DCL-19-008, License Amendment Request 19-01, Proposed Changes to the Intake Structure Physical Security Classification

From kanterella
Jump to navigation Jump to search

License Amendment Request 19-01, Proposed Changes to the Intake Structure Physical Security Classification
ML19045A698
Person / Time
Site: Diablo Canyon  Pacific Gas & Electric icon.png
Issue date: 02/14/2019
From: Welsch J
Pacific Gas & Electric Co
To:
Document Control Desk, Office of Nuclear Reactor Regulation
References
DCL-19-008, LAR 19-01
Download: ML19045A698 (43)
v  d  e


Text

Pacific Gas and Electric Company" James M. Welsch Diablo Canyon Power Plant Vice President P.O. Box 56 Nuclear Generation and Avila Beach, CA 93424 Chief Nuclear Officer 805.545.3242 E-Mail: James.Welsch@pge.com February 14, 2019 PG&E Letter DCL-19-008 U.S. Nuclear Regulatory Commission 10 CFR 50.90 ATTN: Document Control Desk Washington, D.C. 20555-0001 Diablo Canyon Units 1 and 2 Docket No. 50-275, OL-DPR-80 Docket No. 50-323, OL-DPR-82 License Amendment Request 19-01 Proposed Changes to the Intake Structure Physical Security Classification

Dear Commissioners and Staff:

Pursuant to 10 CFR 50.90, Pacific Gas and Electric Company (PG&E) hereby requests approval of the enclosed proposed amendment to Facility Operating License Nos. DPR-80 and DPR-82 for Units 1 and 2 of the Diablo Canyon Power Plant (DCPP), respectively. The enclosed license amendment request (LAR) proposes to revise the intake structure physical security classification in the DCPP Security Plan and Emergency Plan. PG&E met with the NRG Staff in November 2018 to discuss PG&E's intent to submit this LAR.

The changes in this LAR are not required to address an immediate safety concern.

PG&E requests approval of this LAR by no later than February 2020. PG&E requests that the license amendments be made effective upon NRG issuance, and to be implemented within 365 days from the NRG approval of the license amendments to allow for program changes, training, and modifications.

The Enclosure contains the evaluation of the proposed change with the following attachments:

  • Attachment 3: Proposed FSAR Update Sections (Markup)
  • Attachment 4: Diablo Canyon Power Plant Site - Aerial View
  • Attachment 5: Emergency Action Levels Applicable to the Intake Structure Impacted by Proposed Changes It has been determined that this amendment request does not involve a significant hazard consideration as determined per 10 CFR 50.92, "Issuance of amendment."

A member of the STARS Alliance Callaway

  • Diablo Canyon
  • Palo Verde
  • Wolf Creek

Document Control Desk PG&E Letter DCL-19-008 February 14, 2019 Page2 Pursuant to 10 CFR 51.22, "Criterion for categorical exclusion; identification of licensing and regulatory actions eligible for categorical exclusion or otherwise not requiring environmental review," Section (b), no environmental impact statement or environmental assessment need to be prepared in connection with the issuance of this amendment.

In accordance with site administrative procedures and the Quality Assurance Program, the proposed amendment has been reviewed by the Plant Staff Review Committee.

PG&E makes no new or revised regulatory commitments (as defined by NEI 99-04) in this letter.

Pursuant to 10 CFR 50.91, "Notice for public comment; State consultation," PG&E is sending a copy of this LAR to the California Department of Public Health.

If you have any questions or require additional information, please contact Mr. Hossein Hamzehee at 805-545-4720.

I state under penalty of perjury that the foregoing is true and correct.

Executed on February 14, 2019.

Sincerely,

~#-~

James M. Welsch Vice President, Nuclear Generation and Chief Nuclear Officer mjrm/4557/SAPN 51014860 Enclosure cc: Diablo Distribution cc/enc: L. John Klos, NRC Project Manager Scott Morris, NRC Region IV Administrator Chris W. Newport, NRC Senior Resident Inspector Gonzalo L. Perez, Branch Chief, California Department of Public Health Balwant K. Singal, NRC Senior Project Manager A member of the STARS Alliance Callaway

  • Diablo Canyon
  • Palo Verde
  • Wolf Creek

Enclosure PG&E Letter DCL-19-008 Evaluation of Proposed Change License Amendment Request 19-01 Proposed Changes to the Intake Structure Physical Security Classification

1.

SUMMARY

DESCRIPTION

2. DETAILED DESCRIPTION 2.1 Proposed Security Program Changes 2.2 Proposed Emergency Plan Changes 2.3 Proposed Updated Final Safety Analysis Report Changes 2A Reason for the Proposed Changes 2.5 Background
3. TECHNICAL EVALUATION 3.1 Technical - Nuclear Safety 3.2 Technical Basis - Security 3.3 Technical Basis - Emergency Plan 3.4 Impact and Compliance with Operating Licenses, Technical Specifications, Safety System Requirements
4. REGULATORY EVALUATION 4.1 Applicable Regulatory Requirements/Criteria 4.2 Precedent 4.3 No Significant Hazards Consideration Determination 4.4 Conclusions
5. ENVIRONMENTAL CONSIDERATION
6. REFERENCES ATTACHMENTS:
1. Proposed Emergency Plan Section 1 (Markup)
2. Proposed Emergency Plan Section 1 (Retyped)
3. Proposed FSAR Update Sections (Markup)
4. Diablo Canyon Power Plant Site - Aerial View
5. Emergency Action Levels Applicable to the Intake Structure Impacted by Proposed Changes 1

Enclosure PG&E Letter DCL-19-008

1.

SUMMARY

DESCRIPTION Pacific Gas & Electric Company (PG&E) proposes revisions to the Diablo Canyon Power Plant (DCPP), Units 1 and 2, Emergency Plan (E-Plan) and Security Plan.

PG&E believes the proposed change neither constitutes a reduction in effectiveness of the Security Plan, nor a reduction in effectiveness of the E-Plan. PG&E is requesting NRC review and approval of the proposed change in accordance with 10 CFR 50.90 due to the complexity of the change, absence of industry precedent reviewed by the NRC, and lack of examples of similar changes in regulatory guidance that involve re-classification of vital areas (VAs).

NRC review and approval are requested for the following:

  • the basis for excluding the auxiliary saltwater (ASW) system as vital equipment per 10 CFR 73.2
  • revision to the Physical Security Plan (PSP) so that "ASW System" and "Intake" are no longer included in discussions or figures concerning VA and protected area (PA)
  • revision to the E-Plan to exclude the intake structure from the definition of "Protected Area"; and revision to emergency actions level (EAL) classification and accountability methodology at the intake structure as required to reflect the E-Plan change
2. DETAILED DESCRIPTION This license amendment request (LAR) requests NRC approval to change the physical security classification of the intake structure from a VA and PA to an owner controlled area (OCA). The intake structure houses a large portion of the ASW system, which has historically been classified as vital equipment because of its safety-related (PG&E Design Class I) classification. The PG&E Design Class I classification of the intake structure is not affected by the proposed change. The proposal to reclassify the ASW system as non-vital is based on more recent NRC guidance, which provided clarification of the criteria to be used to identify vital equipment. Changing the physical security classification of the ASW system to non-vital is justified by evaluations, which concluded that both DCPP units are capable of being safely shutdown and maintained in a safe shutdown condition for greater than eight hours, assuming loss of the intake structure is due to only a hostile action. The ASW system falls outside the vital equipment criteria established in the NRC guidance (Reference 2).

2

Enclosure PG&E Letter DCL-19-008 In addition, the DCPP target set analysis has determined that no target set components are located in the intake PA.

2.1 Proposed Security Plan Changes During original licensing of DCPP, vital equipment as defined in 10 CFR 73.2 was considered as closely associated with safety-related systems under 10 CFR 50. This resulted in the safety-related ASW system being classified as vital equipment and the intake structure housing the ASW system being classified as a VA. Regulations and guidance issued since the time of original licensing has clarified the criteria for identifying vital equipment/areas. Although DCPP previously submitted analyses to the NRC that demonstrate the intake structure and the ASW system are not needed to achieve and maintain the plant in a safe shutdown condition in response to the security design-basis threat and loss of access to the ultimate heat sink (UHS), the licensing basis was never changed to reclassify them as non-vital equipment/area. This evaluation supports PG&E's request to reclassify the ASW system and intake structure as non-vital and designate the intake area as part of the OCA.

Brief descriptions of the associated Security Plan proposed changes are provided below. The justification for each change is discussed in Section 3.2.

2.1.1 Physical Security Plan Changes The specific changes to the Physical Security Plan (PSP) that result from reclassification of the intake structure include:

  • change the facility description to delete the intake structure as a PA
  • add the intake structure to major structures in the OCA
  • remove description of the intake VA/PA barriers
  • remove ASW from the vital equipment/area list
  • add a reference to the license amendment (resulting from this LAR)
  • change affected graphics in the "Figures" section 2.1.2 Security Procedure Changes Security procedure changes will be implemented consistent with the changes to the PSP, including deleting listing/discussion of "intake" relative to PA, or VA.

