EA-97-267 - U.S. Enrichment Corporation

September 22, 1997

EA 97-267

U.S. Enrichment Corporation
ATTN: Mr. J. H. Miller
Vice President, Production
Two Democracy Center
6903 Rockledge Drive
Bethesda, MD 20817

SUBJECT:

NOTICE OF VIOLATION (NRC Inspection Report No. 70-7001/97005(DFS))

Dear Mr. Miller:

This refers to the security inspection conducted on May 5-9, 1997, at the Paducah Gaseous Diffusion Plant in Paducah, Kentucky. The purpose of the inspection was to review the implementation of the approved Security Plan for the Protection of Classified Matter (Security Plan). A telephonic briefing was held on June 9, 1997, at which the results of the inspection were discussed. The inspection report detailing our findings was issued on June 24, 1997. A predecisional enforcement conference was held with you and members of your staff on July 16, 1997, to discuss the apparent violations, their root causes, and your corrective action.

Based on the information developed during the inspection, the information that you provided during the conference, and the information that you provided in your July 18 and August 11, 1997 letters, the NRC has determined that violations of NRC requirements occurred. These violations are cited in the enclosed Notice of Violation (Notice) and the circumstances surrounding them are described in detail in the subject inspection report. Specifically, these violations involved USEC's failure to: (1) provide the Commission complete and accurate information, and (2) implement various aspects of the Security Plan of the Paducah Gaseous Diffusion Plant.

The NRC is concerned with USEC's failure to provide complete and accurate information because the NRC relies on information received from certificate holders to make regulatory decisions involving the public health and safety. In addition, the NRC is concerned about the significant number of instances where USEC failed to implement its Security Plan. The NRC recognizes that the actual security consequences were minimal in this case. However, the violations described in the enclosed Notice are of significant regulatory concern because, collectively, they are indicative of a programmatic breakdown of the USEC Security Program.

This programmatic breakdown is evidenced by: (1) the fact that plant personnel were not familiar with commitments contained in the Security Plan; (2) the fact that USEC did not implement a significant number of specific Security Plan requirements involving a broad range of issues; and (3) the fact that USEC did not provide complete and accurate information to the Commission regarding certain aspects of its Security Plan. During the July 16, 1997 conference, you stated that the root cause of these violations was a lack of effective management oversight and a lack of self-assessments. Therefore, these violations have been characterized in the aggregate in accordance with the "General Statement of Policy and Procedure for NRC Enforcement Actions" (Enforcement Policy), NUREG-1600, as a Severity Level III problem.

In accordance with the Enforcement Policy, a base civil penalty in the amount of $55,000 is considered for a Severity Level III problem. Because your facility has not been the subject of escalated enforcement actions since its certification, the NRC considered whether credit was warranted for Corrective Action in accordance with the civil penalty assessment process in Section VI.B.2 of the Enforcement Policy. In this case, the NRC has determined that credit is warranted for your prompt and comprehensive corrective action. Specifically, your corrective action which you discussed during the July 16, 1997, conference included: (1) reinforcing management's expectations for total procedural adherence, rigorous attention to detail, and complete regulatory compliance; (2) assembling a team of subject matter experts to concurrently review the three security plans (i.e., classified matter, physical, and transportation) for accuracy, consistency, and completeness; (3) taking immediate actions to bring the plant into compliance with the Security Plan; (4) proceduralizing the process utilized during review to ensure consistent plan review and change implementation; (5) requiring increased field monitoring by security management to ensure regulatory commitments are met via strict procedural adherence; and (6) performing independent assessments and self-assessments of the Security Plan implementation using NRC inspection criteria as a guide.

Therefore, to encourage prompt and comprehensive correction of violations, and in recognition of the absence of previous escalated enforcement action, I have been authorized, after consultation with the Director, Office of Enforcement, not to propose a civil penalty in this case. However, significant violations in the future could result in a civil penalty. In addition, issuance of this Severity Level III violation constitutes escalated enforcement action that may subject you to increased inspection effort.

During the July 16, 1997 conference, you took exception with some of the apparent violations described in the June 24, 1997 inspection report. Specifically, you stated that: (1) USEC properly marked SECRET-Restricted Data (SRD) combination records at the highest classification level (Apparent Violation 70-7001/97005-02); (2) USEC provided adequate training to a Computer System Security Officer (CSSO) (Apparent Violation 70-7001/97005-05b); and (3) USEC properly marked a classified magnetic storage device (Apparent Violation 70-7001/97005-05c). After careful consideration of your statements and documentation, the NRC has determined that your marking practices did not violate NRC requirements and has, therefore, withdrawn violations 70-7001/97005-02 and 70-7001/97005-05c. However, the NRC maintains that training of a CSSO was not adequate because the CSSO interviewed did not know how to properly dispose of a Bernoulli disk (i.e., removable magnetic data storage) containing classified information, a basic fundamental of CSSO training.

While reviewing the facts outlined in NRC Inspection Report 70-7001/97005(DFS), dated June 24, 1997, we noted an error in the first paragraph of Section 6.b, in that references to separation distances of classified computer equipment from unclassified data communication lines should have been 1 foot, not 3 feet.

You are required to respond to this letter and should follow the instructions specified in the enclosed Notice when preparing your response. The NRC will use your response, in part, to determine whether further enforcement action is necessary to ensure compliance with regulatory requirements.

In accordance with 10 CFR 2.790 of the NRC's "Rules of Practice," a copy of this letter, its enclosure, and your response will be placed in the NRC Public Document Room.

Sincerely,

A. Bill Beach Regional Administrator

Certificate No. GDP-1
Docket No. 70-7001

Enclosure: Notice of Violation

---

NOTICE OF VIOLATION

U. S. Enrichment Corporation (USEC) Bethesda, MD

Docket No. 70-7001 Certificate No. GDP-1 EA 97-267

During an NRC inspection conducted on May 5 - 9, 1997, violations of NRC requirements were identified. In accordance with the "General Statement of Policy and Procedure for NRC Enforcement Actions," NUREG-1600, the violations are listed below:

I. 10 CFR 76.9(a) requires, in part, that information provided to the Commission be complete and accurate in all material aspects.

A. Section 8. of the Security Plan for the Protection of Classified Matter (Security Plan) submitted by USEC in the May 31, 1996 revision of its application, states, in part, that the classified storage rooms meet the requirements for a true vault ¹ as described in DOE Order 5632.1C, "Protection and Control of Safeguards and Security Information," without an Alarm system, i.e., concrete construction, true floor to true ceiling, penetrations sealed or protected by anchored bars, and metal doors possessing R1-rated combination locks.

Section 4. of DOE Order 5632.1C states, in part, that the definitions of commonly used terms are provided in the "Safeguards and Security Definitions Guide," which is maintained and distributed by the Office of Safeguards and Security. Section 23.0 of the Safeguards and Security Definitions Guide defines a vault as a windowless enclosure that is resistant to forced entry and has a DOE-approved system which detects unauthorized entry.

Contrary to the above, on May 31, 1996, the United States Enrichment Corporation (USEC) failed to provide to the Commission complete and accurate information in all material aspects concerning its Security Plan for the Protection of Classified Matter (Security Plan) in that Section 8 of the submitted Security Plan described the Barrier Lab in the C-710 building as meeting the requirements of a "true vault." However, the lab had windows and therefore did not meet the definition of a true vault (a true vault is a windowless enclosure). This information was material to the NRC because the Commission relied on it to grant USEC a certificate of compliance. (01013)

B. Section 18. of the Security Plan submitted by USEC in the January 19, 1996 revision of its application, describes telecommunications of classified information and states that the Paducah Plant "is presently operating under a DOE-approved Telecommunications Operation Plan."

Contrary to the above, on January 19, 1996, the United States Enrichment Corporation (USEC) failed to provide to the Commission complete and accurate information in all material aspects concerning its Security Plan for the Protection of Classified Matter (Security Plan), as evidenced by the examples below: (01023)

1. On January 19, 1997, USEC failed to provide the NRC with accurate information in that the Paducah Plant was not operating under a DOE-approved Telecommunications Operation Plan as stated in Section 18. of the Security Plan.

