nextera energv~ energ-7y, 41 · networks associated with emergency preparedness (ep) functions,...

NEXTeraENERG-7Y, 41

ARNOLD

SECURITY RELATED INFORMATIONWITHHOLD FROM PUBLIC DISCLOSURE UNDER 10 CFR 2.390

November 19, 2009 NG-09-063510 CRF 50.9010 CFR 50.4

U. S. Nuclear Regulatory CommissionATTN: Document Control DeskWashington, DC 20555-0001

Duane Arnold Energy CenterDocket No. 50-331License No. DPR-49

License Amendment Request (TSCR-121): Request for Approval of the Duane ArnoldEnerqy Center/NextEra EnerqV Duane Arnold, LLC Cyber Security Plan

In accordance with the provisions of 10 CFR 50.4 and 10 CFR 50.90, NextEra TM EnergyDuane Arnold, LLC (hereafter NextEra Energy Duane Arnold) is hereby submitting arequest for amendment to the Operating License (OL) for the Duane Arnold EnergyCenter (DAEC)/NextEra Energy Duane Arnold. This proposed amendment requestsNRC approval of the NextEra Energy Duane Arnold Cyber Security Plan, provides animplementation schedule, and adds a sentence to the existing OL Physical Protectionlicense condition to require NextEra Energy Duane Arnold to fully implement andmaintain in effect all provisions of the Commission approved Cyber Security Plan.

Enclosure 3 to this letter contains sensitive informationWithhold from public disclosure under 10 CFR 2.390.

Upon removal of Enclosure 3, this letter is decontrolled.

NextEra Energy Duane Arnold, LLC, 3277 DAEC Road, Palo, IA 52324

NEXTeraM

ENERGV~ """" ~ DUANE

ARNOLD

SECURITY RELATED INFORMATION WITHHOLD FROM PUBLIC DISCLOSURE UNDER 10 CFR 2.390

November 19, 2009

U. S. Nuclear Regulatory Commission ATTN: Document Control Desk Washington, DC 20555-0001

Duane Arnold Energy Center Docket No. 50-331 License No. DPR-49

NG-09-0635 10 CRF 50.90 10 CFR 50.4

License Amendment Request (TSCR-121): Request for Approval of the Duane Arnold Energy Center/NextEra Energy Duane Arnold, LLC Cyber Security Plan

In accordance with the provisions of 10 CFR 50.4 and 10 CFR 50.90, NextEra ™ Energy Duane Arnold, LLC (hereafter NextEra Energy Duane Arnold) is hereby submitting a request for amendment to the Operating License (OL) for the Duane Arnold Energy Center (DAEC)/NextEra Energy Duane Arnold. This proposed amendment requests NRC approval of the NextEra Energy Duane Arnold Cyber Security Plan, provides an implementation schedule, and adds a sentence to the existing OL Physical Protection license condition to require NextEra Energy Duane Arnold to fully implement and maintain in effect all provisions of the Commission approved Cyber Security Plan.

Enclosure 3 to this letter contains sensitive information Withhold from public disclosure under 10 CFR 2.390.


NextEra Energy Duane Arnold, LLC, 3277 DAEC Road, Palo, IA 52324

LMK

Cross-Out


Document Control DeskNG-09-0635 of 3

Enclosure 1 provides an evaluation of the proposed change and contains the followingattachments:

* Attachment 1 provides the existing OL page marked up to show the proposedchange.

* Attachment 2 provides the proposed OL changes in final typed format.

Enclosure 2 provides a copy of the DAEC/NextEra Energy Duane Arnold Cyber SecurityPlan Implementation Schedule.

Enclosure 3 provides a copy of the DAEC/NextEra Energy Duane Arnold, LLC CyberSecurity Plan which is a stand alone document that will be incorporated by reference intothe DAEC/NextEra Energy Duane Arnold Physical Security Plan after approval. NextEraEnergy Duane Arnold requests that Enclosure 3, which contains sensitive information, bewithheld from public disclosure in accordance with 10 CFR 2.390.

This application has been reviewed by the NextEra Energy Duane Arnold Onsite ReviewGroup. The proposed amendment presents no significant hazards consideration underthe standards set forth in 10 CFR 50.92(c). A copy of this submittal, along with the 10CFR 50.92 evaluation of "No Significant Hazards Consideration," is being forwarded toour appointed state official pursuant to 10 CFR 50.91.

NextEra Energy Duane Arnold requests an implementation period of 36 monthsfollowing NRC approval of the license amendment.

If you should have any questions or require additional information, please contact SteveCatron, Licensing Manager, at (319) 851-7234.

I declare under penalty of perjury that the foregoing is true and correct.

Executed on November 19, 2009.

Christopher R. CostanzoVice President, Duane Arnold Energy CenterNextEra Energy Duane Arnold, LLC




Document Control Desk NG-09-0635 Page 2 of 3

Enclosure 1 provides an evaluation of the proposed change and contains the following attachments:

• Attachment 1 provides the existing OL page marked up to show the proposed change.

• Attachment 2 provides the proposed OL changes in final typed format.

Enclosure 2 provides a copy of the DAEC/NextEra Energy Duane Arnold Cyber Security Plan Implementation Schedule.

