IR 05000458/2021090
| ML21182A222 | |
| Person / Time | |
|---|---|
| Site: | River Bend  |
| Issue date: | 07/01/2021 |
| From: | Anton Vegel NRC/RGN-IV/DRP |
| To: | Karenina Scott Entergy Operations |
| References | |
| EA-21-017, EA-21-030, EA-21-050 4-2020-008, 4-2020-009, 4-2020-019, IR 2021090 | |
| Download: ML21182A222 (17) | |
Text
July 1, 2021
SUBJECT:
RIVER BEND STATION - NRC INSPECTION REPORT 05000458/2021090 AND INVESTIGATION REPORTS 4-2020-008, 4-2020-009, AND 4-2020-019
Dear Mr. Scott:
This letter refers to three investigations conducted at the River Bend Station by the U.S. Nuclear Regulatory Commissions (NRCs) Office of Investigations. The purpose of the investigations was to determine whether willful violations of NRC requirements occurred at the River Bend Station involving the administration of a training examination, the performance of operator rounds, and the control of critical digital asset access keys. The investigations were initiated on April 6, 2020; April 7, 2020; and May 14, 2020, and were completed on February 3, 2021; March 30, 2021; and March 2, 2021, respectively. The issues were discussed with you and other members of your staff during a telephone conversation on June 16, 2021. A factual summary (Enclosure 1) provides the details of the NRCs review of these cases.
Based on the results of the investigations, three apparent violations were identified and are being considered for escalated enforcement action in accordance with the NRC Enforcement Policy. The Enforcement Policy can be found on the NRCs website at http://www.nrc.gov/about-nrc/regulatory/enforcement/enforce-pol.html. The apparent violations involve the failure to ensure that training examinations were appropriately proctored, the failure of a non-licensed operator to perform required operator rounds, and the failure to appropriately control critical digital asset access keys. The apparent violations are documented in Enclosure 2.
Before the NRC makes its enforcement decision, we are providing you an opportunity to request a predecisional enforcement conference (PEC). If a PEC is held, the NRC may issue a press release to announce the time and date of the conference; however, the PEC will be closed to public observation since information related to an Office of Investigations report will be discussed, and the report has not been made public. If you decide to participate in a PEC, please contact Mr. Jason Kozal, Chief, Projects Branch C, at 817-200-1144 within 10 days of the date of this letter. A PEC should be held within 30 days of the date of this letter. If a response is not received within the time specified or an extension of time has not been granted by the NRC, the NRC will proceed with its enforcement decision or schedule a PEC. If you choose to request a PEC, the conference will afford you the opportunity to provide your perspective on these matters and any other information that you believe the NRC should take into consideration before making an enforcement decision. The decision to hold a PEC does not mean that the NRC has determined that a violation has occurred or that enforcement action will be taken. This conference would be conducted to obtain information to assist the NRC in making an enforcement decision. The topics discussed during the conference may include information to determine whether a violation occurred, information to determine the significance of a violation, information related to the identification of a violation, and information related to any corrective actions taken or planned. In presenting your corrective actions, you should be aware that the promptness and comprehensiveness of your actions will be considered in assessing any civil penalty for the apparent violations.
In addition, please be advised that the number and characterization of the apparent violations described in Enclosure 2 may change as a result of further NRC review. You will be advised by separate correspondence of the results of our deliberations on this matter.
In addition, one finding of very low safety significance (Green) is documented in this report.
This finding is associated with one of the apparent violations referenced above. One licensee-identified violation, which was determined to be Severity Level IV, is also documented in this report. The NRC is treating this violation as a non-cited violation (NCV) consistent with Section 2.3.2.a of the Enforcement Policy.
If you contest the NCV or significance of the violation, you should provide a response within 30 days of the date of this inspection report, with the basis for your denial, to the U.S. Nuclear Regulatory Commission, ATTN: Document Control Desk, Washington, DC 20555-0001, with copies to: (1) the Regional Administrator, Region IV; (2) the Director, Office of Enforcement, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001; and (3) the NRC resident inspector at the River Bend Station.
