ML20100R034
| ML20100R034 | |
| Person / Time | |
|---|---|
| Site: | 05000000, Palisades |
| Issue date: | 11/19/1982 |
| From: | Burnett R NRC OFFICE OF NUCLEAR MATERIAL SAFETY & SAFEGUARDS (NMSS) |
| To: | Eisenhut D Office of Nuclear Reactor Regulation |
| Shared Package | |
| ML20100Q372 | List: |
| References | |
| FOIA-83-531 NUDOCS 8412170292 | |
| Download: ML20100R034 (38) | |
Text
F' a
c SAFb.v...kuuhl h-if r[-[ \\
p
_ DISTRIBUTION:
c
"lI NMSSr/f(w/oencl)
SGPR r/f (w/o enc 1)
Case File JHockert NOV 191982 EQuinn DKers SGPR:JWH RFBurnett 50-255 MEMORANDUM FOR: Darrell Eisenhut, Director Division of Licensing, NRR FROM:
Robert F. Burnett, Director Division of Safeguards, NMSS
SUBJECT:
REPORT ~ON PALISADES REGULATORY EFFECTIVENESS REVIEW From September 13 through 17, 1982, members.of ny staff conducted a safe-guards Regulatory Effectiveness Review at the subject power reactor site.
The results of this review are documented in the enclosed report.
Also enclosed is a proposed letter transmitting the subject report to the licensee and requesting responses to the safeguards concerns identified in the report. Please provide the Power Reactor Safeguards Licensing Branch (SGPR) with a copy of your transmittal letter to the licensee.
1 Robert F. Burnett, Director Division of Safeguards, NMSS cc: w/ enclosures James R. Miller, R-III James G. Par 410w, IE CONTACT:
G. W. McCorkle, HMSS 42-74018 l
When separated from enclosure (s)
BAFEGUARDS INFORt!ATION
. HANDLE THIS DOCUMEN* 3.S Unauthori-^'
' - w -..s.iect to Ad=!r.!-.re !.
d Cric inql sanctions.
8412170292 840430 (insert propor classification)
PDR FOIA SHOLLY83-531 PDR SAa:AE \\ UV AW L
h
/LA3PjV.................../...
.........(58 R
SGPR GP CFFICE)
....au a.a
.aaaa aa
- .a a.a* a* ~**a aaa.
J ert EQuinn D rs
................./....j
,GWMc..........C.o r k l..e....
R F B.u..r..n..e.t..t......
(
SUANAME)
...A.
n
... ~...........
.....!.!.M48.?.........1.1../.. 2.,,....,] !,,,. 482..,........!.!LtJ.82.....,],1Lg'.y82 m) 3
Q Y
PROPOSED LETTER Mr. David J. Vande Walle Nuclear Licensing Administrator Consumers Power Company 212 West Michigan Avenue Jackson, Michigan 49201
Dear Mr. Vande Walle:
From September 13 through 17, 1982, NRC Safeguards Division staff conducted a Regulatory Effectiveness Review at the Palisades Nuclear Power Station. The findings of that review are documented in the enclosed report. The delay in transmitting this report was due to difficulties 'n processing photographs for.
In order to avoid further delay, the report is being transmitted without Attachment 2 which will be sent to you at a later date. Although a number of notable strengths were observed in the safeguards program, certain weaknesses were found that warrant futher consideration. Accordingly, it is requested that you respond to the areas of concern contained in Section 2.2 of the report within days of receipt of this letter.
Sincerely, SAFE 3UAF" ~~"N D:en separated fro = onelcsure(s)
.,. -.. ' - - t t o
.i.
2220:icn3.
_ HANDI.E THIS DOCU' ENT AS
/
nc
[4d M @
(insert proper classification) cc:
~
Homer F. Cooper, Nuclear Security beeument Transmitt6d 1
Administrator, Consumer Power Company Herewith Contains 19LTTEJARDS INFORMATION _
~'
James G. Keppler, R-IV EA7E30AF;3 IEF0F.?ATIC'i Enr.ut'.crized disclosure subjeet t ?
r Administrativo and Criminal sanc th ns -
Q A ((O hQ \\' [A l 5TA""'n \\' v.4VA W - m_,_uenasv a,
m j <.( Y THE NRC REGULATORY EFFECTIVENESS REVIEW PROGRAM' The NRC has had a continuing interest in quality assurance that includes not only licensee quality assurance programs but also ensuring that NRC's regulatory process is effective and not unnecessarily burdensome. In support of this latter interest, the NRC Division of Safeguards has developed a program of Regulatory Effectiveness Reviews for nuclear power reactors. These reviews are separate and distinct from NRC's inspection program, which are more compliance oriented. They also do not actively challenge licensee security personnel, systems, or programs. Rather the primary purpose of the Regulatory Effectiveness Review program is to assess the effectiveness of reactor safeguards as implemented, in meetfng the objectives of 10 CFR 73.55(a) to protect against radiological sabotage at operating nuclear power reactors relative to the design basis threat contained in 10 CFR 73.1(a)(1). The program is also designed T) to examine the interrelationship of the safety and safeguards programs with the intent of both identifying any possible safety problems caused by safeguards' procedures and facilitating an integrated response to safeguards incidents,
- 2) to validate the identification of vital areas and equipment, 3) to evaluate contingency response capabilities and coordination with local law enforcement,
- 4) to identify generic issues and validate the regulatory base, and 5) to aid licensees in making the most cost-effective use of their security assets, which includes consideration of any NRC requirements that may impede cost-effective security.
g
.s Such safeguards reviews are not new to the NRC. Comprehensive evaluations of all fuel cycle facilities and transportation activities were conducted from 1976 to 1979, with primary focus on the safeguards provided against theft of strategic special nuclear material. During these evaluations, NRC assessment teams, supported by U.S. Army Special Forces personnel, looked for vulnerabilities that might be exploited by an external adversary group. At the same time, other NRC teams intereviewed operations and security personnel to identify possible vulnerabilities that might be exploited by an insider adversary. All activities of the teams were carried out with the knowledge and cooperation of site management personnel. Benefits derived from this program included not only increased security program effectiveness but also improvements in licensee management's understanding of and involvement with' security programs and information useful in developing regulatory upgrades necessary to protect against the higher threat level deemed prudent by the Coninission. In developing the Regulatory Effectiveness Review program, the most productive aspects of the comprehensive evaluations were adapted to the more complex problem of assessing the safeguards against radiological sabotage at nuclear power reactors. This has resulted in a three phase program designed to minimize impact on licensee operations. The first and most laborious phase of the review is the preliminary analysis conducted at NRC headquarters. The purpose of this analysis is to become familiar with the site and its potential sabotage targets so that the on-site phase of the program can be accomplished more efficiently. The preliminary analysis begins with a detailed review of the results of the Vital Area Analysis performed by Los Alamos National Laboratory. This information coupled with the reactor's final
r ' safety analysis report and the facility layout and piping and' instrumentation diagrams provides the information necessary to identify and locate possible sabotage targets, evaluate the tasks that an adversary must accomplish in each potential target area, and achieve an understanding of the interrelationship among the possible targets in each critical plant system. Based upon this analysis, a site specific Vital Area Definition report is prepared. This report presents the results of the plant vital area anlaysis and the rationale for the selection of alternative sets of areas to be protected. A copy of this report is provided to licensee management for their review and comments. The on-site phase of the review consists of a concurrent assessment of the site safeguards program by two teams, one of which concentrates upon security against the NRC's hypothetical external threat while the other emphasizes protection against the NRC's hypothetical internal threat. As in the evaluations at fuel cycle facilities, U.S. Anny Special Forces personnel serves as part of the team reviewing protection against the external threat. Although both teams analyze safety and security features in essentially the same way, their different perspectives may lead to different conclusions about safeguards strengths and weaknesses. Regardless of the vantage point, however, both teams consider security program effectiveness against NRC's hypothetical design basis threat for radiological sabotage contained in 10 CFR 73.1. The on-site phase of the Regulatory Effectiveness Review for a reactor site generally requires approximately one week for each reactor unit at the site. The first day on site begins with an entrance briefing which includes the
e . showing of an audio-visual on the assessment program to appropriate station and corporate personnel. The session provides, in a capsulized form, insight into the overall program and activities. The Vital Area Definition report is provided to the licensee for review and comment at this meeting. Any questions that may arise on the assessment technique or other matters are addressed at this time and a preliminary schedule for on-site activities is established. The first day also includes a plant walkthrough with j emphasis on safeguards areas and systems and examination of several plant vital areas. Subsequent days are dedicated to a structured review of the remaining vital areas and equipment, the security force, local law enforcement support, the site access control sytem, and the entire physical security system and its components. On the final day the team completes any necessary activities that could not be. accomplished on pri6r days, meets with security and operations personnel to validate its observations, and conducts an exit briefing with station and corporate personnel to discuss the preliminary findings. Efficient conduct of a Regulatory Effectiveness Review requires support from licensee personnel. On-site, the team generally needs to have a reactor operator, instrument technician, or electrician, as appropriate, accompany it during the review of vital areas and equipment. Similarly, discussions with members of the ' security organization are generally necessary during the review of th'e physical security program. If safety / safeguards interface issues arise, it may also be necessary to discuss them with operations l and s.ecurity management. As a general rule, a Regulatory Effectiveness Review I requires about one staff week of support effort from the licensee for each reactor unit onsite.
r .. The final ph'ase of the review commences when the teams return-to NRC Headquarters and begin drafting the final Regulatory Effectiveness Review report. Additional analysis and careful evaluation of all site data are required before final conclusions can be drawn relating to the effectiveness of the site security program, possible concerns about the interaction of safety and security, and recommended approaches to reducing site regulatory burden while maintaining safeguards effectiveness. Questions in any of these areas that may arise as the team's conclusions are refined into a final report are discussed with appropriate licensee or NRC personnel. This final report contains a detailed discussion of notable safeguards strengths as well as any possible safeguards vulnerabilities or concerns observed by the teams. It also contains recommendations, as appropriate, for improving the site's safeguards program, increasing the integration of security and safety programs to enhance plant safety, and reducing un-necessary safeguards regulatory burden. The final report is reviewed by NRC r~ management prior to transmittal to the licensee. This review by NRC management results in the recomnendation of actions to eliminate any deficiencies that the teams may discover in the r.egulatory base. For site specific concerns, corrective actions may take the form of modifications to security plans or license conditions. For more generic issues, rulemaking may be a nore appropriate approach. The final phase of the analysis.also includes modification, based upon licensee comments and other information obta f r'd.furing the site visit, of the Vital Area Definition report fer ?s e. In addition, the completed data base is o.rganized and stored, wig, apr og late protective measures for sensitive Safeguards Information, to provide a useful resource for making
s. s future licensing decis. ions and as.sisting the licensee in responding to safeguards or safety related incidents at the site. The NRC's interest in quality assurance is not limited to licensee pr.ograms but rather it also includes ensuring that our r.egulatory process is effective and not unnecessarily burdensome. To this end, the NRC Division of Saf,eguards has developed a R.egulatory Effectiveness Review program that assesses the effectiveness of implemented security pr.ograms against~ the design basis-threat, exa. mines the integration of site security and safety programs, looks for approaches to reduce unnecessary saf.eguards regulatory burden, and serves to validate our saf.eguards regulations. Through this program of Regulatory Effectiveness Reviews, the NRC attempts to ensure that the public health and safety is protected, in an adequate and cost-effective manner, against the threat of radiological sabot. age. l l l