Enclosure 3 provides a copy of the DAEC/NextEra Energy Duane Arnold, LLC Cyber Security Plan which is a stand alone document that will be incorporated by reference into the DAEC/NextEra Energy Duane Arnold Physical Security Plan after approval. NextEra Energy Duane Arnold requests that Enclosure 3, which contains sensitive information, be withheld from public disclosure in accordance with 10 CFR 2.390.

This application has been reviewed by the NextEra Energy Duane Arnold Onsite Review Group. The proposed amendment presents no significant hazards consideration under the standards set forth in 10 CFR 50.92(c). A copy of this submittal, along with the 10 CFR 50.92 evaluation of "No Significant Hazards Consideration," is being forwarded to our appointed state official pursuant to 10 CFR 50.91.

NextEra Energy Duane Arnold requests an implementation period of 36 months following NRC approval of the license amendment.

If you should have any questions or require additional information, please contact Steve Catron, Licensing Manager, at (319) 851-7234.

I declare under penalty of perjury that the foregoing is true and correct.

~Zi:&009 Christopher R. Costanzo Vice President, Duane Arnold Energy Center NextEra Energy Duane Arnold, LLC



LMK

Cross-Out


Document Control DeskNG-09-0635 of 3

Enclosure 1 - Evaluation of Proposed ChangeAttachment 1 - Proposed Facility Operating License Change (Mark-up)Attachment 2 - Proposed Facility Operating License Change (Re-typed)

Enclosure 2 - Cyber Security Plan Implementation ScheduleEnclosure 3 - DAEC/NextEra Energy Duane Arnold Cyber Security Plan

cc: Administrator, Region Ill, USNRCProject Manager, DAEC, USNRCResident Inspector, DAEC, USNRCD. McGhee (State of Iowa)




Document Control Desk NG-09-0635 Page 3 of 3

Enclosure 1 - Evaluation of Proposed Change Attachment 1 - Proposed Facility Operating License Change (Mark-up) Attachment 2 - Proposed Facility Operating License Change (Re-typed)

Enclosure 2 - Cyber Security Plan Implementation Schedule Enclosure 3 - DAEC/NextEra Energy Duane Arnold Cyber Security Plan

cc: Administrator, Region III, USNRC Project Manager, DAEC, USNRC Resident Inspector, DAEC, USNRC D. McGhee (State of Iowa)



LMK

Cross-Out

ENCLOSURE 1

EVALUATION OF PROPOSED CHANGE

SUBJECT: License Amendment Request (TSCR-121): Request for Approval of theDuane Arnold Energy Center/NextEra Energy Duane Arnold, LLC Cyber Security Plan

1.0 SUMMARY DESCRIPTION2.0 DETAILED DESCRIPTION3.0 TECHNICAL EVALUATION4.0 REGULATORY EVALUATION

4.1 APPLICABLE REGULATORY REQUIREMENTS/CRITERIA4.2 SIGNIFICANT HAZARDS CONSIDERATION4.3 CONCLUSION

5.0 ENVIRONMENTAL CONSIDERATION6.0 REFERENCES

ATTACHMENTS:Attachment 1 - PROPOSED FACILITY OPERATING LICENSE CHANGE (MARK-UP)Attachment 2 - PROPOSED FACILITY OPERATING LICENSE CHANGE (RE-TYPED)

ENCLOSURE 1

EVALUATION OF PROPOSED CHANGE !

SUBJECT: License Amendment Request (TSCR-121): Request for Approval of the Duane Arnold Energy Center/NextEra Energy Duane Arnold, LLC Cyber Security Plan

1.0 SUMMARY DESCRIPTION 2.0 DETAILED DESCRIPTION 3.0 TECHNICAL EVALUATION 4.0 REGULATORY EVALUATION

4.1 APPLICABLE REGULATORY REQUIREMENTS/CRITERIA 4.2 SIGNIFICANT HAZARDS CONSIDERATION 4.3 CONCLUSION

5.0 ENVIRONMENTAL CONSIDERATION 6.0 REFERENCES

ATTACHMENTS: Attachment 1 - PROPOSED FACILITY OPERATING LICENSE CHANGE (MARK-UP) Attachment 2 - PROPOSED FACILITY OPERATING LICENSE CHANGE (RE-TYPED)

NG-09-0635Enclosure 1Page 1 of 6

1.0 SUMMARY DESCRIPTION

The proposed license amendment request (LAR) includes the proposed DAEC/NextEraEnergy Duane Arnold Cyber Security Plan (Plan), an Implementation Schedule, and aproposed sentence to be added to the existing OL Physical Protection license condition.

2.0 DETAILED DESCRIPTION

The proposed LAR includes three parts: the proposed Plan, an Implementation* Schedule, and a proposed sentence to be added to the existing OL Physical Protection

license condition to require NextEra Energy Duane Arnold to fully implement andmaintain in effect all provisions of the Commission approved Cyber Security Plan asrequired by 10 CFR 73.54. Federal Register notice 74 FR 13926 issued the final rulethat amended 10 CFR Part 73. The regulations in 10 CFR 73.54, "Protection of digitalcomputer and communication systems and networks," establish the requirements for acyber security program. This regulation specifically requires each licensee currentlylicensed to operate a nuclear power plant under Part 50 of this chapter to submit acyber security plan that satisfies the requirements of the Rule. Each submittal mustinclude a proposed implementation schedule and implementation of the licensee's cybersecurity program must be consistent with the approved schedule. The background forthis application is addressed by the NRC Notice of Availability published on March 27,2009, 74 FR 13926 (Reference 1).

