ML13252A410
| ML13252A410 | |
| Person / Time | |
|---|---|
| Site: | Clinton  |
| Issue date: | 09/09/2013 |
| From: | Robert Daley Engineering Branch 3 |
| To: | Pacilio M Exelon Generation Co, Exelon Nuclear |
| Stuart Sheldon | |
| References | |
| Download: ML13252A410 (3) | |
Text
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION UNITED STATES NUCLEAR REGULATORY COMMISSION REGION III 2443 WARRENVILLE ROAD, SUITE 210 LISLE, IL 60532-4352 September 9, 2013 Mr. Michael J. Pacilio Senior Vice President, Exelon Generation Co., LLC President and Chief Nuclear Officer, Exelon Nuclear 4300 Winfield Road Warrenville, IL 60555
SUBJECT:
CLINTON POWER STATION TEMPORARY INSTRUCTION 2201/004, INSPECTION OFIMPLEMENTATION OF INTERIM CYBER SECURITY MILESTONES 1 - 7INSPECTION REPORT 05000461/2013407
Dear Mr. Pacilio:
On August 9, 2013, the U.S. Nuclear Regulatory Commission (NRC) completed an inspection at your Clinton Power Station. The inspection covered the interim cyber security Milestones 1 - 7 of the security cornerstone. The enclosed inspection report documents the inspection results, which were discussed on August 9, 2013, with Mr. R. A. Schenck and other members of your staff.
The inspection examined activities conducted under your license as they relate to cyber security and compliance with the Commissions rules and regulations and with the conditions of your license. The inspectors reviewed selected procedures and records, observed activities, and interviewed personnel.
One NRC-identified finding of very low significance (Green) was identified during this inspection. The finding was determined to involve violations of NRC requirements. Further, five licensee-identified violations which were determined to be of very low significance (Green) are listed in Section 4OA7 of this report. The NRC is treating these violations as Non-Cited Violations (NCVs) consistent with Section 2.3.2 of the Enforcement Policy. However, in accordance with the Security Issues Forum (SIF) Charter, the NRC can exercise enforcement discretion during inspection of the interim cyber security measures for licensees who demonstrate a good-faith interpretation and attempt to implement Milestones 1 - 7. This discretion applies to licensees who have tried to implement the new requirements, but failed to be in full compliance. Before discretion is considered or granted for any issue, licensees must accept the finding, put the finding into their Corrective Action Program (CAP), and take appropriate corrective action once identified.
These issues were discussed and reviewed during the SIF Meeting conducted on August 21, 2013. The results of the SIF Panel review concluded that although these issues constituted violations of your facility operating license (FOL) and Title 10, Code of Federal Regulations (CFR), Part 73, Section 54, Protection of Digital Computer and Communication Systems and Enclosure contains Sensitive Unclassified Non-Safeguards Information. When separated from enclosure, this transmittal document is decontrolled.
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION M. Pacilio Networks, the NRC is not pursuing enforcement action because of your good-faith attempt to interpret and implement Milestones 1 - 7 and because of your prompt corrective actions to enter these issues into your CAP. Upon completion of all corrective actions, you are requested to provide written notification to the NRCs regional office as to the method and date of closure for the identified issue(s).
In accordance with 10 CFR 2.390 of the NRC's "Rules of Practice," a copy of this letter will be available electronically for public inspection in the NRC Public Document Room or from the Publicly Available Records System (PARS) component of NRC's Agencywide Documents Access and Management System (ADAMS). ADAMS is accessible from the NRC Web site at http://www.nrc.gov/reading-rm/adams.html (the Public Electronic Reading Room).However, the material enclosed herewith contains Security-Related Information in accordance with 10 CFR 2.390(d)(1) and its disclosure to unauthorized individuals could present a security vulnerability. Therefore, the material in the enclosure will not be made available electronically for public inspection in the NRC Public Document Room or from the PARS component of NRC's ADAMS. If you choose to provide a response and Security-Related Information is necessary to provide an acceptable response, please mark your entire response Security-Related Information - Withhold Under 10 CFR 2.390 in accordance with 10 CFR 2.390(d)(1) and follow the instructions for withholding in 10 CFR 2.390(b)(1). In accordance with 10 CFR 2.390(b)(1)(ii), the NRC is waiving the affidavit requirements for your response.
Sincerely,
/RA/
Robert C. Daley, Chief Engineering Branch 3 Division of Reactor Safety Docket No. 50-461 License No. NPF-62 Nonpublic
Enclosure:
Inspection Report 05000461/2013407 w/
Attachment:
Supplemental Information cc w/encl: M. Mayer, Clinton Acting Security Manager B. Westreich, NSIR R. Felts, NSIR S. Coker, NSIR J. Rogge, RI M. King, RII G. Miller, RIV N. Faith, Corporate Manager Cyber-Security C. Kelly, Corporate Manager Cyber-Security J. Klinger, State Liaison Officer Illinois Emergency Management Agency cc w/o encl: Distribution via List Serv' OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION M. Pacilio Networks, the NRC is not pursuing enforcement action because of your good-faith attempt to interpret and implement Milestones 1 - 7 and because of your prompt corrective actions to enter these issues into your CAP. Upon completion of all corrective actions, you are requested to provide written notification to the NRCs regional office as to the method and date of closure for the identified issue(s).
In accordance with 10 CFR 2.390 of the NRC's "Rules of Practice," a copy of this letter will be available electronically for public inspection in the NRC Public Document Room or from the Publicly Available Records System (PARS) component of NRC's Agencywide Documents Access and Management System (ADAMS). ADAMS is accessible from the NRC Web site at http://www.nrc.gov/reading-rm/adams.html (the Public Electronic Reading Room).However, the material enclosed herewith contains Security-Related Information in accordance with 10 CFR 2.390(d)(1) and its disclosure to unauthorized individuals could present a security vulnerability. Therefore, the material in the enclosure will not be made available electronically for public inspection in the NRC Public Document Room or from the PARS component of NRC's ADAMS. If you choose to provide a response and Security-Related Information is necessary to provide an acceptable response, please mark your entire response Security-Related Information - Withhold Under 10 CFR 2.390 in accordance with 10 CFR 2.390(d)(1) and follow the instructions for withholding in 10 CFR 2.390(b)(1). In accordance with 10 CFR 2.390(b)(1)(ii), the NRC is waiving the affidavit requirements for your response.
Sincerely,
/RA/
Robert C. Daley, Chief Engineering Branch 3 Division of Reactor Safety Docket No. 50-461 License No. NPF-62 Nonpublic
Enclosure:
Inspection Report 05000461/2013407 w/
Attachment:
Supplemental Information cc w/encl: M. Mayer, Clinton Acting Security Manager B. Westreich, NSIR R. Felts, NSIR S. Coker, NSIR J. Rogge, RI M. King, RII G. Miller, RIV N. Faith, Corporate Manager Cyber-Security C. Kelly, Corporate Manager Cyber-Security J. Klinger, State Liaison Officer Illinois Emergency Management Agency cc w/o encl: Distribution via List Serv' DISTRIBUTION:
See next page DOCUMENT NAME: G:\DRSIII\DRS\Work in Progress\CLI 2013 407 Cyber Security Cover Letter Only SNS.docx Publicly Available Non-Publicly Available Sensitive Non-Sensitive To receive a copy of this document, indicate in the concurrence box "C" = Copy without attach/encl "E" = Copy with attach/encl "N" = No copy OFFICE RIII RIII NAME SShelton:ls RDaley DATE 09/09/13 09/09/13 OFFICIAL RECORD COPY OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION Letter to Mr. Michael J. Pacilio from Mr. Robert C. Daley dated September 9, 2013.
SUBJECT:
CLINTON POWER STATION TEMPORARY INSTRUCTION 2201/004, INSPECTION OFIMPLEMENTATION OF INTERIM CYBER SECURITY MILESTONES 1 - 7INSPECTION REPORT 05000461/2013407 DISTRIBUTION:
Daniel Rich RidsNrrDorlLpl3-2 Resource RidsNrrPMClinton Resource RidsNrrDirsIrib Resource Cynthia Pederson Anne Boland Steven Orth Allan Barker Carole Ariano Linda Linn DRSIII DRPIII Patricia Buckley Tammy Tomczak ROPreports.Resource@nrc.gov OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION