IR 05000285/2014405: Difference between revisions
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
||
| Line 18: | Line 18: | ||
=Text= | =Text= | ||
{{#Wiki_filter:" " June 25, 2014 Lou Cortopassi, Vice President and Chief Nuclear Officer Omaha Public Power District Fort Calhoun Station FC-2-4 P.O. Box 550 Fort Calhoun, NE 68023-0550 | {{#Wiki_filter:" " June 25, 2014 Lou Cortopassi, Vice President and Chief Nuclear Officer Omaha Public Power District | ||
Fort Calhoun Station FC-2-4 P.O. Box 550 | |||
Fort Calhoun, NE 68023-0550 | |||
SUBJECT: FORT CALHOUN STATION - NRC TEMPORARY INSTRUCTION 2201/004, "INSPECTION OF IMPLEMENTATION OF INTERIM CYBER SECURITY MILESTONES 1-7," INSPECTION REPORT 05000285/2014405 | SUBJECT: FORT CALHOUN STATION - NRC TEMPORARY INSTRUCTION 2201/004, "INSPECTION OF IMPLEMENTATION OF INTERIM CYBER SECURITY MILESTONES 1-7," INSPECTION REPORT 05000285/2014405 | ||
==Dear Mr. Cortopassi:== | ==Dear Mr. Cortopassi:== | ||
On May 30, 2014, the U.S. Nuclear Regulatory Commission (NRC) completed a cyber security inspection at your Fort Calhoun Station. The inspection covered the implementation of interim milestones associated with your cyber security program, as outlined in your approved cyber security plan and described in Temporary Instruction 2201/004, "Inspection of Implementation of Interim Cyber Security Milestones 1-7." The enclosed inspection report documents the inspection results, which were discussed on May 30, 2014, with you and other members of your staff. | On May 30, 2014, the U.S. Nuclear Regulatory Commission (NRC) completed a cyber security inspection at your Fort Calhoun Station. The inspection covered the implementation of interim milestones associated with your cyber security program, as outlined in your approved cyber security plan and described in Temporary Instruction 2201/004, "Inspection of Implementation of Interim Cyber Security Milestones 1-7." The enclosed inspection report documents the inspection results, which were discussed on May 30, 2014, with you and other members of your | ||
staff. | |||
The inspection examined activities conducted under | The inspection examined activities conducted under y our license as they relate to cyber security and compliance with the Commission's rules and regulations and conditions of your license. | ||
The team reviewed selected procedures and records, observed activities, and interviewed personnel. | The team reviewed selected procedures and records, observed activities, and interviewed personnel. | ||
Based on the results of this inspection, the NRC has identified three findings that were evaluated under the risk significance determination process as having very low significance. The team also documented two licensee-identified violations that were determined to be of very low significance in Section 4OA7 of this report. The NRC is treating these violations as non-cited violations consistent with Section 2.3.2.a of the Enforcement Policy. In accordance with the Security Issues Forum Charter, the NRC can exercise enforcement discretion during inspection of the interim cyber security measures for licensees who demonstrate a "good-faith" attempt to implement Milestones 1-7. This discretion applies to licensees who have tried to implement the new requirements but failed to be in full compliance. The issues identified in this report were discussed and reviewed during the Security Issues Forum meeting conducted on May 28, 2014. The results of the Security Issues Forum panel review concluded that although these issues constitute violations of 10 CFR 73.54, the NRC is not pursuing enforcement action because of your "good-faith" attempt to interpret and implement Milestones 1-7 and because of 2 your prompt actions to enter these issues into your corrective action program. As described in Enclosure 1 of NRC Enforcement Guidance Memorandum, "Enhanced Guidance for Licensee Near-Term Corrective Actions to Address Cyber Security Inspection Findings and Licensee Eligibility for 'Good-Faith' Attempt Discretion," dated