IR 05000313/2015405: Difference between revisions
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
StriderTol (talk | contribs) (StriderTol Bot change) |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 21: | Line 21: | ||
==SUBJECT:== | ==SUBJECT:== | ||
ARKANSAS NUCLEAR ONE - NRC TEMPORARY INSTRUCTION 2201/004, | ARKANSAS NUCLEAR ONE - NRC TEMPORARY INSTRUCTION 2201/004, INSPECTION OF IMPLEMENTATION OF INTERIM CYBER SECURITY MILESTONES 1-7, INSPECTION REPORT 05000313/2015405 AND 05000368/2015405 | ||
==Dear Mr. Browning:== | ==Dear Mr. Browning:== | ||
On May 14, 2015, the U.S. Nuclear Regulatory Commission (NRC) completed a security temporary instruction inspection at your Arkansas Nuclear One facility. The inspection covered the implementation of interim milestones associated with your cyber security program, as outlined in your approved cyber security plan and described in Temporary Instruction 2201/004, | On May 14, 2015, the U.S. Nuclear Regulatory Commission (NRC) completed a security temporary instruction inspection at your Arkansas Nuclear One facility. The inspection covered the implementation of interim milestones associated with your cyber security program, as outlined in your approved cyber security plan and described in Temporary Instruction 2201/004, Inspection of Implementation of Interim Cyber Security Milestones 1-7, Revision 1. The enclosed inspection report documents the inspection results that were discussed on May 14, 2015, with you and other members of your staff. | ||
The inspection examined activities conducted under your license as they relate to safety and compliance with the | The inspection examined activities conducted under your license as they relate to safety and compliance with the Commissions rules and regulations and with the conditions of your license. | ||
The inspectors reviewed selected procedures and records, observed activities, and interviewed personnel. | The inspectors reviewed selected procedures and records, observed activities, and interviewed personnel. | ||
NRC inspectors documented four violations of very low security significance in this report | NRC inspectors documented four violations of very low security significance in this report. | ||
These findings involved violations of NRC requirements. Inspectors also documented one licensee-identified violation, which was determined to be of very low security significance. This violation is listed in Section 4OA7 of this report. The NRC is treating these violations as non-cited violations consistent with Section 2.3.2.a of the Enforcement Policy. These issues were discussed and reviewed during a Security Issues Forum Panel meeting conducted on May 13, 2015. The Security Issues Forum Panel review concluded that, although these issues | |||
UNITED STATES NUCLEAR REGULATORY COMMISSION | |||
==REGION IV== | |||
of | 1600 E. LAMAR BLVD ARLINGTON, TX 76011-4511 constituted violations of Title 10, Code of Federal Regulations (10 CFR), Part 73, Section 54, Protection of Digital Computer and Communication Systems and Networks, the NRC is exercising enforcement discretion. The NRC is exercising enforcement discretion for these violations because they meet the criteria established in an NRC memorandum from Barry C. | ||
The material enclosed herewith, however, contains Security-Related Information in accordance with 10 CFR 2.390(d)(1) and its disclosure to unauthorized individuals could present a security vulnerability. Therefore, the material in the enclosure will not be made available electronically for public inspection in the NRC Public Document Room or from the PARS component of NRC's ADAMS. If you choose to provide a response and Security-Related Information is necessary to provide an acceptable response, please mark your entire response | Westreich, Director, Cyber Security Directorate, Office of Nuclear Security and Incident Response, to each regional office and Director, Division of Reactor Safety, Subject: Enhanced Guidance for Licensee Near-Term Corrective Actions to Address Cyber Security Inspection Findings and Licensee Eligibility for Good-Faith Attempt Discretion, dated July 1, 2013, (ADAMS Accession Number ML13178A203). Consistent with the NRC Memorandum, when you complete and close corrective actions associated with these violations, you are requested to provide written notification to the NRCs regional office as to the method and date of closure of the corrective actions for the identified violations. | ||
