ML15126A002: Difference between revisions
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
||
Line 18: | Line 18: | ||
=Text= | =Text= | ||
{{#Wiki_filter: | {{#Wiki_filter:1 NRR-PMDAPEm Resource From:Felts, Russell Sent: Monday, May 04, 2015 6:33 AM To: Helton, Shana Cc: Saba, Farideh; Tam, Peter; Rycyna, John | ||
==Subject:== | ==Subject:== | ||
Line 25: | Line 25: | ||
Saint Lucie cyber security amendment TAC MF4334.docx Shana, I concur on the attached draft amendment package for St Lucie. | Saint Lucie cyber security amendment TAC MF4334.docx Shana, I concur on the attached draft amendment package for St Lucie. | ||
Warm regards, Russ Russell Felts Deputy Director | Warm regards, Russ Russell Felts Deputy Director | ||
Cyber Security Directorate Office of Nuclear Security and Incident Response | Cyber Security Directorate Office of Nuclear Security and Incident Response | ||
Line 35: | Line 35: | ||
==Subject:== | ==Subject:== | ||
Concurrence on the SE for St. Lucie cyber security plan Milestone 8 amendment (TAC MF4334 and MF4335) | Concurrence on the SE for St. Lucie cyber security plan Milestone 8 amendment (TAC MF4334 and MF4335) | ||
Russell: | Russell: Using a draft SE provided by John Rycyna, I hav e prepared a draft amendment package (ADAMS Accession No. ML15121A182). Since the draft SE was not formally transmitted to us, I am now seeking your concurrence on the draft amendment package. A single-sentence email from you to my supervisor Shana Helton will satisfy this need. Thanks. | ||
Using a draft SE provided by John Rycyna, I hav e prepared a draft amendment package (ADAMS Accession No. ML15121A182). Since the draft SE was not formally transmitted to us, I am now seeking your concurrence on the draft amendment package. A single-sentence email from you to my supervisor Shana Helton will satisfy this need. Thanks. | |||
cxxÜ fA gtÅ Senior Project Manager - Rehired Annuitant Plant Licensing Branch 2-2 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation | cxxÜ fA gtÅ Senior Project Manager - Rehired Annuitant Plant Licensing Branch 2-2 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation | ||
Line 60: | Line 59: | ||
The amendments revise the completion date for Milestone 8, full implementation, of the Cyber Security Plan from December 31, 2015, to December 17, 2017. | The amendments revise the completion date for Milestone 8, full implementation, of the Cyber Security Plan from December 31, 2015, to December 17, 2017. | ||
The NRC staff'srelated safety evaluation of the amendmentsis enclosed. The Notice of Issuancewill be included in the Commission's biweekly Federal Register notice. , as Sincerely, Farideh E. Saba, Senior Project Manager Plant Licensing Branch II-2 Division of Operator Reactor Licensing Office of Nuclear Reactor Regulation | The NRC staff'srelated safety evaluation of the amendmentsis enclosed. The Notice of Issuancewill be included in the Commission's biweekly Federal Register notice. , as Sincerely, Farideh E. Saba, Senior Project Manager Plant Licensing Branch II-2 Division of Operator Reactor Licensing Office of Nuclear Reactor Regulation | ||
Docket Nos. 50-335 and 50-389 | Docket Nos. 50-335 and 50-389 | ||
Line 100: | Line 99: | ||
Remove Page Insert Page 3 3 4 4 c applicableprovisionsoftheActandtotherules,regulations,andordersof the Commissionnoworhereafterineffect;andissubjecttotheadditional conditions specifiedorincorporated below: A. MaximumPower Level FPLisauthorizedtooperatethefacilityatsteadystatereactorcorepower levels notinexcessof3020megawatts | Remove Page Insert Page 3 3 4 4 c applicableprovisionsoftheActandtotherules,regulations,andordersof the Commissionnoworhereafterineffect;andissubjecttotheadditional conditions specifiedorincorporated below: A. MaximumPower Level FPLisauthorizedtooperatethefacilityatsteadystatereactorcorepower levels notinexcessof3020megawatts | ||
{thermal). B. TechnicalSpecifications TheTechnicalSpecificationscontainedinAppendicesAandB,as revised throughAmendmentNo.___areherebyincorporatedintherenewed license. | {thermal). B. TechnicalSpecifications TheTechnicalSpecificationscontainedinAppendicesAandB,as revised throughAmendmentNo.___areherebyincorporatedintherenewed license. FPLshalloperatethefacilityinaccordancewiththeTechnicalSpecifications. | ||
FPLshalloperatethefacilityinaccordancewiththeTechnicalSpecifications. | AppendixB, theEnvironmentalProtectionPlan(Non-Radiological),contains environmentalconditionsoftherenewedlicense. Ifsignificantdetrimentaleffects orevidenceofirreversibledamagearedetectedbythemonitoring programs requiredbyAppendixBofthislicense,FPLwillprovidetheCommissionwith an analysisoftheproblemandplanofactiontobetakensubjectto Commission approvaltoeliminateorsignificantlyreducethedetrimentaleffectsor damage. C. UpdatedFinalSafetyAnalysis Report TheUpdatedFinalSafetyAnalysisReportsupplement submittedpursuant to 10CFR54.21(d),asrevisedonMarch28,2003,describescertainfuture activitie stobecompletedbeforetheperiodofextendedoperation. FPL shall completetheseactivitiesnolaterthanMarch1,2016,andshallnotifytheNRC in writingwhenimplementationoftheseactivitiesiscompleteandcanbeverified by NRC inspection. | ||
AppendixB, theEnvironmentalProtectionPlan(Non-Radiological),contains environmentalconditionsoftherenewedlicense. Ifsignificantdetrimentaleffects orevidenceofirreversibledamagearedetectedbythemonitoring programs requiredbyAppendixBofthislicense,FPLwillprovidetheCommissionwith an analysisoftheproblemandplanofactiontobetakensubjectto Commission approvaltoeliminateorsignificantlyreducethedetrimentaleffectsor damage. C. UpdatedFinalSafetyAnalysis Report TheUpdatedFinalSafetyAnalysisReportsupplement submittedpursuant to 10CFR54.21(d),asrevisedonMarch28,2003,describescertainfuture activitie stobecompletedbeforetheperiodofextendedoperation. FPL shall completetheseactivitiesnolaterthanMarch1,2016,andshallnotifytheNRC in writingwhenimplementationoftheseactivitiesiscompleteandcanbeverified by | TheUpdatedFinalSafetyAnalysisReportsupplementasrevisedonMarch 28, 2003,describedabove,shallbeincludedinthenextscheduledupdateto the UpdatedFinalSafetyAnalysisReportrequiredby10CFR50.71(e)(4),following issuanceofthisrenewedlicense. Untilthatupdateiscomplete,FPLmaymake changestotheprogramsdescribedinsuchsupplement withoutpriorCommission approval,providedthatFPLevaluateseachsuchchangepursuanttothecriteria setforthin10CFR50.59andotherwisecomplieswiththerequirementsin that section. D. SustainedCoreUncovery Actions Proceduralguidanceshallbeinplacetoinstructoperatorstoimplement actions thataredesignedtomitigateasmall-breakloss-of-coolant accidentpriorto a calculatedtimeofsustainedcore uncovery. RenewedLicenseNo.DPR-67 Amendment No._____ | ||
TheUpdatedFinalSafetyAnalysisReportsupplementasrevisedonMarch 28, 2003,describedabove,shallbeincludedinthenextscheduledupdateto the UpdatedFinalSafetyAnalysisReportrequiredby10CFR50.71(e)(4),following issuanceofthisrenewedlicense. Untilthatupdateiscomplete,FPLmaymake changestotheprogramsdescribedinsuchsupplement withoutpriorCommission approval,providedthatFPLevaluateseachsuchchangepursuanttothecriteria setforthin10CFR50.59andotherwisecomplieswiththerequirementsin that section. D. SustainedCoreUncovery Actions Proceduralguidanceshallbeinplacetoinstructoperatorstoimplement actions thataredesignedtomitigateasmall-breakloss-of-coolant accidentpriorto a calculatedtimeofsustainedcore uncovery. | |||
