Forwards Summary of Sabotage Protection Considerations & Draft Requirements for Sabotage Design from EPRI Advanced LWR Requirements Document,Per NRC .Basis for Program Listed

ML20154G907
Person / Time
Site:	05000470
Issue date:	09/14/1988
From:	Scherer A ABB COMBUSTION ENGINEERING NUCLEAR FUEL (FORMERLY
To:	Vissing G Office of Nuclear Reactor Regulation
References
PROJECT-675F LD-88-091, LD-88-91, NUDOCS 8809210116
Download: ML20154G907 (4)
v • d • e

Text

.

September 14, 4 '

- LD-88-091 t i

Docket No. STN 50-470F r l (Project No. 675) i

. Mr. Guy S. V!ssing, Project Manager Standsrdization and Non-Power Reactor Project Directorate  !

Office of Nuclear Reactor Regulation i Att.u Document Control Desk ,

U. S. Nuclear Regulatory Conuaission  !

Washington, D.C. 20555 <

i

Subject:

CESSAR-DC, Program for AdAessing Sa' . tage Protection

References:

(A) Letter, G. S. Vissing (NRC) to A. E. Scherer (C-E),

dated December 8,1987 r

(B) Letter, LD-88-020, A. E. Scherer (C-E) to G. 9.

Vissing (NRC), dated March 18, 1988 j l

Dear Mr. Vissing:

Tne purpose of this letter la to respond to Reference (A) cot:erning i sabotage protection. To give some insight to your review on this  :

subject, you summarized some specific areas of interest. For

, conver.ience, those specific items are provide.i in Attachment (1) to this i i letter. Our approach to Physical Sect rity, including sabotage f

protection, was described in e.a r responso to NRC Question 500.2 (

1 [ Reference (D)]. Your phone call of March 31, 1988, expressed the [

] concern that our response was based on currera NRC :.riteria and would 6 not include a secch for new criteria.  :

I i' o Combustion Engineering is establishing a r L*:ip protection program to s address your concerns. Our program wJl ba '>ased on the general Z'#ga. criteria and guidance from EPRI's ALWR Ree f nw ments Document. The

• l basic elements of our program ares  :

1. Development of design bases for System 80+TM relative to j x sabotage which conform to the EPRI Requirements Document. f 1 $y Attachment (2) provides the current draft of this guidance.

l

.-z .

l N 2. Development of a ranking of systems and components ,

Important to sabotage, using an approach consistent with the  !

j Department of Enwrgy's report "Ranking of Light Water k

l Reactor Systems for Sabotage Protectioti" (SAND 82 7053, July 4

1982).

i I

Power Systems 1000 Prospect HA Road (203) 688 1911 gy,

+

Combusbon Eroneenr4 inc. Post Offce Dos 500 To'er 99297 1 Watsot, Connecteut 0000H500

) l

( ,

i

.' . Mr. G. S. Visning LD-88-091 September 14, 1988 Page 2 a

3. Development of a plant layout with the system and component ranking as an input, in a manner which supports implementation of arca-type physical protection measures as identified in the NRC's report "A Review of Selected Methods for Protecting Against Sabotage by an Insider" (NUREG/CR-2643, August 1982).

4. Evaluation of the fluid, electrical, and nuclear systems from the standpoint of damage control to initigatu sabotage, consistent with the approach outlined in the NR C's report "Acceptance Criteria for the Evaluation of Nuclear Power Reactor Security Plans" (NUREG/CR-0908 August 1982).

5. Implementation of additional design improvements, as necessary, to ensure appropriate ability to achieve safe

shutdown for attempted sabotage events.

We expect to complete our program in 1989, however, this is contingent on timely development of the corresponding chapters of the EPRI A. LWR Requiremes.ts Document. The EPRI ALWR hequirements Document should be very useful in addressing Items 1, 2, 3, 5, and 6 in the attached list of NRC sabotage protection considerations [ Attachment (1)). Also, wo expect that in the fourth quarter of 1988, we will propose to meet with you to describe our program (and progress) and obtain your feedback. In the meantime, we would be pleased to receive any additional input that you might have on criteria for sabotage protection so that it can be considered in the System 80+ design or the l EPRI Requirements Document as appropriate.

If you have any questions or comments, please feel free to call either me or Mr. S. E. Ritterbusch of my staff at (203) 285-5206.

Very truly yours, COMBUSTION ENGINEERING, INC.

Director Nuclear Licensing i

AES:dmb Attachmants: As Stated ec: E. B. Abrams (Duke Power Company)

Frank Ross (DOE-Cermantown) j J. Desine (EPRI)

I i .

I

• ' Attochment (1) to LD-88-091~ .

Page 1 of 1 I i

i I

l Summary rf Sabotage protection Considerations~

~

Identified by NRC December 8,1987 i

1. Resolution of USI A-29.

2. Identification of design criteria to reduce the dependence on security systems for protection against radiological sabotage.  ;

3. Description of the desip features that implement the criteria of item 2 without impeding emergency access to safety-related '

equipment.  ;

4. Ana'ysis of sabotage to demonstrate the effectiveness of design features in item 3 above.

5. Implementation of the Regulatory Guide 5.65 position on physical barriers, which could affect the design of ducts and ventilation

] openings.

6. Discussion of how many decay heat removal systems would have to b2 defected to prevent mitigation of a loss of off-site power event.

7. It'entification of the equipment within Combustion Engineering's scope, but outside the containment, that would have to be  ;

protected as vital in the context of 10 CFR 73.2(1).

8. Identification of systems not within Combustion Engineering's scope that appilcants would have to list as vital. ,

9. protection of listings of vital equipment (items 7 and 8) from l public disclosure in accordance with either 10 CFR 50.34(e) or 10 t CFR 2.790.

i i i

l i

1

-. - _ . _ . , -+r--. ,y-w~-= r'-N-&- ~-r-P .w ----e-e--- - - - + s P V "+77- -

c-pfp

1 Att2chment (2)

,- to LD-88-091 Page 1 of 1 i DRAFT REQUIREMENTS FOR SABOTAGE DESIGN FROM THE EPRI ALWR REQUIREMENTS DOCUMENT I

1. Insider threat is based on one knowledgeable individual working alone without armament or explosives to create an offsite release in excess of 10CFR100 limits.

]

2. The security detection systems cannot be disabled without 3

detection by the security force.

Insider sabotage can result in either/both an event initiation or a

3.  !

latent functional impedicent (also called tampering).  ;

4. Outsider sabotage by force can be effectively deterred by the onsite and/or offsite security assets. The size and means of e outsider threats must be assumed in the design of security systems and assets.

5. The security system shall perform its functions during all modes of ,

plant operation, t

6. Sabotage events are not taken in conjunction with some other independent single failure ( uch as diesel engine failure or i redundant system failure) or Independently initiated events such '

as extetrial events (e.g., seismic, tornado) or internal events .

(e.g. , LOCA, SGTR). t l

7. Design for protection against sabotage shall prevent a release in excess of the guidallnes of 10CFR100 from irradiated fuel, i

8. The security restrictions for access to equipment and plant regions .

must be compatible with loss of site power accesai requirements , l fire protection, health physics, and local operation actions

, required for event mitigation more generally. Access restriction should not excessively impede operator functions during normal i operetions.

{

j 9. The security system shall prevent unauthorized access to

! containment during power operation. Therefore, sabotage for ,

components and systems located in containment need not be l considered for power operations. l

10. The sabotage design shsll assure protection of the core damage prevention safety functions, i.e., reactivity control, coolant inventory control, coolant pressure control, and coolant heat I removal.

i l

__-_: