ML20202E085

From kanterella
Jump to navigation Jump to search
Submits Addl Info Re Security Related Issues at SONGS as Discussed at 980120 NRC Pre-decisional Conference.Licensee Comments on Insp Repts 50-361/97-24 & 50-362/97-24 & Tab M4-D of Safeguards Contingency Plan,Encl
ML20202E085
Person / Time
Site: San Onofre  Southern California Edison icon.png
Issue date: 02/03/1998
From: Nunn D
SOUTHERN CALIFORNIA EDISON CO.
To:
NRC OFFICE OF INFORMATION RESOURCES MANAGEMENT (IRM)
References
50-361-97-24, 50-362-97-24, NUDOCS 9802180062
Download: ML20202E085 (32)
v  d  e


Text

-.

I s'

EDISON n%;""

$0UlHiltN LAllf olfNIA An (Dl50N l%'7f RN47/ON41 Compant February 3,1998 U. S. Nuclear Regulatory Commission Document Control Desk Washington, D.C. 20555 Gentlemen:

Subject:

Docket Nos. 50 361 and 50-362 AdditionalInformation Pre Decisional Enforcement Conference San Onofre Nuclear Generating Station, Units 2 and 3

Reference:

Letter from Mr. Arthur T. Howoll,111 (USNRC) to Mr. Harold B. Ray (SCE), dated December 24,1997 On January 20,1998, Southern California Edison (SCE) attended an NRC Pre-Decisional Enforcement Conference to discuss security related issues at the San Onofre Nuclear Generating Station (SONGS). During this meeting, SCE agreed to provide additional information on: (1) compensatory measures and implementing procedures; (2) patrol route demonstration; and (3) specific comments on Inspection Report 97-24. This letter provides the requested information, as follows:

1.

COMPENSATORY MEASURES AND IMPLEMENTING.*ROCEDURES Regulatory Basis The Physical Security Plan (PSP), Safeguards Contingency Plan (SCP),

Security Force Training & Qualification Plan, Security procedures, and Security supplemental instructions, provide a framework of documents which, taken

/pl)/

together, implement the security program for SONGS.

In accordance with 10 CFR 73.20(c), the SCP specif!es compensatory measures to be taken during specific security situations. As a procedure, the SCP details the actions to be implemented by the Security Division to compensate for the failure of specific security related equipment or to respond to specific threat situations.ko

~

A g

l'. O. Ikw I28 t.

4d fat 714 %8-i440

a Document Control Desk February 3,1998 Detailed compensatory measures were listed within the SCP ' Security Event Tabs." Tab M4-D was the procedure SCE had used to respond if the primary and backup security computers becort.o inoperable. When conditions warrant, SCE Security Shift Commanders, using their dedicated copy of the SCP, would activate Security Event Tab M4 D, and follow the exact procedure steps of Tab M4-D. A complete (decontrolled and non Safeguards Information) copy of Tab M4 D (original 1989 and current 1995 versions) is provided in Enclosure 1 to this letter.

10 CFR 73.55(b)(3) states in part:

"The licensee shall have a management system to provide for the development, revision, implementation, and enforcement of security procedures. The system shallinclude: (i) Written security procedures that...

detall the dulles of guards...."(emphasis added) 1 As can be seen by Enclosure 1, the information included in Tab M4-D includes:

(a) description, (b) response objectives, (c) list of key personnel, (d) decisions and actions, (e) data requirements, (f) other pertinent information, (g) sub-sequent actions, and (n) e responsibility matrix. Consequently, Tab M4-D meets the requirements of 10 CFR 73.55(b)(3), and the ANSI N45.210-1973, " Quality Assurance Terms and Dsfinitions," definition of a procedure, which states in part:

  • Pmcedure - A document that specifies or describes how an activity is to be performed. It may Incit!de methods to be employed, equipment or materials to be used and sequence of operations."\\ emphasis added)

Additionally, there are actions listed within Tab M4 D which are clarified through other means such e. Security supplemental instructions and training. One of the steps in Tab M4-0, (1995) states in part:

  • Deploy the security force to compensato for failed channels." This particular step is accomplished using Security supplemental instructions and training for complete implementation.

Supplemental instructions and training are not required to be institutionalized in the SCP or a separate procedure. Allowing licensees the ability to use Security supplemental instructions and training is consistent with ANSI /ANS-3.2-1994 (formerly N18.7), American National Standard, " Administrative Controls and Quality Assurance for the Operational Phase of Nuclear Power Plants," Section 5.3.3, " Level of Dotail," as follows:

I e'

3-February 3,1998 Document Control Desk

  • Each procedure shall be sufficiently detailed for an Individual to perform the l

required function without direct supervision, but need not provide a complete descrintion of the system orplant process. The levelof deteIIin the procedure should be commensurate with the qualifications of the individual normally performing the function." (emphasis added)

As part of their duties, security guards and their supervision either direct a guard patrol to be implemented or perform the patrols themselves. Thus, for a security computer outaDe, Tab M4 D direction to " deploy the security force...' would be commensurate with the qualifications of the individual normally performing patrol

duties, The following three methods meet the above ANSilANS-3.2-1994 guidance, and were used to ensure Security personnel were aware of the details of the patrol routes: (1) Security supplemental instructions (instruction sheets) were provided from the Supervisor of Security Operations to the Security Shift Commanders listing the patrol routes (see Enclosure 2); (2) training; and (3) patrol routes were marked on information cards attached to the security badges of security guaris.

