RIS 2015-03, Identifying and Reporting Security Incidents Under 10 CFR Part 37

From kanterella
(Redirected from ML14255A037)
Jump to navigation Jump to search
Identifying and Reporting Security Incidents Under 10 CFR Part 37
ML14255A037
Person / Time
Issue date: 02/24/2015
From: Michael Cheok, Laura Dudes, Kokajko L
Office of Nuclear Material Safety and Safeguards, Division of Materials Safety, Security, State, and Tribal Programs, Division of Construction Inspection and Operational Programs, Division of Policy and Rulemaking
To:
Wu I
References
RIS-15-003
Download: ML14255A037 (7)
v  d  e


UNITED STATES

NUCLEAR REGULATORY COMMISSION

OFFICE OF NUCLEAR MATERIAL SAFETY AND SAFEGUARDS

OFFICE OF NUCLEAR REACTOR REGULATION

OFFICE OF NEW REACTORS

WASHINGTON, D.C. 20555 February 24, 2015 NRC REGULATORY ISSUE SUMMARY 2015-03, IDENTIFYING AND REPORTING SECURITY INCIDENTS

UNDER 10 CFR PART 37

ADDRESSEES

All holders of and applicants for U.S. Nuclear Regulatory Commission (NRC) licenses that possess category 1 and category 2 quantities of radioactive material, NRC Master Material Licensees (MMLs), Agreement State Radiation Control Program Directors, and State Liaison Officers.

INTENT

The NRC is issuing this regulatory issue summary (RIS) to inform licensees of the requirements regarding identifying and reporting security incidents, including suspicious activity, involving category 1 or category 2 quantities of radioactive material under 10 CFR Part 37; when and how to report those matters; and to make recipients aware of a database used to track reports of suspicious activity. No specific action or written response is required. NRC is providing this RIS

to the Agreement States for their information and for distribution to their licensees, as appropriate.

BACKGROUND

Following the attacks of September 11, 2001, NRC issued orders, and in some cases, license conditions requiring implementation of interim security measures to a number of categories of licensees, including fuel cycle facilities, licensees who transport radioactive materials in quantities of concern, manufacturers and distributors, large panoramic and underwater irradiators, and licensees with risk-significant quantities of radioactive material. These orders required licensees to notify NRC of security incidents involving certain types of byproduct material. Agreement States issued similar requirements to their licensees.

In a final rule published in the Federal Register on March 19, 2013, (78 FR 16921) the NRC

added a new Part 37 to its regulations in Title 10 of the Code of Federal Regulations, and made conforming changes to other parts of NRC regulations regarding radioactive materials. This rule, in large part, replaces the orders referred to above. The new regulation, which NRC

licensees had to comply with by March 19, 2014, established, among other things, physical security requirements for the possession and use of category 1 and category 2 quantities of radioactive material. The new rule, 10 CFR Part 37, can be found at http://www.nrc.gov/reading-rm/doc-collections/cfr/part037/. The related implementation guidance can be found at http://www.nrc.gov/reading-rm/doc-collections/nuregs/staff/sr2155/.

ML14255A037 Agreement States will issue similar updated requirements to their licensees by March 19, 2016.

The new regulation includes provisions in 10 CFR 37.57 and 10 CFR 37.81 to standardize the reporting of actual incidents and of suspicious activity.

SUMMARY OF ISSUE

Reporting of Incidents; Including Incidents Involving Suspicious Activity

10 CFR Part 37.57(a) requires a licensee to report to local law enforcement and the NRC after determining that an unauthorized entry resulted in an actual or attempted theft, sabotage, or diversion of a category 1 or category 2 quantity of radioactive material. 10 CFR 37.57(b)

requires licensees to assess suspicious activity related to possible theft, sabotage, or diversion of radionuclides of concern, and if appropriate, to report the suspicious activity to local law enforcement and the NRC. The reporting of suspicious activities is an important component of evaluating the threat against licensed facilities and material. The NRC 1) reviews individual notifications of suspicious activities to evaluate whether potential preoperational activities (i.e.,

multiple events at a single site or multiple events at multiple sites) may be part of a larger plan, and 2) integrates this information with other agencies in the homeland security and intelligence communities. This has the potential to prevent or stop malicious activity at licensee facilities.

