Text

NRC Inspection Report 05000458/2021090 and Investigation Reports 4-2020-008, 4-2020-009, and 4-2020-019
	ML21182A222
Person / Time
Site:	River Bend
Issue date:	07/01/2021
From:	Anton Vegel; NRC/RGN-IV/DRP
To:	Karenina Scott; Entergy Operations
References
	EA-21-017, EA-21-030, EA-21-050 4-2020-008, 4-2020-009, 4-2020-019, IR 2021090
	Download: ML21182A222 (17)
	v • d • e

July 1, 2021

SUBJECT:

RIVER BEND STATION - NRC INSPECTION REPORT 05000458/2021090 AND INVESTIGATION REPORTS 4-2020-008, 4-2020-009, AND 4-2020-019

Dear Mr. Scott:

This letter refers to three investigations conducted at the River Bend Station by the U.S. Nuclear Regulatory Commissions (NRCs) Office of Investigations. The purpose of the investigations was to determine whether willful violations of NRC requirements occurred at the River Bend Station involving the administration of a training examination, the performance of operator rounds, and the control of critical digital asset access keys. The investigations were initiated on April 6, 2020; April 7, 2020; and May 14, 2020, and were completed on February 3, 2021; March 30, 2021; and March 2, 2021, respectively. The issues were discussed with you and other members of your staff during a telephone conversation on June 16, 2021. A factual summary (Enclosure 1) provides the details of the NRCs review of these cases.

Based on the results of the investigations, three apparent violations were identified and are being considered for escalated enforcement action in accordance with the NRC Enforcement Policy. The Enforcement Policy can be found on the NRCs website at http://www.nrc.gov/about-nrc/regulatory/enforcement/enforce-pol.html. The apparent violations involve the failure to ensure that training examinations were appropriately proctored, the failure of a non-licensed operator to perform required operator rounds, and the failure to appropriately control critical digital asset access keys. The apparent violations are documented in Enclosure 2.

Before the NRC makes its enforcement decision, we are providing you an opportunity to request a predecisional enforcement conference (PEC). If a PEC is held, the NRC may issue a press release to announce the time and date of the conference; however, the PEC will be closed to public observation since information related to an Office of Investigations report will be discussed, and the report has not been made public. If you decide to participate in a PEC, please contact Mr. Jason Kozal, Chief, Projects Branch C, at 817-200-1144 within 10 days of the date of this letter. A PEC should be held within 30 days of the date of this letter. If a response is not received within the time specified or an extension of time has not been granted by the NRC, the NRC will proceed with its enforcement decision or schedule a PEC. If you choose to request a PEC, the conference will afford you the opportunity to provide your perspective on these matters and any other information that you believe the NRC should take into consideration before making an enforcement decision. The decision to hold a PEC does not mean that the NRC has determined that a violation has occurred or that enforcement action will be taken. This conference would be conducted to obtain information to assist the NRC in making an enforcement decision. The topics discussed during the conference may include information to determine whether a violation occurred, information to determine the significance of a violation, information related to the identification of a violation, and information related to any corrective actions taken or planned. In presenting your corrective actions, you should be aware that the promptness and comprehensiveness of your actions will be considered in assessing any civil penalty for the apparent violations.

In addition, please be advised that the number and characterization of the apparent violations described in Enclosure 2 may change as a result of further NRC review. You will be advised by separate correspondence of the results of our deliberations on this matter.

In addition, one finding of very low safety significance (Green) is documented in this report.

This finding is associated with one of the apparent violations referenced above. One licensee-identified violation, which was determined to be Severity Level IV, is also documented in this report. The NRC is treating this violation as a non-cited violation (NCV) consistent with Section 2.3.2.a of the Enforcement Policy.

If you contest the NCV or significance of the violation, you should provide a response within 30 days of the date of this inspection report, with the basis for your denial, to the U.S. Nuclear Regulatory Commission, ATTN: Document Control Desk, Washington, DC 20555-0001, with copies to: (1) the Regional Administrator, Region IV; (2) the Director, Office of Enforcement, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001; and (3) the NRC resident inspector at the River Bend Station.

If you disagree with a cross-cutting aspect assignment in this report, you should provide a response within 30 days of the date of this inspection report, with the basis for your disagreement, to the U.S. Nuclear Regulatory Commission, ATTN: Document Control Desk, Washington, DC 20555-0001; with copies to the Regional Administrator, Region IV; and the NRC Resident Inspector at the River Bend Station.

In accordance with 10 CFR 2.390 of the NRCs Agency Rules of Practice and Procedure, a copy of this letter, its enclosures, and your responses, if you choose to provide them, will be made available electronically for public inspection in the NRC Public Document Room or from the NRCs ADAMS, accessible from the NRC website at http://www.nrc.gov/reading-rm/adams.html. To the extent possible, your response should not include any personal privacy or proprietary information so that it can be made available to the public without redaction.

However, you should be aware that all final NRC documents, including the final Office of Investigations report, are official agency records and may be made available to the public under the Freedom of Information Act, subject to redaction of certain information in accordance with the Freedom of Information Act. If you have any questions concerning this matter, please contact Mr. Jason Kozal of my staff at 817-200-1144.

Sincerely, Digitally signed by Anton Anton Vegel Vegel Date: 2021.07.01 12:27:00-05'00'

Anton Vegel, Director Division of Reactor Projects Docket No. 05000458 License No. NPF-47

Enclosures:

1. Factual Summaries 2. Inspection Report 05000458/2021090

ML21182A222

_SUNSI Review: ADAMS: Non-Publicly Available _Non-Sensitive Keyword:

By: CHY _ Yes No _ Publicly Available Sensitive OFFICE SPE:DRP/PBC SRI:DRS/EB2 SRI:DRS/EB2 ES:ACES TL:ACES C:DRS/EB2 NAME PVossmar GPick JDrake JKramer DDodson NTaylor SIGNATURE /RA/ E /RA/ E /RA/ E /RA/ E /RA/ E /RA/ E DATE 06/15/21 06/11/21 06/16/21 06/15/21 06/16/21 06/16/21 OFFICE C:DRP/PBC RC OE NRR NRR NSIR NAME JKozal DCylkowski JPeralta THipschman CMiller FSullivan SIGNATURE /RA/ E /RA/ E /RA/ E /RA/ E /RA/ E /RA/ E DATE 06/16/21 06/17/21 06/28/21 06/24/21 06/29/21 06/25/21 OFFICE OGC D:DRS D:DRP NAME RAugustus RLantz AVegel SIGNATURE /NLO/ E /RA/ E /RA/ E DATE 06/23/21 06/30/21 07/01/21

FACTUAL SUMMARIES OFFICE OF INVESTIGATIONS REPORT 4-2020-008 On April 6, 2020, the U.S. Nuclear Regulatory Commission (NRC) Office of Investigations Region IV initiated an investigation to determine if a Level III nondestructive examination (NDE)

proctor, formerly employed by Entergy Operations Inc. (licensee) at the River Bend Station, willfully falsified a general magnetic particle examination (MPE) on behalf of an NDE examinee before the proctor submitted the exam to the Principal Level III NDE inspector for grading. The investigation was completed on February 3, 2021.

On August 13, 2018, a Level III NDE proctor administered a general MPE to a Level II NDE inspector (examinee). After proctoring the exam, the Level III NDE proctor misplaced several pages of the MPE exam taken by the examinee. The Level III NDE proctor created an unauthorized duplicate copy of the exam, and then deliberately falsified an MPE exam on behalf of the examinee and submitted the falsified MPE exam to the Principal Level III NDE Inspector for grading. During an interview with the Office of Investigations Special Agent, the Level III NDE proctor admitted that he had falsified the second MPE exam to cover-up the fact that he had lost the original exam and submitted a falsified exam for grading.

Based on the evidence developed during the investigation, it appears that the Level III NDE proctor deliberately copied and re-created an MPE exam on behalf of an examinee and deliberately submitted the falsified exam to the licensee for grading. This appears to have caused the licensee to be in violation of 10 CFR Part 50, Appendix B, Criterion V.

OFFICE OF INVESTIGATIONS REPORT 4-2020-009 On April 7, 2020, the NRC Office of Investigations Region IV initiated an investigation to determine if a senior nuclear equipment operator over-instruction (OI) and a senior nuclear equipment operator under-instruction (UI) trainee employed by Entergy Operations Inc. at the River Bend Station willfully failed to perform operator rounds. The investigation was completed on March 30, 2021.

