ML14252A573

From kanterella
Revision as of 17:46, 5 February 2020 by StriderTol (talk | contribs) (Created page by program invented by StriderTol)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
NRR E-mail Capture - Update: Petitions Under 10 CFR 2.206 Pertaining to Flood Protection at Fort Calhoun Station and Cooper Nuclear Station
ML14252A573
Person / Time
Site: Cooper, Fort Calhoun  Omaha Public Power District icon.png
Issue date: 09/09/2014
From: Lyon F
Division of Operating Reactor Licensing
To: Saporito T
References
2.206, G20110492, G20110506
Download: ML14252A573 (12)


Text

NRR-PMDAPEm Resource From: Lyon, Fred Sent: Tuesday, September 09, 2014 12:20 PM To: Thomas Saporito Cc: George, Andrea; Mensah, Tanya; Hanks, Patrick

Subject:

RE: Update: Petitions under 10 CFR 2.206 Pertaining to Flood Protection at Fort Calhoun Station and Cooper Nuclear Station Attachments: 10-17-11 Nelson letter.pdf; 11-2-12 Nieh letter.pdf Mr. Saporito, thank you for your response. For the issues that you raised regarding cybersecurity and the grid, all NRC actions on these matters have been closed, as documented in the attached 2.206 closure letters.

Sincerely, Fred Lyon From: Thomas Saporito [1]

Sent: Tuesday, September 09, 2014 7:27 AM To: Lyon, Fred Cc: George, Andrea; Mensah, Tanya; Hanks, Patrick

Subject:

Re: Update: Petitions under 10 CFR 2.206 Pertaining to Flood Protection at Fort Calhoun Station and Cooper Nuclear Station Mr. Lyon:

Thank you for the update regarding the 2.206 Enforcement Petition related to licensed operations at the Fort Calhoun and Cooper nuclear power plants.

The health and safety of the public and the overall environment ultimately rests with the U.S. Nuclear Regulatory Commission with respect to commercial operations at all NRC licensed nuclear reactors in the United States of American. The American people have placed their trust in the NRC to protect them and their families and property accordingly.

As reflected in the record created on or about Sept. 2013, at the NRC's Washington, D.C. Headquarters, I requested that the agency think "outside" of the box labelled 10 CFR 50, as the world has changed dramatically with terrorist organizations determined to kill Americans and disrupt the U.S. financial system by and through any means possible. To this extent, the NRC was urged to dis-allow any U.S. nuclear power plant from maintaining Internet connectivity as this could allow a "hacker" to unlawfully disrupt licensed operations at a U.S. nuclear facility - resulting in an unwanted release of nuclear materials into the environment. Moreover, the NRC was advised that terrorist hackers, could disrupt licensed operations of U.S. based nuclear power reactors by hacking "smart-devices" such as smart meters, and smart devices placed on High Voltage switch gear, substations, and other equipment that NRC licensees maintain.

Finally, the NRC was advised to cooperate with other U.S. Federal Agencies, to divide and separate the U.S. electric grid state-by-state - to ensure that a terrorist attack via the Internet or a physical attack could not disrupt electric service to the entire nation.

To the extent that these prior issues are a matter for the "common defense and national security of the United States of America" it is hereby requested that the NRC share these concerns with other federal agencies - including - but not limited to -

1

the Obama administration, Congress, Federal Energy Regulation Commission, Home Land Security, FBI, and State Regulatory Agencies accordingly.

The timely attention of the NRC to the concerns delineated above, is both anticipated and appreciated.

Kind regards, Thomas Saporito On Tue, Sep 9, 2014 at 6:59 AM, Lyon, Fred <Fred.Lyon@nrc.gov> wrote:

Mr. Saporito, By letter dated January 13, 2012 (ADAMS Accession No. ML120030022), the Director of the Office of Nuclear Reactor Regulation, Eric Leeds, accepted your petitions requesting escalated enforcement action against Fort Calhoun Station and Cooper Nuclear Station regarding flood protection (ADAMS Accession Nos. ML11182B029 and ML11192A285, respectively), dated June 26 and July 3, 2011, filed under 10 CFR 2.206. His letter also stated that the PRB denied your request for immediate action since it determined that there is no immediate safety concern that would warrant an immediate action by the NRC to prevent the restart of FCS or to bring Cooper to cold shutdown, as you requested.

The purpose of this e-mail is to inform you that the PRB is continuing to evaluate your petitions, with a target date of March 12, 2015, to respond to you.