Examples of suspicious activity may include, but are not limited to, the following:

Stated threats against the licensees facility or staff Use of forged, stolen, or fabricated documents to support access control or authorization activities Unusual challenges to security systems that could represent attempts to gather information on system performance or personnel or equipment response actions An individual(s) conducting unapproved photographing or videotaping of licensed facilities Unauthorized attempts to probe or gain access to the licensees business secrets or other sensitive information or to control systems, including the use of social engineering techniques (e.g., impersonating authorized users)

The unauthorized operation, manipulation, or tampering of radioactive material in quantities of concern or the unauthorized operation, manipulation, or tampering of security-related structures, systems, and components that could prevent the implementation of the licensees protective strategy Additional examples of potentially reportable suspicious activities are listed in Annex C of NUREG-2155, Implementation Guidance for 10 CFR Part 37, Physical Protection of Category 1 and Category 2 Quantities of Radioactive Material http://pbadupws.nrc.gov/docs/ML1305/ML13053A061.pdf). To ensure compliance with the requirements in 10 CFR 37.57 and 10 CFR 37.81, the NRC staff wants to remind licensees of the following:

For licensees who possess category 1 and category 2 quantities of radioactive material:

1. The licensee must notify the local law enforcement agency (LLEA) immediately after determining that an unauthorized entry resulted in an actual or attempted theft, sabotage, or diversion of a category 1 or 2 quantity of radioactive material. The licensee must also notify the NRC Operations Center as soon as possible (not later than 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> after discovery) but not at the expense of causing delay or interfering with the LLEA

response to the event. [§37.57(a)] After notifying the LLEA and the NRC, the licensee must submit a written report within 30 days to the NRC for its analysis and evaluation.

The report must identify any necessary corrective actions. [§37.57(c)]

2. The licensee must assess any suspicious activity related to the possible theft, sabotage, or diversion of category 1 or 2 quantities of radioactive material and must notify the LLEA as appropriate. If the LLEA is notified, the licensee must also notify the NRC

Operations Center as soon as possible, but not later than 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> after notifying the LLEA. [§37.57(b)]

For licensees shipping category 1 quantities of radioactive material:

1. The shipping licensee must notify the LLEA and the NRC Operations Center within 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> after determining that a shipment of category 1 quantities of radioactive material is lost or missing. [§37.81(a)]

2. The shipping licensee must notify the designated LLEA along the shipment route as soon as possible upon discovery of any actual or attempted theft or diversion of a shipment or upon discovery of suspicious activities related to a shipment of category 1 quantities of radioactive material. After notifying the LLEA, the licensee must also notify the NRC Operations Center. [§37.81(c)]

3. The shipping licensee must notify the NRC and the LLEA as soon as possible upon recovery of any lost or missing category 1 quantities of radioactive material. [§37.81(e)]

4. The shipping licensee must submit a written report to the NRC within 30 days of an initial report of lost or missing material or attempted or actual theft or diversion of a shipment of category 1 quantities of radioactive material. [§37.81(g)]

For licensees shipping category 2 quantities of radioactive material:

1. The shipping licensee must notify the NRC Operations Center within 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> of the determination that a shipment of category 2 quantities of radioactive material is lost or missing and must call the NRC Operations Center after 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> if the shipment has not been located. [§37.81(b)]

2. The shipping licensee must notify the NRC as soon as possible upon discovery of any actual or attempted theft or diversion of a shipment or suspicious activities related to a shipment of a category 2 quantity of radioactive material. [§37.81(d)] 3. The shipping licensee must notify the NRC as soon as possible upon recovery of any lost or missing category 2 quantities of radioactive material. [§37.81(f)]

4. The shipping licensee must submit a written report to the NRC within 30 days of an initial report of lost or missing material or attempted or actual theft or diversion of a shipment of category 2 quantities of radioactive material. [§37.81(g)]

Security Incident Information Access NRC maintains a database, called the Protected Web Server (PWS), to report and analyze suspicious activities. Information provided on this web site is considered law enforcement sensitive. Authorized PWS users, such as homeland security and law enforcement officials, emergency management personnel, NRC licensees, and Agreement State officials and licensees, may access the suspicious activity reports on the PWS to maintain situational awareness of security incidents.