If you disagree with a cross-cutting aspect assignment in this report, you should provide a response within 30 days of the date of this inspection report, with the basis for your disagreement, to the U.S. Nuclear Regulatory Commission, ATTN: Document Control Desk, Washington, DC 20555-0001; with copies to the Regional Administrator, Region IV; and the NRC Resident Inspector at the River Bend Station.
In accordance with 10 CFR 2.390 of the NRCs Agency Rules of Practice and Procedure, a copy of this letter, its enclosures, and your responses, if you choose to provide them, will be made available electronically for public inspection in the NRC Public Document Room or from the NRCs ADAMS, accessible from the NRC website at http://www.nrc.gov/reading-rm/adams.html. To the extent possible, your response should not include any personal privacy or proprietary information so that it can be made available to the public without redaction.
However, you should be aware that all final NRC documents, including the final Office of Investigations report, are official agency records and may be made available to the public under the Freedom of Information Act, subject to redaction of certain information in accordance with the Freedom of Information Act. If you have any questions concerning this matter, please contact Mr. Jason Kozal of my staff at 817-200-1144.
Sincerely, Anton Vegel, Director Division of Reactor Projects
Docket No. 05000458 License No. NPF-47
Enclosures:
1. Factual Summaries 2. Inspection Report 05000458/2021090
Anton Vegel Digitally signed by Anton Vegel Date: 2021.07.01 12:27:00-05'00'
_SUNSI Review:
ADAMS:
Non-Publicly Available _Non-Sensitive Keyword:
By: CHY
_ Yes No
_ Publicly Available Sensitive
OFFICE SPE:DRP/PBC SRI:DRS/EB2 SRI:DRS/EB2 ES:ACES TL:ACES C:DRS/EB2 NAME PVossmar GPick JDrake JKramer DDodson NTaylor SIGNATURE
/RA/ E
/RA/ E
/RA/ E
/RA/ E
/RA/ E
/RA/ E DATE 06/15/21 06/11/21 06/16/21 06/15/21 06/16/21 06/16/21 OFFICE C:DRP/PBC RC OE NRR NRR NSIR NAME JKozal DCylkowski JPeralta THipschman CMiller FSullivan SIGNATURE
/RA/ E
/RA/ E
/RA/ E
/RA/ E
/RA/ E
/RA/ E DATE 06/16/21 06/17/21 06/28/21 06/24/21 06/29/21 06/25/21 OFFICE OGC D:DRS D:DRP
NAME RAugustus RLantz AVegel
SIGNATURE
/NLO/ E
/RA/ E
/RA/ E
DATE 06/23/21 06/30/21 07/01/21
Enclosure 1 FACTUAL SUMMARIES
OFFICE OF INVESTIGATIONS REPORT 4-2020-008
On April 6, 2020, the U.S. Nuclear Regulatory Commission (NRC) Office of Investigations Region IV initiated an investigation to determine if a Level III nondestructive examination (NDE)
proctor, formerly employed by Entergy Operations Inc. (licensee) at the River Bend Station, willfully falsified a general magnetic particle examination (MPE) on behalf of an NDE examinee before the proctor submitted the exam to the Principal Level III NDE inspector for grading. The investigation was completed on February 3, 2021.
On August 13, 2018, a Level III NDE proctor administered a general MPE to a Level II NDE inspector (examinee). After proctoring the exam, the Level III NDE proctor misplaced several pages of the MPE exam taken by the examinee. The Level III NDE proctor created an unauthorized duplicate copy of the exam, and then deliberately falsified an MPE exam on behalf of the examinee and submitted the falsified MPE exam to the Principal Level III NDE Inspector for grading. During an interview with the Office of Investigations Special Agent, the Level III NDE proctor admitted that he had falsified the second MPE exam to cover-up the fact that he had lost the original exam and submitted a falsified exam for grading.
Based on the evidence developed during the investigation, it appears that the Level III NDE proctor deliberately copied and re-created an MPE exam on behalf of an examinee and deliberately submitted the falsified exam to the licensee for grading. This appears to have caused the licensee to be in violation of 10 CFR Part 50, Appendix B, Criterion V.