Additionally, I have been assigned as the project manager for Fort Calhoun Station since the last update to you.

Thank you, Fred Lyon Project Manager Nuclear Regulatory Commission Division of Operating Reactor Licensing Fred.Lyon@nrc.gov 301-415-2296 2

Thomas Saporito Senior Consultant Saprodani Associates Voice: 561-972-8363 Email: saprodani@gmail.com 3

Hearing Identifier: NRR_PMDA Email Number: 1556 Mail Envelope Properties (Fred.Lyon@nrc.gov20140909122000)

Subject:

RE: Update: Petitions under 10 CFR 2.206 Pertaining to Flood Protection at Fort Calhoun Station and Cooper Nuclear Station Sent Date: 9/9/2014 12:20:18 PM Received Date: 9/9/2014 12:20:00 PM From: Lyon, Fred Created By: Fred.Lyon@nrc.gov Recipients:

"George, Andrea" <Andrea.George@nrc.gov>

Tracking Status: None "Mensah, Tanya" <Tanya.Mensah@nrc.gov>

Tracking Status: None "Hanks, Patrick" <Patrick.Hanks@nrc.gov>

Tracking Status: None "Thomas Saporito" <saprodani@gmail.com>

Tracking Status: None Post Office:

Files Size Date & Time MESSAGE 4429 9/9/2014 12:20:00 PM 10-17-11 Nelson letter.pdf 93956 11-2-12 Nieh letter.pdf 98686 Options Priority: Standard Return Notification: No Reply Requested: No Sensitivity: Normal Expiration Date:

Recipients Received:

October 17, 2011 Mr. Thomas Saporito Post Office Box 8413 Jupiter, Florida 33468-8413

Dear Mr. Saporito:

Your letter dated August 13, 2011, addressed to Mr. William Borchardt, Executive Director for Operations, has been referred to the Nuclear Regulatory Commissions (NRC) Office of Nuclear Reactor Regulation pursuant to Title 10 of the Code of Federal Regulations (10 CFR) Section 2.206. In your petition, you requested that the NRC take escalated enforcement action against licensees of the US NRC to:

1. Suspend or revoke NRC licenses granted to each licensee for operation of nuclear power plants in the US.
2. Issue a notice of violation with a proposed civil penalty in the amount of $100,000,000.00 (One Hundred-Million dollars).
3. Issue a confirmatory order to bring each licensee to cold-shutdown until specific actions (listed below) are completed and validated through NRC inspection activities.
a. Establish an affirmative action plan to meet a challenge where their respective electric grid has been sabotaged by terrorists and rendered inoperative for an extended period of time;
b. Upgrade existing station power backup systems to support nuclear reactor residual heat removal systems for a continuous 30-day period of time;
c. Establish security procedures for each plant operators electric grid;
d. Install security hardware for each plant operators electric grid; and
e. Establish a security force to protect each plant operators electric grid from a physical terrorist attack as well as a cyber terrorist attack.

By teleconference on September 22, 2011, you addressed the Petition Review Board (PRB) to discuss your petition. A transcript of that teleconference, which supplements your petition, is publicly available in the Agencywide Documents Access and Management System (ADAMS) under Accession No. ML112710210.

On October 3, 2011, the PRB met internally to discuss your request for immediate action and to make a recommendation regarding your petition, as supplemented during the teleconference held on September 22, 2011.

The PRB consisted of NRC experts on grid security, senior management, and a representative from our Office of General Counsel. The PRB denied the request for immediate action because there was no immediate safety concern to plants that would affect the health and safety of the public. Per Criterion 2 under Criteria For Review, in Management Directive (MD) 8.11, the petitioner must provide some element of support beyond the bare essentials and the supporting facts must be credible and sufficient to warrant further inquiry. The PRB recommended that the petition does not meet the criteria for review because the assertions made in the petition do not go beyond mere speculations, nor are they specific to nuclear safety, therefore, the petition fails

T. Saporito to meet the level sufficient to warrant further inquiry. Moreover, the petition, in part, relates to an area of concern (grid security and reliability), which is outside the purview of NRC regulations.

The PRB has completed its review of your petition. The PRBs determination is to not accept your petition for review under the 10 CFR 2.206 process because your petition did not meet the criteria for review as stated in MD 8.11.

Sincerely,

/RA/

Robert Nelson, Acting Director Division of Policy and Rulemaking Office of Nuclear Reactor Regulation cc: Distribution via Listserv

T. Saporito to meet the level sufficient to warrant further inquiry. Moreover, the petition, in part, relates to an area of concern (grid security and reliability), which is outside the purview of NRC regulations.

The PRB has completed its review of your petition. The PRBs determination is to not accept your petition for review under the 10 CFR 2.206 process because your petition did not meet the criteria for review as stated in MD 8.11.

Sincerely,

/RA/

Robert Nelson, Acting Director Division of Policy and Rulemaking Office of Nuclear Reactor Regulation cc: Distribution via Listserv DISTRIBUTION: G20110625/EDATS:OEDO-2011-0580 PUBLIC RidsNrrDorl RidsNrrMailCenter RidsNrrOd RidsEDOMailCenter RidsOGCRp Resource RidsOeMailCenter RidsOiMailCenter RidsOpaMail RidsRgn1MailCenter RidsRgn2MailCenter RidsRgn3MailCenter RidsRgn4MailCenter RidsOcaMailCenter ARussell TMensah MGray HChristensen RDaley TBlount JLara PPederson GMatharu RNelson JRogge DHills Package: ML112800076 Incoming: ML11236A099 Response: ML112840004 Transcript of 9/22/11: ML112710210 TAC ME6940 OFFICE DPR/PGCB/PM DPR/PGCB/LA DPR/PGCB/PM DPR/PGCB/BC DPR/D NAME ARussell CHawes TMensah SRosenberg RNelson (Acting)

DATE 10/13/11 10/13/11 10/13/11 10/17/11 10/17/11 OFFICIAL RECORD COPY

November 2, 2012 Mr. Thomas Saporito, Senior Consultant Saprodani Associates 6701 Mallards Cove Road, Apartment 28H Jupiter, Florida 33458

Dear Mr. Saporito:

I am responding to your petition dated July 30, 2012, addressed to the Office of the Secretary of the Commission, U.S. Nuclear Regulatory Commission (NRC), which was referred to the Office of Nuclear Reactor Regulation (NRR) pursuant to Section 2.206 of Title 10 of the Code of Federal Regulations (10 CFR 2.206).

Management Directive (MD) 8.11, which is publicly available (Agencywide Documents and Management System (ADAMS) Accession No. ML041770328) describes the NRCs review process for 10 CFR 2.206 petitions.

The petition was filed under 10 CFR 2.206 and requested enforcement action against all NRC licensees as a result of a July 30, 2012, Bloomberg News Agency broadcast which reported that cyber hackers had succeeded in breaking into the computer network of an NRC-licensed nuclear plant. Specifically, you requested that:

1. The NRC take escalated enforcement action against all NRC licensees and suspend, or revoke the NRC license(s) granted to the licensee(s) for operation of any nuclear reactor or facility.
2. The NRC issues a notice of violation with a proposed civil penalty against the licensee(s) in the total amount of $100,000.00 (One-Hundred Thousand) dollars.
3. The NRC issues a confirmatory order to the licensee(s) requiring the licensee(s) to take their nuclear reactors and/or nuclear facilities to a cold-shutdown mode of operation until such time as:
  • The licensee completes an independent assessment to understand fully and correct the potential and/or realized cyber security threat posed by outside organizations;
  • The licensee completes a comprehensive evaluation of all nuclear safety related plant equipment and components which may be otherwise modified and/or operated by remote means via Internet access;
  • The licensee completes, identifies and removes any and all Internet access points to all nuclear safety related plant equipment and/or components; and
  • The licensee completes and independent safety-assessment through a 3rd party contractor to review all plant nuclear safety related equipment and/or components -

to ensure that such nuclear safety related systems and/or components are not accessible by an unauthorized entity via the Internet.

T. Mensah On July 31, 2012, the NRR Senior Project Manager and 10 CFR 2.206 Coordinator, Ms. Tanya Mensah, contacted you by e-mail to describe the 10 CFR 2.206 process and to provide you with a copy of MD 8.11. Ms. Mensah also offered you an opportunity to address the NRCs Petition Review Board (PRB). You accepted the offer and requested an opportunity, in person, to address the PRB during an NRC public meeting.

PRBs Decision Regarding The Request For Immediate Action On August 27, 2012, the PRB met internally to discuss the request for immediate action within your petition. MD 8.11, Part III.A.1, Schedule, states that the PRB meeting may be held sooner if staff decisions are required on short-term, immediate actions. Although you did not characterize Item 3 in your petition as immediate, the PRB treated the request to require the licensee(s) to take their nuclear reactors and/or nuclear facilities to a cold-shutdown mode of operation, as an immediate action.

During the August 27th internal meeting, the PRB discussed that in accordance with 10 CFR 73.54, Protection of Digital Computer and Communication Systems and Networks, each licensee shall protect digital computer and communication systems and networks associated with (1) safety-related and important-to-safety functions; (2) security functions; (3) emergency preparedness; and (4) support systems and equipment which, if compromised, would adversely impact safety, security, or emergency preparedness functions. With regard to the information referenced in the Bloomberg news article, there was no indication that any digital computer, communication system, or network subject to the requirements of 10 CFR 73.54 was impacted.

In addition, NRC licensees subject to the requirements of 10 CFR 73.54 have submitted cyber security plans and an implementation schedule, which the NRC staff has reviewed and approved.

Therefore, the PRB determined, in accordance with MD 8.11, that you did not provide sufficient information that any digital computer, communication systems, or networks associated with 10 CFR 73.54 has been or will be adversely impacted as a result of a cyber attack. In addition, the PRB did not have any information to conclude that there was an immediate safety concern at any NRC-licensed facilities. On that basis, the PRB denied the request for immediate action.

On September 5, 2012, Ms. Mensah informed you in an e-mail of the PRBs decision to deny the request for immediate action.

On September 10, 2012, you addressed the PRB during an NRC public meeting (ADAMS Accession No. ML12228A529) and provided supplemental information in support of your petition request. Your presentation materials included meeting handouts (ADAMS Accession No. ML12256A746) and videos, which you provided to the petition manager on a compact disc (CD). Video files cannot be declared as an official NRC agency record in ADAMS; therefore, the videos are publicly available on CD in the NRC Public Document Room (ADAMS Accession No. ML12256A739). The transcript from the public meeting is also publically available (ADAMS Accession No. ML12263A002).

T. Mensah During the public meeting, you discussed the Florida, Power & Light Smart Grid and the use of Smart devices; however, this issue relates to an area of concern (grid security and reliability),

which is outside the purview of NRC regulations.

PRBs Initial Recommendation On October 1, 2012, the PRB met and discussed the remaining requests within your petition, as supplemented on September 10, 2012.

Your petition requested that the NRC take escalated enforcement action against all NRC licensees and suspend, or revoke the NRC license(s) granted to the licensee(s) for operation of any nuclear reactor or facility. In addition, you requested that the NRC issue a notice of violation with a proposed civil penalty against the licensee(s) in the total amount of $100,000.00 (One-Hundred Thousand) dollars.

In accordance with MD 8.11, Part III, C.1, Criteria For Reviewing Petitions Under 10 CFR 2.206, these requests do not meet the criteria for review on the basis that the petition, as supplemented, failed to provide sufficient facts to warrant further inquiry.

During the September 10, 2012, public meeting, I, in my role as PRB Chairman, asked you to clarify if your request for enforcement was limited to operating reactor licensees. Your response was that the petition is applicable to all NRC licensees (as stated in the petition) including as examples: nuclear fuel reprocessing facilities; facilities that make nuclear fuel rods; and hospitals. However, your petition, as supplemented on September 10, 2012, only contained general assertions of safety and cyber security concerns at these types of facilities and did not provide specific facts relating to NRC-regulated activities. Therefore, the PRB determined that the scope of your petition (as applicable to NRC licensees that do not hold operating reactor licenses) does not meet the criteria for review on the basis that the petition, as supplemented, failed to provide sufficient facts to warrant further inquiry, as described in MD 8.11, Part III, C.1.

Your petition also requested that the NRC issue a confirmatory order to the licensee(s) requiring the licensee(s) to take their nuclear reactors and/or nuclear facilities to a cold-shutdown mode of operation until such time as:

  • The licensee completes an independent assessment to understand fully and correct the potential and/or realized cyber security threat posed by outside organizations;
  • The licensee completes a comprehensive evaluation of all nuclear safety related plant equipment and components which may be otherwise modified and/or operated by remote means via Internet access;
  • The licensee completes, identifies and removes any and all Internet access points to all nuclear safety related plant equipment and/or components; and
  • The licensee completes and independent safety-assessment through a 3rd party contractor to review all plant nuclear safety related equipment and/or components -

to ensure that such nuclear safety related systems and/or components are not accessible by an unauthorized entity via the Internet.