If you contest the violations or significance of these non-cited violations, you should provide a response within 30 days of the date of this inspection report, with the basis for your denial, to the U.S. Nuclear Regulatory Commission, ATTN: Document Control Desk, Washington, DC 20555-0001; with copies to the Regional Administrator, Region IV; the Director, Office of Enforcement, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001; and the NRC resident inspector at Arkansas Nuclear One. | |||
In accordance with 10 CFR 2.390, Public Inspections, Exemptions, Requests for Withholding, of the NRC's Rules of Practice, a copy of this letter will be available electronically for public inspection in the NRCs Public Document Room or from the Publicly Available Records (PARS) | |||
component of the NRC's Agencywide Documents Access and Management System (ADAMS). | |||
ADAMS is accessible from the NRC Web site at http://www.nrc.gov/reading-rm/adams.html (the Public Electronic Reading Room). | |||
The material enclosed herewith, however, contains Security-Related Information in accordance with 10 CFR 2.390(d)(1) and its disclosure to unauthorized individuals could present a security vulnerability. Therefore, the material in the enclosure will not be made available electronically for public inspection in the NRC Public Document Room or from the PARS component of NRC's ADAMS. If you choose to provide a response and Security-Related Information is necessary to provide an acceptable response, please mark your entire response Security-Related Information-Withhold from public disclosure under 10 CFR 2.390 in accordance with 10 CFR 2.390(d)(1) and follow the instructions for withholding in 10 CFR 2.390(b)(1). In accordance with 10 CFR 2.390(b)(1)(ii), the NRC is waiving the affidavit requirements for your response. | |||
Sincerely, | Sincerely, | ||
/RA/ | /RA/ | ||
Gregory E. Werner, Chief Engineering Branch 2 Division of Reactor Safety | |||
Gregory E. Werner, Chief | |||
Engineering Branch 2 | |||
Division of Reactor Safety | |||
Docket Nos. 50-313 and 50-368 License Nos. DPR-51 and NPF-6 | Docket Nos. 50-313 and 50-368 License Nos. DPR-51 and NPF-6 | ||
Nonpublic Enclosure: | Nonpublic Enclosure: | ||
NRC Inspection Report No. 05000313/2015405 and 05000368/2015405 w/Attachment: Supplemental Information | NRC Inspection Report No. 05000313/2015405 and 05000368/2015405 w/Attachment: Supplemental Information | ||
| Line 55: | Line 68: | ||
Sincerely, | Sincerely, | ||
/RA/ | /RA/ | ||
Gregory E. Werner, Chief Engineering Branch 2 Division of Reactor Safety | |||
Gregory E. Werner, Chief | |||
Engineering Branch 2 | |||
Division of Reactor Safety | |||
Docket Nos. 50-313 and 50-368 License Nos. DPR-51 and NPF-6 | Docket Nos. 50-313 and 50-368 License Nos. DPR-51 and NPF-6 | ||
Nonpublic Enclosure: | Nonpublic Enclosure: | ||
NRC Inspection Report No. 05000313/2015405 and 05000368/2015405 w/Attachment: Supplemental Information | |||
cc w/o encl: | |||
Electronic Distribution for Arkansas Nuclear One, Units 1 and 2 | Electronic Distribution for Arkansas Nuclear One, Units 1 and 2 | ||
DISTRIBUTION | DISTRIBUTION: | ||
See next page | |||
ADAMS ACCESSION | ADAMS ACCESSION NUMBER: ML15159A576 Entire Report: | ||
SUNSI Review Complete By: GPick Non-Sensitive Sensitive Publicly Available Non-Publicly Available Keyword: | |||
MD 3.4 Non-Public A.3 NRC-002 Cover Letter Only: | |||
SUNSI Review Complete By: GPick Non-Sensitive Sensitive Publicly Available Non-Publicly Available Keyword: | |||
SUNSI Review Complete NRC-002 OFFICE SRI:DRS/EB2 RI:DRS/EB2 CSS:CSD/NSIR SRA C:PBE C:EB2 NAME GPick EUribe KLawson-Jenkins LJones NOKeefe GWerner SIGNATURE | |||
/RA/ | |||
/RA/ | |||
/RA/ | |||
/RA/ | |||
/RA/ | |||
/RA/ | |||
DATE 5/18/15 5/28/15 5/18/15 5/13/15 6/3/15 6/8/15 Letter to Jeremy Browning from Gregory E. Werner, dated June 8, 2015 | |||
SUBJECT: ARKANSAS NUCLEAR ONE - NRC TEMPORARY INSTRUCTION 2201/004, | SUBJECT: | ||
ARKANSAS NUCLEAR ONE - NRC TEMPORARY INSTRUCTION 2201/004, INSPECTION OF IMPLEMENTATION OF INTERIM CYBER SECURITY MILESTONES 1-7, INSPECTION REPORT 05000313/2015405 AND 05000368/2015405 | |||
