IR 05000352/1986025
| ML20214V167 | |
| Person / Time | |
|---|---|
| Site: | Limerick  |
| Issue date: | 05/26/1987 |
| From: | Linville J NRC OFFICE OF INSPECTION & ENFORCEMENT (IE REGION I) |
| To: | |
| Shared Package | |
| ML20214V160 | List: |
| References | |
| 50-352-86-25, NUDOCS 8706120004 | |
| Download: ML20214V167 (9) | |
Text
.
.
.
U. S. NUCLEAR REGULATORY COMMISSION
REGION I
Report No. 86-25 Docket No. 50-352
License No. NPF-39 Licensee: Philadelphia Electric Company 2301 Market Street Philadelphia, PA 19101 Facility Name:
Limerick Generating Station, Unit 1 Inspection Conducted: October 10-25, 1986, December 22-25, 1986, and February 13 - March 18, 1987 Inspector:
E. M. Kelly, Senior Resident Inspector
.
M Approved by:
-
C. Linville, Chief Dats ctor Projects Section RP
Summary:
Special inspection (Report No. 50-352/86-25) to review security and safeguards events occurring in October and December,1986 and February,1987. The inspection accounted for 54 hours6.25e-4 days <br />0.015 hours <br />8.928571e-5 weeks <br />2.0547e-5 months <br /> and identified one violation of NRC requirements concerning the handling of Safeguards Information.
d
,
t 8706120004 870602
"
PDR ADOCK 05000352 G
,
.
._..-
.
. _. -
_ - -. _. - - _
-.. - _
.
-
-,
_
_ - __
.
.
.
.
.
.
DETAILS 1.0 Principals Contacted PECO J. F. Franz, Jr., Manager, Limerick Generating Station J. Doering,. Superintendent of Operations R. Weindorfer, Director of Nuclear Security R. Carter, Investigator F. Larkin, Nuclear Security Specialist j
C. Endriss, Site Administrative Engineer Protection Technology Inc. (PTI)
L. Cobb, P'~f Manager, Performance Analyst Group S. Mcdonald, PTI Program Manager T. Straub, PTI Site Lead Performance Analyst (Current Capt.)
NRC RT Keimig, Chief, Safeguards Section
- R Bailey, Physical Security Inspector i
2.0 Safeguards Information Document Control
2.1 Background In October 1986, during review of LER 86-036 issued on August 7,1986 to descrioe an hourly fire watch inspection that was missed because of a security computer outage, the inspector discovered a draft document entitled, "YOH Compensatory Measures During Security Computer Systems Failure", which was not controlled or marked, and which contained details of the Limerick Physical Security Plan subsequently determined by the licensee to be Safeguards Information.
The above draft document supplied guidance to the security force regarding their responsibility and response should a security computer outage occur. Using the draft document the Administrative Engineer was preparing a memorandum which was to be issued to security members,
,
shift supervision, and Bechtel fire watch advisors regarding coor-dination for fire watch inspections during security computer outages.
The computer outage that had occurred was reported in LER 86-036, and the Adminsitrative Engineer's memorandum to the shift was part of the corrective action for LER 86-036. The memorandum was pending issuance as of October 10, 1986 when the inspector discovered the draft document on the Administrative Engineer's desk as they discussed the corrective actions for LER 86-036.
d
-~m r
.a e=
- e q.
g--
w..-vn
---
y--
n.-e-,--v-+-r
-, -,
~--.meem-.-m,
.-gwene
- - -
,-e---
- - - -,,
-. __
.
.-
The draft document was five pages long and was sufficiently detailed that the information constituted Safeguards Information. The docu-ment was subsequently reviewed by NRC Region I security inspectors who concurred with the licensee's determination that the information was Safeguards Information and should have been controlled with existing procedures.
The document was one of five copies including the original; the licensee immediately (October 10,1986) verified that all of the copies of the draft document were contained in Safeguards controlled areas. One copy of the original was in a locked safe in the security contractor's performance analysis group (PAG) files; copies were also in CAS/SAS areas and the Administration Building bullet resistant enclosure (BRE) under appropriate controls (24-hour manned areas). The draft copy that was found by the inspector.md remained for an estimated two months within a file contained in the Administrative Engineer's desk. All copies were subsequently collected by the licensee and later destroyed.
2.2 Findings The following areas were inspected by the licensee for proper storage of Safeguards Informatioa:
--
Administration Building and TSC BRE's
--
--
Captain and Lieutenant offices Project Manager / Performance Analysis Group facility
--
Linvield Support Office
--
Information reviewed by the licensee is treated as described:
--
Stamped Safeguards Information - if current and valid, it will be stored in Safeguards cabinets with the exception of materials-in-use in the CAS, SAS and Administrative Building BRE.