2. On January 19, 1996, USEC failed to provide the NRC with the correct status of the Paducah Communication Security (COMSEC) account in that Section 18.2 of the Security Plan stated that the DOE COMSEC account was closed when, in fact, the account was still active;

3. On January 19, 1996, USEC failed to provide the NRC with complete and accurate information in that Section 18.4 of the Security Plan did not accurately list Paducah's secure telecommunications equipment holdings; and

4. On January 19, 1996, USEC failed to provide the NRC with complete and accurate information in that Section 18.6 of the Security Plan did not provide a complete listing of Paducah's COMSEC equipment and keying material.

This information was material to the NRC because the Commission relied on it to grant USEC a certificate of compliance.

II. Condition 8 of the certificate of compliance for the Paducah Gaseous Diffusion Plant requires, in part, that USEC conduct its operations in accordance with the statements and representations contained in the certification application dated September 15, 1995, and revisions dated January 19, 1996, and May 31, 1996.

Contrary to the above, as of May 5, 1997, numerous aspects of the approved Security Plan for the Protection of Classified Matter were not implemented, as evidenced by the following examples, each of which constitutes an individual violation:

A. Violations Associated with Perimeter Security:

1. Sections 1. and 5. of the approved Security Plan submitted by USEC in its application dated September 15, 1995, contain Figures 1-1 and 5-1. The figures show the controlled access area (CAA) barrier to be just south of building C-720. However, USEC failed to accurately identify the location of the CAA barrier of the plant, which was near building C-720,. (02013)

2. Section 1.2.3 of the Security Plan submitted by USEC in the May 31, 1996 revision of USEC's application, requires, in part, that liaison be maintained between the Paducah Site and Facilities Support staff and the safeguards and security representative for the Regulatory Oversight Agreement (ROA), ensuring that the appropriate level of safeguards and security, as well as regulatory compliance, is maintained for all site interests. However, USEC failed to implement Section 1.2.3 of the Security Plan after the ROA expired on March 3, 1997. (02023)

3. Section 6.2.3 of the Security Plan submitted by USEC in the May 31, 1996 revision of its application, requires, in part, that Police Operations personnel receive a total of 24 hours of annual training in nine subject areas listed therein. However, USEC failed to provide the required number of hours of training for each Police Operations member. (02033)

4. Section 6.2.3 of the Security Plan submitted by USEC in the May 31, 1996 revision of its application requires, in part, that security response exercises be conducted periodically. However, USEC informed NRC that the periodic security response exercises, which were conducted monthly until March 1996, were stopped because of resource constraints. (02043)

5. Section 6.2.4 of the Security Plan submitted by USEC in the May 31, 1996 revision of its application requires, in part, that newly hired Police Operations personnel successfully qualify via knowledge, testing, and performance in all aspects identified by the job task analysis listed in Section 6.2.3. Section 6.2.3 requires, in part, that Police Operations personnel receive training in nine subject areas listed therein. However, USEC failed to provide the initial job qualification training in the nine subject areas for all Police Operations personnel. (02053)

6. Section 6.2.6 of the Security Plan submitted by USEC in the May 31, 1996 revision of its application requires, in part, that Police Operations personnel conduct random patrols not to exceed two hours [frequency, not duration of performance] of the CAA and those areas in which special nuclear material of low strategic significance is stored. However, USEC failed (1) to conduct the required number of random patrols in that only three of the required six patrols of the CAA during the 12-hour day shift were conducted and (2) to conduct patrols of the CAA in a random manner in that the 12-hour night shift patrols were being conducted on an hourly basis. (02063)

7. Section 6.2.7 of the Security Plan submitted by USEC in the May 31, 1996 revision of its application requires, in part, that each on-duty Police Operations member be trained and issued a protective gas mask. However, USEC failed to provide the required gas masks to all members of the Police Operations force. (02073)

