IR 05000280/2014405
| ML14132A355 | |
| Person / Time | |
|---|---|
| Site: | Surry  |
| Issue date: | 05/12/2014 |
| From: | Scott Shaeffer NRC/RGN-II/DRS/EB2 |
| To: | Heacock D Virginia Electric & Power Co (VEPCO) |
| Linda K. Gruhler 404-997-4633 | |
| References | |
| IR-14-405 | |
| Download: ML14132A355 (5) | |
Text
May 12, 2014
SUBJECT:
SURRY POWER STATION UNITS 1 AND 2 NRC TEMPORARY
INSTRUCTION 2201/004, INSPECTION OF IMPLEMENTATION OF
INTERIM CYBER SECURITY MILESTONES 1-7 INSPECTION REPORT
NO. 05000280/2014405 AND 05000281/2014405
Dear Mr. Heacock:
On March 28, 2014, the U.S. Nuclear Regulatory Commission (NRC) completed the onsite activities associated with the inspection at Surry Power Station, Units 1 and 2. The enclosed report documents the results of this inspection, which was discussed on March 28, 2014, with you and other members of your staff. Following completion of additional post-inspection analysis of the inspection findings by the NRC in the Region II office, a final exit meeting was held by telephone with members of your staff on April 14, 2014, to provide an update on changes to the preliminary inspection findings.
The inspection examined activities conducted under your license as they relate to safety and compliance with the Commissions Rules and Regulations, and with the conditions of your license related to the implementation of interim Cyber Security Milestones. The inspection was conducted in accordance with NRC Temporary Instruction (TI) 2201/004, Inspection of Implementation of Interim Cyber Security Milestones 1-7, issued January 3, 2013.
Two findings of very low safety significance (Green) that were determined to involve violations of NRC requirements were identified during this inspection. Further, five licensee-identified violations, of very low safety significance (Green) are listed in this report. However, in accordance with the Security Issue Forum (SIF) Charter, the NRC can exercise enforcement discretion during inspection of the interim cyber security measures for licensees who demonstrate a Good-Faith interpretation and attempt to implement Milestones 1-7. This discretion applies to licensees who have tried to implement the new requirements, but failed to be in full compliance. Before discretion is considered or granted for any issue, licensees must accept the finding, place the finding into their Corrective Actions Program (CAP), and take appropriate corrective action to restore compliance in a timely manner.
The issues above were discussed at the SIF meeting on April 23, 2014. Based on the meeting, the NRC is not pursuing enforcement action due to your good-faith attempt to interpret and implement Interim Cyber Security Milestones 1 - 7 commitments, and because of your prompt corrective actions to enter these issues into your CAP. Upon completion of all corrective actions, you are requested to provide written notification to the NRCs Regional office as to the method and date of closure for the identified issue(s). If you contest the violations or significance of the findings discussed in the report, you should provide a response within 30 days of the date of this inspection report, with the basis for your denial, to the Nuclear Regulatory Commission, ATTN: Document Control Desk, Washington DC 20555-0001; with copies to the Regional Administrator, Region II; the Director, Office of Enforcement, United States Nuclear Regulatory Commission, Washington, DC 20555-0001; and the NRC Resident Inspector at the Surry Power Station.
In accordance with Title 10 of the Code of Federal Regulation (10 CFR) 2.390 of the NRCs Rules of Practice, a copy of this letter will be available electronically for public inspection in the NRC Public Document Room, or from the Publicly Available Records (PARS) component of the NRCs Agencywide Documents Access and Management System (ADAMS), accessible from the NRC Web site at http://www.nrc.gov/reading-rm/adams.html (the Public Electronic Reading Room).
However, the material enclosed herewith contains Security-Related Information in accordance with 10 CFR 2.390(d)(1), and its disclosure to unauthorized individuals could present a security vulnerability. Therefore, the material in the Enclosure will not be made available electronically for public inspection in the NRC Public Document Room, or from the PARS component of NRC's ADAMS. If you choose to provide a response and Security-Related information is necessary to provide an acceptable response, please mark your entire response Security-Related InformationWithhold from Public Disclosure under 10 CFR 2.390, in accordance with 10 CFR 2.390(d)(1), and follow the instructions for withholding in 10 CFR 2.390(b)(1). In accordance with 10 CFR 2.390(b)(1)(ii), the NRC is waiving the affidavit requirements for your response.
Sincerely,
/RA/
Scott M. Shaeffer, Chief Engineering Branch 2 Division of Reactor Safety
Docket Nos. 50-280 and 50-281 License Nos. DPR-32 and DPR-37
Enclosure:
IR No. 05000280/2014405 and 05000281/2014405 w/Attachment: Supplementary Information (OUO)
cc: (See page 3)
ML14132A355 SUNSI REVIEW COMPLETE FORM 665 ATTACHED OFFICE RII:DRS RII:DRS CSO RII:DRP RII:DRS RII:DRS
SIGNATURE JJP3 RJF2 RJF2 for ABK1 MFK1 SMS SMS
NAME J. Patel R. Fanner A. Konkal M. King S. Shaeffer S. Shaeffer
DATE 4/ 16 /2014 4/ 22 /2014 4/ 16 /2014 4/ 28 /2014 4/ 23 /2014 5/ 12 /2014
E-MAIL COPY YES NO YES NO YES NO YES NO YES NO YES NO cc:
Gregory Haynes Surry Power Station 5570 Hog Island Road Surry, VA 23883-0315 Letter to David from Scott M. Shaeffer dated May 12, 2014.
SUBJECT: SURRY POWER STATION UNITS 1 AND 2 NRC TEMPORARY
INSTRUCTION 2201/004, INSPECTION OF IMPLEMENTATION OF
INTERIM CYBER SECURITY MILESTONES 1-7 INSPECTION REPORT
NO. 05000280/2014405 AND 05000281/2014405
DISTRIBUTION:
M. Layton, NSIR N. Simonian, NSIR E. Wharton, NSIR M. King, RII, DRP S. Ninh, RII, SR PE B. Bishop, RII, PE J. Parent, RII, RIDP P. McKenna, RII, SRI J. Nadel, RII, RI K. Roche, RII, RI RIDSNRRDIRS PUBLIC (OUO removed)