05000461/LER-2008-002

From kanterella
Revision as of 23:18, 30 November 2017 by StriderTol (talk | contribs) (Created page by program invented by StriderTol)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
LER-2008-002, Uncontrolled Safeguards Information Due to Failure to Institutionalize Good Practices
Docket Number Sequential Revmonth Day Year Year Month Day Year None 05000Number Na
Event date:
Report date:
4612008002R00 - NRC Website

PLANT OPERATING CONDITIONS

Unit: 1 Event Dates: 7/10/08 to 7/15/08 Event Time: Start Time: 7/10/08, 1105 hours0.0128 days <br />0.307 hours <br />0.00183 weeks <br />4.204525e-4 months <br /> Central Daylight Time End Time: 7/15/08, 0745 hours0.00862 days <br />0.207 hours <br />0.00123 weeks <br />2.834725e-4 months <br /> Central Daylight Time Mode: 1 (Power Operation) Reactor Power: 97 percent

DESCRIPTION OF EVENT

On 7/15/08, at about 0730, the Security Operations Supervisor (SOS) and the Security Shift Supervisor (SSS) were discussing staffing numbers, which prompted a need to reference a new revision of the LP 2205, CPS Site Defensive Strategy, a document having safeguards information (SGI) that would contain these numbers. At about 0740, while researching the document, the SSS recognized that the document in the Secondary Alarm Station (SAS) was the previous revision. Immediately, the SOS entered SAS and was informed that the current revision was not available. The SSS then realized the possibility that the current revision could have been inadvertently combined with "Read and Sign" documents that were submitted to the SOS for review on July 10, 2008. At about 0745, the SOS and the SSS went to the SOS office in the Owner Controlled Area and found the SGI uncontrolled.

The SOS and the SSS took immediate control of the SGI and conducted a page count that verified no pages missing. The SGI document was taken to SAS and placed in the SGI binder and recorded on the SGI log.

At 0750, this event was initially determined to be a NRC 24-hour loggable event, as no significant compromise of the SGI was believed to have occurred. Further discussions with Corporate Security, concluded that there was insufficient evidence to conclusively prove there was no significant compromise of the SGI document and at 0853, this event was determined to be reportable to the NRC within one-hour. The one-hour notification to the NRC was completed at 0933. The NRC resident inspector and the NRC regional security inspector were notified of the event.

Issue report 796575, a Prompt Investigation, and a root cause evaluation were initiated.

The investigation of this event identified that from 6/5/08 to 6/30/08, Security was doing Read & Signs on the changes to the Defensive Strategy. The Read & Sign sheets were maintained in SAS (approved SGI area), while the teams completed their reviews. On July 10, an unknown individual clipped the SGI document Read & Sign package to the back of four other non-SGI Read & Sign packages. A day shift SSS noted the five sets of June 2008 required "Read and Signs" clipped together in the SAS that needed to be forwarded for closeout. The SSS reviewed the signature sheets on top of each read & sign package and handed the clipped package to the SOS.

The SOS then took the,clocuments from SAS for review to the SOS office in the Owner Controlled Area side (outside the protected area) of the Operations Gate House and placed the documents on the SOS desk for filing.

This clipped package of paperwork was not examined any further until 7/15/08, when the SGI was discovered.

Each page of LP 2205 was red stamped "Safeguards Information" and an SGI cover sheet, as recommended by procedure SY-AA-101-106, Control and Classification of Safeguards Information, was attached. (The procedure states a cover sheet may be used to identify the SGI packet). However, the coversheet was not colored red per site management expectations and the cover sheet was not the first page of the SGI read and sign package. The signature sheets for the SGI read and sign and four non-SGI read and sign packages were clipped on top of the actual SGI material.

CAUSE OF EVENT

The cause of this event was Clinton Power Station Security failed to institutionalize site and fleet good practices concerning SGI controls.

SIGNIFICANCE OF EVENT

CPS believes that the SGI had insufficient information for a potential adversary to be able to defeat, circumvent or otherwise take advantage of a vulnerability in a security plan, equipment or performance, and the SGI was undisturbed and not accessed by any unauthorized individuals. The belief that the SGI was not compromised is based on:

  • The Security Officers who manned the detection lanes during the five days the SGI was uncontrolled in the SOS's Owner Controlled Area office were questioned. These individuals had line of sight to the SOS office entrance. No unauthorized/suspicious activity and/or personnel were observed in the area surrounding the SOS office during this time frame. Non-Security individuals who would have periodic access to the SOS office, such as Facilities custodians, all have unescorted access to the Protected Area and, as such, have had a full criminal history background investigation.
  • The SGI material was so inconspicuously identified in the clipped package that two individuals sensitive to the identification of SGI did not notice the SGI material in the back of the clipped package. This would make the identification and reproduction of the SGI by potential adversaries in an observed location (the SOS office) very unlikely.
  • The Security Operations Supervisor took the clipped package to his office in the Owner Controlled Area for future review. The package was not reviewed until discovery of the event five days later on 7/15/08. The package appeared to be at the same location on the SOS' desk since placed there on 7/10/08.

