skip to main content









Donation Heart Ribbon

Feds Inspect San Onofre’s Cyber Security Training Amid Years of Employee Complaints

Evening Edition

KPBS reporter Amita Sharma talks about her investigation into whether San Onofre's cyber security training is up to date.

Aired 3/1/13 on KPBS News.

Federal regulators began inspection of San Onofre nuclear plant’s cyber security program this week. The inspection is routine and is being done at all of the nation's 65 nuclear plants. But the check at San Onofre comes several months after an employee alerted plant majority owner Southern California Edison that many at the facility had fallen behind on cyber security training. Senior managers were also included on the list.

Just before sunrise on April 18 of last year, a San Onofre worker sent an anonymous message to the nuclear plant’s majority owner Southern California Edison. The worker said more than half of San Onofre’s employees were not up to date or had not completed the plant’s cyber security training. The training is designed to teach workers how to protect against cyber threats from hackers and hostile foreign governments.

The worker called the lapse “embarrassing.” He asked, “How can a required training, to access the protected area, not be taken by individuals for years, in multiple (virtually all) station organizations, at all levels of the organizational structure from individual contributors to directors? I know if I were auditing SONGS, this would be a major issue ….”

Getty Images

The San Onofre Nuclear Generating Station is seen from the beach along San Onofre State Beach on March 15, 2012 south of San Clemente, California.

The anonymous warning prompted a San Onofre manager to take a closer look, according to documents leaked to KPBS. The manager found that the company’s cyber security training was overdue for 1,200 workers. He also discovered 15 senior managers, including Edison’s Chief Nuclear Officer Peter Dietrich and the staffer responsible for cyber security training -- Doug Bauder --were not up to date on the company’s training program, according to the documents. The manager wrote that four members of the nuclear plant’s emergency response organization were lagging in the training as well.

The manager concluded the training gap could make San Onofre more susceptible to cyber security breaches. It's not clear how large a risk because both Edison and federal regulators would not respond to specific concerns raised by insiders.

But cyber attacks can wreak havoc on a nuclear plant.

A plant like San Onofre contains about 1,000 times the long-life radioactivity of the Hiroshima bomb, according to UC Santa Cruz nuclear policy lecturer Daniel Hirsch. To keep the radioactivity inside the reactor, the fuel has to be cooled constantly by a computerized system of valves and pumps.

“A cyber attack on a nuclear facility can send spurious signals, opening valves that should be closed, dumping water that should remain and can potentially cause a meltdown that could result in many tens of thousands of cancers,” Hirsch said.

Cyber threats at nuclear plants are not just hypothetical. President Obama calls the cyber threat one of the most serious economic and national security challenges the nation faces.

“Our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air traffic control systems,” President Obama said.

And U.S. intelligence officials have reportedly carried out cyber attacks against Iran’s nuclear enrichment facilities.

The Nuclear Regulatory Commission ordered cyber security training at U.S. nuclear plants as an upgrade after 9/11. But spokeswoman Lara Uselding refused to answer questions specifically about the concerns raised at San Onofre. The NRC began inspection this week of San Onofre's cyber security training, a check it called "routine."

Edison spokeswoman Jennifer Manfre called the allegation that workers were out of compliance “categorically false.” She said the plant’s personnel are in compliance with a set of cyber security guidelines that are put out by the Nuclear Energy Institute, a trade group and lobbying arm of the nuclear industry.

Manfre said San Onofre did have a “site-specific training requirement” but that Edison later concluded it was unnecessary.

“It was determined that the training was redundant. As a good solid business practice, it was removed,” she said.

She acknowledged that determination came only after San Onofre employees sent warnings that workers and management were out of compliance with the site specific training in April and May of last year.

Site-specific training refers to instruction that's tailored for employees at a certain nuclear power plant. Manfre's view that site specific training is unnecessary for San Onofre, in light of Edison's general training program, appears to conflict with statements from the NRC.

In a second request for comment to the NRC this week, spokesman Victor Dricks said nuclear plants must develop a "site-specific" cyber security plan with an implementation date. He said the full implementation date for San Onofre is the end of 2015.

Cyber security training has been an issue for some time at San Onofre.

According to inside documents, there were warnings dating back to 2008 of a “lack of cyber security awareness and compliance” with the San Onofre program.

The following year, San Onofre started to identify who should receive cyber security training, the documents said. In 2010, it was decided that all workers with access to San Onofre should undergo the training. But in 2011, according to internal records, there was again confusion over which workers should receive the training.

It was against this backdrop that in 2012 a manager found nearly half of the nuclear plant’s work force had fallen behind on the facility's cyber security instruction.

Given that history, nuclear policy lecturer Hirsch said Edison’s explanation that San Onofre’s cyber security program was unnecessary is inadequate.

“Edison decided this training was necessary,” said Hirsch, who also heads the Committee to Bridge the Gap, a non-profit organization focusing on nuclear safety and disarmament.
 “Edison failed to do the required training and when that was pointed out, rather than produce compliance, it simply decided to change the rules. If the program was redundant, that is something they should have known long ago but for four years they had it in place and required compliance and failed to comply.”

Compliance has been an issue for San Onofre in another area. Last year, KPBS reported that San Onofre had violated fire safety rules 250 times from 2009 through 2012 despite warnings from federal regulators. And the NRC received more safety complaints from San Onofre workers than from any other nuclear plant in the country from 2007 through 2011. The plant has the highest number of safety complaints so far this year.

San Onofre was closed last year after a tube inside a steam generator leaked radioactivity. The company wants to restart the facility at a lower capacity.

Scott Portzline of Three Mile Island Alert – a nonprofit citizens group that favors alternatives to nuclear power -- said cyber security is just as important as physical security at the plant.

“Cyber security represents thousands of ways into the plant and if any one of those ways is left unguarded, it could represent handing the keys to the kingdom over to the wrong people,” Portzline said.

To view PDF documents, Download Acrobat Reader.


Avatar for user 'BilllHawkins'

BilllHawkins | February 27, 2013 at 10:41 a.m. ― 4 years ago

This is not only an excellent and true story by the very reporter, but reflects actual way of every day life at SONGS. Fire/Safety Violations, Design Procedures Violations (SONGS Steam Generator Problems), Retaliation of Plant Workers for reporting safety concerns is a routine operation. SONGS Managers are putting too much pressures on workers to produce for their bonuses instead of giving the workers time to do the job right first time. That is why SONGS is an INPO 4 Plant and Worst Safety Record, Which is ignored by SCE and NRC. Due to SONGS SG Degradation, SONGS should be in NRC Column V not Column 1, which reflect that things are normal at SONGS. Who would believe that? Any how back on the Cyber Security Story..

1000 employees and/or contractors were found out of compliance with a SONGS Site Cyber Security Initial Awareness Training Procedure. When this happens, it represents a significant breakdown of SONGS Quality Assurance Program and reflects NEGATIVE Management Behavior. One of the SONGS Senior Management Team Leaders thwarted the initial and renewed attempts of the one former SONGS employee to inform these leaders of the training deficiency via a Nuclear Notification. This Senior Management Team Leader was afraid or embarrassed of giving permission for a notification to be published informing SONGS Workers of the Leaders Training Deficiency, which was previously repeated in another Anonymous Notification earlier. This Senior Management Team Leader was afraid to tell the Cyber Security Program Manager, who is also a Site Vice-President and Site Manager to fix the problem immediately, which they should have been done anyhow. Despite retaliation and warnings by this Senior Management Team Leader, the former SONGS employee wrote another Notification anyhow to inform the SONGS Leaders and fixed the deficiency by working with the Executive Management Training coordinator.

“You cannot borrow from Peter to Pay Paul.” When this SONGS Employee questioned Edison Management about SONGS “Cyber Security Initial Awareness Training violations by the these Senior Management team Leaders”, Edison Management responded reluctantly, “These leaders have taken the Edison International (EIX) Corporate Cyber Security Initial Awareness Training instead of the SONGS Training.” But these Leaders work at SONGS not at EIX Headquarters in Rosemead. The question is, “Is It is OK for Senior SONGS Leaders with Six Weeks of Super Expensive Leadership Academy Training to Violate a SONGS Procedure. This does not fit the Model Behaviors and Expectations of the SONGS Leaders specified in the SONGS Excellence Book, which is signed by the SONGS SVP/CNO Pete Dietrich.” Off course, if EIX Training is much better than SONGS Training, then why not discontinue one and replace it with the other? We believe that if asked, the NRC, NEI and INPO will all say, “NO, It is NOT OK for SONGS Leaders to Violate Any SONGS Procedures.”

( | suggest removal )

Avatar for user 'CaptD'

CaptD | February 27, 2013 at 11:05 a.m. ― 4 years ago

This highlights why people are right to be worried about San Onofre.

1. The NRC has rules designed to protect US reactors and here we learn that employees, including TOP employees, just don't feel they need to comply with them!

2. When the above problem is identified, rather than demand CHANGE, the NRC basically looks the other way and does not FINE Edison for their failure!

3. Yet another issue is what happened to the employees that bring up these "problems," instead of them receiving safety awards from the NRC, they get in hot water and have problems from their Supervisors or worse!

( | suggest removal )

Avatar for user 'CaptD'

CaptD | February 27, 2013 at 11:10 a.m. ― 4 years ago

Cyber issues have been identified as important enough to put many practices in place to protect our reactors from "attack," yet employees obviously think they know better because they don't comply with these SAFETY REGULATIONS.