OFFICE OF INVESTIGATIONS REPORT 4-2020-009
On April 7, 2020, the NRC Office of Investigations Region IV initiated an investigation to determine if a senior nuclear equipment operator over-instruction (OI) and a senior nuclear equipment operator under-instruction (UI) trainee employed by Entergy Operations Inc. at the River Bend Station willfully failed to perform operator rounds. The investigation was completed on March 30, 2021.
On September 1, 2019, the OI and the UI conducted operator rounds of the control building.
Prior to the operator rounds, the operations shift manager placed a bright yellow placard on unit alarm (UA) panel 650 for audit purposes. As part of the control building operator rounds, watchstanders are required to check UA panels 250, 425, and 650.
During the performance of the control building operator rounds, the OI and the UI stopped near a filter train in the control building where the UI asked the OI numerous questions about the filter train. The OI told the UI that they needed to keep moving and walked away towards the next inspection area, UA panels 250, 425, and 650. As the OI walked past the UA panels, he pointed with his left hand towards the UA panels and turned his head to the right and said out loud, 250, 425, 650 panel checks. The OI neither observed the panels nor took the readings for the UA panels, and therefore, the OI did not observe the yellow placard attached to UA panel 650. Assuming that the OI calling out the panel numbers was the OI confirming that he had checked the panels, the UI entered the readings for those panels into the handheld device as satisfactorily completed. The UI skipped panels 250, 425, and 650 and neither observed them
E1-2 nor took readings from them. The OI did not question the UI on whether he conducted the UA panel checks, and the UI did not ask the OI if he had completed the panel checks.
While conducting the control building operator rounds, both the OI and the UI failed to complete the panel check of UA panels 250, 425, and 650. In addition, the OI failed to properly observe the UI completing the panel checks. During an interview with the Office of Investigations Special Agent, the OI admitted that he failed to closely monitor the UI during their operator rounds and failed to verify that the UI a
Inspection Report
Docket Number:
05000458
License Number:
Report Number:
Enterprise Identifier: I-2021-090-0004
Licensee:
Entergy Operations, Inc.
Facility:
River Bend Station
Location:
St. Francisville, LA
Inspection Dates:
February 4, 2021 to June 16, 2021
Inspectors:
P. Vossmar, Senior Project Engineer
G. Pick, Senior Reactor Inspector
J. Drake, Senior Reactor Inspector
C. Young, Senior Project Engineer
Approved By:
Jason W. Kozal, Chief
Reactor Project Branch C
Division of Reactor Projects
E2-2
SUMMARY
The U.S. Nuclear Regulatory Commission (NRC) continued monitoring the licensees
performance by conducting an NRC inspection at the River Bend Station, in accordance with
the Reactor Oversight Process (ROP). The ROP is the NRCs program for overseeing the safe
operation of commercial nuclear power reactors. Refer to
https://www.nrc.gov/reactors/operating/oversight.html for more information.
List of Findings and Violations
Falsification of Magnetic Particle Exam by Non-Destructive Examination Proctor
Cornerstone
Severity
Cross-Cutting
Aspect
Report
Section
Not
Applicable
Apparent Violation
Open
Not
Applicable
Not
Applicable
The NRC identified an apparent violation of 10 CFR Part 50 Appendix B, Criterion V,
Instructions, Procedures, and Drawings, for the licensees failure to accomplish activities
affecting quality in accordance with Procedure CEP-NDE-0100, Administration and Control
of NDE. Specifically, when an exam proctor, who was not the Principal Level III
Nondestructive Examination (NDE) Technician, deliberately made an unauthorized copy of a
Magnetic Particle General Exam with the same control number and falsified the answers.
Failure to Perform Operator Rounds
Cornerstone
Severity
Cross-Cutting
Aspect
Report
Section
Not
Applicable
Apparent Violation
Open
Not
Applicable
Not
Applicable
The NRC identified an apparent violation of 10 CFR Part 50, Appendix B, Criterion V,
Instructions, Procedures, and Drawings, for the licensee's failure to complete operator
rounds in accordance with station procedures. Specifically, a non-licensed operator assigned
to the control building as over-instruction failed to properly observe the under-instruction
complete all panel checks and failed to ensure a complete tour of all required areas of their
watchstation.
Failure to Control Critical Digital Asset Key
Cornerstone
Significance/Severity
Cross-Cutting
Aspect
Report
Section
Security
Green
Apparent Violation
Open
[P.3] -
Resolution
Not
Applicable
The NRC identified a Green finding and an associated apparent violation of
10 CFR 73.54(b)(2), Renewed Operating License No. NPF-47 Condition 2.E, and the Cyber
E2-3
Security Plan. Specifically, a work week senior reactor operator failed to follow key control
procedures that resulted in an unauthorized individual opening a door to an area containing
critical digital assets.
Additional Tracking Items
None.
E2-4
INSPECTION RESULTS
Falsification of Magnetic Particle Exam by Non-Destructive Examination Proctor
Cornerstone
Severity
Cross-Cutting
Aspect
Report
Section
Not
Applicable
Apparent Violation
Open
Not
Applicable
Not
Applicable
The NRC identified an apparent violation of 10 CFR Part 50 Appendix B, Criterion V,
Instructions, Procedures, and Drawings, for the licensees failure to accomplish activities
affecting quality in accordance with Procedure CEP-NDE-0100, Administration and Control
of NDE. Specifically, when an exam proctor, who was not the Principal Level III
Nondestructive Examination (NDE) Technician, deliberately made an unauthorized copy of a
Magnetic Particle General Exam with the same control number and falsified the answers.
Description: On August 13, 2018, a Level III NDE inspector acted as a proctor and
administered a General Exam for Magnetic Particle. The licensees process required the
completed exams to be sent to the Principal Level III NDE inspector for grading and to be
processed as records. The proctor placed the completed exam in an envelope with others for
transmission to the Principal Level III NDE inspector. The Principal Level III identified a
discrepancy during his normal review of the examinations and initiated an investigation into
the discrepancy through his management supervisor.
10 CFR Part 50, Appendix B, Criterion V requires, in part, that activities affecting quality be
accomplished in accordance with documented procedures.
Licensee Procedure CEP-NDE-0100, Administration and Control of NDE, Revision 11, a
quality-related procedure, Section 5.2.2.4, requires, in part, that unless administered directly
by the Principal Level III, exams shall be forwarded to an exam proctor. Exams shall not be
copied after issuance from the Principal Level III, unless specifically requested. Additionally,
Procedure CEP-NDE-0100, Section 5.2.2.3, requires, in part, that each written exam shall
have a unique number and cover sheet.
On August 13, 2018, the exam proctor, who was not the Principal Level III, made an
unauthorized copy of the exam with the same control number. Specifically, following
administration of the exam to the applicant, the Level III NDE exam proctor thought he lost
the original exam, so the proctor made a duplicate exam with the same control number
without authorization from the Principal Level III and falsified the answers to prevent
identification of a perceived error on his part.
The proctor was a senior technician at the site, entrusted with setting standards of quality for
the other NDE technical staff. The proctors deliberate misconduct in the administration of the
exam suggests an underlying lack of integrity in the senior technical staff at the station and
potentially warrants escalation of the significance of the underlying violation.
Corrective Actions: After the licensees investigation, the proctors access authorization was
removed for all Entergy Nuclear sites. The examinee was remediated and required to take a
different Magnetic Particle Level II General Examination. The licensee conducted a root
cause evaluation, as documented in CR-HQN-2018-02142, Falsification of Magnetic Particle
Level II General Exam, Revision 0. The licensee determined that the root cause was the
proctor maintained low standards of integrity related to the NDE qualification process. The
E2-5
evaluation concluded that the proctor attempted to cover up a perceived mistake by falsifying
the exam and lying to the exam-taker in order to get him to sign a new cover sheet.
Corrective Action Reference: CR-HQN-2018-02142
Performance Assessment: In accordance with applicable Inspection Manual Chapter and
ROP guidance, the inspectors determined the licensees failure to follow NDE exam
administration procedures was an ROP minor performance deficiency. The inspectors also
determined this ROP performance deficiency represents a violation, which is discussed below
in the Enforcement section. In addition to assessing ROP significance, it is necessary to
use traditional enforcement to assess this violation because it involves willfulness, as
specified in Section 2.2.4 of the NRC Enforcement Policy. Accordingly, these violations are
assigned severity levels and can be considered for civil penalties using the traditional
enforcement process.
Enforcement: The ROPs significance determination process does not specifically consider
willfulness in its assessment of licensee performance. Therefore, in addition to the ROP
performance deficiency assessment described above, it is necessary to address this
violation, which involves willfulness, using traditional enforcement to adequately deter
non-compliance.
Severity: The severity of this apparent violation will be determined in accordance with the
Enforcement Policy pending a final enforcement determination.
Violation: Title 10 CFR Part 50 Appendix B, Criterion V, requires, in part, that activities
affecting quality shall be accomplished in accordance with documented procedures.
Licensee Procedure CEP-NDE-0100, Administration and Control of NDE, Revision 11, a
quality-related procedure, Section 5.2.2.4 requires, in part, that unless administered directly
by the Principal Level III, exams shall be forwarded to an exam proctor. Exams shall not be
copied after issuance from the Principal Level III, unless specifically requested. Additionally,
Procedure CEP-NDE-0100, Section 5.2.2.3, requires, in part, that each written exam shall
have a unique number and cover sheet.
Contrary to the above, on August 13, 2018, the exam proctor, who was not the Principal
Level III, made an unauthorized copy of the exam with the same control number. Specifically,
following administration of the exam to the applicant, the Level III NDE exam proctor thought
he lost the original exam, so he printed a duplicate exam with the same control number,
without authorization from the Principal Level III, falsified the answers, and submitted the
exam to the Principal Level III to prevent identification of a perceived error on his part.
Enforcement Action: This violation is being treated as an apparent violation pending a final
significance (enforcement) determination.
Failure to Perform Operator Rounds
Cornerstone
Severity
Cross-Cutting
Aspect
Report
Section
Not
Applicable
Apparent Violation
Open
Not
Applicable
Not
Applicable
E2-6
The NRC identified an apparent violation of 10 CFR Part 50, Appendix B, Criterion V,
"Instructions, Procedures, and Drawings," for the licensee's failure to complete operator
rounds in accordance with station procedures. Specifically, a non-licensed operator assigned
to the control building as over-instruction failed to properly observe the under-instruction
complete all panel checks and failed to ensure a complete tour of all required areas of their
watchstation.
Description: On September 1, 2019, a senior nuclear equipment operator over-instruction
(OI) was responsible for performing operator rounds in the control building, along with an
under-instruction (UI) trainee. Prior to the operator rounds, the operations Shift Manager
placed a placard on unit alarm (UA) panel 650 for audit purposes. As part of the control
building operator rounds, watchstanders are required to check UA panels 250, 425, and 650.
During the performance of the control building operator rounds, the OI and the UI stopped
near a filter train in the control building where the UI asked the OI numerous questions about
the filter train. The OI told the UI that they needed to keep moving and walked away toward
the next inspection area where UA panels 250, 425, and 650 were located. As the OI walked
past the UA panels, he pointed with his left hand toward the UA panels and turned his head
to the right and said out loud, 250, 425, 650 panel checks. The OI did not observe the
panels, he did not take the readings for the UA panels, and therefore, he did not observe the
placard attached to UA panel 650. Assuming that the OI calling out the panel numbers meant
that the OI was confirming that he had checked the panels, the UI entered the readings for
those panels into the handheld device as satisfactorily completed. The UI skipped panels
250, 425, and 650, and therefore, neither operator observed these panels nor took readings
from them. The OI did not question the UI on whether he conducted the UA panel checks,
and the UI did not ask the OI if he had done the panel checks.
Procedure EN-OP-115-01, Operator Rounds, Revision 4, a quality-related procedure
intended to meet this requirement for non-licensed operators performing watchstanding
rounds, Step 5.1.8 requires, in part, that watchstanders tour all required areas of their
watchstation. Section 5.1.27 states, in part, that if a trainee is taking logs as part of training,
then ensure the qualified watchstander is with the trainee to check each reading and perform
a complete tour as the qualified watchstander. Section 5.2.2 states, in part, that the operator
assigned to an area (room, building or group of buildings) is responsible to complete rounds
applicable to that area.
While conducting the control building operator rounds, both the OI and the UI failed to
complete the panel check of UA panels 250, 425, and 650. In addition, the OI failed to
properly observe the UI completing the panel checks and failed to verify that the UI accurately
captured all panel readings. These actions were contrary to the licensees procedure for
operator watchstanding rounds, which require that the OI check and confirm each panel
reading entered by the UI and perform a complete tour of all required areas.
Corrective Actions: The licensee temporarily disqualified both operators involved in this
incident.
Corrective Action References: CR-RBS-2019-05764 and CR-RBS-2019-05833
Performance Assessment: In accordance with applicable Inspection Manual Chapter and
ROP guidance, the inspectors determined the licensee's failure to complete operator rounds
in accordance with station procedures was an ROP minor performance deficiency. The
inspectors also determined this ROP performance deficiency represents a violation, which is
discussed below in the Enforcement section. In addition to assessing ROP significance, it is
E2-7
necessary to use traditional enforcement to assess this violation because it involves
willfulness, as specified in Section 2.2.4 of the NRC Enforcement Policy. Accordingly, these
violations are assigned severity levels and can be considered for civil penalties using the
traditional enforcement process.
Enforcement: The ROPs significance determination process does not specifically consider
willfulness in its assessment of licensee performance. Therefore, in addition to the ROP
performance deficiency assessment described above, it is necessary to address this
violation, which involves willfulness, using traditional enforcement to adequately deter
non-compliance.
Severity: The severity of this apparent violation will be determined in accordance with the
NRC Enforcement Policy pending a final enforcement determination.
Violation: Title 10 CFR Part 50, Appendix B, Criterion V, requires, in part, that activities
affecting quality shall be accomplished in accordance with documented instructions or
procedures of a type appropriate to the circumstances.
Entergy Procedure EN-OP-115-01, Operator Rounds, Revision 4, a quality-related
procedure intended to meet this requirement for non-licensed operators performing
watchstanding rounds, Step 5.1.8 requires, in part, that watchstanders tour all required areas
of their watchstation. Section 5.1.27 states, in part, that if a trainee is taking logs as part of
training, then ensure the qualified watchstander is with the trainee to check each reading and
perform a complete tour as the qualified watchstander. Section 5.2.2 states, in part, that the
operator assigned to an area (room, building or group of buildings) is responsible to complete
rounds applicable to that area.
Contrary to the above, on September 1, 2019, a watchstander failed to tour all required areas
of their watchstation. Specifically, a non-licensed operator assigned to the control building as
over-instruction failed to properly observe the under-instruction complete all panel checks and
failed to ensure a complete tour of all required areas of their watchstation.
Enforcement Action: This violation is being treated as an apparent violation pending a final
significance (enforcement) determination.
Failure to Control Critical Digital Asset Key
Cornerstone
Significance/Severity
Cross-Cutting
Aspect
Report
Section
Security
Green
Apparent Violation
Open
[P.3] -
Resolution
Not
Applicable
The NRC identified a Green finding and an associated apparent violation of
10 CFR 73.54(b)(2), Renewed Operating License No. NPF-47 Condition 2.E, and the Cyber
Security Plan. Specifically, a work week senior reactor operator failed to follow key control
procedures that resulted in an unauthorized individual opening a door to an area containing
critical digital assets.
Description: On April 7, 2020, the licensees cyber security personnel identified that an
individual had opened a door and peered inside a building containing critical digital
E2-8
assets. The licensee determined that the individual who opened the door was not authorized
to possess the critical digital asset access key, because he was not part of the critical
group. In addition, the licensee determined that a work week senior reactor operator had
violated an administrative key control procedure. Specifically, on March 31, 2020, the work
week senior reactor operator checked out a critical digital asset access key to himself then
handed it to a mechanical maintenance supervisor even though he had verified the individual
was not authorized to have the critical digital asset access key. The work week senior
reactor operator had requested that the maintenance supervisor contact him prior to using the
key. The work week senior reactor operator indicated that he would get someone to go to the
area or show up himself.
Cyber Security Plan, Revision 2, Section 2.2.7 states, in part, that the performance based
requirements of the Cyber Security Plan provide defense-in-depth through the integration of
systems, technologies, programs, equipment, supporting processes, and implementing
procedures, as needed to ensure effectiveness of the program. Further, Section 3.1.6 states,
in part, that defense-in-depth strategies are established by documenting and implementing
the Operational and Management cyber security controls in Appendix E of NEI 08-09, Cyber
Security Plan for Nuclear Power Reactors, Revision 6. NEI 08-09, Revision 6, Appendix E,
Control E5.5 requires, in part, that security control consists of controlling physical access
points (including designated entry/exit points) to locations where critical digital assets reside
and verifies individual access authorization before granting access to these areas.
Licensee Procedure EN-IT-103-07, Cyber Security Physical Access Requirements for
Critical Digital Assets, Revision 8, an implementing procedure of the Cyber Security Plan,
Section 5.4, Administrative Key Issue and Control Process, Step 1 requires, in part, that
keys that are used to control access to a room that contains critical digital assets can only be
issued by personnel who are members of the critical group to critical group members.
The inspectors determined that the licensee had been challenged with maintaining control of
critical digital asset access keys since 2018. During the full implementation baseline
inspection in 2018, the NRC had identified a finding related to control of critical digital asset
access keys. A subsequent licensee quality assurance audit in late 2018 had identified
numerous instances of inadequate control of critical digital asset access keys. The
inspectors determined that this recent event indicated that the prior actions had not effectively
resolved the issue. After this event in March 2020, the licensee implemented additional
corrective actions that assured that only authorized individuals could obtain critical digital
asset access keys.
Corrective Actions: The licensee disciplined the individual who checked out the critical digital
asset access key to himself and handed it to the unauthorized individual. The licensee also
established a new method to obtain keys for areas containing critical digital assets. The new
method requires authorized individuals to use their key card to access keys for areas
containing critical digital assets.
Corrective Action References: CR-RBS-2020-01535
Performance Assessment:
Performance Deficiency: The failure to control critical digital asset access keys as required
by plant procedures was a performance deficiency. Specifically, personnel with responsibility
for controlling critical digital asset keys did not follow the procedure requirements when
issuing keys.
E2-9
Screening: The inspectors determined the performance deficiency was more than minor
because it was associated with the Response to Contingency Events attribute of the Security
cornerstone and adversely affected the cornerstone objective to provide assurance that the
licensees security system and material control and accountability program use a defense-in-
depth approach and can protect against: (1) the design basis threat of radiological sabotage
from external and internal threats, and (2) the theft or loss of radiological materials.
Specifically, providing keys to unauthorized personnel potentially enabled them to introduce
malicious software to critical digital assets that could impact safety, security, or emergency
planning functions.
Significance: The inspectors assessed the significance of the finding using Appendix E,
Part IV, Cyber Security SDP. The inspectors determined that no cyber-attack
occurred. The inspectors determined that a potential attack pathway existed for the critical
digital assets ("Yes" to Figure 1, Step 1). The inspectors determined that there was a
vulnerability that could be exploited because of the lack of technical controls in place (Yes to
Figure 1, Step 2). Because the inspectors determined that there was detection capability
along the attack pathway that would detect an intrusion prior to an adverse impact to a safety,
security, or emergency planning function (Yes to Figure 1, Step 3), the finding screened as
very low significance (Green).
Cross-Cutting Aspect: P.3 - Resolution: The organization takes effective corrective actions
to address issues in a timely manner commensurate with their safety significance. In this
instance, the licensee did not take effective corrective actions that resulted in another failure
to control critical digital asset access keys when a senior reactor operator provided a key to
an unauthorized individual to expedite work [P.3].
Enforcement: The ROPs significance determination process does not specifically consider
willfulness in its assessment of licensee performance. Therefore, in addition to the ROP
performance deficiency assessment described above, it is necessary to address this violation
which involves willfulness using traditional enforcement to adequately deter non-compliance.
Severity: The severity of this apparent violation will be determined in accordance with the
NRC Enforcement Policy pending a final enforcement determination.
Violation: Title 10 CFR 73.54(b)(2) requires, in part, that the licensee establish, implement,
and maintain a cyber security program for the protection of the safety, security, and
emergency preparedness assets from cyber attacks.
