Energy Central News

Curated power industry news from thousands of top sources.


Cybersecurity threat at Davis-Besse results in NRC demand for information

  • Dec 1, 2021
The Blade

Nov. 30—OAK HARBOR, Ohio — A cybersecurity threat at the Davis-Besse nuclear plant is the topic of a regulatory conference that has been scheduled for Monday at the U.S. Nuclear Regulatory Commission's regional headquarters southwest of Chicago.

Energy Harbor executives were given the choice of providing the federal regulator with the information it wants in writing or in person at the agency's headquarters in Lisle, Ill. The company chose the latter, Prema Chandrathil, an NRC spokesman, said.

The meeting is off-limits to the public.

Citing security reasons, the NRC does not divulge information to the public about any physical or cyber threats to the nation's nuclear plants. It tightened up restrictions on that policy in response to the Sept. 11, 2001, terrorist attacks.

In this case, the only information the NRC is releasing about the cyber threat in question is that it has the potential of becoming a "greater than green" violation.

Green is the lowest type of violation in the NRC's color-coded enforcement program. The other three, in ascending order of severity, are white, yellow, and red.

Energy Harbor is Davis-Besse's latest owner-operator.

Its communications team, run by Falls & Co., of Cleveland, did not respond to a request for an interview.

The NRC said in an Oct. 7 letter to Terry Brown, Energy Harbor Nuclear Corp.'s site vice president for Davis-Besse, that the result of an Aug. 25 inspection has resulted in a violation "that may result in the need for further evaluation to determine significance and therefore the need for additional NRC action."

The one undetermined violation is in addition to six findings of very low security significance documented in the NRC's report, according to the letter, signed by David Curtis, acting NRC Division of Reactor Safety director.

Mr. Curtis told Energy Harbor in the Oct. 7 letter that information about such violations is kept out of the public domain because "its disclosure to unauthorized individuals could present a security vulnerability."

Monday's meeting is to include at least 12 NRC officials and at least seven Energy Harbor officials, according to a meeting announcement approved by Billy Dickson, NRC Division of Reactor Projects branch chief and signed on Nov. 23 by Mr. Curtis.

The cybersecurity inspections are part of the NRC's multi-layered "defense-in-depth" program for nuclear plants, Ms. Chandrathil said.

A "range of outcomes" could follow, she said.

"The NRC takes this seriously," Ms. Chandrathil said.

The cybersecurity issues were revealed days after the public release of a 65-page report which outlined five other violations at Davis-Besse, ones which focused on "multiple diesel generator failures" from July, 2019, to June, 2021, as well as a reactor trip "with multiple complicating equipment issues" this past July 8.

The NRC is still assessing the significance of two of those five violations.

Emergency diesel generators are one of the most important safety features of a nuclear plant because they provide backup electricity in the event of a blackout or some other emergency that causes a facility to suddenly lose power.

The federal government requires nuclear plants to have theirs in good working order.

A reactor trip is an industry phrase for an unplanned shutdown, when safety features are automatically or manually activated to immediately shut down the reactor.

NRC online records showed Davis-Besse operating at 100 percent power Monday.

Ms. Chandrathil said it is operating safely.

Energy Harbor, formerly known as FirstEnergy Solutions, filed for Chapter 11 bankruptcy in March, 2018 and emerged in February, 2020. It owns Davis-Besse and Ohio's other nuclear plant, the Perry plant east of Cleveland.

Prior to that, they were owned for years by FirstEnergy Corp, which decided in late 2016 to move away from generating electricity from coal and nuclear power so it could focus on the electrical distribution side of its business.

Davis-Besse is along the western Lake Erie shoreline, about 30 miles east of downtown Toledo.

It is licensed to operate through April 22, 2037.


(c)2021 The Blade (Toledo, Ohio)

Visit The Blade (Toledo, Ohio) at

Distributed by Tribune Content Agency, LLC.

Spell checking: Press the CTRL or COMMAND key then click on the underlined misspelled word.
Bob Meinetz's picture
Bob Meinetz on Dec 2, 2021

Dick, parse this article carefully and nowhere will you find the NRC has referred to the violation as either a "cybersecurity threat", or even a "threat".

Another example of media sensationalism, attempting to re-frame an abundance of caution on the part of NRC as the lack of it on the part of Energy Harbor. No doubt, with roots in the ongoing assault by Marcellus shale interests on Ohio's two nuclear plants.

Just what we need from federal regulators: less diligence. Bottom line: discovery of a violation "that may result in the need for further evaluation to determine significance and therefore the need for additional NRC action." Yawn.

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »