IR 05000454/2022403: Difference between revisions

From kanterella
Jump to navigation Jump to search
(StriderTol Bot insert)
 
(StriderTol Bot change)
 
(4 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{Adams
{{Adams
| number = ML22208A216
| number = ML22354A164
| issue date = 07/28/2022
| issue date = 12/28/2022
| title = Unit 2 Information Request for the Cyber-Security Baseline Inspection, Notification to Perform Inspection 05000454/2022403 05000455/2022403
| title = Cyber Security Inspection Report 05000454/2022403 and 05000455/2022403
| author name = Gilliam J
| author name = Skokowski R
| author affiliation = NRC/RGN-III/DRS/EB3
| author affiliation = NRC/RGN-III/DORS/EB2
| addressee name = Rhoades D
| addressee name = Rhoades D
| addressee affiliation = Constellation Energy Generation, LLC
| addressee affiliation = Constellation Energy Generation, LLC
Line 11: Line 11:
| contact person =  
| contact person =  
| document report number = IR 2022403
| document report number = IR 2022403
| document type = Letter
| document type = Inspection Report, Letter
| page count = 9
| page count = 1
}}
}}


Line 18: Line 18:


=Text=
=Text=
{{#Wiki_filter:July 28, 2022
{{#Wiki_filter:==SUBJECT:==
BYRON STATION - CYBER SECURITY INSPECTION REPORT 05000454/2022403 AND 05000455/2022403


==SUBJECT:==
==Dear David Rhoades:==
BYRON STATION UNIT 1 AND UNIT 2 - INFORMATION REQUEST FOR THE CYBER-SECURITY BASELINE INSPECTION, NOTIFICATION TO PERFORM INSPECTION 05000454/2022403; 05000455/2022403
On November 17, 2022, the U.S. Nuclear Regulatory Commission (NRC) completed an inspection at Byron Station and discussed the results of this inspection with Mr. J. Cunzeman, Engineering Director and other members of your staff. The results of this inspection are documented in the enclosed report.


==Dear Mr. Rhoades:==
No findings or violations of more than minor significance were identified during this inspection.
On November 14, 2022, the U.S. Nuclear Regulatory Commission (NRC) will begin a baseline inspection in accordance with Inspection Procedure (IP) 71130.10 Cyber-Security, Revision 0 at your Byron Station. The inspection will be performed to evaluate and verify your ability to meet the NRCs Cyber-Security Rule, Title 10, Code of Federal Regulations (CFR), Part 73, Section 54, Protection of Digital Computer and Communication Systems and Networks. The onsite portion of the inspection will take place November 14 - 18, 2022.


Experience has shown that baseline inspections are extremely resource intensive, both for the NRC inspectors and the licensee staff. In order to minimize the inspection impact on the site and to ensure a productive inspection for both parties, we have enclosed a request for documents needed for the inspection. These documents have been divided into four groups.
This letter, its enclosure, and your response (if any) will be made available for public inspection and copying at http://www.nrc.gov/reading-rm/adams.html and at the NRC Public Document Room in accordance with Title 10 of the Code of Federal Regulations 2.390, Public Inspections, Exemptions, Requests for Withholding.


The first group specifies information necessary to assist the inspection team in choosing the focus areas (i.e., sample set) to be inspected by the cyber-security IP. This information should be made available electronically no later than September 14, 2022. The inspection team will review this information and, by September 28, 2022, will request the specific items that should be provided for review.
Sincerely, Richard A. Skokowski, Chief Engineering Branch 2 Division of Operating Reactor Safety Docket Nos. 05000454 and 05000455 License Nos. NPF-37 and NPF-66


The second group of additional requested documents will assist the inspection team in the evaluation of the critical systems and critical digital assets (CSs/CDAs), defensive architecture, and the areas of the licensees Cyber Security Plan (CSP) selected for the cyber-security inspection. This information will be requested for review in the regional office prior to the inspection by October 28, 2022, as identified above.
===Enclosure:===
As stated


The third group of requested documents consists of those items that the inspection team will review, or need access to, during the inspection. Please have this information available by the first day of the onsite inspection, November 14, 2022. The fourth group of information is necessary to aid the inspection team in tracking issues identified as a result of the inspection. It is requested that this information be provided to the lead inspector as the information is generated during the inspection. It is important that all of these documents are up to date and complete in order to minimize the number of additional documents requested during the preparation and/or the onsite portions of the inspection.
==Inspection Report==
Docket Numbers:
05000454 and 05000455
License Numbers:
NPF-37 and NPF-66
Report Numbers:
05000454/2022403 and 05000455/2022403
Enterprise Identifier:
I-2022-403-0034
Licensee:
Constellation Energy Generation, LLC
Facility:
Byron Station
Location:
Byron, IL
Inspection Dates:
November 14, 2022 to November 17, 2022
Inspectors:
B. Barro, Cyber Security Analyst
A. Dahbur, Senior Reactor Inspector
J. Gilliam, Senior Reactor Inspector
A. Konkal, Contractor
Approved By:
Richard A. Skokowski, Chief
Engineering Branch 2
Division of Operating Reactor Safety


The lead inspector for this inspection is Jasmine Gilliam. We understand that our regulatory contact for this inspection is Gerald Armstrong of your organization. If there are any questions about the inspection or the material requested, please contact the lead inspector at 630-829-9831 or via e-mail at Jasmine.Gilliam@nrc.gov.
=SUMMARY=
The U.S. Nuclear Regulatory Commission (NRC) continued monitoring the licensees performance by conducting a cyber security inspection at Byron Station, in accordance with the Reactor Oversight Process. The Reactor Oversight Process is the NRCs program for overseeing the safe operation of commercial nuclear power reactors. Refer to https://www.nrc.gov/reactors/operating/oversight.html for more information.


This letter does not contain new or amended information collection requirements subject to the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). Existing information collection requirements were approved by the Office of Management and Budget, Control Number 3150-0011. The NRC may not conduct or sponsor, and a person is not required to respond to, a request for information or an information collection requirement unless the requesting document displays a currently valid Office of Management and Budget Control Number.
===List of Findings and Violations===
No findings or violations of more than minor significance were identified.


In accordance with 10 CFR 2.390, Public Inspections, Exemptions, Requests for Withholding, of the NRC's "Rules of Practice," a copy of this letter and its enclosure will be available electronically for public inspection in the NRCs Public Document Room or from the Publicly Available Records (PARS) component of the NRC's Agencywide Documents Access and Management System (ADAMS). ADAMS is accessible from the NRC Web site at http://www.nrc.gov/reading-rm/adams.html (the Public Electronic Reading Room).
===Additional Tracking Items===
None.


Sincerely, Signed by Gilliam, Jasmine on 07/28/22 Jasmine Gilliam, Senior Reactor Inspector Engineering Branch 3 Division of Reactor Safety Docket Nos. 50-454; 50-455 License Nos. NPF-37; NPF-66 Enclosure:
=INSPECTION SCOPES=
Byron Station Cyber-Security Inspection Document Request cc w/encl: Distribution via LISTSERV
 
Inspections were conducted using the appropriate portions of the inspection procedures (IPs) in effect at the beginning of the inspection unless otherwise noted. Currently approved IPs with their attached revision histories are located on the public website at http://www.nrc.gov/reading-rm/doc-collections/insp-manual/inspection-procedure/index.html. Samples were declared complete when the IP requirements most appropriate to the inspection activity were met consistent with Inspection Manual Chapter (IMC) 2201, Security Inspection Program for Commercial Nuclear Power Reactors. The inspectors reviewed selected procedures and records, observed activities, and interviewed personnel to assess licensee performance and compliance with Commission rules and regulations, license conditions, site procedures, and standards.
 
==SAFEGUARDS==
==71130.10 - Cybersecurity==
The inspectors reviewed implementation of Byron Generating Stations Cyber Security Plan (CSP) and focused on evaluating changes to the program, critical systems, and CDAs.
 
===Cybersecurity (1 Sample)===
: (1) The following IP sections were completed and constitute completion of 1 sample:
 
03.01, Review Ongoing Monitoring and Assessment Activities
 
03.02, Verify Defense-in-Depth Protective Strategies
 
03.03, Review of Configuration Management Change Control
 
03.04, Review of Cyber Security Program
 
03.05, Evaluation of Corrective Actions
 
In addition to the systems and programs that have been added or modified since the last cyber security inspection, the following systems were selected for inspection.
 
Unit 0
 
Security (IS), Security Unit 1 & 2
 
Feedwater (FW), Important-to-Safety / Balance of Plant Trip
 
Neutron Monitoring (NR), Safety-Related
 
Plant Process Computer (CX), Important-to-Safety
 
==INSPECTION RESULTS==
No findings were identified.
 
==EXIT MEETINGS AND DEBRIEFS==
The inspectors verified no proprietary information was retained or documented in this report.
 
On November 17, 2022, the inspectors presented the cyber security inspection results to Mr. J. Cunzeman, Engineering Director and other members of the licensee staff.
 
=DOCUMENTS REVIEWED=
 
Inspection
Procedure
Type
Designation
Description or Title
Revision or
Date
233553
EOC Review for Maintenance Per IR 4227370
03/27/2019
265133
TSC Computer Removed for CS Investigation
07/18/2019
288042
Cyber Security 24-Month SA Gap CC-AA-604-102-F-02 Not
In WP
10/15/2019
04302100
CYBER SECURITY: EP CDA PC Was Replaced with Non-
CDA PC
06/12/2019
04367087
Cyber Follow-Up from JAF Inspection
2/09/2020
04383635
NOS ID: Cyber Incident IR Not Reclassified as Sig Level 3
11/11/2020
04452030
1PL100J Tamper Seals
10/10/2021
25515
Cyber Security Tamper Seals Removed Improperly
03/10/2020
4345187
Cyber - Missed Identification of CDAs
05/22/2020
4511718
Cyber CDA Post Install Walk Down Discrepancy
07/19/2022
Corrective Action
Documents
4519948
Cyber Security-Security CDA Key Issued Without Using Key
Log
08/31/2022
29068
Cyber - NRC Pre-Inspection Issue DRPs
10/12/2022
4536919
OPEX EVALUATION: THREAT ANALYSIS OF CVE-2021-
22 Cisco ASA
11/14/2022
4536920
OPEX EVALUATION: THREAT ANALYSIS OF CVE-2021-
1402 CISCO FTD
11/14/2022
4536947
NRC ID - Cyber - Error Identified on Baseline Data Sheet
11/14/2022
4537052
OPEX EVALUATION: THREAT ANALYSIS CVE-2020-9034
Symmetricon
11/15/2022
4537074
NRC ID Cyber Error Identified on Baseline Data Sheet
11/15/2022
4537088
NRC ID - Cyber-Error Found on CDA Checklist WO
286130-01
11/13/2022
4537184
NRC ID - Cyber - Error Message on 2FW36J
11/15/2022
4537185
NRC ID - Cyber - Error Message on 1FW37J
11/15/2022
4537192
NRC ID - Cyber - Vulnerability Assessment Missing CVE Info
11/15/2022
4537479
NRC ID - Cyber - CDA Subcomponent ID Tag Needs
Removed
11/16/2022
71130.10
Corrective Action
Documents
Resulting from
Inspection
4537483
NRC ID - Cyber - Observation Vulnerability Assessment
Enhancement
11/17/2022
Inspection
Procedure
Type
Designation
Description or Title
Revision or
Date
4537619
NRC ID - Cyber - Unused Services Found Set to Manual on
IVMS
11/17/2022
4537621
NRC ID -Cyber-Unused Services Found Set to Manual on
Kiosks
11/17/2022
4537725
NRC ID - Cyber - Observation CDA Key Control
11/17/2022
Engineering
Changes
EC0000631318
Cyber Defensive Infrastructure (CDI) Refresh
AR 7654321
Cyber Security Incident Response Drill Scenario
03/16/2022
CC-AA-601-F-02
BYR_0CP-CX7006_CP - CDA Baseline Data Sheet
CC-AA-601-F-02
BYR_1CP-CX1500_CP - CDA Baseline Data Sheet
CC-AA-601-F-02
BYR_2NCU-CX1041_NCU - CDA Baseline Data Sheet
Miscellaneous
CC-AA-606-1002-
F-01
Data Diode Server Disaster Recovery Plan
BYR-CDI-L3-MAT
Defensive Architecture Enhancement - BYR-CDI L3 Mat
CC-AA-601-1001
Cyber Security Program Health Performance Indicators and
Criteria
CC-AA-601-1003-
F-01
Supplier Exception Evaluation For SQAD-7
CC-AA-604-101
CDA Password Configuration and Control
CC-AA-606
Cyber Security Incident Response
IT-AA-213-1000
Scanning for Rogue Wireless Access Point Points
OP-AA-108-103-
1000
CDA Key Control Program
SM-AA-102
Warehouse Operations
SM-AA-406
Supply Cyber Security
Procedures
TQ-AA-176-J020
Cyber Security Specialized Training Matrix
05070909
Cyber Defense Infrastructure (CDI) Refresh EC 631318
04/21/2022
276124-01
Monthly DAE Intrusion Detection Functional Testing
07/13/2022
Work Orders
287939-01
Perform Monthly Rogue Wireless Scanning
09/01/2022
}}
}}

Latest revision as of 19:27, 2 January 2025

Cyber Security Inspection Report 05000454/2022403 and 05000455/2022403
ML22354A164
Person / Time
Site: Byron  Constellation icon.png
Issue date: 12/28/2022
From: Richard Skokowski
NRC/RGN-III/DORS/EB2
To: Rhoades D
Constellation Energy Generation
References
IR 2022403
Download: ML22354A164 (1)
v  d  e


Text

SUBJECT:

BYRON STATION - CYBER SECURITY INSPECTION REPORT 05000454/2022403 AND 05000455/2022403

Dear David Rhoades:

On November 17, 2022, the U.S. Nuclear Regulatory Commission (NRC) completed an inspection at Byron Station and discussed the results of this inspection with Mr. J. Cunzeman, Engineering Director and other members of your staff. The results of this inspection are documented in the enclosed report.

No findings or violations of more than minor significance were identified during this inspection.

This letter, its enclosure, and your response (if any) will be made available for public inspection and copying at http://www.nrc.gov/reading-rm/adams.html and at the NRC Public Document Room in accordance with Title 10 of the Code of Federal Regulations 2.390, Public Inspections, Exemptions, Requests for Withholding.

Sincerely, Richard A. Skokowski, Chief Engineering Branch 2 Division of Operating Reactor Safety Docket Nos. 05000454 and 05000455 License Nos. NPF-37 and NPF-66

Enclosure:

As stated

Inspection Report

Docket Numbers:

05000454 and 05000455

License Numbers:

NPF-37 and NPF-66

Report Numbers:

05000454/2022403 and 05000455/2022403

Enterprise Identifier:

I-2022-403-0034

Licensee:

Constellation Energy Generation, LLC

Facility:

Byron Station

Location:

Byron, IL

Inspection Dates:

November 14, 2022 to November 17, 2022

Inspectors:

B. Barro, Cyber Security Analyst

A. Dahbur, Senior Reactor Inspector

J. Gilliam, Senior Reactor Inspector

A. Konkal, Contractor

Approved By:

Richard A. Skokowski, Chief

Engineering Branch 2

Division of Operating Reactor Safety

SUMMARY

The U.S. Nuclear Regulatory Commission (NRC) continued monitoring the licensees performance by conducting a cyber security inspection at Byron Station, in accordance with the Reactor Oversight Process. The Reactor Oversight Process is the NRCs program for overseeing the safe operation of commercial nuclear power reactors. Refer to https://www.nrc.gov/reactors/operating/oversight.html for more information.

List of Findings and Violations

No findings or violations of more than minor significance were identified.

Additional Tracking Items

None.

INSPECTION SCOPES

Inspections were conducted using the appropriate portions of the inspection procedures (IPs) in effect at the beginning of the inspection unless otherwise noted. Currently approved IPs with their attached revision histories are located on the public website at http://www.nrc.gov/reading-rm/doc-collections/insp-manual/inspection-procedure/index.html. Samples were declared complete when the IP requirements most appropriate to the inspection activity were met consistent with Inspection Manual Chapter (IMC) 2201, Security Inspection Program for Commercial Nuclear Power Reactors. The inspectors reviewed selected procedures and records, observed activities, and interviewed personnel to assess licensee performance and compliance with Commission rules and regulations, license conditions, site procedures, and standards.

SAFEGUARDS

71130.10 - Cybersecurity

The inspectors reviewed implementation of Byron Generating Stations Cyber Security Plan (CSP) and focused on evaluating changes to the program, critical systems, and CDAs.

Cybersecurity (1 Sample)

(1) The following IP sections were completed and constitute completion of 1 sample:

03.01, Review Ongoing Monitoring and Assessment Activities

03.02, Verify Defense-in-Depth Protective Strategies

03.03, Review of Configuration Management Change Control

03.04, Review of Cyber Security Program

03.05, Evaluation of Corrective Actions

In addition to the systems and programs that have been added or modified since the last cyber security inspection, the following systems were selected for inspection.

Unit 0

Security (IS), Security Unit 1 & 2

Feedwater (FW), Important-to-Safety / Balance of Plant Trip

Neutron Monitoring (NR), Safety-Related

Plant Process Computer (CX), Important-to-Safety

INSPECTION RESULTS

No findings were identified.

EXIT MEETINGS AND DEBRIEFS

The inspectors verified no proprietary information was retained or documented in this report.

On November 17, 2022, the inspectors presented the cyber security inspection results to Mr. J. Cunzeman, Engineering Director and other members of the licensee staff.

DOCUMENTS REVIEWED

Inspection

Procedure

Type

Designation

Description or Title

Revision or

Date

233553

EOC Review for Maintenance Per IR 4227370

03/27/2019

265133

TSC Computer Removed for CS Investigation

07/18/2019

288042

Cyber Security 24-Month SA Gap CC-AA-604-102-F-02 Not

In WP

10/15/2019

04302100

CYBER SECURITY: EP CDA PC Was Replaced with Non-

CDA PC

06/12/2019

04367087

Cyber Follow-Up from JAF Inspection

2/09/2020

04383635

NOS ID: Cyber Incident IR Not Reclassified as Sig Level 3

11/11/2020

04452030

1PL100J Tamper Seals

10/10/2021

25515

Cyber Security Tamper Seals Removed Improperly

03/10/2020

4345187

Cyber - Missed Identification of CDAs

05/22/2020

4511718

Cyber CDA Post Install Walk Down Discrepancy

07/19/2022

Corrective Action

Documents

4519948

Cyber Security-Security CDA Key Issued Without Using Key

Log

08/31/2022

29068

Cyber - NRC Pre-Inspection Issue DRPs

10/12/2022

4536919

OPEX EVALUATION: THREAT ANALYSIS OF CVE-2021-

22 Cisco ASA

11/14/2022

4536920

OPEX EVALUATION: THREAT ANALYSIS OF CVE-2021-

1402 CISCO FTD

11/14/2022

4536947

NRC ID - Cyber - Error Identified on Baseline Data Sheet

11/14/2022

4537052

OPEX EVALUATION: THREAT ANALYSIS CVE-2020-9034

Symmetricon

11/15/2022

4537074

NRC ID Cyber Error Identified on Baseline Data Sheet

11/15/2022

4537088

NRC ID - Cyber-Error Found on CDA Checklist WO 286130-01

11/13/2022

4537184

NRC ID - Cyber - Error Message on 2FW36J

11/15/2022

4537185

NRC ID - Cyber - Error Message on 1FW37J

11/15/2022

4537192

NRC ID - Cyber - Vulnerability Assessment Missing CVE Info

11/15/2022

4537479

NRC ID - Cyber - CDA Subcomponent ID Tag Needs

Removed

11/16/2022

71130.10

Corrective Action

Documents

Resulting from

Inspection

4537483

NRC ID - Cyber - Observation Vulnerability Assessment

Enhancement

11/17/2022

Inspection

Procedure

Type

Designation

Description or Title

Revision or

Date

4537619

NRC ID - Cyber - Unused Services Found Set to Manual on

IVMS

11/17/2022

4537621

NRC ID -Cyber-Unused Services Found Set to Manual on

Kiosks

11/17/2022

4537725

NRC ID - Cyber - Observation CDA Key Control

11/17/2022

Engineering

Changes

EC0000631318

Cyber Defensive Infrastructure (CDI) Refresh

AR 7654321

Cyber Security Incident Response Drill Scenario

03/16/2022

CC-AA-601-F-02

BYR_0CP-CX7006_CP - CDA Baseline Data Sheet

CC-AA-601-F-02

BYR_1CP-CX1500_CP - CDA Baseline Data Sheet

CC-AA-601-F-02

BYR_2NCU-CX1041_NCU - CDA Baseline Data Sheet

Miscellaneous

CC-AA-606-1002-

F-01

Data Diode Server Disaster Recovery Plan

BYR-CDI-L3-MAT

Defensive Architecture Enhancement - BYR-CDI L3 Mat

CC-AA-601-1001

Cyber Security Program Health Performance Indicators and

Criteria

CC-AA-601-1003-

F-01

Supplier Exception Evaluation For SQAD-7

CC-AA-604-101

CDA Password Configuration and Control

CC-AA-606

Cyber Security Incident Response

IT-AA-213-1000

Scanning for Rogue Wireless Access Point Points

OP-AA-108-103-

1000

CDA Key Control Program

SM-AA-102

Warehouse Operations

SM-AA-406

Supply Cyber Security

Procedures

TQ-AA-176-J020

Cyber Security Specialized Training Matrix

05070909

Cyber Defense Infrastructure (CDI) Refresh EC 631318

04/21/2022

276124-01

Monthly DAE Intrusion Detection Functional Testing

07/13/2022

Work Orders

287939-01

Perform Monthly Rogue Wireless Scanning

09/01/2022

Retrieved from "https://kanterella.com/w/index.php?title=IR_05000454/2022403&oldid=4835222"