ML20151P345
| ML20151P345 | |
| Person / Time | |
|---|---|
| Site: | Fermi  |
| Issue date: | 06/30/1988 |
| From: | NRC OFFICE OF INSPECTION & ENFORCEMENT (IE REGION III) |
| To: | |
| Shared Package | |
| ML20151N259 | List: |
| References | |
| FOIA-88-227 NUDOCS 8808090331 | |
| Download: ML20151P345 (7) | |
Text
l i
,p** "% UNITED STATES .
y" y 7 'g NUCLEAR REGULATORY COMMISSION
]
a* r, OFFICE OF INVESTIG ATIONS FIELD OFFICE. REGION lli (
"l
%..... oLEELUUt!UIEis Em REPORT OF INTERVIEW Interviewee Location Carolyn LARY
Dearborn,
Michigan On June 16 and September 30, 1986, Office of Investigations (01) Region III (RIII) Investigator Richard C. Kazmar interviewed Carolyn LARY regarding the use of an automatic data processing system at Detroit Edison Company's (DECO's) Femi 2 Power Plant for handling Safeguards Infonna' tion. Also present on the June 16 interview was Eugene T. Pawlik, Director, O!:RIII, and present during the September 30 interview was John W. McMahon, Investigator, 01:RIII.
l Carolyn LARY stated the following:
I. In June 1982, she was hired by DECO as a uniformed security guard and underwent about eight weeks of training, during which she was nade aware that procedures existed regarding the handling of Safeguards Infonnation. '
In about January 1984, she was assigned as a background investigator, and about four months later assumed collateral duties as a Nuclear Security Specialist (NSS) in the Nuclear Security Department (NSD), of which at that time, Stuart LEACH was Director. On the job training in her '
position as an NSS was received from Joan POTESKY (phonetic spelling), l which included some knowledge as to how to handle Safeguards Infonnation.
II. About mid-1985, DECO began to implement a computerized infonnation I processing system installed by Data General and designated by DECO as l "CEO," an acronym for Computerized Electronic Office. In her duties as an NSS, she familiarized herself with NRC regulations concerning Safeguards Information, particularly the section that relates to the I use of Automatic Data Processing (ADP) systems. l III. Shortly before July 1985, typewriters, which were used for Safeguards Infonnation, were starting to be removed from the NSD, and at this time, concerns were raised by LARY to the Nuclear Security Coordinator, Joseph KORTE, regarding the use of the CEO for Safeguards Infonnation.
Specifically, LARY had questions as to whet her the CEO met the guidelines as set forth in NRC regulations regarding ?.DP systems.
IV. Her concerns were presented to LEACH and she was instructed by LEACH to compose a memo. That memo, dated July 1, 1985 (Attachment A), was sent under the signature of LEACH to James PIANA, Director, Nuclear Administration, and a copy was sent to Wayne HASTINGS, who at that time was Contract Administrator, subordinate to PIANA.
V. LARY recalled that after the memo was sent, she told two secretaries in the NSD, Dorothy BALENT and Laura SIMPSON, not to use the CEO system (SIMPSON is no longer employed by DECO). LARY does not remember any response to the July 1,1985 memo.
EXHIBIT - i Case No. 3-86-006 1 PAGE I OF 7 - PAGE'S) 8808090331 880630 PDR FOIA MAXWELL 88-227 PDR _ _ _
l
4
- 1. .
VI. At the beginning of September 1985, HASTINGS assumed position of DNS, and LARY recalled telling him the the secretaries in NSD are not using the CEO pending a decision by DECO management. She also recalled that on one occasion, herself along with Sam THOMPSON, Assistant DNS, KORTE, and HASTINGS had a conversation with Terry J. MADEDA, NRC Inspector, regarding the use of CEO and Safeguards Infonnation. MADEDA asked if there were lines that went offsite and cautioned that if they were not certain, they should avoid processing Safeguards Information on the CEO.
HASTINGS directed KORTE to research the matter and draft a memo.
VII. On September 30, 1985, KORTE sent a memo (Attachment B) to HASTINGS via the CEO in which reasons are listed as to why the CEO could not be used for Safeguards Infonnation. LARY ststed that she was aware that KORTE had received a printed response via the CEO that HASTINGS had seen the contents of the memo.
VIII. Shortly after the September 30, 1985, CEO memo,Cindy CODY replaced BALENT as secretary to HASTINGS. LARY recalled instructing CODY not to use the CEO system for Safeguards Information. !