,f' A PROGRAM PLAN FOR REGULATORY EFFECTIVENESS REVIEWS OF NUCLEAR POWER REACTORS L. --
4 .A (:
- s CONTENTS s
Page .1.0~ _ INTRODUCTION.................-.....- 1- . 2.0 PURPOSE AND SCOPE...'..........-..... 2 3.0-ASSUMPTIONS..................... -3 4.0 REVIEW METHOD.-.........._...._..-... 11 5.~ 0 POST-ASSESSMENT / IMPLEMENTATION ACTIVITIES...... 27 4 4 1 _' 4 - i j. 5 - L F .Y l. c.;
- r 3
V A n h, g ll i
- r; M
4 's' g
4 o
1.0 INTRODUCTION
With the consolidation of safeguards responsibility for nuclear power plants.and fuel cycle facilities within the Division of Safeguards, the staff began planning a program to conduct safeguards evaluations at nuclear power reactors. The reactor assessment program is similar in concept to the fuel cycle facility assessment program except that it focuses primarily upon radiological sabotage whereas the fuel facility program is c'oncerned primarily with nuclear theft. The reactor assessment program employs both analytical modeling and staff judgment to determine the extent to which facility safeguards actually achieves the regulatory objective, as stated in 10 CFR 73.55(a), protec-tion against radiological sabotage by adversaries with the characteristics defined in the design basis in 10 CFR 73.1. The assessment product will be a report to the Director, Division of Safeguards providing the assessment teams' observations on the effectiveness of the safeguards program and team recommendations for possible improvements, if appropriate. The next section describes the purpose and scope of the assessment activities. The third section details the assumptions made in performing these assess-ments. The fourth section details the method to be used by the teams in these essessments. The fifth section discusses follow-up activities to t in.plerent recommendations by the teams. 4
~s ' 2.0 PURPOSE AND SCOPE The primary purpose of this reactor assessment program, Regulatory Effective-ness Reviews (RERs), is to assess the effectiveness of reactor safeguards, as implemented, in meeting the objectives of 10 CFR 73.55(a) to protect against radiological sabotage at operating nuclear power reactors relative to the design basis' threat contained in NRC regulations (10 CFR 73.1(a)(1)). The program is also designed 1) to identify generic issues and validate the regulatory base, 2) to assist the licensees in cost effective application of security assets, and 3) to identify safety problems that may result from implementing safeguards procedures. This program does not address the assessment of safeguards of non-power reactors or of power reactor licensees who are applicants for operating licenses. Though the program will give priori.ty attention to newly licensed reactor units, reviews of older operating units will be conducted, as appropriate, to aid in improving security program effectiveness, reconfiguring vital areas, reducing adverse impacts of the security program on site safety, or eliminating unnecessary. safeguards regulatory burdens as resources permit. Assessments un' der this program can only be conducted at those poster reactor facilities that have a fully implemented NRC-approved physical protection plan, and a vital area analysis completed by Los Alamos National Laboratory. The review of safeguards against radiological sabotage is limited to those maasures that serve to protect against malevolent acts that might reasonably - result in severe damage to the reactor core or in radiological release levels exceeding those specified in Part 100 of Title 10 of the Code of Federal Regu-lations. Analysis of sabotage activities with lesser consequences to the public health and safety will not be a primary objective of these assessments. q e
~ s. '.. J-3.0' ASSUMPTIONS In performing these assessments, it. is necessary to make some assumptions which separate the. safety analysis aspects of the problem from the safe-guards issues. 'The analysis of possible sabotage actions at nuclear power reactors and the consequences of such actions is inherently complex. Since nearly all ~ accident initiators, transient initiators, and mitigating system failures that' occur by accident can also be induced by sabotage, such sabotage analysis includes, in principle, the entire range of safety analysis and ~. _probabilistic risk assessment. Sabotage analysis is further complicated- .by a general inability to eliminate possible sequences of events based upon their low probability of occurrence, as is done in safety and probabilistic risk ~ analyses. Therefore, in order to reduce the complexity of the problem so that a meaningful analysis can be perfo.rmed, it is necessary to make a number of assumptions. In making the following analysis assumptions,.the intent has been to identify, as exhaustively as possible, the sabotage actions that will lead, with reasonable assurance, to a significant radio-logi cal : release. i A.. Release Criteria Assumptions The analysis is limited to radiological sabotage actions expected to have consequences exceeding the limits in 10 CFR Part 100.11(2) for the 104 population zone, that is, releases such that an off-site individual's exposure to the radioactive cloud resulting from the fissio'n product release.would result in a total radiation dose to the whole body greater-L i I o
% c' .o. '~ s than or equal to _25 rem or a total radiation dose greater than or equal to 300 rem to the thyroid from iodine exposure. This assumption is made to simplify the analysis by eliminating from consideration those sabotage actions that result in small, nuisance level, radioactive releases. For example, because radwaste holdup tanks do not normally contain enough radioactivity to meet this release criterion, sabotage attacks against them are considered but generally not modeled. This assumption is not as restric-tive as it might first appear since, as will be noted later, all sabotage actions resulting in significant fuel damage are assumed to cause a radioactive release of this magnitude. This release criterion is most significant in determining the period, if any, during which radiological sabotage can be accomplished from the spent fuel pool and the radwaste system. In detennining the magnitude of the o'ff-site release from spent fuel sabotage, the following simplifying assump-tions are made: 1. During refueling, one-quarter of a BWR core or one-third of a PWR core is repl aced. 2. Possible sabotage at f ons can: (a) rupture all the stored spent fuel rods and result in sufficient displacement of water to prevent removal of any of the iodine-131 released from the rods, and (b) disable the ventilation / filtration systen, thereby preventing the re,noval of any released iodine-131 by the filters.
3.. 'The entire gas-gap radioactive inventory, assumed to contain ten percent of the total iodine in the fuel rod, is released during the sabotage event. 4. All recently removed spent fuel rods contain the same inventory of radionuclides (i.e., the average radial peaking factor over the life ~ of the fuel is 1.0). 5. Meteorological conditions for the site are averaged at the time of the sabotage event. In determining the off-site release from sabotage of the radwaste system, similar meteorolcgical assumptions are made, along with the assumption that the sabotage event releases the entire inventory of the waste gas decay tanks. These criteria are not so significant for modeling sab.otage actions involving releases from the reactor core, since the analysis makes the conservative assumption that sabotage actions involving significant fuel melting, caused 4 by fuel elements exceeding the specified acceptable fuel design limits referred to in 10 CFR Part 50 Appendix A, will result in a 10 CFR Part 100.1(2) release. The analysis therefore assumes-that a significant core nelt will cause both the reactor vessel and'the containment to fail via a steam explosion, or contain.1ent overpressurization or the " China Syndrome." This conservative assumption is made so that a detailed analysis of the degraded core phenomena and the containment failure modes is not necessary.