2.1.3 Security Changes Associated with Inclusion of the Intake as Part of the Owner Controlled Area The intake area will become part of the OCA. The appropriate level of security will continue to be applied in accordance with PG&E commercial security practices. Critical digital assets (CDAs) will remain in the area, 3

Enclosure PG&E Letter DCL-19-008 and these will be provided physical protection in accordance with the DCPP Cyber Security Plan. CDA control requirements in Appendix E.5 of NEI 08-09, Revision 6, (Reference 19) and NEI 08-09, Revision 6, Addendum 4 (Reference 20), will be applied for CDAs located outside the PA Local law enforcement agencies (LLEA) have been briefed on the proposed change and it was determined that no change to memorandums of understanding are required. The change will also be discussed during annual LLEA training. The proposed change was also reviewed with other offsite response organizations including San Luis Obispo County and the State of California Office of Emergency Services.

The review determined that the proposed changes continue to support offsite emergency response activities.

No changes to the Training and Qualification Plan are required due to the proposed changes.

2.1.4 Compensatory Measures With the proposed change, and under certain, predictable, and limited plant conditions, an unattended pathway into the main PA could be created. Compensatory measures for an unattended pathway will be implemented to prevent exploitation consistent with NEI 09-05, "Guidance on the Protection of Unattended Openings that Intersect a Security Boundary," and will meet the requirements of 10 CFR 73.55(i)(5)(iii) and be protected by a physical barrier and monitored by intrusion detection equipment or observed by security personnel at a frequency sufficient to detect exploitation. The DCPP PSP and implementing procedures provide instructions for providing equivalent levels of protection.

2.2 Proposed Emergency Plan Changes The E-Plan will be revised to exclude the intake from the definition of "Protected Area" consistent with the proposed revision of the Security Plan. The intake will no longer be a PA and will be considered part of the OCA. EAL classification will change and accountability methodology at the intake will be revised as required to reflect this change.

Brief descriptions of the proposed changes to the E-Plan are provided below.

The justification for each change is discussed in Section 3.3. The specific wording changes are provided in Attachments 1 and 2 to this enclosure as marked-up and retyped copies, respectively, of the affected E-Plan pages.

4

Enclosure PG&E Letter DCL-19-008 2.2.1 Section 1, "Definitions", will be revised for "Protected Area" to remove reference to the intake structure PA in accordance with the proposed change.

2.2.2 A hostile action event in the intake PA is classified as a Site Area Emergency per EAL HS1 .1 in the current E-plan. The proposed change would re-designate the intake as part of the OCA. The new classification for a hostile action in this area would be an Alert per EAL HA 1.1. This classification level is consistent with NRC endorsed guidance in NEI 99-01, Revision 6.

This change will not impact the E-Plan wording under EALs HS1 .1 nor HA1.1.

2.2.3 The proposed change impacts the accountability methodology at the intake structure due to the change from a PA to an OCA (no specific change to the E-Plan wording is required). Accountability will be completed using the methodology consistent with current E-Plan and implementing procedures for the OCA versus the PA.

2.3 Proposed Updated Final Safety Analysis Report Changes The proposed activity does not involve any changes to plant equipment. The ASW system remains classified as PG&E Design Class I and continues to meet applicable requirements for safety-related equipment. Updated Final Safety Analysis Report (UFSAR) changes consist of replacing the term "vital" when referring to the ASW equipment at the intake with the appropriate term (i.e.,

PG&E Design Class I) following reclassification from vital to non-vital (Attachment 3).

2.4 Reasons for the Proposed Changes DCPP has evaluated the intake equipment/area and surrounding PA and determined that the "vital" classification for the ASW system is unnecessary.

Therefore, security requirements related to the classification may be removed and references to vital equipment and VA with respect to the intake can be deleted from the Security Plan, procedures, and other affected documentation.

Additionally, the intake PA is no longer needed and can be removed as well.

The proposed change to the E-Plan to redefine the "Protected Area" to remove the reference to the intake from the definition is necessary to address the proposed changes to the Security Plan. The E-Plan changes will establish consistency with NRC endorsed guidance for emergency classification.

5

Enclosure PG&E Letter DCL-19-008

2.5 Background

2.5.1 PG&E Design Class I - Licensing Basis of Terminology PG&E uses the classification "PG&E Design Class I" for components often referred to as "safety-related" in historical guidance. During the design and construction of DCPP Units 1 and 2, significant industry and regulatory changes were made in establishing common methods of classification, e.g., ANSI N18.2; Safety Guide 26, dated March 1972; Safety Guide 29, dated June 1972; and NRC Regulatory Guide 1.143, Revision 1, dated October 1979. However, these methods all differ slightly in detail from those used for DCPP. Although the form and intent of these regulatory and industry documents are similar, these are not the DCPP Licensing Basis. The NRC approved the Design Class I classification in the original DCPP Safety Evaluation Report, dated October 16, 1974 (Reference 8).

PG&E Design Class I is applicable to plant structures, systems, and components (SSCs) that are important to safety, including SSCs required to assure the following:

(a) the integrity of the reactor coolant pressure boundary (b) the capability to shut down the reactor and maintain it in a safe shutdown condition (c) the capability to prevent or mitigate the consequences of accidents, which could result in potential offsite exposures comparable to the guideline exposures of 10 CFR 100.11 or 10 CFR 50.67 (for accidents analyzed using alternate source term methodology)

All plant features designated as PG&E Design Class I are designed to remain functional when subjected to the additional forces associated with the Design Basis Earthquake (DE), the Double Design Earthquake and/or the Hosgri 'Earthquake.

2.5.2 Description of Auxiliary Saltwater System During normal plant operation and shutdown, the ocean is the UHS for DCPP. The ASW system transfers waste heat from plant equipment and components to the ocean during normal plant operation, plant cooldown, design basis accidents, and long-term cooling. This heat load is removed from these components by the component cooling water (CCW) system and transferred to ASW at the CCW heat exchangers.

6

Enclosure PG&E Letter DCL-19-008 The ASW system is housed primarily in the plant intake structure, with piping, power, and control lines routed underground to the plant. There are two trains of ASW available for each unit. Each train consists of electric motor-driven pumps, piping and motor-operated valves, compartment heating ventilation and air conditioning , and instrumentation.

The ASW system is classified as PG&E Design Class I and will remain so after the proposed change is implemented .

2.5.3 Description of Intake Structure The intake structure is a reinforced concrete building with dimensions of approximately 240 x 100 feet. The long dimension corresponds to the north-south direction and is parallel to the ocean . The intake structure is backfilled by rock on three sides and has water on the fourth (western) side. The structure is symmetric about a vertical plane in the east-west direction through its centerline. The top deck nominal elevation is 17.5 feet mean sea level (MSL). A concrete ventilation tower with steel coaxial ventilation pipe (also referred to as the Snorkel) extends to an elevation of +49.4 feet, which provides the cooling air to the ASW watertight compartments so that the PG&E Design Class I ASW pumps can operate during the design combination tsunami-storm wave run-up.

The top level of the intake structure consists of an 18-inch thick concrete slab, except for the roadway area where it is 24 inches thick. Openings are provided to allow removal of pumps, screens, and gates.

The four main circulating water pumps (not safety-related) and the four PG&E Design Class I ASW pumps are mounted at a nominal floor elevation at -2.1 feet MSL. Each pump is housed in a separate watertight compartment. The ASW pump compartment is provided with a watertight door and a backflow preventer in the room drain line.

2.5.4 Description of Vital Area/Protected Areas The DCPP site currently contains three discrete and separate PAs, including (1) the Main PA, surrounding the plant buildings; (2) the independent spent fuel storage installation PA, surrounding the spent fuel pads; and (3) the intake PA, surrounding the intake structure. The intake structure has been designated a PA since initial licensing because it encompasses the VA that houses the PG&E Design Class I ASW system.

VAs are required to be surrounded by PAs per 10 CFR 73.55.

The locations of the Main PA and the intake PA are shown on the aerial picture of the DCPP site in Attachment 4. The portion of the ASW system that is housed within the intake structure VA includes the ASW pumps, 7

Enclosure PG&E Letter DCL-19-008 piping, and instrumentation. The ASW pumps are located inside the intake structure in watertight compartments and take suction from the pump forebays, which are an integral part of the structure.

2.5.5 Licensing History 2.5.5.1 Regulatory History of Vital Equipment and Vital Area 10 CFR 73.55 specifies requirements for establishing and maintaining a physical protection program in nuclear power reactors. The program must protect against the design basis threat of radiological sabotage as stated in 10 CFR 73.1. [Reference. 10 CFR 73.55(b)(2)]

10 CFR 73.1 prescribes design basis threats to be used in designing safeguards systems to protect against radiological sabotage. The design basis threats specified for radiological sabotage include (i) an external assault, (ii) an internal threat, (iii) a land vehicle bomb assault, (iv) a waterborne vehicle bomb assault, and (v) a cyber attack.

Therefore, consistent with 10 CFR 73.1, the initiating event for the design basis threat is one of the above security events and does not assume any other concurrent accident in the nuclear reactor.

10 CFR 73.2 defines vital equipment as "any equipment, system, device, or material, the failure, destruction, or release of which could directly or indirectly endanger the public health and safety by exposure to radiation.

Equipment or systems which would be required to function to protect public health and safety following such failure, destruction or release are also considered to be vital." VAs are defined as "any area which contains vital equipment." These definitions have been in place since the late 1970's with no changes.

