L-12-083, LER 12-S01-00, Latent Software Error Resulted in Improperly Authorized Visitor Access Into Protected Area

From kanterella
Jump to navigation Jump to search
LER 12-S01-00, Latent Software Error Resulted in Improperly Authorized Visitor Access Into Protected Area
ML12072A085
Person / Time
Site: Perry FirstEnergy icon.png
Issue date: 02/29/2012
From: Emily Larson
FirstEnergy Nuclear Operating Co
To:
Document Control Desk, Office of Nuclear Reactor Regulation
References
L-12-083 LER 12-S01-00
Download: ML12072A085 (5)
v  d  e


Text

.I ý Perry Nuclear Power Plant 10 Center Road F% PO. Box 97 FirstEnergyNuclear OperatingCompany Perry, Ohio 44081 Februar'y29, 2012 L-12-083 10 CFR 73.71(a)(4) 10 CFR 73, Appendix G, I(b)

ATTN: Document Control Desk U. S. Nuclear Regulatory Commission Washington, DC 20555-0001

SUBJECT:

Perry Nuclear Power Plant, Unit 1 Docket No. 50-440, License No. NPF-58 Security Licensee Event Report Submittal Enclosed is Security Licensee Event Report (SLER) 2012-S01, "Latent Software Error Resulted 'in Improperly Authorized Visitor Access into Protected Area." There are no regulatory commitments contained in this submittal.

If there are any questions or if additional information is required, please contact Mr. Robert Coad, Manager - Regulatory Compliance, at (440) 280-5328.

Sincerely, Eric A. Larson Site Vice President, Acting

Enclosure:

SLER,2012-S01 cc: :NRC Project Manager NRC Resident Inspector NRC Region III Director, Division of Security Policy, Office of Nuclear Security and Incident

Response

NRC FORM 366 U.S. NUCLEAR REGULATORY COMMISSION APPROVED BY OMB NO. 3150-0104 EXPIRES 10/31/2013 (10-2010) Estimated burden per response to comply with this mandatory collection request: 80 hrs. Reported lessons learned are incorporated into the licensing process and fed back to industry. Send comments regarding burden estimate to the FOIA/Privacy Section (T-5 F53), U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, or by internet e-mail to infocollects.resource@nrc.gov, and to the Desk Officer, Office of Information LICENSEE EVENT REPORT (LER) and Regulatory Affairs, NEOB-10202 (3150-0104), Office of Management and (See reverse for required number of Budget, Washington, DC 20503. If a means used to impose an information sfor each block) collection does not display a currently valid OMB control number, the NRC may digits/characters fnot conduct or sponsor, and a person is not required to respond to, the information collection.

1. FACILITY NAME 2. DOCKET NUMBER 3. PAGE Perry Nuclear Power Plant, Unit 1 05000440 1 OF 4
4. TITLE Latent Software Error Resulted in Improperly Authorized Visitor Access into Protected Area
5. EVENT DATE MONTH DAY YEAR Y
6. LER NUMBER SEQUENTIAL REV
7. REPORT DATE MNI I rI FACILITY NAME
8. OTHER FACILITIES INVOLVED DOCKET NUMBER A

YEAR NUMBER NO. MONTH DAY YEAR 01 212 2012 01055 2012 - s01 - 00II 02 II29 I120121I FACILITY NAME DOCKET NUMBER

9. OPERATING MODE 11. THIS REPORT IS SUBMITTED PURSUANT TO THE REQUIREMENTS OF 10 CFR §: (Check all that apply)

E] 20.2201(b) El 20.2203(a)(3)(i) El 50.73(a)(2)(i)(C) E] 50.73(a)(2)(vii) 1E20.2201(d) I] 20.2203(a)(3)(ii) E] 50.73(a)(2)(ii)(A) E] 50.73(a)(2)(viii)(A)

[] 20.2203(a)(1) El 20.2203(a)(4) E] 50.73(a)(2)(ii)(B) El 50.73(a)(2)(viii)(B)

_E 20.2203(a)(2)(i) El 50.36(c)(1)(i)(A) [] 50.73(a)(2)(iii) El 50.73(a)(2)(ix)(A)

10. POWER LEVEL El 20.2203(a)(2)(ii) E] 50.36(c)(1)(ii)(A) El 50.73(a)(2)(iv)(A) El 50.73(a)(2)(x)

El 20.2203(a)(2)(iii) El 50.36(c)(2) [] 50.73(a)(2)(v)(A) [ 73.71 (a)(4) 100 El 20.2203(a)(2)(iv) El 50.46(a)(3)(ii) E] 50.73(a)(2)(v)(B) El 73.71 (a)(5)

El 20.2203(a)(2)(v) El 50.73(a)(2)(i)(A) [ 50.73(a)(2)(v)(C) Z OTHER Speif=i Abstract below El 20.2203(a)(2)(vi) El 50.73(a)(2)(i)(B) El 50.73(a)(2)(v)(D) ori Form 366A

12. LICENSEE CONTACT FOR THIS LER FACILITY NAME TELEPHONE NUMBER (Include Area Code)

Eric Blood, Compliance Engineer, Regulatory Compliance (440) 280- 6358

13. COMPLETE ONE LINE FOR EACH COMPONENT FAILURE DESCRIBED INTHIS REPORT CMOET MANU-FACTURER REPORTABLE TO EPIX I CAUSE SMANU-FACTURER REPORTABLE TO EPIX
14. SUPPLEMENTAL REPORT EXPECTED 15. EXPECTED MONTH DAY YEAR E] YES (If yes, complete EXPECTED SUBMISSION DATE). Z] NO SUBMISSION DATE ABSRACI (Limit to 14UU spaces, i.e., approximately 15 single-spacec typewnitten lines)

On January 5, 2012, at 0735 hours0.00851 days <br />0.204 hours <br />0.00122 weeks <br />2.796675e-4 months <br />, a contract individual was improperly granted visitor (escorted) access into the Perry Nuclear Power Plant. The visitor had escorted access to the protected area for 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> and 50 minutes. During that time, he was continually escorted by a trained individual and never gained access to a vital area. The visitor did not perform work on any plant equipment and the investigation of this event did not indicate any malevolent intent on the part of the individual involved.

There were no actual safety consequences and no effect on public health and safety as a result of this event.

The cause of this event was determined to be a programming/software error made during the Nuclear In-Processing Xpress (NIX) system development, which was not identified and corrected during acceptance testing by FirstEnergy Nuclear Operating Company (FENOC). The NIX system is used to determine visitor (escorted access) eligibility and to log the entry and exit of visitors to the protected area. The software error was corrected and extensive verification testing was completed.

This event is being reported in accordance with 10 CFR 73.71 (a)(4) and 10 CFR 73, Appendix G, 1(b) as an actual entry of an unauthorized person into a protected area.

INIC F'ORM 366 (10-2010)

NRC FORM 366A U.S. NUCLEAR REGULATORY COMMISSION (10-2010) LICENSEE EVENT REPORT (LER)

CONTINUATION SHEET

1. FACILITY NAME 2. DOCKET 6. LER NUMBER 3. PAGE SEQUENTIAL REV YEAR NUMBER NO.

Perry Nuclear Power Plant, Unit 1 05000-440 - 2 OF4 2012 -- S01 -- 00 NARRATIVE INTRODUCTION On January 5, 2012, at 0735 hours0.00851 days <br />0.204 hours <br />0.00122 weeks <br />2.796675e-4 months <br />, a contract individual was improperly granted visitor access into the Perry Nuclear Power Plant (PNPP) protected area. The power plant was operating in MODE 1 (i.e., Power Operation) at 100 percent rated thermal power at the time of this event. At 1558 hours0.018 days <br />0.433 hours <br />0.00258 weeks <br />5.92819e-4 months <br />, a notification was made to the NRC Operations Center (ENS Number 47573) in accordance with 10 CFR 73.71 (b)(1) which requires a one hour report for an actual entry of an unauthorized person into a protected area. This is a safeguards event described in paragraph I(b) of 10 CFR 73, Appendix G. This event is being reported in accordance with 10 CFR 73.71(a)(4) and 10 CFR 73, Appendix G, section 1(b) which requires an actual entry of an unauthorized person into a protected area, material access area, controlled access area, vital area, or transport be reported within one hour of discovery, followed by a written report within 60 days.