Other security documents - if not clearly classifiable, documents
--
will remain stored as Safeguards until individually reviewed and classified.
The following results were obtained by the licensee and actions taken regarding marking and storage of Safeguards Information:
a.
Program Manager / PAG Facility PAG Logbooks and Activity Sheets are stored as Safeguards
--
pending review.
--
Challenge Critique Sheets are stored as Safeguards.
Sheets generated as of October 10, 1986 are marked as Safeguards.
,,.
.. -. -_
-.
_
. _,
_
_ _ - _ -
-_
_
.
.
All correspondence stored as Safeguards is under review
--
pending return to non-Safeguards storage as applicable.
The PC Keyboard is being stored in a Safeguards cabinet
--
when unattanded pending review of alternative protection measures.
Typewriter ribbon is being removed and stored in a
--
Safeguards cabinet when unattended.
An additional Safeguards cabinet is being established in
--
Program Manager's office.
b.
CAS/SAS
,
Information that must remain readily available to CAS/SAS operators (i.e., door lists, camera lists, etc.) is stamped as Safeguards Information. This data.is maintained under plexiglass at the CAS/SAS operator's console.
c.
Administration Building Operations personnel rosters (in the possession of several supervisors) were removed and destroyed.
Post Orders and Security Instructions were over-stamped in red ink. Working copies of Post Orders were posted behind the Supervisors' desk to enhance control. An out-of-date list (origin unknown)
designating security doors was removed and stored as Safeguards pending destruction.
d.
TSC BRE Security Instructions of an administrative nature were removed and destroyed.
2.3 Corrective Actions The following corrective actions were implemented by the licensee and verified in place by the inspector:
All areas where Safeguards Information is maintained were
--
inspected by licensee security program management, and all documents were reviewed by October 20, 1986.
All areas were found to be in compliance.
--
Security Instruction (SI)-019 and related PTI procedures were revised to include Safeguards Committee review of all distributed documents.
i l.
i
,
~.,
.
- -
-. - - -
.
-. -
...
-
_ - -,. -
.
.
.
A two-hour supervisory Lesson Plan was developed on Safeguards
--
Information identification and control, along with a 1-hour class for initial watchman training, armed guard and all requalification classes.
QC developed an inspection checklist as an ongoing action for
--
continual monitoring of the Safeguards Information control program.
--
Guard Mount (security shif t turnover) was immediately addressed upon notification of the unmarked Safeguards Information. All security force members (SFMs) were apprised of the problem and of 10 CFR Part 73.21 requirements.
2.4 Conclusion The licensee's immediate corrective actions were assessed by the inspector to be effective in so far as files and security procedures were re-examined in the BRE and other areas such as CAS/SAS and the PAG offices onsite. The inspector also reviewed training records of a 2-hour course for security members on the control and safeguarding of Safeguards Information.
The inspector performed periodic audits of the BREs in the Administration Building and TSC, and observed that the pass-along books used by security shift personnel and bulletin boards in these areas did not contain information that could be construed as Safeguards.
The licensee rewrote a Security Instruction on handling Safeguards Information and a new lesson plan entitled
" Safeguards Information Requirements" was prepared to be administered to all security personnel.
The licensee also instituted a QC inspection module (detailed monitoring checklist) for Safeguards Information, DMC L-SP-01, Control of Safeguards Information.
Documents to be examined included post orders, security instructions, pass-along books, PAG inspection reports, security incident reports, plant protection procedures, security bulletins, rosters, and access logs, vital key logs, security plans and memos, including daily paperwork.
The inspector reviewed the detailed monitoring checklist prepared by QC, discussed the issue with QC representatives, and determined the QC measures to be complete and in use.
The licensee subsequently issued Administrative Procedure A35.3, Control of Safeguards Information, that became effective on December 8, 1986. The procedure describes methods to distribute, process, and store Safeguards Information documents.
The new procedure incorporated existing corporate direction regarding Safeguards Information. The inspector has observed over the period of November 1986 - February 1987 that this procedure has been effective in limiting and controlling Sa'feguards Informatio,
.
.
-
.
.
- _.
--
-.
-_.
--
- _ -.
-
.
.
