Information Notice 2022-02, Operating Experience Related to the Unexpected Loss of Operating Security Power Due to Inadequate Testing and Maintenance

From kanterella
(Redirected from Information Notice 2022-02)
Jump to navigation Jump to search
Operating Experience Related to the Unexpected Loss of Operating Security Power Due to Inadequate Testing and Maintenance
ML23129A013
Person / Time
Issue date: 06/01/2023
From: Russell Felts
Office of Nuclear Reactor Regulation
To:
References
EPID L-2023-GEN-0006 IN 2022-002, Rev 1
Download: ML23129A013 (5)


UNITED STATES

NUCLEAR REGULATORY COMMISSION

OFFICE OF NUCLEAR REACTOR REGULATION

WASHINGTON, DC 20555-0001 June 1, 2023 NRC INFORMATION NOTICE 2022-02, REVISION 1: OPERATING EXPERIENCE RELATED

TO THE UNEXPECTED LOSS OF

OPERATING SECURITY POWER DUE

TO INADEQUATE TESTING AND

MAINTENANCE

Note: Revision 1 changes only the

ADDRESSEES

to the original Information Notice 2022-02 issued on December 16, 2022. The change includes licensees that have permanently ceased

operations and have certified that fuel has been permanently removed from the reactor vessel.

All other content is the same.

ADDRESSEES

All holders of an operating license or construction permit for a nuclear power reactor under

Title 10 of the Code of Federal Regulations (10 CFR) Part 50, Domestic Licensing of

Production and Utilization Facilities, including those that have permanently ceased operations

and have certified that fuel has been permanently removed from the reactor vessel.

All holders of and applicants for a power reactor combined license, standard design approval, or

manufacturing license under 10 CFR Part 52, Licenses, Certifications, and Approvals for

Nuclear Power Plants.

All holders of and applicants for a fuel cycle facility license under 10 CFR Part 70, Domestic

Licensing of Special Nuclear Material.

PURPOSE

The U.S. Nuclear Regulatory Commission (NRC) is issuing this information notice (IN) to inform

addressees about recent operating experience related to the unexpected loss of all security

system1 power at multiple licensed facilities. The NRC expects that recipients will review the

information for applicability to their facilities and consider actions, as appropriate, to ensure

continued compliance with 10 CFR 73.55, Requirements for physical protection of licensed

activities in nuclear power reactors against radiological sabotage, and 10 CFR 73.46, Fixed

site physical protection systems, subsystems, components, and procedures. INs may not

impose new requirements, and nothing in this IN should be interpreted to require specific action.

DESCRIPTION OF CIRCUMSTANCES

1 In the examples cited in this communication, security system refers to all security related equipment associated

with the detection and assessment of alarms at the protected area and vital area barriers from the central and

secondary alarm stations.

ML23129A013

IN 2022-02, Revision 1 In three isolated events in 2021 and 2022, separate nuclear power plant licensees unexpectedly

lost all security system power. These events were partially attributable to inadequate testing and

maintenance of security-related equipment and unnecessarily challenged the licensees security

organizations. Each instance resulted in the total loss of all alarm detection and assessment

capability from the alarm stations and necessitated immediate compensatory measures until

power could be restored and system testing could be completed.

Event 1:

In September 2022, while in normal operating conditions, Facility 1 (FAC1) lost its primary

security power supply due to a short caused by a small animal. The FAC1 secondary security

power supply, consisting of an uninterruptible power supply (UPS), battery, diesel generator, and associated power transfer circuitry, did not operate as designed. The loss of the primary

and secondary security power supplies resulted in a loss of protected area (PA) and vital area

(VA) alarm detection and assessment capabilities from both the central alarm station (CAS) and

secondary alarm station (SAS) for several hours.

The NRC performed a special inspection in response to the event. The inspectors identified that

FAC1 placed the security UPS in bypass for system maintenance in December 2020. This

action prevented the secondary power supply from functioning in the event of a loss of primary

power. FAC1 maintenance personnel suspended the maintenance activity in December 2020

but did not restore the system to the appropriate lineup when work was suspended. FAC1 maintenance personnel were not aware of the regulatory requirements associated with disabling

the secondary power supply, and the FAC1 security organization was not informed that the

secondary power supply would not function in the event of a loss of primary power.

The NRC inspectors also identified that FAC1 was not appropriately testing the secondary

security power supply to verify the system would perform its intended function. The inspectors

determined that FAC1 was only testing the security diesel portion of the secondary power

supply but had not tested the UPS, battery, or power transfer circuitry since initial installation.

The inspectors determined that inadequate operability, maintenance, and testing of the

secondary power supply and the lack of communication regarding the status of the secondary

power supply between the maintenance and security staff contributed to the consequence of the

event and the exposure time of the vulnerability.

Event 2:

In July 2022, while performing troubleshooting maintenance on a security inverter, Facility 2 (FAC2) experienced a loss of primary and secondary security power. The loss of the primary

and secondary security power supplies resulted in a loss of PA and VA alarm detection and

assessment capabilities from both the CAS and SAS.

The NRC performed a special inspection in response to the event. The inspectors determined

that the security inverter work package did not have the level of detail necessary to perform the

maintenance activity successfully based on the training, experience, and qualifications of the

workers. Specifically, the assigned electricians, while qualified for the activity, were unfamiliar

with the equipment and the vendor manual sections included in the work order. This resulted in

the electricians performing steps from the wrong section of the vendor manual and causing the

loss of security power. Additionally, the FAC2 maintenance work planner did not include

IN 2022-02, Revision 1 appropriate engineering support to ensure the work instructions were developed to an

appropriate level of detail consistent with the training of the individuals assigned to the work.

The inspectors determined that the FAC2 maintenance planning personnel did not follow the

maintenance planning procedures in the development of the security inverter work package.

Specifically, error-likely situations were not identified during planning so that appropriate

controls could be implemented to mitigate errors during the performance of the maintenance

activities.

Event 3:

In July 2021, while testing the security secondary power supply, Facility 3 (FAC3) experienced a

momentary loss of primary and secondary security power, which resulted in a loss of PA and VA

alarm detection and assessment capabilities from both the CAS and SAS.

Before the event, in May 2021, FAC3 maintenance personnel performing maintenance of a

halon fire suppression system caused a perturbation of the security UPS that resulted in the

UPS switching to the bypass configuration. This prevented the battery and UPS portion of the

secondary power supply from functioning in the event of a loss of primary power. FAC3 alarm

station personnel received an alarm indicating UPS trouble, but FAC3 maintenance and

operations personnel assumed the alarm was due to an identified deficiency in the halon

system. FAC3 security personnel did not enter the UPS trouble alarm into the FAC3 corrective

action program.

By July 2021, FAC3 had not restored the UPS from bypass before testing the security diesel

generator. Upon initiation of the testing, the FAC3 CAS and SAS lost all power until the security

diesel generator completed its startup and loading. The NRC inspection of this event concluded

that the inadequate configuration control and licensee response to the UPS alarm resulted in

the loss-of-power event.

Additional information related to these events are contained in Official Use OnlySecurity

Related Information inspection reports. These reports are withheld from public disclosure in

accordance with 10 CFR 2.390, Public Inspections, Exemptions, Requests for Withholding

requirements.

DISCUSSION

In accordance with 10 CFR 73.55(i), licensees must ensure that intrusion detection and

assessment equipment at the PA perimeter remains operable from a UPS in the event of the

loss of normal power. Additionally, in accordance with 10 CFR 73.55(n), the maintenance and

testing program must include these power supplies to ensure that they are capable of

performing their intended function.

Likewise, in accordance with 10 CFR 73.46(e), intrusion alarm systems must remain operable

from independent power sources in the event of the loss of normal power. Also, in accordance

with 10 CFR 73.46(g), physical protection related devices and equipment must be maintained in

an operable and effective condition.

Proper operation of security secondary power supplies is critical to the ability of licensee

security organizations to successfully carry out security functions. Proper identification,

IN 2022-02, Revision 1 assessment, and response to alarms generated at the PA barrier are a fundamental component

of licensees defensive strategies.

The NRC identified common themes in the events discussed above. In each instance, licensee

maintenance personnel did not prioritize the operability, maintenance, and testing of security

secondary power supply in accordance with its security significance and regulatory

requirements. Additionally, licensee personnel did not identify the potential and actual

consequences of their maintenance decisions and the resultant effect on the licensees security

posture.

CONTACT

S

Please direct any questions about this matter to the technical contact listed below.

/RA/

Russell Felts, Director

Division of Reactor Oversight

Office of Nuclear Reactor Regulation

Technical Contact:

Jeffrey Bream, NSIR

301-415-0256 Email: Jeffrey.Bream@nrc.gov

ML23129A013 EPIDS No. L-2023-GEN-0006 OFFICE Author Authors BC QTE OE OD

NAME JBream CPantalo JDougherty JPeralta MGavrilas

DATE 5/11/23 5/22/23 5/11/23 5/15/23 5/22/23 OFFICE NRR/DRO/IOEB NRR/DRO NRR/DRO/IOEB NRR/DRO

NAME BBenney IBetts LRegner RFelts

DATE 5/22/23 5/31/23 6/1/23 6/1/23