 allows for two additional refueling

outages per unit and provides adequate time to complete CDA assessment, implement design modifications based on assessment results, update existing procedures, and develop new procedures to complete full implementation of the CSP. The NRC staff has had extensive interaction with the nuclear industry since licensees first developed their CSP implementation schedules. Based on this interaction, the NRC staff recognizes that CDA assessment work is much more complex and resource-intensive than originally anticipated. The licensee has a large number of CDAs and underestimated the level of effort to address security controls for each of the CDAs when developing its CSP implementation schedule. The NRC staff finds that the licensee's request for additional time to implement Milestone 8 is reasonable, given the unanticipated complexity and scope of the work required to come into full compliance with its CSP.

The licensee stated that its methodology for prioritizing the SL-1 and 2 CSP Milestone 8 activities is centered on considerations for safety, security, emergency preparedness, and balance-of-plant (continuity of power) consequences. The methodology is based on defense-in-depth installed configuration of the CDA and susceptibility to five commonly identified threat vectors. Prioritization of CDA assessments begins with safety-related CDAs and continues through the lower priority non-safety-related CDAs. The NRC staff finds that based on the large number of digital assets described above and the limited resources with the appropriate expertise to perform these activities, the licensee's methodology for prioritizing work on CDAs is appropriate. The NRC staff further finds that the licensee's request to delay final implementation of the CSP until December 31, 2017, is reasonable, given the complexity of the remaining unanticipated work and the need to perform certain work, including design changes, during scheduled fuel outages.

3.3 Revision to License Condition The licensee proposed to modify part of License Condition 3.F of Renewed Facility Operating License No. DPR-67 as follows:

St. Lucie shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p ). The St. Lucie CSP was approved by License Amendment No. 211 as supplemented by a-Clarifications approved by License Amendment Nos. 214 and 222 .

The licensee proposed to modify part of License Condition 3.F of Renewed Facility Operating License NPF-16 as follows:

St. Lucie shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). St. Lucie CSP was approved by License Amendment No. 160 as supplemented by a-Clarifications approved by License Amendment Nos. 164 and -11.2_.

3.4 Summary of Technical Evaluation The NRC staff determines that the licensee's request to delay full implementation of its CSP until December 31, 2017, is reasonable for the following reasons: (i) the licensee's implementation of Milestones 1 through 7 already provides mitigation for significant cyber attack vectors for the most significant CDAs, as discussed above; (ii) the scope of the work required to come into full compliance with the CSP implementation schedule was much more complicated than anticipated and not reasonably foreseeable; and (iii) the licensee has reasonably prioritized and scheduled the work required to come into full compliance with its CSP implementation schedule.

Based on its review of the application, as supplemented, the NRC staff concludes that the licensee's implementation of Milestones 1 through 7 has added additional protection that provides mitigation for significant cyber attack vectors for the most significant CDAs, that the licensee's explanation of the need for additional time is compelling, and that it is acceptable for the licensee to complete implementation of Milestone 8, full implementation of the CSP, by December 31, 2017. The NRC staff also concludes that, upon full implementation of the licensee's cyber security program, the requirements of the licensee's CSP and 10 CFR 73.54 will be met. Therefore, the NRC staff finds the proposed change acceptable.

The NRC staff does not regard the CSP milestone implementation dates as regulatory commitments that can be changed unilaterally by the licensee, particularly in light of the regulatory requirement at 10 CFR 73.54, that, "[i]mplementation of the licensee's cyber security program must be consistent with the approved schedule." As the NRC staff explained in its letter to all operating reactor licensees dated May 9, 2011 (ADAMS Accession No. ML110980538), the implementation of the plan, including the key intermediate milestone dates and the full implementation date shall be in accordance with the implementation schedule submitted by the licensee and approved by the NRC. All subsequent changes to the NRG-approved CSP implementation schedule, thus, will require prior NRC approval as required by 10 CFR 50.90.

4.0 STATE CONSULTATION

In accordance with the Commission's regulations, the State of Florida official was notified of the proposed issuance of the amendment. The State official had no comment.

5.0 ENVIRONMENTAL CONSIDERATION

These amendments relate solely to safeguards matters and do not involve any significant construction impacts. Accordingly, these amendments meet the eligibility criteria for categorical exclusion set forth in 10 CFR 51.22(c)(12). Pursuant to 10 CFR 51.22(b), no environmental impact statement or environmental assessment need be prepared in connection with the issuance of these amendments.

6.0 CONCLUSION

The Commission has concluded, based on the considerations discussed above, that (1) there is reasonable assurance that the health and safety of the public will not be endangered by

operation in the proposed manner, (2) there is reasonable assurance that such activities will be conducted in compliance with the Commission's regulations, and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public.

Principal Contributor: John Rycyna, NSIR Date: June 5, 2015

ML15121A182 *By e-mail (Accession No. ML15126A002) **NLO by e-mail OFFICE LPL2-2/PM LPL2-2/LA LPL2-2/LA NSIR/CSD/DD*

NAME PT am LRonewicz BClayton RFelts DATE 5/1/15 6/1 /15 5/5/15 5/4/15 OFFICE OGC** LPL2-2/BC LPL2-2/PM NAME NSt.Amour SHelton PTam DATE 5/27/15 6/3/15 6/5/15