8. Section 6.8 of the Security Plan submitted by USEC in the May 31, 1996 revision of its application, requires, in part, that the management of the key and lock program be identified in the Paducah SPP P-GP-61, "Master Key System." However, USEC failed to identify in the Paducah SPP P-GP-61, "Master Key System," the management of the key and lock program. (02083)

9. Section 8.2.2 of the Security Plan submitted by USEC in the May 31, 1996 revision of its application, requires, in part, that the Police Operations shift commander arrange for the railroad gates in the CAA fence line to be opened. However, USEC failed to ensure that the Police Operations shift commander arrange for the railroad gates in the CAA fence line to be opened, in that the coordination was conducted by the Police Operations shift lieutenant. (02093)

10. Section 8.2.3 of the Security Plan submitted by USEC in the May 31, 1996 revision of its application requires, in part, that upon being alerted by the plant shift superintendent that the request for mutual aid has been made and the responding emergency forces will require access to the CAA, the Police Operations shift commander will provide assistance and escorts for the responders. However, USEC failed to ensure that plant procedures concerning the escort of mutual aid responders were consistent with the approved Security Plan in that the implementing procedure, "Access Control," identified no instruction on providing escorts. (02103)

11. Section 8.3 of the Security Plan submitted by USEC in the May 31, 1996 revision of its application requires, in part, that Visitor Control be responsible for coordinating visits to other Department of Energy and NRC facilities containing classified information. However, USEC failed to identify the correct organization for coordinating classified visits in that Visitor Control did not coordinate such visits. (02113)

12. Section 8.6 of the Security Plan submitted by USEC in the May 31, 1996 revision of its application requires, in part, that unissued badge stock and badges awaiting destruction be kept in a locked repository (four drawer safe) in Security (trailer C-102-T-02) when unattended. However, USEC failed to properly store badge stock in that badge materials were stored in a room that was locked by a Unican 1000 push button door lock. (02123)

B. Violations Associated with Storage and Control of Classified Matter:

13. Section 1.3 of the Security Plan submitted by USEC in the January 19, 1996 revision of its application, requires, in part, that the Paducah classified mailing address include reference to United States Enrichment Corporation. However, USEC failed to use the approved classified mailing/shipping address, in that Lockheed Martin Utility Services was referenced in the classified mailing/shipping address, not the United States Enrichment Corporation. (02133)

14. Section 2. of the approved Security Plan submitted by USEC in its revisions dated January 19 and May 31, 1996, contains Figures 2-2 and 2-3 that describe the Paducah Police Operations and the Security Organization. However, USEC failed to conduct operations in accordance with the Paducah Police Operations and Security Organization charts in that Figures 2-2 and 2-3 of the approved plan were no longer applicable because the Paducah Police operations and the security organization had been reorganized. (02143)

15. Section 6.4 of the Security Plan submitted by USEC in the May 31, 1996 revision of its application requires, in part, that upon completing checks of the repositories, Police Operations personnel place their initials in the "guard check" section of SF-702 ["Security Container Check Sheet"]. However, USEC failed to document the performance of physical checks in accordance with the approved Security Plan in that Police Operations personnel swiped a "bar code" that was affixed to the containers/vaults/cages rather than initialing on the SF-702 forms. (02153)

16. Section 6.6.3 of the Security Plan submitted by USEC in the May 31, 1996 revision of its application requires, in part, that custodians of security containers maintain a Form-702 and that records of security container and security area (i.e., seal cages) checks be maintained for a period of 90 days. However, USEC failed to maintain SF-702 forms for the seal cages in the C-333 and C-720 buildings and the receiving booth in the C-400 building. (02163)

17. Section 17. of the Security Plan submitted by USEC in the January 19, 1996 revision of its application requires, in part, that infractions of regulations, losses, compromises, or possible compromises of classified matter be reported to the NRC's Division of Security [now the Division of Facilities and Security]. However, USEC failed to ensure that plant procedures concerning notifications were consistent with the Security Plan and, when required, failed to provide notifications to the NRC's Division of Security [now the Division of Facilities and Security]. (02173)

