IR 05000461/2008403

From kanterella
Jump to navigation Jump to search
NRC Security Baseline Inspection Report 05000461-08-403(DRS) Preliminary Greater than Green Finding
ML11174A124
Person / Time
Site: Clinton Constellation icon.png
Issue date: 11/19/2008
From: Stephanie West
NRC/RES/DE
To: Pardee C
Exelon Nuclear
References
FOIA/PA-2011-0187, EA-08-284 IR-08-403
Download: ML11174A124 (15)
v  d  e


Text

ber 19, 2008

SUBJECT:

CLINTON POWER STATION NRC SECURITY BASELINE INSPECTION REPORT 05000461/2008403(DRS);

PRELIMINARY GREATER THAN GREEN FINDING

Dear Mr. Pardee:

On October 27, 2008, the U.S. Nuclear Regulatory Commission (NRC) completed a security baseline inspection at your Clinton Power Station. The inspection covered one or more of the key attributes of the security cornerstone of the NRC's Reactor Oversight Process. The enclosed inspection report documents the inspection results, which were discussed on October 27, 2008, with Mr. F. Kearney and other members of your staff.

The inspection examined activities conducted under your license as they relate to security and compliance with the Commission's rules and regulations and with the conditions of your license.

The inspectors reviewed selected procedures and records, observed activities, and interviewed personnel.

The attached report documents a finding that has the potential for significance of greater than very low security significance (i.e., greater than Green as determined by the Physical Protection Significance Determination Process). The final resolution of this finding will convey the increment in the importance to safety by assigning the corresponding color. The deficiencies were promptly corrected or compensated for, and the plant was in compliance with applicable physical protection and security requirements within the scope of this inspection before the inspectors left the site. The finding had a cross-cutting aspect in the area of Human Performance, Resources, H.2(c) because the licensee failed to maintain complete, accurate, and up-to-date procedures.

The finding was self-revealing. The finding is also an Apparent Violation (AV) of NRC requirements and is being considered for escalated enforcement action in accordance with the enforcement policy, which can be found on the NRC's web site at http://www.nrc.qov/about-nrc/requlatorv/enforcement/enforce-pol.html.

Enclodure transmitted herewi t tains Sensitivrý nclassiffe - afeg uards Information separated from enclosure, this ..ý-Viittal clument is decontrolled.

FF' L EQ - CURIT - EL N In accordance with Inspection Manual Chapter (IMC) 0609, Significance Determination Process (SDP), we intend to complete our evaluation using the best available information and issue our final determination of security significance within 90 days of the date of this letter.

The significance determination process encourages an open dialog between the staff and the licensee; however, the dialogue should not impact the timeliness of the staff's final significance determination. Before we make a final decision on this matter, we are providing you an opportunity: (1) to present to the NRC your perspectives on the facts and assumptions, used by the NRC to arrive at the finding and its significance, at a Regulatory Conference; or (2) submit your position on the finding to the NRC in writing. If you decline to request a Regulatory Conference or submit a written response, your ability to appeal the final SDP determination can be affected, in that by not doing either, you fail to meet the appeal requirements stated in the Prerequisite and Limitation sections of Attachment 2 of IMC 0609.

If you request a Regulatory Conference, it should be held within 30 days of the receipt of this letter and we encourage.you to submit supporting documentation at least one week prior to the conference in an effort to make the conference more efficient and effective. In the interest of protecting sensitive, security-related information, if a Regulatory Conference is held, it will not be open for public observation. If you decide to submit only a written response, such submittal should be sent to the NRC within 30 days of the receipt of this letter. Because this issue involves security-related information, if you choose to respond, your response will not be made available electronically for public inspection in the NRC Public Document Room or from the NRC's document system (ADAMS), accessible from the NRC Web site at http://www.nrc.qov/readinq-rm/adams.html. If Safeguards Information is necessary to provide an acceptable response, please provide the level of protection described in 10 CFR 73.21.

Otherwise, mark your entire response "Security-Related Information - Withhold Under 10 CFR 2.390" and follow the instructions for withholding in 10 CFR 2.390(b)(1).

Please contact Eric Duncan, Chief, Plant Support Branch at (630) 829-9757 within 10 business days of the date of your receipt of this letter to notify the NRC of your intentions. If we have not heard from you within 10 days, we will continue with our significance determination and enforcement decision and you will be advised by separate correspondence of the results of our deliberations on this matter.

Since the NRC has not made a final determination in this matter, no Notice of Violation is being issued for this inspection finding at this time. In addition, please be advised that the number and characterization of the AV described in the enclosed inspection report may change as a result of further NRC review.

In accordance with 10 CFR 2.390 of the NRC's "Rules of Practice," a copy of this letter will be available electronically for public inspection in the NRC Public Document Room or from the Publicly Available Records System (PARS) component of NRC's Agency wide Documents Access and Management System (ADAMS), accessible from the NRC Web site at http://www.nrc.gov/readincq-rm/adams.html (the Public Electronic Reading Room). However, because of the security-related concerns contained in the enclosure, and in accordance with 10 CFR 2.390, a copy of this letter's enclosure will not be available for public inspection.

ýFRCIAL ýONL -CUýRY- ýTED ýFO P

0 "ICIAL E-NL RIR~AT I/R Should you have any questions concerning this inspection, we will be pleased to discuss them with you.

Sincerely, IRA by Anne Boland for!

Steve West, Director Division of Reactor Safety Docket Nos. 50-461 License Nos. NPF-62 Nonpublic Enclosure: Inspection Report 05000461/2008403(DRS);

w/Attachment: Supplemental Information.

cc w/encl: D. Riffle, NSIR/DSO/DDSO J. Klinger, State Liaison Officer, Illinois Emergency Management Agency C. Williamson, Clinton Site Security Manager cc w/o encl: Site Vice President - Clinton Power Station Plant Manager - Clinton Power Station Regulatory Assurance Manager - Clinton Power Station Chief Operating Officer and Senior Vice President Senior Vice President - Midwest Operations Senior Vice President - Operations Support Vice President - Licensing and Regulatory Affairs Director - Licensing and Regulatory Affairs Manager Licensing - Clinton, Dresden and Quad Cities Associate General Counsel Document Control Desk - Licensing Assistant Attorney General Chairman, Illinois Commerce Commission O C IA ý 0 Y RMACION

týýýS ýNLY ý-EGUký-REý ýDl ýAýTION

SUMMARY OF FINDINGS

IR 05000461/2008403(DRS); 09/22/2008 - 09/26/2008; October 27, 2008;

Clinton Power Station; Routine Security Baseline Inspection; Identification and Resolution of Problems.

This report covers a 1 week period of announced routine baseline inspection on security. The inspection was conducted by two Region III physical security inspectors. One apparent violation (AV) with the potential security significance of greater than Green was identified. The significance of most findings is indicated by their color (Green, White, Yellow, Red) using InspectionManual Chapter (IMC) 0609, "Significance Determination Process" (SDP). Findings for which the SDP does not apply may be "Green" or be assigned a severity level after NRC management review. The NRC's program for overseeing the safe operation of commercial nuclear power reactors is described in NUREG-1649, "Reactor Oversight Process."

A. Inspector-Identified and Self-Revealed Findings

Cornerstone: Physical Protection

TBD. An apparent violation, with the potential security significance of greater than Green,was identified for the failure to properly store Safeguards Information (SG) while unattended. Security staff, while discussing staffing numbers which prompted a need to reference a new~jevision of a Security Training _Lesson Plan (LP), recognized that the document in-the Jwas a previous revision. The Security 4 r Shift Supervisor (SSS) then reamizea inai the current revision had been inadvertently combined with non-safeguards information that was removed from th* ,and placed on a desk in an unsecured office outside the Protected Area (PA) for a 5-day period.

The licensee Security Operations Supervisor (SOS) and the SSS took possession of the document and conductý.d apage count that verified no pages were missing. The SGI document was taken td' and placed in the SGI binder and recorded on the SGI log.

