2016-05-19 – NRC – Jocassee Dam – Need-to-Know regarding nuclear safety issues associated with flooding – ML16201A095

2016-05-19-nrc-jocassee-dam-need-to-know-regarding-nuclear-safety-issues-associated-with-flooding-ml16201a095

Leave a Reply

Your email address will not be published. Required fields are marked *

Criscione, Lawrence
From: Criscione, Lawrence
Sent: Thursday, May 19, 2016 7:54 AM
To: Kirkwood, Sara; Holahan, Gary; Clark, Theresa
Cc: [email protected]
Subject: Need-to-Know regarding nuclear safety issues associated with flooding
Sara, et. al.,
Please see the emails below from October 25, 2012 (the first five emails in the trail below).
I believe that flooding information is being handled as “need-to-know” for no other reason than because it is
embarrassing.
It is embarrassing to the NRC that a significant proportion of the older nuclear plants are not adequately
protected from flooding.
It is embarrassing to the USACE that their flooding predictions are often inaccurate.
The public living downstream of dams and vulnerable reactor plants have a right to know the hazard they are
exposed to. It is the commission’s statutory right to allow these reactors to continue to operate despite the
hazards associated with them, but it is not their right to obstruct public awareness of these hazards. Since the
beginning of my involvement in this issue, my primary concern was the lack of openness and transparency
regarding how flooding hazards are handled. My 2012 letters to the Chairmen of the NRC, the E&PW and the
HS&GA were attempts to bring these issues out into the open.
As part of your efforts, I hope your team addresses the abuse of “need-to-know” criteria regarding flooding
issues and how such abuse is impeding scientific and engineering review of the problems.
To my knowledge there is no statutory or regulatory risk limit for nuclear accidents. My understanding is that it
is up to the commission to decide if a license needs to be revoked due to unwarranted public risk. I personally
do not have a problem with that system. My concern is that we are not being open with the public regarding
what the risks are. We should undertake to determine flooding risks as best we can and ensure that the public
are adequately informed. Instead, we are allowing licensees to make unwarranted assumptions in order to
minimize their risks and are keeping our deliberations from the public—and even from our own staff—by
inappropriately marking material pertaining to acts of nature as “Security-Related Information”, by internally
silo-ing records, and by regularly abusing FOIA exemption 7(F).
Larry
Lawrence S. Criscione
573-230-3959
From: Criscione, Lawrence
Sent: Thursday, April 28, 2016 5:39 PM
To: Weber, Michael ; NTEU, Chapter 208
Cc: Hackett, Edwin ; Correia, Richard ; Peters, Sean
; Heard, Robert ; Schwartz, Maria ;
Campbell, Andy ; Bley, Dennis
Subject: Who Determines Need‐To‐Know for OUO?
Mike/Sheryl,
As can be seen from the email trail below, I have been trying to get an answer to the handling of Official Use
Only information for quite some time.
Attached is a letter I received last week from the US Office of Special Counsel (OSC). In the letter it is stated
that the OSC has referred my disclosure regarding the agency’s failure to adequately address flooding from
dam failures to the NRC Chairman for investigation and report. It is not yet known by me whom the Chairman
intends to assign to investigate my concerns.
In anticipation of potentially meeting with the Chairman’s assigned investigator, over lunch today I met with
seven colleagues from RES, NRR and NRO to discuss outstanding flooding concerns. At that meeting I was
informed that certain supervisors in NRO have deemed certain flooding information and studies as sensitive
information subject to strict need-to-know restrictions.
That is, my NRO colleagues told me they had to talk around certain concerns because I—and others present—
were not formally assigned to work on those issues and to know those concerns.
Please note that none of the issues were related to nuclear security. These issue pertained entirely to nuclear
SAFETY issues (e.g. Probabilistic Maximum Precipitation estimates for certain sites, flood inundation levels,
etc.).
Please also see the attached OCWE flyer from Bill Borchardt.
To me, the restrictions placed on the NRO staff directly contradicts the work environment purported by Mr.
Borchardt.
But it is much worse than that.
One of the NRO staff informed me that she might not be able to discuss some of her specific flooding concerns
with the Chairman’s investigator since the issues could only be shared with those with a need-to-know.
Think about that for a minute. The staff of the NRC supports the work of the Commission. The President
appoints the Chairman of the Commission. The President appoints the Special Counsel. The Special Counsel
has directed the Chairman to furnish a report to her within 60 days regarding my flooding concerns so that she
might forward the Chairman’s investigative results on to the President. Yet NRO management has their staff
so rattled and confused regarding “need-to-know” surrounding flooding concerns that a staff member is
concerned that she cannot even discuss those issues with the Chairman’s investigator.