3.0 TECHNICAL EVALUATION

Federal Register notice 74 FR 13926 issued the final rule that amended 10 CFR Part73. Cyber security requirements are codified as new 10 CFR 73.54 and are designed toprovide high assurance that digital computer and communication systems and networksare adequately protected against cyber attacks up to and including the design basisthreat established by § 73.1(a)(1)(v). These requirements enhance upon therequirements imposed by EA-02-026 (Reference 2).

This LAR includes the proposed change to the existing OL license condition for "PhysicalProtection" (Attachments 1 and 2). In addition, the LAR contains the proposedImplementation Schedule (Enclosure 2) as required by 10 CFR 73.54. Finally, this LARincludes the proposed Plan (Enclosure 3) that conforms to the template provided in NEI08-09 Revision 3, with the following clarifications:

Emergency preparedness10 CFR 73.54 requires protecting digital computer and communication systems andnetworks associated with emergency preparedness (EP) functions, including offsitecommunications. The EP functions within the scope of the Plan are those functionswhich support implementation of the Risk Significant Planning Standards* (RSPSs) asdefined in NRC Inspection Manual Chapter 0609, Appendix B. The RSPSs are thesubset of EP Planning Standards, defined in 10 CFR50.47(b), which play the greatest

1.0 SUMMARY DESCRIPTION

NG-09-0635 Enclosure 1 Page 1 of 6

The proposed license amendment request (LAR) includes the proposed DAEC/NextEra Energy Duane Arnold Cyber Security Plan (Plan), an Implementation Schedule, and a proposed sentence to be added to the existing OL Physical Protection license condition.

2.0 DETAILED DESCRIPTION

The proposed LAR includes three parts: the proposed Plan, an Implementation • Schedule, and a proposed sentence to be added to the existing OL Physical Protection

license condition to require NextEra Energy Duane Arnold to fully implement and maintain in effect all provisions of the Commission approved Cyber Security Plan as required by 10 CFR 73.54. Federal Register notice 74 FR 13926 issued the final rule that amended 10 CFR Part 73. The regulations in 10 CFR 73.54, "Protection of digital computer and communication systems and networks," establish the requirements for a cyber security program. This regulation specifically requires each licensee currently licensed to operate a nuclear power plant under Part 50 of this chapter to submit a cyber security plan that satisfies the requirements of the Rule. Each submittal must include a proposed implementation schedule and implementation of the licensee's cyber security program must be consistent with the approved schedule. The background for this application is addressed by the NRC Notice of Availability published on March 27, 2009, 74 FR 13926 (Reference 1).

3.0 TECHNICAL EVALUATION

Federal Register notice 74 FR 13926 issued the final rule that amended 10 CFR Part 73. Cyber security requirements are codified as new 10 CFR 73.54 and are designed to provide high assurance that digital computer and communication systems and networks are adequately protected against cyber attacks up to and including the design basis threat established by § 73.1 (a)(1 )(v). These requirements enhance upon the requirements imposed by EA-02-026 (Reference 2).

This LAR includes the proposed change to the existing OL license condition for "Physical Protection" (Attachments 1 and 2). In addition, the LAR contains the proposed Implementation Schedule (Enclosure 2) as required by 10 CFR 73.54. Finally, this LAR includes the proposed Plan (Enclosure 3) that conforms to the template provided in NEI 08-09 Revision 3, with the following clarifications:

Emergency preparedness 10 CFR 73.54 requires protecting digital computer and communication systems and networks associated with emergency preparedness (EP) functions, including offsite communications. The EP functions within the scope of the Plan are those functions which support implementation of the Risk Significant Planning Standards* (RSPSs) as defined in NRC Inspection Manual Chapter 0609, Appendix B. The RSPSs are the subset of EP Planning Standards, defined in 10 CFR50.4 7(b), which play the greatest


role in protecting public health and safety. In terms of importance, this approach alignsthe selected EP functions with other system functions which are "Safety-Related" or"Important-to-Safety."

10 CFR 73.56(b)(ii) requires that any individual whose duties and responsibilities permitthe individual to take actions by electronic means, either on site or remotely, that couldadversely impact the licensee's emergency preparedness be subject to an accessauthorization program. However, some systems, or portions of systems, which performa RSPS-related EP function may be located in offsite locations not under the control ofthe licensee and/or not staffed by licensee personnel. Similarly, there may be systemcomponents that are normally installed, modified or maintained by non-licenseepersonnel (e.g., a telecommunications company technician, and employee of a Stateagency, etc.).

Therefore the systems, and portions of systems, to be protected from cyber attack inaccordance with 10 CFR 73.54(a)(1)(iii) must;

1. Perform a RSPS-related EP function, and

2. Be within the licensee's complete custody and control.

* The RSPSs are 10 CFR 50.47(b)(4), (5), (9), and (10), including the related sections of

Appendix E to 10 CFR Part 50. 10 CFR 50.47(b)(10) has two aspects that are ofdiffering risk-significance. Only the portion dealing with the development of protectiveaction recommendations (PARs) is integral to protection of public health and safety andis considered to be an RSPS.

