IR 05000313/2024404
| ML24242A217 | |
| Person / Time | |
|---|---|
| Site: | Arkansas Nuclear  |
| Issue date: | 08/29/2024 |
| From: | Nick Taylor NRC/RGN-IV/DORS/EB2 |
| To: | Pehrson D Entergy Operations |
| References | |
| IR 2024404 | |
| Download: ML24242A217 (9) | |
Text
August 29, 2024
SUBJECT:
ARKANSAS NUCLEAR ONE - CYBERSECURITY INSPECTION REPORT 05000313/2024404 AND 05000368/2024404
Dear Doug Pehrson:
On August 22, 2024, the U.S. Nuclear Regulatory Commission (NRC) completed an inspection at Arkansas Nuclear One. On August 22, 2024, the NRC inspectors discussed the results of this inspection with Brian Patrick, Director, Regulatory & Performance Improvement and other members of your staff. The results of this inspection are documented in the enclosed report.
No findings or violations of more than minor significance were identified during this inspection.
This letter, its enclosure, and your response (if any) will be made available for public inspection and copying at http://www.nrc.gov/reading-rm/adams.html and at the NRC Public Document Room in accordance with Title 10 of the Code of Federal Regulations 2.390, Public Inspections, Exemptions, Requests for Withholding.
Sincerely, Nicholas H. Taylor, Chief Engineering Branch 2 Division of Operating Reactor Safety Docket Nos. 05000313, 05000368 License Nos. DPR-51, NPF-6
Enclosure:
As stated
Inspection Report
Docket Numbers:
05000313 and 05000368
License Numbers:
Report Numbers:
05000313/2024404 and 05000368/2024404
Enterprise Identifier:
I-2024-404-0010
Licensee:
Entergy Operations, Inc.
Facility:
Arkansas Nuclear One
Location:
Russellville, AR
Inspection Dates:
August 19, 2024, to August 22, 2024
Inspectors:
J. Drake, Senior Reactor Inspector
S. Graves, Senior Reactor Inspector
Approved By:
Nicholas H. Taylor, Chief
Engineering Branch 2
Division of Operating Reactor Safety
SUMMARY
The U.S. Nuclear Regulatory Commission (NRC) continued monitoring the licensees performance by conducting a cybersecurity inspection at Arkansas Nuclear One, in accordance with the Reactor Oversight Process. The Reactor Oversight Process is the NRCs program for overseeing the safe operation of commercial nuclear power reactors. Refer to https://www.nrc.gov/reactors/operating/oversight.html for more information.
List of Findings and Violations
No findings or violations of more than minor significance were identified.
Additional Tracking Items
None.
INSPECTION SCOPES
Inspections were conducted using the appropriate portions of the inspection procedures (IPs) in effect at the beginning of the inspection unless otherwise noted. Currently approved IPs with their attached revision histories are located on the public website at http://www.nrc.gov/reading-rm/doc-collections/insp-manual/inspection-procedure/index.html. Samples were declared complete when the IP requirements most appropriate to the inspection activity were met consistent with Inspection Manual Chapter (IMC) 2201, Security Inspection Program for Commercial Nuclear Power Reactors. The inspectors reviewed selected procedures and records, observed activities, and interviewed personnel to assess licensee performance and compliance with Commission rules and regulations, license conditions, site procedures, and standards.
SAFEGUARDS
71130.10 - Cybersecurity
Cybersecurity (1 Sample)
- (1) The team reviewed implementation of Arkansas Nuclear Ones Cybersecurity Plan (CSP) and focused on evaluating changes to the program, critical systems, and critical digital assets (CDAs).
The following IP sections were completed and constitute completion of 1 sample:
- 03.01, Review Ongoing Monitoring and Assessment Activities
- 03.02, Verify Defense-in-Depth Protective Strategies (Partial)
- 03.03, Review of Configuration Management Change Control (Partial)
- 03.04, Review of Cyber Security Program (Partial)
- 03.05, Evaluation of Corrective Actions The inspection reviewed the following cybersecurity program change:
- EC-54065725 Sallyport Security and Cybersecurity Upgrades The team reviewed boundary device configurations, procedures and processes, staff training, and incident response implementation procedures.
- C619-DD 4 (Canary CT20SD)
- C629-NIDS-0000626856 (M920 IPS-NS3200 /M920)
- SIEM (Level 2) SPLUNK The team also reviewed the following CDAs and their coverage by the cybersecurity plan.
- C618-ADA (PA Active Directory Server)
- 2C324-IDS1 (Level 3 NIDS McAfee IPS-NS3200 Dell R610)
INSPECTION RESULTS
No findings were identified.
EXIT MEETINGS AND DEBRIEFS
The inspectors verified no proprietary information was retained or documented in this report.
- On August 22, 2024, the inspectors presented the cyber security inspection results to Brian Patrick, Director, Regulatory & Performance Improvement and other members of the licensee staff.
DOCUMENTS REVIEWED
Inspection
Procedure
Type
Designation
Description or Title
Revision or
Date
CR-ANO-
C-2022-02184, C-2023-00106, C-2023-00386, C-2023-
00390, C-2023-00425, C-2023-00427, C-2023-00429, C-
23-00432, C-2023-00433, C-2023-00434, C-2023-00435,
C-2023-00436, C-2023-00437, C-2024-00580, C-2024-
00581, C-2023-00109, C-2024-01401, C-2024-01402, C-
24-01403, C-2024-01404, C-2024-01407, C-2024-01415,
Corrective Action
Documents
CR-HQN-
22-01377, 2023-00042, 2023-00146, 2023-00161, 2023-
00486, 2023-03651, 2024-00285, 2024-00893
CR-ANO-
C-2024-01428, C-2024-01429, C-2024-01442, C-2024-
01444
Corrective Action
Documents
Resulting from
Inspection
CR-HQN-
24-00907, 2020-00908, 2024-00914, 2024-00915
EN-IT-103-08 Attachment 2 for L3 Kiosk (Unannounced drill)
1/11/2023
ANO-CDA-1902-
00009
NEI 13-10 Indirect CDA Assessment - Level 3 Remediation
Rack CDAs
ANO-CDA-1905-
00017
C619-DD PA Security Data Diode (SEC ANO1)
ANO-CDA-2007-
00006
SIEM white paper and assessment combined document.
CDA-1701-00204
Technical Controls 08-09 Assessment
CDA-2211-00003
Plant Monitoring Computer System NEI 13-10 EP and
Indirect Combined Assessment
CDA-2311-00001
Sally Port Security Equipment NEI 08-09 Direct Assessment
Checklist
OIT-Employee Off Boarding - Account Management
08/28/2023
Software Quality Assurance (SQA} Training
Software Quality Assurance (SQA} Training
FCBT-CSG-
CSCNAN
Generic Cyber Security Awareness
FCBT-ESPP-
CYBRINV
Maintain Cyber Security Technical Controls
Miscellaneous
FCBT-ESPP-
WLKDWN
Cyber Security Walkdowns
Inspection
Procedure
Type
Designation
Description or Title
Revision or
Date
Control of Portable Digital Media
Security Assessment Team (CSAT) Activities
Nuclear Cyber Incident Response Team
Protection Of Unclassified Safeguards & Safeguards
Information-Modified Handling
Job Familiarization Guide for Perform CDA Assessor
Activities
FFAM-IT-
LAPHARDN
Portable Digital Media Lap11op Hardening and Scanning
FFAM-IT-
MEDIASCAN
Portable Digital Media Kiosk Maintenance and Media
Scanning
Critical Digital Asset Assessor
LO-ALO-2023-
00040
Cyber Security Program Effectiveness Review
SIEM White
Paper
White paper describing Entergys site Cyber Security
Monitoring System (CSMS)
Whitepaper
Vulnerability Management Recovery Plan - 2024 ANO
Inspection
Whitepaper XR-
Actions taken on Northpoint Receiving Warehouse X-Ray
Machine
WT-WTANO-
23-00152
Level Specific Firmware Protected Devices
05/20/2023
0CAN021802
ANO Cyber Security Plan Arkansas Nuclear One - Units 1
and 2 Docket Nos. 50-313 and 50-368
CSWI-1250
Change CDA Passwords Work Instructions
2/20/2018
CSWI-1255
Review of Audit Log Records (Logical) Work Instructions
CSWI-1270
Account Management Work Instructions
CSWI-1280
Monthly Operational Review and Verification of the SIEM
Infrastructure Work Instructions
10/8/2020
EN-EP-202-01
ANO EITER (Equipment Important To Emergency
Response) Matrix
EN-IT-103-01
Control of Portable Digital Media Connected to Critical Digital
Assets
Procedures
EN-IT-103-02
Cyber Security Periodic Activities
Inspection
Procedure
Type
Designation
Description or Title
Revision or
Date
EN-IT-103-06
Audit & Accountability
EN-IT-103-12
Cyber Security Configuration and Change Management
EN-IT-103-14
Vulnerability Management
Software Quality Assurance Program
Nuclear Cyber Security Training & Qualifications
Work Orders
54137012, 54126919, 54115753, 54067379