IR 05000483/2022401
| ML22117A222 | |
| Person / Time | |
|---|---|
| Site: | Callaway  |
| Issue date: | 05/05/2022 |
| From: | Nick Taylor NRC/RGN-IV/DORS/EB2 |
| To: | Diya F Ameren Missouri |
| References | |
| IR 202401 | |
| Download: ML22117A222 (10) | |
Text
May 5, 2022
SUBJECT:
CALLAWAY PLANT - CYBER SECURITY INSPECTION REPORT 05000483/2022401
Dear Mr. Diya:
On March 31, 2022, the U.S. Nuclear Regulatory Commission (NRC) completed an inspection at Callaway Plant and discussed the results of this inspection with Mr. F. J. Bianco, Senior Director, Nuclear Operations, and other members of your staff. The results of this inspection are documented in the enclosed report.
No findings or violations of more than minor significance were identified during this inspection.
This letter, its enclosure, and your response (if any) will be made available for public inspection and copying at http://www.nrc.gov/reading-rm/adams.html and at the NRC Public Document Room in accordance with Title 10 of the Code of Federal Regulations 2.390, Public Inspections, Exemptions, Requests for Withholding.
Sincerely, Nicholas H. Taylor, Chief Engineering Branch 2 Division of Operating Reactor Safety
Docket No. 05000483 License No. NPF-30
Enclosure:
Inspection Report 05000483/2022401
Distribution via Listserv
ML22117A222 X SUNSI Review By: STG ADAMS:
X Yes No Sensitive X Non-Sensitive Non-Publicly Available X Publicly Available Keyword NRC-002 OFFICE DORS\\SRI\\EB2 OE\\AS C:DORS\\PBB C:DORS\\EB2 NAME SGraves SOpara GWerner NTaylor SIGNATURE
/RA/
/RA/
GEW
/RA/
DATE 5/28/2022 5/28/2022 04/28/2022 5/3/2022
Enclosure
U.S. NUCLEAR REGULATORY COMMISSION
Inspection Report
Docket Number:
05000483
License Number:
Report Number:
Enterprise Identifier: I-2022-401-0004
Licensee:
Ameren Missouri
Facility:
Callaway Plant
Location:
Steedman, MO
Inspection Dates:
March 28, 2022, to March 31, 2022
Inspectors:
S. Graves, Senior Reactor Inspector, Lead
S. Opara, Allegation Specialist
M. Fernandez, Cyber Security Specialist
A. Konkal, Contractor - Cyber Security
F. Priester, Contractor - Cyber Security
Approved By:
Nicholas H. Taylor, Chief
Engineering Branch 2
Division of Operating Reactor Safety
SUMMARY
The U.S. Nuclear Regulatory Commission (NRC) continued monitoring the licensees performance by conducting a cyber security inspection at Callaway Plant, in accordance with the Reactor Oversight Process. The Reactor Oversight Process is the NRCs program for overseeing the safe operation of commercial nuclear power reactors. Refer to https://www.nrc.gov/reactors/operating/oversight.html for more information.
List of Findings and Violations
No findings or violations of more than minor significance were identified.
Additional Tracking Items
None.
INSPECTION SCOPES
Inspections were conducted using the appropriate portions of the inspection procedures (IPs) in effect at the beginning of the inspection unless otherwise noted. Currently approved IPs with their attached revision histories are located on the public website at http://www.nrc.gov/reading-rm/doc-collections/insp-manual/inspection-procedure/index.html. Samples were declared complete when the IP requirements most appropriate to the inspection activity were met consistent with Inspection Manual Chapter (IMC) 2201, Security Inspection Program for Commercial Nuclear Power Reactors. The inspectors reviewed selected procedures and records, observed activities, and interviewed personnel to assess licensee performance and compliance with Commission rules and regulations, license conditions, site procedures, and standards.
SAFEGUARDS
71130.10 - Cybersecurity
The inspectors reviewed implementation of the Callaway Cyber Security Plan and focused on evaluating changes to the program, critical systems, and Critical Digital Assets (CDAs).
Cybersecurity (1 Sample)
- (1) The following IP sections were completed and constitute completion of 1 sample:
- 03.01, Review Ongoing Monitoring and Assessment Activities
- 03.02, Verify Defense-in-Depth Protective Strategies
- 03.03, Review of Configuration Management Change Control
- 03.04, Review of Cyber Security Program
- 03.05, Evaluation of Corrective Actions
The inspection also reviewed the following cyber security program changes, as well as boundary device configurations, portable media and mobile device procedures, portable media and mobile device scanning kiosk operations and incident response implementation procedures.
- thermal pan-tilt-zoom security camera replacement - security
- upgrades to security information and event management servers, network kiosks, addition of plant computer diode, centralize anti-virus updates, and plant process computer workstations - important-to-safety
- addition of dedicated security information and event management workstations - safety/important-to-safety/support system
- security computer/access authorization - security
INSPECTION RESULTS
No findings were identified.
EXIT MEETINGS AND DEBRIEFS
The inspectors verified no proprietary information was retained or documented in this report.
- On March 31, 2022, the inspectors presented the cyber security inspection results to Mr. F. J. Bianco, Senior Director, Nuclear Operations, and other members of the licensee staff.