The badges and information cards were required to be worn by Security personnel when inside the protected area. A copy of this card is provided in.

Implementation The Security supplemental instructions and aids were utilized in several -

instances in 1997 when the primary and backup securitv computers were coincidently inoperable. As discussed in detail in LER 1-97-003, these outages occurred as follows:

Date of Occurrence Period of inoperability May 20,1997 about 23 minties July 29.1997 about 21 minutes October 30,1997 about 93 minutes oecember 19.1997 about 20 minutes

- While Security Event Tab M4 D has been in use since 1989, the Security supplemental instructions have changed during the above periods as 4

_y

.m

Document Control Desk February 3,1998 enhancements were implemented. The following table details when the various items were issued or revised, l

Date Dncument Changes / Basis 1.

October 27,1989 Safeguards Contingency Plan, Rev 07 Added Tab M4-D 2.

December 22,1994 Supr.lemental instructions (patrol route Used for May 20,1997 event compensatory measures) for Tab M4-0, approved and signed by Supervisor of Security Opetations 3.

July 1997 Supplemental instructions (patrol route Enhanced patrol routes used for compensatory measures) for Tab M4 D, July 27,1997 event approved but not signed by Supervisor of Security Operations 4.

August 1997 Supplemental instructions (patrol route Same as 3 above (no changes compensatory measures), approved and from July 1997 version). used for signed by Supervisor of Security October 30,1997 event

.l Operations 5.

December 1997 60123-VI-6.8,' Protected A'en and Vital Subsequent to NRc inspection, Area Barrier Patrols'(draft). Approved by roving patrols changed to guard Supervisor of Security opvations, in final posting pending regulatory approval routing on Decen oer 19,1997.

resolution, and moved from instructions to procedure. used for DecemDer 19,1997 event 6.

January 13,1998 So123-VI-0.8,' Protected Area and Vital Procedure revision issued Area Barrier Patrols' As indicated in item 2, supplemental instructions in use on May 20,1997, were provided to the Security Shift Commanders in 1994, Although the 1994 supplemental instructions were signed and dated by the Supervisor of Security Operations, there is no requirement to do so. Appropriate security personnel were trained on the supplemental instructions, which were used in the May 20, 1997, dual security computer outage.

Subsequent to the May 20 event, in mid-July, the Supervisor of Security Operations reviewed the 1994 instructions and made enhancements to the patrol routes, to improve response efficiency. Revised pages were provided to the Security Shift Commanders at the direction of the Supervisor of Security Operations. The revised pages were not signed /daNd; and as noted above, there is no requirement for supplemental instructions to be signed. The supplemental instructions were used during in the July 27,199_7, dual security computer outage, and were demonstrated to be an improvement to the earlier version.

l l

l l

l

9 Document Control Desk February 3,1998 The Supervisor of Security.Operationc reissued the enhanced patrol route supplemental instructions under his signature shortly thereafter in August 1997 without further modifications. As used in the July 27 event, these same patrol routes were successfully used for the October 30,1997, dual security computer

- outage.-

Subsequent to NRC Inspection 97-24, Security elected, as a prudent measure

- pending regulatory resolution of these issues, to: (1) change some :

compensatory measures from roving patrols to posted guards; and (2) impose additional administrative controls on the Tab M4-D patrol routes, by moving them from supplemental instructions to the routine patrol procedure SO123-Vl 6.8,

" Protect 1d Area and Vital Area Barrier Patrols." This change was in draft form at the time of the December 19,1997: dual security computer outage, and had been reviewed and approved (but not signed) by the Supervisar of Security Operations prior to his providing it to the Security Shift Commanders as a replacement to the supplemental instructions. The draft procedure guidance was used successfully _to compensate for that outage. The revision was issued on January 13,1998.

_2.

PATROL ROUTE DEMONSTRATION During the week of November 17,1997, an NRC inspector asked a security guard to demonstrate knowledge of patrol route #2 (which included vital area doors and junction boxes). - When asked by the NRC, this guard was able to -

demonstrata knowledge of the doors oa route #2, but could not recall the location of junction boxes by identification number alone.. Consequently, the -

NRC questioned the adequacy of SCE's security guard training in this regard,

- and the adequacy of the computer outage compensatory measures.

SCE subsequently interviewed this guard and concluded he did have knowledge gaps and required refresher training, but the guard was able to correctly recite the patrol. routes, including the location (but not identification number) of applicable junction boxes.

This guard did patrol foi one hour only on patrol route #3 for the October 30, 1997, event; However, the adequacy of this guard's knowledge did not

_ decrease the effectiveness of the compensatory measures implemented for that event because (1) patrol route #3 is a two-guard route, and (2) patrol route #3 -

does not require junction boxes to be checked. he was not involved in the earlier events.-

s 6-February 3,1998 Docurnent Control Desk 3.

INSPECTION REPORT COMMENTS provides a table containing SCE's comments on the inspection report.

if you have any further questions, please contact me.

Sincerely, s

\\

Dwight E. N in

Enclosures:

As stated cc:

E. W. Merschoff, Regional Administrator, NRC Region IV K. E. Perkins, Director, Walnut Creek Field Oifice, NRC Region IV M. B. Fields, NRC Project Manager, Nuclear Reactor Regulation J. A. Sloan, NRC Senior Resident inspector, San Onofre Units 2 and 3 I

-n,-r-e pr a-

-w y----

I

'4 t

SAFEGUARDS CONTINGENCY PLAN c

PAGE 2 105 l.