RenewedLicenseNo.DPR-67 Amendment No._____ | |||
c . E. Fire Protection FPL shall implement and maintain in effect all provisions of the approved fireprotection program as described in the Updated Final Safety Analysis Report forthe facility (The fire protection program and features were originally described inFPL submittals L-83-514 dated October 7, 1983, L-83-227 dated April 12, 1983,L-83-261 dated April 25, 1983, L-83-453 dated August 24, 1983, L-83-488 | c . E. Fire Protection FPL shall implement and maintain in effect all provisions of the approved fireprotection program as described in the Updated Final Safety Analysis Report forthe facility (The fire protection program and features were originally described inFPL submittals L-83-514 dated October 7, 1983, L-83-227 dated April 12, 1983,L-83-261 dated April 25, 1983, L-83-453 dated August 24, 1983, L-83-488 | ||
Line 123: | Line 120: | ||
: 3. Minimizing fire spread 4. Procedures for implementing integrated fire response strategy 5. Identification of readily-available pre-staged equipment | : 3. Minimizing fire spread 4. Procedures for implementing integrated fire response strategy 5. Identification of readily-available pre-staged equipment | ||
Renewed License No. DPR-67 Amendment No. 202 | Renewed License No. DPR-67 Amendment No. 202 , 211 , 214, ___ | ||
, 211, 214, ___ | |||
FLORIDA POWER & LIGHT COMPANY DOCKET NO. 50-389 ST. LUCIE PLANT UNIT NO. 2 AMENDMENT TO RENEWED FACI LITY OPERATING LICENSE | FLORIDA POWER & LIGHT COMPANY DOCKET NO. 50-389 ST. LUCIE PLANT UNIT NO. 2 AMENDMENT TO RENEWED FACI LITY OPERATING LICENSE | ||
Line 156: | Line 152: | ||
3 3 5 5 | 3 3 5 5 | ||
c neutronsourcesforreactorstartup,sealedsourcesforreactorinstrumentation andradiationmonitoringequipmentcalibration,andasfissiondetectors in amountsas required. | c neutronsourcesforreactorstartup,sealedsourcesforreactorinstrumentation andradiationmonitoringequipmentcalibration,andasfissiondetectors in amountsas required. D. PursuanttotheActand10CFRParts30,40,and70,FPLtoreceive, possess, anduseinamountsasrequiredanybyproduct,source,orspecialnuclear materialwithoutrestrictiontochemicalorphysicalform,forsampleanalysis or instrumentcalibrationorassociatedwithradioactiveapparatusor components; and E. PursuanttotheActand10CFRParts30,40,and70,FPLtopossess,butnot separate,suchbyproductandspecialnuclearmaterialsasmaybeproduced by theoperationofthe facility. 3. Thisrenewedlicenseshallbedeemedtocontainandissubjecttothe conditions specifiedinthefollowingCommission'sregulations:10CFRPart20,Section30.34of 10CFRPart30,Section40.41of10CFRPart40,Section50.54and50.59 of 10CFRPart50,andSection70.32of10CFRPart70;andissubjecttoallapplicable provisionsoftheActandtotherules,regulations,andordersoftheCommissionnow or hereafterineffect;andissubjecttotheadditionalconditionsspecified below: A. MaximumPower Level FPLisauthorizedtooperatethefacilityatsteadystatereactorcorepower levels notinexcessof3020megawatts (thermal). B. TechnicalSpecifications TheTechnicalSpecificationscontainedinAppendicesA and8,asrevised throughAmendmentNo.___areherebyincorporatedintherenewed license. FPLshalloperatethefacilityinaccordance withtheTechnicalSpecifications. | ||
D. PursuanttotheActand10CFRParts30,40,and70,FPLtoreceive, possess, anduseinamountsasrequiredanybyproduct,source,orspecialnuclear materialwithoutrestrictiontochemicalorphysicalform,forsampleanalysis or instrumentcalibrationorassociatedwithradioactiveapparatusor components; and E. PursuanttotheActand10CFRParts30,40,and70,FPLtopossess,butnot separate,suchbyproductandspecialnuclearmaterialsasmaybeproduced by theoperationofthe facility. | |||
FPLshalloperatethefacilityinaccordance withtheTechnicalSpecifications. | |||
RenewedLicenseNo. | RenewedLicenseNo. | ||
Line 178: | Line 171: | ||
FPL will restrict the mFDI of each ZIRLO TM clad fuel pin to 110 percent of thebaseline mFDI of 600. | FPL will restrict the mFDI of each ZIRLO TM clad fuel pin to 110 percent of thebaseline mFDI of 600. | ||
For a fraction of the fuel pins in a limited number of assemblies (8), FPL willrestrict the fuel duty of ZIRLO TM clad fuel pins to 120 percent of the baselinemFDlof600. | For a fraction of the fuel pins in a limited number of assemblies (8), FPL willrestrict the fuel duty of ZIRLO TM clad fuel pins to 120 percent of the baselinemFDlof600. | ||
Renewed License No. NPF-16 Amendment No. 150 | Renewed License No. NPF-16 Amendment No. 150 , 160 , 164 , ___ | ||
, 160, 164, ___ | |||
Enclosure SAFETY EVALUATION BY THE OFFICE OF NUCLEAR SECURITY AND INCIDENT RESPONSE RELATED TO AMENDMENT NOS.AND TO RENEWED FACILITY OPERATING LICENSE NOS. DPR-67 AND NPF-16 FLORIDA POWER & LIGHT COMPANY, ET AL. | Enclosure SAFETY EVALUATION BY THE OFFICE OF NUCLEAR SECURITY AND INCIDENT RESPONSE RELATED TO AMENDMENT NOS.AND TO RENEWED FACILITY OPERATING LICENSE NOS. DPR-67 AND NPF-16 FLORIDA POWER & LIGHT COMPANY, ET AL. | ||
ST. LUCIE PLANT, UNIT NOS. 1 AND 2 DOCKET NOS. 50-335 AND 50-389 | ST. LUCIE PLANT, UNIT NOS. 1 AND 2 DOCKET NOS. 50-335 AND 50-389 | ||
Line 188: | Line 180: | ||
above paragraph refer to the publicly available redacted version. | above paragraph refer to the publicly available redacted version. | ||
For the subject application, as supplemented, the Nuclear Regulatory Commission (NRC) published its proposed no significant hazards consideration in the Federal Register on November 4, 2014 (79 FR 65431). | For the subject application, as supplemented, the Nuclear Regulatory Commission (NRC) published its proposed no significant hazards consideration in the Federal Register on November 4, 2014 (79 FR 65431). | ||
==2.0 REGULATORY EVALUATION== | ==2.0 REGULATORY EVALUATION== | ||
Line 211: | Line 203: | ||
The licensee provided the following information pertinent to each of the criteria identified in the NRC guidance memorandum cited in Section 2.0 above. | The licensee provided the following information pertinent to each of the criteria identified in the NRC guidance memorandum cited in Section 2.0 above. | ||
(1) Identification of the specific requirement or requirements of the cyber security plan that the licensee needs additional time to implement | (1) Identification of the specific requirement or requirements of the cyber security plan that the licensee needs additional time to implement. The licensee stated that the specific CSP requirement requiring additional time to | ||
. The licensee stated that the specific CSP requirement requiring additional time to | |||
implement is CSP Section 3.1, Analyzing Digital Computer Systems and Networks Applying CyberSecurity Controls. The licensee provided a list of activities required to implement the CSP requirements. | implement is CSP Section 3.1, Analyzing Digital Computer Systems and Networks Applying CyberSecurity Controls. The licensee provided a list of activities required to implement the CSP requirements. | ||
(2) Detailed justification that describes the reason the licensee requires additional time to implement the specific requirement or requirements identified | (2) Detailed justification that describes the reason the licensee requires additional time to implement the specific requirement or requirements identified. The licensee stated that CDA assessment work is resource-intensive.St. Lucie has approximately 2250 CDAs. | ||
