Text

a--._

-a---

__m.

a.

w

.As awa-4

,w a.

_a_.

e

.i i

I I

h l

SAFEGUARDS REGULATORY EFFECTIVENESS REVIEW PALISADES NUCLEAR POWER STATION SEPTEMBER 1982 e

e 9

I r

8412170377 840430 PDR FOIA SHOLLYB3-531 PDR e

-W.

i TABLE OF CONTENTS s

PAGE 1.0 OVERVIEW 1.1 Site Chara cteristi cs...............

I

1. 2 Se cu r i ty Rr og ram De s cri pt i on...........

1 l

2.0 FINDINGS 2.1 Potential Sabotage Vulnerabilities........

2 l

2. 2 Safeguards Program Con cerns............

2 2.3 General Observations...............

5 2.4 Notable Safeguards Strengths...........

8

, - Background Information i

i - Photographs i

4 e

e 9

f l

l l

9 g

W w

I l

SAFEGUARDS REGULATORY EFFECTIVENESS REVIEW 1.0 OVERVIEW A regulatory effectiveness review of Palisades was conducted from September 12 to September 17, 1982.

The background and purpose of such reviews appear in Attachment 1.

Briefly stated, the main objective of this effort has been to detennine if Palisades' security program, f

as implemented, provides the level of protection intended by NRC as expressed in 10 CFR Part 73.

In conducting this review, particular i

attention was focused on methods and procedures employed to protect vital equipment.

i 1.1 Site Characteristics -

Palisades Nuclear Power Station is a 805 MWe pressurized water reactor that is operated by Consumers Power, was licensed in March 1971.

It is located in Vanburen County, Michigan, approximately 5 miles l

south of South Haven, Michigan.

The plant is fueled with standard low enriched uranium LWR fuel.

Palisades' ultimate heat sink is Lake Mi chigan.

t 1

1. 2 Security Program Description i

Y 1

I

)

i i

4 I

c 1

1

/

L -

.)

7 1

-L...

1 2.0 FINDINGS 2.1 Potential Sabotage Vulnerabilities

~

A potential sabotage vulnerability is a safeguards program deficiency that brings into question the licensee's capability to protect against the design basis threat for radiological sabotage. No deficiencies

~

in this category were found at Palisades Nuclear Power Station.

2.2 Safeguards Program Concerns A safeguards program concern is an observed weakness in the safeguards program which does not directly increase the risk of sabotage, however, is considered of sufficient significance to indicate a need for progt l

remedial action. These concerns are identified below along with possible cor ective measures. There may be alternative approaches, how-ever, which are better suited to site conditions.

2.2.1 Perimeter Detection System 7

r"~

kl I

i f

6 1

\\

W f

i

~.. -

I

/

1

~

l l

7 l

l l

[

N N

2.2.2. Protected Area Entry Search 1

J'

' Also, items removed from an individual to facilitate pat-down searches, such as coatsandhats,l 8

9 L

i e

~

t One possible approach to resolving these concerns would be through iglementation of a procedural change equivalent to the following:

Once the visitor has been identified by the escort, the escort 1

l would pass through the access control point and wait beyond the exit turnstile. Only one visitor requiring pat-down search would be admitted to the search area at a time. Any articles removed from the visitor, to facilitate the pat-down search, would be placed on a separate table rather than on the table at the end of the x-ray screening machine conveyor belt. After this visitor had cogleted his entry processing and joined his escort beyond the exit turnstile, the next visitor requiring a pat-down search would be admitted to the search area.

~

' y l y 2.2.3 Auxiliary Feedwater System]

5 m

e-

,p,

_n.-

4

, k O

,s?

\\

. ',4 ',4 %Md '

. j-NW,f -

s ' Y-ti

~

up

..y,

- O

^'

5 e;[$

• ts A

e e

ne W.=*D8** msmemna.

~

^

C i

i 1

l l

l l

l 2.3 General Observations Observations are minor items.that do not require corrective action.

However, the team believes the following suggestions could isprove the licensee's safeguards program. There may be alternative approaches, a--

however, which are better suited to site conditions.

2.3.1 Coordination Between Operations and Security Although the team was quite inpressed by the attitude of nutual respect between operations and security personnel, the operations personnel interviewed did not always realize the assistance that security personnel could provide. For example, in one discussion I

with operations personnel a hypothetical situation was postulated i

inwhich[

l l.

I i

l l

l Obviously, security's involvement in such contin-l gencies nust not delay operational response but rather should serve l

to protect operations personnel and ensure their unhindered free-l dom of action to mitigate the consequences of the system malfunction.

2.3.2 Auxiliary Feedwater System r

7 l

I l

f l

l t

k i

l 1

I j In practice, t

4

access to this room is additionally limited by health physics access controls. However, these are administrative controls that do not pro-vide positive access control.

it would be appropriate to supplement the health physics access controls with a positive access control such as a key card door at the health physics control point (step off pad). This control point is located at the entrance to i

2.3.3 Alarm Display in Central and Secondary Alarm Stations r-i l

,l h

I i

l l

l l

l i

t i

li Alarm assessment and tactical conmand and control could be facilitate

)

by an inproved display that might include 1) a facility layout board i

I with annunciator lights in locations corresponding to the alarm location

or 2) grouping of annunciator lights by priority and show alarm zones in the access mode in a manner more distinct from alarms awaiting assessment.

2.3.4 LLEA Radio Check Call Procedure 1 It would be advantageous if procedures were established so; 2.4 Notable Safeguards Strengths Notable safeguards strengths are areas of the safeguards program I

considered to be particularly effective. These are highlighted to identify good safeguards practices contributing to the overall l

effectiveness of the program.

Itens falling in this area are I

enumerated below.

i 2.4.1 Security Force Training, Motivation, and Espirit de Corps The team was favorably inpressed with the training, motivation, and espirit de corps of the security force. For exasple, the pat-down searches conducted by the search officers were of uniform high quality and thoroughness. Because the perforstnce of pat-down searches is dull, repetitive, and somewhat enbarrassing for the security officer, con-ducting good pat-down searches reflects well on security officer l

training and motivation. Recent changes esployed by the site of pro-

'and f

viding each security officer an[

r promoting a

B

)were also viewed as actions which contribute to good morale. The reduc-F tion in security officer turnover ratel

~

1over the last several years was also impressive and was reflective of management attention.

2.4.2 Corporate Attitude and Oversight of Security Program Corporate oversight of security and corporate security program audits appeared thorough and comprehensive.

In several cases, concerns raised by the team had already surfaced in corporate audits of the security program and were-receiving licensee attention.

The. team was partic-ularly impressed with the drills and exercises conducted as a part of these program audits.

If an effort is undertaken to develop reg-ulatory guidance for reactor security program audits required by 10 CFR 73.55(g), it is recommended that the Palisades' program be re-viewed during the development of any "model" reactor security audit program.

2.4.3 CCTV Camera Selection and Maintenance e

L

'the selection and maintenance of CCTV camera equip-

' ment was outstanding. The monitors exhibited excellent resolution even on long camera runs both during the day and at night.

The had virtually no " blooming" problems even on long camera runs that included dark areas close to the camera, high light levels at intermediate distances, and then low light levels. y' I

th J

e entire CCTV system appeared to be performing very well.

b W

e,

• -W g

,y

2.4.4 FBI Coordination

)

l The team was pleased to discover that Palisades' security personnel not only know the appropriate FBI office to call in the event of a security contingency but had also provided site orientation to the loca1[

FBI resident agent within the past year.

i l

e e

h b

Y I

1 I

~.

ATTACHMENT 1 1

REGULATOR! EFFECTIVENESS REVIEW

Background

l In NRC's Policy and Planning Guidance 1982 (NUREG-0085, Issue 1, January 1982),

the Commission provided to the staff tha following guidance for establishing l

priorities and for improving the regulatory process:

Staff, in addition to assuring that safeguards plans are in place at operating facilities and for transportation, will accelerate its inde)endent assessment that these implemented plans meet safe-guards o)jectives and that safes uards regulations adequately support those objectives. (Emphasis adMd)

In order to pursue this guidance as it relates to power reactors, the Division i

of Safeguards Power Reactor Safeguards Licensing Branch developed a reactor safeguards Regulatory Effectiveness Review (RER) program.

