IR 05000483/2014405, August 08, 2014, Callaway, Notification of Inspection of Temporary Instruction 2201/004, Inspection of Implementation of Interim Cyber Security Milestones 1-7.

ML14304A195
Person / Time
Site:	Callaway
Issue date:	10/30/2014
From:	Greg Werner NRC/RGN-IV/DRS/EB-2
To:	Diya F Union Electric Co
References
IR 2014405
Download: ML14304A195 (5)
v • d • e

Text

ber 30, 2014

SUBJECT:

CALLAWAY PLANT - NOTIFICATION OF INSPECTION OF TEMPORARY INSTRUCTION 2201/004, "INSPECTION OF IMPLEMENTATION OF INTERIM CYBER SECURITY MILESTONES 1-7," NRC INSPECTION REPORT 05000483/2014405

Dear Mr. Diya:

On August 08, 2014, the U.S. Nuclear Regulatory Commission (NRC) completed a security temporary instruction inspection at the Callaway Plant. The inspection covered the implementation of interim milestones associated with your cyber-security program, as outlined in your approved cyber-security plan and described in Temporary Instruction 2201/004,

"Inspection of Implementation of Interim Cyber Security Milestones 1-7." The enclosed inspection report documents the inspection results, which were discussed on September 18, 2014, with you and other members of your staff.

The inspection examined activities conducted under your license as they relate to safety and compliance with the Commission's rules and regulations and with the conditions of your license.

The inspectors reviewed selected procedures and records, observed activities, and interviewed personnel.

NRC inspectors documented three findings of ve ry low significance in this report. These findings involved violations of NRC requirements. Inspectors also documented four licensee-identified violations which were determined to be of very low significance. These violations are listed in Section 4OA7 of this report. The NRC is treating these violations as non-cited violations (NCVs) consistent with Section 2.3.2.a of the Enforcement Policy.

UNITED STATES NUCLEAR REGULATORY COMMISSION REGION IV 1600 E LAMAR BLVD ARLINGTON, TX 76011-4511 These issues were discussed and reviewed during a Security Issues Forum (SIF) conducted on September 3, 2014. The results of the SIF Panel review concluded that although these issues constituted violations of Title 10 of the Code of Federal Regulations (10 CFR), Part 73, Section 54, "Protection of Digital Computer and Communication Systems and Networks," the NRC is exercising enforcement discretion. The NRC is exercising enforcement discretion for these violations because they meet the criteria established in a NRC Memorandum from Barry C. Westreich, Director, Cyber Security Directorate, Office of Nuclear Security and Incident Response, to each regional office and Director, Division of Reactor Safety, "Enhanced Guidance for Licensee Near-Term Corrective Actions to Address Cyber Security Inspection Findings and Licensee Eligibility for "Good-Faith" Attempt Discretion," dated July 1, 2013.

Consistent with the NRC Memorandum, when you complete and close corrective actions associated with these violations, you are request ed to provide written notification to the NRC's regional office as to the method and date of closure of the corrective actions for the identified violations.

If you contest the violations or significance of these NCVs, you should provide a response within 30 days of the date of this inspection report, with the basis for your denial, to the U.S. Nuclear Regulatory Commission, ATTN: Document Control Desk, Washington DC 20555-0001; with copies to the Regional Administrator, Region IV; the Director, Office of Enforcement, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001; and the NRC resident inspector at the Callaway Plant.

In accordance with Title 10 Code of Federal Regulations (10 CFR) 2.390, "Public Inspections, Exemptions, Requests for Withholding," of the NRC's

"Rules of Practice," a copy of this letter will be available electronically for public inspection in the NRC's Public Document Room or from the Publicly Available Records (PARS) component of ADAMS. ADAMS is accessible from the NRC Web site at http://www.nrc.gov/reading-rm/adams.html (the Public Electronic Reading Room). The material enclosed herewith, however, contains Security-Related Information in accordance with 10 CFR 2.390(d)(1) and its disclosure to unauthorized individuals could present a security vulnerability. Therefore, the material in the enclosure will not be made available electronically for public inspection in the NRC Public Document Room or from the PARS component of NRC's ADAMS.

If you choose to provide a response and Security-Related Information is necessary to provide an acceptable response, please mark your entire response "Security-Related Information- Withhold from public disclosure under 10 CFR 2.390" in accordance with 10 CFR 2.390(d)(1) and follow the instructions for withholding in 10 CFR 2.390(b)(1). In accordance with 10 CFR 2.390(b)(1)(ii), the NRC is waiving the affidavit requirements for your response.

Sincerely,

/RA/

Gregory E Werner, Chief Engineering Branch 2 Division of Reactor Safety

Docket: 50-483 License: NPF-30

Nonpublic Enclosure:

NRC Inspection Report 05000483/2014405 w/Attachment: Supplemental Information cc w/enclosure:

Electronic Distribution for Callaway Plant

ML14304A195 Entire Report: SUNSI Review Complete By: JMM Non-Sensitive Sensitive Publicly Available Non-Publicly Available Keyword: MD 3.47 Non-Public A.3 Cover Letter Only:

SUNSI Review Complete By: JMM_____ Non-Sensitive Sensitive Publicly Available Non-Publicly Available Keyword: SUNSI Review Complete OFFICE RI:DRS/EB2 RI:DRS/EB2 CS:NSIR/ SRA/STSB C/DRP C:EB2 NAME SMakor:PBH BCorrell MFernandez MMaley NOKeefe GWerner SIGNATURE /RA/ /RA/ /RA/E /RA/E /RA/ /RA/ DATE 10/28/2014 10/29/2014 10/29/2014 10/28/2014 10/30/2014 10/30/2014 Letter to Fadi Diya from Gregory E. Werner, dated October 30, 2014 SUBJECT: CALLAWAY PLANT - NOTIFICATION OF INSPECTION OF TEMPORARY INSTRUCTION 2201/004, "INSPECTION OF IMPLEMENTATION OF INTERIM CYBER SECURITY MILESTONES 1-7," NRC INSPECTION REPORT 05000483/2014405

Electronic distribution with enclosure

Director, Cyber Security Directorate (Barry.Westrich@nrc.gov) Deputy Director, Cyber Security Directorate (Russell.Felts@nrc.gov)

Chief, Reactor Security Oversight Branch (Ronald.Albert@nrc.gov)

Chief (Acting), Security Training and Support Branch (Joseph.Willis@nrc.gov)

Branch Chief, RI DRS/EB3 (John.Rogge@nrc.gov)

Branch Chief, RII DRS/EB2 (Scott.Shaeffer@nrc.gov)

Branch Chief, RIII DRS/EB3 (Robert.Daley@nrc.gov)

Branch Chief, Security Performance Evaluation (Clay.Johnson@nrc.gov)

Security Specialist (Shyrl.Coker@nrc.gov)

Reactor Engineer (Shiattin.Makor@nrc.gov) Reactor Engineer (Brian.Correll@nrc.gov) Cyber Security Specialist (Mario.Fernandez@nrc.gov) Cyber Risk Analyst (Mike.Maley@nrc.gov)

RIV Distribution without enclosure

Regional Administrator (Marc.Dapas@nrc.gov)

Deputy Regional Administrator (Kriss.Kennedy@nrc.gov)

Acting DRP Director (Troy.Pruett@nrc.gov) Acting DRP Deputy Director (Jason.Kozal@nrc.gov) DRS Director (Anton.Vegel@nrc.gov)

DRS Deputy Director (Jeff.Clark@nrc.gov)

Senior Resident Inspector (Thomas.Hartman@nrc.gov)

Resident Inspector (Zachary.Hollcraft@nrc.gov)

Branch Chief, DRP/B (Neil.OKeefe@nrc.gov) Senior Project Engineer, DRP/B (David.Proulx@nrc.gov)

Project Engineer, DRP/B (Fabian.Thomas@nrc.gov)

CW Administrative Assistant (Dawn.Yancey@nrc.gov)

Public Affairs Officer (Victor.Dricks@nrc.gov) Public Affairs Officer (Lara.Uselding@nrc.gov)

Project Manager (Fred.Lyon@nrc.gov)

Branch Chief, DRS/TSB (Geoffrey.Miller@nrc.gov)

RITS Coordinator (Marisa.Herrera@nrc.gov)

ACES (R4Enforcement.Resource@nrc.gov)

Regional Counsel (Karla.Fuller@nrc.gov) Technical Support Assistant (Loretta.Williams@nrc.gov) Congressional Affairs Officer (Jenny.Weil@nrc.gov)

RIV Congressional Affairs Officer (Angel.Moreno@nrc.gov)

RIV/ETA: OEDO (John.Jandovitz@nrc.gov)

ROPreport