ML14317A551: Difference between revisions
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
||
Line 21: | Line 21: | ||
==SUBJECT:== | ==SUBJECT:== | ||
DONALD C. COOK NUCLEAR PLANT, UNITS 1 AND 2 -ISSUANCE OF AMENDMENTS RE: CYBER SECURITY IMPLEMENTATION SCHEDULE (TAC NOS. MF3363 AND MF3364) | DONALD C. COOK NUCLEAR PLANT, UNITS 1 AND 2 -ISSUANCE OF AMENDMENTS RE: CYBER SECURITY IMPLEMENTATION SCHEDULE (TAC NOS. MF3363 AND MF3364) | ||
Line 29: | Line 28: | ||
==Enclosures:== | ==Enclosures:== | ||
: 1. Amendment No. 325 to DPR-58 2. Amendment No. 308 to DPR-74 3. Safety Evaluation cc w/encls: | : 1. Amendment No. 325 to DPR-58 2. Amendment No. 308 to DPR-74 3. Safety Evaluation cc w/encls: Distribution via ListServ Sincerely, Mahesh Chawla, Project Manager Plant Licensing Branch 111-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 INDIANA MICHIGAN POWER COMPANY DOCKET NO. 50-315 DONALD C. COOK NUCLEAR PLANT. UNIT 1 AMENDMENT TO RENEWED FACILITY OPERATING LICENSE Amendment No. 325 License No. DPR-58 1. The U.S. Nuclear Regulatory Commission (the Commission) has found that: A. The application for amendment by Indiana Michigan Power Company (the licensee) dated January 10, 2014, as supplemented by letter dated May 27, 2014, complies with the standards and requirements of the Atomic Energy Act of 1954, as amended (the Act), and the Commission's rules and regulations set forth in 10 CFR Chapter I; B. The facility will operate in conformity with the application, the provisions of the Act, and the rules and regulations of the Commission; C. There is reasonable assurance (i) that the activities authorized by this amendment can be conducted without endangering the health and safety of the public, and (ii) that such activities will be conducted in compliance with the Commission's regulations; D. The issuance of this amendment will not be inimical to the common defense and security or to the health and safety of the public; and E. The issuance of this amendment is in accordance with 10 CFR Part 51 of the Commission's regulations and all applicable requirements have been satisfied. | ||
Distribution via ListServ Sincerely, Mahesh Chawla, Project Manager Plant Licensing Branch 111-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 INDIANA MICHIGAN POWER COMPANY DOCKET NO. 50-315 DONALD C. COOK NUCLEAR PLANT. UNIT 1 AMENDMENT TO RENEWED FACILITY OPERATING LICENSE Amendment No. 325 License No. DPR-58 1. The U.S. Nuclear Regulatory Commission (the Commission) has found that: A. The application for amendment by Indiana Michigan Power Company (the licensee) dated January 10, 2014, as supplemented by letter dated May 27, 2014, complies with the standards and requirements of the Atomic Energy Act of 1954, as amended (the Act), and the Commission's rules and regulations set forth in 10 CFR Chapter I; B. The facility will operate in conformity with the application, the provisions of the Act, and the rules and regulations of the Commission; C. There is reasonable assurance (i) that the activities authorized by this amendment can be conducted without endangering the health and safety of the public, and (ii) that such activities will be conducted in compliance with the Commission's regulations; D. The issuance of this amendment will not be inimical to the common defense and security or to the health and safety of the public; and E. The issuance of this amendment is in accordance with 10 CFR Part 51 of the Commission's regulations and all applicable requirements have been satisfied. | : 2. Accordingly, the license is amended by changes as indicated in the attachment to this license amendment, and Paragraph 2.D of Renewed Facility Operating License No. DPR-58 is hereby amended to read as follows: The Indiana and Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission-approved Donald C. Cook Nuclear Plant Cyber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). | ||
: 2. Accordingly, the license is amended by changes as indicated in the attachment to this license amendment, and Paragraph 2.D of Renewed Facility Operating License No. DPR-58 is hereby amended to read as follows: | |||
The Indiana and Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission-approved Donald C. Cook Nuclear Plant Cyber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). | |||
The Donald C. Cook Nuclear Plant CSP was approved by License Amendment No. 315 as supplemented by changes approved by License Amendment Nos. 319 and 325. Enclosure 1 3. This license amendment is effective as of its date of issuance and shall be implemented within 60 days from the date of issuance. | The Donald C. Cook Nuclear Plant CSP was approved by License Amendment No. 315 as supplemented by changes approved by License Amendment Nos. 319 and 325. Enclosure 1 3. This license amendment is effective as of its date of issuance and shall be implemented within 60 days from the date of issuance. | ||
The full implementation of the CSP shall be in accordance with the implementation schedule submitted by the licensee on January 10, 2014, as supplemented by letter dated May 27, 2014, and approved by the NRC staff with this license amendment. | The full implementation of the CSP shall be in accordance with the implementation schedule submitted by the licensee on January 10, 2014, as supplemented by letter dated May 27, 2014, and approved by the NRC staff with this license amendment. | ||
Line 40: | Line 37: | ||
Changes to Renewed Operating License No. DPR-58 REGULATORY COMMISSION David L. Pelton, Chief Plant Licensing Branch 111-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Date of Issuance: | Changes to Renewed Operating License No. DPR-58 REGULATORY COMMISSION David L. Pelton, Chief Plant Licensing Branch 111-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Date of Issuance: | ||
December 18, 2014 ATTACHMENT TO LICENSE AMENDMENT NO. 325 TO RENEWED FACILITY OPERATING LICENSE NO. DPR-58 DOCKET NO. 50-315 Replace the following page of the Renewed Facility Operating License No. DPR-58 with the attached revised page. The changed area is identified by a marginal line. REMOVE INSERT Page 9 Page 9 (19) Operation with Vacuum Fill: The licensee is authorized to operate the facility using Reactor Coolant System (RCS) vacuum fill operation in accordance with TS 3.4.3, "RCS Pressure and Temperature (Pff) Limits," | December 18, 2014 ATTACHMENT TO LICENSE AMENDMENT NO. 325 TO RENEWED FACILITY OPERATING LICENSE NO. DPR-58 DOCKET NO. 50-315 Replace the following page of the Renewed Facility Operating License No. DPR-58 with the attached revised page. The changed area is identified by a marginal line. REMOVE INSERT Page 9 Page 9 (19) Operation with Vacuum Fill: The licensee is authorized to operate the facility using Reactor Coolant System (RCS) vacuum fill operation in accordance with TS 3.4.3, "RCS Pressure and Temperature (Pff) Limits," with corresponding revisions to Figure 3.4.3-1, "Reactor Coolant System Pressure versus Temperature Limits -Heatup Limit, Criticality Limit, and Leak Test Limit (Applicable for service period up to 32 EFPY)," and Figure 3.4.3-2, "Reactor Coolant System Pressure versus Temperature Limits -Various Cooldown Rates Limits (Applicable for service period up to 32 EFPY)," as approved in License Amendment No. 323 to Renewed Facility Operating License No. DPR-58. This includes an approved extension to -14.7 pounds per square inch gage to bound the RCS conditions required to support vacuum fill operation. | ||
with corresponding revisions to Figure 3.4.3-1, "Reactor Coolant System Pressure versus Temperature Limits -Heatup Limit, Criticality Limit, and Leak Test Limit (Applicable for service period up to 32 EFPY)," and Figure 3.4.3-2, "Reactor Coolant System Pressure versus Temperature Limits -Various Cooldown Rates Limits (Applicable for service period up to 32 EFPY)," as approved in License Amendment No. 323 to Renewed Facility Operating License No. DPR-58. This includes an approved extension to -14.7 pounds per square inch gage to bound the RCS conditions required to support vacuum fill operation. | The licensee shall submit an analysis of the Prr curves in Figures 3.4.3-1 and 3.4.3-2 within one year of the date of issuance of License Amendment No. 323, which demonstrates consideration of all ferritic reactor vessel materials as defined in Appendix G to 10 CFR Part 50, including non-beltline ferritic reactor vessel materials." D. Physical Protection The Indiana Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revision to 10 CFR 73.55 (51 FR 27817 and 27822), and the authority of 10 CFR 50.90 and 10 CFR 50.54(p). | ||
The licensee shall submit an analysis of the Prr curves in Figures 3.4.3-1 and 3.4.3-2 within one year of the date of issuance of License Amendment No. 323, which demonstrates consideration of all ferritic reactor vessel materials as defined in Appendix G to 10 CFR Part 50, including non-beltline ferritic reactor vessel materials." | The combined set of plans\ which contain Safeguards Information protected under 10 CFR 73.21, is entitled: "Donald C. Cook Nuclear Plant Security Plan, Training and Qualification Plan, and Safeguards Contingency Plan, Revision 1 ," submitted by letter dated May 10, 2006. The Indiana and Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission-approved Donald C. Cook Nuclear Plant Cyber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). | ||
D. Physical Protection The Indiana Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission-approved physical | The Donald C. Cook Nuclear Plant CSP was approved by License Amendment No. 315 as supplemented by changes approved by License Amendment Nos. 319 and 325. E. Deleted by Amendment No. 80 F. Deleted by Amendment No. 80 G. In all places of this renewed operating license, the reference to the Indiana and Michigan Electric Company is amended to read Indiana Michigan Power Company. H. Deleted by Amendment No. 287 1 The Training and Qualification Plan and Safeguards Contingency Plan are Appendices to the Security Plan Renewed License No. DPR-58 Amendment No. 325 UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 INDIANA MICHIGAN POWER COMPANY DOCKET NO. 50-316 DONALD C. COOK NUCLEAR PLANT. UNIT 2 AMENDMENT TO RENEWED FACILITY OPERATING LICENSE Amendment No. 308 License No. DPR-74 1. The U.S. Nuclear Regulatory Commission (the Commission) has found that: A. The application for amendment by Indiana Michigan Power Company (the licensee) | ||
The combined set of plans\ which contain Safeguards Information protected under 10 CFR 73.21, is entitled: | |||
"Donald C. Cook Nuclear Plant Security Plan, Training and Qualification Plan, and Safeguards Contingency Plan, Revision 1 ," submitted by letter dated May 10, 2006. The Indiana and Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission-approved Donald C. Cook Nuclear Plant Cyber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). | |||
The Donald C. Cook Nuclear Plant CSP was approved by License Amendment No. 315 as supplemented by changes approved by License Amendment Nos. 319 and 325. E. Deleted by Amendment No. 80 F. Deleted by Amendment No. 80 G. In all places of this renewed operating | |||
