IR 05000483/2024404
| ML24099A222 | |
| Person / Time | |
|---|---|
| Site: | Callaway  |
| Issue date: | 04/09/2024 |
| From: | Nick Taylor NRC/RGN-IV/DORS/EB2 |
| To: | Diya F Ameren Missouri |
| Graves S | |
| References | |
| IR 2024404 | |
| Download: ML24099A222 (9) | |
Text
April 09, 2024
SUBJECT:
CALLAWAY PLANT - CYBER SECURITY INSPECTION REPORT 05000483/2024404
Dear Fadi Diya:
On March 28, 2024, the U.S. Nuclear Regulatory Commission (NRC) completed an inspection at Callaway Plant and discussed the results of this inspection with Eric Herr, Vice President &
Chief Information Officer Security, Cyber Security, and other members of your staff. The results of this inspection are documented in the enclosed report.
No findings or violations of more than minor significance were identified during this inspection.
This letter, its enclosure, and your response (if any) will be made available for public inspection and copying at http://www.nrc.gov/reading-rm/adams.html and at the NRC Public Document Room in accordance with Title 10 of the Code of Federal Regulations 2.390, Public Inspections, Exemptions, Requests for Withholding.
Sincerely, Nicholas H. Taylor, Chief Engineering Branch 2 Division of Operating Reactor Safety Docket No. 05000483 License No. NPF-30
Enclosure:
As stated
Inspection Report
Docket No.
05000483
License No.
Report No.
Enterprise Identifier:
I-2024-404-0011
Licensee:
Ameren Missouri
Facility:
Callaway Plant
Location:
Steedman, MO
Inspection Dates:
March 24, 2024, to March 28, 2024
Inspectors:
S. Graves, Senior Reactor Inspector
N. Okonkwo, Reactor Inspector
T. Siddiky, Information Technology Specialist
T. Coleman, Contractor SME
Approved By:
Nicholas H. Taylor, Chief
Engineering Branch 2
Division of Operating Reactor Safety
SUMMARY
The U.S. Nuclear Regulatory Commission (NRC) continued monitoring the licensees performance by conducting a cyber security inspection at Callaway Plant, in accordance with the Reactor Oversight Process. The Reactor Oversight Process is the NRCs program for overseeing the safe operation of commercial nuclear power reactors. Refer to https://www.nrc.gov/reactors/operating/oversight.html for more information.
List of Findings and Violations
No findings or violations of more than minor significance were identified.
Additional Tracking Items
None.
INSPECTION SCOPES
Inspections were conducted using the appropriate portions of the inspection procedures (IPs) in effect at the beginning of the inspection unless otherwise noted. Currently approved IPs with their attached revision histories are located on the public website at http://www.nrc.gov/reading-rm/doc-collections/insp-manual/inspection-procedure/index.html. Samples were declared complete when the IP requirements most appropriate to the inspection activity were met consistent with Inspection Manual Chapter (IMC) 2201, Security Inspection Program for Commercial Nuclear Power Reactors. The inspectors reviewed selected procedures and records, observed activities, and interviewed personnel to assess licensee performance and compliance with Commission rules and regulations, license conditions, site procedures, and standards.
SAFEGUARDS
71130.10 - Cybersecurity
The inspectors reviewed implementation of Callaway Plants Cyber Security Plan (CSP) and focused on evaluating changes to the program, critical systems, and CDAs.
Cybersecurity (1 Sample)
- (1) The following IP sections were completed and constitute completion of 1 sample:
- 03.01, Review Ongoing Monitoring and Assessment Activities
- 03.02, Verify Defense-in-Depth Protective Strategies (Partial)
- 03.03, Review of Configuration Management Change Control (Partial)
- 03.04, Review of Cyber Security Program (Partial)
- 03.05, Evaluation of Corrective Actions The following systems were modified and reviewed:
- Thermocouple Core Cooling Monitor
- Iris Scan Biometric Identification System
- MET Tower Workstations In addition to the systems and programs that have been added or modified since the last cyber security inspection, the following systems were selected for inspection.
- Security Issues and Event Management System (SIEM)
- Boundary Devices, including Scanning Kiosks
INSPECTION RESULTS
No findings were identified.
EXIT MEETINGS AND DEBRIEFS
The inspectors verified no proprietary information was retained or documented in this report.
- On March 28, 2024, the inspectors presented the cyber security inspection results to Eric Herr, Vice President & Chief Information Officer Security, Cyber Security, and other members of the licensee staff.