DATE 8 8 " * "

REVISION 7

ICTS M4-D LOSS OF SECURITY COMPUTER Detr /-S'~ T SECON YELLOW Sopy latt_D C SCTS Descriotion SECURm Uncompensated loss foriginal capability cc.nnot be restored or compensatory measures cannot be < mplemented within 10 minutes of discovery of-the event) of the ability to monitor or remotely as5ess PA/VA alarms (loss of power, loss of alarms 7

to the CZTs and printers in the CM/SAS, or loss of one or more channels of.the security computer system) which could allow unauthorized or undetected access, has occurred.

Resoonse Ob.iectives Category 1 Response, " Threat Assessment." The response obl,ectives are to 1) implement compensatory measures to offset the loss; 2) restore the security computer system's original capability as soon as practicable; and 3) determine if the loss wss the result of a deliberate adversary act.

Ke*, Personnel 7

i CAS Supervisor Station Computer Group Security Management Operations Shift Superintendents Security Force Contract Firewatch Shift Supervisor Security PA Roving Patrol Force Deputy Station Manager Security Compensatory Logging Posts Station Manager Emergency Preparedness Decisions and Actions b otify the Station Computer Group (Security Computer Engineer).(Action 1)

N Normal:

CAS Supervisor Minimum:

N/A Notify the SC.

(Action 2)

Normal:

CAS Supervisor Minimum:

N/A O onduct a PA turnstile and VA portal check on one alarm point (neart t

the CAS) loss,ifrequired., on each security computer monitoring channel, to determine the es: tent tha (Action 3) 7 Normal:

CAS Supervisor Minimum:

N/A What caused the loss and how long will it take to restore the secur.ity _ computer system to normal operations?

(Decision 1)

' Normal:. Security Computer Engineer Minimum:

N/A O otify the Operations Shift Superintendents.

t N

(Action 4)

Normal:

SC Minimum:

N/A 0259h

-SATE 00AR00 I"T0n"AT 0N - O J

+

SAFEGOARDSCONT!?iGEidYPLAN

,, j), g 2 0 f)ECONTR0llED Date:

/- NV REVISION 7

M4-0 Decisions and Actions (Continuedl D/ff SECURITY Notify the on-Site security force; Supervisor of Security Operations; Manager, Station Security; Deputy Station Manager; Station Manager; and Emergency Preparedness.

(Action 5)

Normal:

SC Minimum:

N/A U an security uniformed and non uniformed on-Site manpower suppcrt the C

additional security duties and ressonsibilities required in implementing the l

anticipated security response to t11s SCTS?

(Decision 2)

Normal:

SM Minimum:

N/A U otify, assemble (rally point or other location), and brief (asing the N

appropriate security computer loss scenario (s)) the security PA roving patrol force (sufficient security foret members equipped with hand-held radios to cover affected plant locations).

(Action 6)

Normal:

SC Minimum:

N/A U eploy the security PA roving patrol force to conduct surveillance patrols of D

the affected plant locations.

(Action 7)

Normal:

SC Minimum:

N/A l

C ncrease the number and frequency of roving patrols in the affected area (s).

I (Action 8) l Normal:

SC Minimum:

N/A U otify, assemble (rally point or other location), and brief (using the N

appropriate security computer loss scenario (s)) security personnel who will man i 7 PA/VA compensatory logging posts.

(Action 9)

Normal:

SC Minimum:

N/A l

Deploy the security personnel (Action 9) to establish security compensatory logging posts at the affected PA entry points and VA alarm points and relieve security PA roving patrol force members who are no longer required, if applicable.

(Action 10)

Normal:

SC Minimum:

N/A U otify the Contract Firewatch Shift Supervisor.

Assign security escort (s),

N with override keys, to accompany firewatch personnel conducting fire surveillance technical specification inspections, if required.

(Action 11)

Normal:

SC Minimum:

CAS Supervisor U otify the NRC Resident Inspector's office.

N Provide follow up notifications, l

as required.

(Action 12)

Normal: SM Minimum: N/A Notify the NRC Operations Center.

Provide follow up notifications, as required.

(Action 13)

Normal: SC Minimum:

N/A O otify NRC-v Safeguards Section.

Provide follow up notifications, as required.

(

N

]

(Action 14)

Normal:

SM Minimum: N/A 0259h

-SAFEGUADDS INFORMATIC" OS

SAFEGUARDS CONTINGENCY PLAN PACE 2 107 DATE o.n.ee REVISION 7

M4-0 Decisions and Actions (Continued)

O as the root cause(s) for the loss been determined by the Station Computer H

Group / vendor?

(Decistor 3)

Normal:

SH-Minitum:

CAS Supervisor

-O !f the root cause(s) have been determined to be the result of a deliberate adversary act, notify the FBI.

If the FBI intends on dispatching agents to-the 7

Site, request their ETA.N/A(Action 15)

Normal:

SM Minimum:

Oprovide assistance to the FBI upon their arrival on the Site, if required, t

(Action 16)

Normal: SM Minimum:

N/A O

ould th'e SCTS or SECON 1evel be revised (Next Step)?

(Decision 4)

Sh Normal:

SH Hinimum: N/A Data Reauired D

1)

Sueolementa1 Securitv Procedures:

g j 5-,,9 50123-IV-5.1.3, Security Computer System g

(

S0123-IV-7.3, Law Enforcement Agency (LEA) Notification SECURITY 7-50123 IV-11.2, Reporting Safeguards Events

2) Other Pertinent-Documents and Information:

Preplanned scenarios for predesignated security post assignments and patrol routes, contained in the SC's post order binder. to compensate for the range of security computer system failures (loss of power, loss of alarms to the-CRTS and printers in the CAS/SAS, and loss of channels #1 through #7).

7 Preplanned scenarios for predesignated security-post assignments and patrol routes, contained in the SC's post order binder, to increase security at specific plant locations in Units 1, 2 and 3 that are essential.to the safe operation of the plant or vulnerable to radiological sabotage (monitoring entries into VA portals / gates, patro111ag PA locations, and patrolling VA locations).

-Next Sten SCTS S1, SECON ORANGE, if the security computer system has been sabotaged.

SECON GREEN, when SCTS has been terminated.

7 S.ECGN-GREEN CODE 4, when normal security operations have been resumed.

t s

i 0259h

-3AFEGUAR00 DTOTJiAiiun b3

~

'h RESPON ITY MATRIX br REVISION: 7 E ?

"i THREAT SITUATION: LOSS OF SECURITY COMPUTER U M 4 rn RESPONSE OBJECTIVE: THREAT ASSESSNENT DATE:

Io-27-ae PAGE: 4-67 9

SECURITY CONDIT10H: M4-D SECON TELLOW DECISIONS AND ACTIONS RESPONSIBLE PERSON /0RGANIZATION SECURITY FORCE ACTIDN 1: Notify the Station Computer Group (Security Computer Engineer).

Normal: CA5 Supervisor Provide location and extent of loss (CAS. SAS. Data Minlanm: N/A gathering panel, access control panel).

ACTION 2: Notify the SC.

Normal: CAS Supervisor Contact SC using PAX, security radio system.

Mintam: N/A ACTION 3: Conduct a VA portal checit on one alarm point (nearest the CAS).

Normal: CAS Supervisor Determine the extent of the loss, if required.

on each secrity computer monitoring channel.

Minisue: N/A DECISION 1: What caused the loss and how long =111 It take to restore the llormal: Security Casputer Engineer Security escort for lavestigative/ repair personnel.

security ccenputer system to normal operations?

Minimum: N/A i

ACTION 4: Notify the Operations Shift Superintendents.

Ilormal: Security shif t Commander Provide location and extent of loss.

Minimum: N/A ACTION 5: Notify the on-Site security force: 550Ps: MGR. Station Normal: Security Shif t Conssander Increase observation for suspicious activity or Security: Deputy Station Mgr: Station Manager: and Emergency Services.

Minimas: N/A unusual behavior, h

DECISION 2: Can on-Site uniformed /non-uniformed secu-Ity manpower assets Normal: Senior Manager On-site support the potential additional security requirements?

Mlnlam: N/A ACTION 6: llatify assemble, brief, and issue equipment to the PA rowing Normal: Security Shif t Commeer4er Use the appropriate security computer loss patrol force.

Minlaus: N/A scenarlo(s). (suf ficient security force members equipped with and-held radios to cover affected plant locations).

ACTION 7: Deploy PA roving patrol force.

Normal: Security Shif t Commander Condact survelliance patrols of the affected plant Minismsu: N/A locations.

ACTION 8: Increase the number and frequency of roving pateols in the Sc mal: Security shift r

- vr-Overlap patrols routes. Periodically report affected area (s).

Minisue: N/A position to SC.

ACTION 9: Notify assemble (rally point er other location), and brief Normal: Security Shift Cossmander Use the appropriate security computer loss security personnel who will man PA/VA compensatory logging posts.

Min tumsm: N/A scenarlo(s).

Ar'!ON 10: Drploy the security personnel in (Action 9).

Normal: Security Shift Consmander Establish security compensatory logging posts at the

(

Minimum: II/A affected PA entry points and VA alare points and relieve security PA rowing patrol force see6ers who are no longer required. If applicable.

ACTION 11: Notify the Contract Firewatch Shift Supervisor.

Normal: Security Shif t Consmander Assign security escort (s), with override keys, to Minlaum: CAS Supervisor accompany firewatches conducting fire survelliance technical specification inspections, if required.

I h SAFFf;IIAffK 0261h TNE0RNATJON-

N RESPON'

.ITY MATRIX REVISION: 7 THREAT SITUATION: LOSS OF SECURITY COMPUTER DATE:

io.27-eo RESPONSE OBJECTAVE: THREAT 1.SSESSNENT PAGEt 4-68 SECURITY CONDITION: M4-D SECON YELLOW I

DECISIONS aND ACTIONS RESPONSIBLE FEkSON/0RGANIZATION SE*"RITY FORCE ACTION 12: Notify the NRC Resident inspertor's o* flee. Provide follow Normal: Senior Manager On-st's Provide estimate on abl1tay to counter $ CTS, up, as requir.4.

Minimum: N/A Site / Station personnel nottfled. FBl/ LEA resiase/ ETA. security measures iglemented/ planned.

and deployment of security force.

ACTION 13: Notify the NRC Operations Center. Prow?de f311ow up, as Normal: Senior Manager On-site ditto - Action 12 required.

Minimum: N/A 1

ACTION 14: Notify the NRC-1 M eg.ards Section. Frovide follow up, as Normal: Senior Manager on-site ditto -- Action 12 required.

