IR 05000317/2023401
| ML23261A605 | |
| Person / Time | |
|---|---|
| Site: | Calvert Cliffs  |
| Issue date: | 09/18/2023 |
| From: | Glenn Dentel Division of Operating Reactors |
| To: | Rhoades D Constellation Energy Generation, Constellation Nuclear |
| References | |
| IR 2023401 | |
| Download: ML23261A605 (1) | |
Text
September 18, 2023
SUBJECT:
CALVERT CLIFFS NUCLEAR POWER PLANT, UNITS 1 AND 2 - CYBER SECURITY INSPECTION REPORT 05000317/2023401 AND 05000318/2023401
Dear David Rhoades:
On September 15, 2023, the U.S. Nuclear Regulatory Commission (NRC) completed an inspection at Calvert Cliffs Nuclear Power Plant, Units 1 and 2 and discussed the results of this inspection with Elmer Hernandez, Director of Site Engineering, and other members of your staff.
The results of this inspection are documented in the enclosed report.
No findings or violations of more than minor significance were identified during this inspection.
This letter, its enclosure, and your response (if any) will be made available for public inspection and copying at http://www.nrc.gov/reading-rm/adams.html and at the NRC Public Document Room in accordance with Title 10 of the Code of Federal Regulations (CFR) 2.390, Public Inspections, Exemptions, Requests for Withholding.
Sincerely, Glenn T. Dentel, Chief Engineering Branch 2 Division of Operating Reactor Safety
Docket Nos. 05000317 and 05000318 License Nos. DPR-53 and DPR-69
Enclosure:
As stated
Inspection Report
Docket Numbers:
05000317 and 05000318
License Numbers:
Report Numbers:
05000317/2023401 and 05000318/2023401
Enterprise Identifier: I-2023-401-0039
Licensee:
Constellation Energy Generation, LLC
Facility:
Calvert Cliffs Nuclear Power Plant, Units 1 and 2
Location:
Lusby, MD
Inspection Dates:
August 21, 2023 to September 15, 2023
Inspectors:
J. Rady, Senior Reactor Inspector
M. Patel, Senior Reactor Inspector
E. Chen, Reactor Inspector
L. Manning, Information Systems Security Analyst
B. Barro, Cyber Security Contractor
Approved By:
Glenn T. Dentel, Chief
Engineering Branch 2
Division of Operating Reactor Safety
SUMMARY
The U.S. Nuclear Regulatory Commission (NRC) continued monitoring the licensees performance by conducting a cyber security inspection at Calvert Cliffs Nuclear Power Plant,
Units 1 and 2, in accordance with the Reactor Oversight Process. The Reactor Oversight Process is the NRCs program for overseeing the safe operation of commercial nuclear power reactors. Refer to https://www.nrc.gov/reactors/operating/oversight.html for more information.
List of Findings and Violations
No findings or violations of more than minor significance were identified.
Additional Tracking Items
None.
INSPECTION SCOPES
Inspections were conducted using the appropriate portions of the inspection procedures (IPs) in effect at the beginning of the inspection unless otherwise noted. Currently approved IPs with their attached revision histories are located on the public website at http://www.nrc.gov/reading-rm/doc-collections/insp-manual/inspection-procedure/index.html. Samples were declared complete when the IP requirements most appropriate to the inspection activity were met consistent with Inspection Manual Chapter (IMC) 2201, Security Inspection Program for Commercial Nuclear Power Reactors. The inspectors reviewed selected procedures and records, observed activities, and interviewed personnel to assess licensee performance and compliance with Commission rules and regulations, license conditions, site procedures, and standards.
SAFEGUARDS
71130.10 - Cybersecurity
Inspections were conducted using the applicable portions of the IPs in effect at the beginning of the inspection unless otherwise noted. Samples were declared complete when the IP requirements most appropriate to the inspection activity were met consistent with Inspection Manual Chapter (IMC) 2201, Security Inspection Program for Commercial Nuclear Power Reactors. The inspectors reviewed selected procedures and records, observed activities, and interviewed personnel to assess licensee performance and compliance with Commission rules and regulations, license conditions, site procedures, and standards.
Cybersecurity (1 Sample)
- (1) The following IP sections were completed and constitute completion of 1 sample:
- 03.01, Review Ongoing Monitoring and Assessment Activities
- 03.02, Verify Defense-in-Depth Protective Strategies
- 03.03, Review of Configuration Management Change Control
- 03.04, Review of Cyber Security Program
- 03.05, Evaluation of Corrective Actions
In addition to the systems and programs that have been added or modified since the last cyber security inspection, the following systems were selected for inspection.
- System 12, Salt Water Cooling (Safety) - Unit 1
- System 41, Chemical Volume and Control System (Important-to-Safety) -
Unit 2
- System 45, Digital Feedwater (Important-to-Safety) - Common
- System 52, Safety Injection System (Safety) - Unit 1
- System 79, Process Radiation Monitoring (Safety) - Unit 2
- System 85, Plant Access and Surveillance (Security) - Common
INSPECTION RESULTS
No findings were identified.
EXIT MEETINGS AND DEBRIEFS
The inspectors verified no proprietary information was retained or documented in this report.
- On September 15, 2023, the inspectors presented the cyber security inspection results to Elmer Hernandez, Director of Site Engineering, and other members of the licensee staff.
DOCUMENTS REVIEWED
Inspection
Procedure
Type
Designation
Description or Title
Revision or
Date
Corrective Action
Documents
Resulting from
Inspection
Miscellaneous
1DNS0C218PA1
Port Aggregator Control Assessment
Dated
8/23/2023
CAL-1PDNFWA1
Unit 1 A-Channel Control System Firewall Baseline
Documents
Dated
8/21/2023
SCS-CSTDF-
203172.01
Security System Cyber Factory Acceptance Test
Revision 1
SCS-STR-203172 Security System Test Report
Revision 0
Procedures
Cyber Security Plan for Exelon Nuclear Constellation Energy
Nuclear Group
Revision 1
Cyber Security Plan Technical and Operational Controls
Revision 1
Nuclear Cyber Security Defensive Architecture Per
Requirements of 10 CFR 73.54
Revision 5
Critical Digital Asset Logical Access Controls
Revision 0
Cyber Security Incident Response Process
Revision 3
Vulnerability Scanning and Assessment of Critical Digital
Assets
Revision 6
Scanning for Rogue Wireless Access Points
Revision 6
Critical Digital Asset Threat Management
Revision 8
Inspection
Procedure
Type
Designation
Description or Title
Revision or
Date
Cyber Security Defensive Architecture Administrative
Guidelines
Revision 6
Cyber Security Defensive Architecture Intrusion Detection
Functional Testing
Revision 2
Control of Critical Digital Asset Portable Media and Portable
Devices
Revision 8