Insp Rept 50-331/93-20 on 931025-29.One Violation Noted. Major Areas Inspected:Circumstances Re Licensee Identified Events Concerning Contractor Employee Falsification of Criminal History

ML20058A391
Person / Time
Site:	Duane Arnold
Issue date:	11/12/1993
From:	Creed J, Madeda T NRC OFFICE OF INSPECTION & ENFORCEMENT (IE REGION III)
To:
Shared Package
ML19063E112	List: IR 05000331/1993020
References
50-331-93-20, NUDOCS 9312010066
Download: ML20058A391 (8)
v • d • e

Text

-

.

.

.

.

U.S. NUCLEAR REGULATORY COMMISSION

REGION III

Report No. 50-331/93020(DRSS)

V Docket No. 50-331 License No. OPR-49 i

Licensee:

Iowa Electric Light and Power Company P. O. Box 351 Cedar Rapids, IA 52406 Facility Name:

Duane Arnold Energy Center, Palo, Iowa

.

Inspection Dates: October 25-29, 1993 Type of Inspection: Announced, Physical Security Inspection Date of Previous Physical Security Inspection: March 22-26, 1993

-

Inspector: bb

U

,

Ierry J. M deda Date i

hysical Security Inspector

/bb

Approved By:

,

James R. Creed, Chief Date Safeguards & Incident Response Section Insnection Summary Insoection on October 25-29. 1993 (Recort No. 50-331/93020(DRSS))

Areas Inspected: Announced, physical security inspection involving:

Review i

of Circumstances Regarding Licensee Identified Events Concerning a Contractor Employee Falsification of Criminal History; followup on a licensee report

'

relating to a potentially Degraded. Security Barrier; Alarm Stations and L

Communication; Power Supply; and Testing, Maintenance and Compensatory Measures.

Results: One apparent violation was identified involving the granting of unescorted access to an unauthorized individual. This finding resulted from l

our review of a licensee reported event. The degraded security barrier event

'

was also reviewed and no regulatory issues were identified. Our review of those two events showed that management's understanding, attention and

involvement in responding to the events were fully effective. Thorough and-technically sound root cause analyses were conducted for each event.

One-

,

inspection followup item regarding tailgating into security areas was also identified.

Routine inspection results showed that the security program was effective in assuring plant safety through the effective implementation of security plan requirements. However, inspection activities relating to the granting of

,

r 9312010066 931112 DR ADOCK 0500

.

_.

.

.

.

.

access to an untrustworthy individual identified a potentially significant I

weakness in the licensee's access authorization program and management overview of that program. Management support was evident in the effective

,

implementation of day-to-day security activities.

Except as noted above, the security management personnel have been effective in the identification and resolution of issues.

Self-assessment practices were good.

Support to other

'

organizations, when necessary, was effective.

i

,

.

f J

4 i

P I

,

,

i L-

-

.

,

.

.

.

DETAILS 1.

Key Persons Contacted In addition to the key members of the licensee's staff listed below, the inspector interviewed other licensee employees and members of the security organization. The asterisk (*) denotes those present at the exit interview conducted on October 29, 1993.

• D. Wilson, Plant Superintendent

• K. Your.g, Manager, Licensing i

• P. Bassette, Supervisor, Regulatory Communications

• D. Englehardt, Superintendent, Security

• G. Henry, Supervisor, Security Operations

• S. Swails, Manager, Nuclear Training

• D. Robinson, Licensing Specialist Regulatory Communications

• B. Wohlers, Project Manager

• M. Duss, Security Specialist

• K. Beak, Senior QA Specialist

• B. Janowski, Project Supervisory, Per-Mar Security

• J. Hopkins, Senior Resident Inspector, NRC, RIII C. Miller, Resident Inspector, NRC, RIII 2.

Entrance and Exit Interviews a.

At the beginning of the inspection, the Station Security Administrator was informed of the purpose of this inspection, its-scope, and the topical areas to be examined, b.

The inspector met with the licensee representatives, denoted in

!

Section 1, at the conclusion of onsite inspection activities.

A-general description of the scope and conduct of the inspection was provided.

Briefly listed below are the findings discussed during

'

the exit interview. The licensee representatives were invited to f

provide comments on each item discussed. Those comments are included. The details of each finding listed below are

,

referenced, as noted, in the report.

(1)

We verified that the licensee granted unescorted access to an unauthorized individual who was allowed access to the protected area and vital areas. This finding, which was identified by the licensee, represented a failure of the access authorization program. The failure was caused by

'

procedural weaknesses and less than effective management

'

overview of the access authorization program.

The inspector

-

emphasized the potential safety and security significance of the event and that additional regional management review would be conducted. The licensee acknowledged the finding-and described their implemented corrective action to prevent recurrences.

(Refer to Section 4)

-

.

..

(2)

The licensee was advised that the inspector evaluated a licensee identified event regarding the degradation of a security barrier. Our evaluation showed that the barrier's integrity was not reduced and regulatory requirements were met.