BACKGROUND INFORMATION The FirstEnergy Nuclear Operating Company (FENOC) utilizes the Nuclear In-Processing Xpress (NIX) system to determine visitor (escorted access) eligibility for PNPP. The NIX system is also used to log the entry and exit of visitors to the protected area. Submittal of a visitor request in the NIX system prompts a data transfer from the Personnel Access Data System (PADS). PADS is utilized by the industry to communicate pertinent information concerning individuals working in the nuclear industry. The NIX system compares the requested visitor data to identify the individual's eligibility for visitor access in accordance with 10 CFR 73.56. Once eligibility is confirmed, the request is forwarded for approval to the requestor's management. After approval, NIX displays pertinent information on the visitor arrival screen for Security personnel. Upon arrival, the security officer verifies identity of the individual and performs another eligibility check to ensure the information hasn't changed. If the eligibility check is favorable, then the individual is granted visitor (escorted) access into the protected and/or vital area.

EVENT DESCRIPTION On January 5, 2012, at 1510 hours0.0175 days <br />0.419 hours <br />0.0025 weeks <br />5.74555e-4 months <br />, with the plant operating in MODE 1 at 100 percent rated thermal power, itwas determined that a visitor was improperly granted escorted access to the PNPP protected area. The visitor was previously denied unescorted access by FENOC in 2007. Below is a timeline of the events that led to discovery of the issue.

On January 3, 2012, a visitor access request was submitted in the NIX system for the individual. NIX retrieved the individual's data from PADS and returned a favorable eligibility check for visitor access.

On January 5, 2012, at 0730 hours0.00845 days <br />0.203 hours <br />0.00121 weeks <br />2.77765e-4 months <br />, the individual arrived on-site and was processed through the Primary Access Facility (PAF) search lanes. The visitor presented valid government issued photo identification to the security officer. The officer then verified that the visitor's social security number and photo identification both matched the NIX visitor information via the visitor arrival screen.

NRC FORM 366A (10-2010)

NRC FORM 366A ... . .,4 ý.... 1 . .... U.S. NUCLEAR REGULATORY COMMISSION (10-2010) LICENSEE :EVENT REPORT (LER)

CONTINUATION SHEET

1. FACILITY NAME 2. DOCKET 6. LER NUMBER 3. PAGE SEQUENTIAL REV YEAR NUMBER NO, Perry Nuclear Power Plant, Unit 1 05000-440 -- I13OF4 2012 -- S01 -- 00 NARRATIVE-At 0734 hours0.0085 days <br />0.204 hours <br />0.00121 weeks <br />2.79287e-4 months <br />, a required second eligibility check was completed utilizing the NIX system.

Based on the results, the individual was granted visitor access. The visitor then entered the protected area with an escort.

At an indeterminate time after the escorted access was granted, the visitor processing and logging portion of the NIX system encountered a communication issue with PADS. The use of the system was stopped. Security officers implemented a manual backup system, which consisted of contacting Access Authorization (AA) personnel to manually perform the eligibility check in PADS.

At 1225 hours0.0142 days <br />0.34 hours <br />0.00203 weeks <br />4.661125e-4 months <br />, the individual exited the protected area.

At 1300 hours0.015 days <br />0.361 hours <br />0.00215 weeks <br />4.9465e-4 months <br />, the individual returned to the PAF to regain visitor access to the protected area.