Minimum: N/A DECISION t i.as the root cause(s) for the loss been determined by the Normal: Senic1 Hanager On-site Station C% ster Grcupfvendor7 Minime:

CAS 4 pervisor d

i ACTION IS: If the rcot cause(s) have been determined to be the result of Normal: Senior 18snager Cn-site If the FBI intends on dispatching agents to the o deliberate adversary act. notify the FBI.

- Ministst: N/A Site, request their ETA.

ACTION *16: Provide security tactical /adninistrative support to the Normal: Senior e-eer on-site Provide suppsrt facility /capabt fitles. e.g., coneand F81/ LEA. If required.

Minimum: N/A center (plant side), security liaison, nimber armed

/unarred security members es,8:os. nd vehicles.

DECISION 4: Should SCTS or SECON level be revised {Next Step)?

Normal: Senior Manager On-site SCTS St. SECON ORANGE. If tne security computer Minimum: N/A system has been sabotaged.

j SECON GREEN. when SCTS has been pulllf ted.

i SECON GREEN CODE 4. when normal security operations I

have been resumed.

l keg b

+,

k L.,

4 j

ft a 0261h D-SAFE 60ARD5 iNF01NAT-IDF-O'

SAFEGUARDS CONTINGENCY PLAN PAGE 2-55 DATEks? 31 togs 4

REVISION 14 TS M4-D-LUSS OF SECURITY COMPUTER SYSTEM

/

PRECAUTIONARY SECON YELLOW ik TS Description Uncom)ensated failure of the Security Computer Systera (SCS), which could allow unautlorized or undetected access to the PA/VAs, has a, curred.

.)

Response Obhetives

1. Compensate for failure of affected channels.
2. Determine if failure is threat related.

s Hecisions arti.htions Declare TS M4-D, Precautionary SECON Yellow.

(SCAction1) j Initie.te HSSA_ Plan.

(SCAction2)-

Deploy security force to compensate fcr failed channels.

(SCAction3) lh

  • . Initiate investigation to determine cause of loss.

(SCAction4)

Determine need for Security recall.

(SCDecision1)'

Notify key personnel / agencies (Security Notification Checklist).

i.

(AdminAction1)

Revise SCTS or SECON as required.

(SC Decision 2)

DECONTROLLED m /-)'1?'

s

sep, btf:

Oler3 SECURITY

(

BOOK NO.C-7

-SAIEC"AEOS !%I0hl1UN hj COPY NO. /l, OFL -

+

SAFEGUARDS CONTINGENCY PLAN PAGE 2-56 6

DATE MAY % i iog REVISION l'4 Data Reautred Supplementel Security Procedure S0123-IV-5.1.3, Security Computer System 50123-IV-11.2, Reporting Safegesrds Events Other Pertinent Documents and Information Recommended preplanned scenarios for predesignated security post assignments ard patrol routes, contained in the SC's post order binder, to compensate for the range of security computer system failures (loss of power, loss of clarms to the 4

CRT's and printers in the CAS/SAS, and loss of channels #1 through #7).

l14 N_pt Steo SCTS I2, SECON ORANGE,if an intrue." in the PA/VAs has been confirmed.

114 SCTS S1, SECON ORANGE, if the PA perimeter 105 has been sabotaged.

a,t-SECON GREEN,.when SCTS has been terminated.

SECON GREEN CTE 4, when normal se.curity operations have been resumed.

't our /-r-SP -

sep, D64 latt --

SECURITY

.li.

g COPY NO. [L. OFk

- e I

RESPONSIBILuY MATRTX (PRECAUTIONARY SECOM) 1h HEVISIQ4:

14 THREAT SITUATION:

LOSS OF SECURITY COMi' UTER SYSTEM DATE: FLAY 5112 RESPONSE OB.1ECfIVE:

THREAT ASSESSMENT PAGE: 4-49 StCURITY CONDITION:

M4-D PRECAUTIONARY YELLOW Decisions an:1 Actions -

Responsible Security Force Person / Organization TACTICAL ACTION 1: Declare TS Normal: SC Implement Response Plan.

M4-D, Precautionary SECON Yellow.

Minimum: N/A TACTICAL ACTION 2:

Initiate HSSA Normal: SC Plan.

Minimum: N/A TACTICAL ACTION 3: Compensate Normal: SC Deploy force to compensate for for failed channels.

Minimum: N/A failed channels.

Determine the probable cause af ik TACTICAL ACTION 4:

Initiate Normti: SC investigation to determine cause Minimum: N/A failure.

of loss.

ADMIN ACTION I: Notify key Normal:

1A Use Security Notification personnel / agencies.

Minimum: 2 Checklist.

NOTE: TilIS TS DOES NOT REQUIRE AN EMERGENCY CLASSIFICATION i

TACTICAL DECISION 1: Determine Normal: SC Notify OSS of security comp' iter need for Security recall.

Minimum: N/A loss.

TACTICAL DECISION 2: Revise SCTS Normal: SC SCTS 12, SECON ORANGE or SECON as required.

Minimum: N/A SCTS S1, SECON ORANGE SECON GREEN SECON GREEN CODE 4 e o BOOK NO.C-7 h { k

&-SRFEGUARDS-INFORMAHON ~

COPY NO. /h 0FS 4

c9

4 e

o m

LOSS OF SCS COMPENSATORY MEASURES ll CAUTION: In. mediate Responders will not be assigned to Ioegine posts in the event of a failure of the Security Coraputer System (SCS), the following compensatory measures will be initiated:

. Post Turnstiles SPF (Armed), Access Control Data Base Log (ACDB) Level 2 Turnstiles SSPF(Armed), ACDB Level 2 C3-73A/C3-73B, ACDB Leve! 6 Patrol:

(See attached Patrol Routes)

Patrol Route 1 (OCA)

Patrol Route 2 (Unit 1)

Patrol Route 3 Patrol Route 4 Patrol Route 5 Patrol Route 6 Patrol Route 7 Additional Requirements:

Notify Unit 2/3 Sinft Superintendent and Unit 1 Shift Supervisor Comply with the reqrirements of SO123-IV-6.3, Security Narm Testing Procedure.

Make appropriate notifications if a VA door becomes inoperable, i

Make an appropriate PA announcement to have personnel requiring VA entry through non-posted VA doors contact Security for assistance. Post additional VA doors if necessary to mitigate the situations.

If necessary, initiate emergency call-outs or recall.

ll 0

~

PET ER A. CHAMPION 4

Supenisor of Security Operations i

LOSS of SCS PATROL ROUTE #1 Start at:

51 Field 640, S-1, S-2, S-3, D G P-4, H-113, MW-110,

~ JB-897N, JBN-896N, E F-109, EF-108, 5BY-107, EF-106, E F-105, anV-104, EF-103, DGP-6.

s Continue patrol until system is tested and returned to service.

Conduct req:' ired test as directed by CAS.

Report any unusual activity observed to the Sh'ift Commander.

LOSS of SCS PATROL ROUTE #2 I

Start at:-

M-W-501, MW-502, DGP-3, D GP-2,

COMMROOM, PNL-Y24, DG P-1, A-2,
SFHB, A -5, EF-511, EF-512.

Check:

PB-661, JB 872N, JB 879N, JB 880N, JB 881N, oB 882N, JB 883N, JB 88tN, JB 885N, JB 890N, JB 891N, JB 893, JB 895N, JB 898N, while conducting patrol.

Continue patrol until syste.n is tested and returned to service.

t Conduct required test as directed by CAS.

- Report any unusual activity observed to the Shift Commander.

LOSS of SCS l

PATROL ROUTE #3 Start at: G-117, G-118, G-119, S4-74, E H-2, 51H-1, I

G -100, Hatch-3, h1H-8, SIM-2, 51H-3, h!H-4, 51H-7, h1H-11, F3-58, F3-57, -

hnV-226, EF-227, E F-228, PNL2/3L-417, EF-229, AnV-230, anV-231, EF-232, D3-46, PNL2 L-404, Ph12L-419, D3-41, EF-533, Term Ec c U-2 Stairs, DC-02, SnV-514, EF-515, EF-516, EF-417, NS-308, C3-65, PNL2L-296, C3-66, PNL2/3L-295.

Continue patrol until system is tested and returned to service.

Conduct required test as directed by CAS.

1 Report any unusual activity observed to the Shift Commander.

G 2

  • l

~

LOSS of SCS PATROL ROUTE #4 1

Start at:

TB2-If, TB2-13, TB2-14, S2 09, S2-08, S2-07, SWH-4, G-73, 12-29, 12-3 0,-

C2-37, C2-31, C2-36, PNL2/3L-418, C2-34, C2-38, 12-39, 12-4 0, PNL2/3L-387, G-74, SWH-5, S2-307, S2-308, S2-309, TB2-314, TB2-313, TB2-315.

Continue patrol until system is tested and returned to service.

Conduct required test as directed by CAS.

Report any unusual activity observed to the Shift Commander.

e 9

f

~

4 LOSS of SCS PATROL ROUTE #5 l

- Start at:

G-112, G-111, G-116, G-110, S4-374, E H-3, SIH3-321, G-109, Hatch 3-113, MH3-313, NIH3-314, 5IH3-315, MH3-316, h!H3-317, MH3-318, MH3-319, D3-341, PNL3 L-404, PNL3L-419, D3-346, F3-358, F3-357, EF-325, EF-324, PNL2/3L-416, EF-323, IR-647,.

IR/GW-645, IR-644, GW-642, IR-643, IR-646, Hatch-641, JB-SVAF, EF-419, EF-418, PNL2/3L-415, SS-201, SS-403, C3-71, PNL3L-296, C3-70.

Continue patrol until system is tested and returned to service.

l Conduct required test ns directed by CAS.

Report any unusual activity observed to the Shift Commar. der.

e 4

LOSS of SCS

~

PATROL ROUTE #6 Start at:

C3-77, C3-76, C3-75,.

C3-78, C6-90,

'C7-93, BATTERY ROOM 85',

F7-392, F7-92, C6-86.

Continue patrol until system is tested and returned to service.

Conduct required test as directed by CAS.

Report any unusual activity obscrved to the Shift Commander.

-1 o

e

LOSS of SCS PATROL ROUTE #7 Start at: RS-81, -

PH-2, F5-79, F7-92, F3-57, F3-58, C3-66, PNL2L-390, S2-10, S2-11, R2-20, R3-59, PNL2/3L-297, R3-60 R3-61 R3-62, R2-21, S2-310, S2-311, C3-70, F3-357, F3-358, F5-379, F7-392, P H-3, RS-381.

t Continue patrol until system is tested and returned to servia l

l Conduct required test as directed by CAS.

Report any unusual activity observed to the Shift Commander.

il q

N O

e O

0 i

1

... 3

- =,.

hk OCbE

,,' ()&

gfg PATROL ROITTE #5 *.

