IR 05000352/1986015
| ML20214S338 | |
| Person / Time | |
|---|---|
| Site: | Limerick  |
| Issue date: | 09/12/1986 |
| From: | Bailey R, Keimig R, Shropshire A NRC OFFICE OF INSPECTION & ENFORCEMENT (IE REGION I) |
| To: | |
| Shared Package | |
| ML20214S317 | List: |
| References | |
| 50-352-86-15, NUDOCS 8609290465 | |
| Download: ML20214S338 (10) | |
Text
.
.
.
,
U.S. NUCLEAR REGULATORY COMMISSION
REGION I
Report No. 50-352/86-15 Docket No.
50-352 License No. NPF-39 Licensee:
Philadelphia Electric Company 2301 Market Street Philadelphia, Pennsylvania 19101 Facility Name:
Limerick Generating Station, Unit 1 Inspection At:
Limerick, Pennsylvania Inspection Conducted: July 1-3 and 7-11, 1986 Date of Last Physical Security spection: March 3-7 and 10, 1986
'b'
V~ W46 Inspector-R. J. Baile Physical (Aecurity Inspector date
/
Observer:
p C/
A. Shropshir /, Invept at on and Compliance
/
Coordina r, Re n
f- / 2 -N Approved by:
.
e
/. R. Keimig, ' Chief, eguards Section date DRSS Inspection Summary: Routine, Unannounced Physical Security Inspection on July 1-3 and 7-11, 1986 (Inspection No. 50-352/86-15)
Areas Inspected:
Follow-up on allegations concerning the security program; security plan and implementing procedures; organization; locks, keys and com-binations; lighting; compensatory measures; assessment aids; detection aids (protected and vital areas); security contingency plan; and follow-up on security program event reports.
Results:
Certain information provided by the allegers was substantiated; however, no violations of NRC requirements were identified in the areas inspected.
8609290465 860923 PDR ADOCK 05000352 G
,
- - -
- - -
'
.
DETAILS 1.
Key Personnel Contacted G. M. Leitch, Superintendent, Nuclear Generation J. A. Basilio, Administrative Engineer F. J. Larkin, Nuclear Security Specialist C. R. Endries, Regulatory Engineer N. R. Carter, Special Investigator, Corporate Security P. R. Supplee, Administrative Assistant V. A. Warren, Test Engineer J. J. Burke, Quality Assurance Auditor J. F. Rubert, Quality Assurance Site Supervisor D. Johnson, Yoh Security Program Manager D. L. Gould, Yoh Security Program Manager R. McBride, Physician Assistant The inspector also interviewed other licensee personnel and Yoh security personnel.
2.
MC 30703 Exit Interview The inspector met with the licensee representatives listed in paragraph 1 on July 11, 1986, and discussed the scope and results of the inspection.
No written material was provided to the licensee during the inspection.
.
3.
MC 92700 - Follow-up on Security Program Event Reports The inspector conducted an onsite review of Security Program Event Report l
Numbers 86-01, 86-02 and 86-03 that had been submitted by the licensee in I
accordance with 10 CFR 73.71(c). These reviews were conducted to verify that adequate compensatory measures, as necessary, had been taken when the events occurred and that corrective measures to prevent recurrence had been properly implemented, where applicable.
Each event was properly documented, and close-out actions were available for review by NRC.
No discrepancies were identified.
4.
MC 92706 - Independent Inspection Effort Enclosures 1 & 2 contain the findings and conclusions reached by the inspector on several allegations received by NRC Region I from two allegers concerning the licensee's security organizatio7. One alleger is a former member of the security force and the other is currently employed as a member of the security force.
l
.
.,
'
.
5.
MC 81018 - Security Plan and Implementing Procedures During this inspection, the inspector performed an onsite validation of a May 1986 change to the NRC-approved Physical Security Plan that was submitted in accordance with 10 CFR 50.54(p).
The inspector found that the current conditions were as stated in the licensee's submittal.
6.
MC 81022 - Security Organization The inspector reviewed the changes in the security organization that had occurred since the last inspection.
The inspector found that the Captain of the security force had resigned and was replaced by an individual who was previously in the security contractor's onsite training section. The inspector interviewed the individual and found him to be knowlegeable of program requirements.-
The inspector also found that 13 members of the force had been terminated for a variety of causes and 17 had resigned between January 1 and July 11,1986.
