IR 05000498/2014406
| ML15033A104 | |
| Person / Time | |
|---|---|
| Site: | South Texas  |
| Issue date: | 02/02/2015 |
| From: | Greg Werner NRC/RGN-IV/DRS/EB-2 |
| To: | Koehl D South Texas |
| References | |
| IR 2014406 | |
| Download: ML15033A104 (5) | |
Text
ary 2, 2015
SUBJECT:
SOUTH TEXAS PROJECT ELECTRIC GENERATING STATION, UNITS 1 AND 2 - NRC TEMPORARY INSTRUCTION 2201/004, INSPECTION OF IMPLEMENTATION OF INTERIM CYBER SECURITY MILESTONES 1-7, INSPECTION REPORT 05000498/2014406; 05000499/2014406
Dear Mr. Koehl:
On December 29, 2014, the U.S. Nuclear Regulatory Commission (NRC) completed a security temporary instruction inspection at your South Texas Project Electric Generating Station, Units 1 and 2. The inspection covered the implementation of interim milestones associated with your cyber security program, as outlined in your approved cyber security plan and described in Temporary Instruction 2201/004, Inspection of Implementation of Interim Cyber Security Milestones 1-7. The enclosed inspection report documents the inspection results, which were discussed on December 29, 2014, with Mr. A. Capristo, Executive Vice President and Chief Administrative Officer, and other members of your staff.
The inspection examined activities conducted under your license as they relate to safety and compliance with the Commissions rules and regulations and with the conditions of your license.
The inspectors reviewed selected procedures and records, observed activities, and interviewed personnel. NRC inspectors documented two findings of very low significance in this report. These findings involved violations of NRC requirements. Inspectors also documented one licensee-identified violation which was determined to be of very low significance. This violation is listed in Section 4OA7 of this report. The NRC is treating these violations as non-cited violations (NCVs)
consistent with Section 2.3.2.a of the Enforcement Policy. These issues were discussed and reviewed during a Security Issues Forum conducted on November 19, 2014. The results of the Security Issues Forum Panel review concluded that although these issues constituted violations of Title 10 of the Code of Federal Regulations (10 CFR), Part 73, Section 54, Protection of Digital Computer and Communication Systems and Networks, the NRC is exercising enforcement discretion. The NRC is exercising enforcement discretion for these violations because they meet the criteria established in an NRC memorandum, dated July 1, 2013, from Barry C. Westreich, Director, Cyber Security Directorate, Office of Nuclear Security and Incident Response, to each regional office and Director, Division of Reactor Safety, Subject: Enhanced Guidance for Licensee Near-Term Corrective Actions to Address Cyber Security Inspection Findings and Licensee Eligibility for Good-Faith Attempt Discretion (ADAMS Accession Number ML13178A203). Consistent with the NRC memorandum, when you complete and close corrective actions associated with these violations, you are requested to provide written notification to the NRCs regional office as to the method and date of closure of the corrective actions for the identified violations.
If you contest the violations or significance of these NCVs, you should provide a response within 30 days of the date of this inspection report, with the basis for your denial, to the U.S. Nuclear Regulatory Commission, ATTN: Document Control Desk, Washington DC 20555-0001; with copies to the Regional Administrator, Region IV; the Director, Office of Enforcement, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001; and the NRC resident inspector at the South Texas Project Electric Generating Station.
In accordance with Title 10 of the Code of Federal Regulations (10 CFR) 2.390, Public Inspections, Exemptions, Requests for Withholding, of the NRC's Rules of Practice, a copy of this letter will be available electronically for public inspection in the NRCs Public Document Room or from the Publicly Available Records (PARS) component of the NRC's Agencywide Documents Access and Management System (ADAMS). ADAMS is accessible from the NRC Web site at http://www.nrc.gov/reading-rm/adams.html (the Public Electronic Reading Room).
The material enclosed herewith, however, contains Security-Related Information in accordance with 10 CFR 2.390(d)(1) and its disclosure to unauthorized individuals could present a security vulnerability. Therefore, the material in the enclosure will not be made available electronically for public inspection in the NRC Public Document Room or from the PARS component of NRC's ADAMS. If you choose to provide a response and Security-Related Information is necessary to provide an acceptable response, please mark your entire response Security-Related Information-Withhold from Public Disclosure under 10 CFR 2.390 in accordance with 10 CFR 2.390(d)(1) and follow the instructions for withholding in 10 CFR 2.390(b)(1). In accordance with 10 CFR 2.390(b)(1)(ii), the NRC is waiving the affidavit requirements for your response.
