IR 05000275/2014406

From kanterella
Jump to navigation Jump to search
NRC Temporary Instruction 2201/004, Inspection of Implementation of Interim Cyber Security Milestones 1-7, Inspection Report 05000275/2014406 and 05000323/2014406
ML14232A821
Person / Time
Site: Diablo Canyon  Pacific Gas & Electric icon.png
Issue date: 08/20/2014
From: John Dixon
Division of Reactor Safety IV
To: Halpin E
Pacific Gas & Electric Co
References
IR-2014-406
Download: ML14232A821 (5)


Text

ust 20, 2014

SUBJECT:

DIABLO CANYON POWER PLANT, UNITS 1 AND 2 - NRC TEMPORARY INSTRUCTION 2201/004, "INSPECTION OF IMPLEMENTATION OF INTERIM CYBER SECURITY MILESTONES 1-7," INSPECTION REPORT 05000275/2014406 AND 05000323/2014406

Dear Mr. Halpin:

On July 28, 2014, the U.S. Nuclear Regulatory Commission (NRC) completed a security temporary instruction inspection at the Diablo Canyon Power Plant, Units 1 and 2. The inspection covered the implementation of interim milestones, as outlined in your approved cyber security plan and described in Temporary Instruction 2201/004, "Inspection of Implementation of Interim Cyber Security Milestones 1-7." The enclosed inspection report documents the inspection results, which were discussed on July 28, 2014, with Mr. B. Allen, Site Vice President, and other members of your staff.

The inspection examined activities conducted under your license as they relate to safety and compliance with the Commission's rules and regulations and with the conditions of your license.

The inspectors reviewed selected procedures and records, observed activities, and interviewed personnel.

NRC inspectors documented three findings of very low safety significance in this report. These findings involved violations of NRC requirements. Inspectors also documented three licensee-identified violations which were determined to be of very low safety significance.

These violations are listed in Section 4OA7 of this report. The NRC is treating these violations as non-cited violations (NCVs) consistent with Section 2.3.2.a of the Enforcement Policy.

" " These issues were discussed and reviewed during a Security Issues Forum (SIF) conducted on July 9, 2014. The results of the SIF Panel review concluded that although these issues constituted violations of Title 10 of the Code of Federal Regulations (10 CFR), Part 73, Section 54, "Protection of Digital Computer and Communication Systems and Networks," the NRC is exercising enforcement discretion. The NRC is exercising enforcement discretion for these violations because they meet the criteria established in an NRC Memorandum from Barry C. Westreich, Director, Cyber Security Directorate, Office of Nuclear Security and Incident Response, to each regional office and Director, Division of Reactor Safety, Subject: Enhanced Guidance for Licensee Near-Term Corrective Actions to Address Cyber Security Inspection Findings and Licensee Eligibility for "Good-Faith" Attempt Discretion, dated July 1, 2013.

Consistent with the NRC Memorandum, when you complete and close corrective actions associated with these violations, you are requested to provide written notification to the NRC's regional office as to the method and date of closure of the corrective actions for the identified violations.

If you contest the violations or significance of these NCVs, you should provide a response within 30 days of the date of this inspection report, with the basis for your denial, to the U.S. Nuclear Regulatory Commission, ATTN: Document Control Desk, Washington DC 20555-0001; with copies to the Regional Administrator, Region IV; the Director, Office of Enforcement, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001; and the NRC resident inspector at the Diablo Canyon Power Plant.

In accordance with Title 10 of the Code of Federal Regulations (10 CFR) 2.390, "Public Inspections, Exemptions, Requests for Withholding," of the NRC's "Rules of Practice," a copy of this letter will be available electronically for public inspection in the NRC's Public Document Room or from the Publicly Available Records (PARS) component of ADAMS. ADAMS is accessible from the NRC Web site at http://www.nrc.gov/reading-rm/adams.html (the Public Electronic Reading Room). The material enclosed herewith, however, contains Security-Related Information in accordance with 10 CFR 2.390(d)(1) and its disclosure to unauthorized individuals could present a security vulnerability. Therefore, the material in the enclosure will not be made available electronically for public inspection in the NRC Public Document Room or from the PARS component of NRC's ADAMS. If you choose to provide a response and Security-Related Information is necessary to provide an acceptable response, please mark your entire response "Security-Related Information-Withhold from Public Disclosure under 10 CFR 2.390" in accordance with 10 CFR 2.390(d)(1) and follow the instructions for withholding in 10 CFR 2.390(b)(1). In accordance with 10 CFR 2.390(b)(1)(ii), the NRC is waiving the affidavit requirements for your response.

Sincerely,

/RA/

John L. Dixon, Jr., Acting Chief Engineering Branch 2 Division of Reactor Safety Docket Nos.: 50-275; 50-323 License Nos.: DPR-80; DPR-82 Nonpublic Enclosure:

NRC Inspection Report 05000275/2014406 and 05000323/2014406 w/Attachment: Supplemental Information cc w/enclosure:

Mr. Michael V. Priebe Nuclear Security Director Pacific Gas and Electric Company Diablo Canyon Power Plant Mail Code 104/5/508 P.O. Box 56 Avila Beach, CA 93424 Electronic Distribution for Diablo Canyon Power Plant ML14232A821 REPORT w/Encl.

SUNSI Review ADAMS Publicly Available Non-Sensitive Keyword:

By: STG Yes No Non-Publicly Sensitive MD 3.4 Non-Public Available Cover Letter w/o Encl.

SUNSI Review ADAMS Publicly Available Non-Sensitive Keyword:

By: STG Yes No Non-Publicly Available Sensitive RGN-002 OFFICE SRI/EB2 NSE:ORA/RCB CSS:NSIR/CSD SRA:NSIR/ C:DRP/PBA C:DRS/EB2 DSO/STSB NAME SGraves/dch DLivermore MFernandez LJones WWalker JDixon SIGNATURE /RA/ Email Email /RA/ /RA/ /RA/

DATE 7/28/14 8/4/14 7/28/14 8/19/14 8/19/14 8/20/14 Letter and Inspection Report to Edward from John L. Dixon, Jr., dated August 20, 2014 SUBJECT: DIABLO CANYON POWER PLANT, UNITS 1 AND 2 - NRC TEMPORARY INSTRUCTION 2201/004, "INSPECTION OF IMPLEMENTATION OF INTERIM CYBER SECURITY MILESTONES 1-7," INSPECTION REPORT 05000275/2014406 AND 05000323/2014406 Electronic Distribution by RIV w/enclosure:

Director, Cyber Security Directorate (Barry.Westreich@nrc.gov)

Deputy Director, Cyber Security Directorate (Russell.Felts@nrc.gov)

Security Specialist/NSIR (Eric.Wharton@nrc.gov)

Security Specialist/NSIR (Niry.Simonian@nrc.gov)

Branch Chief, RI DRS/EB3 (John Rogge@nrc.gov)

Branch Chief, RII DRS/EB2 (Scott.Shaeffer@nrc.gov)

Branch Chief, RIII DRS/EB3 (Robert.Daley@nrc.gov)

Senior Resident Inspector (Thomas.Hipschman@nrc.gov)

Cyber Security Specialist (Mario.Fernandez@nrc.gov)

Security Risk Analyst (Larry.Jones@nrc.gov)

Nuclear Systems Engineer (Dan.Livermore@nrc.gov)

Electronic Distribution by RIV w/o enclosure:

Regional Administrator (Marc.Dapas@nrc.gov)

Deputy Regional Administrator (Kriss.Kennedy@nrc.gov)

Acting DRP Director (Troy.Pruett@nrc.gov)

Acting DRP Deputy Director (Michael.Hay@nrc.gov)

DRS Director (Anton.Vegel@nrc.gov)

DRS Deputy Director (Jeff.Clark@nrc.gov)

Resident Inspector (John.Reynoso@nrc.gov)

Administrative Assistant (Madeleine.Arel-Davis@nrc.gov)

Branch Chief, DRP/A (Wayne.Walker@nrc.gov)

Senior Project Engineer, DRP/A (Ryan.Alexander@nrc.gov)

Acting Senior Project Engineer, DRP/A (Theresa.Buchanan@nrc.gov)

Project Engineer, DRP/A (Brian.Cummings@nrc.gov)

Public Affairs Officer (Victor.Dricks@nrc.gov)

Public Affairs Officer (Lara.Uselding@nrc.gov)

Project Manager (Peter.Bamford@nrc.gov)

Branch Chief, DRS/TSB (Geoffrey.Miller@nrc.gov)

RITS Coordinator (Marisa.Herrera@nrc.gov)

ACES (R4Enforcement.Resource@nrc.gov)

Regional Counsel (Karla.Fuller@nrc.gov)

Technical Support Assistant (Loretta.Williams@nrc.gov)

Congressional Affairs Officer (Jenny.Weil@nrc.gov)

RIV/ETA: OEDO (Anthony.Bowers@nrc.gov)

ROPreports