Senior nuclear managementSenior nuclear management is defined as Vice President Nuclear Plant Support who isaccountable for nuclear plant security. The NEI 08-09 template defines this position asaccountable for nuclear plant operations. The position of Vice President Nuclear PlantSupport better reflects the duties and responsibilities of the NextEra Energy DuaneArnold Cyber Security Plan.

List of Critical SystemsNEI 08-09 Revision 3 template included a list of critical systems and included this list asTable 1. Table 1 is not included in this plan. These critical systems will be identifiedand evaluated during the cyber security assessment program development.

Section 2.2.6Changed reference from 73.54(g) to more appropriate reference of 73.54(b)(2).


role in protecting public health and safety. In terms of importance, this approach aligns the selected EP functions with other system functions which are "Safety-Related" or "Important-to-Safety."

1 0 CFR 73.56(b )(ii) requires that any individual whose duties and responsibilities permit the individual to take actions by electronic means, either on site or remotely, that could adversely impact the licensee's emergency preparedness be subject to an access authorization program. However, some systems, or portions of systems, which perform a RSPS-related EP function may be located in offsite locations not under the control of the licensee and/or not staffed by licensee personnel. Similarly, there may be system components that are normally installed, modified or maintained by non-licensee personnel (e.g., a telecommunications company technician, and employee of a State agency, etc.).

Therefore the systems, and portions of systems, to be protected from cyber attack in accordance with 10 CFR 73.54(a)(1 )(iii) must;

1. Perform a RSPS-related EP function, and 2. Be within the licensee's complete custody and control.

* The RSPSs are 10 CFR 50.47(b)(4), (5), (9), and (10), including the related sections of Appendix E to 10 CFR Part 50. 10 CFR 50.47(b)(10) has two aspects that are of differing risk~significance. Only the portion dealing with the development of protective action recommendations (PARs) is integral to protection of public health and safety and is considered to be an RSPS.

Senior nuclear management Senior nuclear management is defined as Vice President Nuclear Plant Support who is accountable for nuclear plant security. The NEI 08-09 template defines this position as accountable for nuclear plant operations. The position of Vice President Nuclear Plant Support better reflects the duties and responsibilities of the NextEra Energy Duane Arnold Cyber Security Plan.

List of Critical Systems NEI 08-09 Revision 3 template included a list of critical systems and included this list as Table 1. Table 1 is not included in this plan. These critical systems will be identified and evaluated during the cyber security assessment program development.

Section 2.2.6 Changed reference from 73.54(g) to more appropriate reference of 73.54(b )(2).


4.0 REGULATORY EVALUATION

4.1 APPLICABLE REGULATORY REQUIREMENTS/CRITERIA

This LAR is submitted pursuant to 10 CFR 73.54 which requires licensees currentlylicensed to operate a nuclear power plant under 10 CFR Part 50 to submit a CyberSecurity Plan as specified in 10 CFR 50.4 and 10 CFR 50.90.

4.2 SIGNIFICANT HAZARDS CONSIDERATION

NextEra Energy Duane Arnold has evaluated whether or not a significant hazardsconsideration is involved with the proposed amendment by focusing on the threestandards set forth in 10 CFR 50.92, "Issuance of amendment," as discussed below:

1. Does the proposed amendment involve a significant increase in the probability or

consequences of an accident previously evaluated?

Response: No.

The proposed change is required by 10 CFR 73.54 and includes three parts. The firstpart adds a sentence to the existing operating license condition for Physical Protection.The second part of the proposed change is an Implementation Schedule. Thesechanges are administrative and have no impact on the probability or consequences ofan accident previously evaluated.

The third part is the submittal of the Plan for NRC review and approval. The Planconforms to the template provided in NEI 08-09 Revision 3 (with clarifications presentedin this submittal) and provides a description of how the requirements of the Rule will beimplemented at DAEC. The Plan establishes the licensing basis for the DAEC/NextEraEnergy Duane Arnold Cyber Security Program. The Plan establishes how to achievehigh assurance that nuclear power plant digital computer and communication systemsand networks associated with the following are adequately protected against cyberattacks up to and including the design basis threat:

1. Safety-related and important-to-safety functions,2. Security functions,3. Emergency preparedness functions including offsite communications, and4. Support systems and equipment which if compromised, would adversely impact

safety, security, or emergency preparedness functions.

The Plan is designed to achieve high assurance that the systems are protected fromcyber attacks. The Plan describes how plant modifications which involve digitalcomputer systems are reviewed to provide high assurance of adequate protectionagainst cyber attacks, up to and including the design basis threat as defined in the Rule.The proposed change does not alter accident analysis assumptions, add any initiators,or affect the function of plant systems. The Plan is designed to achieve high assurance

4.0 REGULATORY EVALUATION

4.1 APPLICABLE REGULATORY REQUIREMENTS/CRITERIA


This LAR is submitted pursuant to 10 CFR 73.54 which requires licensees currently licensed to operate a nuclear power plant under 10 CFR Part 50 to submit a Cyber Security Plan as specified in 10 CFR 50.4 and 10 CFR 50.90.