Renewed Facility Operating License No. NPF-47, License Condition 2.E requires, in part,
that the licensee shall fully implement and maintain in effect all provisions of the
Commission-approved Cyber Security Plan, including changes made pursuant to the
authority of 10 CFR 50.90 and 10 CFR 50.54(p).
Cyber Security Plan, Revision 2, Section 2.2.7 states, in part, that the performance based
requirements of the Cyber Security Plan provide defense-in-depth through the integration of
systems, technologies, programs, equipment, supporting processes, and implementing
procedures as needed to ensure effectiveness of the program. Further, Section 3.1.6 states,
in part, that defense-in-depth strategies are established by documenting and implementing
the Operational and Management cyber security controls in Appendix E of NEI 08-09,
Revision 6. NEI 08-09, Revision 6, Appendix E, Control E5.5 requires, in part, that security
control consists of controlling physical access points (including designated entry/exit points)
E2-10
to locations where critical digital assets reside and verifies individual access authorization
before granting access to these areas.
Licensee Procedure EN-IT-103-07, Cyber Security Physical Access Requirements for
Critical Digital Assets, Revision 8, an implementing procedure of the Cyber Security Plan,
Section 5.4, Administrative Key Issue and Control Process, Step 1 requires, in part, that
keys that are used to control access to a room that contains critical digital assets can only be
issued by personnel who are members of the critical group to critical group members.
Contrary to the above, on March 31, 2020, a member of the critical group provided a key that
is used to control access to a room that contains critical digital assets to a person who was
not a critical group member. Specifically, a senior reactor operator provided a critical digital
asset key to a maintenance supervisor, who was not a critical group member, and the
supervisor accessed a room containing critical digital assets.
Enforcement Action: This violation is being treated as an apparent violation pending a final
significance (enforcement) determination.
Licensee-Identified Non-Cited Violation
N/A
A Severity Level IV violation was identified by the licensee and has been entered into the
licensee corrective action program and is being treated as a non-cited violation, consistent
with Section 2.3.2 of the Enforcement Policy.
Violation: Title 10 CFR 50.9 requires, in part, that information required by statute or the
Commissions regulations to be maintained by the licensee shall be complete and accurate in
all material respects.
Title 10 CFR Part 50, Appendix B, Criterion XVII, requires in part, that sufficient records shall
be maintained to furnish evidence of activities affecting quality. The records shall include at
least the following: operating logs and the results of reviews, inspections, tests, audits,
monitoring of work performance, and materials analyses.
Contrary to the above, on September 1, 2019, the licensee failed to maintain information
required by the Commissions regulations complete and accurate in all material
respects. Specifically, a non-licensed operator submitted operating logs for assigned plant
areas, which they had not toured, and which were not complete and accurate in all material
respects. The operating logs are required by 10 CFR Part 50, Appendix B, Criterion XVII to
be maintained by the licensee. The information was material to the NRC because the NRC
uses the information in the performance of inspections to ensure that the condition of
safety-related equipment is being monitored as required by licensee procedures.
Significance/Severity: The inspectors determined this violation was associated with a minor
ROP performance deficiency. The ROPs significance determination process does not
specifically consider the regulatory process impact in its assessment of licensee
performance. Therefore, it is necessary to address this violation, which impedes the NRCs
ability to regulate, using traditional enforcement to adequately deter non-compliance. The
NRC considered Enforcement Policy examples in Section 6.9, Inaccurate and Incomplete
Information or Failure to Make a Required Report, and determined that this violation was of
Severity Level IV significance on the basis that the inaccurate information had minimal safety
impact, was not determined to involve willfulness, and would not have caused the NRC to
reconsider a regulatory position or undertake a substantial further inquiry.
Corrective Action References: CR-RBS-2019-05764 and CR-RBS-2019-05833
E2-11
EXIT MEETINGS AND DEBRIEFS
The inspectors verified no proprietary information was retained or documented in this report.
x
On June 16, 2021, the inspectors presented the NRC inspection results to Mr. Kent
Scott, Site Vice President, and other members of the licensee staff in a telephonic exit
meeting.