IR 05000237/2025401
| ML25059A050 | |
| Person / Time | |
|---|---|
| Site: | Dresden  |
| Issue date: | 03/03/2025 |
| From: | Jasmine Gilliam NRC/RGN-III/DORS/EB2 |
| To: | Rhoades D Constellation Energy Generation, Constellation Nuclear |
| References | |
| IR 2025401 | |
| Download: ML25059A050 (1) | |
Text
SUBJECT:
DRESDEN NUCLEAR POWER STATION, UNITS 2 AND 3 - CYBER SECURITY INSPECTION REPORT 05000237/2025401 AND 05000249/2025401
Dear David Rhoades:
On January 30, 2025, the U.S. Nuclear Regulatory Commission (NRC) completed an inspection at Dresden Nuclear Power Station Units 2 and 3, and discussed the results of this inspection with Adam Payleitner, Engineering Director, and other members of your staff. The results of this inspection are documented in the enclosed report.
No findings or violations of more than minor significance were identified during this inspection.
This letter, its enclosure, and your response (if any) will be made available for public inspection and copying at http://www.nrc.gov/reading-rm/adams.html and at the NRC Public Document Room in accordance with Title 10 of the Code of Federal Regulations 2.390, Public Inspections, Exemptions, Requests for Withholding.
Sincerely, Jasmine A. Gilliam, Chief Engineering Branch 2 Division of Operating Reactor Safety Docket Nos. 05000237 and 05000249 License Nos. DPR-19 and DPR-25
Enclosure:
As stated
Inspection Report
Docket Numbers:
05000237 and 05000249
License Numbers:
Report Numbers:
05000237/2025401 and 05000249/2025401
Enterprise Identifier:
I-2025-401-0033
Licensee:
Constellation Energy Generation, LLC
Facility:
Dresden Nuclear Power Station, Units 2 and 3
Location:
Morris, IL
Inspection Dates:
January 27, 2025, to January 30, 2025
Inspectors:
A. Dahbur, Senior Reactor Inspector
K. Fay, Senior Reactor Inspector
M. Shock, Contractor
C. Simpson, Contractor
Approved By:
Jasmine A. Gilliam, Chief
Engineering Branch 2
Division of Operating Reactor Safety
SUMMARY
The U.S. Nuclear Regulatory Commission (NRC) continued monitoring the licensees performance by conducting a cyber security inspection at Dresden Nuclear Power Station,
Units 2 and 3, in accordance with the Reactor Oversight Process. The Reactor Oversight Process is the NRCs program for overseeing the safe operation of commercial nuclear power reactors. Refer to https://www.nrc.gov/reactors/operating/oversight.html for more information.
List of Findings and Violations
No findings or violations of more than minor significance were identified.
Additional Tracking Items
None.
INSPECTION SCOPES
Inspections were conducted using the appropriate portions of the inspection procedures (IPs) in effect at the beginning of the inspection unless otherwise noted. Currently approved IPs with their attached revision histories are located on the public website at http://www.nrc.gov/reading-rm/doc-collections/insp-manual/inspection-procedure/index.html. Samples were declared complete when the IP requirements most appropriate to the inspection activity were met consistent with Inspection Manual Chapter (IMC) 2201, Security Inspection Program for Commercial Nuclear Power Reactors. The inspectors reviewed selected procedures and records, observed activities, and interviewed personnel to assess licensee performance and compliance with Commission rules and regulations, license conditions, site procedures, and standards.
SAFEGUARDS
71130.10 - Cybersecurity
The inspectors reviewed implementation of Dresden Nuclear Power Stations Cyber Security Plan (CSP) and focused on evaluating changes to the program, critical systems, and CDAs.
Cybersecurity (1 Sample)
- (1) The following IP sections were completed and constitute completion of one sample:
1. 03.01, Review Ongoing Monitoring and Assessment Activities
2. 03.02, Verify Defense-in-Depth Protective Strategies
3. 03.03, Review of Configuration Management Change Control
4. 03.04, Review of Cyber Security Program
5. 03.05, Evaluation of Corrective Actions
In addition to the systems and programs that have been added or modified since the last cyber security inspection, the following systems were selected for inspection.
Unit 2 and 3
1. System 00780 Station Security, CAS/SAS Server, NSMART 5, CAS/SAS
Workstation,
2. System 6601 SBO Diesel Generator, Important to Safety
3. System 1500- CCSW/LPSI, Safety
4. System 9900 Plant Process Computer, Safety
Modifications
1. 624146 ISFSI Security Perimeter Expansion
2. 636178 Cyber Defense Infrastructure (CDI) Refresh 2023
3. 638681 NSMART 5 2023 Upgrade
4. 395525 HPCI Signal Converter and Flow Indicating Controller
5. 638687 Upgrade U3 FWRV Control Systems to Eliminate SPV
INSPECTION RESULTS
No findings were identified.