The inspector considered this issue closed.

(Refer to Section 5)

(3)

One inspection followup item regarding a recent increase in volume of reports relating to personnel tailgating into security areas was identified by the inspector.

The licensee was aware of the problem and was developing corrective action. The inspector emphasized the potential safety and security significance of the problem, in that unauthorized access could be gained to vital equipment.

No unauthorized personnel had gained access as a result of the tailgating issue.

(Refer to Section 6)

3.

Procram Areas Inspected

'

Listed below are the areas examined by the inspector.

'

The areas listed below were reviewed and evaluated as deemed necessary by the inspector to meet the specified " Inspection Requirements" (Section 02) of the application NRC Inspection Procedure (IP).

Sampling included interviews, observations, and document reviews that provided independent review with requirements. Gathered data was also used to evaluate the adequacy of the reviewed program and practices to adequately protect the facility and'the health and safety of the public.

l The depth and sccpe of inspection activities were conducted as deemed appropriate and necessary for the program area and operational status.of the security system.

'

NUMBER PROGRAM AREA AND INSPECTION RE0VIREMENTS REVIEWED l

IP 81700-Physical Security Inspection Proaram for Power Reactors 04.

Alarm Stations and Communication:

(a) CAS and SAS Are Manned,

?

Equipped, Independent and Diverse and Can Call For Assistance; (b) No Interference of CAS activities; (c) CAS and SAS Have Continuous Communications With Each Onsite and Can Call Offsite.

i 05.

Power Sucolv: Alarms and Nonportable Communications Equipment on Standby Power System, Equipment Located in VA, Automatic

!

Indication of Failure or Use.

.

06.

Testina and Maintenance:

(a) Licensee Implements Programs To Verify Installation, Testing, Maintenance and Correction;

,

(b) Compensatory Measures Implemented That Do Not Decrease Effectiveness.

l

_-

.

..

-

.

.

.

IP 81070 - Access Control Personnel: Trustworthiness, Reliability Determined By Background Investigation.

IP 81054 - Physical Barriers - Vital Areas:

(d) Penetration Resistance.

4.

Access Control - Personnel (IP 81070)

Failure to evaluate personnel access authorization records, i.e.

falsified application, resulted in the licensee granting unescorted access of an unauthorized individual to the-facility's. protected and

'

vital areas.

(Apparent Violation 50-331/93020-01)

On August 13, 1993, in accordance with the plant security program, a Security Access Control Specialist was reviewing FBI criminal history records that had been received late the previous day.

Licensee procedure, " Instructions For Reviewal of FBI Criminal Records," requires that the licensee review FBI criminal records (fingerprint cards)

against other relevant access authorization material as part of the licensee's program to ensure trustworthiness. When it was determined that the information regarding criminal history listed on one individual's background clearance application differed from the FBI records received, the individual's supervisor was contacted to have the individual report to the security specialist for an interview to resolve the discrepancy. The FBI record showed multiple arrests and prison terms, while the individual's employment application showed no criminal history. The individual, a contractor laborer employee, had been

"

granted temporary unescorted access on July 15, 1993.

During the interview, the individual was questioned about his criminal history and denied having one. The individual's application-showed that he had responded "no" to the question, "Have you ever been convicted, pled guilty, received deferred adjudication or had a conviction set aside in a criminal matter (including DUI, or traffic offenses other than non-injury traffic or parking)?" The individual signed and dated the

application which stated, "I certify that all information provided on this application is correct, and I understand that any mis-statement,

.'

mis-representation or omission may constitute cause for a recommendation of access denial." When confronted with the FBI criminal history record, in the interview noted above, he admitted to willfully falsifying his application, fearing he would not be granted unescorted access and could not work. Specifically, according to the licensee's investigator he said, "I had lied in 1990, had lied in 1993, and would

,

lie again." The individual's site access was immediately revoked based on the fact that the individual falsified his application regarding his criminal history. The NRC was noted by ENS.

!

The licensee immediately initiated a review into the individual's

statement that he had lied in 1990 to gain access. They determined that in June of 1990 they had granted temporary unescorted access-to the individual to support a refueling outage.

His 1990 application also showed he denied having a criminal record.

The individual's access was terminated September 5, 1990, due to completion of outage activities.

The results of the FBI fingerprint check was received by the licensee on

-

-

.

a

.

November 2, 1990. The individual had left site and could not be interviewed regarding the results of the FBI check. His personnel case file, as required by licensee access procedural requirements (Section 4.5.2 of " Instructions for Reviewal of FBI Criminal Records"),

was marked " incomplete" and filed.

The content of his adult (since 18 years of age) criminal record showed multiple felony arrests, and prison terms. (Details withheld for personal privacy. The most recent charge was in 1978.

Licensee management review of the individual's criminal records history (after the fact), showed that although past criminal history was lengthy, r,o criminal activity had occurred in over ten years. The individual nad also met the requirements for alcohol rehabilitation. These facts may have resulted in the individual being granted access had they been reviewed.

Licensee review showed that in 1990 the case file referenced above was noted as " incomplete" because the individual's access was terminated due to job completion prior to the receipt of his FBI criminal background

,

record. A personal interview could not be conducted to obtain information relevant to the difference between his application and the FBI record.

In addition, the individual's file (1990) was marked to ensure a review of criminal history prior to granting of further access.

This case file was then filed with other case files of individuals who had received favorable terminations because there was no separate filing system designated for those marked " incomplete".

This file was later microfilmed during the normal course of microfilming records in early 1992. The microfilmed case file was then archived in the security department's storage area. This area is located adjacent to the Superintendent of Security's office. The file remained in this location until August 13, 1993, when the licensee identified the event and retrieved the file.

Our review of the event showed that the licensee had granted unescorted access to an individual who falsified two employment applications and was therefore untrustworthy and unauthorized. The 1993 event violated the licensee's access authorization program which requires that all personnel granted unescorted access be trustworthy. The cause for the event appeared to be the licensee's failure to evaluate previously identified derogatory information. Also contributing to the event was a lack of formal instructions to search for historical records, and the names of individuals whose files had been noted as " incomplete" were not listed in a separate location and therefore could not be readily recalled and identified.

When identified by the licensee, the following corrective measures were taken. Unescorted access was revoked on August 13, 1993, upon the determination that information was willfully 'omitted. The event was reported to the NRC in accordance with 10 CFR 73.71. A review of the individual's work history was conducted.

The individual's onsite

,

a

.

.

-.

.-

.

.

.-

.. -. i...-.

.

.

.

A supervisor confirmed that the individual's behavior and work record while onsite was normal with no problems noted. During his period of unescorted access his work included cleanup activities.

A review of all (approximately 27) files identified as " incomplete" was conducted.

No other problems were identified.

In addition, the names

of individuals whose files were noted as " incomplete" are now included on the same list as those whose accex has been denied. This list is reviewed prior to granting temporary access and should alert security personnel to the need for further review. The cover sheet of incomplete files is now clearly marked, " INCOMPLETE - FURTHER ACTION REQUIRED."

.'

These files are now separated from those of individuals who received favorable terminations.

Specific written procedural instructions to further improve and clarify the coordination and consistency of the in-processing of persons requesting unescorted access was implemented on September 30, 1993. The

"Self-Disclosure Questionnaire," has been modified to include a question asking individuals to state whether or not they have previously held access at DAEC.

This will alert security personnel to review previous access authorization records. A computerized database and tracking system to aid in the processing of unescorted access applicants will be developed prior to the next refueling outage.

Finally, a comprehensive audit of the entire access authorization program will be conducted.

The licensee has not identified a time period for the completion of this audit activity.

5.

Physical Barriers - Vital Areas (IP 81054)

On September 19, 1993, the licensee identified a potential degradation in a vital area barrier. The licensee discussed their finding with

Region III the following day. Our initial evaluation determined that the event did not appear to be security significant, and the barrier was adequate, but that this item would be reviewed during the next security inspection.

It appeared the barrier was intact and access was being i

properly controlled.

Our onsite review, which was conducted on October 26, 1993, determined the licensee, during an outage related project, had created a temporary breach, an 18" opening, in a security barrier. However, when the opening existed, authorized personnel controlled both sides of the opening and the opening was also located inside a vital area and access

,

from the protected area was not an issue. The opening did not reduce

'

the barrier's effectiveness.

No regulatory or safety ix we was identified.

This matter was closed.

6.

Physical Security Proaram For Power Reactors (IP 81700):

Inspection results identified one inspection followup item.

A recent increase in plant personnel. tailgating into vital areas was identified by the inspector.

Licensee security management personnel were aware of the issue and are evaluating methods to reduce tailgating

i i

!

• -

.

.

.

.

.

into vital areas.

Resolution of this issue will be tracked as an Inspection Followup Item (IFI No. 50-331/93020-02).

Review of security loggable events showed that for the three month

,

period ending in October 1993, the licensee's security computer system has identified 50 occurrences of individuals tailgating into vital areas (15 in August, 10 in September and 25 in October).

An interview with the Superintendent of Security verified a full awareness of the issue.

In July 1993, the licensee completed construction and initiated use of a new security computer system.

This system, along with many other new features tracks personnel access

'

throughout the protected and vital areas. The replaced access control system did not have the ability to readily track occurrences of tailgating.

The licensee recognized that tailgating could be a problem and in August conducted training sessions to explain keycard use to plant employees.

Since that time no additional training had been conducted.

Inspector review showed no unauthorized access was gained resulting from the 50 occurrences. However, the issue of tailgating is indicative of a security program weakness which has the potential of allowing individuals physical access to vital equipment when no supportable reason for such access exists, thereby causing a potential safety problem.

The licensee was aware of our concern and will be evaluating their program to improve performance in this area.

Licensee action will be reviewed during future inspections.

.

L I

i