H. Deleted by Amendment No. 287 1 The Training and Qualification Plan and Safeguards Contingency Plan are Appendices to the Security Plan Renewed License No. DPR-58 Amendment No. 325 UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 INDIANA MICHIGAN POWER COMPANY DOCKET NO. 50-316 DONALD C. COOK NUCLEAR PLANT. UNIT 2 AMENDMENT TO RENEWED FACILITY OPERATING LICENSE Amendment No. 308 License No. DPR-74 1. The U.S. Nuclear Regulatory Commission (the Commission) has found that: A. The application for amendment by Indiana Michigan Power Company (the licensee) | |||
January 10, 2014, as supplemented by letter dated May 27, 2014, complies with the standards and requirements of the Atomic Energy Act of 1954, as amended (the Act), and the Commission's rules and regulations set forth in 10 CFR Chapter I; B. The facility will operate in conformity with the application, the provisions of the Act, and the rules and regulations of the Commission; C. There is reasonable assurance (i) that the activities authorized by this amendment can be conducted without endangering the health and safety of the public, and (ii) that such activities will be conducted in compliance with the Commission's regulations; D. The issuance of this amendment will not be inimical to the common defense and security or to the health and safety of the public, and E. The issuance of this amendment is in accordance with 10 CFR Part 51 of the Commission's regulations and all applicable requirements have been satisfied. | January 10, 2014, as supplemented by letter dated May 27, 2014, complies with the standards and requirements of the Atomic Energy Act of 1954, as amended (the Act), and the Commission's rules and regulations set forth in 10 CFR Chapter I; B. The facility will operate in conformity with the application, the provisions of the Act, and the rules and regulations of the Commission; C. There is reasonable assurance (i) that the activities authorized by this amendment can be conducted without endangering the health and safety of the public, and (ii) that such activities will be conducted in compliance with the Commission's regulations; D. The issuance of this amendment will not be inimical to the common defense and security or to the health and safety of the public, and E. The issuance of this amendment is in accordance with 10 CFR Part 51 of the Commission's regulations and all applicable requirements have been satisfied. | ||
: 2. Accordmgly, the license is amended by changes as indicated in the attachment to this license amendment, and Paragraph 2.D of Renewed Facility Operating License No. DPR-7 4 is hereby amended to read as follows: | : 2. Accordmgly, the license is amended by changes as indicated in the attachment to this license amendment, and Paragraph 2.D of Renewed Facility Operating License No. DPR-7 4 is hereby amended to read as follows: The Indiana and Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission-approved Donald C. Cook Nuclear Plant Cyber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). | ||
The Indiana and Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission-approved Donald C. Cook Nuclear Plant Cyber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). | |||
The Donald C. Cook Nuclear Plant CSP was approv.ed by License Enclosure 2 Amendment No. 299 as supplemented by changes approved by License Amendment Nos. 303 and 308. 3. This license amendment is effective as of its date of issuance and shall be implemented within 60 days from the date of issuance. | The Donald C. Cook Nuclear Plant CSP was approv.ed by License Enclosure 2 Amendment No. 299 as supplemented by changes approved by License Amendment Nos. 303 and 308. 3. This license amendment is effective as of its date of issuance and shall be implemented within 60 days from the date of issuance. | ||
The full implementation of the CSP shall be in accordance with the implementation schedule submitted by the licensee on January 10, 2014, as supplemented by letter dated May 27, 2014, and approved by the NRC staff with this license amendment. | The full implementation of the CSP shall be in accordance with the implementation schedule submitted by the licensee on January 10, 2014, as supplemented by letter dated May 27, 2014, and approved by the NRC staff with this license amendment. | ||
Line 61: | Line 51: | ||
Changes to Renewed Operating License No. DPR-74 FOR THE NUCLEAR REGULATORY COMMISSION | Changes to Renewed Operating License No. DPR-74 FOR THE NUCLEAR REGULATORY COMMISSION | ||
______ __ Plant Licensing Branch 111-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Date of Issuance: | ______ __ Plant Licensing Branch 111-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Date of Issuance: | ||
December 18, 2014 ATTACHMENT TO LICENSE AMENDMENT NO. 308 TO RENEWED FACILITY OPERATING LICENSE NO. DPR-74 DOCKET NO. 50-316 Replace the following page of the Renewed Facility Operating License No. DPR-74 with the attached revised page. The changed area is identified by a marginal line. REMOVE INSERT Page 10 Page 10 (Ill) The first performance of the periodic measurement of CRE pressure, TS 5.5.16.d, shall be within 24 months, plus the 182 days allowed by SR 3.0.2, as measured from the date of the most recent successful pressure measurement test, or within 182 days if not performed previously. | December 18, 2014 ATTACHMENT TO LICENSE AMENDMENT NO. 308 TO RENEWED FACILITY OPERATING LICENSE NO. DPR-74 DOCKET NO. 50-316 Replace the following page of the Renewed Facility Operating License No. DPR-74 with the attached revised page. The changed area is identified by a marginal line. REMOVE INSERT Page 10 Page 10 (Ill) The first performance of the periodic measurement of CRE pressure, TS 5.5.16.d, shall be within 24 months, plus the 182 days allowed by SR 3.0.2, as measured from the date of the most recent successful pressure measurement test, or within 182 days if not performed previously. (gg) Operation with Vacuum Fill: The licensee is authorized to operate the facility using Reactor Coolant System (RCS) vacuum fill operation in accordance with TS 3.4.3, "RCS Pressure and Temperature (PIT) Limits," with corresponding revisions to Figure 3.4.3-1, "Reactor Coolant System Pressure versus Temperature Limits -Heatup Limit, Criticality Limit, and Leak Test Limit (Applicable for service period up to 32 EFPY)," and Figure 3.4.3-2, "Reactor Coolant System Pressure versus Temperature Limits -Various Cooldown Rates Limits (Applicable for service period up to 32 EFPY)," as approved in License Amendment No. 306 to Renewed Facility Operating License No. DPR-74. This includes an approved extension to -14.7 pounds per square inch gage to bound the RCS conditions required to support vacuum fill operation. | ||
(gg) Operation with Vacuum Fill: The licensee is authorized to operate the facility using Reactor Coolant System (RCS) vacuum fill operation in accordance with TS 3.4.3, "RCS Pressure and Temperature (PIT) Limits," | The licensee shall submit an analysis of the PIT curves in Figures 3.4.3-1 and 3.4.3-2 within one year of the date of issuance of License Amendment No. 306, which demonstrates consideration of all ferritic reactor vessel materials as defined in Appendix G to 10 CFR Part 50, including non-beltline ferritic reactor vessel materials." D. Physical Protection The Indiana Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822), and the authority of 10 CFR 50.90 and 10 CFR 50.54(p). | ||
with corresponding revisions to Figure 3.4.3-1, "Reactor Coolant System Pressure versus Temperature Limits -Heatup Limit, Criticality Limit, and Leak Test Limit (Applicable for service period up to 32 EFPY)," and Figure 3.4.3-2, "Reactor Coolant System Pressure versus Temperature Limits -Various Cooldown Rates Limits (Applicable for service period up to 32 EFPY)," as approved in License Amendment No. 306 to Renewed Facility Operating License No. DPR-74. This includes an approved extension to -14.7 pounds per square inch gage to bound the RCS conditions required to support vacuum fill operation. | The combined set of plans\ which contain Safeguards Information protected under 10 CFR 73.21, is entitled: "Donald C. Cook Nuclear Plant Security Plan, Training and Qualification Plan, and Safeguards Contingency Plan, Revision 1 ," submitted by letter dated May 10, 2006. The Indiana and Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission-approved Donald C. Cook Nuclear Plant Cyber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). | ||
The licensee shall submit an analysis of the PIT curves in Figures 3.4.3-1 and 3.4.3-2 within one year of the date of issuance of License Amendment No. 306, which demonstrates consideration of all ferritic reactor vessel materials as defined in Appendix G to 10 CFR Part 50, including non-beltline ferritic reactor vessel materials." | The Donald C. Cook Nuclear Plant CSP was approved by License Amendment No. 299 as supplemented by changes approved by License Amendment Nos. 303 and 308. E. Deleted by Amendment No. 63 F. In all places of this renewed operating license, the reference to the Indiana and Michigan Electric Company is amended to read Indiana Michigan Power Company. 1 The Training and Qualification Plan and Safeguards Contingency Plan are Appendices to the Security Plan Renewed License No. DPR-74 Amendment 308 UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 SAFETY EVALUATION BY THE OFFICE OF NUCLEAR REACTOR REGULATION RELATED TO AMENDMENT NO. 325 TO RENEWED FACILITY OPERATING LICENSE NO. DPR-58 AND AMENDMENT NO. 308 TO RENEWED FACILITY OPERATING LICENSE NO. DPR-74 INDIANA MICHIGAN POWER COMPANY DONALD C. COOK NUCLEAR PLANT, UNITS 1 AND 2 DOCKET NOS. 50-315 AND 50-316 | ||
D. Physical Protection The Indiana Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission-approved physical | |||
The combined set of plans\ which contain Safeguards Information protected under 10 CFR 73.21, is entitled: | |||
"Donald C. Cook Nuclear Plant Security Plan, Training and Qualification Plan, and Safeguards Contingency Plan, Revision 1 ," submitted by letter dated May 10, 2006. The Indiana and Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission-approved Donald C. Cook Nuclear Plant Cyber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). | |||
The Donald C. Cook Nuclear Plant CSP was approved by License Amendment No. 299 as supplemented by changes approved by License Amendment Nos. 303 and 308. E. Deleted by Amendment No. 63 F. In all places of this renewed operating | |||
1 The Training and Qualification Plan and Safeguards Contingency Plan are Appendices to the Security Plan Renewed License No. DPR-74 Amendment 308 UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 SAFETY EVALUATION BY THE OFFICE OF NUCLEAR REACTOR REGULATION RELATED TO AMENDMENT NO. 325 TO RENEWED FACILITY OPERATING LICENSE NO. DPR-58 AND AMENDMENT NO. 308 TO RENEWED FACILITY OPERATING LICENSE NO. DPR-74 INDIANA MICHIGAN POWER COMPANY DONALD C. COOK NUCLEAR PLANT, UNITS 1 AND 2 DOCKET NOS. 50-315 AND 50-316 | |||
==1.0 INTRODUCTION== | ==1.0 INTRODUCTION== | ||
By application dated January 10, 2014 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML 14015A142), | By application dated January 10, 2014 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML 14015A142), supplemented by letter dated May 27, 2014 (ADAMS Accession No. ML 14150A442), Indiana Michigan Power Company (I&M), (the licensee) requested a change to the Renewed Facility Operating License (FOL) for Donald C. Cook Nuclear Power Plant (CNP) Units 1 and 2. The proposed change would revise the date of the Cyber Security Plan (CSP) Implementation Schedule Milestone 8 and Paragraph 2.D in the Renewed FOL. Milestone 8 of the CSP Implementation Schedule concerns the full implementation of the CSP. Portions of the letter dated January 10, 2014, contain sensitive unclassified non-safeguards (security-related) information and, accordingly, those portions are withheld from public disclosure in accordance with Title 10 of the Code of Federal Regulations (1 0 CFR) 2.390(d)(1 | ||
supplemented by letter dated May 27, 2014 (ADAMS Accession No. ML 14150A442), | ). The supplemental letter dated May 27, 2014, provided additional information that clarified the application, did not expand the scope of the application as originally noticed, and did not change the staff's original proposed no significant hazards consideration determination as published in tne Federal Register on July 8, 2014 (79 FR 38579). 2.0 REGULATORY EVALUATION The U.S. Nuclear Regulatory Commission (NRC) staff reviewed and approved the licensee's existing CSP Implementation Schedule by CNP License Amendment No. 315 to Renewed FOL DPR-58 for Unit 1 and Amendment No. 299 to Renewed FOL DPR-74 for Unit 2 dated July 28, 2011 (ADAMS Accession No. ML 11182A 178), concurrent with the incorporation of the CSP into the facilities' current licensing bases. By letter dated January 10, 2014, as supplemented by letter dated May 27, 2014, the licensee requested to change Milestone 8 of Enclosure 3 the CSP Implementation Schedule. | ||
Indiana Michigan Power Company (I&M), (the licensee) requested a change to the Renewed Facility Operating License (FOL) for Donald C. Cook Nuclear Power Plant (CNP) Units 1 and 2. The proposed change would revise the date of the Cyber Security Plan (CSP) Implementation Schedule Milestone 8 and Paragraph 2.D in the Renewed FOL. Milestone 8 of the CSP Implementation Schedule concerns the full implementation of the CSP. Portions of the letter dated January 10, 2014, contain sensitive unclassified non-safeguards (security-related) information and, accordingly, those portions are withheld from public disclosure in accordance with Title 10 of the Code of Federal Regulations (1 0 CFR) 2.390(d)(1 | |||
). The supplemental letter dated May 27, 2014, provided additional information that clarified the application, did not expand the scope of the application as originally | |||
The NRC staff considered the following regulatory requirements and guidance in its review of the January 10, 2014, license amendment request as supplemented by letter dated May 27, 2014, to modify the existing CSP Implementation Schedule: | The NRC staff considered the following regulatory requirements and guidance in its review of the January 10, 2014, license amendment request as supplemented by letter dated May 27, 2014, to modify the existing CSP Implementation Schedule: | ||
* The regulation at Section 73.54, "Protection of digital computer and communication systems and networks," | * The regulation at Section 73.54, "Protection of digital computer and communication systems and networks," states, in part, each [CSP] submittal must include a proposed implementation schedule. | ||
states, in part, each [CSP] submittal must include a proposed implementation schedule. | |||
Implementation of the licensee's cyber security program must be consistent with the approved schedule. | Implementation of the licensee's cyber security program must be consistent with the approved schedule. | ||
* The licensee's Renewed FOL includes a license condition that requires the licensee to fully implement and maintain in effect all provisions of the Commission-approved CSP. | * The licensee's Renewed FOL includes a license condition that requires the licensee to fully implement and maintain in effect all provisions of the Commission-approved CSP. | ||
* Review criteria provided by the NRC staff's internal memorandum, "Review Criteria for Title 10 of the Code of Federal Regulations Part 73.54, Cyber Security Implementation Schedule Milestone 8 License Amendment Requests," | * Review criteria provided by the NRC staff's internal memorandum, "Review Criteria for Title 10 of the Code of Federal Regulations Part 73.54, Cyber Security Implementation Schedule Milestone 8 License Amendment Requests," dated October 24, 2013 (ADAMS Accession No. ML 13295A467), to be considered for evaluating licensees' requests to postpone their cyber security program implementation date (commonly known as Milestone 8). The NRC staff does not regard the CSP milestone implementation dates as regulatory commitments that can be changed unilaterally by the licensee, particularly in light of the regulatory requirement at 10 CFR 73.54, that "[i]mplementation of the licensee's cyber security program must be consistent with the approved schedule." As the NRC staff explained in its letter to all operating reactor licensees dated May 9, 2011 (ADAMS Accession No. ML 11 0980538), the implementation of the plan, including the key intermediate milestone dates and the full implementation date shall be in accordance with the Implementation Schedule submitted by the licensee and approved by the NRC. All subsequent changes to the approved CSP Implementation Schedule, thus, will require prior NRC approval as required by 10 CFR 50.90. 3.0 TECHNICAL EVALUATION 3.1 Licensee's Requested Change The NRC staff issued Amendment No. 315 to Renewed FOL, DPR-58 for CNP Unit 1 on July 28, 2011, and Amendment No. 299 to Renewed FOL, DPR-74 for CNP Unit 2 on July 28, 2011 (ADAMS Accession No. ML 11182A178). | ||
dated October 24, 2013 (ADAMS Accession No. ML 13295A467), | The staff also approved the licensee's CSP Implementation Schedule, as discussed in the safety evaluation issued with the amendments. | ||
to be considered for evaluating licensees' requests to postpone their cyber security program implementation date (commonly known as Milestone 8). The NRC staff does not regard the CSP milestone implementation dates as regulatory commitments that can be changed unilaterally by the licensee, particularly in light of the regulatory requirement at 10 CFR 73.54, that "[i]mplementation of the licensee's cyber security program must be consistent with the approved schedule." | |||
As the NRC staff explained in its letter to all operating reactor licensees dated May 9, 2011 (ADAMS Accession No. ML 11 0980538), | |||
the implementation of the plan, including the key intermediate milestone dates and the full implementation date shall be in accordance with the Implementation Schedule submitted by the licensee and approved by the NRC. All subsequent changes to the approved CSP Implementation | |||
The staff also approved the licensee's CSP Implementation | |||
The Implementation Schedule had been submitted by the licensee based on a template prepared by the Nuclear Energy Institute (NEI), which the NRC staff found acceptable for licensees to use to develop their CSP Implementation Schedules (ADAMS Accession No. ML 11 0070348). | The Implementation Schedule had been submitted by the licensee based on a template prepared by the Nuclear Energy Institute (NEI), which the NRC staff found acceptable for licensees to use to develop their CSP Implementation Schedules (ADAMS Accession No. ML 11 0070348). | ||
The licensee's proposed Implementation Schedule for the CSP identified completion dates and bases for the following eight milestones: | The licensee's proposed Implementation Schedule for the CSP identified completion dates and bases for the following eight milestones: | ||
: 1) Establish the Cyber Security Assessment Team (CSAT); 2) Identify Critical Systems (CSs) and Critical Digital Assets (CDAs); 3) Install a deterministic one-way device between lower level devices and higher level devices; | : 1) Establish the Cyber Security Assessment Team (CSAT); 2) Identify Critical Systems (CSs) and Critical Digital Assets (CDAs); 3) Install a deterministic one-way device between lower level devices and higher level devices; 4) Implement the security control "Access Control For Portable And Mobile Devices"; | ||
: 5) Implement observation and identification of obvious cyber related tampering to existing insider mitigation rounds; 6) Identify, document, and implement technical cyber security controls in accordance with "Mitigation of Vulnerabilities and Application of Cyber Security Controls" for CDAs that could adversely impact the design function of physical security target set equipment; | |||
: 5) Implement observation and identification of obvious cyber related tampering to existing insider mitigation rounds; 6) Identify, | |||
: 7) Commence ongoing monitoring and assessment activities for those target set CDAs whose security controls have been implemented; and 8) Fully implement the CSP. Currently, Milestone 8 of the CNP CSP requires the licensee to fully implement the plan by December 31, 2014. In its January 10, 2014, application, I&M proposed to change the Milestone 8 completion date to December 31, 2016. The licensee's application addressed the 8 criteria in the NRC's October 29, 2014, guidance memorandum. | : 7) Commence ongoing monitoring and assessment activities for those target set CDAs whose security controls have been implemented; and 8) Fully implement the CSP. Currently, Milestone 8 of the CNP CSP requires the licensee to fully implement the plan by December 31, 2014. In its January 10, 2014, application, I&M proposed to change the Milestone 8 completion date to December 31, 2016. The licensee's application addressed the 8 criteria in the NRC's October 29, 2014, guidance memorandum. | ||
The licensee provided the following information pertinent to each of the criteria identified in the NRC guidance memorandum. | The licensee provided the following information pertinent to each of the criteria identified in the NRC guidance memorandum. | ||
: 1) Identification of the specific requirement or requirements of the CSP that the licensee needs additional time to implement. | : 1) Identification of the specific requirement or requirements of the CSP that the licensee needs additional time to implement. | ||
The licensee stated that it needed additional time to implement Section 3.1 of the CSP "Analyzing Digital Computer Systems and Networks and applying Security Controls." | The licensee stated that it needed additional time to implement Section 3.1 of the CSP "Analyzing Digital Computer Systems and Networks and applying Security Controls." It further noted that there are ongoing issues that need resolution prior to completing implementation of Section 3.1. These include NRC and industry discussions about CDAs and security controls; CDA assessment work which is time and labor intensive; remediation activities which need to be carefully considered to ensure safety, security, and emergency preparedness (EP) functions are not impacted; change management challenges; and training for program requirements processes, and procedures. | ||
It further noted that there are ongoing issues that need resolution prior to completing implementation of Section 3.1. These include NRC and industry discussions about CDAs and security controls; CDA assessment work which is time and labor intensive; remediation activities which need to be carefully considered to ensure safety, security, and emergency preparedness (EP) functions are not impacted; change management challenges; and training for program requirements processes, and procedures. | |||