~.- f.. Similarly, to eliminate requirements to duplicate large portions of the effort documented in the Final Safety Analysis Report, (FSAR), sabotage success criteria are developed based largely upon th'e mitigating system performance analyzed *in the FSAR and other NRC approved analyses. B.- Saboteur Assumptions . In modeling the hypothetical saboteur, it is assumed (consistent with the Design Basis Threat in 10 CFR 73.1) that he may be an insider in any _ position,_ including for example the shift supervisor; that he is aware of all possbile scenarios that can lead to a 'significant radiological release; and that once he has entered a specific area containing several pieces of vital equipment, _he can disable all equipment in the area. However, the preliminary analysis does not go into detail on exactly how equipment is to be disabled. r w (By terminating the analysis at the level of the equipment to be disabled either locally or remotely, and the mode into which it is to.be disabled, the complexity.of the preliminary analysis is decreased enormously without the loss _of important detail. Since most of the analyses involve consider-ation of disabling several hundred pieces of equipment and most pieces can be disabled in a dozen or more different ways, the simplification achieved-by modeling only to this degree of detail becomes obvious. Once -important components have been identified during this preliminary analysis, the most significant sabotage approaches are determined and evaluated during s the on-site visit phase of the review. +- r I
The analysis akso-assumes that the hypothetical saboteur has explosives available, in quantities that can be carried by an individual, and the necessary skills to use them. It further assumes that he is sufficiently knowledgeable concerning equipment found at reactor sites to disable any such equipment to which he gains access. However, the analysis does constrain the hypdthetical saboteur to some degree. For example, only sabotage actions that have reasonable assurance of causing a significant radiological release are modeled because the . saboteur is assumed to be success oriented. Sabotage mechanisms whose only certain effect is to place the plant in an indeterminate condition are not considered. Although this assumption is less conservative than many of the others, it eliminates the need to perform a large number of complex analyses. C. Cable Assumptions Further, the analysis does not consider indiscriminate destruction of cables in trays unless: (1) the cabling is clearly tagged, marked, or otherwise readily identifiable along the route; (2) the cabling passes through terminal or junction boxes; or (3) all cables pass through a single area, such as a cable spreading room. This assumption is made for several reasons. First, since even knowledgeable plant personnel have difficulty determining specific cables and cabling routes within the plant and since indiscriminate cable destruction may not be beneficial to a potential saboteur, such destruction does not appear to meet the criteria of reason-able assurance of causing a significant radiological release. Furthermore,
} inclusion of individual cable routing, in the same manner'in which piping is currently modeled, would increase the complexity of the analysis and ' significantly increase the effort required to gather data on-site due to the difficulty in identifyng individual cable runs. D. Random Failures / Natural Phenomena Assumption The analysis also does not consider the occurrence of random equipment failures or violent natural phenomena concurrent with a sabotage attempt because it is assumed that the saboteur could not depend upon " good" luck to achieve his objectives. This assumption simplifies the analysis both by permitting consideration of technical specification requirements for operations with minimum equipment and by eliminating the need to estimate the probability that a random equipment failure or violent natural phenomenon will occur coincident with a sabotage attempt. As plant probabilistic risk assessments have indicated, estimating such probabilities,is a complex process. E. Plant Status Assumptions Several a'sumptions are made in the modeling of plant status. First, the s analysis is generally performed assuming the reactor is operating at one hundred percent power. Furthermore, in analyzing the mitigation systems necessary to prevent an off-site radiological release, maintenance of the plant in hot standby (shut-down) is considered an adequate final state. The plant is not given credit for the availability of off-site power or the capability to maintain off-site (non-station) load on the main turbine generator because off-site power is transmitted by facilities outside the protected area and hence is completely vulnerable to external interruption.
m u i e _ -g- .u ,~ Note that there ar.e some scenarios (those involving certain modes of scram system sabotage coincident with an induced LOCA or transient) where it is to the saboteur's advantage to maintain-off-site power. Protection against such scenarios is modeled by protecting areas from which the scram system can be disabled. F. Fluid System Assumptions The modeling of sabotage of fluid systems is facilitated by four assumptions. First, check valves located inside containment are considered " cafe" from sabotage caused by a-hypothetical sab~oteur because he would normally.not have access to containment. Second, disabling the system by creation of alternate flow paths is modeled only if they can reasonably be expected to cause significant (fifteen percent or greater) reduction of main flow. Since the vital aree analysis is intended only as an aid in identifying possible equipment sabotage targets within specific areas,, manual valves are not explicitly included in the analysis unless they.can be operated by reach rods from locations other than the physical location of the valves. This assumption simplifies and reduces the size of the fault trees and still permits on-site consideration by the NRC staff of sabotage involving manual valves. This is done by ~ identifying the area containing such valves as a location where flow piping can be breached. i 1 Finally, in analyzing sabotage of air operated valves, the assumption is made that cabotage against the air system will cause remote air operated valves to fail in their "de-energized" positions. In those in which a sabotage scenario requires an air operated valve to fail in its " energized" position, it is assumed that the valve rust be disabled locally and can be treated as a manual valve, with analogous simplification of the fault tree. L _
1,. G. Damage Control Assumption Obviously, in many o'f the assumptions, certain judgments must be made ~ regarding damage control measures that can be taken by'the licensee on a site. specific basis. In performing the analysis, it is assumed that plant operators will employ only approved and analyzed procedures; that is, the licensee may not take credit for operator ingenuity or proposed damage control options that have not undergone safety review or have not been approved by NRC. This conservative assumption markedly simplifies the analysis by eliminating the need to perform a safety review of every damage control option proposed by the licensee. These general assumptions, supplemented by site specific criteria from the FSAR, and other sources serve as the basis for the plant specific review. In summary, the assumptions previously stated serve to separate safety analysis concerns from safeguards. concerns and to add more d'etail to the threat definition provided in Appendix A and Part 73.1 of Title 10 of the Code of Federal Regulations. The separation of safety analysis consider-ation is necessary to reduce the sabottge assessment problem to a manage-able level of complexity. The detail added to the threat definition state-ment is rea.uired to ensure that the evaluation approach is uniform and consistent at all sites. 4 i 9 e
4.0 REVIEW METHOD - The review is conducted in three distinct phases. The first phase is a ^ preliminary analysis consisting of: 1) a review of the Vital Area Analysis performed by Los Alamos National Scientific Laboratory; 2) an analysis of the facility Final. Safety Analysis Report (FSAR); 3) an examination of the facility safeguards program, as described in the Modified Amended Security Plan (MAP); and 4) familiarization with facility layout and equipment location using, as appropriate, portions of the Safeguards Automated Facility Evaluation (SAFE) model. The second phase is the on-site analysis performed at the operating reactor. This analysis will be conducted by s two teams--one which considers facility safeguards from the perspective of the externt 1 threat and one which considers the internal threat. These two teams will synthesize their results to determine the extent to which the facility safeguards program is effective in meeting the regulatory objective ~ ~ stated in 10 CFR 73.55(a). If a potential sabotage vulnerability that brings into question the licensee's capability to protect against the ^ Design Basis Threat for radiologica1 sabotage is identified at this or any time during the on-site analysis, the team leader takes immediate action to inform site management and the Director of the Division of Safeguards. the rationale for the team's conclusions and its recommendations for immediate action to resolve the observed problems are discussed. The team remains at the facility until corrective actions have been taken to upgrade facility safeguards. The third phase of the review consists of documentation of the assessment data into a structured data base. m-. --- --A