During initial licensing, DCPP, and the industry at large, considered vital equipment as closely associated (if not synonymous) with safety-related systems. Early guidance (Reference 1, Regulatory Guide 1.17, dated June 1973) fostered this philosophy by discussing protection of vital equipment against acts of "industrial" sabotage that could impair the performance of its intended safety functions (the security design basis threat later focused on radiological sabotage, as codified in 10 CFR 73.1).

10 CFR 73.55, "Requirement for Physical Protection of Licensed Activities in Nuclear Power Reactors Against Radiological Sabotage" originally issued in 1977, describes security requirements for VAs, PAs, and features for such areas (barriers, fences, detection, access control, etc.). The performance requirements of the original version of 10 CFR 73.55 were protection against industrial sabotage. Later security 8

Enclosure PG&E Letter DCL-19-008 regulations focused on radiological sabotage, which limited vital equipment to radiological concerns. The regulatory framework and requirements were revised to codify target sets under rule making. The current version of 10 CFR 73.55 (issued in 2010) delineated the minimum complement of specific areas and equipment that must be considered vital. The intake area is not listed nor is any power supply equipment that requires protection according to the regulation.

In concert with issuing the current version, the NRC revised and/or developed regulatory guidance to provide an acceptable method for licensees to meet 10 CFR 73.55 requirements. Regulatory Guide 5.81 (Reference 3), "Target Set Identification and Development for Nuclear Power Reactors," discusses the relationship between safety-related equipment (essentially PG&E Design Class I), vital equipment, and target sets. This regulatory guide focuses on protection for minimum sets of target elements; e.g., vital equipment and operator actions related to significant core damage or spent fuel sabotage if prevented from performing/accomplishing their function. The guidance indicates that the vital equipment list should include all safety-related equipment, consistent with the definition of vital equipment in 10 CFR 73.2. If safety-related equipment is excluded from the vital equipment list, the basis should be documented. Accordingly, this LAR documents the basis for excluding the safety-related ASW system from being designated as vital equipment per 10 CFR 73.2.

In addition, Regulatory Guide 5.76, "Physical Protection Programs at Nuclear Power Reactors" (Reference 2) provides a supporting definition of VAs (in part) as related to "equipment required to perform the functions of reactivity control, decay heat removal and process monitoring for the purpose of achieving and maintaining hot shutdown for a minimum of 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> from the time of the reactor trip (i.e. piping, water sources, power supplies, controls, and instrumentation)." This guidance focuses security on equipment required to achieve and maintain safe shutdown, which is a subset of all safety-related equipment.

Regulatory Guide 5.81 and Regulatory Guide 5.76 were found to contain the most recent information approved by the NRC that defines vital equipment and VAs.

2.5.5.2 Diablo Canyon Power Plant Vital Area Licensing Basis Chapter 5 of Revision 12 of the original PSP , approved by the NRC in Supplemental Safety Evaluation Report (SSER) 31 (Reference 5),

specified the ASW system as being included in the DCPP vital 9

Enclosure PG&E Letter DCL-19-008 systems/equipment list. Accordingly, the intake was designated as a VA with special requirements for protection.

In response to the need for protection against a new threat based on an intrusion event at Three Mile Island and the bombing of the World Trade Center, the PSP, Revision 18, Change 7 (Reference 9, PG&E Letter DCL-96-054) was submitted in 1996 to address the design and installation of a vehicle barrier system (VBS). The VBS was aligned for the protection of equipment within the main PA, only for ensuring safe shutdown conditions could be achieved and maintained. Clarification was provided concerning other vital components that are not essential to obtain a safe shutdown condition (i.e., the components located within the intake PA boundary). A 1994 analysis was included in a related submittal (Reference 10, PG&E Letter DCL-95-046) to demonstrate that the plant can be maintained in a safe shutdown condition for an extended period without the intake structure and its systems. The NRC response was provided in Reference 11.

In 2002, the NRC issued Interim Compensatory Measures in response to the 2001 terrorist attacks. These Orders revised the design basis threat (DBT) to include a larger vehicle-borne improvised explosive device (VBIED) and required evaluation of potential vulnerabilities to maintain or restore cooling of the core, containment, and spent fuel resulting from the loss of the intake structure. The PG&E response explicitly excluded the ASW system from consideration concerning the VBIED (Reference 12, PG&E Letter DCL-02-066). PG&E concluded that no additional action was needed with respect to the intake based on the 1994 analysis and supporting calculations that demonstrated both DCPP units could be shut down and maintained in a safe shutdown condition for an extended period after the loss of the intake structure (Reference 13, PG&E Letter DCL-02-028).

In 2004, the Security Plan (including the PSP) was re-baselined to conform to the NEI 03-12 template and issued as Revision 0 (Reference 14, PG&E Letter DCL-04-054). This revision of the plan addressed the requirement to protect against the VBIED. The analysis considered equipment needed for safe shutdown of the plant with adequate core cooling (i.e., equipment only within the main PA).

The NRC safeguards evaluation in response to PG&E's proposed changes related to the 2004 submittal concluded that the overall level of security system performance provides protection against radiological sabotage that meets the requirements of the NRC Orders and 10 CFR 73, and is therefore acceptable (Reference 15, NRC Letter dated December 11, 2006).

10

Enclosure PG&E Letter DCL-19-008 Although the ASW system is not designated as a target set in the PSP, it remains designated as a vital system.

3. TECHNICAL EVALUATION 3.1 Technical Basis - Nuclear Safety 3.1.1 Achieving and Maintaining Safe Shutdown with Loss of Auxiliary Saltwater The safe shutdown condition at DCPP is defined as MODE 3 in the UFSAR Section 7.4. An analysis has been performed that demonstrates the ASW system is not required to satisfy safe shutdown requirements when ASW is lost (e.g., due to a vehicle attack). This analysis is summarized below.

Per the UFSAR, the functions required to achieve and maintain safe shutdown are:

  • RCS inventory control via charging flow (boration)

When the ASW is lost due to an attack, the worst-case scenario assumes there is a concurrent loss of offsite power, which results in the reactors tripping the units in Mode 3 with the RCS operating in the natural circulation mode. A concurrent accident in the nuclear reactor is not assumed to occur. The loss of power to the motor-driven circulating water pumps results in a loss of condenser vacuum and subsequent use of the 40 percent condenser dump valves. Since the ASW systems are assumed lost, the CCW system temperature will rise until that system is no longer able to perform its cooling system function, which results in unavailability of the safety injection pumps and residual heat removal pumps. To ensure core cooling, the steam generated by core decay heat is relieved through the steam generator (SG) safety valves or the 10 percent atmospheric steam dump valves. In addition, due to a loss of offsite power, the main feedwater pumps are tripped and make-up to the SGs is provided by the auxiliary feedwater (AFW) system taking suction from the condensate storage tank (CST).

When offsite power is lost, the emergency diesel generators (EDGs) will start and load automatically. The AFW pumps and centrifugal charging pumps (CCPs) are loaded on the EDGs making them available to remove decay heat and control RCS inventory, respectively. The EDGs providing power to critical systems during safe shutdown are air-cooled and do not require CCW/ASW cooling. The AFW system, SGs, and main steam 11

Enclosure PG&E Letter DCL-19-008 atmospheric dump valves are used to remove core decay heat and provide RCS pressure control (Reference 16, LA 94/93). RCS pressure control is, therefore, performed by equipment that is not dependent on ASW availability. The charging system can provide RCS inventory control using an air-cooled CCP, which also does not depend on ASW availability for cooling.

Once the unit is in Mode 3, core cooling continues to be maintained by the water inventory available for decay heat removal in the CST using this equipment. This condition can be maintained using minimum CST level for at least 17 hours1.967593e-4 days <br />0.00472 hours <br />2.810847e-5 weeks <br />6.4685e-6 months <br /> (Reference 6, WECTEC Report). In the event the CST becomes exhausted, additional cooling water supplies are available to maintain safe shutdown conditions.

In summary, the bulk of the waste heat generated during plant operation is removed by the SGs and transferred to the condensers. During cooldown and design basis accidents, heat may be removed via steam release to the atmosphere. If the intake, including ASW, becomes unavailable, PG&E Design Class I equipment located in the main PA is used to achieve and maintain safe shutdown conditions.

3.1.2 Additional Considerations Changes made since the original PSP submittal that improve the ability to safely shutdown and cope without CCW and ASW cooling include:

  • the positive displacement charging pumps that were replaced with air-cooled CCPs. (While not credited as safe shutdown equipment, the air-cooled CCPs improve the ability to sustain a loss of UHS due to a decrease in heat load on CCW.)
  • reactor coolant pump (RCP) seals that were replaced with RCP shutdown seals (Westinghouse Generation Ill design) in 2015 (Unit 1) and 2016 (Unit 2), which reduce leakage in the event seal cooling is lost and eliminate the need to establish alternate cooling to the CCPs to cool the seal.

3.2 Technical Basis - 10 CFR 73 (Security)

The following sections describe the evaluations that determined the ASW system does not meet the criteria for vital equipment specified by Regulatory Guide 5. 76 (Reference 2) and does not meet the criteria for target set equipment specified by Regulatory Guide 5.81 (Reference 3). In addition, the changes to the Security Plan resulting from declassifying the intake structure as non-vital and moving from the PA to the OCA are evaluated per NEI 11-08, Section 1.1 (Reference 4).

12

Enclosure PG&E Letter DCL-19-008 3.2.1 Regulatory Guide 5.76 -Analysis of Auxiliary Saltwater Equipment Against Vital Criteria Regulatory Guide 5. 76, Physical Protection Programs at Nuclear Power Reactors, July 2009, Section 4.10.3 (Reference 2) establishes the following three criteria as considerations when identifying vital equipment.

a. Primary coolant pressure boundary consisting of the reactor vessel and reactor coolant piping up to and including a single, protected, normally closed isolation valve or protected valve capable of closure in interfacing systems; Evaluation: The ASW system is not part of the primary coolant pressure boundary as heat from plant equipment is transferred to the ASW system via the CCW system.
b. Equipment required to perform the functions of reactivity control, decay heat removal, and processing monitoring for the purpose of achieving and maintaining hot shutdown for a minimum of 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> from the time of reactor trip (i.e., piping, water sources, power supplies, controls, and instrumentation);

Evaluation: As discussed in Section 3.1.1, safe shutdown at DCPP is defined as Mode 3 in UFSAR Section 7.4. In response to the introduction of the vehicle bomb to the DBT and potential loss of the intake structure/ASW [i.e., normal access to the ultimate heat sink (UHS)], a 1994 analysis demonstrated that both DCPP units are capable of achieving and maintaining safe shutdown using PGE Design Class I equipment other than ASW and existing emergency and abnormal operating procedures for a minimum period of one shift.

Core cooling is maintained by the water inventory available for decay heat removal in the CST using SGs, AFW system, and the main steam atmospheric valves. The equipment and CST are constructed/located such that all requirements for physical barriers, vital, and PAs in accordance with 10 CFR 73.55 are met.

The 1994 analysis has been updated (Reference 6) to reflect enhancements to plant systems and updates to procedures.

Reference 6 confirms that both units are capable of achieving and maintaining safe shutdown using PGE Design Class I equipment other than ASW (as described above) and existing emergency and abnormal operating procedures for a minimum period of 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> from the time of reactor trip.

13

Enclosure PG&E Letter DCL-19-008

c. The control room and any remote location from which vital equipment can be controlled or disabled.

Evaluation: The current ASW area at the intake structure does not contain equipment that controls or can disable vital equipment (i.e. the ASW area does not have the ability to shut down or disable other vital equipment).

Based on the above evaluations, the ASW system does not meet the criteria for vital equipment established in Regulatory Guide 5. 76.

Accordingly, the loss of ASW by failure or destruction does not directly or indirectly endanger the public health and safety by exposure to radiation; therefore, the system does not meet the definition of vital equipment as stated in 10 CFR 73.2. It follows that the intake structure is not a VA per 10 CFR 73.2, since the area does not contain vital equipment.

3.2.2 Auxiliary Saltwater Target Set Analysis Additionally, target set analysis was performed when the Security Plan was re-baselined to conform to NEI 03-12 in 2004 (Reference 14, PG&E Letter DCL-04-054). The analysis concluded that ASW is excluded from the minimum sets of target elements because the system is not considered critical equipment and, therefore, loss of the ASW function would not result in significant core damage or spent fuel sabotage. This is the reason why ASW is not included as part of the protective strategy and why the protective strategy is unaffected by reclassification of ASW as non-vital.

3.2.3 Analyze Security Plan Change per NEI 11-08 The following analysis provides responses to the areas specified by NEI 11-08, Guidance on Submitting Security Plan Changes, Section 1.1 (Reference 4), as areas to be addressed for Security Plan changes.

a. Identify nature of Security Plan change The proposed change reclassifies the intake structure from a VNPA to a part of the OCA.
b. Identify and analyze impacts on security program The reclassification of the ASW system as non-vital also supports the physical protection requirements of 10 CFR 73.55. The provisions of 10 CFR 73.55(e)(9) pertaining to VAs do not apply, since the regulation identifies specific areas that must be considered vital and the intake area is not listed as one of those, nor does it contain any 14

Enclosure PG&E Letter DCL-19-008 power supply equipment that requires protection according to the regulation. The provisions of 10 CFR 73.55(e)(8) pertaining to PAs do not apply since it is shown that the area is not a VA with vital equipment - instead, the provisions of 10 CFR 73.55(e)(6) pertaining to OCAs will be implemented. Similarly, the provisions of 10 CFR 73.55(g) and (h) pertaining to access controls and search programs, respectively, will be applied consistent with location in the OCA. The provisions of 10 CFR 73.55(i)(5)(iii) pertaining to surveillance, observation, and monitoring will be applied through implementation of compensatory measures and the guidance of NEI 09-05 (Reference 7) to provide equivalent levels of protection.

With reclassification of the ASW system, critical digital assets will remain in the intake area, requiring physical protection in accordance with 10 CFR 73.54 and the Cyber Security Plan. As a result, the appropriate level of security will continue to be applied in accordance with PG&E industrial security requirements ..

c. Summarize the analysis Devitalizing the ASW equipment eliminates the requirement for the intake structure to be a VA and, therefore, will also not need to be controlled as a PA. The devitalization is a one-time, stand-alone issue, not cumulative. It is not tied to other equipment, processes, etc.
d. Identify compensatory measures With the proposed change, and under certain, predictable, and limited plant conditions, unattended openings are created. Under these conditions, compensatory measures will be implemented, in accordance with existing procedures, to prevent exploitation consistent with NEI 09-05, "Guidance on the Protection of Unattended Openings that Intersect a Security Boundary," (Reference 7) and will meet the requirements of 10 CFR 73.55(i)(5)(iii).
e. 50.59, 50.90, 50.54(p) analyses
  • 10 CFR 50.59 The safety/security interface requirements of 10 CFR 73.58 have been applied to the proposed activity. There are no changes to plant equipment or plant operating and maintenance procedures, so there are no changes related to safety that could affect security.

Reclassification of the intake equipment/area to non-vital does not 15

Enclosure PG&E Letter DCL-19-008 negatively impact operator access, response times or other operations actions.

  • 10 CFR 50.90 The licensing changes in this LAR are being submitted to NRG for approval due to the complexity of the change, absence of industry precedent reviewed by the NRG, and lack of examples of similar changes in regulatory guidance.

The proposed change to reclassify ASW equipment and the intake area as non-vital was reviewed considering the requirements of 10 CFR 50.54(p), "Conditions of Licenses - Security Plans,"

10 CFR 73.2, "Definitions - vital equipment/area," and 10 CFR 73.55, "Requirements for physical protection of licensed activities in nuclear power reactors against radiological sabotage". PG&E concludes that adopting the proposed change does not constitute a reduction in the effectiveness of the Security Plan as discussed in Section 3 of this LAR. The evaluation was performed using the guidance in Revision 0 of NEI 11-08, "Guidance on Submitting Security Plan Changes," and the associated NEI "white paper,"

which has been included in Revision 1 of NEI 11-08.

f. Describe how regulatory compliance, plan commitments, implementing procedures, and daily functions are maintained throughout incorporation of the change.

Regulatory compliance, plan commitments, and implementing procedures are maintained through the 50.54(p) evaluation process to ensure there is no reduction in safeguards effectiveness. Use of the NEI 11-08 evaluation template ensures adequate evaluations are performed against the proposed revision to the Security Plan and implementing procedures. Upon incorporation of the change, these revisions will ensure regulatory compliance.

3.2.4 Safety/Security Interface Requirements of 10 CFR 73.58 The safety/security interface requirements of 10 CFR 73.58 have been applied to the proposed activity. There are no changes to plant equipment or plant operating and maintenance procedures, so there are no changes related to safety that could affect security. Reclassification of the intake equipment/area to non-vital does not impact operator access, response times or other operations actions.

16

Enclosure PG&E Letter DCL-19-008 3.2.5 Conclusions Based on the above discussion, the ASW system is not required to achieve and maintain safe shutdown at DCPP; therefore, the ASW equipment is not required to be located in a VA, per Regulatory Guide 5.76. This eliminates the basis for designating the intake structure as a PA.

The reclassification of the ASW system as non-vital is acceptable with respect to the definitions of "vital equipment" in 10 CFR 73.2 and Regulatory Guide 5. 76. The basis for excluding this safety-related equipment from the vital equipment list is documented per Regulatory Guide 5.81.

The reclassification of the ASW system as non-vital continues to support the cyber security requirements of 10 CFR 73.54. CDAs remain in the intake area, requiring physical protection in accordance with the Cyber Security Plan. As a result, the appropriate level of security will continue to be applied. The area will be protected in accordance with PG&E commercial security practices.

Therefore, the proposed changes continue to ensure the Security Plan meets the requirements of 10 CFR 73.54 and 10 CFR 73.55.

3.3 Technical Basis - Emergency Plan 3.3.1 Background - DCPP E-Plan 3.3.1.1 E-Plan Definition of "Protected Area" The intake structure has been included in the definition of the PA since the original E-Plan approved by the NRC (Revision 3, Change 3, dated August 1983). PA was defined as, "A security area encompassed by physical barriers and to which access is controlled (ANSI N 18.17-1973). At DCPP, this is the secured areas inside the double fence and the intake structure area."

The current revision of the E-Plan (Revision 4.08, dated May 14, 2018) defines PA as, "Areas to which access is strictly controlled in accordance with the station's Security Plan. This specifically includes the areas around the power block, the intake structure and the Independent Spent Fuel Storage Installation (ISFSI)."

17

Enclosure PG&E Letter DCL-19-008 3.3 .1.2 Emergency Action Levels EALs associated with intake PA equipment are implemented in Revision 5.02 of Appendix D of the E-Plan.

3.3.1.3 Personnel Accountability Methodology in the Intake Area The original NRC approved E-Plan addressed onsite personnel accountability to include the use of "Identification Badges, supervisory control, and written accountability logs" for onsite personnel located within the plant PA (which includes the intake structure). Emergency accountability in the PA was determined by those badges issued from and returned to the "badge rack" in the security station. Additional methods using "supervisorial [sic] accountability," accountability logs, and the computer-controlled security system were also described.

Accountability methods were also described for personnel outside of the PA including visitors and construction personnel (onsite at the time). These methods included assigning department heads and contractors the responsibility for maintaining accountability of personnel under their jurisdiction by maintaining rosters of employees, identification badges, and vehicle passes. Personnel were assigned assembly areas to report to when the site emergency alarm was sounded.

The current revision to the E-Plan outlines similar accountability methods including control of identification badges, supervisory accountability, and the computerized security systems for personnel within the PA. Accountability in the OCA is described in the E-Plan using supervisory accountability and security alerting of agricultural workers. Specific accountability actions including a listing of assembly areas outside of the PA are addressed in E-Plan Implementing Procedure EP G-4, "Assembly and Accountability," and EP G-5, "Evacuation of Non-Essential Site Personnel."

3.3.2 Basis for Emergency Plan Changes 3.3.2.1 Emergency Plan Definition of Protected Area The definition of "Protected Area" in Section 1 of the E-Plan is being revised to remove reference to the intake structure consistent with the proposed change to the Security Plan. The intake will be considered a part of the OCA consistent with the proposed change to the Security Plan.

18

Enclosure PG&E Letter DCL-19-008 3.3.2.2 Emergency Action Levels Associated with Intake Structure Equipment The equipment associated with the ASW system is being reclassified as non-vital equipment as a part of this proposed change. This safety-related equipment in the intake will continue to be considered a "safety system" in the E-Plan, which is defined as follows:

Safety System A system required for safe plant operation, cooling down the plant and/or placing it in the cold shutdown condition, including the EGGS.

These are typically systems classified as safety-related (as defined in 10 GFR 50.2):

Those structures, systems and components that are relied upon to remain functional during and following design basis events to assure:

(1) The integrity of the reactor coolant pressure boundary; (2) The capability to shut down the reactor and maintain it in a safe shutdown condition; (3) The capability to prevent or mitigate the consequences of accidents which could result in potential offsite exposures.

The table in Attachment 5 lists the EALs that are currently applicable to the safety system equipment located in the Intake Structure and the disposition/evaluation of the EALs to address the proposed changes.

There are no required text revisions to the current EALs to implement the proposed changes.

3.3.2.3 Personnel Accountability Methodology in the Intake Area DCPP has established accountability methodology for areas within the PA and OCA Currently, personnel accountability at the intake structure is established through control of identification badges, supervisory accountability, and the computerized security systems electronically as part of the PA After the proposed change, personnel accountability for the intake area will be completed as it is in the OCA Supervisory accountability and the use of Security to alert workers will be used. EP G-4, provides specific steps for completing assembly and accountability in and outside of the PA EP G-5 lists additional offsite assembly areas to facilitate evacuation of non-essential personnel. All workers in the OCA who are not involved with emergency response are considered non-essential and will be alerted to assemble and evacuate as determined by the Site Emergency Coordinator. There are no required text revisions to the E-Plan to implement the proposed changes.

19

Enclosure PG&E Letter DCL-19-008 3.3.2.4 Conclusions The proposed changes continue to support the functional areas of the E-Plan (10 CFR 50.47 (8)(4), Emergency Classification System and 10 CFR 50.47 (8)(10), Emergency Protective Actions) and will continue to ensure the protection of the health and safety of the public and site personnel.

Reclassifying the intake area from a PA to an OCA does not adversely affect the site's ability to respond to an event nor to accurately classify an emergency in a timely manner in accordance with NRG endorsed guidance.

The safety/security interface requirements of 10 CFR 73.58 have been applied to the proposed activity. The changes to the E-Plan are solely in response to the reclassification of the intake area to non-vital, and the need to reduce the classification of an event one level (from Site Area Emergency to Alert). The E-Plan will continue to comply with the standards established in 10 CFR 73. There are no security activities, including emergency response, that could affect safety.

Therefore, the proposed changes will continue to ensure the E-Plan will meet 10 CFR 50.54(q)(2), the requirements of 10 CFR 50 Appendix E, and the planning standards of 10 CFR 50.47(b).

The proposed change to reclassify ASW equipment and the intake area as non-vital was reviewed considering the requirements of 10 CFR 50.54(q),

"Conditions of Licenses - Emergency Plan," 10 CFR 47(b) "Emergency Plan -

standards," 10 CFR 50 Appendix E, and Regulatory Guide 1.219, "Guidance on Making Changes to Emergency Plans for Nuclear Power Reactors" (Reference 21). PG&E concludes that adopting the proposed change does not constitute a reduction in the effectiveness of the E-Plan as discussed above.

3.4 Impact and Compliance with Operating Licenses, Technical Specifications, Safety System Requirements These changes affect only the Security Plan and the E-Plan and otherwise do not alter requirements of the Operating Licenses or the Technical Specifications. These changes do not alter any of the assumptions used in the safety analyses, nor do they cause any safety system parameters to exceed their acceptance limits. Therefore, the proposed changes have no adverse effect on plant safety.

20

Enclosure PG&E Letter DCL-19-008

4. REGULATORY EVALUATION 4.1 Applicable Regulatory Requirements Security Plan The current definition of vital equipment and VA means "any equipment, system, device, or material, the failure, destruction, or release of which could directly or indirectly endanger the public health and safety by exposure to radiation. Equipment or systems which would be required to function to protect public health and safety following such failure, destruction or release are also considered to be vital." VA is defined as "any area which contains vital equipment."

Regulatory Guide 5.76, "Physical Protection Programs at Nuclear Power Reactors," Section 4.10, "Vital Areas" This section lists three requirements for an area/equipment to be deemed vital.

These requirements are:

1) the primary coolant pressure boundary consisting of the reactor vessel and reactor coolant piping up to and including a single, protected, normally closed isolation valve or protected valve capable of closure in interfacing systems
2) equipment required to perform the functions of reactivity control, decay heat removal, and process monitoring for the purpose of achieving and maintaining hot shutdown for a minimum of 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> from the time of reactor trip (i.e., piping, water sources, power supplies, controls, and instrumentation)
3) the control room and any remote locations from which vital equipment can be controlled or disabled (such as remote shutdown panels, motor control centers, circuit breakers, or local control stations)

SAND2008-5644, "Vital Area Identification for U.S. Nuclear Regulatory Commission Nuclear Power Reactor Licensees and New Reactor Applicants" (Reference 18)

This document provides methods for new reactor licensees to identify vital equipment for new reactors and provided guidance in the evaluation process.

Section 2, "Vital Area Identification Assumptions," states that VAs should be "identified so as to protect a minimum set of the systems, personnel and 21

Enclosure PG&E Letter DCL-19-008 equipment needed to prevent significant core damage and spent fuel sabotage."

Section 3, "Vital Area Identification Process," includes as one of the first steps to identify the systems necessary to mitigate initiating events. The site has evaluated the ASW system and determined that the site has other areas/equipment to mitigate the initiating event.

PG&E has determined that the loss of the intake and its equipment does not lead to significant core damage or spent fuel sabotage. This is documented in the "Target Set Basis Document," as required by 10 CFR 73.55(f)(1).

Using the definition of 10 CFR 73.2, and the new regulatory guidance discussed above, the equipment/area reviewed does not meet the criteria of Regulatory Guide 5.81 for target sets or Regulatory Guide 5.76 for VAs. There is no target set equipment in this area. Although the equipment is designated as safety-related, reviews of the regulation and current correlating guidance do not require that all safety-related equipment be in VAs.

Devitalizing the ASW equipment at the intake structure means the intake structure will no longer be a VA and therefore will also not need to be controlled as a PA. PG&E determined, however, that CDAs remain in the in the area, requiring physical protection in accordance with the Cyber Security Plan. As a result, the appropriate level of security will continue to be applied. The area will be protected in accordance with PG&E commercial security practices.

The devitalization of equipment and removal of the vital and PA has been reviewed and evaluated to ensure that no decrease in safeguards effectiveness will occur. Changes to the Security Plan and its implementing procedures include removing the ASW system and the intake structure designations as vital equipment/area and PA.

Emergency Plan Relevant portions of Title 10 Code of Federal Regulations 50.54(q) are as follows:

(q) Emergency Plans (1)(iv) Reduction in effectiveness means a change in an emergency plan that results in reducing the licensee's capability to perform an emergency planning function in the event of a radiological emergency.