The NRC staff agrees that implementation of CSP Section 3.1 requires the extensive actions noted by the licensee. | The NRC staff agrees that implementation of CSP Section 3.1 requires the extensive actions noted by the licensee. | ||
The licensee also stated that the requirements of CSP Section 4, "Establishing, Implementing and Maintaining the Cyber Security Program" have not been fully developed and implemented. | The licensee also stated that the requirements of CSP Section 4, "Establishing, Implementing and Maintaining the Cyber Security Program" have not been fully developed and implemented. | ||
Line 111: | Line 81: | ||
: 8. These included: | : 8. These included: | ||
CDA assessments and plant modifications taking longer than expected; programmatic elements not being fully developed and implemented due to limited resources; and uncertainty concerning interpretation of security controls. | CDA assessments and plant modifications taking longer than expected; programmatic elements not being fully developed and implemented due to limited resources; and uncertainty concerning interpretation of security controls. | ||
CNP has approximately 2,850 CDAs between Units 1 and 2, which is a larger number than was originally anticipated at the beginning of the project. | CNP has approximately 2,850 CDAs between Units 1 and 2, which is a larger number than was originally anticipated at the beginning of the project. CNP initially misjudged the amount of time necessary to evaluate all controls for the number of CDAs installed as well as the amount of effort required to apply the security controls using the criteria specified in Section 3.1.6 of the CSP. The CNP will need to acquire more resources to manage the amount of work necessary for CDA assessments and control application. | ||
CNP initially misjudged the amount of time necessary to evaluate all controls for the number of CDAs installed as well as the amount of effort required to apply the security controls using the criteria specified in Section 3.1.6 of the CSP. The CNP will need to acquire more resources to manage the amount of work necessary for CDA assessments and control application. | Acquiring competent and skilled resources has been an extremely difficult and lengthy process. It is unknown what rework will be required once the security assessment tool is updated to reflect an acceptable security control interpretation. | ||
Acquiring competent and skilled resources has been an extremely difficult and lengthy process. | |||
It is unknown what rework will be required once the security assessment tool is updated to reflect an acceptable security control interpretation. | |||
New digital upgrades to plant systems have increased the assessment workload and have impacted the assessment completion date. Modifications to plant systems for security purposes have traditionally not been performed. | New digital upgrades to plant systems have increased the assessment workload and have impacted the assessment completion date. Modifications to plant systems for security purposes have traditionally not been performed. | ||
Application of security controls to industrial control systems is a process that is still being developed industry-wide and vendor familiarity with cyber regulatory requirements varies greatly. | Application of security controls to industrial control systems is a process that is still being developed industry-wide and vendor familiarity with cyber regulatory requirements varies greatly. Several digital upgrades at CNP have introduced challenges based on this lack of understanding resulting in added expense and delays. Each modification must be carefully analyzed to ensure no impact to plant operations and nuclear safety. 3) A proposed completion date for Milestone 8 consistent with the remaining scope of work to be conducted and the resources available. | ||
Several digital upgrades at CNP have introduced challenges based on this lack of understanding resulting in added expense and delays. Each modification must be carefully analyzed to ensure no impact to plant operations and nuclear safety. 3) A proposed completion date for Milestone 8 consistent with the remaining scope of work to be conducted and the resources available. | |||
The licensee proposed a project finish date of September 28, 2016, and a Milestone 8 completion date of December 31, 2016. The projected finish date is based on the number of CDAs, current staffing levels and the remaining scope of work. It further noted the revised completion date will help avoid costly rework that could result from the application of security controls. | The licensee proposed a project finish date of September 28, 2016, and a Milestone 8 completion date of December 31, 2016. The projected finish date is based on the number of CDAs, current staffing levels and the remaining scope of work. It further noted the revised completion date will help avoid costly rework that could result from the application of security controls. | ||
: 4) An evaluation of the impact that the additional time to implement the requirements will have on the effectiveness of the licensee's overall CSP in the context of milestones already completed. | : 4) An evaluation of the impact that the additional time to implement the requirements will have on the effectiveness of the licensee's overall CSP in the context of milestones already completed. | ||
The licensee indicated it was secure based on the cyber security implementation activities already completed and activities currently in progress. | The licensee indicated it was secure based on the cyber security implementation activities already completed and activities currently in progress. | ||
It then detailed the activities completed in each of the milestones 1 through 7 as well as Milestone 8 activities completed, in progress, and planned. | It then detailed the activities completed in each of the milestones 1 through 7 as well as Milestone 8 activities completed, in progress, and planned. 5) A description of the licensee's methodology for prioritizing completion of work for critical digital assets associated with significant safety consequences and with reactivity effects in the balance of plant. The licensee stated its methodology for prioritizing Milestone 8 activities is centered on considerations for safety, security, EP, and Balance of Plant (continuity of power) consequences. | ||
The methodology is based on defense-in-depth, installed configuration of the CDA, and susceptibility to five commonly identified threat vectors. Prioritization for CDA assessment begins with safety related CDAs and continues through lower priority non-safety and EP CDAs. 6) A discussion of the licensee's cyber security program performance up to the date of the license amendment request. The licensee stated that Milestone 1 through 7 activities provide a high degree of protection against cyber security related attacks. A Performance Assurance audit, a corporate security audit, and peer nuclear plant evaluations were conducted. | |||
The methodology is based on defense-in-depth, installed configuration of the CDA, and susceptibility to five commonly identified threat vectors. | |||
Prioritization for CDA assessment begins with safety related CDAs and continues through lower priority non-safety and EP CDAs. 6) A discussion of the licensee's cyber security program performance up to the date of the license amendment request. | |||
The licensee stated that Milestone 1 through 7 activities provide a high degree of protection against cyber security related attacks. | |||
A Performance Assurance audit, a corporate security audit, and peer nuclear plant evaluations were conducted. | |||
The NRC staff was concerned that the LAR did not fully address the results of all three quality assurance activities mentioned and issued a request for additional information (RAI) to the licensee on April 29, 2014 (ADAMS Accession No. ML 14113A305). | The NRC staff was concerned that the LAR did not fully address the results of all three quality assurance activities mentioned and issued a request for additional information (RAI) to the licensee on April 29, 2014 (ADAMS Accession No. ML 14113A305). | ||
The licensee responded by letter dated May 27, 2014 (ADAMS Accession No. ML 14150A442). | The licensee responded by letter dated May 27, 2014 (ADAMS Accession No. ML 14150A442). | ||
Line 134: | Line 97: | ||
Three actions were identified and two have been completed. | Three actions were identified and two have been completed. | ||
The third will be evaluated during the next self-assessment. | The third will be evaluated during the next self-assessment. | ||
The peer review was performed in September 2013 by Utilities Service Alliance peers. Four actions were identified and these were completed on December 26, 2013. 7) A discussion of cyber security issues pending in the licensee's corrective action program. | The peer review was performed in September 2013 by Utilities Service Alliance peers. Four actions were identified and these were completed on December 26, 2013. 7) A discussion of cyber security issues pending in the licensee's corrective action program. The licensee provided these examples of cyber security issues in its corrective action program: | ||
The licensee provided these examples of cyber security issues in its corrective action program: | |||
* Full Program (Milestone | * Full Program (Milestone | ||
: 8) implementation tracking | : 8) implementation tracking | ||
Line 141: | Line 103: | ||
* Operating experience impact evaluations | * Operating experience impact evaluations | ||
* Current and pending modifications | * Current and pending modifications | ||
* Issues identified in self assessments, peer evaluations, and Performance Assurance audits The licensee also provided a listing of cyber security issues in the corrective action program. | * Issues identified in self assessments, peer evaluations, and Performance Assurance audits The licensee also provided a listing of cyber security issues in the corrective action program. 8) A discussion of modifications completed to support the CSP and a discussion of pending cyber security modifications. | ||
The licensee provided a discussion of completed modifications and pending modifications. | The licensee provided a discussion of completed modifications and pending modifications. | ||
3.2 NRC Staff Evaluation The NRC staff has evaluated the licensee's application using the regulatory requirements and the guidance above. The staff finds that implementation of CSP Section 3.1 requires the extensive actions noted by the licensee. | 3.2 NRC Staff Evaluation The NRC staff has evaluated the licensee's application using the regulatory requirements and the guidance above. The staff finds that implementation of CSP Section 3.1 requires the extensive actions noted by the licensee. | ||
Line 152: | Line 113: | ||
The licensee stated its methodology for prioritization of work for CDAs follows the normal work management process that places the highest priority on apparent conditions adverse to quality in system, structure, and component design function and related factors such as safety risk and nuclear depth, as well as threats to continuity of electric power generation in the Balance-of-Plant. | The licensee stated its methodology for prioritization of work for CDAs follows the normal work management process that places the highest priority on apparent conditions adverse to quality in system, structure, and component design function and related factors such as safety risk and nuclear depth, as well as threats to continuity of electric power generation in the Balance-of-Plant. | ||
The NRC staff concludes that based on the large number of digital assets described above and the limited resources with the appropriate expertise to perform these activities, the licensee's methodology for prioritizing work on CDAs is appropriate. | The NRC staff concludes that based on the large number of digital assets described above and the limited resources with the appropriate expertise to perform these activities, the licensee's methodology for prioritizing work on CDAs is appropriate. | ||
The NRC staff concludes that the licensee's request to delay full implementation of its CSP until December 31, 2016, is reasonable for the following reasons: | The NRC staff concludes that the licensee's request to delay full implementation of its CSP until December 31, 2016, is reasonable for the following reasons: (i) the licensee's implementation of Milestones 1 through 7 provides mitigation for significant cyber attack vectors for the most significant CDAs as discussed in the staff evaluation above; (ii) the scope of the work required to come into full compliance with the CSP implementation schedule was much more complicated than anticipated and not reasonably foreseeable when the CSP implementation scheduled was originally developed; and (iii) the licensee has reasonably prioritized and scheduled the work required to come into full compliance with its CSP implementation schedule. | ||
(i) the licensee's implementation of Milestones 1 through 7 provides mitigation for significant cyber attack vectors for the most significant CDAs as discussed in the staff evaluation above; (ii) the scope of the work required to come into full compliance with the CSP implementation schedule was much more complicated than anticipated and not reasonably foreseeable when the CSP implementation scheduled was originally developed; and (iii) the licensee has reasonably prioritized and scheduled the work required to come into full compliance with its CSP implementation schedule. | |||
3.4 Revision to License Condition 2.D By letter dated January 10, 2014, the licensee proposed to modify Paragraph 2.D of Renewed FOL Nos. DPR-58 and DPR-74 for CNP, Units 1 and 2, respectively which provides a license condition to require the licensees to fully implement and maintain in effect all provisions of the NRC-approved CSP. The current license condition in Paragraph 2.D of Renewed FOL No. DPR-58 for CNP states, in part: The Indiana and Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission-approved Donald C. Cook Nuclear Plant Cyber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). | 3.4 Revision to License Condition 2.D By letter dated January 10, 2014, the licensee proposed to modify Paragraph 2.D of Renewed FOL Nos. DPR-58 and DPR-74 for CNP, Units 1 and 2, respectively which provides a license condition to require the licensees to fully implement and maintain in effect all provisions of the NRC-approved CSP. The current license condition in Paragraph 2.D of Renewed FOL No. DPR-58 for CNP states, in part: The Indiana and Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission-approved Donald C. Cook Nuclear Plant Cyber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). | ||
The Donald C. Cook Nuclear Plant CSP was approved by License Amendment No. 315 as supplemented by a change approved by License Amendment No. 319. The license condition in Paragraph 2.D of Renewed Operating License No. DPR-58 for CNP Unit 1 is modified as follows: | The Donald C. Cook Nuclear Plant CSP was approved by License Amendment No. 315 as supplemented by a change approved by License Amendment No. 319. The license condition in Paragraph 2.D of Renewed Operating License No. DPR-58 for CNP Unit 1 is modified as follows: The Indiana and Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission -approved Donald C. Cook Nuclear Plant Cyber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). | ||
The Indiana and Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission | The Donald C. Cook Nuclear Plant CSP was approved by License Amendment No. 315 as supplemented by changes approved by License Amendment Nos. 319 and 325. The current license condition in Paragraph 2.D of Renewed FOL No. DPR-74 for CNP states, in part: The Indiana and Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission -approved Donald C. Cook Nuclear Plant Cyber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). | ||
-approved Donald C. Cook Nuclear Plant Cyber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). | The Donald C. Cook Nuclear Plant CSP was approved by License Amendment No. 299 as supplemented by a change approved by License Amendment No. 303. The license condition in Paragraph 2.D of Renewed FOL No. DPR-74 for CNP, Unit No.2 is modified as follows: The Indiana and Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission -approved Donald C. Cook Nuclear Plant Cyber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). | ||
The Donald C. Cook Nuclear Plant CSP was approved by License Amendment No. 315 as supplemented by changes approved by License Amendment Nos. 319 and 325. The current license condition in Paragraph 2.D of Renewed FOL No. DPR-74 for CNP states, in part: The Indiana and Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission | |||
-approved Donald C. Cook Nuclear Plant Cyber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). | |||
The Donald C. Cook Nuclear Plant CSP was approved by License Amendment No. 299 as supplemented by a change approved by License Amendment No. 303. The license condition in Paragraph 2.D of Renewed FOL No. DPR-74 for CNP, Unit No.2 is modified as follows: | |||
The Indiana and Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission | |||
-approved Donald C. Cook Nuclear Plant Cyber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). | |||
The Donald C. Cook Nuclear Plant CSP was approved by License Amendment No. 299 as supplemented by changes approved by License Amendment Nos. 303 and 308. 4.0 REGULATORY COMMITMENTS By letter dated January 10, 2014, the licensee made the following regulatory commitment: | The Donald C. Cook Nuclear Plant CSP was approved by License Amendment No. 299 as supplemented by changes approved by License Amendment Nos. 303 and 308. 4.0 REGULATORY COMMITMENTS By letter dated January 10, 2014, the licensee made the following regulatory commitment: | ||
Full implementation of CNP Cyber Security Plan for all safety, security, and emergency preparedness functions will be achieved. | Full implementation of CNP Cyber Security Plan for all safety, security, and emergency preparedness functions will be achieved. | ||
Line 171: | Line 126: | ||
In accordance with the Commission's regulations, the Michigan State official was notified of the proposed issuance of the amendments. | In accordance with the Commission's regulations, the Michigan State official was notified of the proposed issuance of the amendments. | ||
The State official had no comments. | The State official had no comments. | ||
5.1 ENVIRONMENTAL CONSIDERATION This is an amendment of a 10 CFR Part 50 license that relates solely to safeguards matters and does not involve any significant construction impacts. | 5.1 ENVIRONMENTAL CONSIDERATION This is an amendment of a 10 CFR Part 50 license that relates solely to safeguards matters and does not involve any significant construction impacts. This amendment is an administrative change to extend the date by which the licensee must have its cyber security plan fully implemented. | ||
This amendment is an administrative change to extend the date by which the licensee must have its cyber security plan fully implemented. | |||
Accordingly, this amendment meets the eligibility criteria for categorical exclusion set forth in 10 CFR 51.22(c)(12). | Accordingly, this amendment meets the eligibility criteria for categorical exclusion set forth in 10 CFR 51.22(c)(12). | ||
Pursuant to 10 CFR 51.22(b), | Pursuant to 10 CFR 51.22(b), no environmental impact statement or environmental assessment need be prepared in connection with the issuance of this amendment. | ||
no environmental impact statement or environmental assessment need be prepared in connection with the issuance of this amendment. | |||
==6.0 CONCLUSION== | ==6.0 CONCLUSION== | ||
Line 184: | Line 137: | ||
==Enclosures:== | ==Enclosures:== | ||
: 1. Amendment No. 325 to DPR-58 2. Amendment No. 308 to DPR-7 4 3. Safety Evaluation cc w/encls: | : 1. Amendment No. 325 to DPR-58 2. Amendment No. 308 to DPR-7 4 3. Safety Evaluation cc w/encls: Distribution via ListServ DISTRIBUTION: | ||
Distribution via ListServ DISTRIBUTION: | PUBLIC LPL3-1 r/f RidsNrrDorllpl3-1 Resource RidsNrrPMDCCook Resource RidsNrrLAMHenderson Resource RidsOgcRp Resource RidsAcrsAcnw_MaiiCTR Resource RidsNrrDirsltsb Resource RidsNrrDoriDprResource RidsRgn3MaiiCenter Resource JRycyna, NSIR/CSD Sincerely, IRA/ Mahesh Chawla, Project Manager Plant Licensing Branch 111-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation ADAMS Accession No: ML 14317A551 OFFICE NRR/LPL3-1/PM NRR/LPL3-1/LA NSIR/CSD/D NAME MChawla MHenderson JRycyna for RFelts DATE 12/16/2014 12/18/2014 12/15/2014 OFFICE OGC NRR/LPL3-1/BC NRR/LPL3-1/PM NAME LSCiark DPelton MChawla DATE 12/15/2014 12/18/2014 12/18/2014 OFFICIAL RECORD COPY}} | ||
PUBLIC LPL3-1 r/f RidsNrrDorllpl3-1 Resource RidsNrrPMDCCook Resource RidsNrrLAMHenderson Resource RidsOgcRp Resource RidsAcrsAcnw_MaiiCTR Resource RidsNrrDirsltsb Resource RidsNrrDoriDprResource RidsRgn3MaiiCenter Resource | |||
Revision as of 10:17, 9 July 2018
ML14317A551 | |
Person / Time | |
---|---|
Site: | Cook |
Issue date: | 12/18/2014 |
From: | Chawla M L Plant Licensing Branch III |
To: | Weber L J Indiana Michigan Power Co |
Chawla M L | |
References | |
TAC MF3363, TAC MF3364 | |
Download: ML14317A551 (19) | |
Text
Mr. Lawrence J. Weber Senior Vice President and Chief Nuclear Officer UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 December 18, 2014 Indiana Michigan Power Company Nuclear Generation Group One Cook Place Bridgman, Ml 49106
SUBJECT:
DONALD C. COOK NUCLEAR PLANT, UNITS 1 AND 2 -ISSUANCE OF AMENDMENTS RE: CYBER SECURITY IMPLEMENTATION SCHEDULE (TAC NOS. MF3363 AND MF3364)
Dear Mr. Weber:
The U.S. Nuclear Regulatory Commission (NRC) has issued the enclosed Amendment No. 325 to Renewed Facility Operating License No. DPR-58 and Amendment No. 308 to Renewed Facility Operating License No. DPR-74 for the Donald C. Cook Nuclear Plant (CNP), Units 1 and 2. The amendments consist of changes to the facility operating license in response to your application dated January 10, 2014, as supplemented by letter dated May 27, 2014. The amendments approve the revised schedule for full implementation of the cyber security plan (CSP) and revise Paragraph 2.D of Renewed Facility Operating License No. DPR-58 for CNP, Unit 1 and Paragraph 2.D of Renewed Facility Operating License No. DPR-74 for CNP, Unit 2. The CSP and associated implementation schedule for CNP, Units 1 and 2 were previously approved by NRC staff letter dated July 28, 2011, as supplemented by changes approved in a letter dated December 13, 2012. A copy of our related safety evaluation is also enclosed.
The Notice of Issuance will be included in the Commission's biweekly Federal Register notice. Docket Nos. 50-315 and 50-316
Enclosures:
- 1. Amendment No. 325 to DPR-58 2. Amendment No. 308 to DPR-74 3. Safety Evaluation cc w/encls: Distribution via ListServ Sincerely, Mahesh Chawla, Project Manager Plant Licensing Branch 111-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 INDIANA MICHIGAN POWER COMPANY DOCKET NO. 50-315 DONALD C. COOK NUCLEAR PLANT. UNIT 1 AMENDMENT TO RENEWED FACILITY OPERATING LICENSE Amendment No. 325 License No. DPR-58 1. The U.S. Nuclear Regulatory Commission (the Commission) has found that: A. The application for amendment by Indiana Michigan Power Company (the licensee) dated January 10, 2014, as supplemented by letter dated May 27, 2014, complies with the standards and requirements of the Atomic Energy Act of 1954, as amended (the Act), and the Commission's rules and regulations set forth in 10 CFR Chapter I; B. The facility will operate in conformity with the application, the provisions of the Act, and the rules and regulations of the Commission; C. There is reasonable assurance (i) that the activities authorized by this amendment can be conducted without endangering the health and safety of the public, and (ii) that such activities will be conducted in compliance with the Commission's regulations; D. The issuance of this amendment will not be inimical to the common defense and security or to the health and safety of the public; and E. The issuance of this amendment is in accordance with 10 CFR Part 51 of the Commission's regulations and all applicable requirements have been satisfied.
- 2. Accordingly, the license is amended by changes as indicated in the attachment to this license amendment, and Paragraph 2.D of Renewed Facility Operating License No. DPR-58 is hereby amended to read as follows: The Indiana and Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission-approved Donald C. Cook Nuclear Plant Cyber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p).
The Donald C. Cook Nuclear Plant CSP was approved by License Amendment No. 315 as supplemented by changes approved by License Amendment Nos. 319 and 325. Enclosure 1 3. This license amendment is effective as of its date of issuance and shall be implemented within 60 days from the date of issuance.
The full implementation of the CSP shall be in accordance with the implementation schedule submitted by the licensee on January 10, 2014, as supplemented by letter dated May 27, 2014, and approved by the NRC staff with this license amendment.
All subsequent changes to the NRC-approved CSP implementation schedule will require NRC approval pursuant to 10 CFR 50.90.
Attachment:
Changes to Renewed Operating License No. DPR-58 REGULATORY COMMISSION David L. Pelton, Chief Plant Licensing Branch 111-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Date of Issuance:
December 18, 2014 ATTACHMENT TO LICENSE AMENDMENT NO. 325 TO RENEWED FACILITY OPERATING LICENSE NO. DPR-58 DOCKET NO. 50-315 Replace the following page of the Renewed Facility Operating License No. DPR-58 with the attached revised page. The changed area is identified by a marginal line. REMOVE INSERT Page 9 Page 9 (19) Operation with Vacuum Fill: The licensee is authorized to operate the facility using Reactor Coolant System (RCS) vacuum fill operation in accordance with TS 3.4.3, "RCS Pressure and Temperature (Pff) Limits," with corresponding revisions to Figure 3.4.3-1, "Reactor Coolant System Pressure versus Temperature Limits -Heatup Limit, Criticality Limit, and Leak Test Limit (Applicable for service period up to 32 EFPY)," and Figure 3.4.3-2, "Reactor Coolant System Pressure versus Temperature Limits -Various Cooldown Rates Limits (Applicable for service period up to 32 EFPY)," as approved in License Amendment No. 323 to Renewed Facility Operating License No. DPR-58. This includes an approved extension to -14.7 pounds per square inch gage to bound the RCS conditions required to support vacuum fill operation.
The licensee shall submit an analysis of the Prr curves in Figures 3.4.3-1 and 3.4.3-2 within one year of the date of issuance of License Amendment No. 323, which demonstrates consideration of all ferritic reactor vessel materials as defined in Appendix G to 10 CFR Part 50, including non-beltline ferritic reactor vessel materials." D. Physical Protection The Indiana Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revision to 10 CFR 73.55 (51 FR 27817 and 27822), and the authority of 10 CFR 50.90 and 10 CFR 50.54(p).
The combined set of plans\ which contain Safeguards Information protected under 10 CFR 73.21, is entitled: "Donald C. Cook Nuclear Plant Security Plan, Training and Qualification Plan, and Safeguards Contingency Plan, Revision 1 ," submitted by letter dated May 10, 2006. The Indiana and Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission-approved Donald C. Cook Nuclear Plant Cyber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p).
The Donald C. Cook Nuclear Plant CSP was approved by License Amendment No. 315 as supplemented by changes approved by License Amendment Nos. 319 and 325. E. Deleted by Amendment No. 80 F. Deleted by Amendment No. 80 G. In all places of this renewed operating license, the reference to the Indiana and Michigan Electric Company is amended to read Indiana Michigan Power Company. H. Deleted by Amendment No. 287 1 The Training and Qualification Plan and Safeguards Contingency Plan are Appendices to the Security Plan Renewed License No. DPR-58 Amendment No. 325 UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 INDIANA MICHIGAN POWER COMPANY DOCKET NO. 50-316 DONALD C. COOK NUCLEAR PLANT. UNIT 2 AMENDMENT TO RENEWED FACILITY OPERATING LICENSE Amendment No. 308 License No. DPR-74 1. The U.S. Nuclear Regulatory Commission (the Commission) has found that: A. The application for amendment by Indiana Michigan Power Company (the licensee)
January 10, 2014, as supplemented by letter dated May 27, 2014, complies with the standards and requirements of the Atomic Energy Act of 1954, as amended (the Act), and the Commission's rules and regulations set forth in 10 CFR Chapter I; B. The facility will operate in conformity with the application, the provisions of the Act, and the rules and regulations of the Commission; C. There is reasonable assurance (i) that the activities authorized by this amendment can be conducted without endangering the health and safety of the public, and (ii) that such activities will be conducted in compliance with the Commission's regulations; D. The issuance of this amendment will not be inimical to the common defense and security or to the health and safety of the public, and E. The issuance of this amendment is in accordance with 10 CFR Part 51 of the Commission's regulations and all applicable requirements have been satisfied.
- 2. Accordmgly, the license is amended by changes as indicated in the attachment to this license amendment, and Paragraph 2.D of Renewed Facility Operating License No. DPR-7 4 is hereby amended to read as follows: The Indiana and Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission-approved Donald C. Cook Nuclear Plant Cyber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p).
The Donald C. Cook Nuclear Plant CSP was approv.ed by License Enclosure 2 Amendment No. 299 as supplemented by changes approved by License Amendment Nos. 303 and 308. 3. This license amendment is effective as of its date of issuance and shall be implemented within 60 days from the date of issuance.
The full implementation of the CSP shall be in accordance with the implementation schedule submitted by the licensee on January 10, 2014, as supplemented by letter dated May 27, 2014, and approved by the NRC staff with this license amendment.
All subsequent changes to the NRC-approved CSP implementation schedule will require NRC approval pursuant to 10 CFR 50.90.
Attachment:
Changes to Renewed Operating License No. DPR-74 FOR THE NUCLEAR REGULATORY COMMISSION
______ __ Plant Licensing Branch 111-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Date of Issuance:
December 18, 2014 ATTACHMENT TO LICENSE AMENDMENT NO. 308 TO RENEWED FACILITY OPERATING LICENSE NO. DPR-74 DOCKET NO. 50-316 Replace the following page of the Renewed Facility Operating License No. DPR-74 with the attached revised page. The changed area is identified by a marginal line. REMOVE INSERT Page 10 Page 10 (Ill) The first performance of the periodic measurement of CRE pressure, TS 5.5.16.d, shall be within 24 months, plus the 182 days allowed by SR 3.0.2, as measured from the date of the most recent successful pressure measurement test, or within 182 days if not performed previously. (gg) Operation with Vacuum Fill: The licensee is authorized to operate the facility using Reactor Coolant System (RCS) vacuum fill operation in accordance with TS 3.4.3, "RCS Pressure and Temperature (PIT) Limits," with corresponding revisions to Figure 3.4.3-1, "Reactor Coolant System Pressure versus Temperature Limits -Heatup Limit, Criticality Limit, and Leak Test Limit (Applicable for service period up to 32 EFPY)," and Figure 3.4.3-2, "Reactor Coolant System Pressure versus Temperature Limits -Various Cooldown Rates Limits (Applicable for service period up to 32 EFPY)," as approved in License Amendment No. 306 to Renewed Facility Operating License No. DPR-74. This includes an approved extension to -14.7 pounds per square inch gage to bound the RCS conditions required to support vacuum fill operation.
The licensee shall submit an analysis of the PIT curves in Figures 3.4.3-1 and 3.4.3-2 within one year of the date of issuance of License Amendment No. 306, which demonstrates consideration of all ferritic reactor vessel materials as defined in Appendix G to 10 CFR Part 50, including non-beltline ferritic reactor vessel materials." D. Physical Protection The Indiana Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822), and the authority of 10 CFR 50.90 and 10 CFR 50.54(p).
The combined set of plans\ which contain Safeguards Information protected under 10 CFR 73.21, is entitled: "Donald C. Cook Nuclear Plant Security Plan, Training and Qualification Plan, and Safeguards Contingency Plan, Revision 1 ," submitted by letter dated May 10, 2006. The Indiana and Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission-approved Donald C. Cook Nuclear Plant Cyber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p).
The Donald C. Cook Nuclear Plant CSP was approved by License Amendment No. 299 as supplemented by changes approved by License Amendment Nos. 303 and 308. E. Deleted by Amendment No. 63 F. In all places of this renewed operating license, the reference to the Indiana and Michigan Electric Company is amended to read Indiana Michigan Power Company. 1 The Training and Qualification Plan and Safeguards Contingency Plan are Appendices to the Security Plan Renewed License No. DPR-74 Amendment 308 UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 SAFETY EVALUATION BY THE OFFICE OF NUCLEAR REACTOR REGULATION RELATED TO AMENDMENT NO. 325 TO RENEWED FACILITY OPERATING LICENSE NO. DPR-58 AND AMENDMENT NO. 308 TO RENEWED FACILITY OPERATING LICENSE NO. DPR-74 INDIANA MICHIGAN POWER COMPANY DONALD C. COOK NUCLEAR PLANT, UNITS 1 AND 2 DOCKET NOS. 50-315 AND 50-316
1.0 INTRODUCTION
By application dated January 10, 2014 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML 14015A142), supplemented by letter dated May 27, 2014 (ADAMS Accession No. ML 14150A442), Indiana Michigan Power Company (I&M), (the licensee) requested a change to the Renewed Facility Operating License (FOL) for Donald C. Cook Nuclear Power Plant (CNP) Units 1 and 2. The proposed change would revise the date of the Cyber Security Plan (CSP) Implementation Schedule Milestone 8 and Paragraph 2.D in the Renewed FOL. Milestone 8 of the CSP Implementation Schedule concerns the full implementation of the CSP. Portions of the letter dated January 10, 2014, contain sensitive unclassified non-safeguards (security-related) information and, accordingly, those portions are withheld from public disclosure in accordance with Title 10 of the Code of Federal Regulations (1 0 CFR) 2.390(d)(1
). The supplemental letter dated May 27, 2014, provided additional information that clarified the application, did not expand the scope of the application as originally noticed, and did not change the staff's original proposed no significant hazards consideration determination as published in tne Federal Register on July 8, 2014 (79 FR 38579). 2.0 REGULATORY EVALUATION The U.S. Nuclear Regulatory Commission (NRC) staff reviewed and approved the licensee's existing CSP Implementation Schedule by CNP License Amendment No. 315 to Renewed FOL DPR-58 for Unit 1 and Amendment No. 299 to Renewed FOL DPR-74 for Unit 2 dated July 28, 2011 (ADAMS Accession No. ML 11182A 178), concurrent with the incorporation of the CSP into the facilities' current licensing bases. By letter dated January 10, 2014, as supplemented by letter dated May 27, 2014, the licensee requested to change Milestone 8 of Enclosure 3 the CSP Implementation Schedule.
The NRC staff considered the following regulatory requirements and guidance in its review of the January 10, 2014, license amendment request as supplemented by letter dated May 27, 2014, to modify the existing CSP Implementation Schedule:
- The regulation at Section 73.54, "Protection of digital computer and communication systems and networks," states, in part, each [CSP] submittal must include a proposed implementation schedule.
Implementation of the licensee's cyber security program must be consistent with the approved schedule.
- The licensee's Renewed FOL includes a license condition that requires the licensee to fully implement and maintain in effect all provisions of the Commission-approved CSP.
- Review criteria provided by the NRC staff's internal memorandum, "Review Criteria for Title 10 of the Code of Federal Regulations Part 73.54, Cyber Security Implementation Schedule Milestone 8 License Amendment Requests," dated October 24, 2013 (ADAMS Accession No. ML 13295A467), to be considered for evaluating licensees' requests to postpone their cyber security program implementation date (commonly known as Milestone 8). The NRC staff does not regard the CSP milestone implementation dates as regulatory commitments that can be changed unilaterally by the licensee, particularly in light of the regulatory requirement at 10 CFR 73.54, that "[i]mplementation of the licensee's cyber security program must be consistent with the approved schedule." As the NRC staff explained in its letter to all operating reactor licensees dated May 9, 2011 (ADAMS Accession No. ML 11 0980538), the implementation of the plan, including the key intermediate milestone dates and the full implementation date shall be in accordance with the Implementation Schedule submitted by the licensee and approved by the NRC. All subsequent changes to the approved CSP Implementation Schedule, thus, will require prior NRC approval as required by 10 CFR 50.90. 3.0 TECHNICAL EVALUATION 3.1 Licensee's Requested Change The NRC staff issued Amendment No. 315 to Renewed FOL, DPR-58 for CNP Unit 1 on July 28, 2011, and Amendment No. 299 to Renewed FOL, DPR-74 for CNP Unit 2 on July 28, 2011 (ADAMS Accession No. ML 11182A178).
The staff also approved the licensee's CSP Implementation Schedule, as discussed in the safety evaluation issued with the amendments.
The Implementation Schedule had been submitted by the licensee based on a template prepared by the Nuclear Energy Institute (NEI), which the NRC staff found acceptable for licensees to use to develop their CSP Implementation Schedules (ADAMS Accession No. ML 11 0070348).
The licensee's proposed Implementation Schedule for the CSP identified completion dates and bases for the following eight milestones:
- 1) Establish the Cyber Security Assessment Team (CSAT); 2) Identify Critical Systems (CSs) and Critical Digital Assets (CDAs); 3) Install a deterministic one-way device between lower level devices and higher level devices; 4) Implement the security control "Access Control For Portable And Mobile Devices";
- 5) Implement observation and identification of obvious cyber related tampering to existing insider mitigation rounds; 6) Identify, document, and implement technical cyber security controls in accordance with "Mitigation of Vulnerabilities and Application of Cyber Security Controls" for CDAs that could adversely impact the design function of physical security target set equipment;
- 7) Commence ongoing monitoring and assessment activities for those target set CDAs whose security controls have been implemented; and 8) Fully implement the CSP. Currently, Milestone 8 of the CNP CSP requires the licensee to fully implement the plan by December 31, 2014. In its January 10, 2014, application, I&M proposed to change the Milestone 8 completion date to December 31, 2016. The licensee's application addressed the 8 criteria in the NRC's October 29, 2014, guidance memorandum.
The licensee provided the following information pertinent to each of the criteria identified in the NRC guidance memorandum.
- 1) Identification of the specific requirement or requirements of the CSP that the licensee needs additional time to implement.
The licensee stated that it needed additional time to implement Section 3.1 of the CSP "Analyzing Digital Computer Systems and Networks and applying Security Controls." It further noted that there are ongoing issues that need resolution prior to completing implementation of Section 3.1. These include NRC and industry discussions about CDAs and security controls; CDA assessment work which is time and labor intensive; remediation activities which need to be carefully considered to ensure safety, security, and emergency preparedness (EP) functions are not impacted; change management challenges; and training for program requirements processes, and procedures.
The NRC staff agrees that implementation of CSP Section 3.1 requires the extensive actions noted by the licensee.
The licensee also stated that the requirements of CSP Section 4, "Establishing, Implementing and Maintaining the Cyber Security Program" have not been fully developed and implemented.
Prioritization has been on Section 3 which forms the basis for execution of Section 4. 2) Detailed justification that describes the reason the licensee requires additional time to implement the specific requirement or requirements identified.
The licensee stated it had a project team of eight full-time-equivalent (FTE) staff including two with certified information systems security professional certifications.
The licensee noted the large number of CDAs at CNP, 2850. It also noted the factors contributing to significant challenges with full implementation of Milestone
- 8. These included:
CDA assessments and plant modifications taking longer than expected; programmatic elements not being fully developed and implemented due to limited resources; and uncertainty concerning interpretation of security controls.
CNP has approximately 2,850 CDAs between Units 1 and 2, which is a larger number than was originally anticipated at the beginning of the project. CNP initially misjudged the amount of time necessary to evaluate all controls for the number of CDAs installed as well as the amount of effort required to apply the security controls using the criteria specified in Section 3.1.6 of the CSP. The CNP will need to acquire more resources to manage the amount of work necessary for CDA assessments and control application.
Acquiring competent and skilled resources has been an extremely difficult and lengthy process. It is unknown what rework will be required once the security assessment tool is updated to reflect an acceptable security control interpretation.
New digital upgrades to plant systems have increased the assessment workload and have impacted the assessment completion date. Modifications to plant systems for security purposes have traditionally not been performed.
Application of security controls to industrial control systems is a process that is still being developed industry-wide and vendor familiarity with cyber regulatory requirements varies greatly. Several digital upgrades at CNP have introduced challenges based on this lack of understanding resulting in added expense and delays. Each modification must be carefully analyzed to ensure no impact to plant operations and nuclear safety. 3) A proposed completion date for Milestone 8 consistent with the remaining scope of work to be conducted and the resources available.