4.2 SIGNIFICANT HAZARDS CONSIDERATION

NextEra Energy Duane Arnold has evaluated whether or not a significant hazards consideration is involved with the proposed amendment by focusing on the three standards set forth in 10 CFR 50.92, "Issuance of amendment," as discussed below:

1. Does the proposed amendment involve a significant increase in the probability or consequences of an accident previously evaluated?

Response: No.

The proposed change is required by 10 CFR 73.54 and includes three parts. The first part adds a sentence to the existing operating license condition for Physical Protection. The second part of the proposed change is an Implementation Schedule. These changes are administrative and have no impact on the probability or consequences of an accident previously evaluated.

The third part is the submittal of the Plan for NRC review and approval. The Plan conforms to the template provided in NEI 08-09 Revision 3 (with clarifications presented in this submittal) and provides a description of how the requirements of the Rule will be implemented at DAEC. The Plan establishes the licensing basis for the DAEC/NextEra Energy Duane Arnold Cyber Security Program. The Plan establishes how to achieve high assurance that nuclear power plant digital computer and communication systems and networks associated with the following are adequately protected against cyber attacks up to and including the design basis threat:

1. Safety-related and important-to-safety functions, 2. Security functions, 3. Emergency preparedness functions including offsite communications, and 4. Support systems and equipment which if compromised, would adversely impact


The Plan is designed to achieve high assurance that the systems are protected from cyber attacks. The Plan describes how plant modifications which involve digital computer systems are reviewed to provide high assurance of adequate protection against cyber attacks, up to and including the design basis threat as defined in the Rule. The proposed change does not alter accident analysis assumptions, add any initiators, or affect the function of plant systems. The Plan is designed to achieve high assurance


that the systems within the scope of the Rule are protected from cyber attacks and hasno impact on the probability or consequences of an accident previously evaluated.

2. Does the proposed amendment create the possibility of a new or different kind of

accident from any accident previously evaluated?

Response: No.

The proposed change is required by 10 CFR 73.54 and includes three parts. The firstpart adds a sentence to the existing OL license condition for Physical Protection. Thesecond part of the proposed change is an Implementation Schedule. Both of thesechanges are administrative and do not create the possibility of a new or different kind ofaccident from any previously evaluated.

The third part is the submittal of the Plan for NRC review and approval. The Planconforms to the template provided by NEI 08-09 Revision 3 (with clarificationspresented in this submittal) and provides a description of how the requirements of theRule will be implemented at DAEC. The Plan establishes the licensing basis for theNextEra Energy Duane Arnold Cyber Security Program. The Plan establishes how toachieve high assurance that nuclear power plant digital computer and communicationsystems and networks associated with the following are adequately protected againstcyber attacks up to and including the design basis threat:



The Plan is designed to achieve high assurance that the systems are protected fromcyber attacks. The Plan describes how plant modifications which involve digitalcomputer systems are reviewed to provide high assurance of adequate protectionagainst cyber attacks, up to and including the design basis threat as defined in the Rule.The proposed change does not alter accident analysis assumptions, add any initiators,or affect the function of plant systems. The Plan is designed to achieve high assurancethat the systems within the scope of the Rule are protected from cyber attacks and doesnot create the possibility of a new or different kind of accident from any previouslyevaluated.

3. Does the proposed amendment involve a significant reduction in a margin of safety?

Response: No.

The proposed change is required by 10 CFR 73.54 and includes three parts. The firstpart adds a sentence to the existing OL license condition for Physical Protection. Thesecond part of the proposed change is an Implementation Schedule. Both of these


that the systems within the scope of the Rule are protected from cyber attacks and has no impact on the probability or consequences of an accident previously evaluated.

2. Does the proposed amendment create the possibility of a new or different kind of accident from any accident previously evaluated?

Response: No.

The proposed change is required by 10 CFR 73.54 and includes three parts. The first part adds a sentence to the existing OL license condition for Physical Protection. The second part of the proposed change is an Implementation Schedule. Both of these changes are administrative and do not create the possibility of a new or different kind of accident from any previously evaluated.

The third part is the submittal of the Plan for NRC review and approval. The Plan conforms to the template provided by NEI 08-09 Revision 3 (with clarifications presented in this submittal) and provides a description of how the requirements of the Rule will be implemented at DAEC. The Plan establishes the licensing basis for the NextEra Energy Duane Arnold Cyber Security Program. The Plan establishes how to achieve high assurance that nuclear power plant digital computer and communication systems and networks associated with the following are adequately protected against cyber attacks up to and including the design basis threat:



The Plan is designed to achieve high assurance that the systems are protected from cyber attacks. The Plan describes how plant modifications which involve digital computer systems are reviewed to provide high assurance of adequate protection against cyber attacks, up to and including the design basis threat as defined in the Rule. The proposed change does not alter accident analysis assumptions, add any initiators, or affect the function of plant systems. The Plan is designed to achieve high assurance that the systems within the scope of the Rule are protected from cyber attacks and does not create the possibility of a new or different kind of accident from any previously evaluated.

3. Does the proposed amendment involve a significant reduction in a margin of safety?

Response: No.

The proposed change is required by 10 CFR 73.54 and includes three parts. The first part adds a sentence to the existing OL license condition for Physical Protection. The second part of the proposed change is an Implementation Schedule. Both of these


changes are administrative and do not involve a significant reduction in a margin ofsafety.

The third part is the submittal of the Plan for NRC review and approval. The Planconforms to the template provided by NEI 08-09 Revision 3 (with clarificationspresented in this submittal) and provides a description of how the requirements of theRule will be implemented at DAEC. The Plan establishes the licensing basis for theNextEra Energy Duane Arnold Cyber Security Program. The Plan establishes how toachieve high assurance that nuclear power plant digital computer and communicationsystems and networks associated with the following are adequately protected againstcyber attacks up to and including the design basis threat:



The Plan is designed to achieve high assurance that the systems within the scope ofthe Rule are protected from cyber attacks. Plant safety margins are established throughLimiting Conditions for Operation, Limiting Safety System Settings and Safety limitsspecified in the Technical Specifications. Because there is no change to theseestablished safety margins, the proposed change does not involve a significantreduction in a margin of safety.

Based on the above, NextEra Energy Duane Arnold concludes that the proposedchange presents no significant hazards consideration under the standards set forth in10 CFR 50.92(c), and accordingly, a finding of no significant hazards consideration isjustified.

4.3 CONCLUSION

In conclusion, based on the considerations discussed above, (1) there is reasonableassurance that the health and safety of the public will not be endangered by operation inthe proposed manner, (2) such activities will be conducted in compliance with theCommission's regulations, and (3) the issuance of the amendment will not be inimical tothe common defense and security or to the health and safety of the public.

5. 0 ENVIRONMENTAL CONSIDERATION

The proposed amendment establishes the licensing basis for a Cyber Security Programfor DAEC and will be a part of the Physical Security Plan. This proposed amendmentwill not involve any significant construction impacts. Pursuant to 10 CFR 51.22(c)(1 2)no environmental impact statement or environmental assessment need be prepared inconnection with the issuance of the amendment.


changes are administrative and do not involve a significant reduction in a margin of safety.

The third part is the submittal of the Plan for NRC review and approval. The Plan conforms to the template provided by NEI 08-09 Revision 3 (with clarifications presented in this submittal) and provides a description of how the requirements of the Rule will be implemented at DAEC. The Plan establishes the licensing basis for the NextEra Energy Duane Arnold Cyber Security Program. The Plan establishes how to achieve high assurance that nuclear power plant digital computer and communication systems and networks associated with the following are adequately protected against cyber attacks up to and including the design basis threat:



The Plan is designed to achieve high assurance that the systems within the scope of the Rule are protected from cyber attacks. Plant safety margins are established through Limiting Conditions for Operation, Limiting Safety System Settings and Safety limits specified in the Technical Specifications. Because there is no change to these established safety margins, the proposed change does not involve a significant reduction in a margin of safety.

Based on the above, NextEra Energy Duane Arnold concludes that the proposed change presents no significant hazards consideration under the standards set forth in 10 CFR 50.92(c), and accordingly, a finding of no significant hazards consideration is justified.

4.3 CONCLUSION

In conclusion, based on the considerations discussed above, (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner, (2) such activities will be conducted in compliance with the Commission's regulations, and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public.

5.0 ENVIRONMENTAL CONSIDERATION

The proposed amendment establishes the licensing basis for a Cyber Security Program for DAEC and will be a part of the Physical Security Plan. This proposed amendment will not involve any significant construction impacts. Pursuant to 10 CFR 51.22(c)(12) no environmental impact statement or environmental assessment need be prepared in connection with the issuance of the amendment.


6.0 REFERENCES

1. Federal Register Notice, Final Rule 10 CFR Part 73, "Power Reactor SecurityRequirements," published on March 27, 2009, 74 FR 13926.

2. EA-02-026, "Issuance of Order for Interim Safeguards and SecurityCompensatory Measures," issued February 25, 2002.

6.0 REFERENCES


1. Federal Register Notice, Final Rule 10 CFR Part 73, "Power Reactor Security Requirements," published on March 27, 2009, 74 FR 13926.

2. EA-02-026, "Issuance of Order for Interim Safeguards and Security Compensatory Measures," issued February 25, 2002.

ENCLOSURE 1

ATTACHMENT 1

PROPOSED FACILITY OPERATING LICENSE CHANGE

(MARK-UP)

1 Page Follows

ENCLOSURE 1

ATTACHMENT 1


(MARK-UP)

1 Page Follows

-4-

(a) For Surveillance Requirements (SRs) whose acceptance criteria aremodified, either directly or indirectly, by the increase in authorizedmaximum power level in 2.C.(1) above, in accordance with AmendmentNo. 243 to Facility Operating License DPR-49, those SRs are notrequired to be performed until their next scheduled performance, whichis due at the end of the first surveillance interval that begins on the datethe Surveillance was last performed prior to implementation ofAmendment No. 243.

(b) Deleted.

