ML18227A031
| ML18227A031 | |
| Person / Time | |
|---|---|
| Site: | Nuclear Energy Institute |
| Issue date: | 08/03/2018 |
| From: | Perkins-Grew S Nuclear Energy Institute |
| To: | Andersen J NRC/NSIR/DPCP |
| Vaughn J | |
| Shared Package | |
| ML18227A029 | List: |
| References | |
| DG-5039, RG-5.069, Rev 1 | |
| Download: ML18227A031 (3) | |
Text
SUSAN PERKINS-GREW Senior Director, Security and Incident Preparedness 1201 F Street, NW, Suite 1100 Washington, DC 20004 P: 202.739.8016 spg@nei.org nei.org August 3, 2018 Mr. James Andersen Director, Division of Physical and Cyber Security Policy Office of Nuclear Security and Incident Response U.S. Nuclear Regulatory Commission Washington, DC 20555-0001
Subject:
Comments on DG-5039, Draft Revision 1 of Regulatory Guide 5.69, Guidance for the Application of Radiological Sabotage Design-Basis Threat in the Design, Development, and Implementation of a Physical Security Program that Meets 10 CFR 73.55 Requirements, dated June 2018 Project Number: 689
Dear Mr. Andersen:
The Nuclear Energy Institute (NEI)1 is pleased to provide comments on Draft Guide-5039, Draft Revision 1 of Regulatory Guide 5.69, dated June 2018 (DG-5039 or Draft Guide). The focus of NEIs review was to ensure that the language in DG-5039 addressing coordinated attacks, breaching, and use of explosives against personnel was the same as the language addressing those topics in revision 0 of Regulatory Guide 5.69 (dated August 2007), and to identify any additional fatal flaws in the Draft Guide.
Our review confirmed that the descriptions of the coordinated attack, breaching, and use of explosives against personnel tactics outlined in DG-5039 are the same as the descriptions of those tactics provided in revision 0 to Regulatory Guide 5.69, dated August 2007. As recommended by the Committee to Review Generic Requirements (CRGR) in their May 22, 2018, memorandum, NEI and its members look forward to continued dialogue with the NRC staff to develop reasonable limits on the use of the breaching tactic.
Additionally, in regards to vehicle characteristics, NEI and its members recommend that section 10.10 of the January 2017 version of DG-5039 be inserted into the final published document in place of section 10.12, 1
The Nuclear Energy Institute (NEI) is the organization responsible for establishing unified industry policy on matters affecting the nuclear energy industry, including the regulatory aspects of generic operational and technical issues. NEI's members include entities licensed to operate commercial nuclear power plants in the United States, nuclear plant designers, major architect/engineering firms, fuel cycle facilities, nuclear materials licensees, and other organizations and entities involved in the nuclear energy industry.
Mr. James Andersen August 3, 2018 Page 2 currently found in the June 2018 version of DG-5039. The language contained within the January 2017 version provides more clarity and direction to licensees if there were to be changes made to their vehicle denial systems.
During our review of DG-5039, we identified an additional item for staff consideration. With respect to insider threat and mitigation, RG 5.77, Insider Mitigation Program, dated March 2009, states The NRC staff's policy concerning the insider during security performance evaluation testing is contained in RG 5.69, Guidance for the Application of the Radiological Sabotage Design-Basis Threat in the Design, Development, and Implementation of a Physical Security Program that meets 10 CFR 73.55 Requirements." In the last version of the revised RG made available to NEI (Revision 1 dated May 2017) the text was changed to read, RG 5.69, Guidance for the Application of the Radiological Sabotage Design-Basis Threat in the Design, Development, and Implementation of a Physical Security Program that meets 10 CFR 73.55 Requirements contains Safeguards Information (SGI) (Ref. 6) and is not publicly available. The RG provides a description of and guidance for mitigating the active insider, and passive insider. Given the text in RG 5.77, and the previous deletion of Addendum 5 to Inspection Procedure (IP) 71130.03, Contingency Response - Force-on-Force Testing, we recommend that RG 5.69 explicitly address the use and limits of the insider threat during security performance evaluation testing.
Further, it is our understanding that - consistent with the recommendations of the CRGR - the NRC staff does not intend to backfit any new or different positions that may be contained in revision 1 to Regulatory Guide 5.69. Rather, DG-5039 now contains standard language that is provided in most other NRC Regulatory Guides, limiting the use of the guidance provided in the document. For example, this language now states that the NRC staff does not expect to initiate regulatory action, including the issuance of orders, which would require licensees to comply with Revision 1 of Regulatory Guide 5.69. We also understand that any new or different positions established in subsequent revisions to Regulatory Guide 5.69 which the NRC staff intends to impose on licensees through further NRC action (e.g., issuance of orders), or that serve as the basis to resolve a security or regulatory issue, will be identified as backfitting and appropriately analyzed pursuant to 10 CFR 50.109. 2 Finally, the concept of forward-fitting has come to the forefront as the backfitting implications of revision 1 to Regulatory Guide 5.69 have been discussed. As we understand it, the forward-fitting concept is relevant only in the limited circumstances where new or different positions in NRC guidance are intended to apply to:
(i) future applicants; and (ii) applications from existing licensees for license amendments, requests for exemptions, and other requests for dispensation from compliance with otherwise-applicable legally binding 2
As a general matter, we agree that NRC staff "guidance" must be subject to the Backfit Rule if either: (i) the NRC staff intends the positions presented in the proposed interpretive guidance become (through further NRC action) legally binding upon a licensee; or (ii) the NRC staff's expectation that licensees "voluntarily" adopt the "guidance" constitutes the basis (or a part of the bases) for resolution of a safety or regulatory issue. In these limited circumstances, the NRC's policy is that compliance with the Backfit Rule's provisions should not await the imposition of "guidance," but should be addressed as part of the preparation and issuance of such "guidance." Letter from S.G. Burns (NRC) to E.C. Ginsberg (NEI), July 14, 2010 (footnote omitted)(2010 Letter).
Mr. James Andersen August 3, 2018 Page 3 requirements (an example of such a request would be an application to use an alternative under 10 CFR 50.55a). 3 This interpretation seems to analogize existing licensees that are applying for license amendments and other forms of NRC approval (e.g., relief requests pursuant to 10 CFR 50.55a) with future applicants for the purposes of backfitting. Given the limited agency guidance on the forward-fitting concept, and the fact that express language of 10 CFR 50.109 clearly indicates that the backfitting process is applicable to at least some applicants, 4 NEI requests additional dialogue on how the forward-fitting principle will be applied in the context of Regulatory Guide 5.69.
In closing, we want to acknowledge the efforts by the staff over the past several months to understand and resolve a number of other concerns that the industry had with DG-5039, Draft Revision 1 of Regulatory Guide 5.69. We very much appreciate the staffs willingness to engage with us to identify effective and workable solutions supported by sound technical bases.
If you have any questions or require additional information, please contact AJ Clore at (202) 739-8025; ajc@nei.org or myself.
Sincerely, Susan Perkins-Grew c: Ms. Marissa Bailey, NSIR/DSO, NRC Mr. David Curtis, NSIR/DPCP, NRC Ms. Marian Zobler, OGC/GCRPS, NRC 3
2010 Letter, at 2.
4 For example, when evaluating whether a proposed backfit would result in a cost-justified, substantial safety or security increase pursuant to 10 CFR 50.109(a)(3), the regulations direct the NRC staff to consider (among other factors) a [g]eneral description of the activity that would be required by the licensee or applicant in order to complete the backfit. 10 CFR 50.109(c)(2)(emphasis added); see also 10 CFR 50.109(a)(7) (stating that ordinarily the applicant or licensee is free to choose the method of compliance in situations where there are two or more ways to achieve compliance . . . or there are two or more ways to reach a level of protection which is adequate.)(emphasis added).
Thus, the rule clearly contemplates that the backfitting process would apply to at least some applicants, as well as licensees.