Information Notice 2022-02, Operating Experience Related to the Unexpected Loss of Operating Security Power Due to Inadequate Testing and Maintenance
| ML23129A013 | |
| Person / Time | |
|---|---|
| Issue date: | 06/01/2023 |
| From: | Russell Felts Office of Nuclear Reactor Regulation |
| To: | |
| References | |
| EPID L-2023-GEN-0006 IN 2022-002, Rev 1 | |
| Download: ML23129A013 (5) | |
UNITED STATES
NUCLEAR REGULATORY COMMISSION
OFFICE OF NUCLEAR REACTOR REGULATION
WASHINGTON, DC 20555-0001 June 1, 2023 NRC INFORMATION NOTICE 2022-02, REVISION 1: OPERATING EXPERIENCE RELATED
TO THE UNEXPECTED LOSS OF
OPERATING SECURITY POWER DUE
TO INADEQUATE TESTING AND
MAINTENANCE
Note: Revision 1 changes only the
ADDRESSEES
to the original Information Notice 2022-02 issued on December 16, 2022. The change includes licensees that have permanently ceased
operations and have certified that fuel has been permanently removed from the reactor vessel.
All other content is the same.
ADDRESSEES
All holders of an operating license or construction permit for a nuclear power reactor under
Title 10 of the Code of Federal Regulations (10 CFR) Part 50, Domestic Licensing of
Production and Utilization Facilities, including those that have permanently ceased operations
and have certified that fuel has been permanently removed from the reactor vessel.
All holders of and applicants for a power reactor combined license, standard design approval, or
manufacturing license under 10 CFR Part 52, Licenses, Certifications, and Approvals for
Nuclear Power Plants.
All holders of and applicants for a fuel cycle facility license under 10 CFR Part 70, Domestic
Licensing of Special Nuclear Material.
PURPOSE
The U.S. Nuclear Regulatory Commission (NRC) is issuing this information notice (IN) to inform
addressees about recent operating experience related to the unexpected loss of all security
system1 power at multiple licensed facilities. The NRC expects that recipients will review the
information for applicability to their facilities and consider actions, as appropriate, to ensure
continued compliance with 10 CFR 73.55, Requirements for physical protection of licensed
activities in nuclear power reactors against radiological sabotage, and 10 CFR 73.46, Fixed
site physical protection systems, subsystems, components, and procedures. INs may not
impose new requirements, and nothing in this IN should be interpreted to require specific action.
DESCRIPTION OF CIRCUMSTANCES
1 In the examples cited in this communication, security system refers to all security related equipment associated
with the detection and assessment of alarms at the protected area and vital area barriers from the central and
secondary alarm stations.
IN 2022-02, Revision 1 In three isolated events in 2021 and 2022, separate nuclear power plant licensees unexpectedly
lost all security system power. These events were partially attributable to inadequate testing and
maintenance of security-related equipment and unnecessarily challenged the licensees security
organizations. Each instance resulted in the total loss of all alarm detection and assessment
capability from the alarm stations and necessitated immediate compensatory measures until
power could be restored and system testing could be completed.
Event 1:
In September 2022, while in normal operating conditions, Facility 1 (FAC1) lost its primary
security power supply due to a short caused by a small animal. The FAC1 secondary security
power supply, consisting of an uninterruptible power supply (UPS), battery, diesel generator, and associated power transfer circuitry, did not operate as designed. The loss of the primary
and secondary security power supplies resulted in a loss of protected area (PA) and vital area
(VA) alarm detection and assessment capabilities from both the central alarm station (CAS) and
secondary alarm station (SAS) for several hours.
The NRC performed a special inspection in response to the event. The inspectors identified that
FAC1 placed the security UPS in bypass for system maintenance in December 2020. This
action prevented the secondary power supply from functioning in the event of a loss of primary
power. FAC1 maintenance personnel suspended the maintenance activity in December 2020
but did not restore the system to the appropriate lineup when work was suspended. FAC1 maintenance personnel were not aware of the regulatory requirements associated with disabling
the secondary power supply, and the FAC1 security organization was not informed that the
secondary power supply would not function in the event of a loss of primary power.
The NRC inspectors also identified that FAC1 was not appropriately testing the secondary
security power supply to verify the system would perform its intended function. The inspectors
determined that FAC1 was only testing the security diesel portion of the secondary power
supply but had not tested the UPS, battery, or power transfer circuitry since initial installation.
The inspectors determined that inadequate operability, maintenance, and testing of the
secondary power supply and the lack of communication regarding the status of the secondary
power supply between the maintenance and security staff contributed to the consequence of the
event and the exposure time of the vulnerability.