DOCUMENTS REVIEWED
Inspection
Procedure
Type
Designation
Description or Title
Revision or
Date
Corrective Action
Documents
CR -
201904128, 201905661, 202001842, 202004225,
2004652, 202005670, 202105183, 202105572,
2106145, 202106213, 202106265, 202106517,
2107043, 202201664
Corrective Action
Documents
Resulting from
Inspection
CR -
2201799, 202201818, 202201842, 202201844,
2201845, 202201846, 202201860, 202201862,
2201864
Drawings
8600-X-90398
SAS Block Diagram Video
8600-X-90454
CAS Block Diagram Video
8600-X-90455
IRIScan Interconnection Diagram
8600-X-90456
Security Computer System Interconnection Drawing
MUX Block Diagram
Centralized Logging System Functional Block Diagram
Network Intrusion Detection System Functional Block
Diagram
S001
PCS Replacement Functional Block Diagram
Engineering
Changes
Design Equivalent
Change Package
MP 19-0009
PELCO SARIX ESTI350-2N, Thermal PTZ Camera
Replacement
Design Equivalent
Change Package
MP 19-0084
2018 Operating Experience Changes for Cyber Security
Program
Design Equivalent
Change Package
MP 21-0018
Addition of SPLUNK workstation in Security Computer
System
Miscellaneous
Presentation - Callaway Cyber Security
03/28/2022
Callaway CSAT Team Training
Tech Specialist Qualmaster Requirements
03/29/2022
Thermal Camera Configuration Baseline
Cyber Security Drills - Drill Packages (2019, 2020, 2021)
Inspection
Procedure
Type
Designation
Description or Title
Revision or
Date
AXIS Q1942-E PT Mount Thermal Network Camera User
Manual
CA3188
Event/Incident Summary and Incident Response Plan
03/24/2022
CA4651 - Critical
Digital Asset
(CDA)
Modification
Mitigation Plan
SK-Security Computer Modification Package: MP 21-0018
07/12/2021
CA4651 - CDA
Modification
Mitigation Plan
Network Intrusion Detection System and Centralized Logging
System MP 19-0084
08/09/2019
SKNH0012
Switch Configuration File
11/17/2021
SKNH0013
Switch Configuration File
11/17/2021
SKXX0003
Firewall Configuration File
10/21/2021
SKXX0004
Firewall Configuration File
10/21/2021
SKXX0010
Firewall Configuration File
10/21/2021
SKXY0003
Splunk Server Services
11/22/2021
SKXY0005
Splunk L2 Sever Services
11/17/2021
T.68.2943.S
Cyber Security Incident Response Team Training
08/31/2017
Procedures
APA-ZZ-00907
Personnel Processing Requirements for Unescorted Access
to The Callaway Energy Center and Maintenance of
Associated Personnel Data
APA-ZZ-01104
Access Authorization Program for Callaway Energy Center
APA-ZZ-01108
Cyber Security Program
APA-ZZ-01108
ADDENDUM A
CDA-Related Removable Media and Removable / Portable
Device Management
DTI-CS-002
Virus Scanning Station (Kiosk) DTI
DTI-CS-003
CDA Laptop Hardening DTI
DTI-CS-014
Vulnerability Scan and Assessment DTI
DTI-CS-018
Non-Engineering Configuration Control CDA Change
Process
EDP-SK-DR012
Network Intrusion Detection System and Centralized Logging
System Disaster Recovery
EDP-SK-DR014
Security Computer Log Forwarder Recovery Plan
Inspection
Procedure
Type
Designation
Description or Title
Revision or
Date
EDP-ZZ-01108
Cyber Security Program Implementation
EDP-ZZ-01108
Cyber Security Program Implementation
EDP-ZZ-01108
ADDENDUM 1
Digital Assessment Process
EDP-ZZ-01108
ADDENDUM 2
Security Control Implementation Strategy
EDP-ZZ-01108
ADDENDUM 3
Callaway Ongoing Monitoring for Critical Digital Assets
EDP-ZZ-01108
ADDENDUM 4
Cyber Security Threat and Vulnerability Notification
Assessment Process
EDP-ZZ-01108
ADDENDUM 5
Callaway Cyber Security Incident Response Procedure
EDP-ZZ-01108
ADDENDUM 6
Cyber Security Contingency and Disaster Recovery Plans
EDP-ZZ-01108
ADDENDUM 8
Centralized Cyber Security Monitoring System
EDP-ZZ-01108
ADDENDUM 9
Threat Detection Software Configuration and Update
EDP-ZZ-01108
APPENDIX A
Cyber Security Defensive Strategy
EDP-ZZ-04056
Development And Configuration Management of Digital Plant
Systems
SDP-PI-CYBER
Self-Assessments
Cyber Security Effectiveness Review
2/14/2021
Cyber Security Effectiveness Review
2/01/2022
MAPPING - SK - Thermal PTZ Cameras
MAPPING - SK - Thermal Camera Decoders
SK - Security Computer Heavy Forwarder Control Mapping
MP21-0018
SSA-202104890-
001
Cyber Security Self-Assessment
11/29/2021
Work Orders
SKHVF0001 (Splunk Heavy Forwarder) hardening checklist
01/19/2022
20511855/550
Perform Ongoing Monitoring Plant Computer System Critical
Devices Inside Diode
11/14/2020
Inspection
Procedure
Type
Designation
Description or Title
Revision or
Date
20512939/500
Network Intrusion Detection and Centralized Logging Level 4
Ongoing Monitoring
2/11/2020
20512940/500
Network Intrusion Detection and Centralized Logging Level
2P Ongoing Monitoring
2/11/2020
21502460/550
Cyber Security Monitoring for Security Computer -SK
03/04/2021
21505642/500
Perform Cyber Security Effectiveness Program Review Per
EDP-ZZ-01108
08/08/2021
CYB00000613
CDA Modification Mitigation Plan - SK - Security Computer
MP 19-0009
Thermal Camera and Thermal Decoder Vulnerability
Assessment
2/15/2022
PM21503727/500
Perform Cyber Security Monitoring for Thermal Cameras
04/09/2021
PM21505642/500
Perform Cyber Security Effectiveness Program Review per
EDP-ZZ-01108
06/08/2021