. The licensee stated that CDA assessment work is resource-intensive.St. Lucie has approximately 2250 CDAs. | |||
* Assessment is challenging due to uncertainty surrounding security controls interpretation. | * Assessment is challenging due to uncertainty surrounding security controls interpretation. | ||
* The licensee underestimated the level of effort necessary to address security controls. | * The licensee underestimated the level of effort necessary to address security controls. | ||
Line 235: | Line 225: | ||
* Modifications that added security controls have added new change management issues. | * Modifications that added security controls have added new change management issues. | ||
The licensee stated that site training needs and schedules need to be revised and training resources need to be addressed. | The licensee stated that site training needs and schedules need to be revised and training resources need to be addressed. | ||
(3) A proposed completion date for Milestone 8 consistent with the remaining scope of work to be conducted and the resources available | (3) A proposed completion date for Milestone 8 consistent with the remaining scope of work to be conducted and the resources available. The licensee proposed a Milestone 8 completion date of December 31, 2017. The licensee also stated that changing the completion date of Milestone 8 will encompass two additional refueling outages per unit and provides adequate time to complete CDA assessment, implement design modifications based on assessment results, update existing procedures and develop new procedures to complete full implementation of the CSP. | ||
. The licensee proposed a Milestone 8 completion date of December 31, 2017. The licensee also stated that changing the completion date of Milestone 8 will encompass two additional refueling outages per unit and provides adequate time to complete CDA assessment, implement design modifications based on assessment results, update existing procedures and develop new procedures to complete full implementation of the CSP. | (4) An evaluation of the impact that theadditional timetoimplement therequirementswill haveon theeffectivenessofthelicensee's overallcyber security program in the context of milestones already completed. The licensee stated that, based on the CSP program implementation activities already completed and activities currently in progress, St. Lucie is secure and FPL will continue to ensure that digital computer and communications systems and networks are adequately protected against cyber attacks during implementation of the remainder of the program by the proposedMilestone 8 date of December 31, 2017. The completed activities provide a high degree of protection against cyber-attacks while St. Lucie implements the full CSP. The licensee provided details about implementation of each of the milestones. | ||
(4) An evaluation of the impact that theadditional timetoimplement therequirementswill haveon theeffectivenessofthelicensee's overallcyber security program in the context of milestones already completed | (5) A description of the licensee's methodology for prioritizing completion of work for critical digital assets associated with significant safety consequences and with reactivity effects in the balance of plant. The licensee stated that its methodology for prioritizing the St. Lucie CSP Milestone 8 activities is centered on considerations for safety, security, emergency preparedness (EP), and balance-of-plant (continuity of power) consequences. The methodology is based on defense-in-depth, installed configuration of the CDA, and susceptibility to commonly identified threat vectors. Prioritization of CDA assessments begins with safety-related CDAs and continues through the lower priority non-safety-related and EP CDAs as follows: | ||
. The licensee stated that, based on the CSP program implementation activities already completed and activities currently in progress, St. Lucie is secure and FPL will continue to ensure that digital computer and communications systems and networks are adequately protected against cyber attacks during implementation of the remainder of the program by the proposedMilestone 8 date of December 31, 2017. The completed activities provide a high degree of protection against cyber-attacks while St. Lucie implements the full CSP. The licensee provided details about implementation of each of the milestones. | |||
(5) A description of the licensee's methodology for prioritizing completion of work for critical digital assets associated with significant safety consequences and with reactivity effects in the balance of plant | |||
. The licensee stated that its methodology for prioritizing the St. Lucie CSP Milestone 8 activities is centered on considerations for safety, security, emergency preparedness (EP), and balance-of-plant (continuity of power) consequences. The methodology is based on defense-in-depth, installed configuration of the CDA, and susceptibility to commonly identified threat vectors. Prioritization of CDA assessments begins with safety-related CDAs and continues through the lower priority non-safety-related and EP CDAs as follows: | |||
* Safety-related CDAs | * Safety-related CDAs | ||
* Physical security CDAs | * Physical security CDAs | ||
* Important-to-safety CDAs (including balance-of-plant CDAs that directly impact continuity of power and control system CDAs) | * Important-to-safety CDAs (including balance-of-plant CDAs that directly impact continuity of power and control system CDAs) | ||
* Non-safety-related and EP CDAs (6) A discussion of the licensee's cyber security program performance up to the date of the license amendment request | * Non-safety-related and EP CDAs (6) A discussion of the licensee's cyber security program performance up to the date of the license amendment request. The licensee stated that implementation of the requirements of Milestones 1 through 7 has been completed and these improvements are proviging a high degree of protection against cyber attacks, until full program implementation. Further, the licensee stated it has completed a comprehensive self-assessment for all 7 milestones to ensure completeness and effectiveness. Self-assessment issues were entered into the Corrective Action Program (CAP)and addressed for program improvement. Ongoing monitoring and periodic actions provide continuing program performance monitoring. | ||
. The licensee stated that implementation of the requirements of Milestones 1 through 7 has been completed and these improvements are proviging a high degree of protection against cyber attacks, until full program implementation. Further, the licensee stated it has completed a comprehensive self-assessment for all 7 milestones to ensure completeness and effectiveness. Self-assessment issues were entered into the Corrective Action Program (CAP)and addressed for program improvement. Ongoing monitoring and periodic actions provide continuing program performance monitoring. | |||
