ML20107D894

From kanterella
Jump to navigation Jump to search

Email from D. Young Draft B of NEI 20-05, Methodological Approach and Considerations for a Security Assessment to Demonstrate Compliance with the Performance Criteria of 10 CFR 73.55(TBD)
ML20107D894
Person / Time
Site: Nuclear Energy Institute
Issue date: 04/13/2020
From: Young D
Nuclear Energy Institute
To: Dennis Andrukat
Office of Nuclear Material Safety and Safeguards
Andrukat, Dennis
References
10 CFR Part 73, CAC/EPID: 001625 / U-2019-RU7-0000, NRC-2017-0227, RIN 3150-AK19
Download: ML20107D894 (13)


Text

Lappert, Glenna From: YOUNG, David <dly@nei.org>

Sent: Monday, April 13, 2020 3:21 PM To: Andrukat, Dennis Cc: NICHOL, Marcus; AUSTGEN, Kati

Subject:

[External_Sender] DRAFT B of NEI 20-05 Attachments: NEI 20 Adv Rx Phys Sec Assessment Criteria - DRAFT B.docx

Dennis, Since the draft rule wording has been made publicly available, Ive incorporated the proposed regulation references and text into our draft guidance document. The revised document, now at DRAFT B, is attached. Lets discuss this version at the public meeting on 4/22/20.

David From: YOUNG, David Sent: Friday, April 10, 2020 12:52 PM To: Andrukat, Dennis <Dennis.Andrukat@nrc.gov>

Cc: NICHOL, Marcus <mrn@nei.org>; AUSTGEN, Kati <kra@nei.org>

Subject:

DRAFT A of NEI 2005

Dennis, Good afternoon.

As discussed today, attached is the current DRAFT of NEI 20-05, Methodological Approach and Considerations for a Security Assessment to Demonstrate Compliance with the Performance Criteria of 10 CFR 73.55(TBD).

Feel free to contact me with any questions.

David Young l Technical Advisor Nuclear Security & Incident Preparedness Nuclear Energy Institute 1201 F Street, NW, Suite 1100 Washington, DC 20004 (202) 739-8127 This electronic message transmission contains information from the Nuclear Energy Institute, Inc. The information is intended solely for the use of the addressee and its use by any other person is not authorized. If you are not the intended recipient, you have received this communication in error, and any review, use, disclosure, copying or distribution of the contents of this communication is strictly prohibited. If you have received this electronic transmission in error, please notify the sender immediately by telephone or by electronic mail and permanently delete the original message. IRS Circular 230 disclosure: To ensure compliance with requirements imposed by the IRS and other taxing authorities, we inform you that any tax advice contained in this communication (including any attachments) is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties that may be imposed on any taxpayer or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein.

Sent through www.intermedia.com 1

NEI 2005 Methodological Approach and Considerations for a Technical Analysis to Demonstrate Compliance with the Performance Criteria of 10 CFR 73.55(a)(7)

Prepared by the Nuclear Energy Institute

[Month] 2020

© NEI 2020. All rights reserved. **DRAFT B** nei.org

[Month] 2020 Acknowledgements This technical report was prepared by the Nuclear Energy Institute (NEI). We greatly appreciate the efforts by our members and other organizations that contributed to the preparation and review this document.

NEI Project Lead: David Young

© NEI 2020. All rights reserved. **DRAFT B** nei.org

[Month] 2020 Table of Contents 1 Purpose ..................................................................................................... 1 2 Technical Analysis Guidelines .................................................................... 1 2.1 Threat Characteristics ....................................................................... 1 2.2 Probabilistic Risk Assessment Information ........................................ 1 2.3 Plant Configuration/Mode Changes .................................................. 2 2.4 Definition of Target Set and Relationship to Performance Criteria .... 2 2.5 Credit for Manual Actions ................................................................. 3 2.6 Credit for Law Enforcement Support ................................................. 3 2.7 Safety/Security Interface .................................................................. 3 2.8 Hazards from Adjacent Facilities and Transportation Routes ............. 4 2.9 NUREG/CR7145................................................................................ 4 2.10 Use of Security Modelling Tools ..................................................... 4 3 Performance Criteria ................................................................................. 5 3.1 Performance Criterion § 73.55(a)(7)(i)(A) .......................................... 5 3.2 Performance Criterion § 73.55(a)(7)(i)(B) .......................................... 5 3.3 Performance Criterion § 73.55(a)(7)(i)(C) .......................................... 6 4 Consequence Analysis Guidelines.............................................................. 7 4.1 General Instructions and Assumptions .............................................. 7 4.2 Meteorological Parameters ............................................................... 8 4.3 Atmospheric Transport Modeling ...................................................... 9 4.4 Exposure Parameters ........................................................................ 9 5 Updates .................................................................................................... 9

© NEI 2020. All rights reserved. **DRAFT B** nei.org

[Month] 2020 1 PURPOSE This technical report provides guidance for performing a technical analysis to demonstrate that a nuclear power reactor applicant qualifies for the voluntary, performancebased alternatives to certain physical security requirements contained in Title 10 of the Code of Federal Regulations (10 CFR) 73.55, Requirements for physical protection of licensed activities in nuclear power reactors against radiological sabotage. To qualify for the alternative requirements, an applicant must demonstrate that the nuclear power reactor facility meets one of the performance criteria specified in § 73.55(a)(7). The guidance in this report addresses technical analyses targeted at any of the three performance criteria listed in § 73.55(a)(7).

2 TECHNICAL ANALYSIS GUIDELINES 2.1 Threat Characteristics The threat to be considered in a technical analysis is the design basis threat of radiological sabotage as stated in § 73.1, Purpose and scope, and referred to as the DBT.1 Analysis elements involving consideration of specific DBT capabilities and tactics should be informed by the guidance in Regulatory Guide (RG) 5.69, Guidance for the Application of Radiological Sabotage DesignBasis Threat in the Design, Development and Implementation of a Physical Security Program that Meets 10 CFR 73.55 Requirements.2 An applicant may use an alternative approach to a given capability or tactic in their analysis; however, the alternative approach should be clearly identified and supported with a technical basis.

2.2 Probabilistic Risk Assessment Information A technical analysis may consider information available from a probabilistic risk assessment (PRA) developed to meet facility licensing requirements (e.g., evaluation of severe accidents) established by the U.S. Nuclear Regulatory Commission (NRC). Prior to beginning the analysis, an applicant is encouraged to become familiar with the guidance in RG 5.81, Target Set Identification and Development for Nuclear Power Reactors. RG 5.81 includes a discussion on the use of PRA information and insights to assist with the identification of target sets. This material can help inform the content of a technical analysis performed to demonstrate compliance with § 73.55(a)(7).

RG 1.200, An Approach for Determining the Technical Adequacy of Probabilistic Risk Assessment Results for RiskInformed Activities, provides an approach that the NRC has found acceptable for developing a PRA suitable for riskinformed regulatory decisions. The guidance in RG 1.200 should be followed to the extent practical and applicable when assessing the acceptability of probabilistic risk information used in a technical analysis.

1 An applicant planning to analyze a threat with characteristics different than the DBT (e.g., one with less capabilities) should also seek an exemption from this requirement as part of the facilitys licensing process.

2 RG 5.69 contains Safeguards Information (SGI) and is therefore not publicly available.

© NEI 2020. All rights reserved. **DRAFT B** Page 1

[Month] 2020 2.3 Plant Configuration/Mode Changes As applicable to the facility design and features, a technical analysis should consider the effects from planned (routine) changes to the plant configuration, or mode of operation, on the ability to continuously meet a targeted performance criterion. If needed, the analysis should describe the controls that will be implemented to ensure that the performance criterion will always be met. Alternatively, a technical analysis could be directed at two (or all three) performance criteria whereby one performance criterion is met in one plant configuration or mode, and another criterion is met in a different configuration or mode.

2.4 Definition of Target Set and Relationship to Performance Criteria As used in this document:

A target set is the minimum combination of equipment or operator actions which, if all are prevented from performing their intended safety function or prevented from being accomplished, would likely result in offsite doses greater than the reference values in §§ 50.34(a)(1)(ii)(D) and 52.79(a)(1)(vi).

An achievable target set means a target set that is within the ability of the DBT to compromise, destroy, or render nonfunctional, absent actions by an onsite armed response force.

The relationship of a target set to the three performance criteria presented in § 73.55(a)(7) is shown below.

Mitigation Measures Performance Achievable Target Facility Target Set? for Loss of Target Criterion Set?

Set?

§ 73.55(a)(7)(i)(A) No N/A N/A

§ 73.55(a)(7)(i)(B) Yes No N/A

§ 73.55(a)(7)(i)(C) Yes Yes Yes The material in RG 5.81 can help inform the identification and development of target sets.