4.1 Preliminary Analysis This phase of the review consists of three activities. The first of these is the development of a Facility Systems Analysis and Vital Area Definition report based upon a detailed review of the Vital Area Analysis conducted by los Alamos National Scientific Laboratory and an analysis of the facility Final Safety Analysis Report. The purpose of this review is to: 1) detennine the operating and safety systems of interest;.2) identify the equipment that appears in the system solution to the facility equation in each of the complete areas; and 3) provide the combinations of areas, when in concert with all complete areas, are solutions to the complement of the facility equation. The results of this analysis will be briefed to the assessment team members and copies of the analysis will be provided to the teams. The areas of interest and equipment locations, which can be obtained relatively early in the facility analysis, will be marked on the facility layout drawings to assist the assessment teams in becoming familiar with the site. The facility layout and equipment familiarization activity will proceed concurrently with the systems analysis. Through review of the Modified Amended Security Plan, the Final Safety Analysis Report, facility drawings, and other information about the nuclear power plant, significant aspects of the plant layout (location of barriers and alarms, distances between portions of the facility), the physical protection system, the guard deployment, facility operational conditions, and relevant environmental 4' factors will be characterized. Information on items of equipment that appear in the system solution and complete areas will be provided as the. facility systems analysis is completed. Based upon the site characteri-zation, a computer representations of both the facility, including the
'. J rele'vant aspects of~the plant layout, facility operational conditions, the location of equipment of concern and associated protective measures and the safety and operating systems will be developed. This process is accomplished through use of a digitizing tablet (the Talos 640B) and a computer terminal (the Tektronix 4054) with software programs developed by SANDIA and NRC staff. The individual (s) performing this activity will brief the review team members and provide the team with computer generated facility and system drawings indicating significant features. During the preliminary analysis, data sheets will be developed for those pieces of equipment identified in the Facility Systems Analysis. These data sheets will provide a convenient checklist for recording information for each specific piece of equipment. Data sheets will also be developed for facility safeguards barriers and alarms. After these data sheets have been completed on-site, they will be primary supporting documents' for the review ~ report and will provide a potentially useful archival -reference in the review data base. In summary, the result of preliminary analysis consists of the following documents that are required for the on-site analysis: a) A Facility Systems Analysis containing a description of equipment that appear in the system solution to the facility equation and their location within the facility, the facility and system Boolean equations and their area and system solutions, the combinations of areas vnich, in concert with all complete areas, are solutions to the Boolean complement of the facility equation, and the equipment of interest that appear in the corresponding system solution to the Boolean complement of the facility equation.
.g - b) A= set of computer generated facility and systems drawings showing -significant ' aspects.of the plant layout and a marked up set of facility and systems drawings indicating significant features. c). A set of data sheets for recording information about those pieces of equipmenti of in'terest and for docuqenting relevant features of facility. safeguards hardware and procedures. p 4.2 'On-Site Analysis This phase of the review consists of a concurrent examination of the security system effectiveness against the internal and external adversary. The effectiveness of the security system against these two different threats are examined by two separate teams of three individuals working ( closel'y together. The inside team, phich addresses the internal threat, -consists of three members of the HRC staff. The external team, which addresses the external threat, consists of one member of the' NRC staff and two U.S.' Army Special Forces personnel provided under an interagency agreement. The following five day schedule describes the review teams' activities *for a representative operating single unit pcuer reactor site. The activities and schedule are subject to minor variations to accommodate site differences and may be altered during a site visit based upon team progress and findings. Day 1 - A) Eana,gegen,t Bri_cfinq - The teams' on-site activities begin with a briefing for licensee management outlining the Regulatory Effective-ness Review program. This briefing will consist of a brief introduc-tion to the program by the team leader, an audio-visual presentation 'i e
~ .s outlinkng-theintentandmeth'odologyofthereview,andadiscussion of the teams' detailed plans for the specific site. During the briefing it is stressed that these reviews are not inspections and-do not serve as a basis for inspection reports or enforcement actions. During the briefing a Vital Area Definition Report, outlining a preliminary list of vital areas to be examined by the. teams is presented to facility management. This meeting provides an opportunity for the teams to answer any questions the licensee might have about the review process and its impact upon his operations. It also allows the teams to explain to management the specific ~ support required and to establish schedules that minimize the impact upon facility operations. It is anticipated that at least one member of the licensee's security and operations management will attend this meeting. The meeting also provides an opportunity for the licensee to designate an operational point of contact for the teams. B) Security Ecuicnent Analysis - The management briefing is gener-ally followed by a detailed analysis of the security equipment erployed in those portions of the security program which pertain to the reactor facility as a whole. This includes a detailed analysis of the central and secondary alarm stations, the perimeter barriers and detection systems, the protected area access control points, and the vital area access control hardware. During the security equipment analysis, the team will photograph relevant aspects of the site terrain and vegetation, barriers and sensors, security hardware, and the central and secondary alarms stations. Both the
E L.. I, inside and external teams participate i- 'he security equipment analysis. The inside team examines the sec,urity program from the perspective of an insider attempting to smuggle contraband into the facility or-attempting to degrade the security system's effec-j tiveness in either controlling insider access to vital areas, detecting unauthorized activities within vital areas, or detecting and assessing the intrusion of an external group into protected and vital areas. Security measures are examined carefully to determine whether they can be defeated by an insider using stealth, deceit or force under either routine or emergency conditions. The external team examines the security program for vulnerabilities that might permit an external group to covertly enter the protected or vital areas'or t! hat might be exploited to prevent the security force form responding effectively to an external assault. It is anticipated that a member (s) of the licensee's staff with detailed knowledge of plant security procedures and general knowledge of plant operations (such as a security supervisor) will accompany the teams on the security equipment analysis. While walking around and through the facility during the security analysis, the team is able to place in better perspective the relationship of the facility drawings studied during the prelim-inary phase of the review to the actual plant layout. This will help the team maintain their orientation while examining the vital areas and equipment in the facility. I f
s C) Analysis of Vital Areas - The security equipment analysis will be followed by a detailed evaluation of the accessible vital areas. Together the teams will examine the equipment of interest identified in the Facility Systems Analysis developed during the preliminary analysis. The insider team will ' complete appropriate data sheets for the equipment of interest, modifying them as necessary to resolve any inconsistencies between the actual equipment and that described in the Facility Systems Analysis. The inside team will also photograph the equipment of interest, with particular emphasis upon those portions of the equipment that are parti'cularly vulner - able to tampering. Both teams' examination of the vital areas will also include an evaluation of the in-place physical protection systems (including alarms, sensors, barriers, and access control measures) associated with the equipment and the vital areas. This examination will also include a vaiidation of the details of the computer generated facility and systems drawings and additions to or modifications of the marked-up facility drawings, both of which-had been developed during the preliminary analysis. The inside team will analyze the equipment of interest with a viev toaard covert actions that could be initiated by an insider adver-sary relying primarily upon types of equipment that are available on-sita or that could be easily introduced onto the site.
- Thus, the inside team will be especially attentive to those actions that would not be easily detected by routine inspection or surveillances and to those items of equipment where tampering would not be indica-ted by local or remote instrumentation.
The inside team's evaluation
- s s
of the in-place physical protection systems in these areas will be oriented t'oward subversion of access controls and degradation of the i security system's effectiveness in detecting'< unauthorized activities within vital areas. These security measures will.be examined carefully.to determine whether they can be defeated by an insider using stealth, deceit, or force under either routine or emergency conditions. During this part of the review, the inside team also exa,ines the interaction between operational ' safety and security. This includes an analysis of the manner in which security procedures and safety procedures can provide an integrated response to malevolent acts. The team also attempts to identify any security procedures that may interfere with plant safety during routine or emergency conditions. Either facet of this analysis may result in recommendations to improve integration of plant safety and security. These reconvnen-dations may include such items as increased surveillance of critical vital equipment or modification of access controls to facilitate execution of safety procedures. In this mannner the team seeks to ensure that plant security and safety assets cooperate, to maximum extent practicable, in achieving the dual goals of prevention of ~ radiological sabotage and safe operation of the plant. The external team will analyze the equipment of interest with a view toward rapid forceful attack using appropriate equipment, including explosives and pyrotechnics. Therefore the external team will be especially attentive to those areas and targets in which a r e
a ~ _19 j .3 a single action or a small number'of nearby actions can initiate a 10 CFR Part 100 release or cause severe damage to the reactor core. e The external team's evaluation of the in-place physical protection systems in these areas will be oriented toward identification of vulnerabilities that migh,t permit an external group to enter the target area covertly or that might be exploited to prevent the ~ security force from responding effectively to unauthorized activities within the target area. As part of their review against the s combined threat of an insider'and an external assault, both teams will evaluate the degree to which an insider could assist an external group by degrading the safeguards program's capability to detect, assess and respond to an external assault. A member of the licensee's staff with detailed knowledge of plant security should accompany the teams on their examination of acces-sible vital areas. A member of the licensee's' staff with detailed knowledge of operations and/or equipment located in each accessible vital area and its relationship to safe plant operations (a level of plant knowledge and experience in the specific area roughly equivalent to that of a licensed reactor operator) should also be available to talk with the teams during their examination of each specific vital area. The examination of inaccessible vital areas will be limited to discussions with plant personnel knowledgeable about security and operations within them.
P..t, i i L Day 2 - Analysis of Vital Areas (con't) - During the second day on-site the ~ L inside team and one member of the exte'rnal te,am will continue l evaluating accessible vital areas..The methods used by the inside team and participating member. of the external team to examine the 4 s equipment of interest vital areas are identical to those used on Day 1 and will require similar support from licensee staff. During the second day the remaining two members of the external team i will separate from the inside team for a detailed examination of -facility lay-out, barriers, and se'curity program and procedures. This examination will include an evaluation of significant paths l from the perime'ter to vital areas which considers the safeguard features along the path including barr.fers and sensors. During this portion of the review, these members of the external team will I also evaluate security force capabilities, including personnel deployment, procedures, tactics and response times to vital areas. ( In addition, they will also examine possible adversary actions to interdict or direct responding security force personnel and will evaluate security force quality,' management, training equipment, and command and control capabilities. During this examination, a supervisor in the licensee's security organization should accompany the team. \\ These members of the external team may also spend a portion of the i day off-site familiarizing themselves.with the terrain, local ~ communities, and local law enforcement capabilities in the area t 9 A s
V ' 1,, , : ; surrounding the reactor site.. During this portion of the assess-t ment the external team members evaluate the role which the local law enforcement authorities can play in assisting the facility in protecting against radiological sabotage. This includes an analysis of local law enforcement response capabilities; their knowledge of the facility layout and of appropriate tactics for use in or near 'the facility, communications capability between the facility and law enforcement authorities;' contingency plans for law enforcement response; and the command and control arrangements between the facility security organization and the various law enforcement agencies whose assistance might be necessary. The licensee's staff may participate in this off-site evaluation if they so desire. Day 3 - Analysis of Vital Areas (con't) - The inside team,and one member of the external team continue the examination of vital areas during the morning of the third day. Again, the evaluation methods employed are the same as those on the first and second days. This group again uses the afternoon for any " spill over" activities from the previous days and as an opportunity for further off-site team meetings to discuss preliminary results. As before, ifcensee security and operations personnel will be required to escort the group on-site but licensee staff support will not be required for the team meetings. 2f' During the tima the external team is on the site on the third day, it will continue its detailed examination of facility layout, w
7 ) barriers, and security program and procedures. Again, a supervisor -in the licensee's security organization should acconpany the exterr.al team during this examination. During 'the time the external team is off the site on the third day,'it will continue its evalu-ation of the terrain, local communities, and local law enforcement capabilities in the area surrounding the site. Once again, licensee staff may participate in this portion of the assessment, if they so desire. During the evening of the third day of the on-site analysis, the teams will generally return to the site to examine the facility illumination and off-shift security personnel deployment and to gain a general familiarity with off-shift operations at the site. This portion of the analysis generally requires several hours on-site, and a supervisor in the licensee's security organization should be available to accompany the team. Day 4 - Security _P,rocedure Analysis - On the morning of the fourth day, the' inside -team meets trith a kncaledgeable member of the security organization to discuss procedural aspects of the security program, including authorization procedures and access controls for vital areas, security hardware and software maintenance procedures, badge, lock and key controls, and other security-related pro-cedures. During t'11s portion of the revies the tea:a also follows up on any issues related to integration of the plant's safety and security program. It may be useful for licensee operations and management personnel to participate in these discussions depending upon the issues being considered. j
-[" . J During the time the external team is on-site-on the fourth day, it continues the detailed examination of facility layout, barriers, and' security program and procedures. Often, on the fourth day, the external team meets with single individuals or small. groups (fewer than 4) of, security personnel to discuss security force procedures-and training applicable to routine and emergency situations. A ~ supervisor in the licensee's security organization and, if appro-priate, a' training officer should be available to assist the external team during this portion of the assessment. ' Day 5 - Report Synthesis - The morning of the fifth day is devoted to ' completing the development of the preliminary review report. By this time the inside team will have completed all of its data sheets, photographed appropriate equipment and developed its preliminary conclusions concerning.the following aspeu.s of the facility safeguards program: 1) the vulnerability of critical equipment to an insider; 2) the capability of facility safeguards to prevent unauthorized insider access to vital areas containing critical equipment; 3) the capability of facility surveillance and monitoring measures (performed for either security or operational purposes) to detect unauthorized activities within these areas; and
- 4) the capability of the facility security force to provide a timely and effective response to unauthorized activities within these areas.
