ML032671101
| ML032671101 | |
| Person / Time | |
|---|---|
| Site: | Kewaunee  |
| Issue date: | 09/15/2003 |
| From: | Coutu T Nuclear Management Co |
| To: | Document Control Desk, Office of Nuclear Reactor Regulation |
| References | |
| NRC-03-097 LER 03-S03-00 | |
| Download: ML032671101 (4) | |
Text
NMC Committed to Nuclear Excelle5 t
Kewaunee Nuclear Power Plant Operated by Nuclear Management Company, LLC NRC-03-097 10 CFR 73.71 September 15, 2003 U.S. Nuclear Regulatory Commission ATTN: Document Control Desk Washington, DC 20555 KEWAUNEE NUCLEAR POWER PLANT DOCKET 50-305 LICENSE No. DPR-43 REPORTABLE OCCURRENCE 2003-S03-00 In accordance with the requirements of 10 CFR 73.71, " Reporting of safeguards events,' the attached Licensee Event Report (LER) for reportable occurrence 2003-S03-00 is being submitted.
This letter contains no new commitments and no revisions to existing commitments.
Thomas Coutu Site Vice President, Kewaunee Nuclear Power Plant Nuclear Management Company LLC Enclosure cc:
Senior Resident Inspector, Kewaunee, USNRC Project Manager, Kewaunee, USNRC Administrator, Region Ill, USNRC INPO Records Center N490 Highway 42
- Kewaunee, Wisconsin 54216-9510 Telephone: 920.388.2560
NRC FORM 366 U.S. NUCLEAR REGULATORY APPROVED BY OMB NO. 3150-0104 EXPIRES 7-31-2004 (1-2001)
COMMISSION Estimated burdenper response to complywiththis mandatorylnbmationcolletion request 60 hours6.944444e-4 days <br />0.0167 hours <br />9.920635e-5 weeks <br />2.283e-5 months <br />. Reported lessons learned are Incorporated into the licensing process and fed back to Industry. Send comments regarding burden estimate to the Records Management Branch (Ti6 E6), U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001. or by internet e-mail LICENSEE EVENT REPORT (LER) to bisl @nrc-gov, and to the Desk Officer, Office of Information and RegulatoryAffairs, NEOB-10202 (315010104), Office of Management and Budget, Washington, DC 20503. if a means (See reverse for required number of used to impose Information collection does not display a currently valid OMB control number, digits/characters for each block) the NRC may not conduct or sponsor, and a person Is not required to respond to, the information collection.
FACILITY NAME (1)
DOCKET NUMBER (2)
PAGE (3)
Kewaunee Nuclear Power Plant 05000305 1 of 3
TITLE (4)
Identification Badges Issued to Fire Brigade Members - Personnel Failed to Recognize The Badges as Active EVENT DATE (5)
LER NUMBER (6)
REPORT DATE (7)
OTHER FACILmES INVOLVED (8)
SEQUEN I REV 1
FACILITY NAME DOCKET NUMBER MO DAY YEAR YEAR NUMBER NO MO DAY YEAR 8
15 2003 2003 -
S03 -
00 09 15_ 200 FACILITY NAME DOCKETNUMBER OPERATING N
THIS REPORT IS SUBMITTED PURSUANT TO THE REQUIREMENTS OF 10 CFR 0: (Check all that apply) (11)
MODE (9) l202201(b) l 20.2203(a)(3)0i) 50.73(a)(2)(i1)(B) 50.73(a)(2)fix)(A)
POWER 100 202201(d) 20.2203(a)(4) 50.73(a)(2)(iii) 50.73(a)(2)(x)
LEVEL (10) 20.2203(a)(1)
_ 50.36(c)(1 )0)(A)
_ 50.73(a)(2)(Iv)(A) 73.71(a)(4) 20-2203(a)(2)(i)
_ 50.36(c)(1)Qi)(A)
_ 50.73(a)(2)(v)(A) 73.71(a)(5) 202203(a)(2)(ii) 50.36(e)(2) 50.73(a)(2)(v)(B)
X OTHER
- ~~~~~~~~~~~~~Specfy, in Abstract below or In 20.2203(a)(2)(iii)
_ 50.46(a)(3)(ii) 50.73(a)(2)(v)(C)
NRC i
orm 366A
__20.2203(a)(2)(iv) 50.73(a)(2)(1)(A) 50.73(a)(2)(V)(D) 20.2203(a)(2)(v) 50.73(a)(2)(i)(B) 50.73(a)(2)(vli) 20.2203(a)(2)(vI)
__50.73(a)(2)(l)(C) 0.73(a)(2)(vili)(A)
- __ 20.2203(a)(3)(i) 50.73(a)(2)(ii)(A) 50.73(a)(2)(vill)(B) l____-
_:_i___-:
LICENSEE CONTACT FOR THIS LER (12)
NAME T
TELEPHONE NUMBER (Include Area Code)
Don Popp (920) 755-7756 COMPLETE ONE LINE FOR EACH COMPONENT FAILURE DESCRIBED IN THIS REPORT 13)
MANU-REPORTABLE MANU-REPORTABLE CAUSE SYSTEM COMPONENT
_FACTURER TO EPIX I
CAUSE SYSTEM COMPONENT FA CTURER TO EPIX SUPPLEMENTAL REPORT EXPECTED (14)
EXPECTED MONTH DAY YEAR I_________I________I_________I___
SUBMISSIONl YES (If yes, complete EXPECTED SUBMISSION DATE).
X NO lIDATE (15) l ABSTRACT On August 15, 2003, with the plant operating at 100% power, Nuclear Management Company (NMC) personnel discovered an access issue regarding identification (ID) badges that were fabricated for the Fire Tearm and Fire Brigade members. The badges were made utilizing the security computer system that fabricates keycards for site Protected Area entry. The ID badges were produced in January, 2003 and given to the Fire Protection Department for the purpose of identification of Fire Brigade turnout gear and accountability. The Fire Brigade / Team ID badges had been inadvertently encoded with the same access ability (global) as the Fire Team / Brigade members' normal keycards. These Fire Team / Brigade keycards were located in various unsecured common areas around the plant.
Security took control of all known active Fire Team / Brigade ID badges in the protected area. The Fire Protection Department was contacted, and a determination was made as to what badges existed that were offsite. Security took control of those badges. The Site Access Coordinator electronically deactivated all Fire Team / Brigade member unescorted access keycards. These personnel were reissued a new unescorted access keycard after changing the issue code, which ensures that any potential outlying badges would not be useable.
This report does not describe a safety system functional failure.
NRC FORM 366A U.S. NUCLEAR REGULATORY COMMISSION (1-2001)
LICENSEE EVENT REPORT (LER)
TEXT CONTINUATION FACILITY NAME 1 DOCKET NUMBER 2
^ LER NUMBER 6PAGE 3
II I ~~~~~SEQUENTIAL I REVISION Kewaunee Nuclear Power Plant 05000305 YER NUMBER NERES 2 of 3 I003 S03 00 TEXT ( mom space is requre4 use aditio copies of NRC Form Wa) (17)
DESCRIPTION On August 15, 2003 it was discovered that Fire Brigade / Team identification (ID) badges that were produced on January 8, 2003 for all team members were active keycards. To fabricate these ID badges, the Security Management System (SMS) was utilized. This is the security system in which the Kewaunee Nuclear Power Plant (KNPP) protected area keycards are generated. With this system, the printer encodes that person's information in the magnetic strip on the back of the keycard, and it can be made active. To disable the ability to create an "active" keycard, an independent special file was utilized, which was utilized for making other ID badges. This special file was created in the security keycard database and excluded completion of mandatory fields that would allow that ID badge to become useable.
When making the Fire Team I Brigade ID badges this file was not used, and along with the transfer of the database picture, the information and authority from each individual's current active keycard was consequently transferred to the "ID Badge" making them active duplicate "keycards". There were a total of 119 Fire Team / Brigade ID badges created.
These keycards were then placed In the turnout gear of the Fire Team / Brigade members in various locations around the plant as well as offsite.
CAUSE OF THE EVENT The SMS Computer was not designed to create non-active ID badges. A workaround was utilized to complete the task without written guidance for this process. Further, there was a lack of understanding and communication to the end-user of what the badge disabling factor was and the appropriate use of the independent special file, when creating the ID badges.
ANALYSIS OF THE EVENT KNPP notified the NRC at 1315 hrs. EDT informing them of the situation of the uncontrolled keycards. This was reported as a one-hour reportable event, and is documented on the Reactor Plant Event Notification Worksheet EN 40078.
This determination was reported under 10 CFR 73.71 (b)(1) as a one-hour reportable event as described in 10 CFR 73 Appendix G paragraph 1 (c), which states in part "any discovered vulnerability in a safeguard system that could allow unauthorized or undetected access to a protected area, material access area, controlled access area, vital area, or transport for which compensatory measures have not been employed."
The event was reported as a one-hour reportable based on the number of keycards that were uncontrolled and the initial uncertainty as to how many keycards that had been fabricated. Further, due to the varied location of the ID badges, Security was not able to maintain physical control of the ID badges within the 10-minute required time frame.
NRC FORM 366A (1-2001)
NRC FORM 66A US. NUCLEAR REGULATORY COMMISSION (1-2001)
LICENSEE EVENT REPORT (LER)
TEXT CONTINUATION FACILITY NAME 1 DOCKET NUMBER 2 LER NUMBER 6 PAGE 3 I
I ~~~~E~ SEQUENTIAL IREVISION Kewaunee Nuclear Power Plant 05000305 NUMBER NUMBER 3of 3 2003
-S03 00 TEXT (fnwoe space is taquied, use adWonal coies ofNRC Fom MM8A) (17)
The uncontrolled active ID badges had the potential to allow unauthorized personnel access to vital areas of the plant. However, the unauthorized use of the keycards was unlikely for several reasons:
The appearance of the badge was drastically different from the normal issued KNPP Unescorted Access keycards. The ID badges were formatted vertically (portrait) with a bright red card face and person's picture with text below the picture reading "Fire Brigade/Fire Team Identification Card", in direct contrast to normal PA keycards that are in a landscape format with white card face and employee picture.
There were no personnel who had knowledge that these keycards may have been active.
The ID badges were only active during the time the owner of that duplicate badge was logged into the protected area.
A daily report (No Movement, Anti-Pass Back, Tailgate Report) run by the Central Alarm Station did not detect any keycard misuse during this time frame.
The ID badges, for use in the Protected Area, were only created for the Fire Brigade/Fire Team.
Due to the improbability that there was an unauthorized use of the keycards the health and safety of the public was not affected.
CORRECTIVE ACTIONS
- 1. Initially, Security took control of all known active ID badges in the Protected Area. The Fire Protection Department was contacted, and a determination was made as to what badges existed that were offsite.
Security then took actions to control those badges.
- 2. As part of further prompt corrective actions, the Site Access Coordinator electronically deactivated all Fire Brigade/Fire Team member unescorted access keycards. New unescorted access keycards were issued after changing the issue code, which ensured that any potential unknown ID badges would not be useable.
- 3. ID badges for the Fire Brigade/Fire Team have been fabricated utilizing plastic cards without a magnetic strip, to prevent the badges from being encoded and becoming active. Similarly, any other new ID badges made will be fabricated utilizing plastic cards without a magnetic strip.
- 4. Interim guidance was provided to the Site Access Coordinators to prevent inadvertent encoding of ID badges.
- 5. Guidance will be developed and proceduralized for the creation of keycards and ID badges.
- 6. A formal root cause evaluation is in progress, any additional corrective actions will be relayed to the KNPP NRC Resident Inspector.
SIMILAR EVENTS There are no similar events in regards to the fabrication of security ID badges.
NRC FORM 366A (1-201)