ML13199A504: Difference between revisions
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 3: | Line 3: | ||
| issue date = 07/18/2013 | | issue date = 07/18/2013 | ||
| title = BYR 2013 408 Cyber Security Cover Letter | | title = BYR 2013 408 Cyber Security Cover Letter | ||
| author name = Daley R | | author name = Daley R | ||
| author affiliation = NRC/RGN-III/DRS | | author affiliation = NRC/RGN-III/DRS | ||
| addressee name = Pacilio M | | addressee name = Pacilio M | ||
| addressee affiliation = Exelon Generation Co, LLC, Exelon Nuclear | | addressee affiliation = Exelon Generation Co, LLC, Exelon Nuclear | ||
| docket = 05000454, 05000455 | | docket = 05000454, 05000455 | ||
| Line 16: | Line 16: | ||
=Text= | =Text= | ||
{{#Wiki_filter:OFFICIAL USE ONLY | {{#Wiki_filter:OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION UNITED STATES NUCLEAR REGULATORY COMMISSION REGION III 2443 WARRENVILLE ROAD, SUITE 210 LISLE, IL 60532-4352 July 18, 2013 Mr. Michael J. Pacilio Senior Vice President, Exelon Generation Company, LLC President and Chief Nuclear Officer, Exelon Nuclear 4300 Winfield Road Warrenville, IL 60555 | ||
- SECURITY-RELATED INFORMATION UNITED STATES NUCLEAR REGULATORY COMMISSION REGION III 2443 WARRENVILLE ROAD, SUITE 210 LISLE, IL 60532 | |||
-4352 | |||
==SUBJECT:== | ==SUBJECT:== | ||
BYRON STATION, UNITS 1 AND 2 INSPECTION OF TEMPORARY INSTRUCTION 2201/004, | BYRON STATION, UNITS 1 AND 2 INSPECTION OF TEMPORARY INSTRUCTION 2201/004, INSPECTION OF IMPLEMENTATION OF INTERIM CYBER SECURITY MILESTONES 1 - 7 INSPECTION REPORT 05000454/2013408; 05000455/2013408 | ||
==Dear Mr. Pacilio:== | ==Dear Mr. Pacilio:== | ||
OFFICIAL USE ONLY | On July 8, 2013, the U.S. Nuclear Regulatory Commission (NRC) completed an inspection at your Byron Station, Units 1 and 2. The inspection covered the interim cyber security Milestones 1 - 7 of the security cornerstone. The enclosed inspection report documents the inspection results, which were discussed on July 8, 2013, with Mr. Russ A. Kearney and other members of your staff. | ||
- SECURITY-RELATED INFORMATION OFFICIAL USE ONLY | The inspection examined activities conducted under your license as they relate to cyber security and compliance with the Commissions rules and regulations and with the conditions of your license. The inspectors reviewed selected procedures and records, observed activities, and interviewed personnel. | ||
- SECURITY-RELATED INFORMATION M. Pacilio | Two NRC-identified findings of very low significance (Green) were identified during this inspection. The findings were determined to involve violations of NRC requirements. Further, a licensee-identified violation which was determined to be of very low significance (Green) is listed in Section 4OA7 of this report. The NRC is treating these violations as Non-Cited Violations (NCVs) consistent with Section 2.3.2 of the Enforcement Policy. However, in accordance with the Security Issues Forum (SIF) Charter, the NRC can exercise enforcement discretion during inspection of the interim cyber security measures for licensees who demonstrate a good-faith interpretation and attempt to implement Milestones 1 - 7. This discretion applies to licensees who have tried to implement the new requirements, but failed to be in full compliance. Before discretion is considered or granted for any issue, licensees must accept the finding, put the finding into their Corrective Action Program (CAP), and take appropriate corrective action once identified. | ||
-faith | These issues were discussed and reviewed during the SIF Meeting conducted on June 19, 2013. | ||
In accordance with 10 CFR 2.390 of the NRC's "Rules of Practice," a copy of this letter will be available electronically for public inspection in the NRC Public Document Room or from the Publicly Available Records System (PARS) component of NRC's Agencywide Documents Access and Management System (ADAMS). ADAMS is accessible from the NRC Web site at http://www.nrc.gov/reading | The results of the SIF Panel review concluded that although these issues constituted violations of your facility operating license (FOL) and Title 10, Code of Federal Regulations Enclosure contains Sensitive Unclassified Non-Safeguards Information. When separated from enclosure, this transmittal document is decontrolled. | ||
-rm/adams.html (the Public Electronic Reading Room). However, the material enclosed herewith contains Security | OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION | ||
-Related Information in accordance with 10 CFR 2.390(d)(1) and its disclosure to unauthorized individuals could present a security vulnerability. Therefore, the material in the enclosure will not be made available electronically for public inspection in the NRC Public Document Room or from the PARS component of NRC's ADAMS. If you choose to provide a response and Security | |||