(3) Fire Protection

NextEra Energy Duane Arnold, LLC shall implement and maintain in effect allprovisions of the approved fire protection program as described in the FinalSafety Analysis Report for the Duane Arnold Energy Center and as approvedin the SER dated June 1, 1978, and Supplement dated February 10, 1981,subject to the following provision:

NextEra Energy Duane Arnold, LLC may make changes to the approvedfire protection program without prior approval of the Commission only ifthose changes would not adversely affect the ability to achieve andmaintain safe shutdown in the event of a fire.

(4) The licensee is authorized to operate the Duane Arnold Energy Center followinginstallation of modified safe-ends on the eight primary recirculation system inletlines which are described in the licensee letter dated July 31, 1978, andsupplemented by letter dated December 8, 1978.

(5) Physical Protection

NextEra Energy Duane Arnold, LLC shall fully implement and maintain in effectall provisions of the Commission-approved physical security, training andqualification, and safeguards contingency plans including amendments madepursuant to provisions of the Miscellaneous Amendments and SearchRequirements revisions to 10 CFR 73.55 (51 FR 27817and 27822) and to theauthority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans,which contains Safeguards Information protected under 10 CFR 73.21, isentitled: "Duane Arnold Energy Center Physical Security Plan," submitted byletter dated May 16, 2006.

Amendment No. -2"5--

-4-

(a) For Surveillance Requirements (SRs) whose acceptance criteria are modified, either directly or indirectly, by the increase in authorized maximum power level in 2.C.(1) above, in accordance with Amendment No. 243 to Facility Operating License DPR-49, those SRs are not required to be performed until their next scheduled performance, which is due at the end of the first surveillance interval that begins on the date the Surveillance was last performed prior to implementation of Amendment No. 243.

(b) Deleted.

(3) Fire Protection

NextEra Energy Duane Arnold, LLC shall implement and maintain in effect all provisions of the approved fire protection program as described in the Final Safety Analysis Report for the Duane Arnold Energy Center and as approved in the SER dated June 1, 1978, and Supplement dated February 10, 1981, subject to the following provision:

NextEra Energy Duane Arnold, LLC may make changes to the approved fire protection program without prior approval of the Commission only if those changes would not adversely affect the ability to achieve and maintain safe shutdown in the event of a fire.

(4) The licensee is authorized to operate the Duane Arnold Energy Center following installation of modified safe-ends on the eight primary recirculation system inlet lines which are described in the licensee letter dated July 31, 1978, and supplemented by letter dated December 8, 1978.


Next Era Energy Duane Arnold, LLC shall fully implement and maintain in effect ;t~ all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to proVisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans, which contains Safeguards Information protected under 10 CFR 73.21, is entitled: "Duane Arnold Energy Center Physical Security Plan,' submitted by letter dated May 16, 2006.

A . . II L i-c.. S""-o..\\ ~\\'1 'L/Ve;(+Ef""'- eV\e..-\lj Y 1/~&-. ... e. A<- V\.D ') _ I .' _'" I .

1~'P\e.:..-~* ~M 'I\~\V'.*(.":\V'o. \~ e~e.c.."':t o...\\ .. ~·,e~lSIOV\S o-f ~'e... C:~)"''''VI'\';SSIDV\ - ~13'f"i>l/"le..J. VA-Fc.../i\!eX+ 13('0... P;\eA'"~'-j \)\.\.~;(\e... A--rN:>\d; LLC- c~ be-c- seLlA"{'"~·ty. 'P1C\'I\ Sv.\~,\~~~ 'p''f \e.+..\-e(' do..-~ NbVev\i\.be, )q) ZObq Cl.:.V\.l>.. 'W :l',""" 'h.~\ &. sr-,{,D'I'ro. 'y ....... \o\~ c. d.,;'s c..i l')S'LA '{' e... ','Y'\.

o...t..ce>.~ b.o.:~ C;..~ W'~Th ID c;::.R. 2".390.:0 Amendment No. -z.r5-

ENCLOSURE 1

ATTACHMENT 2


(RE-TYPED)

1 Page Follows

ENCLOSURE 1

ATTACHMENT 2


(RE-TYPED)

1 Page Follows

-4-

(a) For Surveillance Requirements (SRs) whose acceptance criteria aremodified, either directly or indirectly, by the increase in authorizedmaximum power level in 2.C.(1) above, in accordance with AmendmentNo. 243 to Facility Operating License DPR-49, those SRs are not requiredto be performed until their next scheduled performance, which is due atthe end of the first surveillance interval that begins on the date theSurveillance was last performed prior to implementation of AmendmentNo. 243.

(b) Deleted.

(3) Fire Protection

NextEra Energy Duane Arnold, LLC shall implement and maintain in effect allprovisions of the approved fire protection program as described in the Final SafetyAnalysis Report for the Duane Arnold Energy Center and as approved in the SERdated June 1, 1978, and Supplement dated February 10, 1981, subject to thefollowing provision:

NextEra Energy Duane Arnold, LLC may make changes to the approvedfire protection program without prior approval of the Commission only ifthose changes would not adversely affect the ability to achieve andmaintain safe shutdown in the event of a fire.

(4) The licensee is authorized to operate the Duane Arnold Energy Center followinginstallation of modified safe-ends on the eight primary recirculation system inlet lineswhich are described in the licensee letter dated July 31, 1978, and supplemented byletter dated December 8, 1978.