On September 1, 2019, the OI and the UI conducted operator rounds of the control building.

Prior to the operator rounds, the operations shift manager placed a bright yellow placard on unit alarm (UA) panel 650 for audit purposes. As part of the control building operator rounds, watchstanders are required to check UA panels 250, 425, and 650.

During the performance of the control building operator rounds, the OI and the UI stopped near a filter train in the control building where the UI asked the OI numerous questions about the filter train. The OI told the UI that they needed to keep moving and walked away towards the next inspection area, UA panels 250, 425, and 650. As the OI walked past the UA panels, he pointed with his left hand towards the UA panels and turned his head to the right and said out loud, 250, 425, 650 panel checks. The OI neither observed the panels nor took the readings for the UA panels, and therefore, the OI did not observe the yellow placard attached to UA panel 650. Assuming that the OI calling out the panel numbers was the OI confirming that he had checked the panels, the UI entered the readings for those panels into the handheld device as satisfactorily completed. The UI skipped panels 250, 425, and 650 and neither observed them Enclosure 1

nor took readings from them. The OI did not question the UI on whether he conducted the UA panel checks, and the UI did not ask the OI if he had completed the panel checks.

While conducting the control building operator rounds, both the OI and the UI failed to complete the panel check of UA panels 250, 425, and 650. In addition, the OI failed to properly observe the UI completing the panel checks. During an interview with the Office of Investigations Special Agent, the OI admitted that he failed to closely monitor the UI during their operator rounds and failed to verify that the UI a

Inspection Report

Docket Number: 05000458 License Number: NPF-47 Report Number: 05000458/2021090 Enterprise Identifier: I-2021-090-0004 Licensee: Entergy Operations, Inc.

Facility: River Bend Station Location: St. Francisville, LA Inspection Dates: February 4, 2021 to June 16, 2021 Inspectors: P. Vossmar, Senior Project Engineer G. Pick, Senior Reactor Inspector J. Drake, Senior Reactor Inspector C. Young, Senior Project Engineer Approved By: Jason W. Kozal, Chief Reactor Project Branch C Division of Reactor Projects Enclosure 2

SUMMARY The U.S. Nuclear Regulatory Commission (NRC) continued monitoring the licensees performance by conducting an NRC inspection at the River Bend Station, in accordance with the Reactor Oversight Process (ROP). The ROP is the NRCs program for overseeing the safe operation of commercial nuclear power reactors. Refer to https://www.nrc.gov/reactors/operating/oversight.html for more information.

List of Findings and Violations Falsification of Magnetic Particle Exam by Non-Destructive Examination Proctor Cornerstone Severity Cross-Cutting Report Aspect Section Not Apparent Violation Not Not Applicable AV 05000458/2021090-01 Applicable Applicable Open EA-21-017 The NRC identified an apparent violation of 10 CFR Part 50 Appendix B, Criterion V, Instructions, Procedures, and Drawings, for the licensees failure to accomplish activities affecting quality in accordance with Procedure CEP-NDE-0100, Administration and Control of NDE. Specifically, when an exam proctor, who was not the Principal Level III Nondestructive Examination (NDE) Technician, deliberately made an unauthorized copy of a Magnetic Particle General Exam with the same control number and falsified the answers.

Failure to Perform Operator Rounds Cornerstone Severity Cross-Cutting Report Aspect Section Not Apparent Violation Not Not Applicable AV 05000458/2021090-02 Applicable Applicable Open EA-21-050 The NRC identified an apparent violation of 10 CFR Part 50, Appendix B, Criterion V, Instructions, Procedures, and Drawings, for the licensee's failure to complete operator rounds in accordance with station procedures. Specifically, a non-licensed operator assigned to the control building as over-instruction failed to properly observe the under-instruction complete all panel checks and failed to ensure a complete tour of all required areas of their watchstation.

Failure to Control Critical Digital Asset Key Cornerstone Significance/Severity Cross-Cutting Report Aspect Section Security Green [P.3] - Not Apparent Violation Resolution Applicable AV 05000458/2021090-03 Open EA-21-030 The NRC identified a Green finding and an associated apparent violation of 10 CFR 73.54(b)(2), Renewed Operating License No. NPF-47 Condition 2.E, and the Cyber E2-2

Security Plan. Specifically, a work week senior reactor operator failed to follow key control procedures that resulted in an unauthorized individual opening a door to an area containing critical digital assets.

Additional Tracking Items None.

E2-3

INSPECTION RESULTS Falsification of Magnetic Particle Exam by Non-Destructive Examination Proctor Cornerstone Severity Cross-Cutting Report Aspect Section Not Apparent Violation Not Not Applicable AV 05000458/2021090-01 Applicable Applicable Open EA-21-017 The NRC identified an apparent violation of 10 CFR Part 50 Appendix B, Criterion V, Instructions, Procedures, and Drawings, for the licensees failure to accomplish activities affecting quality in accordance with Procedure CEP-NDE-0100, Administration and Control of NDE. Specifically, when an exam proctor, who was not the Principal Level III Nondestructive Examination (NDE) Technician, deliberately made an unauthorized copy of a Magnetic Particle General Exam with the same control number and falsified the answers.

Description: On August 13, 2018, a Level III NDE inspector acted as a proctor and administered a General Exam for Magnetic Particle. The licensees process required the completed exams to be sent to the Principal Level III NDE inspector for grading and to be processed as records. The proctor placed the completed exam in an envelope with others for transmission to the Principal Level III NDE inspector. The Principal Level III identified a discrepancy during his normal review of the examinations and initiated an investigation into the discrepancy through his management supervisor.

10 CFR Part 50, Appendix B, Criterion V requires, in part, that activities affecting quality be accomplished in accordance with documented procedures.

Licensee Procedure CEP-NDE-0100, Administration and Control of NDE, Revision 11, a quality-related procedure, Section 5.2.2.4, requires, in part, that unless administered directly by the Principal Level III, exams shall be forwarded to an exam proctor. Exams shall not be copied after issuance from the Principal Level III, unless specifically requested. Additionally, Procedure CEP-NDE-0100, Section 5.2.2.3, requires, in part, that each written exam shall have a unique number and cover sheet.

On August 13, 2018, the exam proctor, who was not the Principal Level III, made an unauthorized copy of the exam with the same control number. Specifically, following administration of the exam to the applicant, the Level III NDE exam proctor thought he lost the original exam, so the proctor made a duplicate exam with the same control number without authorization from the Principal Level III and falsified the answers to prevent identification of a perceived error on his part.

The proctor was a senior technician at the site, entrusted with setting standards of quality for the other NDE technical staff. The proctors deliberate misconduct in the administration of the exam suggests an underlying lack of integrity in the senior technical staff at the station and potentially warrants escalation of the significance of the underlying violation.

Corrective Actions: After the licensees investigation, the proctors access authorization was removed for all Entergy Nuclear sites. The examinee was remediated and required to take a different Magnetic Particle Level II General Examination. The licensee conducted a root cause evaluation, as documented in CR-HQN-2018-02142, Falsification of Magnetic Particle Level II General Exam, Revision 0. The licensee determined that the root cause was the proctor maintained low standards of integrity related to the NDE qualification process. The E2-4

evaluation concluded that the proctor attempted to cover up a perceived mistake by falsifying the exam and lying to the exam-taker in order to get him to sign a new cover sheet.

Corrective Action Reference: CR-HQN-2018-02142 Performance Assessment: In accordance with applicable Inspection Manual Chapter and ROP guidance, the inspectors determined the licensees failure to follow NDE exam administration procedures was an ROP minor performance deficiency. The inspectors also determined this ROP performance deficiency represents a violation, which is discussed below in the Enforcement section. In addition to assessing ROP significance, it is necessary to use traditional enforcement to assess this violation because it involves willfulness, as specified in Section 2.2.4 of the NRC Enforcement Policy. Accordingly, these violations are assigned severity levels and can be considered for civil penalties using the traditional enforcement process.

Enforcement: The ROPs significance determination process does not specifically consider willfulness in its assessment of licensee performance. Therefore, in addition to the ROP performance deficiency assessment described above, it is necessary to address this violation, which involves willfulness, using traditional enforcement to adequately deter non-compliance.

Severity: The severity of this apparent violation will be determined in accordance with the Enforcement Policy pending a final enforcement determination.

Violation: Title 10 CFR Part 50 Appendix B, Criterion V, requires, in part, that activities affecting quality shall be accomplished in accordance with documented procedures.

Licensee Procedure CEP-NDE-0100, Administration and Control of NDE, Revision 11, a quality-related procedure, Section 5.2.2.4 requires, in part, that unless administered directly by the Principal Level III, exams shall be forwarded to an exam proctor. Exams shall not be copied after issuance from the Principal Level III, unless specifically requested. Additionally, Procedure CEP-NDE-0100, Section 5.2.2.3, requires, in part, that each written exam shall have a unique number and cover sheet.

Contrary to the above, on August 13, 2018, the exam proctor, who was not the Principal Level III, made an unauthorized copy of the exam with the same control number. Specifically, following administration of the exam to the applicant, the Level III NDE exam proctor thought he lost the original exam, so he printed a duplicate exam with the same control number, without authorization from the Principal Level III, falsified the answers, and submitted the exam to the Principal Level III to prevent identification of a perceived error on his part.

Enforcement Action: This violation is being treated as an apparent violation pending a final significance (enforcement) determination.

Failure to Perform Operator Rounds Cornerstone Severity Cross-Cutting Report Aspect Section Not Apparent Violation Not Not Applicable AV 05000458/2021090-02 Applicable Applicable Open EA-21-050 E2-5

The NRC identified an apparent violation of 10 CFR Part 50, Appendix B, Criterion V,

"Instructions, Procedures, and Drawings," for the licensee's failure to complete operator rounds in accordance with station procedures. Specifically, a non-licensed operator assigned to the control building as over-instruction failed to properly observe the under-instruction complete all panel checks and failed to ensure a complete tour of all required areas of their watchstation.

Description: On September 1, 2019, a senior nuclear equipment operator over-instruction (OI) was responsible for performing operator rounds in the control building, along with an under-instruction (UI) trainee. Prior to the operator rounds, the operations Shift Manager placed a placard on unit alarm (UA) panel 650 for audit purposes. As part of the control building operator rounds, watchstanders are required to check UA panels 250, 425, and 650.

During the performance of the control building operator rounds, the OI and the UI stopped near a filter train in the control building where the UI asked the OI numerous questions about the filter train. The OI told the UI that they needed to keep moving and walked away toward the next inspection area where UA panels 250, 425, and 650 were located. As the OI walked past the UA panels, he pointed with his left hand toward the UA panels and turned his head to the right and said out loud, 250, 425, 650 panel checks. The OI did not observe the panels, he did not take the readings for the UA panels, and therefore, he did not observe the placard attached to UA panel 650. Assuming that the OI calling out the panel numbers meant that the OI was confirming that he had checked the panels, the UI entered the readings for those panels into the handheld device as satisfactorily completed. The UI skipped panels 250, 425, and 650, and therefore, neither operator observed these panels nor took readings from them. The OI did not question the UI on whether he conducted the UA panel checks, and the UI did not ask the OI if he had done the panel checks.

Procedure EN-OP-115-01, Operator Rounds, Revision 4, a quality-related procedure intended to meet this requirement for non-licensed operators performing watchstanding rounds, Step 5.1.8 requires, in part, that watchstanders tour all required areas of their watchstation. Section 5.1.27 states, in part, that if a trainee is taking logs as part of training, then ensure the qualified watchstander is with the trainee to check each reading and perform a complete tour as the qualified watchstander. Section 5.2.2 states, in part, that the operator assigned to an area (room, building or group of buildings) is responsible to complete rounds applicable to that area.

While conducting the control building operator rounds, both the OI and the UI failed to complete the panel check of UA panels 250, 425, and 650. In addition, the OI failed to properly observe the UI completing the panel checks and failed to verify that the UI accurately captured all panel readings. These actions were contrary to the licensees procedure for operator watchstanding rounds, which require that the OI check and confirm each panel reading entered by the UI and perform a complete tour of all required areas.

Corrective Actions: The licensee temporarily disqualified both operators involved in this incident.

Corrective Action References: CR-RBS-2019-05764 and CR-RBS-2019-05833 Performance Assessment: In accordance with applicable Inspection Manual Chapter and ROP guidance, the inspectors determined the licensee's failure to complete operator rounds in accordance with station procedures was an ROP minor performance deficiency. The inspectors also determined this ROP performance deficiency represents a violation, which is discussed below in the Enforcement section. In addition to assessing ROP significance, it is E2-6

necessary to use traditional enforcement to assess this violation because it involves willfulness, as specified in Section 2.2.4 of the NRC Enforcement Policy. Accordingly, these violations are assigned severity levels and can be considered for civil penalties using the traditional enforcement process.

Enforcement: The ROPs significance determination process does not specifically consider willfulness in its assessment of licensee performance. Therefore, in addition to the ROP performance deficiency assessment described above, it is necessary to address this violation, which involves willfulness, using traditional enforcement to adequately deter non-compliance.

Severity: The severity of this apparent violation will be determined in accordance with the NRC Enforcement Policy pending a final enforcement determination.

Violation: Title 10 CFR Part 50, Appendix B, Criterion V, requires, in part, that activities affecting quality shall be accomplished in accordance with documented instructions or procedures of a type appropriate to the circumstances.

Entergy Procedure EN-OP-115-01, Operator Rounds, Revision 4, a quality-related procedure intended to meet this requirement for non-licensed operators performing watchstanding rounds, Step 5.1.8 requires, in part, that watchstanders tour all required areas of their watchstation. Section 5.1.27 states, in part, that if a trainee is taking logs as part of training, then ensure the qualified watchstander is with the trainee to check each reading and perform a complete tour as the qualified watchstander. Section 5.2.2 states, in part, that the operator assigned to an area (room, building or group of buildings) is responsible to complete rounds applicable to that area.

Contrary to the above, on September 1, 2019, a watchstander failed to tour all required areas of their watchstation. Specifically, a non-licensed operator assigned to the control building as over-instruction failed to properly observe the under-instruction complete all panel checks and failed to ensure a complete tour of all required areas of their watchstation.

Enforcement Action: This violation is being treated as an apparent violation pending a final significance (enforcement) determination.

Failure to Control Critical Digital Asset Key Cornerstone Significance/Severity Cross-Cutting Report Aspect Section Security Green [P.3] - Not Apparent Violation Resolution Applicable AV 05000458/2021090-03 Open EA-21-030 The NRC identified a Green finding and an associated apparent violation of 10 CFR 73.54(b)(2), Renewed Operating License No. NPF-47 Condition 2.E, and the Cyber Security Plan. Specifically, a work week senior reactor operator failed to follow key control procedures that resulted in an unauthorized individual opening a door to an area containing critical digital assets.

Description: On April 7, 2020, the licensees cyber security personnel identified that an individual had opened a door and peered inside a building containing critical digital E2-7

assets. The licensee determined that the individual who opened the door was not authorized to possess the critical digital asset access key, because he was not part of the critical group. In addition, the licensee determined that a work week senior reactor operator had violated an administrative key control procedure. Specifically, on March 31, 2020, the work week senior reactor operator checked out a critical digital asset access key to himself then handed it to a mechanical maintenance supervisor even though he had verified the individual was not authorized to have the critical digital asset access key. The work week senior reactor operator had requested that the maintenance supervisor contact him prior to using the key. The work week senior reactor operator indicated that he would get someone to go to the area or show up himself.

Cyber Security Plan, Revision 2, Section 2.2.7 states, in part, that the performance based requirements of the Cyber Security Plan provide defense-in-depth through the integration of systems, technologies, programs, equipment, supporting processes, and implementing procedures, as needed to ensure effectiveness of the program. Further, Section 3.1.6 states, in part, that defense-in-depth strategies are established by documenting and implementing the Operational and Management cyber security controls in Appendix E of NEI 08-09, Cyber Security Plan for Nuclear Power Reactors, Revision 6. NEI 08-09, Revision 6, Appendix E, Control E5.5 requires, in part, that security control consists of controlling physical access points (including designated entry/exit points) to locations where critical digital assets reside and verifies individual access authorization before granting access to these areas.

Licensee Procedure EN-IT-103-07, Cyber Security Physical Access Requirements for Critical Digital Assets, Revision 8, an implementing procedure of the Cyber Security Plan, Section 5.4, Administrative Key Issue and Control Process, Step 1 requires, in part, that keys that are used to control access to a room that contains critical digital assets can only be issued by personnel who are members of the critical group to critical group members.

The inspectors determined that the licensee had been challenged with maintaining control of critical digital asset access keys since 2018. During the full implementation baseline inspection in 2018, the NRC had identified a finding related to control of critical digital asset access keys. A subsequent licensee quality assurance audit in late 2018 had identified numerous instances of inadequate control of critical digital asset access keys. The inspectors determined that this recent event indicated that the prior actions had not effectively resolved the issue. After this event in March 2020, the licensee implemented additional corrective actions that assured that only authorized individuals could obtain critical digital asset access keys.

Corrective Actions: The licensee disciplined the individual who checked out the critical digital asset access key to himself and handed it to the unauthorized individual. The licensee also established a new method to obtain keys for areas containing critical digital assets. The new method requires authorized individuals to use their key card to access keys for areas containing critical digital assets.

Corrective Action References: CR-RBS-2020-01535 Performance Assessment:

Performance Deficiency: The failure to control critical digital asset access keys as required by plant procedures was a performance deficiency. Specifically, personnel with responsibility for controlling critical digital asset keys did not follow the procedure requirements when issuing keys.

E2-8

Screening: The inspectors determined the performance deficiency was more than minor because it was associated with the Response to Contingency Events attribute of the Security cornerstone and adversely affected the cornerstone objective to provide assurance that the licensees security system and material control and accountability program use a defense-in-depth approach and can protect against: (1) the design basis threat of radiological sabotage from external and internal threats, and (2) the theft or loss of radiological materials.

Specifically, providing keys to unauthorized personnel potentially enabled them to introduce malicious software to critical digital assets that could impact safety, security, or emergency planning functions.

Significance: The inspectors assessed the significance of the finding using Appendix E, Part IV, Cyber Security SDP. The inspectors determined that no cyber-attack occurred. The inspectors determined that a potential attack pathway existed for the critical digital assets ("Yes" to Figure 1, Step 1). The inspectors determined that there was a vulnerability that could be exploited because of the lack of technical controls in place (Yes to Figure 1, Step 2). Because the inspectors determined that there was detection capability along the attack pathway that would detect an intrusion prior to an adverse impact to a safety, security, or emergency planning function (Yes to Figure 1, Step 3), the finding screened as very low significance (Green).

Cross-Cutting Aspect: P.3 - Resolution: The organization takes effective corrective actions to address issues in a timely manner commensurate with their safety significance. In this instance, the licensee did not take effective corrective actions that resulted in another failure to control critical digital asset access keys when a senior reactor operator provided a key to an unauthorized individual to expedite work [P.3].

Enforcement: The ROPs significance determination process does not specifically consider willfulness in its assessment of licensee performance. Therefore, in addition to the ROP performance deficiency assessment described above, it is necessary to address this violation which involves willfulness using traditional enforcement to adequately deter non-compliance.

Severity: The severity of this apparent violation will be determined in accordance with the NRC Enforcement Policy pending a final enforcement determination.

Violation: Title 10 CFR 73.54(b)(2) requires, in part, that the licensee establish, implement, and maintain a cyber security program for the protection of the safety, security, and emergency preparedness assets from cyber attacks.

Renewed Facility Operating License No. NPF-47, License Condition 2.E requires, in part, that the licensee shall fully implement and maintain in effect all provisions of the Commission-approved Cyber Security Plan, including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p).

Cyber Security Plan, Revision 2, Section 2.2.7 states, in part, that the performance based requirements of the Cyber Security Plan provide defense-in-depth through the integration of systems, technologies, programs, equipment, supporting processes, and implementing procedures as needed to ensure effectiveness of the program. Further, Section 3.1.6 states, in part, that defense-in-depth strategies are established by documenting and implementing the Operational and Management cyber security controls in Appendix E of NEI 08-09, Revision 6. NEI 08-09, Revision 6, Appendix E, Control E5.5 requires, in part, that security control consists of controlling physical access points (including designated entry/exit points)

E2-9

to locations where critical digital assets reside and verifies individual access authorization before granting access to these areas.

Licensee Procedure EN-IT-103-07, Cyber Security Physical Access Requirements for Critical Digital Assets, Revision 8, an implementing procedure of the Cyber Security Plan, Section 5.4, Administrative Key Issue and Control Process, Step 1 requires, in part, that keys that are used to control access to a room that contains critical digital assets can only be issued by personnel who are members of the critical group to critical group members.

Contrary to the above, on March 31, 2020, a member of the critical group provided a key that is used to control access to a room that contains critical digital assets to a person who was not a critical group member. Specifically, a senior reactor operator provided a critical digital asset key to a maintenance supervisor, who was not a critical group member, and the supervisor accessed a room containing critical digital assets.

Enforcement Action: This violation is being treated as an apparent violation pending a final significance (enforcement) determination.

Licensee-Identified Non-Cited Violation N/A A Severity Level IV violation was identified by the licensee and has been entered into the licensee corrective action program and is being treated as a non-cited violation, consistent with Section 2.3.2 of the Enforcement Policy.

Violation: Title 10 CFR 50.9 requires, in part, that information required by statute or the Commissions regulations to be maintained by the licensee shall be complete and accurate in all material respects.

Title 10 CFR Part 50, Appendix B, Criterion XVII, requires in part, that sufficient records shall be maintained to furnish evidence of activities affecting quality. The records shall include at least the following: operating logs and the results of reviews, inspections, tests, audits, monitoring of work performance, and materials analyses.

Contrary to the above, on September 1, 2019, the licensee failed to maintain information required by the Commissions regulations complete and accurate in all material respects. Specifically, a non-licensed operator submitted operating logs for assigned plant areas, which they had not toured, and which were not complete and accurate in all material respects. The operating logs are required by 10 CFR Part 50, Appendix B, Criterion XVII to be maintained by the licensee. The information was material to the NRC because the NRC uses the information in the performance of inspections to ensure that the condition of safety-related equipment is being monitored as required by licensee procedures.

Significance/Severity: The inspectors determined this violation was associated with a minor ROP performance deficiency. The ROPs significance determination process does not specifically consider the regulatory process impact in its assessment of licensee performance. Therefore, it is necessary to address this violation, which impedes the NRCs ability to regulate, using traditional enforcement to adequately deter non-compliance. The NRC considered Enforcement Policy examples in Section 6.9, Inaccurate and Incomplete Information or Failure to Make a Required Report, and determined that this violation was of Severity Level IV significance on the basis that the inaccurate information had minimal safety impact, was not determined to involve willfulness, and would not have caused the NRC to reconsider a regulatory position or undertake a substantial further inquiry.

Corrective Action References: CR-RBS-2019-05764 and CR-RBS-2019-05833 E2-10

EXIT MEETINGS AND DEBRIEFS The inspectors verified no proprietary information was retained or documented in this report.

x On June 16, 2021, the inspectors presented the NRC inspection results to Mr. Kent Scott, Site Vice President, and other members of the licensee staff in a telephonic exit meeting.

E2-11

IR 05000458/2021090

Text

SUBJECT:

Dear Mr. Scott:

Enclosures:

Inspection Report

Navigation menu

v t e Inspection Report - River Bend - 2021090
80 \| 81 \| 82 \| 83 \| 84 \| 85 \| 86 \| 87 \| 88 \| 89 \| 90 \| 91 \| 92 \| 93 \| 94 \| 95 \| 96 \| 97 \| 98 \| 99 00 \| 01 \| 02 \| 03 \| 04 \| 05 \| 06 \| 07 \| 08 \| 09 \| 10 \| 11 \| 12 \| 13 \| 14 \| 15 \| 16 \| 17 \| 18 \| 19 \| 20 \| 21 \| 22 \| 23 \| 24 \|
2021 Quarterly Integrated 1Q (0) 2Q (0) 3Q (0) 4Q (0) Assessments Mid Cycle End of Cycle 10(0) 13(0) 90(0) 91(0) Security 401(0) 402(0) 403(0) 404(0) Operator Exams Emergency Planning Other

IR 05000458/2021090

Text

SUBJECT:

Dear Mr. Scott:

Enclosures:

Inspection Report

Navigation menu

Search