© NEI 2020. All rights reserved. **DRAFT B** Page 2

[Month] 2020 2.5 Credit for Manual Actions A manual action performed by the facility staff may be credited3 in a technical analysis intended meet §§ 73.55(a)(7)(i)(B) or 73.55(a)(7)(i)(C), including actions to prevent or mitigate offsite radiological consequences. The basis for assuming action performance should provide reasonable assurance that the action could be completed under the postulated attack conditions and be documented in the analysis. For example, an action to enable a physical protection element, such as changing the position of a barrier or arming a delay feature, could be credited provided the facilitys layout, staffing and physical security features give reasonable assurance of its completion during an attack. Guidance for assessing the credibility (and thus acceptability) of a proposed manual action can be found in RG 5.81.4 Manual actions initiated from a remote location may also be credited. In these cases, the basis should also address potential challenges to timely performance of the action and mitigative measures. Topics to consider include cyber attacks, reliability and redundancy of communications systems, and potential collateral duties of personnel at the remote location.

2.6 Credit for Law Enforcement Support A technical analysis may credit an onsite response from a law enforcement agency to neutralize the threat; this credit may be applied in an analysis targeted at any of the three performance criteria. The scope and timing of the law enforcement response should be consistent with the Reasonable Assurance of Protection Time (RAPT) described in RG 5.76, Physical Protection Programs at Nuclear Power Reactors. It is possible that a response time shorter than the RAPT could be used; however, the technical analysis would need to include a sitespecific basis for the shorter time. [Augment this information with discussion in pending SECY on RAPT/SBT.]

2.7 Safety/Security Interface The performance of physical protection elements described in a technical analysis must be consistent with the requirements in § 73.58, Safety/security interface requirements for nuclear power reactors. More specifically, the design and performance of these elements cannot adversely affect reactor safety and, conversely, plant and operator responses to the event (e.g., changes in equipment configuration) cannot adversely affect physical protection elements. Further guidance on this topic can be found in RG 5.74, Managing the Safety/Security Interface.

3 For the purpose of this document, credit means a determination that a proposed action or activity can be performed during an attack, thereby permitting the action or activity to be relied upon to support conclusions in the analysis. The determination should meet a reasonable assurance standard.

4 RG 5.81 uses the term operator action.

© NEI 2020. All rights reserved. **DRAFT B** Page 3

[Month] 2020 2.8 Hazards from Adjacent Facilities and Transportation Routes When applicable, the technical analysis should identify and evaluate hazards from an adjacent nonnuclear facility that could potentially affect the safety or security features relied upon to meet a performance criterion. The analysis should also examine similar hazards emanating from an onsite or nearby transportation route (e.g., a roadway or rail line). Consideration should be given to hazardous conditions created by the DBT as well as those arising from other causes. Potential hazards to consider include:

Steam releases Chemical explosions, releases or spills Fires Misuse of industrial radiation sources The characteristics of each hazard, such as timing, severity, and persistence, should be determined. The technical analysis should then describe the design provisions and/or response actions that will mitigate the impacts of each hazard and ensure that the capability to meet the performance criterion is maintained. Hazard analyses performed to meet other NRC licensing requirements (e.g., reactor siting criteria) may be referenced as applicable; there is no need to perform duplicative analyses.

2.9 NUREG/CR7145 Prior to beginning a technical analysis, an applicant is encouraged to become familiar with the guidance in NUREG/CR7145, Nuclear Power Plant Security Assessment Guide. NUREG/CR 7145 provides guidance to design certification and combined license applicants for optimizing physical security during the design phase and minimizing reliance on operational programs (human actions). The material in NUREG/CR7145 can help inform the content of a technical analysis performed to demonstrate compliance with § 73.55(a)(7).

2.10 Use of Security Modelling Tools An applicant may employ a computer application in a technical analysis to model the security related aspects of an attack on the facility. For example, an application could be used to evaluate the detection and delay capabilities described in the analysis. For additional information on security assessment modeling tools, see Sandia National Laboratories Report SAND20075591, Nuclear Power Plant Security Assessment Technical Manual.

© NEI 2020. All rights reserved. **DRAFT B** Page 4

[Month] 2020 3 PERFORMANCE CRITERIA 3.1 Performance Criterion § 73.55(a)(7)(i)(A)

This performance criterion states:

The radiological consequences from a hypothetical, unmitigated event involving the loss of engineered systems for decay heat removal and possible breaches in physical structures surrounding the reactor, spent fuel, and other inventories of radioactive materials result in offsite doses below the reference values defined in §§ 50.34(a)(1)(ii)(D) and 52.79(a)(1)(vi) of this chapter.

To meet this performance criterion, a facility must have no combination of equipment or operator actions that, if prevented from performing their intended safety function or prevented from being accomplished, would likely result in offsite doses exceeding the cited reference values (i.e., the facility does not have a target set). An applicant can demonstrate compliance with this criterion through a technical analysis based on a consequence analysis that determines offsite doses for the postulated security event. The assessment may consider all engineered safety and security features in place at the beginning of the event; manual actions to operate these features after the attack has begun should not be considered.

Guidelines for performing a consequence analysis are presented in section 4 of this document.

3.2 Performance Criterion § 73.55(a)(7)(i)(B)

This performance criterion states:

The plant features necessary to mitigate an event and maintain offsite doses below the reference values in §§ 50.34(a)(1)(ii)(D) and 52.79(a)(1)(vi) of this chapter cannot reasonably be compromised by an adversary as defined by the design basis threat for radiological sabotage.

To meet this performance criterion, a facility must have no achievable target set that would likely result in offsite doses exceeding the cited reference values; in other words, the facility does not have a target set that can be compromised by an adversary with DBT capabilities to an extent necessary to result in offsite doses exceeding the cited reference values. An applicant can demonstrate compliance with this criterion through a technical analysis that identifies plant target sets and demonstrates the capability of safety and security features to prevent the DBT from compromising any target set. To meet this criterion, the analysis results cannot rely upon actions by an onsite armed response force.

Security features that may be considered in the analysis include:

  • Access control measures
  • Detection and assessment capabilities

© NEI 2020. All rights reserved. **DRAFT B** Page 5

[Month] 2020

  • Delay and barrier features
  • Actions by the facility staff or performed remotely
  • Insider threat mitigation 3.3 Performance Criterion § 73.55(a)(7)(i)(C)

This performance criterion states:

Plant features include inherent reactor characteristics combined with engineered safety and security features that allow for facility mitigation strategy implementation if a target set is compromised, destroyed, or rendered nonfunctional, such that offsite radiological consequences are maintained below the reference values defined in §§ 50.34(a)(1)(ii)(D) and 52.79(a)(1)(vi) of this chapter.

To meet this performance criterion, a facility should have a reactor design with a large heat capacity and slow progression from loss of safety equipment to degradation of fission product barriers and release of radionuclides from the facility. An applicant can demonstrate compliance with this criterion through a technical analysis based on a consequence analysis that determines the shortest elapsed time from event initiation to the onset of conditions that would produce a release with radiological consequences exceeding the cited reference values.

The analysis will also need to describe the planned mitigation strategies that would be implemented, within the time available, to prevent the conditions leading to the radiological release. Guidelines for performing a consequence analysis are presented in section 4 of this document.

A strategy should be understood as a plan of action for maintaining or restoring a safety function that is challenged due to the loss of a target element or target set. A strategy can be implemented by one or more methods. A method is a series of actions designed to implement a specific strategy. As an illustrative example of these terms, consider that placing a portable pump in service (a method) to inject water into a reactor vessel (a strategy) would maintain or restore the core cooling safety function.

The description of a mitigation strategy should identify the safety function performed, the events that would prompt implementation, the anticipated time for performance (with consideration of reasonably expected conditions prevailing during an attack), and the following elements needed for execution, as applicable.

  • Equipment (e.g., portable pumps, generators, hoses, cables, etc.)
  • Storage locations (onsite and/or offsite)
  • Transport and deployment arrangements (i.e., provisions for moving the equipment from a storage location to the location where it will be placed into service)

© NEI 2020. All rights reserved. **DRAFT B** Page 6

[Month] 2020

  • Key actions to place equipment in service
  • Staffing
  • Communications A facility meeting the performance criterion in § 73.55(a)(7)(i)(C) will need to perform periodic administrative and maintenance activities that support the ongoing capability to implement mitigation strategies. To this end, the technical analysis should discuss the following items.
  • Anticipated or actual documentation of support from offsite resource providers (e.g., letter of agreement, memorandum of understanding, contract, etc.) and how this documentation will be periodically verified and updated.
  • Plant design change and configuration control measures to ensure that credited strategies can be readily implemented or modified as needed.
  • Maintenance and testing of equipment.
  • Training and drills to validate strategies and maintain proficiency of personnel.

An applicant complying with the requirements of § 50.155, Mitigation of beyonddesignbasis events, is encouraged to become familiar with the guidance in RG 1.226, Flexible Mitigation Strategies for BeyondDesignBasis Events. RG 1.226 identifies methods and procedures the NRC staff considers acceptable for nuclear power reactor applicants and licensees to demonstrate compliance with NRC regulations covering planning and preparedness for beyond designbasis events. The material in RG 1.226 can help inform the content of a technical analysis performed to demonstrate compliance with § 73.55(a)(7)(i)(C).