That’s messed up. Waaaaaay messed up.
Today, I also found out that the Advisory Committee on Reactor Safeguards needed to agree to a
Memorandum of Understanding (MOU) prior to being allowed to see certain flooding information.
Think about that for a minute. This is unclassified information. It is not safeguards. None of it has any value in
determining how to breach a dam. These studies were done at the request of the NRC to aid in determining
how dam failures will affect the viability of reactor plants. Yet the Advisory Committee on Reactor Safeguards
cannot automatically see these studies?????
I would appreciate it if I could get a definitive answer from Mike to the following:
1. Are bargaining unit employees allowed to discuss SUNSI (i.e. information that is neither unclassified
nor Safeguards) with any colleague whose opinion they so choose to seek?
2. If not, how is the need-to-know determined? That is, how is an employee to determine which
colleagues cannot know of SUNSI nuclear safety concern?
3. Is there any SUNSI material which NRC employees are prohibited from providing to Congressional
Oversight Committees and/or to staff of the US Office of Special Counsel?
4. If so, who makes that determination?
I recognize PII, allegation material, attorney/client privilege all fall under some definition of SUNSI. But in lieu
of a better term, I am using SUNSI to refer to nuclear safety related information that is, for whatever reason,
not public information. I am not at all confused on the prohibition of sharing PII, allegation material, attorneyclient
privilege, etc. so please restrict your answer to SUNSI that pertains solely to nuclear safety.
Please answer my questions directly. As can be seen below, I have for several years been bounced around
between various NRC offices, web pages, 10 CFR references, and obtuse Management Directive references
that do not address these questions.
This is an issue that gravely affects the Safety Culture of this agency. Imagine an individual with concerns
regarding the flooding evaluation at Oconee being told that he cannot discuss the matter with fellow colleagues
in his branch because they have no “need-to-know”. Imagine the stress of being told by your superiors to sign
off on an evaluation and not being able to discuss your concerns with your trusted peers. These are not
hypotheticals; they have happened and are happening.
I would appreciate it from Sheryl if she would assist me in getting answers to my questions above. This is an
NRC issue not a RES issue (in fact, to my knowledge, there is nothing in RES restricted to a “need-toknow”).
To me, this should be brought up at the ALMPC.
I am not saying there is no guidance. As can be seen from the email trail below, there is plenty of
guidance. It’s just not in a form that can be applied.
I would like the NRC to go on record stating that there are certain SUNSI documents that cannot be supplied to
Congress and the OSC or confirming that there are no prohibitions against providing SUNSI documents to
Congress and the OSC. And I would like the NRC to go on record stating that all employees can view discuss
SUNSI nuclear safety concerns with their peers or confirming that there are certain prohibitions against sharing
SUNSI material with peers not directly assigned to work on those materials.
V/r,
Larry
Lawrence S. Criscione
RES/DRA/HFRB
573-230-3959
From: Criscione, Lawrence
Sent: Tuesday, March 03, 2015 10:41 AM
To: Correia, Richard ; West, Steven ; Peters, Sean

Subject: Management’s Credibility
There has been much discourse on this SUNSI issue both via email and in cubicle and cafeteria
conversations. Much of it is stated less professionally and more cynically than Ed’s email below. Ed’s mention
of a DPO is a sarcastic reference to one of Ron’s responses; no one is going to waste their time attempting to
address any of these items with a DPO.
Just because most of your staff is focused on doing their jobs and do not wish to ruffle anyone’s feathers,
please don’t think that there are only two people (i.e. me and Richard Perkins) complaining about this. This
has been a long-standing complaint amongst certain personnel at NRR long before I was ever hired at the
NRC—my involvement in this issue came as a result of their complaints to me. And there is widespread
dissatisfaction in RES regarding these matters and how our management has avoided addressing them.
There might be a large contingent of managers and staff who resent “open government”, but there is a very
concerned contingent of technical staff who are appalled at what we are not allowed to share with the
public. And they are equally appalled by the lack of professionalism that has gone into resolving this
issue. We expect our leaders to lead and not to politically avoid the difficult questions they are well-paid to
confront. Balancing open government and SUNSI is one such issue.
Ron Gagnon is the supposed SUNSI expert for the agency and it is his determination that many of these
questions are the prerogative of the office. I say we run with that determination. I say that in the absence of
agency ownership of SUNSI, we take ownership of the SUNSI policies for our office. If you would like me to
(and if Sean will allow me time to work on it), I can draft some guidance on how to determine what is SUNSI,
how to apply “need-to-know” and how to conduct “portion-marking”.
I know Brian believes SUNSI is owned by ADM, but ADM—and specifically the SUNSI lead in ADM—believes
that specific SUNSI guidance (vice the broad policies put out by ADM in MD 12.6) is the prerogative of the
individual offices. This makes sense. Understandably ADM does not feel comfortable writing prescriptive
guidance for NRR, RES, etc. We know our work and should be the ones translating the high-level ADM
SUNSI policies into workable prescriptive guidance for our people.
V/r,
Larry
From: ODonnell, Edward
Sent: Monday, March 02, 2015 1:53 PM
To: Orr, Mark; Barr, Jonathan; Criscione, Lawrence
Subject: FW: Need-to-Know requirements for SUNSI
The answers leave one hanging. Perhaps a differing professional opinion should be invoked regarding them.
From: Gagnon, Ronald
Sent: Monday, March 02, 2015 1:49 PM
To: Criscione, Lawrence
Cc: Janney, Margie; Correia, Richard; Sullivan, Randy; Perkins, Richard; Bensi, Michelle; Sancaktar, Selim; Philip, Jacob;
Mitman, Jeffrey; Ferrante, Fernando; Barnes, Valerie; Desaulniers, David; ODonnell, Edward; Kanney, Joseph; Patterson,
Malcolm; King, Mark; Burton, Thomas; Peters, Sean; Cardenas, Daniel
Subject: RE: Need-to-Know requirements for SUNSI
Larry,
Please see my replies adjacent to your questions.
Thank you,
Ron
Ronald E. Gagnon
OIS / PMPD / IPB
United States Nuclear Regulatory Commission
One White Flint North
11545 Rockville Pike, Mail Stop O-6H11
Rockville, MD 20852
Office: 301-415-6873
From: Criscione, Lawrence
Sent: Friday, February 27, 2015 3:23 PM
To: Gagnon, Ronald
Cc: Janney, Margie; Correia, Richard; Sullivan, Randy; Perkins, Richard; Bensi, Michelle; Sancaktar, Selim; Philip, Jacob;
Mitman, Jeffrey; Ferrante, Fernando; Barnes, Valerie; Desaulniers, David; ODonnell, Edward; Kanney, Joseph; Patterson,
Malcolm; King, Mark; Burton, Thomas; Peters, Sean; Cardenas, Daniel
Subject: RE: Need-to-Know requirements for SUNSI
Thanks Ronald. I’ve copied some colleagues on this email so they can see your answer below and so that
they might contact you if they have their own questions about it.
I’ve highlighted two items below that are still unclear (subject matter expert and need-to-know determination):
1.a) Who are the subject matter experts for flooding and dam failures? Check with your office leadership.
1.b) What document designates them as such? Check with your office leadership.
1.c) What guidance do they use to determine what is sensitive and what is not? Check with your office
leadership, (reference internal NRC SUNSI, SGI, Classified guidance).
1.d) If you disagree with their determination, is there an appeal process?
As you probably already know, NRC has a mechanism in place where differing professional
opinions can be discussed and resolved. The NRC Differing Professional Opinions Program,
Management Directive 10.159 states the following objectives: To foster informal discussions
with peers and supervisors on issues involving professional judgments that may differ from a
currently held view or practice, To establish a formal process for expressing differing
professional opinions (DPOs) concerning issues directly related to the mission of NRC, To
ensure the full consideration and prompt disposition of DPOs by affording an independent,
impartial review by knowledgeable personnel, To ensure that all employees have the
opportunity to (a) express DPOs in good faith, (b) have their views heard and considered by
NRC management, and (c) be kept fully informed of the status of milestones throughout the
process, To protect employees from retaliation in any form for expressing a differing opinion, To
recognize submitters of DPOs when their DPOs have resulted in significant contributions to the
mission of the agency, To provide for agency-wide oversight and monitoring, to ensure that
implementation of these procedures accomplishes the stated objectives, and to recommend
appropriate changes when required.
2.a) For SUNSI, do we (i.e. the technical staff) need to obtain our supervisor’s permission prior to sharing
information with a Congressional office? This question is outside the scope of SUNSI. Please check
with your leadership for official NRC policies regarding communications with Congress. The Office of
Congressional Affairs should be able to articulate current policies regarding this question.
2.b) For SUNSI that is related to nuclear safety issues or to agency policies on applying FOIA redactions
(i.e. not PII, allegation material, or other highly specific forms of SUNSI that have nothing to do with
typical NRC correspondence and reports) do we need our supervisor’s permission prior to discussing
the information with our NRC colleagues who are not formally assigned to work on the issue? That is,
can I share nuclear safety information with my NRC co-workers even though that information has been
designated SUNSI and they have not been formally assigned to work on the issue? Please check with
your leadership and the FOIA office (if you have a FOIA redaction question). As you are aware, in
addition to having authorized access to SUNSI information there is a need to know component to
SUNSI. In order to allow access to another party, an authorized holder of SUNSI information must
make a determination that a prospective recipient requires access to specific information to perform or
assist in a lawful and authorized governmental function.
2.c) If I can get to it in ADAMS, can I assume I have a de-facto right to know it? Perhaps, but not
exclusively. For example, if a document has been mistakenly categorized / entered into ADAMS it does
not give an employee the right to view or distribute it without the proper access credentials. If a
government employee came across a classified document on-line through a Google search, that
government employee is not authorized access unless they have the proper clearance and need to
know, even though the document is easily available to anyone searching for it. If not, how do I
determine that I have accessed a document that I have no right to see and to whom do I report it? One
way to report a document spill would be by advising your supervisor and accessing the following link:
http://www.internal.nrc.gov/incident.html (please note that other notifications may be necessary
depending on the type of spill).
R/
Larry
From: Gagnon, Ronald
Sent: Friday, February 27, 2015 2:15 PM
To: Criscione, Lawrence
Cc: Janney, Margie; Correia, Richard
Subject: RE: Need-to-Know requirements for SUNSI
Good afternoon Larry,
It was a pleasure speaking with you this afternoon. During our conversation we explored several topics
including your questions below. We discussed the Controlled Unclassified Program (CUI) and how it would
consolidate the SUNSI and SGI programs at the NRC, and how it would offer a government-wide, uniform way
of handling sensitive unclassified information. Your asked the following SUNSI related questions:
1. If I am referencing a document marked SUNSI, since there are no portion markings how do I determine
what material is SUNSI and what is not? If I reference anything in the document, must my new
document now be marked as SUNSI?
Derivative products should always be marked to ensure that the sensitive information in the document
is fully protected according to agency policy. If the document is not portion marked, then the entire
document is considered SUNSI until such time as a subject matter expert determines
otherwise. Documents that are marked SUNSI and not portion marked can be reviewed by the
originator to determine which portion is sensitive, ie. 2.390 information. A derivative document using
any information from a SUNSI document that is not portion marked must have the referenced portion
marked as SUNSI.
2. How do I determine need-to-know with regard to SUNSI? If I come across an interesting nuclear issue
(e.g. a nuclear site which some colleagues believe is inadequately protected from flooding), can I
discuss that issue with my fellow employees or is there some type of vetting process I must use? That
is, are unclassified and non-Safeguards nuclear safety concerns fair game for discussion with all NRC
colleagues or must information be “silo-ed” into a tightly controlled group of individuals who are officially
assigned to address the issue?
Need-to-know typically means a determination made by an authorized holder of information that a
prospective recipient requires access to specific information to perform or assist in a lawful and
authorized governmental function. This determination would be made by the leadership elements in
the office where the work is performed.
Please let me know if I can be of further assistance.
Thank you for your questions,
Ronald E. Gagnon
OIS / PMPD / IPB
United States Nuclear Regulatory Commission
One White Flint North
11545 Rockville Pike, Mail Stop O-6H11
Rockville, MD 20852
Office: 301-415-6873
From: SUNSI Resource
Sent: Wednesday, February 25, 2015 7:44 AM
To: Gagnon, Ronald; Janney, Margie
Subject: FW: Need-to-Know requirements for SUNSI
——————————————-
From: Criscione, Lawrence
Sent: Wednesday, February 25, 2015 7:44:21 AM
To: SUNSI Resource
Cc: Correia, Richard; Peters, Sean; Perkins, Richard; Bensi, Michelle;
Sancaktar, Selim; Philip, Jacob; Mitman, Jeffrey; Ferrante, Fernando;
Barnes, Valerie; Desaulniers, David; ODonnell, Edward; King, Mark;
Burton, Thomas; Patterson, Malcolm; Kanney, Joseph
Subject: Need-to-Know requirements for SUNSI
Auto forwarded by a Rule
SUNSI Resource:
I have some questions regarding SUNSI which my division director has been attempting to help me get
answered. He provided me the following references but neither of them address the questions I have:
NRC’s SRI guidance: http://www.internal.nrc.gov/sunsi/security.html
FAQs available on the SUNSI website address commonly requested
topics: http://www.internal.nrc.gov/sunsi/faq.html
My questions are:
1. If I am referencing a document marked SUNSI, since there are no portion markings how do I determine
what material is SUNSI and what is not? If I reference anything in the document, must my new
document now be marked as SUNSI?