l 9 /
s W Y' l Q-
- .4 :
- s !' ;,
_g4_ By this-time the external team will have developed its preliminary conclusibns concerning the following aspects of the facility
- safegua'rds program: 1) the vulnerability of critical equipment.to the external' threat; 2) the capability of facility security
~ equipment to detect and delay an external adversary group; 3) the capability of the security force to respond to the external threat in a timely and effective manner; and 4) the capability of local. i ~ law enforcement agencies to effectively augment the site security force in reponding to the external threat. Based upon these conclusions, the teams synthesize their results and reach agreement concerning the effectiveness of the facility safeguards. A pre-liminary report is then drafted reflecting the consensus of all participants on each te'am. ,~ 4 On the morning of the fifth day, the team will return to the site to resolve any remaining questions concerning procedures, equipment ' capabilities, or facility operations with cognizant licensee per,sonnel. After these issues have been resolved, the te r, discusses its conclusions and rationale in an informal meeting with security management to further validate its findings. At this ', e time the team will also confirm the schedule for the exit briefing # late in.the day. Exit Briefing. - The exit briefing is usually held early on the W' afternoon of the fifth day. At this time, the team, leaders briefs ) licensee management on the teams' preliminary conclusions and provide.them with a copy of the preliminary review report. + +- e' 'A
e*
- e,-
.During the briefing, the team leaders make certain that the licensee management understands that the te:ms' conclusions are preliminary and that.no action will be f,rmally required of them unless they are officially notified by NRC. It is once again stressed that these reviews-are not inspections and will not serve as a basis for inspection reports or enforcement actions. It is anticipated that a representative (s) of the licensee's security management and operations management will attend this briefing. Although the exit briefing on the fifth day concludes the formal on-site portion of the review, team members will remain on-site, if ' licensee management so desires, and discuss informally any safe-guards areas or team finding of interest. Such discussions are constrained only by the licensee's interest and the review teams' travel plans. 4.3 Assembly of Results ihis phase of the review program consists of two separate activities. The first of these activities is the drafting of the final report for submis-sion to the Safeguards Division Director. This report will be based upon-the preliminary report developed while the team was on-site and will ' provide a detailed discussion of the vulnerabilities observed at the site; the-teams' conclusion about the site's safeguards capabilities and recom-mendations for possible actions to improve the facility's safeguards program. k
a. o *, The other activity conducted during this phase is the compilation of a facility file of supporting data. This file will include La album or albums containing the photographs taken on-site, all the data collection sheets filled out on-site, the facility systems analysis, the computer generated drawings, a marked up set of facility drawings, and, of course, the final report. This facility file will serve as a data base to support the report and is expected to provide useful in other safeguards activities. These files will be protected as official use only, security related information under 10 CFR 2.790(d) and, as safeguards information under Section 147 of the Atomic Energy Act of 1954, as amended. ~ 6 4 L i l
jo e 3.' I 5.0 POST-ASSESSMENT / IMPLEMENTATION ACTIVITIES The major product of the review team is a final repor,t which is submitted to the Director of the Division of Safeguards. Management will review the report and recommend appropriate actions to be taken to eliminate any concerns that the teams may identify. For site specific concerns, correc-tive actions may take the form of license conditions or plan modifications. For more generic issues, rulemaking may be a more appropriate approach. Team members will assist the Licensing staff and Regulatory Activities staff in these actions
g NMSS r/f SGPDr/f(2) ,.a JHockert EQuinn 7 RErickson GMcCorkle RBurnett HThornburg MEMORANDUM FOR: Darrell G. Eisenhut, Director Division of 1.icensing, NRR FROM: Robert F. Burnett, Director Division of Safeguards, IMSS Harold D. Thornburg, Director Division of Safeguards and Radiological Safety Inspection. IE l SAFEGUARDS REGU1.ATORY EFFECTIVENESS REVIEW
SUBJECT:
OF KEWAUNEE tMCLEAR POWER STATION
- As presented to the Comission in SECY 80-449, the Safeguards Staff has begun a program to conduct regulatory effectiveness reviews at a representative sartple These reviews are to assure that licensees' safeguards of nuclear power plants.
programs, as implemented in compliance with NRC-approved plans and regulations, actually provide the level of protection intended. practice, any recommendations arising from this program will be coordinated with IE & flRR before being proposed as license amendments or rules. He have reviewed potential candidates for this program based upon their readiness, Based upon these in tdms of meeting licensing and inspection pre-requisites. criteria, we consider the Kewaunee nuclear power station a suitable candidate for We request that you ~ safeguards regulatory effectiveness review at this time. infom the licensee accordingly. A draft letter is enclosed. Robert F. Burnett, Directof Division of Safeguards. HMSS Harold D. Thornburg, Director Division of Safeguards and Radiological Safety Inspection, IE
Enclosure:
As stated { SGPL SG SG IE ........../....... I SGP[ SGPDJ ...... p,... omer1 . E,qu, ,,J3Eri '. n.,, ,,G!,1c Co,rk,1 e,,, .DChapell,,, RBu,rne tt,,, ,HTnornbu,rg "%.1 p/50/8,1,.. 1,0g,81,,,,,,,1,9/J).. s - %...cke....bc. a.1,,,,..fh.g/s.1, ,1,p/,.. /81,.., 19/. /,al,,,,,1,9/.,/81, ' NRC FORE 318 (10-80) N ACM 0240 OFFICIAL RECORD COPY
is-fl. LpS rto,,,q'c, UNITED STATE 3 / ,g 3.fth NUCLEAR REGULATORY COMMISSION ,,rF t .', j WASHINGTON. D. C. 20555 s.w a.o a %,; ' w. ' *< f ,.,r.~...._, u FEB 2A r?33 Docket No. 50-272 Mr. Richard A. Uderitz Vice President - Nuclear Public Service Electric and Gas Company P. O. Box 236 Hancocks Bridge, New Jersey 08038
Dear Mr. Uderitz:
From December 2-10, 1982, NRC Safeguards Division staff conducted a Regulatory Effectiveness Review at the Salem Generating Station. The findings of that review are documented in the enclosed report. In order to avoid further delay, the report is being transmitted without Attachment 2 which will be sent to you at a later date. Although a number of notable strengths were observed in the safeguards program, certain safeguards concerns were found that warrant further consideration. Accordingly, it is requested that you provide comments relative to the areas of concern described in Section 2.2 of the report within 30 days of receipt of this letter. The reporting and/or recordkeeping requirements contained in this letter affect fewer than ten respondents; therefore, 0MB clearance is not required under P. L. 96-511. The enclosure to this letter contains Safeguards Information of a type specified in 10 CFR 73.21 and should, therefore,' be protected from unauthorized disclosure. Sfn'erely p / 4 Mteven A.d. b N4 Varga, ief Operating Reacton's Branch No. 1 Division of Licens ng
Enclosure:
As. stated - Safeguards Information. .T. losure(s) contain(s) cc w/o enclosure: See next page SAFEGUARDS INFORMATION. ment"2 ** vhen separated from attachments.- $f$5 E 9 a :.t%w.U)u.P CQT OT.7 ~,7 '% .}p I h .. w..u u.;.... :. :. a., :. .s. r, wm e.v.~ ~y ,.. m. c 7, r ~,, I Ok kk J ' kl ['Ng,; I [h'. M3 < >/ Q -. i.;3. o! G...y.'*- WL.. G P. MuMgfg4 " PC u ~a N
r .,Mr. F.. A. Uderitz uMic Service Electric and Gas Company 'cc: Mark J. Wetterhahn,E.squica.. Mr. Edwin A. Liden, Manager - Conner and detterhah~n;. Nuclear Licensing Suite 1050 Public Service Electric and 1747 Pennsylvania' Avenue, $W Gas Company Washington, D. C. 20006 Post Office Box 236 Hancocks Bridge, New Jersey 08038 Richard Fryling, Jr., Esquire Assist, ant General Solicitor Ronald C. Haynes Public' Service Electric and Gas Company Regional Administrator - Region I Mail Code T5E - P.O. Box 570 U. S. Nuclear Regulatory Commission Newark, New Jersey 07101 631 Park Avenue King of Prussia, Pennsylvania 19406 Gene Fisher, Bureau of Chief Bureau of Radiation Protection Mr. Charles P. Johnson 380 Scotch Road Assistant to Vice President - Nuclear Trenton, New Jersey 08628 Public Service Electric and Gas C'ompany. P.O. Box 570 Mr. R. L. Mitt 1, General Manager 80 Park Plaza - 15A Nuclear Assurance and Regulation Newark, New Jersey 07101 Public Service Electric and Gas Company Mr. Peter A. Moeller, Manager Mail Code T160 - P.O. Box 570 Nuclear Site Protection Newark, New Jersey 07101 Public Service Electric and Gas Company Mr. Henry J. Midura, Manager P. O. Box 236 Salem Operations Hancocks Bridge, New Jersey 08038 Public Service Electric and Gas,- Company P. O. Box E Hancocks Bridge, New Jersey 08038 Leif J. Norrholm, Resident Inspector ^ Salem Nuclear Generating Station r U. S. Nuclear Regulatory Commission Drawer. I Hancocks Bridge, New Jersey 08038 l l l l i ( 1-
p u-l '1.... - f jo,, UNITED STATES . j', g NUCLEAR REGULATORY COMMISSION E WASHINGTr.N. D. C. 20555 / December 9,1982 LS 82. [ Mr. David J. VandeWalle Nuclear Licensing Administrator Consumers Power Company 1945 W. Parnall Road Jackson, Michigan 49201 ~
Dear Mr. VandeWalle:
~ From September 13 through 17, 1982, NRC Safeguards Division staff conducted a Regulatory Effectiveness Review at the. Palisades Nuclear Power Station. The findings of that review are documented in the enclosed report. The delay in transmitting this report was due to difficulties in processing photographs for. In order to avoid further delay, the report is being transmitted without Attachment 2 which will be sent to you at a later date. Although a number of notable strengths were observed in the safeguards program, certain weaknesses were found that warrant further consideration. Accordingly, it is requested that you respond to the areas of concern contained in Section 2.2 of the report within 30 days of receipt of this letter. The reporting and/or recordkeeping requirements contained in this letter affect fewer than ten respondents; therefore, OMB clearance is not required under P. L. 96-511 cu-The enclosures to this letter contains Safeguards Information of a type specified in 10 CFR 73.21 and should, therefore, be protected from unauthorized disclosure. Sincerely, Dennis M. Crut field, hief Operating P.eactors Br nch No. 5 Division of Licensing i
Enclosure:
As stated Safeauards Information l meiosure(s) contain(s) ~ cc: w/encicEurs: ~ ~ ..... t'aoatr 12** Homer F. Cooper, Nuclear Security SAFEGUAIES INFORt.t Administrator, Consumer Power Compan} rhen separatec trom attach = ants. James G. Keppler, Region III cc: w/c enclosure:- See next page w SAFEGlW!DSMunnf0N-v ~
Mr. David J. VandeWalle .,7 ._ g r.- +.~w-.. cc M. I. Miller, Esquire Isham, Lincoln & Beale Suite 4200 One First National Plaza Chicago, Illinois 60670 Mr. Paul A. Perry, Secretary Consumers Power Company 212 West Michigan Avenue Jackson, Michigan 49201 c-Judd L. Bacon, Esquire Consumers Power Conpany 212 West Michigan Avenue Jackson, Michigan 49201 James G. Keppler, Regional Administrator Nuclear Regulatory Comission, Region III 799 Roosevelt Road Glen Ellyn, Illinois 60137 Township Supervisor Lokert Townshi Route 1, Box 10 Van Buren County, Michigan 49043 l Office of the Governor (2) i Room 1 - Capitol Building Lansing, Michigan 48913 Palisades Plant ATTN: Mr. Robert Montross Plant Manager Covert, Michigan 49043 O. S. Environmental Protection Agency Federal Activities Branch Region V Office / ATTH: Re~gional Radiation Representative ~~ / 230 South Dearborn Street Chicago, Illinois 60604 t Resident Inspector s l c/o U. S. NRC Palisades Plant - l Route 2, P. O. Box 155 l Covert', Michigan 49043 g ~ l e a}}