(7) A discussion of cyber security issues pending in the licensee's corrective action program (CAP) | (7) A discussion of cyber security issues pending in the licensee's corrective action program (CAP). The licensee stated that the St. Lucie CAP is used to document all cyber issues in order to trend, correct, and improve the St. Lucie CSP. The CAP database documents and tracks, from initiation to closure, all cyber security required actions, including issues identified during ongoing program assessment activities. Adverse trends are monitored for program improvement and addressed via the CAP process. Examples of issues and activities pending in the CAP were provided. | ||
. The licensee stated that the St. Lucie CAP is used to document all cyber issues in order to trend, correct, and improve the St. Lucie CSP. The CAP database documents and tracks, from initiation to closure, all cyber security required actions, including issues identified during ongoing program assessment activities. Adverse trends are monitored for program improvement and addressed via the CAP process. Examples of issues and activities pending in the CAP were provided. | |||
(8) A discussion of modifications completed to support the cyber security program and a discussion of pending cyber security modifications | (8) A discussion of modifications completed to support the cyber security program and a discussion of pending cyber security modifications. | ||
. | |||
The licensee provided a discussion of a completed modification. | The licensee provided a discussion of a completed modification. | ||
Line 258: | Line 242: | ||
The licensee stated that the CSP requirement regarding additional time to implement is found in | The licensee stated that the CSP requirement regarding additional time to implement is found in | ||
CSP Section 3.1, "Analyzing Digital Computer Systems and Networks Applying Cyber Security Controls." The licensee provided a list of additional activities required to implement the CSP requirement. | CSP Section 3.1,"Analyzing Digital Computer Systems and Networks Applying Cyber Security Controls." The licensee provided a list of additional activities required to implement the CSP requirement. | ||
The licensee indicated that completion of the activities associated with the CSP, as described in Milestones 1 through 7 and completed prior to December 31, 2012, provides a high degree of protection to ensure that the most significant digital computer and communication systems and networks associated with safety, security, and emergency preparedness systems are already protected against cyber attacks. It detailed activities completed for each milestone and noted that several elements of Milestone 8 have already been implemented or will be implemented by the original Milestone 8 date of September 30, 2014. It provided details about the completed milestones and elements. On such bases, the NRC staff finds that the licensee's site is much more secure after implementation of Milestones 1 through 7 because the activities the licensee completed will mitigate the most significant cyber attack vectors for the most significant CDAs. | The licensee indicated that completion of the activities associated with the CSP, as described in Milestones 1 through 7 and completed prior to December 31, 2012, provides a high degree of protection to ensure that the most significant digital computer and communication systems and networks associated with safety, security, and emergency preparedness systems are already protected against cyber attacks. It detailed activities completed for each milestone and noted that several elements of Milestone 8 have already been implemented or will be implemented by the original Milestone 8 date of September 30, 2014. It provided details about the completed milestones and elements. On such bases, the NRC staff finds that the licensee's site is much more secure after implementation of Milestones 1 through 7 because the activities the licensee completed will mitigate the most significant cyber attack vectors for the most significant CDAs. |
Revision as of 03:36, 9 July 2018
ML15126A002 | |
Person / Time | |
---|---|
Site: | Saint Lucie |
Issue date: | 05/04/2015 |
From: | Russell Felts Office of Nuclear Security and Incident Response |
To: | Shana Helton Plant Licensing Branch II |
References | |
TAC MF4334, TAC MF4335 | |
Download: ML15126A002 (22) | |
Text
1 NRR-PMDAPEm Resource From:Felts, Russell Sent: Monday, May 04, 2015 6:33 AM To: Helton, Shana Cc: Saba, Farideh; Tam, Peter; Rycyna, John
Subject:
RE: Concurrence on the SE for St. Lucie cyber security plan Milestone 8 amendment (TAC MF4334 and MF4335)
Attachments:
Saint Lucie cyber security amendment TAC MF4334.docx Shana, I concur on the attached draft amendment package for St Lucie.
Warm regards, Russ Russell Felts Deputy Director
Cyber Security Directorate Office of Nuclear Security and Incident Response
(301) 287-3734 (301) 287-3607 (direct)
(301) 512-3156 (cell)
From: Tam, Peter Sent: Friday, May 01, 2015 11:12 AM To: Felts, Russell; Rycyna, John Cc: Saba, Farideh; Helton, Shana
Subject:
Concurrence on the SE for St. Lucie cyber security plan Milestone 8 amendment (TAC MF4334 and MF4335)
Russell: Using a draft SE provided by John Rycyna, I hav e prepared a draft amendment package (ADAMS Accession No. ML15121A182). Since the draft SE was not formally transmitted to us, I am now seeking your concurrence on the draft amendment package. A single-sentence email from you to my supervisor Shana Helton will satisfy this need. Thanks.
cxxÜ fA gtÅ Senior Project Manager - Rehired Annuitant Plant Licensing Branch 2-2 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation
Hearing Identifier: NRR_PMDA Email Number: 2041 Mail Envelope Properties (7B2090EE1041E5408EC15DF2B2ED88DD0A997A33E2)
Subject:
RE: Concurrence on the SE for St. Lucie cyber security plan Milestone 8 amendment (TAC MF4334 and MF4335) Sent Date: 5/4/2015 6:32:41 AM Received Date: 5/4/2015 6:32:43 AM From: Felts, Russell Created By: Russell.Felts@nrc.gov Recipients: "Saba, Farideh" <Farideh.Saba@nrc.gov> Tracking Status: None "Tam, Peter" <Peter.Tam@nrc.gov> Tracking Status: None "Rycyna, John" <John.Rycyna@nrc.gov>
Tracking Status: None "Helton, Shana" <Shana.Helton@nrc.gov> Tracking Status: None
Post Office: HQCLSTR01.nrc.gov Files Size Date & Time MESSAGE 1104 5/4/2015 6:32:43 AM Saint Lucie cyber security amendment TAC MF4334.docx 118127
Options Priority: Standard Return Notification: No Reply Requested: No Sensitivity: Normal Expiration Date: Recipients Received:
c Mr. Mano Nazar President and Chief Nuclear Officer Nuclear Division NextEra Energy P.O. Box 14000 700 Universe Boulevard Juno Beach, Florida 33408-0420
SUBJECT:
ST. LUCIE PLANT, UNIT NOS. 1 AND 2 - ISSUANCE OF AMENDMENTS TO REVISETHE CYBER SECURITY MILESTONE 8 COMPLETION DATE IN THE RENEWED FACILITY OPERATING LICENSES (TAC NOS. MF4334 AND MF4335)
Dear Mr. Nazar:
The U.S. Nuclear Regulatory Commission (NRC) has issued the enclosed Amendment Nos. andto Renewed Facility Operating License Nos. DPR-67 and NPF-16 for the St. Lucie Plant, Unit Nos. 1 and 2, respectively. These amendments consistof changes to the Renewed Operating Licensesin response to your application dated June 30, 2014, as supplemented by letter dated August 19, 2014.
The amendments revise the completion date for Milestone 8, full implementation, of the Cyber Security Plan from December 31, 2015, to December 17, 2017.
The NRC staff'srelated safety evaluation of the amendmentsis enclosed. The Notice of Issuancewill be included in the Commission's biweekly Federal Register notice. , as Sincerely, Farideh E. Saba, Senior Project Manager Plant Licensing Branch II-2 Division of Operator Reactor Licensing Office of Nuclear Reactor Regulation
Docket Nos. 50-335 and 50-389
Enclosures:
- 1. Amendment Nos. and
- 2. Safety Evaluation
cc w/encls: Distribution via Listserv
ML15121A182 OFFICE LPLII-2/PM LPLII-2/LA LPLII-2/LA NSIR/CSD/DD DSS/STSB NAME PTam LRonewicz BClayton RFelts RElliott DATE 5/1/15 5//15 5//15 / /15 / /15 OFFICE OGC LPLII-2/BC LPLII-2/PM NAME SHelton PTam DATE / /15 / /15 / /15
c FLORIDA POWER & LIGHT COMPANY DOCKET NO. 50-335 ST. LUCIE PLANT, UNIT NO. 1 AMENDMENT TO RENEWED FACI LITY OPERATING LICENSE
Amendment No. Renewed License No. DPR-67
- 1. The Nuclear Regulatory Commission (the Commission) has found that:
A. The application for amendment by Florida Power & Light Company (FPL, the licensee), dated June 30, 2014,as supplemented on August 19, 2014, complies with the standards and requirements of the Atomic Energy Act of 1954, as amended (the Act) and the Commission's rules and regulations set forth in 10 CFR Chapter I; B. The facility will operate in conformity with the application, the provisions of the Act, and the rules and regulations of the Commission; C. There is reasonable assurance (i) that the activities authorized by this amendment can be conducted without endangering the health and safety of the public, and (ii) that such activities will be conducted in compliance with the Commission's regulations; D. The issuance of this amendment will not be inimical to the common defense and security or to the health and safety of the public; and E. The issuance of this amendment is in accordance with 10 CFR Part 51 of the Commission's regulations and all applicable requirements have been satisfied.
- 2. Accordingly, Renewed Facility Operating License No. DPR-67 is amended by changing paragraph 3.B to read as follows:
B. Technical Specifications The Technical Specifications contained in Appendices A and B, as revised through Amendment No., are hereby incorporated in the renewed license. FPL shall operate the facility in accordance with the Technical Specifications.
- 3. Accordingly, Renewed Facility Operating License No. DPR-67 is also amended by changing the last sentence of paragraph 3.F, Physical Protection, to read as follows:
The St. Lucie CSP was approved by License Amendment No. 211 as supplemented by clarifications approv ed by License Amendment Nos. 214 and
_____.
- 4. This license amendment is effective as of its date of issuance and shall be implemented within 60 days.
FOR THE NUCLEAR REGULATORY COMMISSION
Shana R. Helton, Chief Plant Licensing Branch II-2 Division of Operator Reactor Licensing Office of Nuclear Reactor Regulation
Attachment:
Changes to the Renewed Facility Operating License
Date of Issuance:
c ATTACHMENT TO LICENSE AMENDMENT NO.
TO RENEWED FACILITY OPERATING LICENSE NO. DPR-67 DOCKET NO. 50-335
Replace the following pages of Renewed Facility Operating LicenseDPR-67 with the attached pages. The revised pagesare identified by amendment number and contain vertical lines indicating the areas of change.
Remove Page Insert Page 3 3 4 4 c applicableprovisionsoftheActandtotherules,regulations,andordersof the Commissionnoworhereafterineffect;andissubjecttotheadditional conditions specifiedorincorporated below: A. MaximumPower Level FPLisauthorizedtooperatethefacilityatsteadystatereactorcorepower levels notinexcessof3020megawatts
{thermal). B. TechnicalSpecifications TheTechnicalSpecificationscontainedinAppendicesAandB,as revised throughAmendmentNo.___areherebyincorporatedintherenewed license. FPLshalloperatethefacilityinaccordancewiththeTechnicalSpecifications.
AppendixB, theEnvironmentalProtectionPlan(Non-Radiological),contains environmentalconditionsoftherenewedlicense. Ifsignificantdetrimentaleffects orevidenceofirreversibledamagearedetectedbythemonitoring programs requiredbyAppendixBofthislicense,FPLwillprovidetheCommissionwith an analysisoftheproblemandplanofactiontobetakensubjectto Commission approvaltoeliminateorsignificantlyreducethedetrimentaleffectsor damage. C. UpdatedFinalSafetyAnalysis Report TheUpdatedFinalSafetyAnalysisReportsupplement submittedpursuant to 10CFR54.21(d),asrevisedonMarch28,2003,describescertainfuture activitie stobecompletedbeforetheperiodofextendedoperation. FPL shall completetheseactivitiesnolaterthanMarch1,2016,andshallnotifytheNRC in writingwhenimplementationoftheseactivitiesiscompleteandcanbeverified by NRC inspection.
TheUpdatedFinalSafetyAnalysisReportsupplementasrevisedonMarch 28, 2003,describedabove,shallbeincludedinthenextscheduledupdateto the UpdatedFinalSafetyAnalysisReportrequiredby10CFR50.71(e)(4),following issuanceofthisrenewedlicense. Untilthatupdateiscomplete,FPLmaymake changestotheprogramsdescribedinsuchsupplement withoutpriorCommission approval,providedthatFPLevaluateseachsuchchangepursuanttothecriteria setforthin10CFR50.59andotherwisecomplieswiththerequirementsin that section. D. SustainedCoreUncovery Actions Proceduralguidanceshallbeinplacetoinstructoperatorstoimplement actions thataredesignedtomitigateasmall-breakloss-of-coolant accidentpriorto a calculatedtimeofsustainedcore uncovery. RenewedLicenseNo.DPR-67 Amendment No._____
c . E. Fire Protection FPL shall implement and maintain in effect all provisions of the approved fireprotection program as described in the Updated Final Safety Analysis Report forthe facility (The fire protection program and features were originally described inFPL submittals L-83-514 dated October 7, 1983, L-83-227 dated April 12, 1983,L-83-261 dated April 25, 1983, L-83-453 dated August 24, 1983, L-83-488
datedSeptember 16,1983, L-83-588 dated December 14,1983, L-84-346 datedNovember 28, 1984, L-84-390 dated December 31, 1984, and L-85-71 datedFebruary 21, 1985) and as approved by NRC letter dated July. 17, 1984, andsupplemented by NRC letters dated February 21,1985, March 5,1987, andOctober 4, 1988, subject to the following provision:
FPL may make changes to the approved fire protection programwithout prior approval of the Commission only if those changeswouldnot adversely affect the ability to achieve and maintain safe shutdownin the event of a fire.
F. Physical Protection The licensee shall fully Implement and maintain in effect all provisions of theCommission-approved physical security. training and qualification, and
safeguardscontingency plans including amendments made pursuant to provision of theMiscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55(51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and10 CFR 50.54(p). The combined set of plans, which contains SafeguardsInformation protected under 10 CFR 73.21, is entitled: "Florida Power and Light &FPL Energy Seabrook Physical Security Plan, Training and Qualification Plan andSafeguards Contingency Plan - Revision 3," submitted by letter datedMay 18. 2006. St. Lucie shall fully implement and maintain in effect all provisionsof the Commission-approved cyber security plan (CSP). including changes madepursuant to the
authority of 10 CFR 50.90 and 10 CFR 50.54(p). The St. LucieCSP was approved by License Amendment No. 211 as supplemented by clarifications approved by License Amendment Nos. 214 and _____.