-Related Information is necessary to provide an acceptable response, please mark your entire response | OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION M. Pacilio (CFR), Part 73, Section 54, Protection of Digital Computer and Communication Systems and Networks, the NRC is not pursuing enforcement action because of your good-faith attempt to interpret and implement Milestones 1 - 7 and because of your prompt corrective actions to enter these issues into your CAP. Upon completion of all corrective actions, you are requested to provide written notification to the NRCs regional office as to the method and date of closure for the identified issue(s). | ||
-Related Information | In accordance with 10 CFR 2.390 of the NRC's "Rules of Practice," a copy of this letter will be available electronically for public inspection in the NRC Public Document Room or from the Publicly Available Records System (PARS) component of NRC's Agencywide Documents Access and Management System (ADAMS). ADAMS is accessible from the NRC Web site at http://www.nrc.gov/reading-rm/adams.html (the Public Electronic Reading Room). However, the material enclosed herewith contains Security-Related Information in accordance with 10 CFR 2.390(d)(1) and its disclosure to unauthorized individuals could present a security vulnerability. Therefore, the material in the enclosure will not be made available electronically for public inspection in the NRC Public Document Room or from the PARS component of NRC's ADAMS. If you choose to provide a response and Security-Related Information is necessary to provide an acceptable response, please mark your entire response Security-Related Information - Withhold Under 10 CFR 2.390 in accordance with 10 CFR 2.390(d)(1) and follow the instructions for withholding in 10 CFR 2.390(b)(1). In accordance with 10 CFR 2.390(b)(1)(ii), the NRC is waiving the affidavit requirements for your response. | ||
- Withhold Under 10 CFR 2.390 | Sincerely, | ||
Robert C. Daley, Chief Engineering Branch 3 Division of Reactor Safety Docket Nos. 50 | /RA/ | ||
-454 and 50 | Robert C. Daley, Chief Engineering Branch 3 Division of Reactor Safety Docket Nos. 50-454 and 50-455 License Nos. NPF-37 and NPF-66 Nonpublic | ||
-455 License Nos. NPF | |||
-37 and NPF | |||
-66 Nonpublic | |||
==Enclosure:== | ==Enclosure:== | ||
Inspection Report 05000454/2013408; 05000455/2013408 w/ | Inspection Report 05000454/2013408; 05000455/2013408 w/ | ||
==Attachment:== | ==Attachment:== | ||
Supplemental Information cc w/o enclosure | Supplemental Information cc w/o enclosure: Distribution via ListServ' OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION | ||
: Distribution via ListServ | |||
OFFICIAL USE ONLY | OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION M. Pacilio (CFR), Part 73, Section 54, Protection of Digital Computer and Communication Systems and Networks, the NRC is not pursuing enforcement action because of your good-faith attempt to interpret and implement Milestones 1 - 7 and because of your prompt corrective actions to enter these issues into your CAP. Upon completion of all corrective actions, you are requested to provide written notification to the NRCs regional office as to the method and date of closure for the identified issue(s). | ||
In accordance with 10 CFR 2.390 of the NRC's "Rules of Practice," a copy of this letter will be available electronically for public inspection in the NRC Public Document Room or from the Publicly Available Records System (PARS) component of NRC's Agencywide Documents Access and Management System (ADAMS). ADAMS is accessible from the NRC Web site at http://www.nrc.gov/reading-rm/adams.html (the Public Electronic Reading Room). However, the material enclosed herewith contains Security-Related Information in accordance with 10 CFR 2.390(d)(1) and its disclosure to unauthorized individuals could present a security vulnerability. Therefore, the material in the enclosure will not be made available electronically for public inspection in the NRC Public Document Room or from the PARS component of NRC's ADAMS. If you choose to provide a response and Security-Related Information is necessary to provide an acceptable response, please mark your entire response Security-Related Information - | |||
- SECURITY-RELATED INFORMATION M. Pacilio | Withhold Under 10 CFR 2.390 in accordance with 10 CFR 2.390(d)(1) and follow the instructions for withholding in 10 CFR 2.390(b)(1). In accordance with 10 CFR 2.390(b)(1)(ii), the NRC is waiving the affidavit requirements for your response. | ||
-faith | Sincerely, | ||
-rm/adams.html (the Public Electronic Reading Room). However, the material enclosed herewith contains Security | /RA/ | ||
-Related Information in accordance with 10 CFR 2.390(d)(1) and its disclosure to unauthorized individuals could present a security vulnerability. Therefore, the material in the enclosure will not be made available electronically for public inspection in the NRC Public Document Room or from the PARS component of NRC's ADAMS. If you choose to provide a response and Security | Robert C. Daley, Chief Engineering Branch 3 Division of Reactor Safety Docket Nos. 50-454 and 50-455 License Nos. NPF-37 and NPF-66 Nonpublic | ||
-Related Information is necessary to provide an acceptable response, please mark your entire response | |||
-Related Information | |||
Robert C. Daley, Chief Engineering Branch 3 Division of Reactor Safety Docket Nos. 50 | |||
-454 and 50 | |||
-455 | |||
-37 and NPF | |||
-66 Nonpublic | |||
==Enclosure:== | ==Enclosure:== | ||
Inspection Report 05000454/2013408; 05000455/2013408 w/ | Inspection Report 05000454/2013408; 05000455/2013408 w/ | ||
==Attachment:== | ==Attachment:== | ||
Supplemental Information cc w/o enclosure: | Supplemental Information cc w/o enclosure: Distribution via ListServ' DISTRIBUTION: Allan Barker Vivian Campbell Carole Ariano RidsNrrDorlLpl3-2 Resource Linda Linn RidsNrrPMByron Resource DRPIII RidsNrrDirsIrib Resource DRSIII Chuck Casto Tammy Tomczak Cynthia Pederson Patricia Buckley Steven Orth ROPreports.Resource@nrc.gov DOCUMENT NAME: G:\DRSIII\DRS\Work in Progress\BRY 2013 408 Cyber Security Cover Letter.docx Publicly Available Non-Publicly Available Sensitive Non-Sensitive To receive a copy of this document, indicate in the concurrence box "C" = Copy without attach/encl "E" = Copy with attach/encl "N" = No copy OFFICE RIII RIII NAME SSheldon for GHausman:ls RCDaley DATE 7/18/13 7/18/13 OFFICIAL RECORD COPY OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION}} | ||
Distribution via ListServ | |||
: Vivian Campbell RidsNrrDorlLpl3 | |||
-2 Resource RidsNrrPMByron Resource RidsNrrDirsIrib Resource Chuck Casto | |||
Cynthia Pederson Steven Orth | |||
\BRY 2013 408 Cyber Security Cover Letter.docx | |||
Latest revision as of 04:13, 6 February 2020
| ML13199A504 | |
| Person / Time | |
|---|---|
| Site: | Byron  |
| Issue date: | 07/18/2013 |
| From: | Robert Daley Division of Reactor Safety III |
| To: | Pacilio M Exelon Generation Co, Exelon Nuclear |
| George Hausman | |
| References | |
| IR-13-408 | |
| Download: ML13199A504 (3) | |
Text
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION UNITED STATES NUCLEAR REGULATORY COMMISSION REGION III 2443 WARRENVILLE ROAD, SUITE 210 LISLE, IL 60532-4352 July 18, 2013 Mr. Michael J. Pacilio Senior Vice President, Exelon Generation Company, LLC President and Chief Nuclear Officer, Exelon Nuclear 4300 Winfield Road Warrenville, IL 60555
SUBJECT:
BYRON STATION, UNITS 1 AND 2 INSPECTION OF TEMPORARY INSTRUCTION 2201/004, INSPECTION OF IMPLEMENTATION OF INTERIM CYBER SECURITY MILESTONES 1 - 7 INSPECTION REPORT 05000454/2013408; 05000455/2013408
Dear Mr. Pacilio:
On July 8, 2013, the U.S. Nuclear Regulatory Commission (NRC) completed an inspection at your Byron Station, Units 1 and 2. The inspection covered the interim cyber security Milestones 1 - 7 of the security cornerstone. The enclosed inspection report documents the inspection results, which were discussed on July 8, 2013, with Mr. Russ A. Kearney and other members of your staff.
The inspection examined activities conducted under your license as they relate to cyber security and compliance with the Commissions rules and regulations and with the conditions of your license. The inspectors reviewed selected procedures and records, observed activities, and interviewed personnel.
Two NRC-identified findings of very low significance (Green) were identified during this inspection. The findings were determined to involve violations of NRC requirements. Further, a licensee-identified violation which was determined to be of very low significance (Green) is listed in Section 4OA7 of this report. The NRC is treating these violations as Non-Cited Violations (NCVs) consistent with Section 2.3.2 of the Enforcement Policy. However, in accordance with the Security Issues Forum (SIF) Charter, the NRC can exercise enforcement discretion during inspection of the interim cyber security measures for licensees who demonstrate a good-faith interpretation and attempt to implement Milestones 1 - 7. This discretion applies to licensees who have tried to implement the new requirements, but failed to be in full compliance. Before discretion is considered or granted for any issue, licensees must accept the finding, put the finding into their Corrective Action Program (CAP), and take appropriate corrective action once identified.
These issues were discussed and reviewed during the SIF Meeting conducted on June 19, 2013.
The results of the SIF Panel review concluded that although these issues constituted violations of your facility operating license (FOL) and Title 10, Code of Federal Regulations Enclosure contains Sensitive Unclassified Non-Safeguards Information. When separated from enclosure, this transmittal document is decontrolled.
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION M. Pacilio (CFR), Part 73, Section 54, Protection of Digital Computer and Communication Systems and Networks, the NRC is not pursuing enforcement action because of your good-faith attempt to interpret and implement Milestones 1 - 7 and because of your prompt corrective actions to enter these issues into your CAP. Upon completion of all corrective actions, you are requested to provide written notification to the NRCs regional office as to the method and date of closure for the identified issue(s).
In accordance with 10 CFR 2.390 of the NRC's "Rules of Practice," a copy of this letter will be available electronically for public inspection in the NRC Public Document Room or from the Publicly Available Records System (PARS) component of NRC's Agencywide Documents Access and Management System (ADAMS). ADAMS is accessible from the NRC Web site at http://www.nrc.gov/reading-rm/adams.html (the Public Electronic Reading Room). However, the material enclosed herewith contains Security-Related Information in accordance with 10 CFR 2.390(d)(1) and its disclosure to unauthorized individuals could present a security vulnerability. Therefore, the material in the enclosure will not be made available electronically for public inspection in the NRC Public Document Room or from the PARS component of NRC's ADAMS. If you choose to provide a response and Security-Related Information is necessary to provide an acceptable response, please mark your entire response Security-Related Information - Withhold Under 10 CFR 2.390 in accordance with 10 CFR 2.390(d)(1) and follow the instructions for withholding in 10 CFR 2.390(b)(1). In accordance with 10 CFR 2.390(b)(1)(ii), the NRC is waiving the affidavit requirements for your response.
Sincerely,
/RA/
Robert C. Daley, Chief Engineering Branch 3 Division of Reactor Safety Docket Nos. 50-454 and 50-455 License Nos. NPF-37 and NPF-66 Nonpublic
Enclosure:
Inspection Report 05000454/2013408; 05000455/2013408 w/
Attachment:
Supplemental Information cc w/o enclosure: Distribution via ListServ' OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION M. Pacilio (CFR), Part 73, Section 54, Protection of Digital Computer and Communication Systems and Networks, the NRC is not pursuing enforcement action because of your good-faith attempt to interpret and implement Milestones 1 - 7 and because of your prompt corrective actions to enter these issues into your CAP. Upon completion of all corrective actions, you are requested to provide written notification to the NRCs regional office as to the method and date of closure for the identified issue(s).
In accordance with 10 CFR 2.390 of the NRC's "Rules of Practice," a copy of this letter will be available electronically for public inspection in the NRC Public Document Room or from the Publicly Available Records System (PARS) component of NRC's Agencywide Documents Access and Management System (ADAMS). ADAMS is accessible from the NRC Web site at http://www.nrc.gov/reading-rm/adams.html (the Public Electronic Reading Room). However, the material enclosed herewith contains Security-Related Information in accordance with 10 CFR 2.390(d)(1) and its disclosure to unauthorized individuals could present a security vulnerability. Therefore, the material in the enclosure will not be made available electronically for public inspection in the NRC Public Document Room or from the PARS component of NRC's ADAMS. If you choose to provide a response and Security-Related Information is necessary to provide an acceptable response, please mark your entire response Security-Related Information -
Withhold Under 10 CFR 2.390 in accordance with 10 CFR 2.390(d)(1) and follow the instructions for withholding in 10 CFR 2.390(b)(1). In accordance with 10 CFR 2.390(b)(1)(ii), the NRC is waiving the affidavit requirements for your response.
Sincerely,
/RA/
Robert C. Daley, Chief Engineering Branch 3 Division of Reactor Safety Docket Nos. 50-454 and 50-455 License Nos. NPF-37 and NPF-66 Nonpublic
Enclosure:
Inspection Report 05000454/2013408; 05000455/2013408 w/
Attachment:
Supplemental Information cc w/o enclosure: Distribution via ListServ' DISTRIBUTION: Allan Barker Vivian Campbell Carole Ariano RidsNrrDorlLpl3-2 Resource Linda Linn RidsNrrPMByron Resource DRPIII RidsNrrDirsIrib Resource DRSIII Chuck Casto Tammy Tomczak Cynthia Pederson Patricia Buckley Steven Orth ROPreports.Resource@nrc.gov DOCUMENT NAME: G:\DRSIII\DRS\Work in Progress\BRY 2013 408 Cyber Security Cover Letter.docx Publicly Available Non-Publicly Available Sensitive Non-Sensitive To receive a copy of this document, indicate in the concurrence box "C" = Copy without attach/encl "E" = Copy with attach/encl "N" = No copy OFFICE RIII RIII NAME SSheldon for GHausman:ls RCDaley DATE 7/18/13 7/18/13 OFFICIAL RECORD COPY OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION