Text

JOSEPH E. POLLOCK Vice President, Nuclear Operations 1201 F Street, NW, Suite 1100 Washington, DC 20004 P: 202.739.8114 jep@nei.org nei.org January 26, 2017 Mr. Brian E. Holian Director Office of Nuclear Security and Incident Response U.S. Nuclear Regulatory Commission Washington, DC 20555-0001

Subject:

Industry Recommendations Related to Memorandum, Staff Requirements - SECY-16-0073 -

Options and Recommendations for the Force-on-Force Inspection Program in Response to SRM-SECY 0088 Project Number: 689

Dear Mr. Holian:

The industry supports the Commissions direction provided in memorandum Staff Requirements - SECY 0073 - Options and Recommendations for the Force-on-Force Inspection Program in Response to SRM-SECY-14-0088. The purpose of this letter is to offer industry perspectives and associated recommendations concerning the topics addressed in the Staff Requirements Memorandum (SRM). We encourage the staff to consider this information when performing the assessments discussed in the SRM and developing associated action plans.

Mr. Brian E. Holian January 26, 2017 Page 2 Topic 1 - Assessment of security baseline inspection program, including Force-on Force (FOF)

The industry agrees that the current security baseline inspection program should be assessed to identify process improvements and opportunities to gain efficiencies. To meet these goals, the assessment should consider an approach whereby inspection activities are conducted primarily by regional inspectors, supplemented by Nuclear Security and Incident Response (NSIR) security staff only when specialized inspection expertise is needed. In addition, the assessment should appropriately consider the maturity and recognized effectiveness of licensee physical protection programs We suggest the following changes be evaluated as part of the program assessment performed by the staff:

1) Streamline the inspection process by realizing synergies available through the coordinated scheduling of inspections conducted by regional inspectors and the NSIR security staff, and removing redundant inspection activities.

2) Revise the FOF exercise inspection schedule to improve effectiveness and efficiency.

3) Revise the FOF exercise inspection process to incorporate a demonstration of site protective strategy defense-in-depth.

The proposed changes are intended to create a more effective inspection process that also makes more efficient use of licensee and NRC staff resources. Specific industry recommendations concerning the changes are presented in Attachments 1, 2 and 3, respectively.

The industry is prepared to pilot the proposed changes during the upcoming cycle of FOF exercises (2017-2019). Depending upon staff input, the changes could be piloted and implemented using a phased approach.

Piloting would provide an opportunity to assess operating experience and lessons learned from draft processes before making final changes.

Topic 2 - Evaluate how vulnerability assessments could be used to evaluate the effectiveness of licensee protective strategies, and whether credit could be given for operator actions or for the use of additional equipment such as "flex equipment," which was installed to enhance safety but can also provide a security benefit.

The industry believes that 1) vulnerability assessments, both manual and computer-based can be used to evaluate the effectiveness of licensee protective strategies, and 2) operator actions and the use of additional equipment such as "flex equipment should be credited, and therefore makes the following recommendations.

1) The staff should coordinate with the industry to develop appropriate standardized assessment information (e.g., adversary tactics) that can be used to inform a manual or computer-based vulnerability assessment.

2) The industry is developing a guidance document describing a process for conducting a Security Event Mitigation Assessment. The proposed assessment methodology will discuss allowable credit for the performance of operator actions and implementation of mitigation strategies, such as those developed to

Mr. Brian E. Holian January 26, 2017 Page 3 meet the requirements of NRC Order EA-12-049 (i.e., FLEX strategies). It will also provide guidance for crediting response actions by local, State, or Federal law enforcement officials. The industry will submit the guidance document for review and endorsement by the NRC staff; submittal is planned for January 2017, and we will request NRC endorsement by the end of June 2017.

Topic 3 - Evaluate whether the NRC should provide any credit for local, State, or Federal law enforcement response to establish coping time for security events.

The industry believes that credit should be provided for a response by local, State, or Federal law enforcement agency personnel to establish mitigation (coping) time for security events. The NRC should allow recognition of the reality that in an actual security contingency event, local, State, and Federal law enforcement officers will exercise their best efforts to respond to the site and support the actions necessary to prevent radiological sabotage. Credit should reflect response planning required by regulation as well as initiatives such as the site-specific integrated response plans developed by the Federal Bureau of Investigation. This topic will also be addressed in the Security Event Mitigation Assessment guidance document discussed above.

Topic 4 - The concept of high assurance of adequate protection found in our security regulation is equivalent to reasonable assurance.

The industry agrees with the Commissions position stated in the SRM. The reasonable assurance standard should be applicable when determining the appropriate level of security regulation; therefore, the implementation of the NRC's regulatory program for licensee security should not be based on seeking zero risk outcomes. This policy clarification should be reflected in NRC guidance documents, internal directives, instructions, and training materials where it can be used to inform future regulatory and licensing actions, and inspections.

Topic 5 - Operating Experience associated with the Force-on-Force program The industry agrees with the Commissions position stated in the SRM. The industry can collect operating experience and disseminate it through the issuance of an existing guidance document. The industry supports the need to capture and communicate new tactics, techniques or procedures that are developed based on intelligence information and incorporated into the Design Basis Threat (DBT). The NEI change management guidance document currently endorsed by the NRC should be used for this purpose.

Mr. Brian E. Holian January 26, 2017 Page 4 Where necessary, the industry is prepared to participate in the development of all new and revised guidance necessary to support implementation of changes arising from the assessments directed by the SRM. In addition, the staff will likely need to make supporting changes to the security Significance Determination Process (SDP).

Please contact Sue Perkins-Grew at (202) 739-8016; spg@nei.org or David Young at (202) 739-8127; dly@nei.org, if you require information concerning these comments.

Sincerely, Joseph E. Pollock Attachments c: Mr. K. Steve West, NSIR, NRC Ms. Marissa G. Bailey, NSIR/DSO, NRC Mr. Doug G. Huyck, NSIR/DSO/SOSB, NRC Mr. Clay Johnson, NSIR/DSO/SPEB, NRC NRC Document Control Desk

ATTACHMENT 1 Streamlining the Security Baseline Inspection Process This attachment describes proposed changes to streamline the security baseline inspection process.

COORDINATED SCHEDULING OF INSPECTION ACTIVITIES The industry notes that several of the inspection activities discussed below are performed twice - once by NRC regional personnel and again by the NSIR security staff. Efficiencies could be gained through the coordinated scheduling of these activities. For example, a baseline inspection performed by NRC regional personnel could be scheduled prior to the FOF exercise week. A regional inspector could perform an inspection activity and provide the necessary information and results to the NSIR FOF staff for use in FOF exercise inspection planning. In some cases, an NSIR FOF Team Member may need to travel to a site to accompany the Regional Inspector(s) on site tours.

NRC ONSITE FAMILIARIZATION OF TARGET SETS NRC regional personnel perform an inspection of target sets in accordance with Inspection Procedure (IP) 71130.14, Review of Power Reactor Target Sets. Once inspected and validated, target sets should not require re-inspection unless the licensee has made a change to them, and such changes should be reviewed by NRC regional personnel. Any necessary changes to target sets should take place separately from the FOF evaluation.

NRC FAMILIARIZATION TOURS A licensee conducts familiarization tours to acquaint NSIR security personnel with site characteristics to help inform scenario selection and related attributes. This information is then provided to the Composite Adversary Force (CAF) to help with their mission planning. As shown in Attachment 2, the industry proposes to provide the FOF exercise inspection team with an intelligence package no later than 12 weeks in advance of the FOF exercise week. This package will include information on site characteristics of sufficient detail to support development of proposed exercise scenarios. The proposed approach would obviate the need for a licensee to conduct familiarization tours for NSIR security personnel. Also, as indicated in Attachment 2, the industry proposes to conduct familiarization tours for CAF Directors as this would allow them to obtain first-hand knowledge of the site and thus facilitate more effective mission planning. If a NSIR FOF Team Member needs a site tour, then this activity should be coordinated with a regional inspection activity.

Page 1 of 3

PROTECTIVE STRATEGY BRIEFING/PRESENTATION A licensee conducts a protective strategy presentation for NSIR security personnel to help inform scenario selection and related attributes. As shown in Attachment 2, the industry proposes to provide the FOF exercise inspection team with an intelligence package no later than 12 weeks in advance of the FOF exercise week. The package will include briefing information on the site protective strategy of sufficient detail to support development of proposed exercise scenarios. The information in the package can also be used by the inspection team leader to brief the members of the inspection team prior to their visit to the site. This approach should obviate the need for a licensee to perform another protective strategy briefing at the site during the FOF exercise week.

TABLETOP EXERCISES NRC regional personnel inspect tabletop exercises conducted by the licensee. Additional tabletop exercises are conducted for the NSIR security staff to acquaint them with the site protective strategy; however, these tabletop exercises are conducted after the FOF exercise scenarios and related attributes have been previously approved by the NRC management. In addition, the licensee provides an intelligence package to the NSIR security staff that includes protective strategy information reviewed in tabletop exercises (a pre-exercise submittal). Given that a licensee is already demonstrating knowledge of their site protective strategy in the tabletop exercises conducted for the NRC regional personnel, the industry believes that the inspection value of the redundant tabletop exercises conducted for NSIR security personnel is minimal and not commensurate with the expenditure of licensee and NRC staff resources necessary to conduct them.

INTRUSION DETECTION SYSTEM (IDS) TESTING IDS testing is conducted by NRC regional personnel. Given the present mature state of IDS technology and installed systems, the industry believes that IDS capabilities are adequately inspected through the regional inspection activity and should not be subject to additional review during a FOF exercise.

OCA/PA SURVEILLANCE AND NIGHT-TIME ASSESSMENT The inspection of night-time lighting and assessment capability is performed by NRC regional personnel. The FOF inspection team conducts an additional and redundant inspection activity that appears to add no value to the inspection process.

Page 2 of 3

USE-OF-FORCE INTERVIEWS A review of a sites use-of-force policy and related interviews is performed by NRC regional personnel. The NSIR security staff also conducts use-of-force interviews during the FOF planning week. Inspection of the use-of-force policy should be performed only once and would appear to be adequately addressed in regional inspection activity.

ONSITE REVIEW OF CORRECTIVE ACTION PROGRAM Licensee use of a Corrective Action Program (CAP) to address security-related issues is reviewed by NRC regional personnel and the NSIR security staff during a FOF inspection activity. The inspection of CAP use and effectiveness should be performed once by NRC regional personnel. To support in-office reviews related to a FOF exercise, a licensee can provide requested CAP data and documentation to the NSIR security staff at any point prior to the inspection week (e.g., included in a pre-exercise submittal).

Page 3 of 3

ATTACHMENT 2 Recommendations for Improving the Effectiveness and Efficiency of the FOF Exercise Inspection Schedule The industry proposes the use of the following FOF exercise inspection schedule at selected pilot sites. The proposed schedule should promote a more effective and efficient inspection process, and provide sufficient time to resolve escalated issues well in advance of the exercises.

INSPECTION TEAM INTRODUCTION The NRC inspection team leader contacts site security management and begins initial inspection coordination, no later than 16 weeks prior to the exercise week. The inspection team also requests the licensee to provide the necessary intelligence package.

INTELLIGENCE PACKAGE SUBMITTAL The licensee submits the requested intelligence package, no later than 12 weeks prior to the exercise week. This package will include briefing information on site characteristics and the site protective strategy. The NRC inspection team will review the intelligence package and previous inspection material, and develop proposed exercise scenarios. As needed, the licensee will assist the NRC inspection team in understanding the material in the intelligence package (e.g., by telephone or webinar).

SCENARIO DISCLOSURE The NRC inspection team briefs NSIR security management on the proposed scenarios and provides approved mission planning worksheets to the licensee, no later than 8 weeks prior to the exercise week.