July 1, 2013, Omaha Public Power District is requested to provide written notification to the NRC's regional office when the corrective actions for the identified issues have been completed and closed. | Based on the results of this inspection, the NRC has identified three findings that were evaluated under the risk significance determination process as having very low significance. The team also documented two licensee-identified violations that were determined to be of very low significance in Section 4OA7 of this report. The NRC is treating these violations as non-cited violations consistent with Section 2.3.2.a of the Enforcement Policy. In accordance with the Security Issues Forum Charter, the NRC can exercise enforcement discretion during inspection of the interim cyber security measures for licensees who demonstrate a "good-faith" attempt to implement Milestones 1-7. This discretion applies to licensees who have tried to implement the new requirements but failed to be in full compliance. The issues identified in this report were discussed and reviewed during the Security Issues Forum meeting conducted on May 28, 2014. The results of the Security Issues Forum panel review concluded that although these issues constitute violations of 10 CFR 73.54, the NRC is not pursuing enforcement action because of your "good-faith" attempt to interpret and implement Milestones 1-7 and because of | ||
-2 your prompt actions to enter these issues into your corrective action program. As described in Enclosure 1 of NRC Enforcement Guidance Memorandum, "Enhanced Guidance for Licensee Near-Term Corrective Actions to Address Cyber Security Inspection Findings and Licensee Eligibility for 'Good-Faith' Attempt Discretion," dated July 1, 2013, Omaha Public Power District | |||
is requested to provide written notification to the NRC's regional office when the corrective actions for the identified issues have been completed and closed. | |||
If you contest the violations or significance of these non-cited violations, you should provide a response within 30 days of the date of this inspection report, with the basis for your denial, to the U.S. Nuclear Regulatory Commission, ATTN: Document Control Desk, Washington DC 20555-0001; with copies to the Regional Administrator, Region IV; the Director, Office of Enforcement, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001; and the NRC resident inspector at the Fort Calhoun Station. | If you contest the violations or significance of these non-cited violations, you should provide a response within 30 days of the date of this inspection report, with the basis for your denial, to the U.S. Nuclear Regulatory Commission, ATTN: Document Control Desk, Washington DC 20555-0001; with copies to the Regional Administrator, Region IV; the Director, Office of Enforcement, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001; and the NRC resident inspector at the Fort Calhoun Station. | ||
In accordance with Title 10 of the Code of Federal Regulations (10 CFR) 2.390, "Public Inspections, Exemptions, Requests for Withholding," a copy of this letter, its enclosure, and your response (if any) will be available | In accordance with Title 10 of the Code of Federal Regulations (10 CFR) 2.390, "Public Inspections, Exemptions, Requests for Withholding," a copy of this letter, its enclosure, and your response (if any) will be available electronicall y for public inspection in the NRC's Public Document Room or from the Publicly Available Records (PARS) component of the NRC's Agencywide Documents Access and Management System (ADAMS). ADAMS is accessible from the NRC Web site at http://www.nrc.gov/reading-rm/adams.html (the Public Electronic Reading Room). However, the material enclosed herewith contains Security-Related Information in accordance with 10 CFR 2.390(d)(1) and its disclosure to unauthorized individuals could present a security vulnerability. Therefore, the material in the enclosure will | ||
not be made available electronically for public inspection in the NRC Public Document Room or from the PARS component of NRC's ADAMS | |||