Event 2:
In July 2022, while performing troubleshooting maintenance on a security inverter, Facility 2 (FAC2) experienced a loss of primary and secondary security power. The loss of the primary
and secondary security power supplies resulted in a loss of PA and VA alarm detection and
assessment capabilities from both the CAS and SAS.
The NRC performed a special inspection in response to the event. The inspectors determined
that the security inverter work package did not have the level of detail necessary to perform the
maintenance activity successfully based on the training, experience, and qualifications of the
workers. Specifically, the assigned electricians, while qualified for the activity, were unfamiliar
with the equipment and the vendor manual sections included in the work order. This resulted in
the electricians performing steps from the wrong section of the vendor manual and causing the
loss of security power. Additionally, the FAC2 maintenance work planner did not include
IN 2022-02, Revision 1 appropriate engineering support to ensure the work instructions were developed to an
appropriate level of detail consistent with the training of the individuals assigned to the work.
The inspectors determined that the FAC2 maintenance planning personnel did not follow the
maintenance planning procedures in the development of the security inverter work package.
Specifically, error-likely situations were not identified during planning so that appropriate
controls could be implemented to mitigate errors during the performance of the maintenance
activities.
Event 3:
In July 2021, while testing the security secondary power supply, Facility 3 (FAC3) experienced a
momentary loss of primary and secondary security power, which resulted in a loss of PA and VA
alarm detection and assessment capabilities from both the CAS and SAS.
Before the event, in May 2021, FAC3 maintenance personnel performing maintenance of a
halon fire suppression system caused a perturbation of the security UPS that resulted in the
UPS switching to the bypass configuration. This prevented the battery and UPS portion of the
secondary power supply from functioning in the event of a loss of primary power. FAC3 alarm
station personnel received an alarm indicating UPS trouble, but FAC3 maintenance and
operations personnel assumed the alarm was due to an identified deficiency in the halon
system. FAC3 security personnel did not enter the UPS trouble alarm into the FAC3 corrective
action program.
By July 2021, FAC3 had not restored the UPS from bypass before testing the security diesel
generator. Upon initiation of the testing, the FAC3 CAS and SAS lost all power until the security
diesel generator completed its startup and loading. The NRC inspection of this event concluded
that the inadequate configuration control and licensee response to the UPS alarm resulted in
the loss-of-power event.
Additional information related to these events are contained in Official Use OnlySecurity
Related Information inspection reports. These reports are withheld from public disclosure in
accordance with 10 CFR 2.390, Public Inspections, Exemptions, Requests for Withholding
requirements.
DISCUSSION
In accordance with 10 CFR 73.55(i), licensees must ensure that intrusion detection and
assessment equipment at the PA perimeter remains operable from a UPS in the event of the
loss of normal power. Additionally, in accordance with 10 CFR 73.55(n), the maintenance and
testing program must include these power supplies to ensure that they are capable of
performing their intended function.
Likewise, in accordance with 10 CFR 73.46(e), intrusion alarm systems must remain operable
from independent power sources in the event of the loss of normal power. Also, in accordance
with 10 CFR 73.46(g), physical protection related devices and equipment must be maintained in
an operable and effective condition.
Proper operation of security secondary power supplies is critical to the ability of licensee
security organizations to successfully carry out security functions. Proper identification,
IN 2022-02, Revision 1 assessment, and response to alarms generated at the PA barrier are a fundamental component
of licensees defensive strategies.
The NRC identified common themes in the events discussed above. In each instance, licensee
maintenance personnel did not prioritize the operability, maintenance, and testing of security
secondary power supply in accordance with its security significance and regulatory
requirements. Additionally, licensee personnel did not identify the potential and actual
consequences of their maintenance decisions and the resultant effect on the licensees security
posture.
CONTACT
S
Please direct any questions about this matter to the technical contact listed below.
/RA/
Russell Felts, Director
Division of Reactor Oversight
Office of Nuclear Reactor Regulation
Technical Contact:
Jeffrey Bream, NSIR
301-415-0256 Email: Jeffrey.Bream@nrc.gov
ML23129A013 EPIDS No. L-2023-GEN-0006 OFFICE Author Authors BC QTE OE OD
NAME JBream CPantalo JDougherty JPeralta MGavrilas
DATE 5/11/23 5/22/23 5/11/23 5/15/23 5/22/23 OFFICE NRR/DRO/IOEB NRR/DRO NRR/DRO/IOEB NRR/DRO
NAME BBenney IBetts LRegner RFelts
DATE 5/22/23 5/31/23 6/1/23 6/1/23