(2) A holder of a license under this part, or a combined license under part 52 of this chapter after the Commission makes the finding under§

52. 103(g) of this chapter, shall follow and maintain the effectiveness of an 22

Enclosure PG&E Letter DCL-19-008 emergency plan that meets the requirements in appendix E to this part and, for nuclear power reactor licensees, the planning standards of§ 50.47(b).

(4) The changes to a licensee's emergency plan that reduce the effectiveness of the plan as defined in paragraph (q)(1 )(iv) of this section may not be implemented without prior approval by the NRG. A licensee desiring to make such a change after February 21, 2012 shall submit an application for an amendment to its license. In addition to the filing requirements of§§ 50.90 and 50.91, the request must include all emergency plan pages affected by that change and must be accompanied by a forwarding letter identifying the change, the reason for the change, and the basis for concluding that the licensee's emergency plan, as revised, will continue to meet the requirements in appendix E to this part and, for nuclear power reactor licensees, the planning standards of

§ 50.47(b) .

10 CFR 50.47(b)(4) requires the Emergency Plan to meet the following standard:

A standard emergency classification and action level scheme, the bases of which include facility system and effluent parameters, is in use by the nuclear facility licensee, and State and local response plans call for reliance on information provided by facility licensees for determinations of minimum initial offsite response measures.

The existing DCPP E-Plan meets the planning standards of 10 CFR 50.47(b) and 10 CFR 50 Appendix E as required by 10 CFR 50.54(q)(2). This LAR proposes to change the classification of the ASW system from vital to non-vital, change the intake area from a VA to non-vital, and change the intake structure from a PA to an OCA. As a result, the proposed activity changes the classification level of a hostile action event that occurs in the intake structure area from a Site Area Emergency per EAL HS1 .1 to an Alert per EAL HA 1.1.

The new classification level is consistent with NRC Endorsed NEI 99-01, Revision 6 EAL scheme for hostile actions in the OCA. The NEI 99-01, Revision 6 EAL schemes were approved by the NRC for DCPP in Reference

17. Leaving the current classification level in place for a hostile action would result in DCPP deviating from NRC endorsed guidance, classifying the event as higher than what is necessary.

The proposed change would result in onsite personnel accountability (10 CFR 50.47(b)(10)) at the intake structure being completed consistent with the methodologies used currently in the OCA versus PA.

23

Enclosure PG&E Letter DCL-19-008 These proposed changes are not considered a reduction in effectiveness as defined in 10 CFR 50.54(q)(1)(iv). The DCPP E-Plan will continue to meet the requirements of 10 CFR 50.54(q)(2) by maintaining the effectiveness of the E-Plan such that it meets the requirements of 10 CFR 50 Appendix E, and the planning standards of 10 CFR 50.47(b).

4.2 Precedent None 4.3 Significant Hazards Consideration Pacific Gas and Electric Company (PG&E) has evaluated whether or not a significant hazards consideration is involved with the proposed amendment by focusing on the three standards set forth in 10 CFR 50.92, "Issuance of amendment," as discussed below:

1. Does the proposed change involve a significant increase in the probability or consequences of an accident previously evaluated?

Response: No.

The proposed changes to the Diablo Canyon Power Plant (DCPP) emergency action levels (EALs) do not physically impact the plant structures, systems, or components (SSCs) or the manner in which SSCs perform their design function. The proposed changes neither adversely affect accident initiators or precursors, nor alter design assumptions. The proposed changes do not alter or prevent the ability of SSCs to perform their intended function to mitigate the consequences of an initiating event within assumed acceptance limits. No operating procedures or administrative controls that function to prevent or mitigate accidents are affected by the proposed changes. A concurrent accident with a hostile action is not assumed to occur.

Therefore, the proposed change does not involve a significant increase in the probability or consequences of an accident previously evaluated.

2. Does the proposed change create the possibility of a new or different accident from any accident previously evaluated?

Response: No.

The proposed changes do not involve a physical alteration of the plant (i.e., no new or different type of equipment will be installed or removed) or a change in the method of plant operation. The proposed changes will not introduce failure modes that could result in a new accident, and the change does not alter 24

Enclosure PG&E Letter DCL-19-008 assumptions made in the safety analysis. The proposed changes to the DCPP EALs are not initiators of any accidents.

Therefore, the proposed change does not create the possibility of a new or different accident from any accident previously evaluated.

3. Does the proposed change involve a significant reduction in a margin of safety?

Response: No.

Margin of safety is associated with the ability of the fission product barriers (i.e.,

fuel cladding, reactor coolant system pressure boundary, and containment structure) to limit the level of radiation dose to the public.

The proposed changes do not impact operation of the plant or its response to transients or accidents. The proposed changes do not affect the Technical Specifications or the Operating Licenses. The proposed changes do not involve a change in the method of plant operation, and no accident analyses will be affected by the proposed changes. Additionally, the proposed changes will not relax any criteria used to establish safety limits and will not relax any safety system settings. The safety analysis acceptance criteria are not affected by these changes. The proposed changes will not result in plant operation in a configuration outside the design basis. The proposed changes do not adversely affect systems that respond to safely shut down the plant and to maintain the plant in a safe shutdown condition. The Emergency Plan will continue to activate an emergency response commensurate with the extent of degradation of plant safety.

Therefore, the proposed change does not involve a significant reduction in a margin of safety.

Based on the above evaluation, PG&E concludes that the proposed change does not involve a significant hazards consideration under the standards set forth in 10 CFR 50.92(c), and accordingly, a finding of "no significant hazards consideration" is justified.

4.4 Conclusions In conclusion, based on PG&E's analysis of the no significant hazards consideration discussed above, (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner, (2) such activities will be conducted in compliance with the Commission's regulations, and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public.

25

Enclosure PG&E Letter DCL-19-008

5. ENVIRONMENTAL CONSIDERATION The proposed changes to the classification of the ASW system and intake structure have no impact on the environmental bounds of the current environmental assessment associated with DCPP. The proposed changes will not affect plant safety and will not have an adverse effect on the probability of an accident occurring.

PG&E has evaluated the proposed amendment and has determined that the proposed amendment does not involve (i) a significant hazards consideration, (ii) a significant change in the types or significant increase in the amounts of any effluents that may be released offsite, or (iii) a significant increase in individual or cumulative occupational radiation exposure. Accordingly, the proposed amendment meets the eligibility criterion for categorical exclusion set forth in 10 CFR 51.22(c)(9).

Therefore, pursuant to 10 CFR 51.22(b ), no environmental impact statement or environmental assessment need be prepared in connection with the proposed amendment.

6. REFERENCES
1. Regulatory Guide 1.17, "Protection of Nuclear Power Plants Against Industrial Sabotage," dated June 1973.
2. Regulatory Guide 5.76, "Physical Protection Programs at Nuclear Power Reactors," dated July 2009.
3. Regulatory Guide 5.81, "Target Set Identification and Development for Nuclear Power Reactors," dated November 2010.
4. NEI 11-08, Revision 0, "Guidance on Submitting Security Plan Changes," dated June 2012.
5. Diablo Canyon SSER 31, "Supplement 31 to the Safety Evaluation Report for the application by Pacific Gas and Electric Company for a license to operate Diablo Canyon Nuclear Power Plant Unit 2 (Docket 50-323)," dated April 1985.
6. WECTEC Technical Report, "Doc. No. 140781-MR-001-0, Loss of Auxiliary Saltwater System," dated December 2018 .
7. NEI 09-05, Revision 0, "Guidance on the Protection of Unattended Openings that Intersect a Security Boundary," dated November 2012.
8. NRC Safety Evaluation Report, "Safety Evaluation by the Directorate of Licensing, U.S. Atomic Energy Commission, In the Matter of Pacific Gas and Electric Company, Diablo Canyon Nuclear Power Station, Units 1 and 2," dated October 16, 1974.

26

Enclosure PG&E Letter DCL-19-008

9. PG&E Letter DCL-96-054, "Change 7 to Revision 18 of the Physical Security Plan and Change 1 to Revision 3 of the Safeguards Contingency Plan," dated February 29, 1996.
10. PG&E Letter DCL-95-046, "Response to 10 CFR 73.55, 'Requirements for Physical Protection of Licensed Activities in Nuclear Power Reactors Against Radiological Sabotage,"' dated February 28, 1995.
11. NRC Letter to PG&E, "Response to DCL-95-046," dated April 23, 1996.
12. PG&E Letter DCL-02-066, "Supplemental Answers to NRC Order for Interim Safeguards and Security Compensatory Measures," dated May 31, 2002.
13. PG&E Letter DCL-02-028, "Twenty-Day Answer to NRC Order for Interim Safeguards and Security Compensatory Measures," dated March 18, 2002.
14. PG&E Letter DCL-04-054, "Supplemental Response to the April 29, 2003, Orders to Pacific Gas & Electric Company, Diablo Canyon Power Plant Units 1 and 2," dated April 28, 2004.
15. NRC Letter to PG&E, "Administrative Change to Facility Operating License in Conjunction with the Commission Order EA-06-037 and Revisions to Physical Security Plan, Training and Qualification Plan, and Safeguards Contingency Plan," dated December 11, 2006.
16. NRC Letter, "Issuance of Amendments for Diablo Canyon Nuclear Power Plant Unit No. 1 (TAC No. M86479) and Unit No. 2, (TAC No. M86480)," dated September 2, 1994.
17. NRG Letter to Pacific Gas and Electric Company, "Diablo Canyon Power Plant, Units 1 and 2 - Issuance of Amendments Re: Emergency Action Level Scheme Change," dated September 25, 2017.
18. Sandia Report SAND2008-5644, "Vital Area Identification for U.S. Nuclear Regulatory Commission Nuclear Power Reactor Licensees and New Reactor Applicants," dated September 2008.
19. NEI 08-09, Revision 6, "Cyber Security Plan for Nuclear Power Reactors,"

dated April 2010.