SCENARIO PREPARATION Using the approved mission planning worksheets, the licensee will develop scenario narratives and submit these to the NRC inspection team lead, no later than 6 weeks prior to the exercise week. Scenarios will be developed using the worksheets provided by the NRC and industry guidance.

SITE TOURS The Composite Adversary Force (CAF) Directors visit the site approximately 4 weeks prior to the exercise. They receive a tour of the owner controlled area (OCA), protected area (PA), and vital areas (VA), and are provided an opportunity to review the scenario worksheets and mission narratives. Based on their tour and visits, they may offer tactical modifications to the mission narrative; any changes will also be submitted to the NRC Inspection Team Leader for final approval. The industry has developed a detailed site visit schedule that can be discussed with the staff at an appropriate time.

Page 1 of 2

MATRIX SUBMITTAL The licensee uses the final version of the NRC approved mission narratives to develop the event matrices and submits the event matrices, no later than 2 weeks prior to the exercise week.

CONDUCT OF EXERCISE The CAF team arrives approximately one week prior to the exercise week to review the scenario matrix and coordinate controller interactions. The NRC inspection team arrives on Monday morning of exercise week for in-processing and attends a final exercise matrix review that afternoon. The purpose of the review is to identify any safety concerns or fatal flaws in the exercise planning. Exercises are conducted Tuesday and Wednesday. On Thursday, the licensee conducts a formal management critique after which the NRC inspection team departs the site.

Page 2 of 2

ATTACHMENT 3 Recommendation for Conducting a Defense-in-Depth FOF Exercise Beginning in 2018, the industry proposes that each licensee conduct a defense-in-depth demonstration during the second FOF exercise. The goal of this activity is to demonstrate the effectiveness of the inner layers of the site protective strategy. The planning, conduct, review, and closeout of a defense-in-depth demonstration would be inspected by the FOF exercise inspection team (e.g., assess the safety and effectiveness of the activity). Because of the more advantageous starting conditions of the adversary force, the inspection process would not assess the outcome of the demonstration; specifically, the loss of a target set during a defense-in-depth demonstration would not be subject to a finding or violation.

PLANNING A licensee will follow the exercise planning process described in the FOF inspection procedure and NEI guidance documents, and prepare two complete exercise scenarios. A standard scenario worksheet, mission planning, and matrix should be used to control the demonstration. Site management will coordinate with the NRC Inspection Team Leader to determine how far the adversary force team should penetrate in order to demonstrate internal response capabilities. Items for consideration include, but are not limited to: safety considerations for all participants (e.g. heat stress), ALARA, plant status, and work hour restrictions.

CONDUCT Based on the exercise scenario planning materials and the results of the first exercise, the licensee and the NRC Inspection Team Leader will mutually agree upon the number and staged location(s) of the adversaries to be employed during the defense-in-depth demonstration. The adversaries will initiate the attack from the agreed upon starting position(s).

Based upon the site configuration, the following implementation options should be considered.

1) Starting adversaries just inside Security Owner Controlled Area (SOCA or ROCA or EWS) after providing appropriate injects to the security force players. Use of the entire adversary force complement should be considered.

2) Starting adversaries just inside the Protected Area fence after providing appropriate injects to the security force players. The adversary force complement may be reduced based upon site OCA intrusion detection and delay features.

3) Remove key perimeter responder(s) to ensure adversary force penetration beyond the first layer of defense.

Page 1 of 2

If the adversaries are not successful reaching the interior levels of defense using the above methods, then adversary force members may be resurrected at suitable interior locations as needed to facilitate movement toward target set components.

REVIEW AND CLOSEOUT Following completion of the demonstration, the licensee will conduct a hot wash as described in NEI guidance. The subsequent management critique will address all key issues and lessons learned from both the exercise and defense-in-depth demonstration. The process used to address deficiencies and lessons learned from an exercise should also be applied to those resulting from the defense-in-depth demonstration (e.g., entry of issues/problems into the site corrective action program).

Page 2 of 2