I Purpose The primary purpose of an RER is to evaluate the overall system effectiveness of a plant's security program, thereby detemining if it provides the level of protection intended by NRC. If it fails to provide such protection, specific '

recommendatior.s are made on how deficiencies can be corrected to ensure provision of adequate safeguards. An additional purpose of an RER is to detemine whether existing regulations yield a level of protection commensurate with NRC's safeguards goal. In this sense, the RER is a part of an effort aimed at assuring the quality of NRC's safeguards approach and associated implementing requirements. If, after a number of sites have been assessed, it is deterintned that current requirements fail to provide the level of protection intended or are generally misunderstood or misinterpreted, specific improvements to the regulations and associated NRC guidance will be suggested to ensure that the intended level of protection is achieved.

wwme-w-oww,,-m-e-wn---rw--a,--e,v--

m e-

- = -e-e---e,a---me----.en

~.

Regulatory Base Current regulatory requirements for safeguarding power reactors are contained in 10 CFR 73.55. This regulation requires a physical protection system and security organization whose objective is "to provide high assurance that activities involving special nuclear material are not inimical to the common defense and security, and do not constitute an unreasonable risk to the public health and safety." The physical protection system shall be designed, the regulation states, "to protect against the design basis threat of radiological sabotage as stated in Part 73.1(a), which is qcoted below:

(1) Radiological sabotage. (i) A determined violent external assault, attack by stealth, or deceptive actions of several persons with the following ittributes, assistance and equipment:

(A) Well-trained (including military training and skills) and dedicated individuals. (B) inside assistance which may include a know-ledgeable individual who attempts to participate in a passive role (e.g., provide information), an active role (e.g., facilitate entrance and exit, disable alams and conununications, participate in violent attack), or both. (C) suitable weapons, up to and including hand-held automatic weapons equipped with silencers and having effective long range accuracy. (D) hand-carried equipment, including incapaciting agents and explosives for use e

as tools of entry or for otherwise destroying reactor, facility, transporter, or container integrity or features of the safeguards

(

systems, and (ii) An internal threat of an insider, including an i

employee (in any. position)."

The performance objectives in 10 CFR 73.55(a) are supplemented by a set of detailed physical protection requirements in Sections 73.55(b) through (h) and in Appendices B and C of the rule. Licensee physical protection programs are developed and implemented in consideration of these requirements with ir'1idual l

I site characteristics in mind.

Review Method The review team consisted of safeguards analysts from the Division of Safeguards f

and active-duty U.S. Anny personnel serving with the JFK Center for Military A

Assistance, acting in a support role to NRC under an interagency agreement.

regional safeguards inspector accompanied the team as an observer.

a In conducting this review, two teams were employed: one looking at safeguards from the viewpoint of an external adversary group of several persons and the other looking at it from the perspective of a single insider. The teams assumed that radiological release is the objective of a power plant adversary and thus applied the 10 CR Part 100 definition as the criterion of successful sabotage.

Further, the characteristics of potent.f al adversaries were bounded by the design basis threat for radiological sabotage as cited in 10 CFR 73.1(a). These factors, as well as the impact of security on plant safety, were considered during the review teams analysis of the site's safeguards.

The review process began with a preliminary analysis conducted at NRC Headquarters.

A principal input to the preliminary phase was a listing of vital areas and components developed by Los Alamos National Laboratories. This list of potential sabotage targets was derived from data obtained during a site visit by Los Alamos engineers. Computer codes developed by Sandia National Laboratories and the NRC

~

staff coupled trith computer graphics equipment located at NRC, permitted the team to translate site layout and safety system configurations into computer graphics g

l for rapid screening and analys.is.

Another step in preparing for the visit was the analysis of each vital component as a potential sabotage target. First, a descriptive list of components in vital areas was prepared based on the Los Alamos vital area analysis. Then actions necessary to sabotage each component were identified, along with combinations of such actions that might lead to radiological release. The results of this target analysis served as a guide to the teams during the onsite phase.

j

\\

l l

4 While onsite, the teams conducted a thorough review of the site's security system. The external team focused on:

local terrain, facility layout, intrusion detection equipment, barriers, and nighttime illumination; security force organization, training, equipment and procedures; and local law enforce-ment capabilities. The internal team concentrated on vital area protection, operator response, access controls and procedures, and CAS and SAS operations.

Information gathered onsite was synthesized by the teams during offsite meetings.

The tentative conclusions formed during these sessions were presented to and discussed with site corporate management at the end of the onsite evaluation.

The teams' conclusions and r'ecommendations are documented in this report.

e a

i l

I