IR 05000321/2025403
| ML25162A032 | |
| Person / Time | |
|---|---|
| Site: | Hatch  |
| Issue date: | 06/18/2025 |
| From: | Daniel Bacon NRC/RGN-II/DORS |
| To: | Coleman J Southern Nuclear Operating Co |
| References | |
| IR 2025403 | |
| Download: ML25162A032 (1) | |
Text
SUBJECT:
EDWIN I. HATCH NUCLEAR PLANT, UNITS 1 & 2 - CYBER SECURITY INSPECTION REPORT 05000321/2025403 AND 05000366/2025403
Dear Jamie M. Coleman:
On May 15, 2025, the U.S. Nuclear Regulatory Commission (NRC) completed an inspection at Edwin I. Hatch Nuclear Plant and discussed the results of this inspection with Matt Blocker and other members of your staff. The results of this inspection are documented in the enclosed report.
No findings or violations of more than minor significance were identified during this inspection.
This letter, its enclosure, and your response (if any) will be made available for public inspection and copying at http://www.nrc.gov/reading-rm/adams.html and at the NRC Public Document Room in accordance with Title 10 of the Code of Federal Regulations 2.390, Public Inspections, Exemptions, Requests for Withholding.
Sincerely, Daniel M. Bacon, Chief Engineering Branch 2 Division of Operating Reactor Safety Docket Nos. 05000321 and 05000366 License Nos. DPR-57 and NPF-5
Enclosure:
As stated
Inspection Report
Docket Numbers:
05000321 and 05000366
License Numbers:
Report Numbers:
05000321/2025403 and 05000366/2025403
Enterprise Identifier:
I-2025-403-0016
Licensee:
Southern Nuclear Operating Co., Inc.
Facility:
Edwin I. Hatch Nuclear Plant, Units 1 & 2
Location:
Baxley, GA
Inspection Dates:
May 12, 2025 to May 15, 2025
Inspectors:
J. Bowden, Cyber Security Specialist
P. Braaten, Senior Reactor Inspector
J. Hartman, Cyber Security Specialist
W. Monk, Senior Reactor Inspector
Approved By:
Daniel M. Bacon, Chief
Engineering Branch 2
Division of Operating Reactor Safety
SUMMARY
The U.S. Nuclear Regulatory Commission (NRC) continued monitoring the licensees performance by conducting a cyber security inspection at Edwin I. Hatch Nuclear Plant, in accordance with the Reactor Oversight Process. The Reactor Oversight Process is the NRCs program for overseeing the safe operation of commercial nuclear power reactors. Refer to https://www.nrc.gov/reactors/operating/oversight.html for more information.
List of Findings and Violations
No findings or violations of more than minor significance were identified.
Additional Tracking Items
None.
INSPECTION SCOPES
Inspections were conducted using the appropriate portions of the inspection procedures (IPs) in effect at the beginning of the inspection unless otherwise noted. Currently approved IPs with their attached revision histories are located on the public website at http://www.nrc.gov/reading-rm/doc-collections/insp-manual/inspection-procedure/index.html. Samples were declared complete when the IP requirements most appropriate to the inspection activity were met consistent with Inspection Manual Chapter (IMC) 2201, Security Inspection Program for Commercial Nuclear Power Reactors. The inspectors reviewed selected procedures and records, observed activities, and interviewed personnel to assess licensee performance and compliance with Commission rules and regulations, license conditions, site procedures, and standards.
SAFEGUARDS
71130.10 - Cybersecurity
The inspectors reviewed implementation of Hatch's Cyber Security Plan (CSP) and focused on evaluating changes to the program, critical systems, and CDAs.
Cybersecurity (1 Sample)
- (1) The following IP sections were completed and constitute completion of 1 sample:
1. 03.01, Review Ongoing Monitoring and Assessment Activities
2. 03.02, Verify Defense-in-Depth Protective Strategies
3. 03.03, Review of Configuration Management Change Control
4. 03.05, Evaluation of Corrective Actions
INSPECTION RESULTS
No findings were identified.
EXIT MEETINGS AND DEBRIEFS
The inspectors verified no proprietary information was retained or documented in this report.
- On May 15, 2025, the inspectors presented the cyber security inspection results to Matt Blocker and other members of the licensee staff.
DOCUMENTS REVIEWED
Inspection
Procedure
Type
Designation
Description or Title
Revision or
Date
CR 1069030
06/10/2020
CR 1070738
07/21/2020
CR 10938201
01/09/2023
Corrective Action
Documents
CR 10949154
2/17/2023
CR 11177785
25 NRC Cyber Inspection - Documentation for auditable
events review
05/12/2025
CR 11177787
25 NRC Cyber Inspection - Baseline configuration list of
software
05/12/2025
CR 11177788
25 NRC Cyber Inspection - Discrepancies between
baseline configuration software and vulnerability
management software
05/12/2025
CR 11178178
25 NRC Cyber Inspection - Vulnerability Management
Procedure Enhancements
05/13/2021
CR 11178663
25 NRC Cyber Inspection - E5.5 Controls for Select CDAs
05/15/2025
CR 11178671
25 NRC Cyber Inspection - Evaluation of controls on
Indirect SIEM
05/15/2021
Corrective Action
Documents
Resulting from
Inspection
CR 11179641
25 NRC Cyber Inspection - Removal of Unnecessary
Services
05/19/2025
SNC1132207J003
CDA Functional Group Assessment CDA-HNP-2B31-001
2/18/2021
SNC1132207J004
CDA Functional Group Assessment CDA-HNP-1B31-001
2/18/2021
SNC1183620J003
Critical Digital Asset (CDA) Functional Group Assessment
Rev. 01
SNC1348498J100
Critical Digital Asset (CDA) Functional Group Assessment -
Rev 02
Engineering
Changes
SNC1396441
Wireless Gauge Reader Evaluation
Rev. 2
CDA-HNP-2S32-
003
Critical Digital Asset (CDA) - Functional Group Assessment
U2 Generator, Main Transformer, UAT Protective Relays
Rev. 01
CSP-1
SOUTHERN NUCLEAR OPERATING COMPANY CYBER
SECURITY PLAN
Rev. 4
Report of Changes to Cyber Security Plan and Summary of
50.54(p) Analysis
01/09/2025
Miscellaneous
S-77950
Global Instrument & Control DCIS Platform & Cyber Security
Rev. 02
Inspection
Procedure
Type
Designation
Description or Title
Revision or
Date
Engineering Snare Enterprise Agent User Guide
S-77951
Global Operations Services DCIS Platform & Cyber Security
Engineering Microsoft Windows Server 2016 Hardening
Configuration Guide
Rev. 02
S-78291
Simatic Industrial PC Simatic IPC477E
Rev. 01
DI-OPS-96-1222
Control of Wireless Gauge Readers
Rev. 1.2
NMP-ES-046
Configuration Management
Rev. 3.1
NMP-ES-095
Interface Procedure for IP-ENG-001, "Standard Design
Process"
Rev. 16
NMP-GM-007
Acquisition and Development of Technology Solutions for
Southern Nuclear
Rev. 16
NMP-GM-010
Supplemental Personnel Control
Rev. 16.5
NMP-GM-014
Cyber Security for Digital Plant Systems
Rev. 17.13
NMP-GM-014-007
CFR 73.54 Critical Digital Asset (CDA) Identification
Instructions
Rev. 15.4
NMP-GM-014-018
CDA Vulnerability Management
Rev. 11
NMP-GM-014-019
CDA Configuration Management and Cyber Hardening
Controls
Rev. 7.4
NMP-TR-602
Training and Qualification of Supplemental Personnel
Rev. 17.3
Procedures
NMP-TR-602-F02
Supplemental Personnel Training Matrix
Rev. 14
Self-Assessments CISA-HNP-2025-
Cyber_Plan
Pre-NRC Inspection CISA - Cyber Security
2/11/2025
Work Orders
SNC1799728
Review Splunk logs for Digital Gateway and the connected
04/23/2025