IR 05000483/2024404

From kanterella
Jump to navigation Jump to search
Cyber Security Inspection Report 05000483/2024404
ML24099A222
Person / Time
Site: Callaway Ameren icon.png
Issue date: 04/09/2024
From: Nick Taylor
NRC/RGN-IV/DORS/EB2
To: Diya F
Ameren Missouri
Graves S
References
IR 2024404
Download: ML24099A222 (9)


Text

April 09, 2024

SUBJECT:

CALLAWAY PLANT - CYBER SECURITY INSPECTION REPORT 05000483/2024404

Dear Fadi Diya:

On March 28, 2024, the U.S. Nuclear Regulatory Commission (NRC ) completed an inspection at Callaway Plant and discussed the results of this inspection with Eric Herr, Vice President &

Chief Informatio n Officer Security, Cyb er Se curity, and other members of your staff. The results of this inspection are documented in the enclosed report.

No findings or violations of more than minor significance were identified during thi s inspection.

This letter, its enclosure, and yo ur response (if any) wil l be made available for publi c inspection and copying at http://www.nrc.gov/reading-rm/adams.html and at the NRC Public Document Room in accordance with Title 1 0 of the Code of Federal Regulations 2.390, Publ ic Inspections, Exemp tions, Requests for Withholding.

Sincerely, Nicholas H. Taylor, Chief Engineering Branch 2 Division of Operating Reactor Safety Docket No. 05000483 License No. NPF-30

Enclosure:

As stated

Inspection Report

Docket No. 05000483

License No. NPF-30

Report No. 05000483/2024404

Enterprise Identifier: I-2024-404-0011

Licensee: Ameren Missouri

Facility: Callaway Plant

Location: Steedman, MO

Inspection Dates: March 24, 2024, to March 28, 2024

Inspectors: S. Graves, Senior Reactor Inspector N. Okonkwo, Reactor Inspector T. Siddiky, Information Technology Specialist T. Coleman, Contractor SME

Approved By: Nicholas H. Taylor, Chief Engineering Branch 2 Division of Operating Reactor Safety

Enclosure

SUMMARY

The U.S. Nuclear Regulatory Commission (NRC) continued monitoring the licensees performance by conducting a cyber security inspection at Callaway Plant, in accordance with the Reactor Oversight Process. The Reactor Oversight Process is the NRCs program for overseeing the safe operation of commercial nuclear power reactors. Refer to https://www.nrc.gov/reactors/operating/oversight.html for more information.

List of Findings and Violations

No findings or violations of more than minor significance were identified.

Additional Tracking Items

None.

INSPECTION SCOPES

Inspections were conducted using the appropriate portions of the inspection procedures (IPs) in effect at the beginning of the inspection unless otherwise noted. Currently approved IPs with their attached revision histories are located on the public website at http://www.nrc.gov/reading-rm/doc-collections/insp-manual/inspection-procedure/index.html. Samples were declared complete when the IP requirements most appropriate to the inspection activity were met consistent with Inspection Manual Chapter (IMC) 2201, Security Inspection Program for Commercial Nuclear Power Reactors. The inspectors reviewed selected procedures and records, observed activities, and interviewed personnel to assess licensee performance and compliance with Commission rules and regulations, license conditions, site procedures, and standards.

SAFEGUARDS

71130.10 - Cybersecurity

The inspectors reviewed implementation of Callaway Plants Cyber Security Plan (CSP) and focused on evaluating changes to the program, critical systems, and CDAs.

Cybersecurity (1 Sample)

(1) The following IP sections were completed and constitute completion of 1 sample:
  • 03.01, Review Ongoing Monitoring and Assessment Activities
  • 03.02, Verify Defense-in-Depth Protective Strategies (Partial)
  • 03.03, Review of Configuration Management Change Control (Partial)
  • 03.05, Evaluation of Corrective Actions

The following systems were modified and reviewed:

  • Thermocouple Core Cooling Monitor
  • Iris Scan Biometric Identification System

In addition to the systems and programs that have been added or modified since the last cyber security inspection, the following systems were selected for inspection.

  • Security Issues and Event Management System (SIEM)
  • Boundary Devices, including Scanning Kiosks

INSPECTION RESULTS

No findings were identified.

EXIT MEETINGS AND DEBRIEFS

The inspectors verified no proprietary information was retained or documented in this report.

  • On March 28, 2024, the inspectors presented the cyber security inspection results to Eric Herr, Vice President & Chief Information Officer Security, Cyber Security, and other members of the licensee staff.