IX. About the end of October 1985, a security event occurred at Fermi which required a followup letter to the NRC. LARY recalled that she saw CODr at the CEO printer, which is next to the coffee pot table, and as LARY approached the table, CODY spontaneously remarked something to the effect, "I didn't want to do it" and "he told me I had to do it." LARY stated that she asked CODY what she was talking about and then observed the draft of the letter to the NRC coming off the CEO printer. LARY stated that she walked away and then discussed the matter with KORTE.
X. LARY stated that she arranged a meeting with NRC Inspector Gary PIRTLE and at that time, she informed PIRTLE as to the incident. LARY stated .
that she knew that PIRTLE had subsequently made several inquiries into ;
the matter and had indicated to her that her concerns about the CEO may )
be valid. 1 l
XI. LARY also stated that she had reviewed NRC Inspection Report No. 50-341/
85047 (Attachment C) and in regards to the statement in Paragraph 2, page 38, "the Director, Nuclear Security... briefed appropriate security and administrative members that no Safeguards Infonnation was to be entered in the 6 TOC 100/CE0" system is not true. LARY emphasized that I she does not recall HASTINGS telling herself or anyone else in Nuclear I Security not to use the CEO system for Safeguards Infonnation. l EXHIBIT -
Case No. 3-86-006 2 PAGE b OF 7 PAGE(3)
$& --( *
- Date: July 1,1985 JNS-85-0096 Tc!
James L. Plana Director-Nuclear Admi istration Frem:
Stuart D. Leaf ,$ 46(
Dzrector-Hulcear eeurity /
Subject!
CEO - Prctection of Saferuards Information Certain members pessibility of my staff have expressed a con cern over the material being inputted into the CEO System.of Safeguards re flec t Preliminary research by my staff has uncovered certain fa this nature. may Fluse contact se as I uould appreciate your researching this satter more extensively. assistance in SHL/an.-
ct:
L. Waync Hastings i
i l
n 3-86-006 EXHlelT pgg, e op 7 . pAogo Enclosure 3 gymg,My- A p.ft' R- 006.9 en.;., L
WAYNE, PER YOUR REQUEST RATE AND I HAVE INVESTIGATED THE
'POSSIBLE USE OF $0 FOR HANDLING SAFEGUARD! NPORMATION 2 (S.I .) . WE TOOK INFORMATION FROM NUREG-0794, DROTECTION OF C)l i
DNcLAEEIFIED EAFEGUARDE INPORMATION. NRC INSPECTION AND
" ENFORCEMENT INSPECTION PROCEDURE 81819, REISICAL PROTECTION 3AEEGUARDS INFORMATION, AND NOIP 11.009.114 WE HAD A CONVERSATION WITH J. CREED AND T. MADEDA CONCERNING THE Ct:
MATTER, AND TALKED WITH COMPUTER SERVICES PERSONNEL. C)
AFTER RESEARCHING THESE SOURCES AND TALKING WITH THE NRC, WE HAVE THE FOLLOWING REASONS WHY WE COULD NOT USE CEO FOR
$ I HANDLING SAFEGUARDS INFORMATION.
- 1. THE SYSTEM IS NOT SELF-CONTAINED WITHIN THE FACILITY. WE HAVE FOUR LINES THAT GO DOWNTOWN.
2.
h l THE LINES ARE UNPROTECTED PHONE LINES BECAUSE THEY ARE LM NOT PROTECTED BY ANY KIND OF ENCRYPTION DEVICE. W
- 3. PERSONNEL, "SUPER USERS" HAVE THE AVAILABILITY TO GAIN ACCESS TO ACCOUNTS OTHER THAN THEIR OWN.
- 4. DOCUMENTS DISCARDED INTO THE WASTEBASKET ARE STILL AVAILABLE TO ANYONE GAINING ACCESS TO THE ACCOUNT UNTIL THE JANITOR CLEANS THE ACCOUNT.
5 THE POSSIBILITY OF CREATING A SA?EGUARDS DOCUMENT ON CEO WAS RESEARCHED. THE ONLY SAFE WAY TO DISPOSE OF THE ,
l INFORMATION CONTAINED IN THE DOCUMENT IS TO DELETE THE DOCUMENT ONE LINE AT A TIME, RATE SURVEYED LAURA SIMPSON,
)
KAREN HARBAUGB, DOROTHY BALENT, AND JAN SYPE, EACH OF THEM !
- STATED THAT IT WOULD TAKE MORE TIME TO CREATE THE DOCUMENT IN ORDER TO PRINT IT AND THEN HAVE TO DELETE EACB LINE THAN IT WOULD TAKE TO TYPE THE DOCUMENT ON THE TYPEWRITER.
- 6. IN CONJUNCTION WITH NUMBER 5, IF THE DOCUMENT HAD TO BE EDITED AND WAS STORED POR A PERIOD OF TIME DURING PROOF READING, THE DOCUMENT WOULD BE ACCESSIBLE FOR THIS PERIOD.
i ShFEG M'"vu g u m,Me,i,,vy .,
n EXHIBIT . c
. 3-86-006 pAos _ l OF _ '7 - FACES) krcwAmcur %
. I e
I l
l l
l 14.
Physical Protection Safeguards Information (IP 81810):- One pote'ritfal' " ~~ ~
violation was noted during this inspection period.
10 CFR 73.21(a) states, in pert, "Each licensee who. . .(2) is authorized to operate a nuclear power reactor, . . .shall ensure that Safeguards Information is protected against unauthorized disclosure. To meet. this general performance requirement, licensees. . .shall establish and i maintain an information protection system that includes the measures specified in Paragraphs (b) through (1) of this section."
F oar m A3TO \l : n ) V A " Th wru ut n 1 su o v. o i o v"-
3-B6-006 N " HI 4 36 5 7 PAGE- OF -FACEN)
. . % . . ~. . . ,- 0 .
..e u
- c. -
hh s a i n uuT TM #)
10 CFR 73.21(h) st6tes, in part, "Safeguards information may be processed or produced on an ADP system provided that the system is self-contained within the licenste's or his contractor's facility and requires the use 1 t
of - =: try code fur access to stored information."
%.14.4 of Fermi 2 Nuclear Operations Interfacing Procedure i J, "Protection'of Safeguards Information," approved j
i -
.2,1984, states, in part, "Safeguards information say be or produced on an automatic data processing system; if the
- self-contained within a controlled access area, it uses an
- a. e , code known only to authorized individuals, and it cannot transmit infcreation offsite." .
Contrary to the above, a document designated by the licensee as Safeguards !
Jnformation was processed in part of an ADP system (100GTOC and CEOMV8) i which had access terminals that were not self-contained in controlled !
access areas and which had an offsite transmitting capability, Additionally, personnel not designated by the licensee to have access to j Safeguards Information could have gained access to the portion of the ADP system which contained Safeguards Infomation. The Safeguard Information in the ADP system would not significantly assist an individual in an act of radiological sabotage or theft of special nuclear materiai.
(341/85047-25).
The potential for a violation of the nature cited above was discussed with i security management during the September 30-October 4,1985 insp2ction i
9 period.
At that time, the security department was considering putting Safeguards Information, to include security plans and procedures, into their CEO data processing system. They were cautioned by the inspectors t
to assure th4t the system met all of the criteria for a secure system as required by 10 CFR 73.21 and their procedures pertaining to their Safeguards Information Program. Moreover, in July 1985, the past i Director, Nuclear Security, advised the Director, Aininistrative Services. l cf the potential for violation of Safeguards Information requirements if Safeguards Information was entered in the existing data processing system.
Interviews with the Of rector, Nuclear Security disclosed that one docunent, of approximately four pages, had been entered into the data processing system. i The document was a Security Event Report pertaining to fatiure to provide edequate access controls to the primary containment portion of the fif th floor of the reactor building (refer to Paragraph i 10.b for related information). The document was entered in the I
inadequately secured data processing system because the five day time limit for submitting a written report to the NRC pertaining to the incicent was different near and the document required review and coment by several personnel.
The document could be sent electronically to these persons the report submitted ontherefore for review and time. enable the review to be completed and The Director, Nuclear Security stated that he was not aware that the data processing system had an offsite transmitting capability (a recent 9 innovation) and thought that the data could be retrieved only at kkb db N 3-86-006 S
$3 _4 I
. u . . . ,
9 v.
A k
+,4 :pn_l ,A,7, 'W l \ :fD
., w U ATitniivl3 terminals located within the Security Department portion of the uTOC 9 building. The inspector's interviews with the Supervisor, Computer Services, disclosed that the system had recently been modified to allow offsite transmission of data and that some personnel (approximately 12) who were not designated for access to Safeguards Information (referred to as "Super Users") could gain access to the data from several locations onsite. There was no evidence to confirm that the Safeguards Information I was retrieved or transmitted by unauthorized means. l l
The Director, Nuclear Security, had the Safeguards Information removed I from the data processing system and briefed appropriate security and administrative staff members that no Safeguards Inforsation was to be entered in the GTOC 100/CEO system until it had been modified to meet protection criteria in 10 CFR 73.21 and the Itcensee's procedural guidance.
l l
l l
l
- c. fg gg[; [w(!! (i.
u,..;i t -vN lhlsis' NIINIVl
- ' ' ' 4 l IUlv EXHIBIT ; k 2-86-006 PAGE. l . OF 7 38 PAGE(S)
_. . . . - _ - - .