If you choose to provide a response and Security-Related Information is necessary to provide an acceptable response, please mark your entire response "Security-Related Information - | |||
Withhold from Public Disclosure Under 10 CFR 2.390" in accordance with 10 CFR 2.390(d)(1) | Withhold from Public Disclosure Under 10 CFR 2.390" in accordance with 10 CFR 2.390(d)(1) | ||
and follow the instructions for withholding in 10 CFR 2.390 (b)(1). In accordance with 10 CFR 2.390(b)(1)(ii), the NRC is waiving the affidavit requirements for your response. | and follow the instructions for withholding in 10 CFR 2.390 (b)(1). In accordance with | ||
10 CFR 2.390(b)(1)(ii), the NRC is waiving the affidavit requirements for your response. | |||
Sincerely,/RA/ | Sincerely,/RA/ | ||
John L. Dixon, Jr, Acting Chief Engineering Branch 2 Division of Reactor Safety Docket: 50-285 License: DPR-40 cc w/o enclosure: | John L. Dixon, Jr, Acting Chief Engineering Branch 2 | ||
Division of Reactor Safety | |||
Docket: 50-285 License: DPR-40 cc w/o enclosure: | |||
Electronic Distribution to Fort Calhoun Station: | Electronic Distribution to Fort Calhoun Station: | ||
ML 14176B202 Cover Letter Only: SUNSI Review Complete By: __GAP_ Non-Sensitive Sensitive Publicly Available Non-Publicly Available Keyword: SUNSI Review Complete OFFICE SRI:EB2 RI:EB2 SRA:NSIR SRA:NSIR CSC:HQ C:PF C:EB2 NAME GPick\tk SMakor SOpara DJohnson JKnight MHay JDixon SIGNATURE /RA/ /E/ /E/ /E/ /E/ /RA/ /RA/ DATE 6/18/14 6/17/14 6/17/14 6/11/14 6/14/14 6/23/14 6/25/14 Report to Lou Cortopassi from John Dixon | ML 14176B202 Cover Letter Only: SUNSI Review Complete By: __GAP_ | ||
Non-Sensitive Sensitive Publicly Available Non-Publicly Available Keyword: SUNSI Review Complete OFFICE SRI:EB2 RI:EB2 SRA:NSIR SRA:NSIR CSC:HQ C:PF C:EB2 NAME GPick\tk SMakor SOpara DJohnson JKnight MHay JDixon SIGNATURE /RA/ /E/ /E/ /E/ /E/ /RA/ /RA/ DATE 6/18/14 6/17/14 6/17/14 6/11/14 6/14/14 6/23/14 6/25/14 Report to Lou Cortopassi from John Dixon | |||
SUBJECT: FORT CALHOUN STATION - NRC TEMPORARY INSTRUCTION 2201/004, "INSPECTION OF IMPLEMENTATION OF INTERIM CYBER SECURITY MILESTONES 1-7," INSPECTION REPORT 05000285/2014405 RIV Distribution without enclosure: Regional Administrator (Marc.Dapas@nrc.gov) | SUBJECT: FORT CALHOUN STATION - NRC TEMPORARY INSTRUCTION 2201/004, "INSPECTION OF IMPLEMENTATION OF INTERIM CYBER SECURITY MILESTONES 1-7," INSPECTION REPORT 05000285/2014405 RIV Distribution without enclosure | ||
: Regional Administrator (Marc.Dapas@nrc.gov) | |||
Deputy Regional Administrator (Kriss.Kennedy@nrc.gov) | Deputy Regional Administrator (Kriss.Kennedy@nrc.gov) | ||
Acting DRP Director (Troy.Pruett@nrc.gov) | Acting DRP Director (Troy.Pruett@nrc.gov) | ||
| Line 52: | Line 73: | ||
RIV Public Affairs Officer (Victor.Dricks@nrc.gov) | RIV Public Affairs Officer (Victor.Dricks@nrc.gov) | ||
RIV Public Affairs Officer (Lara.Uselding@nrc.gov) | RIV Public Affairs Officer (Lara.Uselding@nrc.gov) | ||
NRR Project Manager (Joseph.Sebrosky@nrc.gov) | NRR Project Manager (Joseph.Sebrosky@nrc.gov) | ||
RIV Branch Chief, DRS/TSB (Geoffrey.Miller@nrc.gov) RIV RITS Coordinator (Marisa.Herrera@nrc.gov) RIV Regional Counsel (Karla.Fuller@nrc.gov) | RIV Branch Chief, DRS/TSB (Geoffrey.Miller@nrc.gov) RIV RITS Coordinator (Marisa.Herrera@nrc.gov) RIV Regional Counsel (Karla.Fuller@nrc.gov) | ||
Congressional Affairs Officer (Jenny.Weil@nrc.gov) | Congressional Affairs Officer (Jenny.Weil@nrc.gov) | ||
OEMail Resource OEWEB Resource (Sue.Bogle@nrc.gov) Technical Support Assistant (Loretta.Williams@nrc.gov) RIV/ETA: OEDO (Chen.Yen-Ju@nrc.gov) | |||
OEMail Resource OEWEB Resource (Sue.Bogle@nrc.gov) Technical Support Assistant (Loretta.Williams@nrc.gov) RIV/ETA: OEDO (Chen.Yen-Ju@nrc.gov) | |||
RIV RSLO (Bill.Maier@nrc.gov) | RIV RSLO (Bill.Maier@nrc.gov) | ||
ACES (R4ACES@nrc.gov) | ACES (R4ACES@nrc.gov) | ||
MC 0350 Panel Chairman (Anton.Vegel@nrc.gov) | MC 0350 Panel Chairman (Anton.Vegel@nrc.gov) | ||