The licensee entered the issue into their corrective action program (AR #00796575) and initiated a prompt investigation and a root cause evaluation.

The finding was determined to be more than minor because, if the deficiency was not corrected, it could have led to unauthorized access to Safeguards Information by individuals who did not have a background check and need to know as required by 10 CFR 73.57. Pending determination of security significance, this finding is identified as an apparent violation of 10 CFR 73.21 requirements with the potential security significance of low to moderate. The cause of the finding is related to the cross-cutting area of Human Performance, Resources, H.2(c) because the procedure for controlling SGI did not provide the necessary guidance to individuals to ensure that SGI was properly marked and controlled. (Section 40A2.1).

Licensee-Identified Violations

None.

OFF"LS NýY- ýCRýITY- ýT 0 ýON

ýF QIASE"ONýLY- ý IT -R T IN 0 M I N

REPORT DETAILS

SAFEGUARDS

Cornerstone: Physical Protection (PP)

S07 Security Training (71130.07)

a. Inspection Scope

The inspectors evaluated this area by: reviewing program procedures, implementing procedures, and records; conducting interviews with responsible personnel and plant employees; and reviewing training drills and exercises.

The inspectors verified that the nuclear security training program:

(1) complied with the NRC-approved Training and Qualification Plan; Order EA-03-039, "Issuance of Order for Compensatory Measures Related to Training Enhancements on Tactical and Firearms Proficiency and Physical Fitness Applicable to Armed Nuclear Power Plant Security Force Personnel," dated April 29, 2003 (Training Order); and other regulatory ..

requirements;

(2) developed security personnel knowledge, skills and ability and conformed with the Training and Qualification Plan and other regulatory requirements; and
(3) ensured equipment assigned to security personnel conformed with the Training and Qualification Plan and other regulatory requirements. The inspectors conducted the following specific inspection activities:

reviewed and evaluated licensee event reports, safeguards log entries, and corrective action documents dated between April 2008 and September 2008; verified for the Training and Qualification Plan implementing procedures that the licensee:

(a) established policies and procedures for the selection, training, equipping, testing, qualification, and re-qualification of security personnel;
(b) compared the protective strategy to the training and qualification program to ensure that armed security personnel were fully trained and qualified;
(c) monitored the performance of armed security personnel against established goals and measures;
(d) established goals and measures commensurate with the Design Basis Threat;
(e) required that security personnel participate in range activities at the prescribed frequency;
(f) prevented security personnel from returning to duty when requisite qualification had not been achieved;
(g) established a corrective action program for the security training and qualification program;
(h) utilized certified firearms instructors;
(i) trained security officers regarding their role in supporting safe plant operations; and
(j) performed appropriate firing demonstrations; verified for initial training that the licensee:
(a) ensured personnel were trained, equipped, and qualified to perform each assigned security-related job task or duty;
(b) administered a written examination for security personnel as part of the qualification process;
(c) included the minimum prescribed elements of the Training Order on the written examination;
(d) established a minimum score for written examinations; and
(e) trained, equipped, and qualified, as appropriate, non-security or augmented security personnel for their assigned security tasks or duties;

- Enclosure I F IC LU N -S C ITYRE E I RM TIO

verified for initial firearms familiarization training that the licensee:

(a) conducted the training at the prescribed frequency; and
(b) included the eight elements prescribed by the Training Order; verified for daylight and night fire qualification training that the licensee:
(a) enhanced, as applicable, the daylight firearms training;
(b) established acceptable proficiency qualification scores for assigned firearms;
(c) enhanced the qualification program for shotguns, when used as contingency weapons;
(d) conducted night fire qualification;
(e) had'officers use each weapon type during night fire qualification;
(f) required loading, unloading, and clearing all weapon types during night fire qualification; and
(g) established acceptable proficiency scores for night fire qualification (Note: shotguns were not used as contingency weapons);verified for tactical qualification that the licensee:
(a) developed an appropriate tactical course;
(b) included thenine elements prescribed in the Training Order; and
(c) established an acceptable proficiency score for tactical qualification; verified that security personnel possessed adequate knowledge to carry out their assigned duties and responsibilities, including response procedures, use of deadly force, and armed response tactics; verified for tactical response team drills and exercises that the licensee:
(a) demonstrated security force capabilities to perform protective strategy responsibilities and individual skills;
(b) conducted prescribed tactical drills; and
(c) conducted prescribed force-on-force tactical exercises; verified for re-qualification training that the licensee:
(a) ensured security personnel received required training;
(b) included an annual written examination during firearms refresher training; and
(c) ensured armed security personnel passed the annual examination prior to resuming duties; verified that the licensee maintained training documentation in accordance with the regulations and the requirements outlined in the Training Order; and verified for physical fitness qualifications that the licensee:
(a) had security personnel demonstrate physical fitness for assigned duties by performing a practical physical exercise program within a specific time period;
(b) ensured the Training and Qualification Plan described the performance objectives and included strenuous activity, physical exertion, levels of stress, and exposure to elements for assigned security duties under both normal and emergency operations;
(c) required written certification by a licensed physician for each individual's participation in the exercise program; and
(d) developed a physical agility test commensurate with the protective strategy.

The inspectors reviewed security training program-related issues during baseline inspection activities to verify that they were being entered into the licensee's corrective

WICýIA UE N - C ITY ýEAýT ýFO ýTI

action program at an appropriate threshold, that adequate attention was being given to timely corrective actions, and that adverse trends were identified and adequately addressed.

The inspectors completed 41 of the required 41 samples.

b. Findinqgs No findings of significance were identified.

S09 Owner-Controlled Area Controls (71130.09)

a. Inspection Scope

The inspectors evaluated this area by: reviewing procedures and records; conducting interviews with responsible personnel and plant employees; and performing walkdowns of the owner-controlled area (OCA) and vehicle checkpoint.

The inspectors verified that the licensee:

(1) implemented OCA controls in accordance with the NRC-approved security plan and other applicable regulatory requirements; and
(2) ensured that OCA controls provided reasonable protection against the Design Basis Threat.

The inspectors conducted the following inspection activities:

reviewed and evaluated licensee event reports, safeguards log entries and corrective action documents dated between April 2008 and September 2008 (no licensee event reports were documented);verified for OCA controls that the licensee:

(a) ensured personnel maintained communication with the alarm stations and validated OCA controls effectiveness through drills or exercises; and
(b) actions taken to implement their NRC-approved security plan did not impede the arrival of emergency response personnel or affect implementation of the emergency plan.

verified for the OCA check point that the licensee, in conformance with the measures specified in their NRC-approved security plan:

(a) effectively implemented procedures for controlling plant personnel, vendor, delivery, and visitor access;
(b) effectively implemented procedures and controls for channeling vehicles to access control points; and
(c) effectively implemented procedures for controlling vehicle entry through the vehicle check point.

verified for OCA area patrols and surveillance that the licensee:

(a) effectively implemented procedures for surveillance activities;
(b) ensured personnel on patrol did not perform collateral duties that decreased the effectiveness of their surveillance activities; and
(c) effectively implemented applicable procedures for maritime coordination, river intake control, and surveillance; and verified for OCA -barriers and equipment that the licensee, in conformance with the measures specified in their NRC-approved security plan:
(a) effectively implemented controls to limit the potential for unauthorized vehicles and

O N

4,FIC ýLY S U -R AUE IT IF MAI equipment; and

(b) ensured the OCA patrols had the necessary weapons and equipment readily accessible.

The inspectors reviewed OCA controls-related issues during baseline inspection activities to verify that they were being entered into the licensee's corrective action program at an appropriate threshold, that adequate attention was being given to timely corrective actions, and that adverse trends were identified and adequately addressed.

The inspectors completed 12 of the required 12 samples.

b. Findings

No findings of significance were identified.

