IR 05000338/2025402
| ML25255A307 | |
| Person / Time | |
|---|---|
| Site: | North Anna  (NPF-004, NPF-007) |
| Issue date: | 09/15/2025 |
| From: | Daniel Bacon NRC/RGN-II/DORS/EB2 |
| To: | Carr E Dominion Nuclear |
| References | |
| IR 2025402 | |
| Download: ML25255A307 (1) | |
Text
SUBJECT:
NORTH ANNA POWER STATION, UNITS 1 & 2 - CYBER SECURITY INSPECTION REPORT 05000338/2025402 AND 05000339/2025402
Dear Eric S. Carr:
On August 14, 2025, the U.S. Nuclear Regulatory Commission (NRC) completed an inspection at North Anna Power Station, Units 1 & 2 and discussed the results of this inspection with Jim Jenkins, Site Vice President, and other members of your staff. The results of this inspection are documented in the enclosed report.
No findings or violations of more than minor significance were identified during this inspection.
This letter, its enclosure, and your response (if any) will be made available for public inspection and copying at http://www.nrc.gov/reading-rm/adams.html and at the NRC Public Document Room in accordance with Title 10 of the Code of Federal Regulations 2.390, Public Inspections, Exemptions, Requests for Withholding.
Sincerely, Daniel M. Bacon, Chief Engineering Br 2 Division of Operating Reactor Safety Docket Nos. 05000338 and 05000339 License Nos. NPF-4 and NPF-7
Enclosure:
As stated
Inspection Report
Docket Numbers:
05000338 and 05000339
License Numbers:
Report Numbers:
05000338/2025402 and 05000339/2025402
Enterprise Identifier:
I-2025-402-0036
Licensee:
Dominion Nuclear Company
Facility:
North Anna Power Station, Units 1 & 2
Location:
Mineral, VA
Inspection Dates:
August 11, 2025 to August 14, 2025
Inspectors:
B. Barro, Cyber Security Analyst
P. Braaten, Senior Reactor Inspector
R. Fanner, Reactor Systems Engineer
L. Manning, Info Systems Security Analyst
Approved By:
Daniel M. Bacon, Chief
Engineering Branch 2
Division of Operating Reactor Safety
SUMMARY
The U.S. Nuclear Regulatory Commission (NRC) continued monitoring the licensees performance by conducting a cyber security inspection at North Anna Power Station, Units 1 &
2, in accordance with the Reactor Oversight Process. The Reactor Oversight Process is the NRCs program for overseeing the safe operation of commercial nuclear power reactors. Refer to https://www.nrc.gov/reactors/operating/oversight.html for more information.
List of Findings and Violations
No findings or violations of more than minor significance were identified.
Additional Tracking Items
None.
INSPECTION SCOPES
Inspections were conducted using the appropriate portions of the inspection procedures (IPs) in effect at the beginning of the inspection unless otherwise noted. Currently approved IPs with their attached revision histories are located on the public website at http://www.nrc.gov/reading-rm/doc-collections/insp-manual/inspection-procedure/index.html. Samples were declared complete when the IP requirements most appropriate to the inspection activity were met consistent with Inspection Manual Chapter (IMC) 2201, Security Inspection Program for Commercial Nuclear Power Reactors. The inspectors reviewed selected procedures and records, observed activities, and interviewed personnel to assess licensee performance and compliance with Commission rules and regulations, license conditions, site procedures, and standards.
SAFEGUARDS
71130.10 - Cybersecurity
The inspectors reviewed implementation of North Annas Cyber Security Plan (CSP) and focused on evaluating changes to the program, critical systems, and CDAs.
Cybersecurity (1 Sample)
- (1) The following IP sections were completed and constitute completion of 1 sample:
- 03.01, Review Ongoing Monitoring and Assessment Activities
- 03.02, Verify Defense-in-Depth Protective Strategies
- 03.03, Review of Configuration Management Change Control In addition to the systems and programs that have been added or modified since the last cyber security inspection, the following systems were selected for inspection.
Units 1 & 2
- Alternate AC Power (AAC)
- Inadequate Core Cooling Monitoring System (ICCM)
INSPECTION RESULTS
No findings were identified.
EXIT MEETINGS AND DEBRIEFS
The inspectors verified no proprietary information was retained or documented in this report.
- On August 14, 2025, the inspectors presented the cyber security inspection results to Jim Jenkins, Site Vice President, and other members of the licensee staff.
