IR 05000413/2024403
| ML24344A091 | |
| Person / Time | |
|---|---|
| Site: | Catawba  (NPF-035, NPF-052) |
| Issue date: | 12/09/2024 |
| From: | Daniel Bacon NRC/RGN-II/DORS/EB2 |
| To: | Flippin N Duke Energy Carolinas |
| References | |
| IR 2024403 | |
| Download: ML24344A091 (1) | |
Text
SUBJECT:
CATAWBA NUCLEAR STATION - CYBER SECURITY INSPECTION REPORT 05000413/2024403 AND 05000414/2024403
Dear Nicole Flippin:
On October 31, 2024, the U.S. Nuclear Regulatory Commission (NRC) completed an inspection at Catawba Nuclear Station and discussed the results of this inspection with you and other members of your staff. The results of this inspection are documented in the enclosed report.
No findings or violations of more than minor significance were identified during this inspection.
This letter, its enclosure, and your response (if any) will be made available for public inspection and copying at http://www.nrc.gov/reading-rm/adams.html and at the NRC Public Document Room in accordance with Title 10 of the Code of Federal Regulations 2.390, Public Inspections, Exemptions, Requests for Withholding.
Sincerely, Daniel M. Bacon, Chief Engineering Branch 2 Division of Reactor Projects Docket Nos. 05000413 and 05000414 License Nos. NPF-35 and NPF-52
Enclosure:
As stated
Inspection Report
Docket Numbers:
05000413 and 05000414
License Numbers:
Report Numbers:
05000413/2024403 and 05000414/2024403
Enterprise Identifier:
I-2024-403-0020
Licensee:
Duke Energy Carolinas, LLC
Facility:
Catawba Nuclear Station
Location:
York, SC
Inspection Dates:
October 28, 2024 to November 01, 2024
Inspectors:
J. Alamudun, Reactor Inspector
P. Braaten, Senior Reactor Inspector
A. Konkal, Cyber Security Specialist
C. Simpson, Cyber Security Specialist
Approved By:
Daniel M. Bacon, Chief
Engineering Branch 2
Division of Reactor Projects
SUMMARY
The U.S. Nuclear Regulatory Commission (NRC) continued monitoring the licensees performance by conducting a cyber security inspection at Catawba Nuclear Station, in accordance with the Reactor Oversight Process. The Reactor Oversight Process is the NRCs program for overseeing the safe operation of commercial nuclear power reactors. Refer to https://www.nrc.gov/reactors/operating/oversight.html for more information.
List of Findings and Violations
No findings or violations of more than minor significance were identified.
Additional Tracking Items
None.
INSPECTION SCOPES
Inspections were conducted using the appropriate portions of the inspection procedures (IPs) in effect at the beginning of the inspection unless otherwise noted. Currently approved IPs with their attached revision histories are located on the public website at http://www.nrc.gov/reading-rm/doc-collections/insp-manual/inspection-procedure/index.html. Samples were declared complete when the IP requirements most appropriate to the inspection activity were met consistent with Inspection Manual Chapter (IMC) 2201, Security Inspection Program for Commercial Nuclear Power Reactors. The inspectors reviewed selected procedures and records, observed activities, and interviewed personnel to assess licensee performance and compliance with Commission rules and regulations, license conditions, site procedures, and standards.
SAFEGUARDS
71130.10 - Cybersecurity
The inspectors reviewed implementation of Catawbas Cyber Security Plan (CSP) and focused on evaluating changes to the program, critical systems, and CDAs.
Cybersecurity (1 Sample)
- (1) The following IP sections were completed and constitute completion of 1 sample:
- 03.01, Review Ongoing Monitoring and Assessment Activities
- 03.02, Verify Defense-in-Depth Protective Strategies
- 03.03, Review of Configuration Management Change Control
- 03.05, Evaluation of Corrective Actions
INSPECTION RESULTS
No findings were identified.
EXIT MEETINGS AND DEBRIEFS
The inspectors verified no proprietary information was retained or documented in this report.
- On October 31, 2024, the inspectors presented the cyber security inspection results to Nicole Flippin and other members of the licensee staff.
DOCUMENTS REVIEWED
Inspection
Procedure
Type
Designation
Description or Title
Revision or
Date
CN-1607.32-05-
03.CDA0075.AD
- RESTRICTED ACCESS** IKE Ethernet Gateway
Rev. 01
CN-1607.32-05-
03.CDA0075.WD
- Restriced (sic) Access** IKE Ethernet Gateway
(Walkdown)
Rev. 00
CN-1607.32-05-
03.CDA0100.AD
- RESTRICTED ACCESS** Domain Controllers
Rev. 07
CN-1607.32-05-
03.CDA0100.WD
- RESTRICTED ACCESS** Domain Controllers (walkdown)
Rev. 06
CN-1607.32-05-
03.CDA0301.WD
- Restricted Access ** EXA HGU
Rev. 00
CN-1607.32-05-
03.CDA0302.WD
- RESTRICTED ACCESS** EXA Radios
Rev. 00
CN-1607.32-05-
03.CDA0309.AD
- RESTRICTED ACCESS** EXA CISCO NS
Rev. 03
CN-1607.32-05-
03.CDA0309.WD
- RESTRICTED ACCESS** EXA CISCO NS (walkdown)
Rev. 02
CN-1607.32-05-
03.CDA0319.AD
- RESTRICTED ACCESS** EXA LCP
Rev. 01
CN-1607.32-05-
03.CDA0319.WD
LCP Controller
Rev. 0
CN-1607.32-05-
03.CDA0530.AD
MSU Transformers
Rev. 02
CN-1607.32-05-
03.CDA0530.WD
MSU Transformers Walkdown
Rev. 02
CN-1607.32-
05.CDA0301.AD
- RESTRICTED ACCESS** EXA HGU
Rev. 02
Calculations
NGD-CYB-1931-
0002 - EC417211
Cyber Security Critical Digital Asset Screening
06/25/2020
AR 02447138
Corrective Action
Documents
Inspection
Procedure
Type
Designation
Description or Title
Revision or
Date
AR 02449752
AR 02473416
AR 02529433
AR 02533419
24 NRC Cyber-Assessment CN -1607.32-05-
03.CDA0530.AD, Rev 2 Discrepancy
10/28/2024
IP/0/B/3410/023
10/29/2024
CNS 2024 NRC Cyber: CN -1607.32-05-03.CDA0309.AD
control response and CDA record
10/30/2024
CNS 2024 NRC Cyber: CN -1607.32-05-03.CDA0309.AD
control response and CDA record
10/30/2024
Corrective Action
Documents
Resulting from
Inspection
24 NRC Cyber - Alerts not generated for certain logs
10/30/2024
Self-Assessments AD-PI-ALL-0300
- 02480411 - 2023 Cyber Security Program Effectiveness
Review
2/31/2023