In reviewing the termination / resignation interviews, the inspector did not identify any security program deficiencies.
The licensee also informed the inspector that the role of the contractor's Performance Analysis Group had been changed from merely ensuring com-pliance to advising and assisting the on-duty security shift sergeant in the proper discharge of his/her responsibilities. The licensee stated that these personnel had acquired an extensive knowledge of NRC require-ments and would be able to provide additional technical assistance and direction in security matters.
7.
MC 81046 - Locks, Keys and Combinations
..... _.
.
I"E FMA9M ccTAINS SMiGUEDS ii&.W.in MDSK01FO!i Mt!0 ustLO?ils,lY151:1TERii0unLLY LEfT DLA!!3.
Inspector Follow-up Item (IFI) No. 50-352/86-15-01 8.
MC 81062 - Lighting The inspector conducted a tour of the protected area during the hours of darkness on July 9,1986 and observed that the lighting met the standards described in the NRC-approved physical security plan.
i
-
_
. _ _
_
- -
-
-.
,
- - - - -
-
- - _
.
9.
MC 81064 - Compensatory Measures The inspector reviewed the Informational Shift Assignment Rosters for May 20, 1986, to identify existing compensatory security posts. The inspector observed and interviewed several security force members on these posts and determined that they were knowledgeable of their assigned duties.
10. MC 81070 - Assessment Aids Assessment aids utilized by the licensee were observed by the inspector from the Central Alarm Station during daylight and hours of darkness.
They were found to conform to security plan commitments and were adequate for their intended function.
11. MC 81078 - Detection Aids (Protected Area)
The inspector observed members of the security force perform tests of the protected area perimeter detection aids during the week of July 7-11.
No discrepancies were noted.
12. MC 81088 - Detection Aids (Vital Areas)
The intrusion detection systems detected inspector requested penetration tests and conformed to the NRC-approved physical security plan.
13. MC 81601 - Security Contingency Plan The inspector found that the licensee had conducted special security contingency drills that were designed to exercise selected aspects of the security program.
The inspector also found that general security contingency drills were conducted to exercise integrated response by the security force. Documentation of the drills was adequate and no discre-pancies were note,
- - -
- - -.
-
'
.
Enclosure 1 Allegation by Former Member of Security Force The concerns that follow were identified and discussed with a former member of the security force in a telephone conversation with NRC Region I representa-tives on June 11, 1986. The findings represent the results of review of these concerns during an inspection on July 1-3 and 7-11,1986.
1.
Concern - A surveillance test was not performed after a security system had registered a tamper alarm on October 9, 1985.
Finding The inspector determined, through interviews with security management personnel and a review of records, that a test of the system was performed on October 9, 1985. That test proved that the system was functioning properly.
Since the test did not constitute a repair, adjustment, re-placement or loss of power, in accordance with established procedures, no subsequent surveillance test, to confirm operability of the system, was required. The inspector found no noncompliance with NRC requirements.
2.
Concern - Security force members do not always respond to alarms, especially during periods of inclement weather.
Finding Through a review of records and interviews of security force members, the inspector found that the manner in which alarm response was being recorded did not always accurately reflect the time of response and the action taken by the responder. The inspector determined that this was due to the alarm operators' use of terse and/or incomplete log entries rather than improprieties in responding. The inspector witnessed an equipment failure which required the establishment of compensatory posts during his review of this concern. The inspector found that not all the responders could be readily observed by himself or the alarm station operator because of the sheltered positions they placed themselves in to avoid the heat of the sun. The inspector brought this to the attention of the licensee since it was incumbent upon the alarm station operator, in this instance, to visually confirm the establishment of the compensatory posts.
Similar situations in the past may have been the basis for the alleger's concern.
The licensee promptly corrected this by clarifying the alarm station operators' procedures in this regard.
No violations of NRC requirements were identifie r
'
.
3.
Concern - During drug analysis testing in 1985, two Yoh security members were involved in substitution of urine samples.