DOCUMENTS REVIEWED

Inspection Type Designation Description or Title Revision or

Procedure Date

71130.10 Corrective Action Condition Report (CR) 202402206, 202400072, 202105183, 202303889,

Documents 202306933, 202201234, 202105572, 202100338,

2001842, 201906506, 202203606, 202305271,

2400712

Corrective Action Condition Report (CR) 202402124, 202402128, 202402125, 202402131,

Documents 202402168, 202402187

Resulting from

Inspection

Drawings 8600-X-90455 IRISCAN Interconnecting Diagram 08

J-373-00029 Met Tower Block Diagram 003

656B3282 Network Topology E

Engineering MP 21-0019 Change MET Tower workstations to meet cyber

Changes security requirements

MP 19-0002 TCCM upgrade

MP 22-0021 Iris Scan Upgrade

Miscellaneous IDS Diode Vendor Documentation - 05.01 GigaTAP

G Series Data Sheet

220331_FinalDrillPackage 3/31/2022 Cyber Security Incident Response Drill 3/31/2022

Executive Summary/ Final Report

230801_FinalDrillPackage Cyber Security Incident Response Drill Package 08/01/2023

2004736.500 CY 26 Upgrade IRIS SCAN Workstations 0

EWUB3001, EWUB3002 and HFSUB3001

AC121 Event Package 2 Incident Status, Activity Log, and Contact Lo Sheet 1/31/2024

for flS190.0014 Event

CA3248 Quarterly Callout Form 003

Callaw-1 Cyber Security Plan for AmerenUE (Union Electric 02

Company) Callaway Plant Unit 1

Inspection Type Designation Description or Title Revision or

Procedure Date

Callaway Cyber Security CLS / SIEM Analysis, Updates, and Patching N/A

Qualification Standard

Configuration CLS SIEM ruleset

OGM Job 22510575.500 Baseline review analysis for Iris Scan 8/2023

SDP-PI-CYBER Cyber Security 14

T25.0015 6 Callaway Energy Center Cyber Security 09/14/2020

Assessment Team Training, Rev. 20200914

135172 Instruction Manual for Iris Access System 005

Whitepaper Items Rescoped as Non-CDA Due to the NEI

Whitepapers

J-2049-00000 Thermocouple Core Cooling Monitor Operations 001

and Maintenance Manual

J-2049-00009 Thermocouple Core Cooling Monitor ALS 009

Communication Protocols

Procedures APA-ZZ-00500 Appendix 15 Adverse Condition - ADCN-4, Administrative 035

Correction.

APA-ZZ-01108 Cyber Security Program 010

APA-ZZ-01108 Addendum A CDA-Related Removable Media and Removable / 13

Portable Device Management.

DTI-CS-002 Virus Scanning Station (Kiosk) DTI 07

DTI-CS-014 Vulnerability Scan and Assessment 007

DTI-CS-018 Non-Engineering Configuration Control CDA 002

Change Process

DTI-CS-020 CLS/SIEM and NIDS Analysis, Updates, and 002

Testing

DTI-CS-026 CDA Baseline Configuration Review 000

EDP-RP-DR001 Thermocouple Cooling Monitor Disaster Recovery 001

EDP-ZZ-01108 Example of SIEM qual standard - specific tool CLS / N/A

SIEM Analysis, Updates, and Patching

EDP-ZZ-01108 Cyber Security Program Implementation. 015

EDP-ZZ-01108 Addendum 1 Digital Assessment Process 016

EDP-ZZ-01108 Addendum 2 Security Control Implementation Strategy 011

Inspection Type Designation Description or Title Revision or

Procedure Date

EDP-ZZ-01108 Addendum 3 Callaway Ongoing Monitoring for Critical Digital 014

Assets

EDP-ZZ-01108 Addendum 3 Callaway Ongoing Monitoring for Critical Digital 013

Assets

EDP-ZZ-01108 Addendum 4 Cyber Security Threat and Vulnerability Notification 006

Assessment Process

EDP-ZZ-01108 Addendum 7 Cyber Security Drill Program 004

EDP-ZZ-01108 Addendum 8 Centralized Cyber Security Monitoring System 005

EDP-ZZ-01108 Appendix A Cyber Security Defensive Strategy 006

EDP-ZZ-01108 Addendum 9 Threat Detection Software Configuration and 003

Update

EDP-ZZ-01108 Addendum 5 Callaway Cyber Security Incident Response 008

Procedure

Self-Control Assessment RDXY0001

Assessments SA 202200120-063 Cyber Security Effectiveness Review (PM1009161) 01/10/2024

Job 23505943

SA-202305963-003 Cyber Security Self-Assessment 10/29/2023

Work Orders Job 22004736/900, 23505943/500, 24000329/500,

24501859/500

7