Electronic distribution by RIV with enclosure | Electronic distribution by RIV with enclosure: | ||
Director, Cyber Security Directorate (Barry.Westreich@nrc.gov) | |||
Deputy Director, Cyber Security Directorate (Russell.Felts@nrc.gov) | |||
Security Specialist/NSIR (Eric.Wharton@nrc.gov) | |||
Security Specialist/NSIR (Niry.Simonian@nrc.gov) | Security Specialist/NSIR (Niry.Simonian@nrc.gov) | ||
Branch Chief, RI DRS/EB3 (John.Rogge@nrc.gov) | Branch Chief, RI DRS/EB3 (John.Rogge@nrc.gov) | ||
Branch Chief, RII DRS/EB2 (Scott.Shaeffer@nrc.gov) | Branch Chief, RII DRS/EB2 (Scott.Shaeffer@nrc.gov) | ||
Branch Chief, RIII DRS/EB3 (Robert.Daley@nrc.gov) Senior Resident Inspector (Brian.Tindell@nrc.gov) | Branch Chief, RIII DRS/EB3 (Robert.Daley@nrc.gov) | ||
Senior Resident Inspector (Brian.Tindell@nrc.gov) | |||
Security Specialist (Shyrl.Coker@nrc.gov) | Security Specialist (Shyrl.Coker@nrc.gov) | ||
Electronic distribution by RIV without enclosure | Electronic distribution by RIV without enclosure: | ||
Regional Administrator (Marc.Dapas@nrc.gov) | |||
Deputy Regional Administrator (Kriss.Kennedy@nrc.gov) | |||
DRP Director (Troy.Pruett@nrc.gov) | |||
DRS Director (Anton.Vegel@nrc.gov) | DRS Director (Anton.Vegel@nrc.gov) | ||
DRS Deputy Director (Jeff.Clark@nrc.gov) | DRS Deputy Director (Jeff.Clark@nrc.gov) | ||
DRP Deputy Director (Ryan.Lantz@nrc.gov) | DRP Deputy Director (Ryan.Lantz@nrc.gov) | ||
Resident Inspector (Matt.Young@nrc.gov) | |||
Resident Inspector (Matt.Young@nrc.gov) Resident Inspector (Abin.Fairbanks@nrc.gov) | Resident Inspector (Abin.Fairbanks@nrc.gov) | ||
Branch Chief, DRP/E (Neil.OKeefe@nrc.gov) | Branch Chief, DRP/E (Neil.OKeefe@nrc.gov) | ||
Senior Project Engineer, DRP/E (Nick.Taylor@nrc.gov) | Senior Project Engineer, DRP/E (Nick.Taylor@nrc.gov) | ||
Project Engineer, DRP/E (Thomas.Farina@nrc.gov) | Project Engineer, DRP/E (Thomas.Farina@nrc.gov) | ||
Project Engineer, DRP/E (Brian.Correll@nrc.gov) Project Engineer, DRP/E (Jackson.Choate@nrc.gov) ANO Administrative Assistant (Gloria.Hatfield@nrc.gov) | Project Engineer, DRP/E (Brian.Correll@nrc.gov) | ||
Project Engineer, DRP/E (Jackson.Choate@nrc.gov) | |||
ANO Administrative Assistant (Gloria.Hatfield@nrc.gov) | |||
Public Affairs Officer (Victor.Dricks@nrc.gov) | Public Affairs Officer (Victor.Dricks@nrc.gov) | ||
Public Affairs Officer (Lara.Uselding@nrc.gov) | Public Affairs Officer (Lara.Uselding@nrc.gov) | ||
Project Manager (Andrea.George@nrc.gov) | Project Manager (Andrea.George@nrc.gov) | ||
Team Leader, DRS/TSB (Don.Allen@nrc.gov) | Team Leader, DRS/TSB (Don.Allen@nrc.gov) | ||
| Line 102: | Line 137: | ||
Regional Counsel (Karla.Fuller@nrc.gov) | Regional Counsel (Karla.Fuller@nrc.gov) | ||
Technical Support Assistant (Loretta.Williams@nrc.gov) | Technical Support Assistant (Loretta.Williams@nrc.gov) | ||
Congressional Affairs Officer (Jenny.Weil@nrc.gov) RIV Congressional Affairs Officer (Angel.Moreno@nrc.gov) RIV/ETA: OEDO (Michael.Waters@nrc.gov) | Congressional Affairs Officer (Jenny.Weil@nrc.gov) | ||
RIV Congressional Affairs Officer (Angel.Moreno@nrc.gov) | |||
RIV/ETA: OEDO (Michael.Waters@nrc.gov) | |||
ROPreports | ROPreports | ||
}} | }} | ||
Latest revision as of 11:04, 10 January 2025
| ML15159A576 | |
| Person / Time | |
|---|---|
| Site: | Arkansas Nuclear  |
| Issue date: | 06/08/2015 |
| From: | Greg Werner NRC/RGN-IV/DRS/EB-2 |
| To: | Jeremy G. Browning Entergy Operations |
| References | |
| IR 2015405 | |
| Download: ML15159A576 (5) | |
Text
June 8, 2015
SUBJECT:
ARKANSAS NUCLEAR ONE - NRC TEMPORARY INSTRUCTION 2201/004, INSPECTION OF IMPLEMENTATION OF INTERIM CYBER SECURITY MILESTONES 1-7, INSPECTION REPORT 05000313/2015405 AND 05000368/2015405
Dear Mr. Browning:
On May 14, 2015, the U.S. Nuclear Regulatory Commission (NRC) completed a security temporary instruction inspection at your Arkansas Nuclear One facility. The inspection covered the implementation of interim milestones associated with your cyber security program, as outlined in your approved cyber security plan and described in Temporary Instruction 2201/004, Inspection of Implementation of Interim Cyber Security Milestones 1-7, Revision 1. The enclosed inspection report documents the inspection results that were discussed on May 14, 2015, with you and other members of your staff.