G. Mitigation Strategy License Condition Develop and maintain strategies for addressing large fires and explosions andthat include the following key areas:
(a) Fire fighting response strategy with the following elements: 1. Pre-defined coordinated fire response strategy and guidance
- 2. Assessment of mutual aid fire fighting assets
- 3. Designated staging areas for equipment and materials
- 4. Command and control
- 5. Training of response personnel (b) Operations to mitigate fuel damage considering the following: 1. Protection and use of personnel assets 2. Communications
- 3. Minimizing fire spread 4. Procedures for implementing integrated fire response strategy 5. Identification of readily-available pre-staged equipment
Renewed License No. DPR-67 Amendment No. 202 , 211 , 214, ___
FLORIDA POWER & LIGHT COMPANY DOCKET NO. 50-389 ST. LUCIE PLANT UNIT NO. 2 AMENDMENT TO RENEWED FACI LITY OPERATING LICENSE
Amendment No.
Renewed License No. NPF-16
- 1. The Nuclear Regulatory Commission (the Commission) has found that:
A. The application for amendment by Florida Power & Light Company (FPL, the licensee), dated June 30, 2014,as supplemented on August 19, 2014, complies with the standards and requirements of the Atomic Energy Act of 1954, as amended (the Act) and the Commission's rules and regulations set forth in 10 CFR Chapter I; B. The facility will operate in conformity with the application, the provisions of the Act, and the rules and regulations of the Commission; C. There is reasonable assurance (i) that the activities authorized by this amendment can be conducted without endangering the health and safety of the public, and (ii) that such activities will be conducted in compliance with the Commission's regulations; D. The issuance of this amendment will not be inimical to the common defense and security or to the health and safety of the public; and E. The issuance of this amendment is in accordance with 10 CFR Part 51 of the Commission's regulations and all applicable requirements have been satisfied.
- 2. Accordingly, Renewed Facility Operating License No. NPF-16 is amended by changing paragraph 3.B to read as follows:
B. Technical Specifications The Technical Specifications contained in Appendices A and B, as revised through Amendment No. ___, are hereby incorporated in the renewed license. FPL shall operate the facility in accordance with the Technical Specifications.
- 3. Accordingly, Renewed Facility Operating License No. NPF-16 is also amended by changing the last sentence of paragraph 3.F, Physical Protection, to read as follows:
St. Lucie CSPwas approved by License Amendment No. 160 as supplemented by clarifications approved by License Amendment Nos. 164 and ____.
- 4. This license amendment is effective as of its date of issuance and shall be implemented within 60 days.
FOR THE NUCLEAR REGULATORY COMMISSION
Shana R. Helton,Chief Plant Licensing Branch II-2 Division of Operator Reactor Licensing Office of Nuclear Reactor Regulation
Attachment:
Changes to the Renewed Facility Operating License
Date of Issuance:
c ATTACHMENT TO LICENSE AMENDMENT NO.
TO RENEWED FACILITY OPERATING LICENSE NO. NPF-16 DOCKET NO. 50-389
Replace pages of Renewed Operating License NPF-16 as follows. The revised pages are identified by amendment number and contain vertical lines indicating the areas of change.
Remove Page Insert Page
3 3 5 5
c neutronsourcesforreactorstartup,sealedsourcesforreactorinstrumentation andradiationmonitoringequipmentcalibration,andasfissiondetectors in amountsas required. D. PursuanttotheActand10CFRParts30,40,and70,FPLtoreceive, possess, anduseinamountsasrequiredanybyproduct,source,orspecialnuclear materialwithoutrestrictiontochemicalorphysicalform,forsampleanalysis or instrumentcalibrationorassociatedwithradioactiveapparatusor components; and E. PursuanttotheActand10CFRParts30,40,and70,FPLtopossess,butnot separate,suchbyproductandspecialnuclearmaterialsasmaybeproduced by theoperationofthe facility. 3. Thisrenewedlicenseshallbedeemedtocontainandissubjecttothe conditions specifiedinthefollowingCommission'sregulations:10CFRPart20,Section30.34of 10CFRPart30,Section40.41of10CFRPart40,Section50.54and50.59 of 10CFRPart50,andSection70.32of10CFRPart70;andissubjecttoallapplicable provisionsoftheActandtotherules,regulations,andordersoftheCommissionnow or hereafterineffect;andissubjecttotheadditionalconditionsspecified below: A. MaximumPower Level FPLisauthorizedtooperatethefacilityatsteadystatereactorcorepower levels notinexcessof3020megawatts (thermal). B. TechnicalSpecifications TheTechnicalSpecificationscontainedinAppendicesA and8,asrevised throughAmendmentNo.___areherebyincorporatedintherenewed license. FPLshalloperatethefacilityinaccordance withtheTechnicalSpecifications.
RenewedLicenseNo.
NPF-16 AmendmentNo.___
F. Physical Protection The licensee shall fully implement and maintain in effect all provisions of theCommission-approved physical security, training and qualification, andsafeguards contingency plans including amendments made pursuant toprovision of the Miscellaneous Amendments and Search Requirements revisionsto 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90and 10 CFR 50.54(p). The combined set of plans, which contains SafeguardsInformation protected under 10 CFR 73.21, is entitled: "Florida Power and Light &FPL Energy Seabrook Physical Security Plan, Training and Qualification Planand Safeguards Contingency Plan - Revision 3," submitted by letter datedMay 18, 2006. St. Lucie shall fully implement and maintain in effect all provisionsof the Commission-approved cyber security plan (CSP), including changes madepursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p).
St. Lucie CSP was approved by License Amendment No. 160 as supplemented by clarifications approved by License Amendment Nos. 164 and ____.
G. Before engaging in additional construction or operational activities which mayresult in a significant adverse environmental impact that was not evaluated orthat is significantly greater than that evaluated in the Final EnvironmentalStatement dated April 1982, FPL shall provide written notification to the Office ofNuclear Reactor Regulation.
H. DELETED
I. FPL shall notify the Commission, as soon as possible but not later than onehour, of any accident at this facility which could result in an unplanned release ofquantities of fission products in excess of allowable limits for normal operationestablished by the Commission.
J. FPL shall have and maintain financial protection of such type and in suchamounts as the Commission shall require in accordance with Section 170 of theAtomic Energy Act of 1954, as amended, to cover public liability claims.
K. The use of ZIRLO TM clad fuel at St. Lucie Unit 2 will be subject to the followingrestrictions:
FPL will limit the fuel duty for St. Lucie Unit 2 to a baseline modified Fuel DutyIndex (mFDI) of 600 with a provision for adequate margin to account forvariations in core design (e.g., cycle length, plant operating conditions, etc).This limit will be applicable until data is available demonstrating the
performanceof ZIRLO TM cladding at Combustion Engineering 16x16 plants.
FPL will restrict the mFDI of each ZIRLO TM clad fuel pin to 110 percent of thebaseline mFDI of 600.
For a fraction of the fuel pins in a limited number of assemblies (8), FPL willrestrict the fuel duty of ZIRLO TM clad fuel pins to 120 percent of the baselinemFDlof600.
