IR 05000280/2014405

From kanterella
Jump to navigation Jump to search
IR 05000280-14-405, 05000281-14-405, on 03/28/2014, Surry Power Station Units 1 And 2 NRC Temporary Instruction 2201/004, "Inspection Of Implementation Of Interim Cyber Security Milestones 1-7" Inspection Report
ML14132A355
Person / Time
Site: Surry  Dominion icon.png
Issue date: 05/12/2014
From: Shaeffer S M
NRC/RGN-II/DRS/EB2
To: Heacock D A
Virginia Electric & Power Co (VEPCO)
Linda K. Gruhler 404-997-4633
References
IR-14-405
Preceding documents:
Download: ML14132A355 (5)


Text

May 12, 2014

Mr. DavidPresident and Chief Nuclear Officer Virginia Electric & Power Company Innsbrook Technical Center 5000 Dominion Boulevard Glenn Allen, VA 23060-6711

SUBJECT: SURRY POWER STATION UNITS 1 AND 2 - NRC TEMPORARY INSTRUCTION 2201/004, "INSPECTION OF IMPLEMENTATION OF INTERIM CYBER SECURITY MILESTONES 1-7" INSPECTION REPORT NO. 05000280/2014405 AND 05000281/2014405

Dear Mr. Heacock:

On March 28, 2014, the U.S. Nuclear Regulatory Commission (NRC) completed the onsite activities associated with the inspection at Surry Power Station, Units 1 and 2. The enclosed report documents the results of this inspection, which was discussed on March 28, 2014, with you and other members of your staff. Following completion of additional post-inspection analysis of the inspection findings by the NRC in the Region II office, a final exit meeting was held by telephone with members of your staff on April 14, 2014, to provide an update on changes to the preliminary inspection findings.

The inspection examined activities conducted under your license as they relate to safety and compliance with the Commission's Rules and Regulations, and with the conditions of your license related to the implementation of interim Cyber Security Milestones. The inspection was conducted in accordance with NRC Temporary Instruction (TI) 2201/004, "Inspection of Implementation of Interim Cyber Security Milestones 1-7," issued January 3, 2013.

Two findings of very low safety significance (Green) that were determined to involve violations of NRC requirements were identified during this inspection. Further, five licensee-identified violations, of very low safety significance (Green) are listed in this report. However, in accordance with the Security Issue Forum (SIF) Charter, the NRC can exercise enforcement discretion during inspection of the interim cyber security measures for licensees who demonstrate a "Good-Faith" interpretation and attempt to implement Milestones 1-7. This discretion applies to licensees who have tried to implement the new requirements, but failed to be in full compliance.Before discretion is considered or granted for any issue, licensees must accept the finding, place the finding into their Corrective Actions Program (CAP), and take appropriate corrective action to restore compliance in a timely manner.

The issues above were discussed at the SIF meeting on April 23, 2014. Based on the meeting, the NRC is not pursuing enforcement action due to your "good-faith" attempt to interpret and implement Interim Cyber Security Milestones 1 - 7 commitments, and because of your prompt corrective actions to enter these issues into your CAP. Upon completion of all corrective actions, you are requested to provide written notification to the NRC's Regional office as to the method and date of closure for the identified issue(s). If you contest the violations or significance of the findings discussed in the report, you should provide a response within 30 days of the date of this inspection report, with the basis for your denial, to the Nuclear Regulatory Commission, ATTN: Document Control Desk, Washington DC 20555-0001; with copies to the Regional Administrator, Region II; the Director, Office of Enforcement, United States Nuclear Regulatory Commission, Washington, DC 20555-0001; and the NRC Resident Inspector at the Surry Power Station. In accordance with Title 10 of the Code of Federal Regulation (10 CFR) 2.390 of the NRC's "Rules of Practice," a copy of this letter will be available electronically for public inspection in the NRC Public Document Room, or from the Publicly Available Records (PARS) component of the NRC's Agencywide Documents Access and Management System (ADAMS), accessible from the NRC Web site at http://www.nrc.gov/reading-rm/adams.html (the Public Electronic Reading Room).

However, the material enclosed herewith contains Security-Related Information in accordance with 10 CFR 2.390(d)(1), and its disclosure to unauthorized individuals could present a security vulnerability. Therefore, the material in the Enclosure will not be made available electronically for public inspection in the NRC Public Document Room, or from the PARS component of NRC's ADAMS. If you choose to provide a response and Security-Related information is necessary to provide an acceptable response, please mark your entire response "Security-Related Information-Withhold from Public Disclosure under 10 CFR 2.390," in accordance with 10 CFR 2.390(d)(1), and follow the instructions for withholding in 10 CFR 2.390(b)(1). In accordance with 10 CFR 2.390(b)(1)(ii), the NRC is waiving the affidavit requirements for your response.

Sincerely,/RA/ Scott M. Shaeffer, Chief Engineering Branch 2 Division of Reactor Safety Docket Nos. 50-280 and 50-281 License Nos. DPR-32 and DPR-37

Enclosure:

IR No. 05000280/2014405 and 05000281/2014405

w/Attachment:

Supplementary Information (OUO) cc: (See page 3)