At 1311 hours0.0152 days <br />0.364 hours <br />0.00217 weeks <br />4.988355e-4 months <br />, a manual check of the PADS by AA personnel identified the individual as being in a denied access status in PADS. The individual was denied visitor access and at 1316 hours0.0152 days <br />0.366 hours <br />0.00218 weeks <br />5.00738e-4 months <br /> the AA supervisor was notified of the denial and previous entry.

At 1345 hours0.0156 days <br />0.374 hours <br />0.00222 weeks <br />5.117725e-4 months <br />, a determination was made by FENOC Fleet Access Authorization management to suspend the use of the NIX system for visitor processing and logging.

Subsequent review by AA and Regulatory Compliance management determined that the visitor's access was unauthorized because the access was improperly granted and that this event was reportable to the NRC.

CAUSE OF EVENT The cause of this event was determined to be a latent programming/software error made during the development of the NIX system visitor access module, which was not identified nor corrected during acceptance testing by FENOC. The NIX algorithm was incorrectly comparing an access authorization date versus the access period end date. The programming/software error resulted in failure to identify the individual was in a denied access status since 2007.

The security officer granted the escorted access request based on the incorrect information provided by the NIX system.

EVENT ANALYSIS This event has minimal safety significance, as the investigation of this event did not indicate any malevolent intent on the part of the individual involved. The visitor was in the protected area for 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> and 50 minutes. During that time he was continually escorted by a trained individual and never gained access to a vital area. The visitor did not perform work on any plant equipment during this time. No safety systems were directly or indirectly impacted or threatened.

NRC FORM 366A (10-2010)

NRC FORM 366A U.S. NUCLEAR REGULATORY COMMISSION (10-2010) LICENSEE EVENT REPORT (LER)

CONTINUATION SHEET

1. FACILITY NAME 2. DOCKET 6. LER NUMBER 3. PAGE SEQUENTIAL REV YEAR NUMBER NO.

Perry Nuclear Power Plant, Unit 1 05000-440 4OF4 2012 -- S01 -- 00 NARRATIVE An Extent of Condition review performed for this event verified that, the visitor entries (totaling 29,690) between October 8, 2008 and January 5, 2012 (for all three FENOC nuclear sites) contained no other instances of individuals being improperly authorized visitor access to the protected area due to the programming/software error.

PNPP utilizes a proprietary on-site security force. No Local, State, or Federal law enforcement agencies were contacted regarding the event and there was no press release.

CORRECTIVE ACTIONS The individual was denied visitor access to the PNPP protected area and the use of the NIX system for visitor processing and logging was suspended at the three FENOC operated nuclear sites.

The software vendor was contacted to perform diagnostic testing. A programming/software error was identified and corrected, at which time extensive verification testing was completed.

The use of the NIX system for visitor processing and logging was restored after successful testing confirmed the issue had been corrected.

PREVIOUS SIMILAR EVENTS A search of License Event.Reports and the corrective action program documents for the last three years at the Perry Nuclear Power Plant found two Condition Reports (CRs) that were generated on issues associated with the granting of visitor access to the protected area. The two CRs are listed below, along with the problem statement associated with each.

CR 2011-06719 - A security officer did not check the required identification while signing in a visitor, but did verify the social security number and the personnel access data system.

CR 2009-62542 - A visitor whose unescorted access authorization expired was allowed entry into the protected area.

The two previous events were similar in nature, but both were caused by human performance issues, and as such the associated corrective actions would not have been reasonably expected to have prevented the condition documented in this report.

COMMITMENTS There are no regulatory commitments contained in this report. Actions described in this document represent intended or planned actions, are described for the NRC's information, and are not regulatory commitments.

NRC FORM 366A (10-2010)

Retrieved from "https://kanterella.com/w/index.php?title=L-12-083,_LER_12-S01-00,_Latent_Software_Error_Resulted_in_Improperly_Authorized_Visitor_Access_Into_Protected_Area&oldid=2104279"