Renewed License No. NPF-16 Amendment No. 150 , 160 , 164 , ___
Enclosure SAFETY EVALUATION BY THE OFFICE OF NUCLEAR SECURITY AND INCIDENT RESPONSE RELATED TO AMENDMENT NOS.AND TO RENEWED FACILITY OPERATING LICENSE NOS. DPR-67 AND NPF-16 FLORIDA POWER & LIGHT COMPANY, ET AL.
ST. LUCIE PLANT, UNIT NOS. 1 AND 2 DOCKET NOS. 50-335 AND 50-389
1.0 INTRODUCTION
By letter dated June 30, 2014 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML14192A022), as supplemented by letter dated August 19, 2014 (ADAMS Accession No. ML14241A422), Florida Power & Light Company (FPL, the licensee) submitted an application for amendment to revise the implementation date of Cyber Security Plan (CSP) Milestone 8. Milestone 8 of the CSP is concerned with the full implementation of the CSP. Portions of the licensee'sJune 30 and August 19, 2014, letterscontain sensitive unclassified non-safeguards information and, accordingly, those portions are withheld from public disclosure in accordance with the provisions of 10CFR2.390(d)(1). The accession numbers cited in the
above paragraph refer to the publicly available redacted version.
For the subject application, as supplemented, the Nuclear Regulatory Commission (NRC) published its proposed no significant hazards consideration in the Federal Register on November 4, 2014 (79 FR 65431).
2.0 REGULATORY EVALUATION
The NRC staff had previously reviewed and approved the licensee's CSP implementation schedule by Amendment No. 211 and 160 for Saint Lucie Plant, Unit Nos. 1 and 2, respectively, and concurrently with the incorporation of the CSP into the current licensing bases. Subsequently, the NRC staff issued Amendment Nos. 214 and 164 to revise Milestone 6 for each unit, respectively. The NRC staff considered the following regulatory requirements and guidance in its review of the current application for amendment to modify the existing CSP implementation schedule: (1) Titlte 10 of the Code of Federal Regulations,Sectin 73.54 (10CFR73.54) states:
-..Each [CSP] submittal must include a proposed implementation schedule. Implementation of the licensee's cyber security program must be consistent with the approved schedule.
(2) Amendment No. 211 and Amendment No. 160, dated August 31, 2011, which approved the licensee's CSP and implementation schedule, include the following statement: "St.
Lucie shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p)."
(3) In a publically available NRC memorandum, R. Feltsto B. Westreich,dated October 24, 2013 (ADAMS Accession No. ML13295A467), the NRC staff listed criteria that it would consider during its evaluations of licensees' requests to postpone their cyber security program implementation date (commonly known as Milestone 8).
3.0 TECHNICAL EVALUATION
3.1 Licensee's Requested Change
By Amendment Nos. 211 (for Unit 1) and 160 (for Unit 2)the NRC staff approved the licensee's CSP implementation schedule, as discussed in the safety evaluation issued concurrently with those amendments. The implementation schedule had been submitted by the licensee based on a template (ADAMS Accession No. ML110600218)prepared by the Nuclear Energy Institute (NEI), which the NRC staff found acceptable for licensees to use to develop their CSP implementation schedules. The licensee's proposed implementation schedule for the St. Lucie Plant CSP identified completion dates and bases for the following eight milestones:
- 1) Establish the Cyber Security Assessment Team (CSAT); 2) Identify Critical Systems (CSs) and Critical Digital Assets (CDAs);
- 3) Install a data diode device between lower level devices and higher level devices;
- 4) Implement the security control "Access Control For Portable And Mobile Devices"; 5) Implement observation and identification of obvious cyber-related tampering to existing insider mitigation rounds; 6) Identify, document, and implement cyber security controls in accordance with "Mitigation of Vulnerabilities and Application of Cyber Security Controls" for CDAs that could adversely impact the design function of physical security target set equipment; 7) Ongoing monitoring and assessment activities for those target set CDAs whose security controls have been implemented; 8) Fully implement the CSP.
Currently, Milestone 8 of the licensee's CSP requires the licensee to fully implement the CSP by December 31, 2015. In its June 30, 2014, application, the licenseeproposed to change the Milestone 8 completion date to December 31, 2017. The licensee's application addressed the 8 criteria in the NRC's October 24, 2014 guidance memorandum.
The licensee provided the following information pertinent to each of the criteria identified in the NRC guidance memorandum cited in Section 2.0 above.
(1) Identification of the specific requirement or requirements of the cyber security plan that the licensee needs additional time to implement. The licensee stated that the specific CSP requirement requiring additional time to
implement is CSP Section 3.1, Analyzing Digital Computer Systems and Networks Applying CyberSecurity Controls. The licensee provided a list of activities required to implement the CSP requirements.
(2) Detailed justification that describes the reason the licensee requires additional time to implement the specific requirement or requirements identified. The licensee stated that CDA assessment work is resource-intensive.St. Lucie has approximately 2250 CDAs.
- Assessment is challenging due to uncertainty surrounding security controls interpretation.
- The licensee underestimated the level of effort necessary to address security controls.
- Rework is a major concern - budgets are approved in advance on a definedscope of work.
- The licensee will have to increase resources to cope with magnitude of the work identified.
The licensee stated that remediation activities need to be carefully considered:
- Security controls modifications are unique and new to the plant and suppliers.
- Plant modifications cannot affect plant safety and operation.
The licensee stated that there are change management challenges:
- Cyber security integrates into day-to-day plant operations, maintenance, engineering and procurement activities.
- Integration of controls takes longer than anticipated due to work control process and maintenance activities.
- Additional burden on maintenance to address security controls integrity during work on CDAs.
- Cyber security and controls being implemented on CDAs are new to maintenance, engineering and operations.
- Work control planners are challenged by the nuances associated with cyber security controls.
- Training and qualifications of maintenance personnel is a challenge.
- Modifications that added security controls have added new change management issues.
The licensee stated that site training needs and schedules need to be revised and training resources need to be addressed.
(3) A proposed completion date for Milestone 8 consistent with the remaining scope of work to be conducted and the resources available. The licensee proposed a Milestone 8 completion date of December 31, 2017. The licensee also stated that changing the completion date of Milestone 8 will encompass two additional refueling outages per unit and provides adequate time to complete CDA assessment, implement design modifications based on assessment results, update existing procedures and develop new procedures to complete full implementation of the CSP.
(4) An evaluation of the impact that theadditional timetoimplement therequirementswill haveon theeffectivenessofthelicensee's overallcyber security program in the context of milestones already completed. The licensee stated that, based on the CSP program implementation activities already completed and activities currently in progress, St. Lucie is secure and FPL will continue to ensure that digital computer and communications systems and networks are adequately protected against cyber attacks during implementation of the remainder of the program by the proposedMilestone 8 date of December 31, 2017. The completed activities provide a high degree of protection against cyber-attacks while St. Lucie implements the full CSP. The licensee provided details about implementation of each of the milestones.