T. Mensah In accordance with MD 8.11, Part III, C.2, Criteria For Rejecting Petitions under 10 CFR 2.206, these requests meet the criteria for rejection on the basis that the issues raised in the petition, as supplemented, have already been reviewed, evaluated, and resolved by the NRC.

The petition, as supplemented, did not provide information that any computer, communication system, or network subject to the requirements of 10 CFR 73.54, for any NRC licensees, has been impacted. On a generic basis, NRC licensees subject to the requirements of 10 CFR 73.54 have submitted cyber security plans and an implementation schedule, which the NRC staff has reviewed and approved. The NRC will begin cyber security inspections in 2013, which will also address your request for the licensee(s) to complete an independent safety-assessment through a 3rd party contractor. Therefore, for commercial operating reactors, the petitioner raises issues that have already been reviewed, evaluated, and resolved by the NRC, as described in MD 8.11, Part III, C.2.

On October 2, 2012, the NRR petition manager, Ms. Mensah, informed you of the PRBs initial recommendation and requested that you respond by October 9, 2012, if you wanted a second opportunity to address the PRB. Furthermore, Ms. Mensah stated in her e-mail that if you did not respond by October 9, 2012, the PRBs initial recommendation would become final.

PRBs Final Recommendation Since you did not provide a response to Ms. Mensah, as requested, the PRBs initial recommendation, as described above, is now the final recommendation.

For additional information, a backgrounder regarding the NRCs cyber security requirements and applicable regulations for licensees is available on the NRCs public website (http://www.nrc.gov). You can access the backgrounder directly from the NRCs public website by selecting the following options: (Home > NRC Library > Document Collections > Fact Sheets

> Backgrounder on Cyber Security).

In addition, in January 2010, the NRC published Regulatory Guide 5.71, Cyber Security Programs for Nuclear Facilities, (ADAMS Accession No. ML090340159) that provides comprehensive guidance to licensees and applicants for licenses on an acceptable way to meet the requirements of 10 CFR 73.54. The guidance includes recommended best practices from such organizations as the International Society of Automation, the Institute of Electrical and Electronics Engineers, and the National Institute of Standards and Technology, as well as guidance from the U.S. Department of Homeland Security.

Thank you for bringing these issues to the attention of the NRC.

Sincerely,

/RA/

Ho Nieh, Division Director Division of Inspection and Regional Support Office of Nuclear Reactor Regulation cc/w incoming 2.206 Petition

ML090340159) that provides comprehensive guidance to licensees and applicants for licenses on an acceptable way to meet the requirements of 10 CFR 73.54. The guidance includes recommended best practices from such organizations as the International Society of Automation, the Institute of Electrical and Electronics Engineers, and the National Institute of Standards and Technology, as well as guidance from the U.S. Department of Homeland Security.

Thank you for bringing these issues to the attention of the NRC.

Sincerely,

/RA/

Ho Nieh, Division Director Division of Inspection and Regional Support Office of Nuclear Reactor Regulation cc/w incoming 2.206 Petition Distribution via Listserv DISTRIBUTION: (G20120557/EDATS: SECY-2012-0392)

PUBLIC RidsEdoMailCenter NGarcia-Santos, NMSS Resource RidsNrrOd Resource RidsOgcRp Resource RidsNrrDorl Resource RidsOpaMail Resource RidsNrrMailCenter Resource RidsOcaMailCenter Resource RidsRgn4MailCenter Resource CSafford , OGC NColeman, OE RidsNrrDpr Resource JSebrosky, NRR JDeCicco, FSME TMensah, NRR PPederson, NSIR MFernandez, NSIR LHowell, RIV TMossman, NRR ADAMS Package No. ML12283A155 Incoming - ML12215A022 Letter - ML12283A152 Public Meeting Notice - ML12228A529 Public Meeting Handouts - ML12256A746 Public Meeting Video- ML12256A739 Public Meeting Transcript- ML12263A002 *e-mail concurrence DIRS/D OFFICE DPR/PGCB/PM DPR/PGCB/LA DPR/PGCB/BC RIV/RCB/BC DE/EICB/BC NSIR/DSO/RSOB/BC NAME TMensah CHawes DPelton LHowell* JThorp (TMossman for)* RAlbert* HNieh DATE 10/11 /12 10/11/12 10/ 11 /12 10/ 11 /12 10/11 /12 10/15 /12 10/ 2 /12