( | suggest removal )

Avatar for user 'CaptD'

CaptD | February 27, 2013 at 11:20 a.m. ― 4 years ago

The 2 important questions now are:

1. What is the NRC going to do about enforcing their own required Cyber Security at San Onofre?

2. Will they actually investigate the "issues" mentioned in the above article? If proved factual, then Edison's statement that "Edison spokeswoman Jennifer Manfre called the allegation that workers were out of compliance “categorically false.” is itself not factual!

( | suggest removal )

Avatar for user 'Myla_Reson'

Myla_Reson | February 27, 2013 at 8:40 p.m. ― 4 years ago

On February 19, 2012 we learned via cnet news that PG&E's Diablo Canyon nuclear plant to our North "was at least partly under the control of hackers" and that the intruders were trying to identify the operations, organizations, and security of U.S. nuclear power-generation facilities." See "China's cyberwar: Intrusions are the new normal" by Declan McCullagh.
Now we learn - thanks to Amita Sharma excellent reporting that Edison is complacent about a very real vulnerabilty at its damaged nuclear power plant.
This is yet more evidence that Edison's license should be revoked - and that their hazardous nuclear facility be demcommissioned before it's too late.

( | suggest removal )

Avatar for user 'SDCountyFF_PM'

SDCountyFF_PM | February 27, 2013 at 8:58 p.m. ― 4 years ago

Of course this would all be a moot point if we just keep the plant shut down, start the decommissioning process (bad/expensive enough!) and help the few brave politicians pushing for Community Choice Aggregation (CCA) to create a MUCH greener utility to compete with the utilities' monopolies. See for more info on CCA. Still waiting . . . .

( | suggest removal )

Avatar for user 'WhatsItAllAbout'

WhatsItAllAbout | February 27, 2013 at 9:18 p.m. ― 4 years ago

We don't know what is going on with the FBI investigation.
We don't know what is in the Mitsubishi Heavy Industries Report.
We don't know what other documents and reports about the RSG's are being withheld.

We know that Edison likes to spend our ratepayer money recklessly,
$54 Million a month for over a year and they want even more of our $$$.
We know the Chinese have been able to hack into our electric grid and more.
We know that Edison thinks that 70 = 100.
We know that Edison wants us, and the NRC,
to look the other way while they experiment with the damaged RSG in Unit 2.
We know there is no credible, safe evacuation plan.
We know there have been any blackouts with San Onofre Down.
So why this insane risk of our safety and health and why this out of control rip off of ratepayer money?

( | suggest removal )

Avatar for user 'SCGreen'

SCGreen | February 28, 2013 at 5:44 a.m. ― 4 years ago

The FBI case going on at San Onofre is a big deal. If they have not caught the person who sabotaged the safety back up system by now, they probably never will. They may still be right there under their noses trying to find other ways to do harm, if they haven't already. Do they also have access to this cyber-vulnerability? It seems easy enough.

( | suggest removal )

Avatar for user 'WhatsItAllAbout'

WhatsItAllAbout | February 28, 2013 at 8:48 a.m. ― 4 years ago

Correction on the above comment:
We know there have been any blackouts with San Onofre Down.
Should be:
We know there have NOT been any blackouts with San Onofre Down.

( | suggest removal )

Avatar for user 'CaptD'

CaptD | February 28, 2013 at 9:16 a.m. ― 4 years ago

Senator Boxer to NRC: ‘Careful’ before restarting San Onofre
Boxer says documents from a whistle blower show SoCal Edison was trying to avoid having to reapply for a permit and was “aware” the repairs made to the plant aren’t the ones that should have been done.

( | suggest removal )

Avatar for user 'wheezewinnin'

wheezewinnin | February 28, 2013 at 9:21 a.m. ― 4 years ago

The San Onofre Nuclear Generating Station is by far the lowest rated nuclear plant for safety of the operating nuclear power stations in the United States of America.
The comment by an SCE spokesperson of a "routine" inspection of cyber security belies the cozy relationship of keywords that is allowed and promoted between the nuclear power industry and the Nuclear Regulatory Commission and other groups commissioned to protect the citizen and consumer from corporate fraud and industry danger.

Nowhere else in regulatory compliance is an industry allowed to use standard terminology as "routine" and "normal" along with "safe operating conditions" and "no public danger" for conditions revealed to exist often and repeatedly that will otherwise destroy trillions of dollars in assets and more than 8 million lives if they had not been revealed by an alarm in working condition or an employee whistleblower of such courage and caliber to risk the infamous wrath of Southern California Edison and the nuclear village in American corporate utility management.

With a management so severe in the persecution of responsible employee notification of safety and maintenance violations, less-than 3 years ago the Nuclear Regulatory Commission made note of and charged SCE with a letter of demand to correct a "work environment of chilling effect".
That term is another example of the word-play of the NRC used in correspondence to nuclear utility companies to identify management policies that routinely retaliate, persecute and ruin lives of responsible American workers who make their unsafe industry glance in the mirror of public awareness.

The Japanese Parliamentary Inquiry into the cause of the multiple nuclear disasters at Fukushima determined that it was not an act of nature, but a man-made disaster, manufactured by the consistent communication of false statements and misinformation to the public by a collusion between management, regulatory commission and the government acting in a similar manner to the ongoing charades being played out at SONGS.

The need for clearing the air by public investigation is indeed urgent and necessary.
When Southern California Edison spokespersons claim "routine" in any matter, it is time to uncover hidden truths behind the "refusal to comment" that accompanies their "routine" statements.

Due to the wordplay of the nuclear village, Americans continue to bask in a false comfort of regulatory agency and governmental cozy relationships with nuclear utility operators.

It is entirely unfortunate that the American public cannot see the similarities of the causes at Fukushima and the events ongoing at SONGS that will, in short geologic time, render our own man-made CaliFukushima nuclear event.

That will certainly prompt a creation of new word-play in the responsible parties.

( | suggest removal )

Avatar for user 'Alexn22'

Alexn22 | February 28, 2013 at 12:50 p.m. ― 4 years ago

Edison is proving time and time again that they are unfit to operate a nuclear reactor.

Cyber security is no longer an issue that pertains to our personal computers and bank accounts, it has become a matter of national security. With today's technology, a catastrophic meltdown can be started by a computer signal thousands of miles away. Allowing 1,200 employees to skirt the cyber security requirements set forth by the Nuclear Regulatory Commission indicates how low of a priority security (or public safety) is at Edison.

Cyber attacks are increasing not only in frequency, but in potency. If the issue of cyber security was raised to Edison in 2008, then the lack of any proper steps to correct the problem in the last 4-5 years is very troubling.

What other security and safety protocols are Edison ignoring? Can we be sure that as residents of Southern California, our safety is a priority for Edison?

( | suggest removal )

Avatar for user 'WhatsItAllAbout'

WhatsItAllAbout | February 28, 2013 at 1:01 p.m. ― 4 years ago

Read these quotes for yourself:

“The plant’s largest components — steam generators — are just two years old and represent the safest, most efficient 21st century machinery.”
(Story has been removed from - Source: MarketWatch)
SONGS Chief Nuclear Officer Pete Dietrich Jan 10 2012.
The installation is “a major milestone in the station’s history,” said Ross Ridenoure, Southern California Edison senior vice president and chief nuclear officer. “We’re committed to making sure it’s done right.”
January 28th, 2009
Edison President John R. Fielder said new steam generators are cheaper for ratepayers than building new power plants or buying power on the open market.
.... read the last line of that article
"SDG&E executives say they have no confidence in Edison's cost estimates and contend the company's plan to cut holes in reactor containment buildings to remove the old steam generators would compromise the safety of those structures."
The new steam generators are designed to last longer, said Mike Wharton, manager of the steam-generator replacement project.
“They are designed for 40 years,” he said. “We expect we’ll actually be able to get 60 years out of them … better materials, better design. You learn over the course of years what works well and what doesn’t, and you try to build it into the next generation.”

H/T Enformable

( | suggest removal )

Avatar for user 'BilllHawkins'

BilllHawkins | March 7, 2013 at 8:54 p.m. ― 4 years ago

PROBLEM STATEMENT: Based on review of power data supplied by Southern California Edison for Unit 3 during January 2012, one concludes that SONGS most likely exceeded Unit 3 Reactor Thermal Power allowed Upper NRC Limit of 3478 MWt (Includes Reactor Coolant Pumps contribution of 20 MWt ±0.58% allowed NRC Crossflow UFM instrument Error) ~ 23 times out of 31. NRC needs to review Unit 3 Operational data for 2011 to determine if it was a procedural problem of calibrating the Crossflow UFM instrument system, and if so, why it was not detected and corrected by SCE.

Background: Maximum Power Level Southern California Edison Company (SCE) is authorized to operate the facility at reactor core power levels not in excess of full power (3438 megawatts thermal). Based on its review of the information provided by the SCE regarding the Crossflow UFM system measurement uncertainty and plant power calorimetric measurement uncertainty, the NRC staff finds that the SONGS Units 2 and 3 thermal power measurement uncertainty using the Crossflow UFM is limited to ±0.58 percent of reactor thermal power and can support the proposed increase in licensed reactor power.

( | suggest removal )