EXIT MEETINGS AND DEBRIEFS
The inspectors verified no proprietary information was retained or documented in this report.
- On January 30, 2025, the inspectors presented the cyber security inspection results to Adam Payleitner, Engineering Director, and other members of the licensee staff.
DOCUMENTS REVIEWED
Inspection
Procedure
Type
Designation
Description or Title
Revision or
Date
IC Pumphouse TIC not Procured SQAD-7 Requirements
2/20/2023
ISO Condenser TIS CDA Classification Discrepancy
03/14/2023
PowerTrakR Discrepancy Identified
03/15/2023
Firewall Tuning Not Documented
03/16/2023
Storage of CDAs in Warehouse Per SM-AA-102
Concerns
03/16/2023
Tamper Tape on Digital Assets in Warehouse
03/16/2023
No Agent Alert
03/16/2023
Supply Chain Violation
04/26/2023
IT Cyber Kiosk Flagged Software
2/02/2024
Uncontrolled Key for CDA 2-2386A
04/18/2024
Installed CDA as Not Labeled
04/24/2024
Reinstate CDA Physical Drop Box
04/24/2024
Corporate Didnt Recognize 9 Cyber Alerts/Advisories
04/24/2024
Unauthorized Cameras Discovered at Several Nuclear
Stations
09/20/2024
Zip File Flagged on Kiosk Scan
10/15/2024
Unauthorized USBs Identified Blocked During PSCS PM
2/11/2024
Corrective Action
Documents
Vulnerability Screening
2/02/2024
PowerTrackR User Access Removal
01/28/2025
Vendor Default Password Not Changed
01/30/2025
No ATI Tracking the Issuance of Cyber Assessments
01/30/2025
NRC ID Firewall Controls
01/30/2025
Corrective Action
Documents
Resulting from
Inspection
NRC ID CDA Warehouse Storage
01/30/2025
X-Ray Layout
Plant Process Computer Main Computer RO
K
Auxiliary Computer Room Unit 2 Configuration
C
U2 Main Computer Room PPC
I
Plant Process Computer Main Computer RO
I
Wiring Diagram Defensive Architecture Level 3 Cabinet
B
Drawings
Wiring Diagram Defensive Architecture Level 2
B
Inspection
Procedure
Type
Designation
Description or Title
Revision or
Date
Plant Process Computer Control Room
B
Plant Process Computer TSC Room Configuration
C
Auxiliary Computer Room Unit 3 Configuration
B
Main Computer Room Unit 3 Configuration
K
Unit 3 Control Room Configuration Detail
C
RE-160F-D
Wiring Diagram Security Thermal Cameras
D
RE-272A-D
PSCC CAS Video Processor Console Section A14
A
RE-272B-D
PSCC CAS Video Processor Console Section A14
RE-272C-D
PSCC CAS Video Processor Console Section A14 & A15
RE-272D-D
PSCC SAS Display Console
C
RE-513A-D
West Sally Port and Security AVB
C
RE-514-D
NSMART System Connection Diagram NSMART Refresh
C
Upgrade Unit 3 FWRN Control System to Eliminate SPV
HPCI Signal Converter
ISFSI Security Perimeter Expansion
Cyber Defense Infrastructure Refresh 2023
2/19/2022
NSMART 5 2023 UPGRADE
2/18/2023
Engineering
Changes
Upgrade U3 FWRV Control Systems to Eliminate SPV
ATTACHMENT 1 -
CAS1 CAS2 SAS1
SAS2_TNI2
CAS Workstation WinAudit
05/03/2024
ca-alarmlookup
SIEM Alarms NSMART
CDA List Dresden
24
CDA List
DRE-2/3-0923-74-
CPU1
Baseline Data Sheet
Dresden_SW
Software in Dresden Cyber Security Program
ENGAGE.Web.UI.File
Firewall Configuration
P.O. 01361362
Circuit Board Assembly
P.O. 5448514
Controller, Programmable, Indicating, Yokogawa
2/16/2016
Savedsearches
SIEM Alerts
Miscellaneous
WinAudit Computer
Audit
WinAudit
01/24/2025
Inspection
Procedure
Type
Designation
Description or Title
Revision or
Date
Design Input and Configuration Change Impact Screening
Configuration Change Control for Permanent Physical
Plant Changes
Process for Managing Plant Modifications Involving
Digital Instrumentation and Control Equipment and
Systems
Digital Instrumentation and Controls DI and
C Procurement Template
Cyber Security Plan for Exelon Nuclear Legacy
Cyber Security Plan Technical and Operational Controls
Cyber Security Asset Identification and Assessment
Per Requirements of 10 CFR 73.54
Cyber Security Program Effectiveness Assessment
Guidance Per Requirements of 10 CFR 73.54
Critical Digital Asset (CDA) Access and Audit Controls
Determination
Cyber Security Incident Response Process per
Requirements of 10 CFR 73.54
Cyber Security Software Repository Download Process
Creating and Maintaining Disaster Recovery Plans for
Critical Digital Assets
IP-ENG-001
Standard Design Process
Information Technology System Administration
IT-AA-1004-F-03
Change Management and Implementation for Level 2
Information Technology Work Control for Nuclear
Systems
Vulnerability Scanning and Assessment of Critical Digital
Assets Per Requirements of 10 CFR 73.54
Configuration Control of IT Managed Assets
File Integrity Checking
Kiosk Management
Procedures
Critical Digital Asset Threat Management Per
Requirements of 10 CFR 73.54
Inspection
Procedure
Type
Designation
Description or Title
Revision or
Date
Cyber Security Defensive Architecture Monitoring Review
Maintenance Planning
Post Maintenance Testing
Control of Critical Digital Asset Portable Media and
Portable Devices
CDA Work Activity Process
MA-AA-716-237-F-02
CDA Cyber Security Evaluation Checklist
CDA Key Control Program
Warehouse Operations
Procurement Engineering Support Activities
Supply Management Use of Nuclear Approved
Suppliers List
Supply Cyber Security
SY-AA-101-104-F-04
Screening Evaluation for Revisions to the
Cyber Security Plan
SY-AA-101-104-F-07
Screening Evaluation for Revisions to a Cyber Security
Implementing Document
Control of Security Access Control Devices
Access Authorization Program
Access Authorization In-Processing-Out-Processing of
Personnel
Site Authorization for Unescorted Access
Physical Protection of Critical Digital Assets and
Communication Paths Outside the Protected Area
2-0940-DA-FW, Rev
000, 20230111, 2-
0940-DA-FW - Cyber
Security Report 2-
0940-DA-FW, 3-
0940-DA-FW
DAE Firewall Security Control Assessment
2/22/2021
Self-
Assessments
23-9901-CAS-
SPLUNK, Rev 000,
230330, 23-9901-
CAS-SPLUNK -
CAS Splunk Security Controls Assessment
06/28/2021
Inspection
Procedure
Type
Designation
Description or Title
Revision or
Date
Report 23-9901-CAS-
SPLUNK
DRE CYBER
TEST_FACTORY
ACCEPTANCE
TESTING N
NSMART 5 2023
COMPUTER
SYSTEM UPGRADE
NSMART Computer system upgrade Factory Acceptance
Test Cyber Monitoring and Alerting Test
DRE_23-0940-DA-
AUXSIEM00, Sht
CNTL, 20231214,
Report DRE_23-
0940-DA-SIEM00
DAE SIEM Security Control Assessment
2/12/2022
DRE_23-9901-2-A8-
ESX13_VM-AD1,
240720, CYBER
SECURITY REPORT
DRE_23-9901-2-A8-
ESXI3_VM-AD1,
DRE_23-9901-5-A8-
ESXI4_VM-AD2
ESXi Security Control Assessment
07/20/2024
DRE_23-9901-BF-
NSMART-SW1,
240720, CYBER
SECURITY REPORT
DRE_23-9901-BF-
NSMART-SW1
Security Controls Assessment for NSMART Switch
07/20/2024
IT-AA-265-F-01 CDA
Vulnerability
Assessment
CVE Microsoft with Network
01/17/2025
IT-AA-265-F-01 CDA
VMware and ESXi and Splunk CVE
01/22/2025
Inspection
Procedure
Type
Designation
Description or Title
Revision or
Date
Vulnerability
Assessment
PO 00548514
Purchase Order
PO 01361362
Purchase Order
PO 01378286
Purchase Order
PO 01400663
Purchase Order
PO 01430824
Purchase Order
Shipping Records
RI 220444
Receipt Inspection of Yokogawa Controller
05343594, Sht 01,
230703,
00349881-03, COM,
D00 92D DAE
CHECKS, W
D00Z0940-DA------
01S
MI D00 92D DAE CHECKS
03/10/2023
05343597, Sht 01,
230410,
00349881-02, COM,
D00 31D DAE
CHECKS, W
D00Z0940-DA------
01S
MI D00 31D DAE CHECKS
03/10/2023
05354921 Sht 01
230427 00189996-
COM D23 1M
COM SECURITY
CDA ROGUE
WIRELESS SCAN W
Wireless Scans
04/27/2023
5571144-01
D 2/3 CDA ROGUE Wireless
08/23/2024
Work Orders
D2/3 QTR COM Audit Portable CDA
Media & DTE Storage Location
09/03/2024