DOCUMENTS REVIEWED
Inspection
Procedure
Type
Designation
Description or Title
Revision or
Date
Corrective Action
Documents
Condition Report (CR)
2402206, 202400072, 202105183, 202303889,
2306933, 202201234, 202105572, 202100338,
2001842, 201906506, 202203606, 202305271,
2400712
Corrective Action
Documents
Resulting from
Inspection
Condition Report (CR)
2402124, 202402128, 202402125, 202402131,
2402168, 202402187
8600-X-90455
IRISCAN Interconnecting Diagram
Met Tower Block Diagram
003
Drawings
656B3282
Network Topology
E
MP 21-0019
Change MET Tower workstations to meet cyber
security requirements
MP 19-0002
TCCM upgrade
Engineering
Changes
MP 22-0021
Iris Scan Upgrade
IDS Diode Vendor Documentation - 05.01 GigaTAP
G Series Data Sheet
220331_FinalDrillPackage
3/31/2022 Cyber Security Incident Response Drill
Executive Summary/ Final Report
3/31/2022
230801_FinalDrillPackage
Cyber Security Incident Response Drill Package
08/01/2023
2004736.500
CY 26 Upgrade IRIS SCAN Workstations
EWUB3001, EWUB3002 and HFSUB3001
AC121 Event Package 2
Incident Status, Activity Log, and Contact Lo Sheet
for flS190.0014 Event
1/31/2024
CA3248
Quarterly Callout Form
003
Miscellaneous
Callaw-1
Cyber Security Plan for AmerenUE (Union Electric
Company) Callaway Plant Unit 1
Inspection
Procedure
Type
Designation
Description or Title
Revision or
Date
Callaway Cyber Security
Qualification Standard
CLS / SIEM Analysis, Updates, and Patching
N/A
Configuration
CLS SIEM ruleset
OGM Job 22510575.500
Baseline review analysis for Iris Scan
8/2023
SDP-PI-CYBER
T25.0015 6
Callaway Energy Center Cyber Security
Assessment Team Training, Rev. 20200914
09/14/2020
135172
Instruction Manual for Iris Access System
005
Whitepaper
Items Rescoped as Non-CDA Due to the NEI
Whitepapers
Thermocouple Core Cooling Monitor Operations
and Maintenance Manual
001
Thermocouple Core Cooling Monitor ALS
Communication Protocols
009
APA-ZZ-00500 Appendix 15
Adverse Condition - ADCN-4, Administrative
Correction.
035
APA-ZZ-01108
Cyber Security Program
010
APA-ZZ-01108 Addendum A
CDA-Related Removable Media and Removable /
Portable Device Management.
DTI-CS-002
Virus Scanning Station (Kiosk) DTI
DTI-CS-014
Vulnerability Scan and Assessment
007
DTI-CS-018
Non-Engineering Configuration Control CDA
Change Process
2
DTI-CS-020
CLS/SIEM and NIDS Analysis, Updates, and
Testing
2
DTI-CS-026
CDA Baseline Configuration Review
000
EDP-RP-DR001
Thermocouple Cooling Monitor Disaster Recovery
001
EDP-ZZ-01108
Example of SIEM qual standard - specific tool CLS /
SIEM Analysis, Updates, and Patching
N/A
EDP-ZZ-01108
Cyber Security Program Implementation.
015
EDP-ZZ-01108 Addendum 1
Digital Assessment Process
016
Procedures
EDP-ZZ-01108 Addendum 2
Security Control Implementation Strategy
011
Inspection
Procedure
Type
Designation
Description or Title
Revision or
Date
EDP-ZZ-01108 Addendum 3
Callaway Ongoing Monitoring for Critical Digital
Assets
014
EDP-ZZ-01108 Addendum 3
Callaway Ongoing Monitoring for Critical Digital
Assets
013
EDP-ZZ-01108 Addendum 4
Cyber Security Threat and Vulnerability Notification
Assessment Process
006
EDP-ZZ-01108 Addendum 7
Cyber Security Drill Program
004
EDP-ZZ-01108 Addendum 8
Centralized Cyber Security Monitoring System
005
EDP-ZZ-01108 Appendix A
Cyber Security Defensive Strategy
006
EDP-ZZ-01108 Addendum 9
Threat Detection Software Configuration and
Update
003
EDP-ZZ-01108 Addendum 5
Callaway Cyber Security Incident Response
Procedure
008
Control Assessment
RDXY0001
SA 202200120-063
Cyber Security Effectiveness Review (PM1009161)
Job 23505943
01/10/2024
Self-
Assessments
SA-202305963-003
Cyber Security Self-Assessment
10/29/2023
Work Orders
Job
2004736/900, 23505943/500, 24000329/500,
24501859/500