C. Violations Associated with Protection of Classified Matter:

18. Section 19. of the Security Plan submitted by USEC in the January 19, 1996 revision of its application, requires, in part, that ADP security plans be developed in accordance with the Master ADP Security Plan for Microcomputer Resources Processing Classified Information, dated November 2, 1993. Section II.B.5 of the Master ADP Security Plan for Microcomputer Resources Processing Classified Information, dated November 2, 1993, requires, in part, that unclassified data communication lines are not placed within 1 foot of a microcomputer resource processing classified information. However, USEC failed to maintain required separation between an unclassified data communication line and a microcomputer resource processing classified information, in that a classified microcomputer located in building C-302 was located within 1 foot of a jack for an unclassified data communication line. (02183)

19. Section I.A of the Master ADP Security Plan for Microcomputer Resources Processing Classified Information, requires, in part, that the location and basic information for each classified microcomputer resource be found in the individual Security Plan titled, "ADP Security Plan for Microcomputer Resources Processing Classified Information." The individual microcomputer Security Plan identifies specific information relating to the Computer System Security Officer (CSSO). Section 12., "CSSO and Alternate CSSO Acknowledgment of Training and ADP Security Responsibilities," of the "ADP Security Plan for Microcomputer Resources Processing Classified Information" requires, in part, that the CSSO receive training courses. However, USEC failed to provide adequate training to a CSSO of a classified computer, in that the CSSO did not know how to properly dispose of a Bernoulli disk (i.e., removable magnetic data storage) containing classified information. (02193)

20. Section II.B.5, "Separation Protection Controls," of the Master ADP Security Plan requires, in part, that microcomputer resources used to process classified information are separated 3 feet from ADP equipment used to process unclassified information. However, USEC failed to maintain the required separation of classified and unclassified computer hardware for the classified PC located in the C-102-T-02 trailer, in that an unclassified PC was located within 3 feet of the trailer's classified PC. (02203)

These violations represent a Severity Level III problem (Supplement III).

Pursuant to the provisions of 10 CFR 76.70, the United States Enrichment Corporation (USEC) is hereby required to submit a written statement or explanation to the U.S. Nuclear Regulatory Commission, ATTN: Document Control Desk, Washington, D.C. 20555, with a copy to the Regional Administrator, Region III and the Paducah Resident Office, within 30 days of the date of the letter transmitting this Notice of Violation (Notice). This reply should be clearly marked as a "Reply to a Notice of Violation" and should include for each violation: (1) the reason for the violation, or, if contested, the basis for disputing the violation, (2) the corrective steps that have been taken and the results achieved, (3) the corrective steps that will be taken to avoid further violations, and (4) the date when full compliance will be achieved. Your response may reference or include previous docketed correspondence, if the correspondence adequately addresses the required response. If an adequate reply is not received within the time specified in this Notice, an order or a Demand for Information may be issued as to why the certificate should not be modified, suspended, or revoked, or why such other action as may be proper should not be taken. Where good cause is shown, consideration will be given to extending the response time.

Under the authority of Section 182 of the Act, 42 U.S.C. 2232, this response shall be submitted under oath or affirmation.

Because your response will be placed in the NRC Public Document Room (PDR), to the extent possible, it should not include any personal privacy, proprietary, or safeguards information so that it can be placed in the PDR without redaction. If personal privacy or proprietary information is necessary to provide an acceptable response, then please provide a bracketed copy of your response that identifies the information that should be protected and a redacted copy of your response that deletes such information. If you request withholding of such material, you must specifically identify the portions of your response that you seek to have withheld and provide in detail the bases for your claim of withholding (e.g., explain why the disclosure of information will create an unwarranted invasion of personal privacy or provide the information required by 10 CFR 2.790(b) to support a request for withholding confidential commercial or financial information). If safeguards information is necessary to provide an acceptable response, please provide the level of protection described in 10 CFR 73.21.

Dated at Lisle, Illinois
this 22nd day of September 1997

---

1. DOE Order 5632.1C uses the term "vault" as opposed to the term "true vault" used in the Paducah Security Plan.