MC 0350 Panel Vice Chairman (Louise.Lund@nrc.gov) MC 0350 Panel Member (Michael.Balazik@nrc.gov) MC 0350 Panel Member (Michael.Markley@nrc.gov) | MC 0350 Panel Vice Chairman (Louise.Lund@nrc.gov) MC 0350 Panel Member (Michael.Balazik@nrc.gov) MC 0350 Panel Member (Michael.Markley@nrc.gov) | ||
ROPreports | ROPreports | ||
}} | }} | ||
Revision as of 14:16, 1 July 2018
| ML14176B202 | |
| Person / Time | |
|---|---|
| Site: | Fort Calhoun  |
| Issue date: | 06/25/2014 |
| From: | Dixon J L NRC/RGN-IV/DRS/EB-2 |
| To: | Cortopassi L Omaha Public Power District |
| G. Pick | |
| References | |
| IR-14-405 | |
| Download: ML14176B202 (4) | |
Text
" " June 25, 2014 Lou Cortopassi, Vice President and Chief Nuclear Officer Omaha Public Power District
Fort Calhoun Station FC-2-4 P.O. Box 550
Fort Calhoun, NE 68023-0550
SUBJECT: FORT CALHOUN STATION - NRC TEMPORARY INSTRUCTION 2201/004, "INSPECTION OF IMPLEMENTATION OF INTERIM CYBER SECURITY MILESTONES 1-7," INSPECTION REPORT 05000285/2014405
Dear Mr. Cortopassi:
On May 30, 2014, the U.S. Nuclear Regulatory Commission (NRC) completed a cyber security inspection at your Fort Calhoun Station. The inspection covered the implementation of interim milestones associated with your cyber security program, as outlined in your approved cyber security plan and described in Temporary Instruction 2201/004, "Inspection of Implementation of Interim Cyber Security Milestones 1-7." The enclosed inspection report documents the inspection results, which were discussed on May 30, 2014, with you and other members of your
staff.
The inspection examined activities conducted under y our license as they relate to cyber security and compliance with the Commission's rules and regulations and conditions of your license.
The team reviewed selected procedures and records, observed activities, and interviewed personnel.
Based on the results of this inspection, the NRC has identified three findings that were evaluated under the risk significance determination process as having very low significance. The team also documented two licensee-identified violations that were determined to be of very low significance in Section 4OA7 of this report. The NRC is treating these violations as non-cited violations consistent with Section 2.3.2.a of the Enforcement Policy. In accordance with the Security Issues Forum Charter, the NRC can exercise enforcement discretion during inspection of the interim cyber security measures for licensees who demonstrate a "good-faith" attempt to implement Milestones 1-7. This discretion applies to licensees who have tried to implement the new requirements but failed to be in full compliance. The issues identified in this report were discussed and reviewed during the Security Issues Forum meeting conducted on May 28, 2014. The results of the Security Issues Forum panel review concluded that although these issues constitute violations of 10 CFR 73.54, the NRC is not pursuing enforcement action because of your "good-faith" attempt to interpret and implement Milestones 1-7 and because of
-2 your prompt actions to enter these issues into your corrective action program. As described in Enclosure 1 of NRC Enforcement Guidance Memorandum, "Enhanced Guidance for Licensee Near-Term Corrective Actions to Address Cyber Security Inspection Findings and Licensee Eligibility for 'Good-Faith' Attempt Discretion," dated July 1, 2013, Omaha Public Power District
is requested to provide written notification to the NRC's regional office when the corrective actions for the identified issues have been completed and closed.
If you contest the violations or significance of these non-cited violations, you should provide a response within 30 days of the date of this inspection report, with the basis for your denial, to the U.S. Nuclear Regulatory Commission, ATTN: Document Control Desk, Washington DC 20555-0001; with copies to the Regional Administrator, Region IV; the Director, Office of Enforcement, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001; and the NRC resident inspector at the Fort Calhoun Station.
