Text

Request for Approval of the Cyber Security Plan
	ML093360197
Person / Time
Site:	Palo Verde
Issue date:	11/23/2009
From:	Mims D C; Arizona Public Service Co
To:	; Document Control Desk, Office of Nuclear Reactor Regulation
References
	102-06098-DCM/DAF
	Download: ML093360197 (18)
	v • d • e

ENCLOSURES 2 AND 3 CONTAIN Security-Related Information -Withhold under 10 CFR 2.390 UPON SEPARATION THIS PAGE IS DECONTROLLED 10 CFR 50.90 LAMA subsidiary of Pinnacle West Capital Corporation Dwight C. Mims Mail Station 7605 Palo Verde Nuclear Vice President Tel. 623-393-5403 P.O. Box 52034 Generating Station Regulatory Affairs and Plant Improvement Fax 623-393-6077 Phoenix, Arizona 85072-2034 102-06098-DCM/DAF November 23, 2009 ATTN: Document Control Desk U.S. Nuclear Regulatory Commission Washington, DC 20555-0001

Dear Sirs:

Subject:

Palo Verde Nuclear Generating Station (PVNGS)Units 1, 2, and 3 Docket Nos. STN 50-528, 50-529, and 50-530 Request for Approval of the PVNGS Cyber Security Plan In accordance with the provisions of 10 CFR 50.4 and 50.90, APS is submitting a request for an amendment to the Facility Operating Licenses (FOL) for PVNGS Units 1, 2, and 3. This proposed amendment requests NRC approval of the PVNGS Cyber Security Plan, provides a Proposed Implementation Schedule, and adds a paragraph to the existing FOL Physical Protection license condition to require APS to fully implement and maintain in effect all provisions of the Commission approved Cyber Security Plan.Enclosure 1 provides an evaluation of the proposed change. Enclosure 1 also contains the following attachments:

Attachment 1 provides the existing FOL pages marked up to show the proposed change.Attachment 2 provides the proposed FOL changes in final typed format.Enclosure 2 provides a copy of the PVNGS Cyber Security Plan which is a stand alone document reflecting a fully implemented program that will be incorporated by reference into the PVNGS Physical Security Plan upon approval.

Enclosure 3 provides a copy of the PVNGS Cyber Security Plan Proposed Implementation Schedule.

APS requests that Enclosures 2 and 3, which contain security sensitive information, be withheld from public disclosure in accordance with 10 CFR 2.390.ENCLOSURES 2 AND 3 CONTAIN Security-Related Information -Withhold under 10 CFR 2.390 UPON SEPARATION THIS PAGE IS DECONTROLLED A member of the STARS (Strategic Teaming and Resource Sharing) Alliance Callaway Comanche Peak

Diablo Canyon Palo Verde -San Onofre

South Texas

Wolf Creek j (7 ENCLOSURES 2 AND 3 CONTAIN Security-Related Information -Withhold under 10 CFR 2.390 UPON SEPARATION THIS PAGE IS DECONTROLLED ATTN: Document Control Desk U.S. Nuclear Regulatory Commission Request for Approval of the PVNGS Cyber Security Plan Page 2 APS requests an FOL implementation period of 90 days following NRC approval of the license amendment.

In accordance with the PVNGS Quality Assurance Program, the Plant Review Board and the Offsite Safety Review Committee have reviewed and concurred with this proposed amendment.

By copy of this letter, this submittal is being forwarded to the Arizona Radiation Regulatory Agency (ARRA) pursuant to 10 CFR 50.91 (b)(1).APS makes five commitments in this letter as stated in Enclosure

3. APS will manage these commitments in accordance with the APS internal commitment management process. Should you need further information regarding this request, please contact Russell A. Stroud, Licensing Section Leader, at (623) 393-5111.I declare under penalty of perjury that the foregoing is true and correct.Executed on (Date)Sincerely, DCM/RAS/DAF Enclosure 1 -Evaluation of Proposed Change Enclosure 2 -PVNGS Cyber Security Plan Enclosure 3 -PVNGS Cyber Security Plan Proposed Implementation Schedule cc: E. E. Collins Jr.J. R. Hall R. I. Treadway A. V. Godwin T. Morales NRC Region IV Regional Administrator NRC NRR Project Manager NRC Senior Resident Inspector for PVNGS Arizona Radiation Regulatory Agency (ARRA)Arizona Radiation Regulatory Agency (ARRA)ENCLOSURES 2 AND 3 CONTAIN Security-Related Information -Withhold under 10 CFR 2.390 UPON SEPARATION THIS PAGE IS DECONTROLLED ENCLOSURES 2 AND 3 CONTAIN Security-Related Information -Withhold under 10 CFR 2.390 UPON SEPARATION THIS PAGE IS DECONTROLLED ENCLOSURE 1 Evaluation of Proposed Change ENCLOSURES 2 AND 3 CONTAIN Security-Related Information -Withhold under 10 CFR 2.390 UPON SEPARATION THIS PAGE IS DECONTROLLED ENCLOSURES 2 AND 3 CONTAIN Security-Related Information -Withhold under 10 CFR 2.390 UPON SEPARATION THIS PAGE IS DECONTROLLED Enclosure 1 Evaluation of Proposed Change Evaluation of Proposed Change Request for Approval of the PVNGS Cyber Security Plan 1.0 2.0 3.0 4.0 4.1 4.2 4.3 5.0 6.0 Summary Description Detailed Description Technical Evaluation Regulatory Evaluation Applicable Regulatory Requirements

/ Criteria Significant Hazards Consideration Conclusions Environmental Consideration References ATTACHMENTS Attachment 1 -FOL Page Markups Attachment 2 -Retyped FOL Pages 1 ENCLOSURES 2 AND 3 CONTAIN Security-Related Information

-Withhold under 10 CFR 2.390 UPON SEPARATION THIS PAGE IS DECONTROLLED ENCLOSURES 2 AND 3 CONTAIN Security-Related Information -Withhold under 10 CFR 2.390 UPON SEPARATION THIS PAGE IS DECONTROLLED Enclosure I Evaluation of Proposed Change 1.0

SUMMARY

DESCRIPTION The proposed license amendment request (LAR) includes the proposed Palo Verde Nuclear Generating Station (PVNGS) Cyber Security Plan (Plan), a Proposed Implementation Schedule, and a proposed paragraph to be added to the existing Facility Operating License (FOL) Physical Protection license condition.

2.0 DETAILED

DESCRIPTION The proposed LAR includes three parts: the proposed Plan, a Proposed Implementation Schedule, and a proposed paragraph to be added to the existing FOL Physical Protection license condition to require APS to fully implement and maintain in effect all provisions of the Commission approved cyber security plan as required by 10 CFR 73.54. The regulations in 10 CFR 73.54, "Protection of digital computer and communication systems and networks," establish the requirements for a cyber security program. This regulation specifically requires each licensee currently licensed to operate a nuclear power plant under Part 50 to submit a cyber security plan that satisfies the requirements of the Rule. Each submittal must include a proposed implementation schedule and implementation of the licensee's cyber security program must be consistent with the approved schedule.

The background for this application is addressed by the NRC Notice of Availability published on March 27, 2009, 74 FR 13926 (Reference 1).3.0 TECHNICAL EVALUATION Reference 1 issued the final rule that amended 10 CFR Part 73. Cyber security requirements are codified in the new 10 CFR 73.54 and are designed to provide high assurance that digital computer and communication systems and networks are adequately protected against cyber attacks up to and including the design basis threat established by 10 CFR 73.1(a)(1)(v).

These requirements are substantial improvements upon the requirements imposed by NRC Order EA-02-026 (Reference 2).This LAR includes the proposed Plan (Enclosure

2) that is based on the template provided in NEI 08-09, Revision 3 (Reference 3). In addition, the LAR includes the proposed change to the existing FOL license condition for "Physical Protection" (Attachments 1 and 2). Finally, the LAR contains the Proposed Implementation Schedule (Enclosure

3) as required by 10 CFR 73.54.2 ENCLOSURES 2 AND 3 CONTAIN Security-Related Information -Withhold under 10 CFR 2.390 UPON SEPARATION THIS PAGE IS DECONTROLLED ENCLOSURES 2 AND 3 CONTAIN Security-Related Information -Withhold under 10 CFR 2.390 UPON SEPARATION THIS PAGE IS DECONTROLLED Enclosure I Evaluation of Proposed Change

4.0 REGULATORY EVALUATION

4.1 APPLICABLE

REGULATORY REQUIREMENTS

/ CRITERIA This LAR is submitted pursuant to 10 CFR 73.54 which requires licensees currently licensed to operate a nuclear power plant under 10 CFR Part 50 to submit a Cyber Security Plan as specified in 50.4 and 50.90.4.2 SIGNIFICANT HAZARDS CONSIDERATION APS has evaluated the proposed changes using the criteria in 10 CFR 50.92 and has determined that the proposed changes do not involve a significant hazards consideration.

An analysis of the issue of no significant hazards consideration is presented below: Criterion 1: The proposed change does not involve a significant increase in the probability or consequences of an accident previously evaluated.

The proposed change is required by 10 CFR 73.54 and includes three parts. The first part is the submittal of the Plan for NRC review and approval.

The Plan is based on the template provided in NEI 08-09, Revision 3 and provides a description of how the requirements of the Rule will be implemented at PVNGS. The Plan establishes the licensing basis for the PVNGS Cyber Security Program for PVNGS. The Plan establishes how to achieve high assurance that nuclear power plant digital computer and communication systems and networks associated with the following are adequately protected against cyber attacks up to and including the design basis threat: 1. Safety-related and important-to-safety functions, 2. Security functions, 3. Emergency preparedness functions including offsite communications, and 4. Support systems and equipment which, if compromised, would adversely impact safety, security, or emergency preparedness functions.

Part one of the proposed change is designed to achieve high assurance that the systems are protected from cyber attacks. The Plan itself does not require any plant modifications.

However, the Plan does describe how plant modifications which involve digital computer systems are reviewed to provide high assurance of adequate protection against cyber attacks, up to and including the design basis threat as defined in the Rule.The proposed change does not alter the plant configuration, require new plant equipment to be installed, alter accident analysis assumptions, add any initiators, or affect the function of plant systems or the manner in which systems are operated, maintained, modified, tested, or inspected.

The first part of the proposed change is 3 ENCLOSURES 2 AND 3 CONTAIN Security-Related Information -Withhold under 10 CFR 2.390 UPON SEPARATION THIS PAGE IS DECONTROLLED ENCLOSURES 2 AND 3 CONTAIN Security-Related Information

-Withhold under 10 CFR 2.390 UPON SEPARATION THIS PAGE IS DECONTROLLED Enclosure 1 Evaluation of Proposed Change designed to achieve high assurance that the systems within the scope of the Rule are protected from cyber attacks and has no impact on the probability or consequences of an accident previously evaluated.

The second part of the proposed change is a Proposed Implementation Schedule.

The third part adds a paragraph to the existing FOL license condition for Physical Protection.

Both of these changes are administrative and have no impact on the probability or consequences of an accident previously evaluated.

Therefore, it is concluded that this change does not involve a significant increase in the probability or consequences of an accident previously evaluated.

Criterion 2: The proposed change does not create the possibility of a new or different kind of accident from any accident previously evaluated.

The proposed change is required by 10 CFR 73.54 and includes three parts. The first part is the submittal of the Plan for NRC review and approval.

The Plan is based on the template provided by NEI 08-09, Revision 3 (Reference

3) and provides a description of how the requirements of the Rule will be implemented at PVNGS. The Plan establishes the licensing basis for the PVNGS Cyber Security Program for PVNGS. The Plan establishes how to achieve high assurance that nuclear power plant digital computer and communication systems and networks associated with the following are adequately protected against cyber attacks up to and including the design basis threat: 1. Safety-related and important-to-safety functions, 2. Security functions, 3. Emergency preparedness functions including offsite communications, and 4. Support systems and equipment which, if compromised, would adversely impact safety, security, or emergency preparedness functions.

Part one of the proposed change is designed to achieve high assurance that the systems within the scope of the Rule are protected from cyber attacks. The Plan itself does not require any plant modifications.

However, the Plan does describe how plant modifications involved digital computer systems are reviewed to provide high assurance of adequate protection against cyber attacks, up to and including the design basis threat defined in the Rule. The proposed change does not alter the plant configuration, require new plant equipment to be installed, alter accident analysis assumptions, add any initiators, or affect the function of plant systems or the manner in which systems are operated, maintained, modified, tested, or inspected.

The first part of the proposed change is designed to achieve high assurance that the systems within the scope of the 4 ENCLOSURES 2 AND 3 CONTAIN Security-Related Information -Withhold under 10 CFR 2.390 UPON SEPARATION THIS PAGE IS DECONTROLLED ENCLOSURES 2 AND 3 CONTAIN Security-Related Information -Withhold under 10 CFR 2.390 UPON SEPARATION THIS PAGE IS DECONTROLLED Enclosure 1 Evaluation of Proposed Change Rule are protected from cyber attacks and does not create the possibility of a new or different kind of accident from any previously evaluated.

The second part of the proposed change is a Proposed Implementation Schedule.

The third part adds a paragraph to the existing FOL license condition for Physical Protection.

Both of these changes are administrative and do not create the possibility of a new or different kind of accident from any previously evaluated.

Therefore, the proposed change does not create the possibility of a new or different kind of accident from any previously evaluated.