REGULATORY GUIDE 5.6.2 REQUIRED INFORMATION 1.Date and time of event (start and end time).

Start Time: 7/10/08, approximately 1105 hours0.0128 days <br />0.307 hours <br />0.00183 weeks <br />4.204525e-4 months <br /> Central Daylight Time.

End Time: 7/15/08, approximately 0745 hours0.00862 days <br />0.207 hours <br />0.00123 weeks <br />2.834725e-4 months <br /> Central Daylight Time.

2.Location of actual or threatened event in a protected area, material access area, controlled access area, vital area, or other (specify area).

Event occurred in the Owner Controlled Area (OCA) side of the Operations Gatehouse, which is the entry to the Protected Area.

3.For power reactors, the operating phase, e.g., shut-down, operating.

During the period of time this event covered, the reactor was in Mode 1 (Power Operation) operating at about 97 percent power.

4. Safety systems affected or threatened, directly or indirectly.

No safety systems were affected or threatened, directly or indirectly.

5.Type of security force onsite (proprietary or contract).

The Security force is Exelon proprietary.

6.Number and type of personnel involved, e.g., contractors, security, visitors, NRC personnel, other (specify).

Two Security supervisors were involved, the Security Shift Supervisor (SSS) and the Security Operations Supervisor (SOS).

7.Method of discovery of incident, e.g., routine inspection, test, maintenance, alarm, chance, informant, communicated threat, unusual circumstances (give details).

Discussed in Description of Event 8.Procedural errors involved, if applicable.

No procedure errors were identified in the root cause evaluation.

9. Immediate actions taken in response to event.

Immediate and ongoing actions, as per discussions during the stand-down are as follows:

  • Inventoried the specific document and verified all pages were accounted for
  • Completed a one-hour NRC reportable notification
  • Reviewed the activity log for the security fax machine located in the SOS office and verified no unauthorized or unknown transmissions or activities back to 7/10/08
  • Reviewed all unresolved protected area/vital area alarms back to 7/10/08 with no issues
  • Verified contingency equipment and thermal devices were all accounted for and operational
  • Purged all non-RED SGI cover sheets and now require exclusive use of "RED" SGI coversheets to provide a better indication to personnel of the presence of SGI
  • Implemented peer check requirements going forward for any document leaving any SGI area. In conjunction, "STOP" signs have been placed on the exit doors of SGI areas to remind personnel to ensure they are not removing SGI from the location
  • Conducted an independent review of SGI processes with Training Department management against the protocols in TQ-AA-201, Examination Security and Administration
  • Interviewed all security force members who manned security positions in the area from 7/10/08 to time of discovery to identify any potential suspicious activities or personnel
  • Initiated quarterly inspections of SGI inventory to ensure no discrepancies exist and semi-annual refresher briefings to the Security organization on SGI controls and expectations
  • Conducted a stand-down with all Security personnel. The following expectations were established: 1) Exclusive use of red coversheets on SGI; 2) Self and Peer checks on all documentation leaving SGI areas to ensure the documentation leaving does not contain SGI 10. Corrective actions taken or planned.

R Completed actions:

Revised procedure SY-AA-101-106, Control and Classification of Safeguards, to include the following changes:

  • To prohibit storage of loose pages of SGI reading material inside an approved storage location. SGI material must be in an approved storage binder/container.
  • Require the use of a uniquely colored or marked SGI coversheet.
  • Require the SGI coversheet to be the outermost page of a document containing SGI and non-SGI material.
  • Include a requirement for a visual barrier stop sign on the interior door of areas containing SGI.
  • Require a single point of contact (Accountable person) for any SGI that is not in an approved SG! container.
  • Establish a Chain of Custody to indicate when the designated Accountable person responsibility has changed.
  • Only allow the issuance of "need to know" hard copy SGI in clearly marked SGI binders/containers/disks.

Coached/counseled the individuals involved in this event.

Implemented a recurring ATI to reinforce SGI control expectations every 6 months with Security Force Members and Accountable Persons.

Planned actions:

Include this event in initial SGI security training lesson plans and include a discussion on the consequences of not taking action if something does not appear correct. (796575-33) Add Management Oversight on SGI Controls to the Department Human Performance Improvement Plan Conduct a Check-in assessment on safeguards controls. Use the Check-In plan developed by corporate.

(796575-34) Corporate Security to develop and implement a Force on Force SGI drill scenario improvement initiative to include industry benchmarking for best practices to increase the rigor for the control of SGI during these drills.

(796575-41) Develop periodic refresher training on Safeguards controls for Security force members and then add this training to the three year Security training schedule. (796575-42) Develop Clinton specific long-range focused area self-assessment schedule to include at least one focused area self-assessment every 4 years on safeguards information. (796575-37) 11.Local, State, or Federal law enforcement agencies contacted.

No Local, State, or Federal law enforcement agencies were contacted.

12.Description of media interest and press release.

There was no media interest and no press release.

13.Indication of previous similar events.

The investigation identified no similar events � 14. Knowledgeable contact.

C. S. Williamson, Manager — Security, Clinton Power Station Telephone: 217-937-2900 