The licensee proposed a project finish date of September 28, 2016, and a Milestone 8 completion date of December 31, 2016. The projected finish date is based on the number of CDAs, current staffing levels and the remaining scope of work. It further noted the revised completion date will help avoid costly rework that could result from the application of security controls.
- 4) An evaluation of the impact that the additional time to implement the requirements will have on the effectiveness of the licensee's overall CSP in the context of milestones already completed.
The licensee indicated it was secure based on the cyber security implementation activities already completed and activities currently in progress.
It then detailed the activities completed in each of the milestones 1 through 7 as well as Milestone 8 activities completed, in progress, and planned. 5) A description of the licensee's methodology for prioritizing completion of work for critical digital assets associated with significant safety consequences and with reactivity effects in the balance of plant. The licensee stated its methodology for prioritizing Milestone 8 activities is centered on considerations for safety, security, EP, and Balance of Plant (continuity of power) consequences.
The methodology is based on defense-in-depth, installed configuration of the CDA, and susceptibility to five commonly identified threat vectors. Prioritization for CDA assessment begins with safety related CDAs and continues through lower priority non-safety and EP CDAs. 6) A discussion of the licensee's cyber security program performance up to the date of the license amendment request. The licensee stated that Milestone 1 through 7 activities provide a high degree of protection against cyber security related attacks. A Performance Assurance audit, a corporate security audit, and peer nuclear plant evaluations were conducted.
The NRC staff was concerned that the LAR did not fully address the results of all three quality assurance activities mentioned and issued a request for additional information (RAI) to the licensee on April 29, 2014 (ADAMS Accession No. ML 14113A305).
The licensee responded by letter dated May 27, 2014 (ADAMS Accession No. ML 14150A442).
The licensee's response indicated that the corporate security audit was an information gathering activity with results consistent with expectations based on implementation of controls for milestones 1 through 7 only. The self-assessment of CSP milestones 1 through 7 was performed in March 2013 and found that CNP has met the requirements of those milestones from the CSP Implementation Schedule.
Strengths with the CSAT were identified.
No nuclear safety or human performance issues were identified.
Three actions were identified and two have been completed.
The third will be evaluated during the next self-assessment.
The peer review was performed in September 2013 by Utilities Service Alliance peers. Four actions were identified and these were completed on December 26, 2013. 7) A discussion of cyber security issues pending in the licensee's corrective action program. The licensee provided these examples of cyber security issues in its corrective action program:
- Full Program (Milestone
- 8) implementation tracking
- Issues and improvements for cyber security program aspects which have been implemented
- Operating experience impact evaluations
- Current and pending modifications
- Issues identified in self assessments, peer evaluations, and Performance Assurance audits The licensee also provided a listing of cyber security issues in the corrective action program. 8) A discussion of modifications completed to support the CSP and a discussion of pending cyber security modifications.
The licensee provided a discussion of completed modifications and pending modifications.
3.2 NRC Staff Evaluation The NRC staff has evaluated the licensee's application using the regulatory requirements and the guidance above. The staff finds that implementation of CSP Section 3.1 requires the extensive actions noted by the licensee.
The staff recognizes that CDA assessment work is much more complex and resource intensive than originally anticipated, in part due to the NRC expanding the scope of the cyber security requirements to include balance of plant. As a result, the licensee has a large number of additional tasks not originally considered when developing its CSP Implementation Schedule.
The staff finds that the licensee's request for additional time to implement Milestone 8 is reasonable given the unanticipated complexity and scope of the work required to come into full compliance with its CSP. The licensee indicated that completion of the activities associated with the CSP, as described in Milestones 1 through 7 and completed prior to December 31, 2012, provide a high degree of protection to ensure that the most significant digital computer and communication systems and networks are adequately protected against cyber attacks during implementation of the remainder of the program by the proposed Milestone 8 date of December 31, 2016. It detailed activities completed for each milestone and noted that several elements of Milestone 8 have already been implemented.
It provided details about the completed milestones and elements.
The NRC staff concludes that the licensee's implementation of milestones 1 through 7 mitigates significant attack vectors for the most significant CDAs and that completion of implementation of Milestone 8, full implementation of the CSP, by December 31, 2016, will provide adequate protection of the public health and safety and the common defense and security.
3.3 Technical Evaluation Conclusion The licensee proposed a Milestone 8 completion date of December 31, 2016. The licensee stated that changing the completion date of Milestone 8 allows for designing and planning for security features to fully implement the security controls required by the CSP. It also allows for activities that require a refueling outage for implementation.
The licensee stated its methodology for prioritization of work for CDAs follows the normal work management process that places the highest priority on apparent conditions adverse to quality in system, structure, and component design function and related factors such as safety risk and nuclear depth, as well as threats to continuity of electric power generation in the Balance-of-Plant.
The NRC staff concludes that based on the large number of digital assets described above and the limited resources with the appropriate expertise to perform these activities, the licensee's methodology for prioritizing work on CDAs is appropriate.
The NRC staff concludes that the licensee's request to delay full implementation of its CSP until December 31, 2016, is reasonable for the following reasons: (i) the licensee's implementation of Milestones 1 through 7 provides mitigation for significant cyber attack vectors for the most significant CDAs as discussed in the staff evaluation above; (ii) the scope of the work required to come into full compliance with the CSP implementation schedule was much more complicated than anticipated and not reasonably foreseeable when the CSP implementation scheduled was originally developed; and (iii) the licensee has reasonably prioritized and scheduled the work required to come into full compliance with its CSP implementation schedule.
3.4 Revision to License Condition 2.D By letter dated January 10, 2014, the licensee proposed to modify Paragraph 2.D of Renewed FOL Nos. DPR-58 and DPR-74 for CNP, Units 1 and 2, respectively which provides a license condition to require the licensees to fully implement and maintain in effect all provisions of the NRC-approved CSP. The current license condition in Paragraph 2.D of Renewed FOL No. DPR-58 for CNP states, in part: The Indiana and Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission-approved Donald C. Cook Nuclear Plant Cyber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p).
The Donald C. Cook Nuclear Plant CSP was approved by License Amendment No. 315 as supplemented by a change approved by License Amendment No. 319. The license condition in Paragraph 2.D of Renewed Operating License No. DPR-58 for CNP Unit 1 is modified as follows: The Indiana and Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission -approved Donald C. Cook Nuclear Plant Cyber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p).
The Donald C. Cook Nuclear Plant CSP was approved by License Amendment No. 315 as supplemented by changes approved by License Amendment Nos. 319 and 325. The current license condition in Paragraph 2.D of Renewed FOL No. DPR-74 for CNP states, in part: The Indiana and Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission -approved Donald C. Cook Nuclear Plant Cyber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p).
The Donald C. Cook Nuclear Plant CSP was approved by License Amendment No. 299 as supplemented by a change approved by License Amendment No. 303. The license condition in Paragraph 2.D of Renewed FOL No. DPR-74 for CNP, Unit No.2 is modified as follows: The Indiana and Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission -approved Donald C. Cook Nuclear Plant Cyber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p).
The Donald C. Cook Nuclear Plant CSP was approved by License Amendment No. 299 as supplemented by changes approved by License Amendment Nos. 303 and 308. 4.0 REGULATORY COMMITMENTS By letter dated January 10, 2014, the licensee made the following regulatory commitment:
Full implementation of CNP Cyber Security Plan for all safety, security, and emergency preparedness functions will be achieved.
Scheduled Completion Date: December 31, 2016 The above stated commitment is consistent with the revised Milestone 8 implementation date proposed by the licensee and evaluated by the NRC staff.
5.0 STATE CONSULTATION
In accordance with the Commission's regulations, the Michigan State official was notified of the proposed issuance of the amendments.
The State official had no comments.
5.1 ENVIRONMENTAL CONSIDERATION This is an amendment of a 10 CFR Part 50 license that relates solely to safeguards matters and does not involve any significant construction impacts. This amendment is an administrative change to extend the date by which the licensee must have its cyber security plan fully implemented.
Accordingly, this amendment meets the eligibility criteria for categorical exclusion set forth in 10 CFR 51.22(c)(12).
Pursuant to 10 CFR 51.22(b), no environmental impact statement or environmental assessment need be prepared in connection with the issuance of this amendment.
6.0 CONCLUSION
The Commission has concluded, based on the considerations discussed above, that: (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner, (2) there is reasonable assurance that such activities will be conducted in compliance with the Commission's regulations, and (3) the issuance of the amendments will not be inimical to the common defense and security or to the health and safety of the public. Principal Contributor:
John Rycyna, NSIR/CSD Date:December 18, 2014 A copy of our related safety evaluation is also enclosed.
The Notice of Issuance will be included in the Commission's biweekly Federal Register notice. Docket Nos. 50-315 and 50-316
Enclosures:
- 1. Amendment No. 325 to DPR-58 2. Amendment No. 308 to DPR-7 4 3. Safety Evaluation cc w/encls: Distribution via ListServ DISTRIBUTION:
PUBLIC LPL3-1 r/f RidsNrrDorllpl3-1 Resource RidsNrrPMDCCook Resource RidsNrrLAMHenderson Resource RidsOgcRp Resource RidsAcrsAcnw_MaiiCTR Resource RidsNrrDirsltsb Resource RidsNrrDoriDprResource RidsRgn3MaiiCenter Resource JRycyna, NSIR/CSD Sincerely, IRA/ Mahesh Chawla, Project Manager Plant Licensing Branch 111-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation ADAMS Accession No: ML 14317A551 OFFICE NRR/LPL3-1/PM NRR/LPL3-1/LA NSIR/CSD/D NAME MChawla MHenderson JRycyna for RFelts DATE 12/16/2014 12/18/2014 12/15/2014 OFFICE OGC NRR/LPL3-1/BC NRR/LPL3-1/PM NAME LSCiark DPelton MChawla DATE 12/15/2014 12/18/2014 12/18/2014 OFFICIAL RECORD COPY