Authorized Agreement State and licensee personnel may request access to the PWS by visiting https://pws.nrc.gov/ and clicking on the link to register for a new account. The applicant will be prompted to enter his or her name, e-mail address, and other applicable information. After the request is submitted, it is reviewed by the NRC. Applicants will be notified via e-mail if their PWS account is approved. The approval e-mail contains initial login credentials which the user updates when they login to the system for the first time.

BACKFITTING AND ISSUE FINALITY

This RIS informs licensees of the requirements regarding identifying and reporting security incidents, including suspicious activity, involving category 1 or category 2 quantities of radioactive material under 10 CFR Part 37; when and how to report those matters; and to make recipients aware of a database used to track reports of suspicious activity. This RIS requires no action or written response beyond that already required by the NRC regulations. Therefore, this RIS does not represent backfitting as defined in 10 CFR 72.62(a) or 50.109(a)(1), nor is it otherwise inconsistent with any issue finality provision in 10 CFR Part 52. Consequently, for this RIS, the NRC staff did not perform a backfit analysis or further address the issue finality criteria.

FEDERAL REGISTER NOTIFICATION

A notice of opportunity for public comment on this RIS was not published in the Federal Register because this RIS is informational and does not represent a departure from current regulatory requirements.

CONGRESSIONAL REVIEW ACT

This RIS is not a rule as defined in the Congressional Review Act (5 U.S.C. §§ 801-808).

PAPERWORK REDUCTION ACT STATEMENT

This RIS does not contain new or amended information collection requirements that are subject to the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). Existing requirements were approved by the Office of Management and Budget (OMB), approval number 3150-0214.

PUBLIC PROTECTION NOTIFICATION

The NRC may not conduct or sponsor, and a person is not required to respond to, an information collection unless the requesting document displays a currently valid OMB control number.

CONTACT

S

This RIS requires no specific action, or written response. If you have any questions about this summary, please contact the technical contacts listed below or the appropriate regional office.

/RA/ /RA LKokajko/

Laura A. Dudes, Director Lawrence E. Kokajko, Director Division of Material Safety, State, Tribal, Division of Policy and Rulemaking and Rulemaking Programs Office of Nuclear Reactor Regulation Office of Nuclear Material Safety and Safeguards

/RA Andrea D. Valentin for/

Michael C. Cheok, Director Division of Construction Inspection and Operational Programs Office of New Reactors Technical Contacts: Paul Goldberg

(301) 415-7842 Paul.Goldberg@nrc.gov Irene Wu

(301) 415-1951 Irene.Wu@nrc.gov

ML14255A037 OFFICE NMSS/MSTR NMSS/MSTR NMSS/MSTR NMSS/MSTR NSIR NSIR NSIR

NAME IWu PGoldberg AMcIntosh AGiantelli KZiebell GWest TMasse DATE 9/12/14 9/12/14 9/12/14 10/08/14 10/14/14 10/15/14 10/20/14 OFFICE NSIR NSIR NRR/DPR OE OIS OGC - CRA OGC - NLO

NAME SWastler RFranovich (PIsaac for) (DFurst for) TDonnell ACoggins ACoggins KHsueh NHilton DATE 10/23/14 10/23/14 11/05/14 11/17/14 11/25/14 01/07/15 01/07/15 OFFICE NRO/DCIP NRR/DPR/PGCB NRR/DPR NRR/DPR NRR/DPR NMSS/MSTR

NAME MCheok ELee SStuchell AMohseni LKokajko LDudes DATE 01/29/15 02/04/15 01/ 30 /15 02/11/15 02/19/15 02/24/15


Retrieved from "https://kanterella.com/w/index.php?title=RIS_2015-03,_Identifying_and_Reporting_Security_Incidents_Under_10_CFR_Part_37&oldid=2044786"