OTHER ACTIVITIES

40A1 Follow-up of Events and Notices of Enforcement Discretion (71153)

  • .1 (Closed) Licensee Event Report (LER) 2008-002-00: Uncontrolled Safeguards Information A description of the reported event, the inspectors' conclusions, and the associated licensee responses are discussed in Section 4OA2.1 below. This LER is closed:.

40A2 Identification and Resolution of Problems

.1 Failure to Properly Store Safeguards Information While Unattended

Introduction:

An apparent violation (AV) for the failure to properly store Safeguards Information (SGI) while unattended, as required by 10 CFR 73.21(d), was identified whien security staff, while discussing staffing numbers which prompted a need to reference a newcevision of a Security Traininq Lesson Plan (LP), recognized that the document in theý ..*as a previous revision. The security Shift Supervisor (*bb) men realized that the current revision had been inadvertently combined with non-safeguards information that was removed from thel- land placed '/i on a desk in an unsecured office outside the Protected Area (PA) for a 5-day period.

Description:

Title 10 CFR 73.21 (d).(2) requires, in part, that while unattended, SGI shall be stored in a locked security storage container.

On July 15, 2008, at approximately 0730 hours0.00845 days <br />0.203 hours <br />0.00121 weeks <br />2.77765e-4 months <br />, the Security Operations Supervisor (SOS) and the SSS were discussing staffing numbers, which prompted a need to reference a new revision of LP 2205, "Clinton Power Station (CPS) Site Defensive Strategy"; a document containing safeguards information (SGI) that would have these numbers. At approximately 0740 houLrs, while researching the document, the SSS f)C recognized ,tatthe document in the[ jwas the previous revision. The SOS then" entered the lland was informed that the current revision was not available. The SSS then realized the possibility that the current revision could have been inadvertently combined with "Read and Sign" documents that were submitted to the SOS for review on July 10, 2008. At about 0745, the SOS and the SSS went to the SOS office in the

0F F I ýUS ýOY - ýITY -E ýTE I1 OR' IO

L ON - E RI -R A NFR ATI0*

OCA and found the SGI document uncontrolled. The SOS and the SSS took possession of the document and condu edA page count that verified no pages were missing. The SGI document was taken toL and placed in the SGI binder and recorded on the SGI log. The licensee entered the is-sue into their corrective action program (IR 796575) and initiated a prompt investigation and a root cause evaluation.

Analysis:

This finding was determined to be more than minor because in accordance with the guidance in Inspection Manual Chapter (IMC) 0609, Appendix B, the deficiency, if left uncorrected, could have become a more significant security concern. Specifically, it could have led to unauthorized access to Safeguards Information by individuals who did not have a need-to-know.

Using the Physical Protection Significance Determination Process (PPSDP) in Inspection Manual Chapter (IMC) 0609, Appendix E, Part I, Section A requires a determination of whether the finding could impact the OCA, Protected Area, or a Vital Area and whether the finding affects any of the key attributes of the cornerstone (i.e., Access Authorization, Access Control, Physical Protection, or Contingency Response). Because improperly-stored Safeguards Information does not directly affect the impact areas, key attributes, or program elements, Section C of the PPSDP was used to assess the finding.

Under Section C, this finding was determined to be potentially exploitable and additional management review was required to determine the security significance of the finding.

In accordance with IMC 0609, Appendix E, Part I, the following factors were considered in determining whether the improperly stored Safeguards Information was exploitable:

The duration of time the SGI material was improperly stored:

The SGI documents were stored unattended for approximately 5 days in an unlocked room on top of a desk located outside the protected area. Specifically, the SGI document was left unattended on top of a desk in an unlocked room located within the OCA side of the Main Gatehouse from approximately July 10, 2008, at 1105 hours0.0128 days <br />0.307 hours <br />0.00183 weeks <br />4.204525e-4 months <br /> until July 15, 2008, at 0745 hours0.00862 days <br />0.207 hours <br />0.00123 weeks <br />2.834725e-4 months <br />.

Whether access to the location was controlled:

Access to the room was not controlled. Specifically, the document was located in a room in the Main Gatehouse which was outside the protected area boundary and did not meet the requirements of a controlled access area because no access controls (e.g., card reader, key lock) were in place. Any badged or unbadged individual could have potentially entered the room without; being challenged. Because of the lack of access controls (e.g., card reader, key lock)to the room, there was no mechanism to verify who-had accessed this area.

Whether the improperly stored SGI reflected current information regarding facility security:

The SGI information, if discovered by.an adversary, would have provided detailed information regarding the site's current security protective strategy. The document (LP 2205) provided guidance to ensure that Clinton Power Station was

ILU 0 YS UR -R ED I RM N

o CX US ON - ECU "-RE AT 1 0 TI adequately and appropriately protected against the design basis threat to the facility.

In addition, the licensee provided additional information regarding the unattended SGI.

The licensee stated that the unattended SGI did not contain a significant amount of detailed information. NRC review of the IMC 0609 factors listed above along with the licensee's additional information and concluded that the unattended SGI document contained sufficient information to enable a potential adversary to defeat, circumvent, or otherwise take advantage of a vulnerability in a security plan, equipment, or performance. Consequently, The NRC concluded that the unattended SGI was exploitable because the documents were in an unlocked room for about 5 days, access to the area was not controlled, and the SGI documents contained the security-related information for the site specific defensive strategy. This apparent violation was-preliminarily assessed as having [low to moderate security significance (White).

The cause of the finding is related to the cross-cutting area of Human Performance, Resources, because the procedure for controlling SGI did not provide the necessary guidance to individuals to ensure that SGI was properly marked and controlled H.2(c).

Specifically, the licensee's procedure did not require SGI to be distinctively marked with a cover page that clearly showed that the material required additional controls.

Enforcement:

Title 10 CFR 73.21(d)(2) requires, in part, that while unattended, Safeguards Information shall be stored in a locked security storage container.

Contrary to the above, unattended Safeguards Information was not stored in a locked security storage cabinet from about July 10, 2008, at 1105 hours0.0128 days <br />0.307 hours <br />0.00183 weeks <br />4.204525e-4 months <br /> until July 15, 2008, at 0745 hours0.00862 days <br />0.207 hours <br />0.00123 weeks <br />2.834725e-4 months <br />. Licensee security personnel left SGI in an unlocked room within the OCA side of the Main Gatehouse. Security management personnel immediately took control of the SGI documents and conducted a page count that verified no pages were missing.

The licensee entered the is-su-into-the-corrective-action-program-(IR-796575): .-.....................

Pending final determination of the security significance, this issue is identified as an Apparent Violation (AV 05000461/2008403-01), Failure to Properly Store Safeguards Information While Unattended.

40A6 Meetings 1t Exit Meeting The inspectors presented the inspection results to Mr. F. Kearney and other members of licensee management at an interim briefing conducted at the site on September 26, 2008. A final exit meeting was conducted by telephone on October 27, 2008. The inspectors asked the licensee whether any materials examined during the inspection should be considered proprietary. No proprietary information was identified.

ATTACHMENT:

SUPPLEMENTAL INFORMATION

KEY POINTS OF CONTACT

Licensee

F. Kearney, Site Vice President
M. Kanavos, Plant Manager
C. Williamson, Site Security Manager
M. Hiter, Security Analyst
S. Gackstetter, Regulatory Assurance Manager
J. Waddell, Security Supervisor

Nuclear Regulatory Commission

B. Kemker, Senior Resident Inspector
D. Lords, Resident Inspector

Illinois Emergency Management Agency

S. Mischke

LIST OF ITEMS OPENED, CLOSED, AND DISCUSSED

Opened

05000461/2008403-01 AV Failure to Properly Store Safeguards Information While Unattended

Closed

05000461/2008002-00 LER Uncontrolled Safeguards Information

Discussed

None

-1- Attachment IC L E NL -SEC RITY L ED FO TI

VFiCI USO ý- ýC 1 -R ET ýIN AT N

LIST OF DOCUMENTS REVIEWED

Retrieved from "https://kanterella.com/w/index.php?title=IR_05000461/2008403&oldid=2116207"