In accordance with Title 10 of the Code of Federal Regulations (10 CFR) 2.390, "Public Inspections, Exemptions, Requests for Withholding," a copy of this letter, its enclosure, and your response (if any) will be available electronicall y for public inspection in the NRC's Public Document Room or from the Publicly Available Records (PARS) component of the NRC's Agencywide Documents Access and Management System (ADAMS). ADAMS is accessible from the NRC Web site at http://www.nrc.gov/reading-rm/adams.html (the Public Electronic Reading Room). However, the material enclosed herewith contains Security-Related Information in accordance with 10 CFR 2.390(d)(1) and its disclosure to unauthorized individuals could present a security vulnerability. Therefore, the material in the enclosure will
not be made available electronically for public inspection in the NRC Public Document Room or from the PARS component of NRC's ADAMS
If you choose to provide a response and Security-Related Information is necessary to provide an acceptable response, please mark your entire response "Security-Related Information -
Withhold from Public Disclosure Under 10 CFR 2.390" in accordance with 10 CFR 2.390(d)(1)
and follow the instructions for withholding in 10 CFR 2.390 (b)(1). In accordance with
10 CFR 2.390(b)(1)(ii), the NRC is waiving the affidavit requirements for your response.
Sincerely,/RA/
John L. Dixon, Jr, Acting Chief Engineering Branch 2
Division of Reactor Safety
Docket: 50-285 License: DPR-40 cc w/o enclosure:
Electronic Distribution to Fort Calhoun Station:
ML 14176B202 Cover Letter Only: SUNSI Review Complete By: __GAP_
Non-Sensitive Sensitive Publicly Available Non-Publicly Available Keyword: SUNSI Review Complete OFFICE SRI:EB2 RI:EB2 SRA:NSIR SRA:NSIR CSC:HQ C:PF C:EB2 NAME GPick\tk SMakor SOpara DJohnson JKnight MHay JDixon SIGNATURE /RA/ /E/ /E/ /E/ /E/ /RA/ /RA/ DATE 6/18/14 6/17/14 6/17/14 6/11/14 6/14/14 6/23/14 6/25/14 Report to Lou Cortopassi from John Dixon
SUBJECT: FORT CALHOUN STATION - NRC TEMPORARY INSTRUCTION 2201/004, "INSPECTION OF IMPLEMENTATION OF INTERIM CYBER SECURITY MILESTONES 1-7," INSPECTION REPORT 05000285/2014405 RIV Distribution without enclosure
- Regional Administrator (Marc.Dapas@nrc.gov)
Deputy Regional Administrator (Kriss.Kennedy@nrc.gov)
Acting DRP Director (Troy.Pruett@nrc.gov)
Acting DRP Deputy Director (Michael.Hay@nrc.gov) DRS Director (Anton.Vegel@nrc.gov) DRS Deputy Director (Jeff.Clark@nrc.gov)
Senior Resident Inspector (Max.Schneider@nrc.gov)
Resident Inspector (Jacob.Wingebach@nrc.gov)
Senior PE, DRP/F (Peter.Jayroe@nrc.gov) Project Engineer, DRP/F (Chris.Smith@nrc.gov) FCS Administrative Assistant (Janise.Schwee@nrc.gov)
RIV Public Affairs Officer (Victor.Dricks@nrc.gov)
RIV Public Affairs Officer (Lara.Uselding@nrc.gov)
NRR Project Manager (Joseph.Sebrosky@nrc.gov)
RIV Branch Chief, DRS/TSB (Geoffrey.Miller@nrc.gov) RIV RITS Coordinator (Marisa.Herrera@nrc.gov) RIV Regional Counsel (Karla.Fuller@nrc.gov)
Congressional Affairs Officer (Jenny.Weil@nrc.gov)
OEMail Resource OEWEB Resource (Sue.Bogle@nrc.gov) Technical Support Assistant (Loretta.Williams@nrc.gov) RIV/ETA: OEDO (Chen.Yen-Ju@nrc.gov)
RIV RSLO (Bill.Maier@nrc.gov)
ACES (R4ACES@nrc.gov)
MC 0350 Panel Chairman (Anton.Vegel@nrc.gov)
MC 0350 Panel Vice Chairman (Louise.Lund@nrc.gov) MC 0350 Panel Member (Michael.Balazik@nrc.gov) MC 0350 Panel Member (Michael.Markley@nrc.gov)
ROPreports