Criterion 3: The proposed change does not involve a significant reduction in a margin of safety.The proposed change is required by 10 CFR 73.54 and includes three parts. The first part is the submittal of the Plan for NRC review and approval.

The Plan is based on the template provided by NEI 08-09, Revision 3 (Reference

3) and provides a description of how the requirements of the Rule will be implemented at PVNGS. The Plan establishes the licensing basis for the PVNGS Cyber Security Program for PVNGS. The Plan establishes how to achieve high assurance that nuclear power plant digital computer and communication systems and networks associated with the following are adequately protected against cyber attacks up to and including the design basis threat: 1. Safety-related and important-to-safety functions, 2. Security functions, 3. Emergency preparedness functions including offsite communications, and 4. Support systems and equipment which, if compromised, would adversely impact safety, security, or emergency preparedness functions.

Part one of the proposed change is designed to achieve high assurance that the systems within the scope of the Rule are protected from cyber attacks. Plant safety margins are established through Limiting Conditions for Operation, Limiting Safety System Settings and Safety limits specified in the Technical Specifications.

Because there is no change to these established safety margins, the proposed change does not involve a significant reduction in a margin of safety.The second part of the proposed change is a Proposed Implementation Schedule.

The third part adds a paragraph to the existing FOL license condition for Physical Protection.

Both of these changes are administrative and do not involve a significant reduction in a margin of safety.5 ENCLOSURES 2 AND 3 CONTAIN Security-Related Information -Withhold under 10 CFR 2.390 UPON SEPARATION THIS PAGE IS DECONTROLLED ENCLOSURES 2 AND 3 CONTAIN Security-Related Information -Withhold under 10 CFR 2.390 UPON SEPARATION THIS PAGE IS DECONTROLLED Enclosure 1 Evaluation of Proposed Change Therefore, the proposed change does not involve a significant reduction in a margin of safety.Based on the above, APS concludes that the proposed change presents no significant hazards consideration under the standards set forth in 10 CFR 50.92(c), and accordingly, a finding of no significant hazards consideration is justified.

4.3 CONCLUSION

In conclusion, based on the considerations discussed above: (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner; (2) such activities will be conducted in compliance with the Commission's regulations; and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public.5.0 ENVIRONMENTAL CONSIDERATION The proposed amendment establishes the licensing basis for a Cyber Security Program for PVNGS and will be a part of the Physical Security Plan. This proposed amendment will not involve any significant construction impacts. Pursuant to 10 CFR 51.22(c)(1 2)no environmental impact statement or environmental assessment need be prepared in connection with the issuance of the amendment.

6.0 REFERENCES

1. Federal Register Notice, Final Rule 10 CFR Part 73, Power Reactor Security Requirements, published on March 27, 2009, 74 FR 13926.2. EA-02-026, Order Modifying Licenses, Safeguards and Security Plan Requirements, issued February 25, 2002.3. NEI 08-09, Revision 3, September 2009, "Cyber Security Plan for Nuclear Power Reactors." 6 ENCLOSURES 2 AND 3 CONTAIN Security-Related Information -Withhold under 10 CFR 2.390 UPON SEPARATION THIS PAGE IS DECONTROLLED ENCLOSURES 2 AND 3 CONTAIN Security-Related Information -Withhold under 10 CFR 2.390 UPON SEPARATION THIS PAGE IS DECONTROLLED ENCLOSURE 1, Attachment I FOL Page Markups FOL No. NPF-41 Page 7 FOL No. NPF-51 Page 8 FOL No. NPF-74 Page 5 ENCLOSURES 2 AND 3 CONTAIN Security-Related Information

-Withhold under 10 CFR 2.390 UPON SEPARATION THIS PAGE IS DECONTROLLED (c) Actions to minimize release to include consideration of: 1. Water spray scrubbing.

2. Dose to onsite responders.

D. The facility requires an exemption from Paragraph IIl.D.2(b)(ii) of Appendix J to 10 CFR Part 50 (Section 6.2.6, SSER 7). This exemption is authorized by law and will not endanger life or property or the common defense and security and is otherwise in the public interest.

This exemption is, therefore, hereby granted pursuant to 10 CFR 50.12. With the granting of this exemption, the facility will operate, to the extent authorized herein, in conformity with the application, as amended, the provisions of the Act, and the rules and regulations of the Commission.