20. "Addendum 4 to NEI 08-09, Revision 6 Dated April 2010 Physical and Operational Environment Protection," dated July 2017.
21. Regulatory Guide 1.219, "Guidance on Making Changes to Emergency Plans for Nuclear Power Reactors," dated July 2016.

27

Enclosure Attachment 1 PG&E Letter DCL-19-008 Proposed Emergency Plan Sections (Markup)

E-Plan Section 1 - Diablo Canyon Power Plant Emergency Plan Page 5 of 9 Definitions and Abbreviations Protected Area (PA)

Areas to which access is strictly controlled in accordance with the station's Security Plan.

This specifically includes the areas around the Power Block, Jhe Intake Structure and the Independent Spent Fuel Storage Installation (ISFSI).

Protective Action Guide (PAG)

The projected dose to an individual, based on reference man, from an accidental release of radioactive material at which a specific protective action to reduce or avoid that dose is warranted.

Protective Action Recommendations (PARs)

Those recommended emergency measures taken before or after an uncontrolled, or controlled, release of radioactive material to prevent or minimize radiological exposures to persons likely to occur if the actions were not taken .

Protective Action Zone (PAZ)

Emergency response planning areas within the DCPP EPZ that were originally defined by the State of California and San Luis Obispo County using local geographic boundaries.

There are 12 defined PAZs within the DCPP EPZ.

Public Dose The dose received by a member of the public from exposure to ionizing radiation and to radioactive material released by licensee, or to another source of radiation either within a licensee's controlled area or in unrestricted areas. It does not include occupational dose or doses received from background radiation, as a patient from medical practices, or from voluntary participation in medical research programs.

Public Education Zone (PEZ)

The State of California Nuclear Power Plant Emergency Response Plan area enclosed by a boundary beyond the DCPP EPZ to include the area where public education is required, but planning for public protective actions (evacuation and/or sheltering) is not required.

Radiologically Controlled Area (RCA)

An area which is established for the protection of personnel from radiological hazards.

Recovery The process of reducing radiation exposure rates and concentrations of radioactive material in the environment to levels acceptable for unconditional occupancy or"use.

Recovery Actions Those actions taken after the emergency to restore the plant as nearly as possible to its pre-emergency condition.

E-Plan_Section_ 1 Markup.DOC 1113.1330 Rev 4.08

Enclosure Attachment 2 PG&E Letter DCL-19-008 Proposed Emergency Plan Sections (Retyped)

E-Plan Section 1 - Diablo Canyon Power Plant Emergency Plan Page 5 of 9 Definitions and Abbreviations Protected Area (PA)

Areas to which access is strictly controlled in accordance with the station's Security Plan.

This specifically includes the areas around the Power Block and the Independent Spent Fuel Storage Installation (ISFSI).

Protective Action Guide (PAG)

The projected dose to an individual, based on reference man, from an accidental release of radioactive material at which a specific protective action to reduce or avoid that dose is warranted.

Protective Action Recommendations (PARs)

Those recommended emergency measures taken before or after an uncontrolled, or controlled, release of radioactive material to prevent or minimize radiological exposures to persons likely to occur if the actions were not taken.

Protective Action Zone (PAZ)

Emergency response planning areas within the DCPP EPZ that were originally defined by the State of California and San Luis Obispo County using local geographic boundaries.

There are 12 defined PAZs within the DCPP EPZ.

Public Dose The dose received by a member of the public from exposure to ionizing radiation and to radioactive material released by licensee, or to another source of radiation either within a licensee's controlled area or in unrestricted areas. It does not include occupational dose or doses received from background radiation, as a patient from medical practices, or from voluntary participation in medical research programs.

Public Education Zone (PEZ)

The State of California Nuclear Power Plant Emergency Response Plan area enclosed by a boundary beyond the DCPP EPZ to include the area where public education is required, but planning for public protective actions (evacuation and/or sheltering) is not required.

Radiologically Controlled Area (RCA)

An area which is established for the protection of personnel from radiological hazards.

Recovery The process of reducing radiation exposure rates and concentrations of radioactive material in the environment to levels acceptable for unconditional occupancy or use.

Recovery Actions Those actions taken after the emergency to restore the plant as nearly as possible to its pre-emergency condition.

E-Plan_Section_ 1Revised.DOC 1113.1332 Rev 4.08

Enclosure Attachment 3 PG&E Letter DCL-19-008 Proposed FSAR Update Sections (Markup)

DCPP UNITS 1 & 2 FSAR UPDATE The ASW system is designed to or contains instrumentation and controls that support actions to maintain the safe operational status of the plant from the control room or from an alternate location if control room access is lost due to fire or other causes.

9.2.7.1.5 General Design Criterion 12, 1967 - Instrumentation and Control Systems Instrumentation and controls are provided as required to monitor and maintain ASW system variables within prescribed operating ranges.

9.2.7.1.6 Auxiliary Saltwater System Safety Function Requirements (1) Waste Heat Removal The ASW/CCW systems are designed to remove waste heat from the nuclear (primary) plant equipment and components during normal plant operation, plant cooldown, and design basis accidents.

(2) Single Failure The ASW system and CCW system are essentially considered a single heat removal system for the purpose of assessing the ability to sustain either a single active or passive failure and still perform design basis heat removal.

(3) Redundancy

~ PG&E Design Class I ASW system components are redundant.

(4) Isolation The ASW system includes provision for isolation of system components and may be split into separate trains during long term post-LOCA conditions.

(5) Protection from Missiles

~ PG&E Design Class I portions of the ASW system are designed, located, or protected against effects of missiles which may result from plant equipment failure and from events and conditions outside the plant to the extent necessary to assure that a safe shutdown condition of the reactor can be accomplished and maintained.

(6) Protection Against High Energy Pipe Rupture Effects

~ PG&E Design Class I portions of the ASW system are designed and located to accommodate the dynamic effects of a postulated high-energy pipe failure to the extent necessary to assure that a safe shutdown condition of the reactor can be accomplished and maintained .

9.2-45 Revision 24 September 2018

DCPP UNITS 1 & 2 FSAR UPDATE (7) Protection from Moderate Energy Pipe Rupture Effects - Outside Containment The outside containment PG&E Design Class I portion of the vital ASW system is designed to be protected against the effects of moderate energy pipe failure.

(8) Protection from Flooding Effects - Outside Containment The outside containment PG&E Design Class I portion of the vital ASW system is designed to be protected from the effects of internal flooding .

(9) Leak Detection The CCW system serves as an intermediate system between normally or potentially radioactive systems and the ASW system, which is an open-cycle system that discharges to the UHS (Pacific Ocean).

9.2.7.1.7 10 CFR 50.55a(f) - lnservice Testing Requirements ASW system ASME Code components are tested to the requirements of 10 CFR 50.55 a(f)(4) and 10 CFR 50.55a(f)(5) to the extent practical 9.2.7.1.8 10 CFR 50.SSa(g) - lnservice Inspection Requirements ASW system ASME Code components (including supports) are inspected to the requirements of 10 CFR 50.55a(g)(4) and 10 CFR 50.55a(g)(5) to the extent practical.

9.2.7.1.9 10 CFR 50.63 - Loss of All Alternating Current Power The ASW system is required to provide cooling water to the CCW System following a SBO .

9.2.7.1.10 10 CFR 50.48(c)- National Fire Protection Association Standard NFPA 805 The ASW system is designed to meet the nuclear safety and radioactive release performance criteria of Section 1.5 of NFPA 805, 2001 Edition.

9.2.7.1 .11 Generic Letter 89-10, June 1989 - Safety Related Motor-Operated Valve Testing and Surveillance The ASW system safety-related and position-changeable MOVs meet the requirements of Generic Letter 89-10, June 1989 and associated Generic Letter 96-05, September 1996.

9.2.7.1.12 Generic Letter 89-13, July 1989 - Service Water System Problems Affecting Safety-Related Equipment 9.2-46 Revision 24 September 2018

DCPP UNITS 1 & 2 FSAR UPDATE decision to split the ASW system into separate trains to mitigate a passive failure would be made by the TSC if it became required. (Reference 8)

The ASW system is comprised of active components for which design classifications are given in Table 3.2-3. The ASW system can sustain either an active or a passive failure and still perform its function.

(3) Redundancy Redundancy is provided by having two ASW pumps, one running and one on standby, and two CCW heat exchangers, with one normally in service and one in standby. The ASW system can be cross-connected within trains and between units so that various pump-heat exchanger combinations can be used for cooling . Redundant vacuum breakers are installed at the vertical bend of each line to eliminate water hammer.

Each unit's pair of ASW pump trains shares a common traveling screen to remove floating debris from the incoming seawater. If the common screen for a unit becomes clogged with debris, seawater may be supplied to the ASW pump bays from the unit's circulating water pump bays via the demusseling valves. Level transmitters are provided on both the inlet and outlet of the ASW common traveling water screen in each unit for the purpose of indication and annunciation of water level differential across the common screen and for automatic screen start. The level transmitters are shown in Figure 3.2-17.

(4) Isolation The design classification of the CCW heat exchangers is listed in Table 3.2-3. Rupture of the heat exchanger tubes or channel is considered highly unlikely because of low operating pressures and the use of corrosion-resistant materials. However, a leaking heat exchanger can be identified by sequential isolation or visual inspection. If the leak should be in the operating heat exchanger, the standby heat exchanger will be placed in operation and the leaking heat exchanger isolated and repaired.

(5) Protection from Missiles The provisions taken to protect the vital CCW system from missiles resulting from plant equ ipment failures and from events and conditions outside the plant are discussed in Sections 3.5.

(6) Protection Against High Energy Pipe Rupture Effects The provisions taken to protect the vi-ta! PG&E Design Class I portion of the ASW system from damage that might result from dynamic effects associated with a postulated ruptu re of high-energy piping are discussed in Section 3.6.

9.2-55 Revision 24 September 2018

DCPP UNITS 1 & 2 FSAR UPDATE (7) Protection from Moderate Energy Pipe Rupture Effects - Outside Containment The provisions taken to provide protection of the v#a-1 PG&E Design Class I portion of the ASW system located outside containment from the effects of moderate energy pipe failure are discussed in Section 3.6.

(8) Protection from Flooding Effects - Outside Containment The provisions taken to provide protection of the vital portion of the CCW system from flooding that might result from the effects associated with a postulated rupture of piping are discussed in Section 3.6.

No systems that are required for safe shutdown are rendered inoperable due to flooding caused by a postulated break in the ASW piping. The low operating pressure and temperature of the saltwater system minimizes the possibility of a line severance.

However, a severance would be detected and alarmed to the control room as low differential pressure across the heat exchanger and a high temperature rise across the CCW system, and possibly a pump motor failure. Sufficient valving is provided to isolate the units and their redundant trains from the failed section of piping.

Most of the ASW piping is buried except for short sections in the intake structure, the vacuum breaker vaults and the turbine building. A pipe break inside an ASW pump room or outside the boundary of both unit rooms in the Intake would not jeopardize the other pump motors. Each pump is housed in its own watertight compartment; therefore a pipe break would only flood one compartment. No components required to be operated for safe shutdown are located in the vacuum breaker vault. Failure of the ASW supply inside the turbine building would result in draining to the turbine building sumps (TBSs); a break in the ASW system discharge piping to the ocean would not result in flooding of the turbine building unless flow blockage in the line occurs, since the line pressure is negative.

In the event that the entire contents of the hotwell and heater drain tanks are discharged to the turbine building, the operability of PG&E Design Class I equipment (CCW heat exchangers) in the building is not endangered. The volume of water that would be discharged is within the capacity of the turbine building drain system. This system includes one 18-inch drain line from the TBS of each unit to the CWS discharge structure (refer to Figure 3.2-27 and Table 1.6-1). If this drain were clogged, the water flow would begin to fill the TBSs and equipment pits below 85 feet (refer to Figures 1.2-16 and 1.2-20). However, the capacity (58,000 cubic feet) below this elevation is more than the potential flooding volume. Refer to Section 10.4.7 for further discussion of flooding in the turbine building .

The ASW system is physically separated from all piping carrying high-energy fluid. The ASW system is a moderate-energy system as described in Section 3.6.

(9) Leak Detection 9.2-56 Revision 24 September 2018

Enclosure Attachment 4 PG&E Letter DCL-19-008 Diablo Canyon Power Plant Site - Aerial View

Enclosure Attachment 5 PG&E Letter DCL-19-008 Emergency Action Levels Applicable to the Intake Structure Impacted by Proposed Changes Emergency Action Level Impact/Evaluation of the Proposed Changes CA6.1 Alert No change required. This Emergency The occurrence of any Table C-6 hazardous event. Action Level (EAL) will continue to apply AND to the safety system equipment in the intake structure.

Event damage has caused indications of degraded performance on one train of a SAFETY SYSTEM Designating the intake structure originally needed for the current operating mode. as part of the Protected Area was based on the auxiliary saltwater (ASW) system AND EITHER: equipment designation at the intake

  • Event damage has caused indications of structure as "vital" equipment which degraded performance to a second train of the required supporting Security Plan and SAFETY SYSTEM needed for the current operating Emergency Plan commitments.

mode. Additionally, those EALs applying to potential impacts to buildings or OR structures housing safety-related

  • Event damage has resulted in VISIBLE DAMAGE equipment are not changed. Though the to the second train of a SAFETY SYSTEM needed intake structure will be changed in for the current operating mode. classification to a non-vital area, it continues to contain safety-related/safety Table C-6 Hazardous Events system equipment. Those EALs applying to damage or threats to safety-related
  • Seismic event (earthquake) equipment will continue to apply to the
  • Internal or external FLOODING event intake structure. The criteria/criterion
  • High winds or TORNADO strike applicable to safety-related equipment in
  • FIRE the intake structure have not been
  • EXPLOSION changed.
  • Tsunami
  • Other events with similar hazard characteristics as determined by the SM/SEC/ED

Enclosure Attachment 5 PG&E Letter DCL-19-008 Emergency Action Level Impact/Evaluation of the Proposed Changes HA1.1 Alert There are no changes to the texts of EALs A HOSTILE ACTION is occurring or has occurred HA 1.1 and HS 1.1. However, the within the OWNER CONTROLLED AREA as classification level will change as reported by the Security Watch Commander. described below:

OR A validated notification from NRC of an aircraft The classification level of a hostile action attack threat within 30 minutes of the site. in the intake structure will be classified as HS1 .1 Site Area Emergency an Alert per EAL HA 1.1 due to the A HOSTILE ACTION is occurring or has occurred proposed change. It is currently classified within the PLANT PROTECTED AREA as reported as a Site Area Emergency per EAL by the Security Watch Commander. HS1 .1. The new classification level is consistent with NRC endorsed NEI 99-01, Revison 6, EAL scheme for hostile actions in the owner controlled area. This new scheme was implemented at Diablo Canyon Power Plant (DCPP) on August 27, 2018. Leaving the current classification level of Site Area Emergency in place after the proposed change for a hostile action in the intake structure would result in DCPP deviating from NRC endorsed guidance and classifying the event higher than what is necessary for an event in the owner controlled area. The higher classification would also result in unnecessary offsite response and preliminary protective actions that accompany a Site Area Emergency classification.

No change required. This EAL will HU3.2 Unusual Event continue to apply to the safety system Internal room or area FLOODING of a magnitude equipment in the intake structure.

sufficient to require manual or automatic electrical isolation of a SAFETY SYSTEM component See CA6.1 evaluation required for the current operating mode.

2

Enclosure Attachment 5 PG&E Letter DCL-19-008 Emergency Action Level Impact/Evaluation of the Proposed Changes HU4.1 Unusual Event No change required. This EAL will A FIRE is not extinguished within 15 minutes of continue to apply to the safety system any of the following FIRE detection indications equipment in the intake structure.

(Note 1):

  • Report from the field (i.e., visual observation). See CA6.1 evaluation.
  • Receipt of multiple (more than 1) fire alarms or indications.
  • Field verification of a single fire alarm.

AND The FIRE is located within any Table H-1 area.

[Table H-1 includes the "Intake Structure Lower Levels"!

HU4.2 Unusual Event Receipt of a single fire alarm (i.e., no other No change required. This EAL will indications of a FIRE). continue to apply to the safety system AND equipment in the intake structure.

The FIRE alarm is associated with any Table H-1 area. See CA6.1 evaluation.

AND The existence of a FIRE is not verified within 30 minutes of alarm receipt.

[Table H-1 includes the "Intake Structure Lower Levels"!

3

Enclosure Attachment 5 PG&E Letter DCL-19-008 Emergency Action Level Impact/Evaluation of the Proposed Changes SA9.1 Alert No change required. This EAL will The occurrence of any Table S-5 hazardous event. continue to apply to the safety system equipment in the intake structure.

AND See CA6.1 evaluation.

Event damage has caused indications of DEGRADED PERFORMANCE on one train of a SAFETY SYSTEM needed for the current operating mode.

AND EITHER:

  • Event damage has caused indications of DEGRADED PERFORMANCE to a second train of the SAFETY SYSTEM needed for the current operating mode.

OR

  • Event damage has resulted in VISIBLE DAMAGE to the second train of a SAFETY SYSTEM needed for the current operating mode.

Table S-5 Hazardous Events

  • Internal or external FLOODING event
  • FIRE
  • EXPLOSION
  • Tsunam i
  • Other events with similar hazard characteristics as determined by the SM/SEC/ED 4
Retrieved from "https://kanterella.com/w/index.php?title=DCL-19-008,_License_Amendment_Request_19-01,_Proposed_Changes_to_the_Intake_Structure_Physical_Security_Classification&oldid=1914069"