Sincerely,
/RA/
Gregory E. Werner, Chief Engineering Branch 2 Division of Reactor Safety Docket Nos.: 50-498; 50-499 License Nos.: NPF-76; NPF-80 Nonpublic Enclosure:
NRC Inspection Report 05000498/2014406 and 05000499/2014406 w/Attachment: Supplemental Information ML15033A104 Entire Report:
SUNSI Review ADAMS Publicly Available Non-Sensitive Keyword:
By: NJMakris Yes No Non-Publicly Available Sensitive MD 3.4 Non-Public A.3 Cover Letter Only:
SUNSI Review ADAMS Publicly Available Non-Sensitive Keyword:
By: NJMakris Yes No Non-Publicly Available Sensitive RGN-002 OFFICE NSE:ORA/RCB RI:DRS/TSB CSS:CSD/NSIR SRA: C:PBB C:EB2 NAME NMakris EUribe SOpara MMaley NOkeefe GWerner SIGNATURE /RA/ /RA/ /RA/ /RA/ /RA/ /RA/
DATE 01/06/15 01/07/15 01/20/15 01/12/15 1/27/15 2/2/15 Letter w/enclosure to Dennis from Gregory E. Werner, dated February 2, 2015 SUBJECT: SOUTH TEXAS PROJECT ELECTRIC GENERATING STATION, UNITS 1 AND 2 - NRC TEMPORARY INSTRUCTION 2201/004, INSPECTION OF IMPLEMENTATION OF INTERIM CYBER SECURITY MILESTONES 1-7, INSPECTION REPORT 05000498/2014406; 05000499/2014406 Electronic distribution by RIV with enclosure:
Director, Cyber Security Directorate (Barry.Westrich@nrc.gov)
Deputy Director, Cyber Security Directorate (Russell.Felts@nrc.gov)
Chief, Reactor Security Oversight Branch (Ronald.Albert@nrc.gov)
Acting Chief, Security Training and Support Branch (Joseph.Willis@nrc.gov)
Branch Chief, RI DRS/EB3 (John.Rogge@nrc.gov)
Branch Chief, RII DRS/EB2 (Scott.Shaeffer@nrc.gov)
Branch Chief, RIII DRS/EB3 (Robert.Daley@nrc.gov)
Branch Chief, Security Performance Evaluation (Clay.Johnson@nrc.gov)
Senior Resident Inspector (Alfred.Sanchez@nrc.gov)
Security Specialist (Shyrl.Coker@nrc.gov)
Electronic distribution by RIV without enclosure:
Regional Administrator (Marc.Dapas@nrc.gov)
Deputy Regional Administrator (Kriss.Kennedy@nrc.gov)
DRP Director (Troy.Pruett@nrc.gov)
Acting DRP Deputy Director (Thomas.Farnholtz@nrc.gov)
DRS Director (Anton.Vegel@nrc.gov)
DRS Deputy Director (Jeff.Clark@nrc.gov)
Senior Resident Inspector (Alfred.Sanchez@nrc.gov)
Resident Inspector (Nicholas.Hernandez@nrc.gov)
Branch Chief, DRP (Neil.OKeefe@nrc.gov)
Senior Project Engineer, DRP (David.Proulx@nrc.gov)
Project Engineer, DRP (Fabian.Thomas@nrc.gov)
Administrative Assistant (Lynn.Wright@nrc.gov)
Public Affairs Officer (Victor.Dricks@nrc.gov)
Public Affairs Officer (Lara.Uselding@nrc.gov)
Project Manager (Balwant.Singal@nrc.gov)
Branch Chief, DRS/TSB (Geoffrey.Miller@nrc.gov)
RITS Coordinator (Marisa.Herrera@nrc.gov)
ACES (R4Enforcement.Resource@nrc.gov)
Regional Counsel (Karla.Fuller@nrc.gov)
Technical Support Assistant (Loretta.Williams@nrc.gov)
Congressional Affairs Officer (Jenny.Weil@nrc.gov)
RIV Congressional Affairs Officer (Angel.Moreno@nrc.gov)
RIV/ETA: OEDO (Michael.Waters@nrc.gov)
OE (Nicole.Coleman@nrc.gov)
ROPreports