The inspector concluded that the draft document found to be Safeguards Information but not appropriately controlled was a an apparent violation of NRC requirements under 10 CFR.Part 73.21(e)
(50-352/86-25-01). The document (a) had been apparently in the
,
'
Administrative Engineer's possession for approximately 4-6 weeks and always in his possession (on his desk in a file), and not easily i,
accessible, (b) was the only copy of this procedure that was uncontrolled; and, (c) was subsequently recollected by the licensee and destroyed. The licensee uses a Safeguards Committee to periodically review Safeguards Information and determine if it should be stamped and controlled as Safeguards. The inspector had no further questions or concerns, i
3.0 Bomb Scare i
3.1 Background i
On December 22, 1986, at about 11:20 a.m., the site telephone switch-
'
board operator received a call from a male caller who requested to speak with the control room. While the operator attempted to ascer-tain which control room (Unit 1'or 2) the caller wanted, the caller terminated the call. Another call was received at 12:22 p.m., from a person believed to be the same person who called at 11:20 a.m.
The
,
caller asked for " security". The call was transferred to the Unit 2 i
security force. The caller indicated that a bonb had been placed in one of three specific locations in and around Unit 1 and that it would detonate in "about 20 minutes".
The licensee initiated its bomb threat procedure and declared an Unusual Event at 1:00 p.m.
No bomb was found and the Unusual Event was terminated at 2:26 p.m.
NRC received notification of the event via ENS at 1:05 p.m.
The senior resident inspector responded to the main control room by
!
12:30 p.m. and observed the decisions and action being implemented
by the Shift Superintendent and station management.
t 3.2 Initial Searches and Determination of Credibility Under the direction of the shift superintendent, the licensee initiated search teams in accordance with contingency procedures
.
and in coordination with security force representatives. Teams
'
consisting of security force members and plant operators were dispatched to vital areas inside the plant by 12:57 p.m.
All searches were completed by 2:25 p.m., with negative results. The
,
l Unusual Event was terminated shortly after the teams presented their findings to shift supervision.
The shift superintendent was knowledgeable of the emergency plan.
The superintendent properly assumed. responsibility for decisions
'
related to emergency action.
In accordance with security procedures
~
and the Security Plan, a determination as to the credibility of the
,
threat was pursued. The shift superintendent appropriately dispatched
,
- _ - _ -,. - -. _ _ _ _ _ - - _
_...._ _.___ _,
.
_., _ _ _ _. _ - _ - _ - -
_
.
'
\\
.
searches while the credibility decision was being made, and declared an Unsual Event at 1:00 p.m. pending a determination of credibility.
The licensee also controlled the access of non-essential personnel into the protected area.
The inspector observed that security shift supervision and control room supervision closely coordinated response actions. Sts. tion and corporate management were appropriately. involved, and the threat was subsequently considered to be not credible.
3.3 Conclusions
Security response to the main control room and to the shift superin-tendent was observed to be immediate. The inspector concluded that shift superintendents were knowledgeable of the physical security and emergency plans, and made proper determinations indicating good command of plant operations. The highest priority was given safe reactor operation. The licensee is also considering a change to emergency plan procedure EP-101 regarding the definition of an
<
Unusual Event with respect to a bomb threat te the effect that an; event declaration should be made after determination of credibility.
No violations were identified.
'
l
<
b
k i
!
.
. -
-
-
-
-
-
- -
-
- -
-
- -
-
.
_ _
'
\\
f
'i
.
, -
-
4.0 (Proprietary Information)
i Pages 8-12 are' intentionally left blank.
,
,
,
.
I I.-
f THISPARAGRAPRCONTAgl$2.790 fNf0RMATION AllOis100TFOR NDLIC DISCLOSURE,iT13
'
,
13TENil0llALLYLETBLAllK.
,
/
)
%
i
g7
-
, -,, - -, - - - -.,, - - -.
+r
-.-_
-e
,
4--
--- -,
- --- - - -
--
v v
v ~-- -, - - - - ~
.-
,,
e 5.0 Management Meetings Verbal summaries of preliminary inspection findings were provided to the Unit 1 Station Manager, the Superintendent of Operations, and the Nuclear Security Specialist during the course of the inspection.
The inspector met with licensee representatives from Operations and Security on a number of occasions to discuss the findings of this inspection. Because of the proprietary nature of the issues discussed, the licensee classified the associated documents as Proprietary Informa tion. The inspector informed station management that Detail 4 of this report would be handled as Proprietary Information.
No draft inspection report material was provided to the licensee during the inspection.
.
.
.r
.-
m-
-- -. -,. - -.-
-
-- -,, - - - -
,,
m 7x--