DOCUMENTS REVIEWED
Inspection
Procedure
Type
Designation
Description or Title
Revision or
Date
CR1291030
05/06/2025
CR1291588
05/12/2025
CR1293566
06/09/2025
Corrective Action
Documents
CR1297170
07/28/2025
CR1298211
NRC Cyber Security Inspection - NRC Identified discrepancy
frequency for Ongoing Assessment 0-PT-73
08/12/2025
CR1298214
NRC Cyber Security Inspection - NRC Identified critical
function verification in IT-AA-CYB-103 inaccuracies
08/12/2025
Corrective Action
Documents
Resulting from
Inspection
CR1298318
NRC Cyber Security Inspection - NRC identified
enhancements for ongoing monitoring
08/13/2025
NA-18-01069
Security Computer Upgrade - Host Computers and Video
Capture
NA-19-00013
Unit 1 Casing Cooling Chiller Replacements
NA-21-00010
Unit 2 Casing Cooling Chiller Replacements
Engineering
Changes
NA-21-00072
OCA CDA Facility Access Control System Expansion
59-E434-00001
Installation, Operation, and Maintenance Manual for Split-
System Casing Cooling Tank Chillers
Rev. 04
NA-REPORT-
CDA-NA0-AAC-
SBO DIESEL
AAC Control
Rev. 03
NA-REPORT-
CDA-NA0-SEC-
RECORDER-
VIDEO-DNR
Critical Digital Asset (CDA)
Rev. 05
NA-REPORT-
CDA-NA0-SEC-
SWITCH-
NETWORK-DNR
Critical Digital Asset (CDA)
Rev. 04
Miscellaneous
NA-REPORT-
CDA-NA1-SEC-
CLOCK-
SATELLITE
Critical Digital Assets
Rev. 02
Inspection
Procedure
Type
Designation
Description or Title
Revision or
Date
NA-REPORT-
NA1/2-MULTI-
ICCM
Inadequate Core Cooling Monitoring System
Rev. 01
NA-REPORT-
SCA-NA-0-AAC-
CONTROL_1-
Security Controls Analysis
Rev. 03
NA-REPORT-
SCA-NA-CM-
RECEIVER
Security Controls Analysis
Rev. 02
NA-REPORT-
SCA-NA-EI-
Controller
Security Controls Analysis
NA-REPORT-
SCA-NA-RC-
MODULE-
DISPLAY
Security Controls Analysis
Rev. 02
NA-REPORT-
SCA-NA0-SEC-
RECORDER-
VIDEO-DNR
Security Controls Analysis
Rev. 07
NA-REPORT-
SCA-NA0-SEC-
SWITCH-
NETWORK-DNR
Security Controls Analysis
Rev. 08
0-PT-73.54.24
Ongoing Assessment of Critical Digital Assets on AAC
Control 1 PLC
Rev. 0
0-PT-73.54.47
Ongoing Assessment of Critical Digital Assets on Security
Computer Satellite Clock
Rev. 03
0-PT-73.54.50
Ongoing Assessment of Critical Digital Assets on Security
Computer Workstations
Rev. 03
0-PT-73.54.84
Ongoing Assessment of Critical Digital Assets on Security
Host Server
Rev. 03
Procedures
0-PT-73.54.86
Ongoing Assessment of Critical Digital Assets on Security
Rev. 03
Inspection
Procedure
Type
Designation
Description or Title
Revision or
Date
0-PT-73.54.93.1
Ongoing Assessment of Critical Digital Assets for Level 4
Intrusion Detection Monitoring System (IDMS) - Monthly
Rev. 04
0-PT-73.54.93.3
Ongoing Assessment of Critical Digital Assets for Level 4
Intrusion Detection Monitoring System (IDMS) - Quarterly
Rev. 03
CM-AA-CYB-105
Cyber Security Assessment Team (CSAT) Review
Rev. 04
Conduct of
Operations
Rev. 54
IT-AA-CYB-101
Cyber Security Configuration Control
Rev. 06
IT-AA-CYB-104
Unauthorized Wireless Access Point Scanning
Rev. 05
IT-AA-CYB-106
Control and Protection of Portable Media Devices
Rev. 10
IT-AA-CYB-111
Cyber Security Audit and Accountability
Rev. 04
IT-AA-CYB-114
Cyber Security Maintenance
Rev. 06
IT-AA-CYB-118
Cyber Security Systems and Services Acquisition
Rev. 04
IT-AA-CYB-122
Cyber Security Hardening
Rev. 01
SY-AA-PLN-170
Security Records
Rev. 03
SY-AA-UAA-101
Unescorted Access Authorization Program
Rev. 05
59102881697
IPM/00-AAC-PNL-2 (Backup Battery Replacement)
08/14/2024
203372258
Ongoing Assessment of Critical Digital Assets on AAC
Control 1 PLC
07/31/2023
203374009
Control Panel Repair (Simplex Node 6 has "No Answer"
Code)
2/17/2025
203407667
Ongoing Assessment of Critical Digital Assets on AAC
Control 1 PLC
06/03/2025
203418996
Ongoing Assessment of Critical Digital Assets for Level 4
Intrusion Detection Monitoring System (IDMS) - Quarterly
11/25/2024
203445604
Ongoing Assessment of Critical Digital Assets on Security
2/12/2025
203445605
Ongoing Assessment of Critical Digital Assets on Security
05/13/2025
203446924
Ongoing Assessment of Critical Digital Assets for Level 4
Intrusion Detection Monitoring System (IDMS) - Monthly
05/06/2025
Work Orders
203448338
Ongoing Assessment of Critical Digital Assets for Level 4
Intrusion Detection Monitoring System (IDMS) - Monthly
06/03/2025
Inspection
Procedure
Type
Designation
Description or Title
Revision or
Date
203448873
Ongoing Assessment of Critical Digital Assets for Level 4
Intrusion Detection Monitoring System (IDMS) - Quarterly
06/25/2025
203449774
Ongoing Assessment of Critical Digital Assets for Level 4
Intrusion Detection Monitoring System (IDMS) - Monthly
07/08/2025
203449995
Ongoing Assessment of Critical Digital Assets for Level 4
Intrusion Detection Monitoring System (IDMS) - Seven Day
07/15/2025
203450359
Ongoing Assessment of Critical Digital Assets for Level 4
Intrusion Detection Monitoring System (IDMS) - Seven Day
07/22/2025
203450707
Ongoing Assessment of Critical Digital Assets for Level 4
Intrusion Detection Monitoring System (IDMS) - Seven Day
07/29/2025
203450993
Ongoing Assessment of Critical Digital Assets for Level 4
Intrusion Detection Monitoring System (IDMS) - Seven Day
08/05/2025
203451123
Ongoing Assessment of Critical Digital Assets for Level 4
Intrusion Detection Monitoring System (IDMS) - Monthly
08/05/2025
203453372
MUX Interface Repair (Data Not Being Received)
03/12/2025
203453585
Fire Control Panel Software Configuration Upgrade (Needed
to Match 1-FP-CPU-1)
05/29/2025