LOS3 OF 3C3

~*

FATROL ROUTE #3 -

Start et G-112.G.111,G 116,G.

j LO33 OF 3C3 Ito,54 374,EH 3, BOD 3:1,0 109,H3113,bc] 313,MH3114, Start at 0117,G 1i8,0.l gp,34.

bGO-315,bGD-3td BOD.317,'

74,EH.:.MH 1,0 !CJ, Hatch.3, BOD 318, BOD 319,D3 341.

MH-8, h0I-2,NH.3,bo{.1, gag.y*

PNL31404,PNL31419.03-344, l'

- MH 11,533,F3 J7,MW.2:6, F3158,F3 357 EF-325.EF 3:4

- U ::7,EF :28,1$ 4 W7, EF.

PNL:/3L-41d.EF.323,34s7,

9,MW 230,MW.:31.EF 23:l '

IP4W445,R444,0W482,IR.

D3 46,PNL L 404,PM:L419, 93,IR446.H44t,JB-3vAF,EF. y D3-41,EF 533.TermBoxUnit: -

419.EF-418.FNL:!L415,$3-Stairs,DC.02,MW514.EF 515, 201,33 403,C371 PNL3L:96, 3 EF 516,U-417,N3 3C8,C3 45,-

C 70-PNL:!/.96,C3-66,PNL:L :95 Conduct patrol until synsm is tarted )!

Condnue panel und symam is

, and retumed a serwes. Conduct testai and retumed to se Wes.

required test as directed try CAS.

  • ~

W Conduct required tua as dine.ed W' Report any unusual acdvicy a the CAS. Report any unusual aciWry ShiA Commander.

obserwd to the ShiA Commander.

4 jg-W..

,gej)p;7//

s n-c..d:-.-i ',;;,-;. ;; -

y FATROL ROCTE #:

' FATROL ROUTE F1 LC33O?SC3-LO33 OF SC3

'. Start at MW-!O1,MW.3a2,

. Start at R5 41.PH-2,F5 79,F7 92, F3-57,F3 51,CMd,PNL2L 390,'-

DGP-3.DCP,COMMROOM, FNL.na,my,g g g '

.. C 10,3211,R2-20 R3 59, A 5,E: 511.E3,512.PB-661

. ML237,1340,RM1.RJ.

JB's 87:N,877N,830N,83!N, 62, R:.21,3.310,c.311, C3 *0, i N,833N,334N,SSSN 89CN' f 33:

S357,F3-358 F5-397 F7 392, ;

gglN.893N,395N,898N PH 3,k3 381 f

Condnue paaelundl rysr. mis Condnue patroluntileyeesmis teraf ed rewncd to se-Wee.

teeted and retumed e serWes.

Conductaquirsdtantasdirected.

Conduct required ten as directed by by t'.AS. Report any unusual CAS. Report any unusual acidty acivity ot=rwd to the ShiA obserwd to the Shia Commander, Commander.

4

G A

SI O

e W

a SCE COMMENTS ON IR 97-24 Report Section Quote / Comment SCE Comment Inadequate "An apparent violation was identified involving inadequate This statement is not consistent with the statement on Page 6, paragraph I Compensatory compensatorv measures during three failures of the security See comments on inadequate Compensatory hicasures, page 6, paragraph L hiersures, Executive computer system..."

Sunmary, Page 2 Backup Power The repon section references prior occurrences which can Only one IDS segment (GW-645) was missing its battery and associated Sapply, Page 4.

be misinterpreted as two separ.nc IDS segments which did electronics for backup battery connection. ~h here was one power outage not have battery backup.

which identified the condition (July 31,1997). Before the IDS could be re-engineered (uwk completed on Octo'ver 24,1997), a second power outage occurred (September 5,1997). Security personnel were anzre of the need to promptly post ehe IDS segment and accomplished thrt within 10 minutes.

Backup Power

. inspeuor determined that _."

This was licensee identified. On August 2,1997, SCE provided a non-Supply, Page 4, emergency,24-hour notification to the NRC in accordance with License paragraph 2 of S2,I.b Condition 2G. A 14-day follow-up report was provided on August 15,1997, and a final report was provided on October 3,1997.

Inadequate "The inspector determined that the licensee had not 1.

Instructions for compensatory measures were in place during all three Compensatory established a specifie procedure for employment of events (at varying levels), and while there may be a training issue, hicasures, Page 6, compensatory measures... "

there is r., clear violation of regulatory requirements. This should first paragraph.

not be a violation.

2.

At the Exit Interview, hir. Speer stated that SCE's Contingency Plan is used as the procedure for compensatory measures, and he doesn't completely agree with the inspector's observations. hir. Speer also stated that some measures vxre called out in the Plan, and some u re proceduralized.

I

g a. +

3 SCE COMMENTS ON !R 97-24 Report Section Quote /Cnmment

. SCE Comment Page 6, "Regarding the first two failures on Mav 20 and I.

. For tle May 20,1997 event, the pa:rol routes that were utilized were second paragraph.

July 29,1997, approved, preplanned scenarios had not developed in December 1994 been established to address compensatory actions."

Reference:

Security Commander Post Order Binder, "Compenrotory Measures Computer Failure (!nss ofDelta 1000)," dated l

December 22,1994.

2..

An enhanced, draft revision to the December 1994 patrol routes was utilized on July 29,1997.-

3.