(5) A description of the licensee's methodology for prioritizing completion of work for critical digital assets associated with significant safety consequences and with reactivity effects in the balance of plant. The licensee stated that its methodology for prioritizing the St. Lucie CSP Milestone 8 activities is centered on considerations for safety, security, emergency preparedness (EP), and balance-of-plant (continuity of power) consequences. The methodology is based on defense-in-depth, installed configuration of the CDA, and susceptibility to commonly identified threat vectors. Prioritization of CDA assessments begins with safety-related CDAs and continues through the lower priority non-safety-related and EP CDAs as follows:
- Safety-related CDAs
- Physical security CDAs
- Important-to-safety CDAs (including balance-of-plant CDAs that directly impact continuity of power and control system CDAs)
- Non-safety-related and EP CDAs (6) A discussion of the licensee's cyber security program performance up to the date of the license amendment request. The licensee stated that implementation of the requirements of Milestones 1 through 7 has been completed and these improvements are proviging a high degree of protection against cyber attacks, until full program implementation. Further, the licensee stated it has completed a comprehensive self-assessment for all 7 milestones to ensure completeness and effectiveness. Self-assessment issues were entered into the Corrective Action Program (CAP)and addressed for program improvement. Ongoing monitoring and periodic actions provide continuing program performance monitoring.
(7) A discussion of cyber security issues pending in the licensee's corrective action program (CAP). The licensee stated that the St. Lucie CAP is used to document all cyber issues in order to trend, correct, and improve the St. Lucie CSP. The CAP database documents and tracks, from initiation to closure, all cyber security required actions, including issues identified during ongoing program assessment activities. Adverse trends are monitored for program improvement and addressed via the CAP process. Examples of issues and activities pending in the CAP were provided.
(8) A discussion of modifications completed to support the cyber security program and a discussion of pending cyber security modifications.
The licensee provided a discussion of a completed modification.
3.2 NRC Staff Evaluation The NRC staff evaluated the licensee's applicati on using the regulatory requirements and the guidance cited in Section 2.0 above.
The licensee stated that the CSP requirement regarding additional time to implement is found in
CSP Section 3.1,"Analyzing Digital Computer Systems and Networks Applying Cyber Security Controls." The licensee provided a list of additional activities required to implement the CSP requirement.
The licensee indicated that completion of the activities associated with the CSP, as described in Milestones 1 through 7 and completed prior to December 31, 2012, provides a high degree of protection to ensure that the most significant digital computer and communication systems and networks associated with safety, security, and emergency preparedness systems are already protected against cyber attacks. It detailed activities completed for each milestone and noted that several elements of Milestone 8 have already been implemented or will be implemented by the original Milestone 8 date of September 30, 2014. It provided details about the completed milestones and elements. On such bases, the NRC staff finds that the licensee's site is much more secure after implementation of Milestones 1 through 7 because the activities the licensee completed will mitigate the most significant cyber attack vectors for the most significant CDAs.
The licensee proposed a Milestone 8 completion date of December 31, 2017. The licensee stated that changing the completion date of Milestone 8 allows for two additional refueling outages per unit and provides adequate time to complete CDA assessment, implement design modifications based on assessment results, update existing procedures and develop new
procedures to complete full implementation of the CSP. The NRC staff has had extensive interaction with the nuclear industry since licensees first developed their CSP implementation schedules. Based on this interaction, the NRC staff recognizes that CDA assessment work is much more complex and resource-intensive than originally anticipated. The licensee has a large number of CDAs and underestimated the level of effort to address security controls for each of the CDAs when developing its CSP implementation schedule. The NRC staff finds that the licensee's request for additional time to implement Milestone 8 is reasonable given the unanticipated complexity and scope of the work required to come into full compliance with its CSP.
The licensee stated that its methodology for prioritizing the St. Lucie CSP Milestone 8 activities is centered on considerations for safety, security, emergency preparedness, and balance-of-plant (continuityof power) consequences. The methodology is based on defense-in-depth, installed configuration of the CDA, and susceptibility to five commonly identified threat vectors.
Prioritization of CDA assessments begins with safety-related CDAs and continues through the lower priority non-safety-related CDAs. The NRC staff finds that based on the large number of digital assets described above and the limited resources with the appropriate expertise to perform these activities, the licensee's methodology for prioritizing work on CDAs is appropriate.
The NRC staff further finds that the licensees reques t to delay final implementation of the CSP until December 31, 2017, is reasonable given the complexity of the remaining unanticipated work and the need to perform certain work, including design changes, during scheduled fuel outages.
3.3 Revision to License Condition
The licensee proposed to modify the part of License Condition 3.F of Renewed Facility
Operating License No. DPR-67 as follows: St. Lucie shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP). including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The St. Lucie CSP was approved by License Amendment No. 211 as supplemented by aClarification s approved by License Amendment No. 214 and No. _____.
The licensee proposed to modify the part of License Condition 3.F of Renewed Facility Operating License NPF-16 as follows:
St. Lucie shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP). including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). St. Lucie CSP was approved by License Amendment No. 160 as supplemented by
aClarification s approved by License Amendment No. 164 and No. _____.
3.4 Summary of Technical Evaluation
The NRC staff determines that the licensee's reques t to delay full implementation of its CSP until December 31, 2017, is reasonable for the following reasons: (i) the licensee's implementation of Milestones 1 through 7 already provides mitigation for significant cyber attack vectors for the most significant CDAs, as discussed above; (ii) the scope of the work required to come into full compliance with the CSP implementation schedule was much more complicated than anticipated and not reasonably foreseeable; and (iii) the licensee has reasonably prioritized and scheduled the work required to come into full compliance with its CSP implementation schedule.
Based on its review of the application, as supplemented, the NRC staff concludes that the licensee's implementation of Milestones 1 through 7 has added additional protection which provides mitigation for significant cyber attack vectors forc the most significant CDAs, that the licensee's explanation of the need for additional time is compelling, and that it is acceptable for the licensee to complete implementation of Milestone 8, full implementation of the CSP by December 31, 2017. The NRC staff also concludes that, upon full implementation of the licensee's cyber security program, the requi rements of the licensee's CSP and 10 CFR 73.54 will be met. Therefore, the NRC staff finds the proposed change acceptable.
The NRC staff does not regard the CSP milestone implementation dates as regulatory commitments that can be changed unilaterally by the licensee, particularly in light of the regulatory requirement at 10 CFR 73.54, that "[i]mplementation of the licensee's cyber security program must be consistent with the approved schedule." As the NRC staff explained in its letter to all operating reactor licensees dated May 9, 2011 (ADAMS Accession No.
ML110980538), the implementation of the plan, including the key intermediate milestone dates and the full implementation date shall be in accordance with the implementation schedule submitted by the licensee and approved by the NRC. All subsequent changes to the NRC-approved CSP implementation schedule, thus, will require prior NRC approval as required by 10 CFR 50.90.
4.0 STATE CONSULTATION
In accordance with the Commission's regulations, Florida State official was notified of the proposed issuance of the amendment. The State official had no comment.
5.0 ENVIRONMENTAL CONSIDERATION
These amendments relate solely to safeguards matters and do not involve any significant construction impacts. Accordingly, these amendments meet the eligibility criteria for categorical exclusion set forth in 10 CFR 51.22(c)(12). Pursuant to 10 CFR 51.22(b), no environmental impact statement or environmental assessment need be prepared in connection with the issuance of these amendments.
6.0 CONCLUSION
The Commission has concluded, based on the considerations discussed above, that: (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner, (2) there is reasonable assurance that such activities will be conducted in compliance with the Commission's regulations, and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public.
Principal Contributor: John Rycyna ccDate: c