E. The licensees shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p).

The combined set of plans, which contains Safeguards Information protected under 10 CFR 73.21, is entitled: "Palo Verde Nuclear Station Security Plan, Training and Qualification Plan, Safeguards Contingency Plan and Independent Spent Fuel Storage Installation Security Program Revision 3," submitted by letter dated May 16, 2006.The licensees shall fully implement and maintain in effect all provisions of the Commission-approved Palo Verde Nuclear Generating Station Cyber Security Plan submitted by letter dated November 23, 2009 including amendments made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p).

This plan is withheld from public disclosure in accordance with 10 CFR 2.390.F. Deleted G. The licenses shall have and maintain financial protection of such type and in such amounts as the Commission shall require in accordance with Section 170 of the Atomic Energy Act of 1954, as amended, to cover public liability claims; and Amendment No. 462 Revised by letter dated August 2, 2007 E. The licensees shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p).

The combined set of plans, which contains Safeguards Information protected under 10 CFR 73.21, is entitled: "Palo Verde Nuclear Station Security Plan, Training and Qualification Plan, Safeguards Contingency Plan and Independent Spent Fuel Storage Installation Security Program Revision 3," submitted by letter dated May 16, 2006.The licensees shall fully implement and maintain in effect all provisions of the Commission-approved Palo Verde Nuclear Generating Station Cyber Security Plan submitted by letter dated November 23, 2009 includingq amendments made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p).

This plan is withheld from public disclosure in accordance with 10 CFR 2.390.F. Deleted G. The licensees shall have and maintain financial protection of such type and in such amounts as the Commission shall require in accordance with Section 170 of the Atomic Energy Act of 1954, as amended, to cover public liability claims; and H. This license is effective as of the date of issuance and shall expire at midnight on April 24, 2026.FOR THE NUCLEAR REGULATORY COMMISSION Original Signed By Darrell G. Eisenhut, Acting Director Office of Nuclear Reactor Regulation Attachments:

1. [Requirements for Initial Mode 1 Entry] -Deleted 2. [Schedule for NUREG-0737, Sup. 1, Requirement (SPDS)] -Deleted 3. Appendix A -Technical Specifications

4. Appendix B Environmental Protection Plan 5. Appendix C Antitrust Conditions 6 Appendix D -[Additional Conditions]

-Deleted Date of Issuance:

April 24, 1986 Amendment No. 1-62 Revised by letter dated August 2, 2007 (b) Operations to mitigate fuel damage considering the following:

1. Protection and use of personnel assets.2. Communications.

3. Minimizing fire spread.4. Procedures for implementing integrated fire response strategy.5. Identification of readily-available pre-staged equipment.

6. Training on integrated fire response strategy.7. Spent fuel pool mitigation measures.(c) Actions to minimize release to include consideration of: 1. Water spray scrubbing.

2. Dose to onsite responders.

D. APS has previously been granted an exemption from Paragraph IIl.D.2(b)(ii) of Appendix J to 10 CFR Part 50. This exemption was previously granted in Facility Operating License NPF-65 pursuant to 10 CFR 50.12.With the granting of this exemption, the facility will operate, to the extent authorized herein, in conformity with the application, as amended, the provisions of the Act, and the rules and regulations of the Commission.

E. The licensees shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p).

The combined set of plans, which contains Safeguards Information protected under 10 CFR 73.21, is entitled: "Palo Verde Nuclear Station Security Plan, Training and Qualification Plan, Safeguards Contingency Plan and Independent Spent Fuel Storage Installation Security Program Revision 3," submitted by letter dated May 16, 2006.The licensees shall fully implement and maintain in effect all provisions of the Commission-approved Palo Verde Nuclear Generating Station Cyber Security Plan submitted by letter dated November 23. 2009 including amendments made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p).

This plan is withheld from public disclosure in accordance with 10 CFR 2.390.F. APS shall implement and maintain in effect all provisions of the approved fire protection program as described in the Final Safety analysis Report for the facility, as supplemented and amended, and as approved in the SER through Supplement 11, subject to the following provision:

Amendment No. 4-62 Revised by letter dated August 2, 2007 ENCLOSURES 2 AND 3 CONTAIN Security-Related Information -Withhold under 10 CFR 2.390 UPON SEPARATION THIS PAGE IS DECONTROLLED ENCLOSURE 1, Attachment 2 Retyped FOL Pages: FOL No. NPF-41 Page 7 FOL No. NPF-51 Page 8 FOL No. NPF-74 Pages 5, 6 ENCLOSURES 2 AND 3 CONTAIN Security-Related Information -Withhold under 10 CFR 2.390 UPON SEPARATION THIS PAGE IS DECONTROLLED (c) Actions to minimize release to include consideration of: 1. Water spray scrubbing.