This drall was subsequently approvext in August 1997, with no further changes from the diaft used in July 1997.

Page 6, "The second officer failed to complete the alarm points 1.

The inspector was informed prior to the tour by a Security Officer third paragraph.

niihin 10 minutes. Further, the second patrol officer dit Supervisor that certain routes require two individuals. The one not initially check the vital area doors to ensure they had referenced is M-4D, and it requires two security ollicers.

locked closed when the corrputer failed."

. The officer, when demonstrating the route, was asked to "show tic 2.

. route " llad this been an actual computer failure, the doors would -

han: been checked to ensure they failed locked and the route could have been completed within 10 minutes with the additional ofEcer.

l Page 6,

"*he inspector determined that part af the problem I.

' SCE's co.npensatory actions apparently were more conservative and last paragraph.

appeared to be a lack of understanding of what systems, or extensive tharuequired. For example, data gathering panels and portion of systems, had to be compensated during a failed junction boxes were checked, when, in the inspectcr's opinion, only security system and hmv te adequately compensate for the doors needed to be checked.

those systems."

2.

The inspector stated that SCE should take credit for tower officers as

- compensatory posts. 'While this is difTerent from the NRC verbal guidance SCE had received in the pest, SCE has made appropriate procedure revisions to incorporate this new guidance.

2 L

.- 1

SCE COMMENTS ON IR 97.

Report Section '

' Quote /Comn'ent SCE Comment Reporting of' Events, _

The report failed to note that procedure sol 23-IV-11.2 1.

At the Exit interview, the inspector stated prxedure SO123-IV-l !.2 Page 7 pre '.lcs guidance for loggmg and reporting events.

states in part."the re evallability ofa back-up computer is a I hour report " Procedure.X;123-IV-11.2 is internally inconsistent.

I a.

The statement following the inspector's citation states: "See t)picalRowchart #6. Attachment 7." Flowchant MG allous the event to be logged if "ic]cmpensatory measures [are]

initiated within 10 miurutes ofoccurrence. "

b.

Mr. Speer commented that the procedure states that l

computer failures rr.ay be logged if adequate w.. p.satory measures have been taken. The note in SO123-IV-11.2, Section B., Specific Events, page 21 of44 states "[e] vents list d below are loggable assuming they areproperly compensated; ifnotproperly compensated they requida 1-hour report ** Item I immediately below the note includes

" loss ofall computer sprems provided adequate compensatory measures are maintained untilsystems are

, restored. "

2.

Generic Letter 91-03 provides examples ofloggabb security events, and includes " loss ofallcomputersystemsprovidedadequate compensatory measures can be maintained r*ntilsystems are restored " Therefore, the events were logged because SCE took adeq iate compensatorv measures within the required time frame (10.

minutes).

3

SCE COMMENTS ON IR 97-24 Report Section Quote /Comtnent SCE Conement Reporting of Events, The report failed to note that procedure sol 23-IV-11.2 3.

At the Exit Inteniew, the inspector stated procedure SO l23-IV-I I.2 Page 7 (continued) provides guidance for logging and reporting events.-

requires a one-hour report when a security weapon is lost, or out of-control or piresical custody. Afr. Speer raed the reportability-requirements ofSO123-IV-11.7 y e written to address a personal guard weapon being lost or out of custix!y, and SCE did nos view the procedure as applying ;o an unlockui urapons cabinet.

hpons Locker,

" Regulatory Guide 5.62 identifies that the loss of a security 1.

The apparent viclation cited uns " failure to adequat.lysecure Page 8, weapon be reported within I hour."

(lock) safeguards coni Ngency weapons cont ;ners. " The reference first paragraph.

to Regulatory Guide 5.62 is for the " loss"of a security weapon.

2.

Regulatory Guide 5.62 states that the " loss of[a] security weapon l

at the site"is to be reported in accordance with 10CFR73 l

I Appendix G paragraph I (a) (3)- one hour report. Hourver, this -

guidance does not apply to unlocked weapons cabinets because:

The Regulations do not provide a definition of " loss." A a.

standard deainition is to "m:ssfrom one'spossession or from a customary orsupposedplace. " The supons utre intheir cabinet. Therefore, nouraponumlost.

i b.

10CFR73 Appendix G paragraph I(a)(3)imolves

"[Ijnterruption ofnormaloperation ofa licensednuclear power reactor through the unasahorizeduse ofor tampering with its machinery, components, or controls including the securitysystem. " Neither event intersupted normal operations, nor was there any tmauthorized use or tampering with any urspons.

4 1L_______

.....-...p1

_ P-

' d *,

4 SCE COMMENTS ON IR 97-24 Report Section Quote / Comment SCE Comment Weapons Locker,

" Regulatory Guide 162 identifies that the loss of a security 3.

Regidatory Guide 162 is being revised by the NRC, and, in its Page 8, weapon be reported within I hour."

present form, would require a one hour report if a urapon is los and first paragraph.

cannot be found within one hour of becoming aware ofits loss.

(Continued)

In both events, the weapons cabinets ivere inventoried and secured within 10 minutes ofdiscovering thev were unlocked.

Weapons Locker, The report section does not state that the second occurrence The secowl occurrence was inside a locked security guard house in the sthicle P ge 9 was inside a locked security area.

holddown area. The weapons cabinet was not readily accessible by non-security personnel.

l l

S.

e 5-f

Retrieved from "https://kanterella.com/w/index.php?title=ML20202E085&oldid=4081977"