Findings l
The inspector reviewed sign-in and sign-out records for May 30, 1985, the day the alleger claimed to have witnessed a substitution, and the results of urinalysis examinations for the individuals allegedly involved in the incident. Based upon these records, the inspector determined that the urine samples were collected at different times during that day and that neither the alleger nor either of the allegedly involved individuals were signed-in as being onsite at the same time on that day. Additionally, the inspector determined that one of the allegedly involved individuals had given his urine specimen on the preceding day. Therefore, the sub-stitution could not have occurred as alleged.
The inspector also requested a review of the urinalysis results of both allegedly involved individuals by a medical staff member onsite.
That review of the urinalysis reports in question, indicated, with a high certainty, that the urine was from different individuals and that a sub-stitution was highly improbable.
In addition, the inspector found that the drug testing program has since been modified and several additional safeguards have been added to increase the integrity of the program.
No improprieties in program implementation were found.
4.
Concern - During a practical firearms test conducted in the summer of 1985, there was falsification of documents regarding the shotgun proficiency of certain security force members in that shotgun shells with 12 pellets were being used instead of 9 pellets as committed to in the NRC-approved Training and Qualification Plan.
Findings During interviews with security management staff and a security force member who, between July 15-19, 1985, attended the firearms qualification test at the same time as the alleger, the inspector learned that the security force contractor was using shotgun shells with 12 pellets for practice. The interviewee stated that after the practice rounds were completed, shotgun gun shells with 9 pellets were given to each individual for use in qualification and that only one individual was allowed on the firing line at a time to facilitate supervision. The inspector also reviewed the scores of those who completed their qualification on the day the alleger qualified, and found that the scores appeared normal for the NRC-required 9 pellet shells. Additionally, the inspector determined that each of the current security force members who qualified with the alleger in July 1985 have since been requalified, and that the licensee certified that the correct ammunition was used. No violations of NRC requirements were identified.
l
-
-
.
-
,
__
-
<
5.
Concern - Surveillance testing of some intrusion detection systems is unrealistic and compromises plant security.
Finding The inspector determined, through a review of records and test proce-dures, examination of intrusion detection systems, and observation of several surveillance tests, that the test procedures, if properly imple-mented, will determine the effectiveness of the systems. The inspector found no indications or reason to suspect that the testing procedures were not being properly carried out. The inspector determined that, in most cases, more than one individual is involved in the testing. No violation of NRC requirements was identified.
6.
Concern - Two doors do not fit the description of a barrier as stated in the NRC-approved Physical Security Plan.
Finding The inspector determined that the two doors iaentioned in the allegation were permanently sealed; therefore, those barriers are not considered as doors.
Those barriers have been approved by the NRC and are identified, in their exisitng configuration, in the NRC-approved Physical Security Plan.
No violation of NRC requirements was identified.
7.
Concern - Key cards invalidated due to loss were being revalidated when found, without any knowledge of their use while lost.
Finding The inspector determined, through a review of control records for key cards and an audit of the computer history, that key cards invalidated because they were lost and not immediately found were not reissued.
These key card numbers are transferred from the list of useable key card numbers to a special list of unuseable key card numbers.
Those numbers are pro-hibited from being reissued for any reason except as described below. The inspector conducted an audit of currently issued key cards and determined that no key card had a number from the unuseable list.
,
The inspector also determined that the Central Alarm Station (CAS)
operators routinely invalidate lost key cards immediately upon notification from the card holders or as a result of a determination by the Security Shift Sergeant that a key card should be invalidated. Upon notification by the security contractor that a key card has been invalidated because of loss, the licensee's security staff assumes control and conducts a trace to determine if the key card was misused or abused while lost. When PECO determines that there are no improprieties involved with the key card, and if the card is subsequently found, the number for the key card in question is returned to the security contractor for use.
It should be noted that an invalidated key card
]
.
-
.
cannot be used, even if found, to gain access to site areas.
The in-spector noted that there are other access control measures in place to preclude the unauthorized use of a key card. The licensee's access con-trol procedures were implemented in October 1984, at which time they were reviewed by NRC and found to be adequate to meet the NRC program object-ives. No violations of NRC requirements were identified.
8.
Concern - Surveillance testing for the explosive detector was disregarded because the detector could not pass the test.
