Text

4CONNECTICUT YANKEE ATOMIC POWER COMPANY HADDAM NECK PLANT i362 INJUN HOLLOW ROAD

• EAST HAMPTON, CT 06424-3099 October 24, 2011 CY-1 1-038 License No. DPR-61 Docket No. 50-213, 72-39 Re: DG 5033 Comments Mr. Phil Brochman Office of Nuclear Security and Incident Response U. S. Nuclear Regulatory Commission Washington, D. C. 20555-0001

Dear Mr. Brochman:

Connecticut Yankee Atomic Power Company appreciates the opportunity to comment on the Draft Regulatory Guide DG 5033, "Security Performance (Adversary)

Characteristics for Physical Security Programs for 10 CFR Part 72 Licensees".

Connecticut Yankee supports a revision to the regulations in 10 CFR Parts 72 and 73 so that the physical security requirements for ISFSIs are based upon the type of facility (and its attendant risk) and not on the type of license held by the facility.Connecticut Yankee is the licensee for the Haddam Neck Plant facility.Connecticut Yankee is an Independent Spent Fuel Storage Installation (ISFSI) at a fully decommissioned power reactor site. The ISFSI is licensed under a 10 CFR Part 50 possession-only license and a general license under 10 CFR 72.210. Connecticut Yankee has serious concerns regarding the scope of the regulatory bases contained in the Draft Regulatory Guide and regarding the dramatic departure from existing guidance as it pertains to a stand-alone ISFSI at a former reactor site.The general comments below on DG 5033 are intended to be non safeguards but to nonetheless clearly reflect Connecticut Yankee's objection to the approach in the DG. DG 5033 states that it is intended to be risk informed.

However, it does not appear that the significant reduction in risk to the public of fuel in dry storage compared to the risks of fuel in wet storage (and from other radiological sources)at operating nuclear plants is adequately reflected in the content of the draft guidance.

General Comments: 1. Similar to other stand-alone ISFSI licensees, Connecticut Yankee utilizes a detect, deter and communicate protective strategy.

The DG would adopt a new protective strategy based on an evaluation of dose consequences of security scenarios.

The basis for this departure has not been adequately explained.

If such a change were warranted by existing "classified threat information", presumably new orders would have been issued for licensees to address the threats. This has not been the case.2. With the introduction of a radiological design basis for ISFSIs, a number of areas of concern result: a. The Final Safety Analysis Reports (FSARs) for dry cask storage systems demonstrate the robust nature of the construction of the storage system. The FSARs conclude that the systems preclude the release of radiological materials.

This is inconsistent with the approach of the draft guidance.b. The highest level of emergency event classification for an ISFSI is an Unusual Event based on the FSAR analysis that a radiological release is not credible.

A radiological event which includes a plume and exposure pathway would dictate escalation to a higher event.This creates an inconsistency in the regulatory basis. Similarly, a number of ISFSIs utilize a design basis for the Emergency Plan that is based on the conclusion that the limits set forth in 10 CFR 100.11 and 10 CFR 72.106(b) cannot be reached at the site area boundary.c. A number of ISFSI licensees have reduced their 10 CFR Part 50 licensed area to a small area encompassing the ISFSI pad and the area immediately surrounding it. With the introduction of a hypothetical radiological release, ISFSI licensees may be required to acquire and re-license property adjacent to the ISFSI, creating practical difficulties and unjustified expense.2. We recognize that Regulatory Guides cannot incorporate requirements from Orders. However, DG-5033 does not address the entire range of requirements that are contained within the ICM's or ACM's previously issued to these facilities.

For example, the number of Local Law Enforcement Agencies (LLEA) responders required and the time intervals for those responses are specifically stated in the ICM's and yet are not addressed in DG-5033. Since DG-5033 only addresses some of the requirements of the ICM's or ACM's, it may lead to confusion.

The requirements in the DG should replace the existing orders and those orders should be rescinded.

3. The change from the currently approved design basis threat to a radiological event based approach as proposed in DG-5033 is contrary to a number of NRC Safety Evaluation Reports (SERs) written for stand-alone ISFSIs. For example, as quoted from the SER for Amendment 199 to Connecticut Yankee License (DPR-61) the NRC conclusion states: "Connecticut Yankee has stated that it plans to maintain the boundary of its controlled area to 300 meters from the dry cask storage installation.

Based on the 300 meters, the NRC staffs conclusion is that the DBT of radiological sabotage would result in a dose that would be well below the 10 CFR 72.106(b) limits." 4. The NRC in its design basis threat rule for power plants did not include airborne attacks. Accordingly, the DG raises the issue of whether an airborne attack to the ISFSI is a valid accident/threat scenario.

Cask vendors who license the casks are not currently required to evaluate the scenario in their FSAR. Is an airborne attack part of the adversarial characteristics listed in Reg. Guide 5.69? Didn't the RAMCAP evaluations look at the beyond design basis scenarios for applicability at each site and were these evaluations considered when drafting DG-5033?5. As a general matter, it appears that the NRC's approach of developing draft guidance for preliminary stakeholder comment before the regulation (10 CFR 73.51) has been drafted and/or released for comment is backwards.

Since the requirements are performance-oriented, and necessarily broad, the associated guidance is commonly understood to be an explication of the requirements.

Shouldn't the regulation be in place before guidance documents implementing the regulation are issued?Section 1.1.a 1. Even though DG-5033 discusses in Section 1, "Applicability" the protective strategies of "Detect, assess and communicate" and"denial", it seems that the entire regulatory guide is written to implement a "denial" strategy with no additional consideration given to a "detect, assess and communicate" strategy.Section 2.11: 1. If a site utilizes a protective strategy of "detect, assess and communicate," and those tasks can be accomplished without requiring the alarm station within a Protected Area, even if the vehicle bomb assault was successful, then the requirement for an alarm station to be within a Protected Area would be unnecessary.

Many of the decommissioned stand-alone ISFSI sites such as Connecticut Yankee currently have an exemption that allows the alarm station to be located outside the PA. The basis (in part) for this exemption is the ability to complete the notification requirement to LLEA.2. If a site has contracted remote monitoring services to satisfy the requirement for a secondary monitoring location, are they required to meet the requirements of Section 8, "Insider Assistance," and Section 12, "Cyber Assault"?

Would these same requirements apply to LLEA and their communication systems that would be utilized to dispatch responders to the site?3. The list of personnel, components and functions does not state "and" or "or" and, therefore, the reader cannot tell whether all must be protected, or only subsets must be protected.

As presently worded, it appears that both the CAS and SAS must be protected, which is a protective standard that exceeds the requirements for power reactors.This comment also applies to Sections 3.1, 4.1, 5.1 and 7.1.Implementation:

1. DG-5033 states: "A licensee who believes that the NRC staff is inappropriately imposing this Regulatory Guide as part of a request for a license amendment or a request for a change to a previously issued NRC regulatory approval may file a back-fitting appeal with the NRC in accordance with applicable procedures." Isn't the NRC bound by regulation (10 CFR 50.109 -which only applies to Part 50 licensees) to establish a need for back-fit?Conclusion:

1. The conclusion states: "This Regulatory Guide is not being imposed on current licensees and may be voluntarily used by existing licensees." This statement is very ambiguous since the whole basis of the Regulatory Guide is to establish a new Design Basis Threat (DBT) for an ISFSI and to define the adversarial characteristics included in the design basis threat. In fact, the enhanced characteristics and capabilities of adversaries described in DG-5033 far exceed those outlined in Regulatory Guide 5.69, establishing a DBT that power reactors are required to defend against.One final comment pertains to any and all proposed changes to the protective strategies for ISFSIs and/or the adversarial characteristics defining a DBT. It is very difficult to comment as a stakeholder without appropriate information.

Many licensee personnel that are being asked for comment on DG-5033 are not cleared for "Classified Information" and are at a disadvantage evaluating the information.

Meetings and seminars are being scheduled to discuss changes to D\.the threat environment and these people cannot attend. Priority should be elevated to establish the process to clear the appropriate licensee personnel.

Connecticut Yankee appreciates this opportunity to provide comments on DG 5033. We believe significant improvements remain necessary to accurately risk inform the guidance, particularly as it may relate to a stand-alone ISFSI (dry storage) at a decommissioned reactor site such as Connecticut Yankee. The fact that the license remains a Part 50 license (authorizing possession only of special nuclear material) should be irrelevant to the scope of physical security requirements that should be applied.Respectfully submitted, ('mes M. Lenois onnecticut Yankee ISFSI Manager Cc: S. Wastler, NRC Document Control Desk J. Hanson, NEI J. Goshen, NRC Project Manager J.Joustra, NRC Region 1

'SPOS.)0~2 IP $001 000186086.OCT 20 4AL2 FRO'F ~Connecticut Yankee Atomic Power Co.362 Injun Hollow Road East Hampton, CT 06424 aftmm A 41%FlRzii MAIL 111 ffm U.S. Nuclear Regulatory Commission Document Control Desk Washington, DC 20555 A