2. How do I determine need-to-know with regard to SUNSI? If I come across an interesting nuclear issue
(e.g. a nuclear site which some colleagues believe is inadequately protected from flooding), can I
discuss that issue with my fellow employees or is there some type of vetting process I must use? That
is, are unclassified and non-Safeguards nuclear safety concerns fair game for discussion with all NRC
colleagues or must information be “silo-ed” into a tightly controlled group of individuals who are officially
assigned to address the issue?
Also, I have some comments about the “SUNSI Awareness Training” linked to from the SUNSI “Frequently
Asked Questions” website (and attached to this email). On slide 6 a colloquial definition of SUNSI is provided
as:
“Or put another way…If information appeared on the front page of the Washington Post and you cringe
when you see it….It’s probably sensitive”.
I believe that:
 The above definition is deleterious to our goals of openness and transparency
 Unfortunately, your colloquial definition is broadly used within the NRC. That is, it is my experience that
most SUNSI material is marked that way because if it “appeared on the front page of the Washington
Post” it would make us cringe.
I’m not the only NRC employee who has been asking these questions. How we determine SUNSI is a concern
shared by several of my colleagues.
Larry
Lawrence S. Criscione
573-230-3959
From: Correia, Richard
Sent: Wednesday, February 18, 2015 3:48 PM
To: Criscione, Lawrence
Cc: Peters, Sean; Madden, Patrick
Subject: RE: OIG Case 13-001 and OUO-SRI
Larry,
Turns our OIS is the agency lead for SUNSI (that includes OUO SRI). They sent me this link:
http://www.internal.nrc.gov/sunsi/security.html as a source of information. Please take a look at the
information at the link and let me know if it has the information you are seeking.
Regards
Rich
Richard Correia, PE
Director,
Division of Risk Analysis
Office of Nuclear Regulatory Research
US NRC
[email protected]
From: Criscione, Lawrence
Sent: Thursday, February 12, 2015 11:28 AM
To: Correia, Richard
Subject: RE: OIG Case 13-001 and OUO-SRI
Thanks Rich.
Daniel Cardenas referred me to Admin but did not give me the name of a contact.
From: Correia, Richard
Sent: Thursday, February 12, 2015 9:08 AM
To: Criscione, Lawrence
Subject: RE: OIG Case 13-001 and OUO-SRI
Let me make some phone calls Larry
Richard Correia, PE
Director,
Division of Risk Analysis
Office of Nuclear Regulatory Research
US NRC
[email protected]
From: Criscione, Lawrence
Sent: Wednesday, February 11, 2015 1:48 PM
To: Correia, Richard
Subject: OIG Case 13-001 and OUO-SRI
Rich,
Attached is the transcript from your 2012 interview with OIG concerning Case 13-001. It was provided to me
as part of a Privacy Act request and I’m sending it along to you in case you would like a copy.
Please see my email below to Daniel Cardenas. I still have a lack of understanding on OUO-SRI, mostly
stemming from the fact that—unlike SGI and classified information—it (1) is not portion marked, (2) has no
derivative classifiers, and (3) is applied to such broad topics that it has no well-defined need-to-know (e.g. who
has a need-to-know about the Oconee flooding issues? Is it only the narrow set of NRR employees
addressing it? Or is it any concerned NRC employee who might have an opinion that adds to the discussion?).
V/r,
Larry
From: Criscione, Lawrence
Sent: Wednesday, February 11, 2015 1:37 PM
To: Cardenas, Daniel
Subject: OIG Case 13-001
Dan,
Attached is the transcript from your 2012 interview with OIG concerning Case 13-001. It was given to me as
part of a Privacy Act request and I’m sending it along to you in case you would like a copy.
The investigation for Case 13-001 closed on September 11, 2013.
As part of the resolution to the PEER v. NRC lawsuit, the on September 13, 2013 the NRC publicly released
the two documents which were the subject of the NRC Form 183 security incident which was filed against me
on September 20, 2012. Those documents can be found at:
http://pbadupws.nrc.gov/docs/ML1325/ML13256A372.pdf
http://pbadupws.nrc.gov/docs/ML1325/ML13256A370.pdf
The only redactions to those documents are my home address, my cell phone number and my personal email
account. This indicates—to me—that I was not in error when I failed to mark these documents as “Official Use
Only – Security-Related Information”.
Given that OUO-SRI documents are not portion marked, I still have no understanding of:
1. How I am to determine what exactly in those documents is OUO-SRI
2. How—when I am preparing a downstream document which references information found in OUO-SRI
documents—I am to determine the final designation of my document and who the authority is if I have
questions
3. To whom do I appeal if I do not agree with the OUO-SRI designation of a document
4. How to determine who has a “need to know” with regard to OUO-SRI information
R,
Larry
From: Criscione, Lawrence
Sent: Tuesday, June 10, 2014 9:27 AM
To: Correia, Richard; Weber, Michael; Sheron, Brian; Madden, Patrick; Peters, Sean; Sullivan, Randy; Burrows, Sheryl;
ODonnell, Edward
Subject: Who Determines Need-to-Know?
Thanks Rich.
I’d like to clarify though that even if we have a precise definition, a large part of my concern is “Who determines
need-to-know?”
For example, if I am confident that a document marked “Not for Public Disclosure” can go to a congressional
office, can I send it to them or must I first go through OGC and OCA?
Or, if I am confident that an INL contractor has a need to know proprietary information we got from INPO, can I
directly send it to him or do I first need to consult with my supervisor, the NRC owner of the INPO MOU, OGC,
etc.?
From: Correia, Richard
Sent: Tuesday, June 10, 2014 7:02 AM
To: Criscione, Lawrence; Weber, Michael; Sheron, Brian; Madden, Patrick; Peters, Sean; Sullivan, Randy; Burrows,
Sheryl; ODonnell, Edward
Subject: RE: Need Assistance from RES and NTEU
Larry,
I contacted folks in the Information Security Branch of NSIR and they pointed out that “need to know”
is defined in 10CFR73.2 for handling safeguards information. I’m not certain if it would have a similar
definition for SUNSI. I’ll follow up with OGC on whether need to know has a definition for SUNSI.
Rich
Richard Correia, PE
Director,
Division of Risk Analysis
Office of Nuclear Regulatory Research
US NRC
[email protected]
From: Criscione, Lawrence
Sent: Monday, June 02, 2014 5:50 PM
To: Weber, Michael; Sheron, Brian; Correia, Richard; Madden, Patrick; Peters, Sean; Sullivan, Randy; Burrows, Sheryl;
ODonnell, Edward
Subject: Need Assistance from RES and NTEU
Please see my October 25, 2012 email below to Dan Cardenas. I’ve highlighted several questions in that
email which I never received answers to.
On October 25, 2012 I was directed to review our SUNSI guidance and to discuss it with the chief of the
Facilities Security Branch. I reviewed the guidance but had some questions which, 19-months later, I still do
not know the answers to.
I would like the assistance of RES management and the NTEU in obtaining answers from Mr. Cardenas. I
believe I am not the only one at the NRC who is unclear as to what exactly constitutes a “need to know” and
“conducting official government business”. Better clarifying these terms, especially with regard to OIG Case
13-001 which led to a criminal referral to the Department of Justice, is in the interest of the NRC staff.
If you have advice for me as to how to obtain answers from the requisite SUNSI experts, please let me know.
Thank you,
Larry
Lawrence S. Criscione
573-230-3959
From: Criscione, Lawrence
Sent: Monday, June 02, 2014 5:35 PM
To: Cardenas, Daniel; Ross-Lee, MaryJane
Cc: Beasley, Benjamin; Peters, Sean; Correia, Richard; Sullivan, Randy; NTEU, Chapter 208; Burrows, Sheryl
Subject: FW: Questions
Dan,
Attached to this email is a document entitled “Exhibit 3 to OIG Case 13-001” which I received today in
response to FOIA 2014-0236. The memo is undated. Could either you or MaryJane please tell me the date on
which MaryJane sent this memo to Rich Correia? Was it before or after our correspondence in the email trail
below?
On February 4, 2013 agents of the NRC’s Inspector General approached the Assistant US Attorney’s office in
Springfield, IL and requested of them that I be indicted on federal felony charges (18 USC §1030) for obtaining
supposed security-sensitive information from a government database (i.e. NRC internal ADAMS) and
supposedly colluding to distribute that information to the public (e.g. via a Congressional hearing). The
information of concern was my September 18, 2012 letter to the NRC Chairman, the email distributing it, and
the nine reference documents. These are the same documents of concern in our email trail below.
In an October 25, 2012 email (included immediately below) I asked you a series of questions regarding MD
12.6, various guidance you directed me to review (found at http://www.internal.nrc.gov/sunsi/), and an
explanation of what exactly constitute “need to know” and “conducting official government business”. I have
highlighted those questions in the email below. The documents attached to this email refer to some of those
questions.
I never received any answers to the questions I posed to you 19 months ago in the email below. And after
being the subject of an OIG criminal investigation for the distribution of supposed security related documents to
individuals without a supposed “need to know”, I still do not know the answers to the questions I pose
below. OIG Case 13-001 has been closed for over 9 months. Please provide me answers to my questions
below as I am still uncertain what exactly I can and cannot share with our Congressional overseers and the
precise channels I am required to follow.
I look forward to your answers.
Thank you,
Larry
Lawrence S. Criscione
573-230-3959
From: Criscione, Lawrence
Sent: Thursday, October 25, 2012 9:37 PM
To: Cardenas, Daniel
Cc: Beasley, Benjamin; Coe, Doug; Ross-Lee, MaryJane; Pretzello, Andrew; Skidmore, Karen; ODonnell, Edward; Sullivan,
Randy
Subject: Questions
Dan,
I have some questions regarding the guidance on the OIS SUNSI website and MD 12.6.
#1) In the attached document “2005‐10‐26 guidance.pdf” I’ve highlighted a sentence stating that portion markings are
not required. However, in the document “2010‐04‐27 guidance.pdf” I’ve highlighted where it states:
When is portion or page marking required? On documents that may be released following redaction of sensitive
information. If an entire page is not sensitive, place marking adjacent to the sensitive information.
I am a big believer in portion markings. It frustrates me to no end that none of the 2008‐2012 OUO correspondence
between the NRC and Duke Energy regarding Jocassee Dam is portion marked. This correspondence clearly meets the
instructions above for requiring that the documents be portion marked. That is, the overwhelming majority of the
pages in the NRC/Duke correspondence have portions that are not sensitive and this NRC correspondence with a
licensee concerning a serious safety concern should certainly be released following redaction of sensitive
information. Yet there are no portion markings. Which guidance is correct: the 2005‐10‐26 or the 2010‐04‐27
guidance? Should NRR’s correspondence with Duke Energy from May 2010 through the present have been portion
marked?
#2) On page 2 of the attached “NRC Policy for Handling Marking and Protection SUNSI.pdf” I have highlighted a
paragraph on “Need‐To‐Know Access”. This paragraph contains the words:
“…no person, including employees of the U.S. Government, NRC, ……. may have access to SUNSI unless that
person has an established need‐to‐know the information for conducting official business.”
I am unclear what exactly constitutes “an established need‐to‐know the information for conducting official
business.” Some of my co‐workers (particularly Richard Perkins, but many others as well) expressed concern to me that
flooding issues at Oconee Nuclear Station and Fort Calhoun were not being adequately addressed. Although it is my job
(and the job of all NRC employees) to take allegations from licensees, I do not believe it is my job (i.e. “conducting
official business”) to take allegations from my fellow NRC co‐workers. Nonetheless, I reviewed some of the source
documents regarding Jocassee Dam because I was concerned with the opinions I was hearing expressed from my coworkers.
It was not my job to review these documents. Most of the review of these documents occurred after normal
working hours, including times when – although allowed to be in the office or on Citrix – I am not allowed to formally
work (i.e. beyond 8 pm, Sundays, while using annual leave/credit hours). Since I was reviewing this information on my
own time and not “for conducting official business”, was I violating the “Need‐to‐Know”.
Although I have only shared SUNSI with “employees of the U.S. Government”, I am not certain all of them had “an
established need‐to‐know the information for conducting official business”:
 Does a staffer on the Senate Committee on Homeland Security & Governmental Affairs have “an established
need‐to‐know the information for conducting official business”? If he does, must I send him through the Office
of Congressional Affairs? Am I violating “Need‐to‐Know” by directly sending him references he requested?
 Does the intern for Representative Duncan of South Carolina’s 3rd congressional district have “an established
need‐to‐know the information for conducting official business” when she is not investigating any matter for a
congressional oversight committee and I am merely copying her as a courtesy to keep her representative
abreast of a concern regarding a nuclear plant in his district?
 Does the Office of the Special Counsel have “an established need‐to‐know the information for conducting official
business” when the information is not being formally submitted with an OSC Form 12?
 Does the Downstate Director (i.e. Springfield, IL office chief) of Senator Durbin have “an established need‐toknow
the information for conducting official business” when I am merely meeting with him to get his advice as
to whether or not my senator would be willing to write the NRC Chairman regarding the NRC’s SUNSI policies?
#3) Assuming that the US Special Counsel or a congressional staffer has “an established need‐to‐know”, I am uncertain
as to what is required by the “Access” requirements on page 5 of Part II of MD 12.6. Prior to sharing SUNSI with the US
Special Counsel or congressional staffers, before providing the information must I first consult the three parties listed in
MD 12.6:
 NRC office originating the information
 Office that has primary interest in the information
 Source from which the information was derived
#4) If I am writing a letter regarding how the Office of Nuclear Reactor Regulation is inappropriately stamping safetyrelated
correspondence as “Security‐Related Information”, and if I am sending that letter to the US NRC Chairman and
copying it to concerned congressional offices, and if I do not believe that marking the letter is essential to ensure proper
handling and to ensure all persons having access to the letter will be aware that it (1) must not be publicly released and
(2) must be distributed only to those who have a need‐to‐know to conduct official business, then am I in violation of MD
12.6 because I did not stamp the letter “Official Use Only – Security‐Related Information”?
I was asked by a congressional staffer last month whether I believed the “Security‐Related Information” stamps were
hindering the open discussion of the Jocassee Dam/Oconee issue amongst the NRC staff. His concern was based on the
fact that some of NRR’s Jocassee Dam correspondence contain the stamp “Limited Internal Distribution Permitted”. My
answer to him was that, although I believed these stamps were inappropriately keeping a serious safety concern from
public scrutiny, these markings were not in any way hindering the professional internal discussion of concerns regarding
Jocassee Dam. Based on what I have read in MD 12.6 tonight, I do not know if I still agree with that answer. When
possible, I would like to meet with you regarding the four questions above. Also, I have had people within the NRC
request to see my 2012‐09‐18 letter to the chairman but I have been unwilling to share it with anyone since being told I
was violating SUNSI guidance by not properly stamping it OUO – SRI. I would like to review that letter with you and get
your assessment as to how it should be stamped.
R,
Larry
From: Criscione, Lawrence
Sent: Thursday, October 25, 2012 5:50 PM
To: Cardenas, Daniel
Subject: RE: Information Release
The version of MD 12.6 that is linked to in the SUNSI website is from December 20, 1999. Is this the version I am
supposed to review or is there a more current revision?
From: Cardenas, Daniel
Sent: Thursday, October 25, 2012 5:39 PM
To: Criscione, Lawrence
Cc: Beasley, Benjamin; Coe, Doug; Ross-Lee, MaryJane; Pretzello, Andrew; Skidmore, Karen; ODonnell, Edward; Sullivan,
Randy
Subject: Re: Information Release
Larry-
If you have read and understand the SUNSI guidance, then a meeting may not be necessary. I will contact you if a
meeting is necessary. In regards to transmission of SUNSI outside the NRC, please contact your supervisor as identified
in MD 12.6 and follow applicable guidance located on the OIS SUNSI website.
Regards.
Dan
~ Sent from an NRC Blackberry ~
Daniel Cardenas, Chief
Facilities Security Branch
Division of Facilities and Security
Office of Administration
U. S. Nuclear Regulatory Commission
Office Email: [email protected]
Office Number: (301) 415-6184
Cell Number: (240) 393-7498
Fax Number: (301) 415-5132
From: Criscione, Lawrence
To: Cardenas, Daniel
Cc: Beasley, Benjamin; Coe, Doug; Ross-Lee, MaryJane; Pretzello, Andrew; Skidmore, Karen; ODonnell, Edward; Sullivan,
Randy
Sent: Thu Oct 25 17:31:31 2012
Subject: RE: Information Release
Daniel,
My Outlook calendar is up to date through the end of the year. I should be able to review MD 12.6 and the other
guidance by tomorrow morning.
The only personnel outside the NRC to whom I have provided “Official Use Only – Security Related Information” are
either with the Office of the Special Counsel, staffers of US Senators or staffers of members of the US House of
Representatives. I will not release any additional information to the Office of the Special Counsel or to members of the
US Congress until I have met with you.
Please send me a copy of the NRC Form 183 mentioned below so that I may review it prior to our meeting.
Is my union steward allowed to accompany me to the meeting?
V/r,
Larry Criscione
573‐230‐3959
From: Cardenas, Daniel
Sent: Thursday, October 25, 2012 5:01 PM
To: Criscione, Lawrence
Cc: Beasley, Benjamin; Coe, Doug; Ross-Lee, MaryJane; Pretzello, Andrew; Skidmore, Karen
Subject: Information Release
Importance: High
Mr. Criscione‐
I have received a NRC Form 183 “Report of Security Incident” indicating that you have released information (Official Use
Only – Security Related Information, etc) to personnel outside of the NRC. This release of information must “stop”
immediately. The guidance for handling Sensitive Unclassified non‐Safeguards Information (SUNSI) is identified in MD
12.6 and on the OIS webpage. Please see the following link, which provides detailed information on the handling of this
type of information.
http://www.internal.nrc.gov/sunsi/
If you have released any other information, you must cease these activities, and report the releases to the Director,
Division of Facilities and Security.
Please schedule a time to discuss this matter with me.
Regards.
Daniel Cardenas
Chief, Facilities Security Branch
Division of Facilities and Security, Office of Administration
Location: T6-E31
Office Email: [email protected]
Office Number: (301) 415-6184
NRC Blackberry: (240) 393-7498
NRC Fax: (301) 415-5132