Finding The inspector determined that the initial surveillance test procedure used for the explosive detectors was issued in October 1984 and was modified by the licensee because the licensee recognized that the testing method was not totally effective. The licensee subsequently adopted the manufac-
!
turer's recommended testing method and rewrote and reissued the surveil-lance test procedure to reflect this change in June 1985. The inspector observed the licensee perform a surveillance test on the explosive detectors during the week of July 7-11, 1986. The inspector found that
the current test procedure was that which is recommended by the manufac-turer, is effective and is adequate for the intended function of the
,
detector. The inspector could not determine how surveillance testing was l
handled prior to June 1985 but did find evidence of maintenance requests on these detectors which would indicate that if a detector did not pass a surveillance test, repair was requested.
No violations of NRC require-ments were identifie.
-
.
.
Enclosure 2 Allegation by Current Member of Security Force Allegation On May 29, 1986, Region I received a telephone call from an individual claiming to be a Yoh Security employee at the Limerick Generating Station.
The caller made certain allegations concerning the procedures used in the Central Alarm Station (CAS), and they are characterized-below. The findings represent the results of review of these allegations during an inspection on July 1-3 and 7-11, 1986.
(1) The Central Alarm Station " Level 1 Command" button, that is activated by a key, has been broken for the last 8-9 months.
The broken button could permit entry of unauthorized access level commands into the computer, in violation of SI's (Security Instructions) and PP's (Security Plan i
Procedures).
'
Findings Through interviews with security management personnel and a review of records, the inspector learned that Security Systems / Components Problem Reports on the Level I command key switch were submitted by CAS operators on five occasions between April 16, 1986 and May 23, 1986.
Some type of repair action was performed in response to each report. The inspector found that CAS operators had experienced intermittent malfunctioning of the switch throughout that period.
The inspector was able to substantiate that, when the switch malfunctioned, the key could not be removed and, therefore, the switch was left activated.
This could have permitted personnel access level changes to be made without the knowledge of a supervisor since obtaining the key from the supervisor was a safeguard against unauthorized access level changes.
In addition, the spring actuated button that must be used in conjunction with the Level I key switch was also inoperable in that it was required to be
.
manually held in the "in" position while making authorized changes when directed by the Security Shift Sergeant. This apparently was a nuisance to the CAS operators. As a result of the inspector's inquiries into this matter during the week of July 7-11, 1986, the licensee transferred the responsibility for changing access levels to the Secondary Alarm Station which had a properly functioning key switch and button. The inspector could find no evidence that an access level was changed without proper authorization during the period that the CAS switch was malfunctioning.
No violation of NRC requirements was identified.
.
-
.
.
(
-
.
.-
(2) Allegation The security computer system has had several outages caused by errors in the software.
Both PECO and YOH supervisory personnel have blamed these outages on improper operation by YOH personnel.
PECO wants to get rid of some YOH people and is trying to use the computer outages as a basis.
FECO has written a letter to Y0H asking Yoh what is being done about its personnel causing computer outages. On at least one occasion, a computer outage lasted longer than 10 minutes and compensatory actions were not taken.
Findings The inspector determined through interviews with the security management personnel that they were experiencing security computer outages as a result of software errors.
Licensee representatives advised the inspector that they are aware of the problems and are attempting to obtain new software programs from the manufacturer. The inspector determined that the licensee did send a memorandum to the Captain of the Security Force on May 23, 1986 which addressed a recurring problem with CAS operator errors which also caused the computer to malfunction. The memorandum had not yet been answered. The inspector determined through a records review that no security force personnel had been terminated recently because of improper operation of the security computer.
The inspector reviewed the security event log and found that two computer outages occurred which lasted longer than 10 minutes. The event log indicates that proper compensatory meas-ures were taken by deploying personnel and through the use of assessment aids.
It should be noted that the 10 minute time interval, addressed in NRC reporting requirements 10 CFR 73.71 for implementing compensatory measures, pertains only to those events which are not described in the security program plans. A computer outage is an event which is described in those plans and compensatory actions for such an event have been approved by NRC. The inspector determined that the licensee had properly implemented corrective actions for the two computer outages that were reviewed. There were no events identified by the inspector in which com-pensatory actions required to be initiated within 10 minutes were not.
~~
i
_
_
- _ _ -.
-..
- - - - -
- - - - -
. - -
-
-
-- - - - - - - -