NextEra Energy Duane Arnold, LLC shall fully implement and maintain in effect allprovisions of the Commission-approved physical security, training and qualification, andsafeguards contingency plans including amendments made pursuant to provisions of theMiscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51FR 27817and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). Thecombined set of plans, which contains Safeguards Information protected under10 CFR 73.21, is entitled: "Duane Arnold Energy Center Physical Security Plan,"submitted by letter dated May 16, 2006.

NextEra Energy Duane Arnold, LLC shall fully implement and maintain in effect allprovisions of the Commission - approved DAEC/NextEra Energy Duane Arnold, LLCcyber security plan submitted by letter dated November 19, 2009 and withheld frompublic disclosure in accordance with 10 CFR 2.390.

Amendment No.

-4-

(a) For Surveillance Requirements (SRs) whose acceptance criteria are modified, either directly or indirectly, by the increase in authorized maximum power level in 2.C.(1) above, in accordance with Amendment No. 243 to Facility Operating License DPR-49, those SRs are not required to be performed until their next scheduled performance, which is due at the end of the first surveillance interval that begins on the date the Surveillance was last performed prior to implementation of Amendment No. 243.

(b) Deleted.

(3) Fire Protection

NextEra Energy Duane Arnold, LLC shall implement and maintain in effect all provisions of the approved fire protection program as described in the Final Safety Analysis Report for the Duane Arnold Energy Center and as approved in the SER dated June 1, 1978, and Supplement dated February 10, 1981, subject to the following provision:

NextEra Energy Duane Arnold, LLC may make changes to the approved fire protection program without prior approval of the Commission only if those changes would not adversely affect the ability to achieve and maintain safe shutdown in the event of a fire.

(4) The licensee is authorized to operate the Duane Arnold Energy Center following installation of modified safe-ends on the eight primary recirculation system inlet lines which are described in the licensee letter dated July 31, 1978, and supplemented by letter dated December 8, 1978.

(S) Physical Protection

NextEra Energy Duane Arnold, LLC shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.SS (S1 FR 27817and 27822) and to the authority of 10 CFR SO.90 and 10 CFR SO.S4(p). The combined set of plans, which contains Safeguards Information protected under 10 CFR 73.21, is entitled: "Duane Arnold Energy Center Physical Security Plan," submitted by letter dated May 16, 2006.

NextEra Energy Duane Arnold, LLC shall fully implement and maintain in effect all provisions of the Commission - approved DAEC/NextEra Energy Duane Arnold, LLC cyber security plan submitted by letter dated November 19, 2009 and withheld from public disclosure in accordance with 10 CFR 2.390.

Amendment No.

ENCLOSURE 2

CYBER SECURITY PLAN IMPLEMENTATION SCHEDULE

Page 1 of 2

ENCLOSURE 2

CYBER SECURITY PLAN IMPLEMENTATION SCHEDULE

Page 1 of 2

Cyber Security Plan Implementation Schedule

Commitment* Completion Date1. Establish a cyber security project team 3 months after NRC approval of

Cyber Security Plan2. Establish and maintain cyber security policies 6 months after NRC approval of

Cyber Security Plan3. Identify Critical Digital Assets (CDAs) within 10 months after NRC approval

scope of 73.54(a) of Cyber Security Plan4. Review and validate CDA connections 24 months after NRC approval

of Cyber Security Plan5. Complete baseline assessments (Operational

Security Controls, Management Security 24 months after NRC approvalControls, Technical Security Controls) and of Cyber Security Planschedule station mitigation actions

6. Implement defensive architecture 30 months after NRC approvalof Cyber Security Plan

7. Implement cyber security program, procedures, 24 months after NRC approvaland training of Cyber Security Plan

8. Perform vulnerability and effectiveness analysis, 36 months after NRC approvaland document gaps in condition reporting of Cyber Security Planprogram

*Any commitment changes will be managed in accordance with NEI 99-04, "Guidelines

for Managing NRC Commitment Changes."

Page 2 of 2

Cyber Security Plan Implementation Schedule

Commitment* Completion Date 1. Establish a cyber security project team 3 months after NRC approval of

Cyber Security Plan 2. Establish and maintain cyber security policies 6 months after NRC approval of

Cyber Security Plan 3. Identify Critical Digital Assets (CDAs) within 10 months after NRC approval

scope of 73.54(a) of Cyber Security Plan 4. Review and validate CDA connections 24 months after NRC approval

of Cyber Security Plan 5. Complete baseline assessments (Operational

Security Controls, Management Security 24 months after NRC approval Controls, Technical Security Controls) and of Cyber Security Plan schedule station mitigation actions

6. Implement defensive architecture 30 months after NRC approval of Cyber Security Plan

7. Implement cyber security program, procedures, 24 months after NRC approval and training of Cyber Security Plan

8. Perform vulnerability and effectiveness analysis, 36 months after NRC approval and document gaps in condition reporting of Cyber Security Plan program

*Any commitment changes will be managed in accordance with NEI 99-04, "Guidelines for Managing NRC Commitment Changes."

Page 2 of 2

nextera energv~ energ-7y, 41 · networks associated with emergency preparedness (ep) functions,...

Documents