The inspection examined activities conducted under your license as they relate to safety and compliance with the Commissions rules and regulations and with the conditions of your license.
The inspectors reviewed selected procedures and records, observed activities, and interviewed personnel.
NRC inspectors documented four violations of very low security significance in this report.
These findings involved violations of NRC requirements. Inspectors also documented one licensee-identified violation, which was determined to be of very low security significance. This violation is listed in Section 4OA7 of this report. The NRC is treating these violations as non-cited violations consistent with Section 2.3.2.a of the Enforcement Policy. These issues were discussed and reviewed during a Security Issues Forum Panel meeting conducted on May 13, 2015. The Security Issues Forum Panel review concluded that, although these issues
UNITED STATES NUCLEAR REGULATORY COMMISSION
REGION IV
1600 E. LAMAR BLVD ARLINGTON, TX 76011-4511 constituted violations of Title 10, Code of Federal Regulations (10 CFR), Part 73, Section 54, Protection of Digital Computer and Communication Systems and Networks, the NRC is exercising enforcement discretion. The NRC is exercising enforcement discretion for these violations because they meet the criteria established in an NRC memorandum from Barry C.
Westreich, Director, Cyber Security Directorate, Office of Nuclear Security and Incident Response, to each regional office and Director, Division of Reactor Safety, Subject: Enhanced Guidance for Licensee Near-Term Corrective Actions to Address Cyber Security Inspection Findings and Licensee Eligibility for Good-Faith Attempt Discretion, dated July 1, 2013, (ADAMS Accession Number ML13178A203). Consistent with the NRC Memorandum, when you complete and close corrective actions associated with these violations, you are requested to provide written notification to the NRCs regional office as to the method and date of closure of the corrective actions for the identified violations.
If you contest the violations or significance of these non-cited violations, you should provide a response within 30 days of the date of this inspection report, with the basis for your denial, to the U.S. Nuclear Regulatory Commission, ATTN: Document Control Desk, Washington, DC 20555-0001; with copies to the Regional Administrator, Region IV; the Director, Office of Enforcement, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001; and the NRC resident inspector at Arkansas Nuclear One.
In accordance with 10 CFR 2.390, Public Inspections, Exemptions, Requests for Withholding, of the NRC's Rules of Practice, a copy of this letter will be available electronically for public inspection in the NRCs Public Document Room or from the Publicly Available Records (PARS)
component of the NRC's Agencywide Documents Access and Management System (ADAMS).
ADAMS is accessible from the NRC Web site at http://www.nrc.gov/reading-rm/adams.html (the Public Electronic Reading Room).
The material enclosed herewith, however, contains Security-Related Information in accordance with 10 CFR 2.390(d)(1) and its disclosure to unauthorized individuals could present a security vulnerability. Therefore, the material in the enclosure will not be made available electronically for public inspection in the NRC Public Document Room or from the PARS component of NRC's ADAMS. If you choose to provide a response and Security-Related Information is necessary to provide an acceptable response, please mark your entire response Security-Related Information-Withhold from public disclosure under 10 CFR 2.390 in accordance with 10 CFR 2.390(d)(1) and follow the instructions for withholding in 10 CFR 2.390(b)(1). In accordance with 10 CFR 2.390(b)(1)(ii), the NRC is waiving the affidavit requirements for your response.
Sincerely,
/RA/
Gregory E. Werner, Chief
Engineering Branch 2
Division of Reactor Safety
Docket Nos. 50-313 and 50-368 License Nos. DPR-51 and NPF-6
Nonpublic Enclosure:
NRC Inspection Report No. 05000313/2015405 and 05000368/2015405 w/Attachment: Supplemental Information
cc w/o encl:
Electronic Distribution for Arkansas Nuclear One, Units 1 and 2 In accordance with 10 CFR 2.390(b)(1)(ii), the NRC is waiving the affidavit requirements for your response.
Sincerely,
/RA/
Gregory E. Werner, Chief
Engineering Branch 2
Division of Reactor Safety
Docket Nos. 50-313 and 50-368 License Nos. DPR-51 and NPF-6
Nonpublic Enclosure:
NRC Inspection Report No. 05000313/2015405 and 05000368/2015405 w/Attachment: Supplemental Information
cc w/o encl:
Electronic Distribution for Arkansas Nuclear One, Units 1 and 2
DISTRIBUTION:
See next page
ADAMS ACCESSION NUMBER: ML15159A576 Entire Report:
SUNSI Review Complete By: GPick Non-Sensitive Sensitive Publicly Available Non-Publicly Available Keyword:
MD 3.4 Non-Public A.3 NRC-002 Cover Letter Only:
SUNSI Review Complete By: GPick Non-Sensitive Sensitive Publicly Available Non-Publicly Available Keyword:
SUNSI Review Complete NRC-002 OFFICE SRI:DRS/EB2 RI:DRS/EB2 CSS:CSD/NSIR SRA C:PBE C:EB2 NAME GPick EUribe KLawson-Jenkins LJones NOKeefe GWerner SIGNATURE
/RA/
/RA/
/RA/
/RA/
/RA/
/RA/
DATE 5/18/15 5/28/15 5/18/15 5/13/15 6/3/15 6/8/15 Letter to Jeremy Browning from Gregory E. Werner, dated June 8, 2015
SUBJECT:
ARKANSAS NUCLEAR ONE - NRC TEMPORARY INSTRUCTION 2201/004, INSPECTION OF IMPLEMENTATION OF INTERIM CYBER SECURITY MILESTONES 1-7, INSPECTION REPORT 05000313/2015405 AND 05000368/2015405
Electronic distribution by RIV with enclosure:
Director, Cyber Security Directorate (Barry.Westreich@nrc.gov)
Deputy Director, Cyber Security Directorate (Russell.Felts@nrc.gov)
Security Specialist/NSIR (Eric.Wharton@nrc.gov)
Security Specialist/NSIR (Niry.Simonian@nrc.gov)
Branch Chief, RI DRS/EB3 (John.Rogge@nrc.gov)
Branch Chief, RII DRS/EB2 (Scott.Shaeffer@nrc.gov)
Branch Chief, RIII DRS/EB3 (Robert.Daley@nrc.gov)
Senior Resident Inspector (Brian.Tindell@nrc.gov)
Security Specialist (Shyrl.Coker@nrc.gov)
Electronic distribution by RIV without enclosure:
Regional Administrator (Marc.Dapas@nrc.gov)
Deputy Regional Administrator (Kriss.Kennedy@nrc.gov)
DRP Director (Troy.Pruett@nrc.gov)
DRS Director (Anton.Vegel@nrc.gov)
DRS Deputy Director (Jeff.Clark@nrc.gov)
DRP Deputy Director (Ryan.Lantz@nrc.gov)
Resident Inspector (Matt.Young@nrc.gov)
Resident Inspector (Abin.Fairbanks@nrc.gov)
Branch Chief, DRP/E (Neil.OKeefe@nrc.gov)
Senior Project Engineer, DRP/E (Nick.Taylor@nrc.gov)
Project Engineer, DRP/E (Thomas.Farina@nrc.gov)
Project Engineer, DRP/E (Brian.Correll@nrc.gov)
Project Engineer, DRP/E (Jackson.Choate@nrc.gov)
ANO Administrative Assistant (Gloria.Hatfield@nrc.gov)
Public Affairs Officer (Victor.Dricks@nrc.gov)
Public Affairs Officer (Lara.Uselding@nrc.gov)
Project Manager (Andrea.George@nrc.gov)
Team Leader, DRS/TSB (Don.Allen@nrc.gov)
ACES (R4Enforcement.Resource@nrc.gov)
RITS Coordinator (Marisa.Herrera@nrc.gov)
Regional Counsel (Karla.Fuller@nrc.gov)
Technical Support Assistant (Loretta.Williams@nrc.gov)
Congressional Affairs Officer (Jenny.Weil@nrc.gov)
RIV Congressional Affairs Officer (Angel.Moreno@nrc.gov)
RIV/ETA: OEDO (Michael.Waters@nrc.gov)
ROPreports