4 CONSEQUENCE ANALYSIS GUIDELINES 4.1 General Instructions and Assumptions For the purpose of this document, a consequence analysis is an activity performed by the applicant to determine radiation doses at the boundary of the exclusion area and the boundary of the low population zone. As noted above, a consequence analysis will be needed to support demonstration of compliance with Performance Criteria §§ 73.55(a)(7)(i)(A) and 73.55(a)(7)(i)(C). The analysis should describe the initiating event (i.e., the actions taken by the DBT), the compromised target set (for analyses directed at § 73.55(a)(7)(i)(C)), and the subsequent responses by the plant, facility staff and supporting organizations and agencies, including law enforcement. With this information, the analysis should then determine the type and amount of radioactivity released to the environment.

The following assumptions should be employed in a consequence analysis.

a. Both active and passive safety features may be considered in the analysis.

© NEI 2020. All rights reserved. **DRAFT B** Page 7

[Month] 2020

b. The atmospheric release pathway is the riskdominant contributor to offsite doses (i.e.,

no consideration of direct exposures from the facility or releases to liquid pathways is necessary).

c. The atmospheric release consists of aerosols or gasses (with radioactive decay and in growth corrections as appropriate). If a release pathway requires more complex atmospheric transport modeling, additional analyses may be needed.
d. A straightline Gaussian plume segmenttype atmospheric dispersion model, with modifications as needed to account for nearfield dispersion phenomena, is used to estimate atmospheric concentrations. Such models are generally most suitable for relatively simple transport situations, such as open and level terrain, relatively steady meteorology, and relatively close distances (<10 km). Use of a more advanced dispersion model may require a different set of assumptions or methodological steps than those described in this document.

For facilities with relatively small exclusion areas, a straightline Gaussian plume model may overestimate nearfield radiological consequences. In these cases, other consequence analysis models may be used.

e. There is no credit for preplanned offsite protective actions such as evacuation or sheltering.
f. The exposure durations should be consistent the durations specified in §§ 50.34(a)(1)(ii)(D) and 52.79(a)(1)(vi).
g. The analysis need not postulate coincident events (e.g., a seismic or flooding event), or failures of structures, systems or components unrelated to the event.

For the release scenario and dose projections, a quantitative radiological source term should be developed by specifying atmospheric release characteristics such as the time dependent isotopic release rates to the atmosphere, release durations, release locations, physical/chemical form, plume buoyancy, etc. The radiological source term should be estimated using analysis methods and codes evaluated by an NRCaccepted process. In cases where more than one release scenario is identified, the consequence analysis should use the scenario (i.e.,

the event sequence) that produces the greatest offsite dose at the boundaries of the exclusion area and low population zones.

4.2 Meteorological Parameters An analysis to develop meteorological data may be needed to evaluate a range of meteorological conditions in a probabilistic fashion. Alternately, conservative transport and dispersion conditions may be assumed, although the conservatism of the selected conditions should be evaluated to ensure that the combination of parameters selected for transport and dispersion modeling was in fact conservative. For example, with appropriate justification, site

© NEI 2020. All rights reserved. **DRAFT B** Page 8

[Month] 2020 specific meteorological information could be used to develop average expected atmospheric dispersion characteristics (i.e., 50th percentile meteorology for the site), which would then be employed in the analysis.

Selection of a source of meteorological data would include an evaluation of data needs such as wind speeds, atmospheric stability, precipitation, mixing height, etc., for temporal and geographical representativeness. The quality and completeness of the meteorological data should be assessed, and significant uncertainties identified and characterized. It is expected that sitespecific meteorological data will be used; however, there may be instances where site specific data is not available or of sufficient quality and completeness. In these cases, there should be an explanation of the appropriateness of the meteorological data used for the analysis.

4.3 Atmospheric Transport Modeling An atmospheric transport model appropriate for the range of distances under consideration should be identified. For Gaussiantype models, dispersion parameters appropriate to the characteristics of the area and distance ranges under consideration should be identified, and conceptual approaches for the treatment of nearfield effects such as elevated releases, building wake effects, plume meander, plume rise, etc. should also be identified. The selection of an atmospheric transport model should also involve selection of a conceptual approach for treatment of wet and dry deposition. Any assumptions made in the atmospheric transport model should be identified.

4.4 Exposure Parameters The relevant exposure pathways should be identified; for example, exposure to both airborne and deposited radioactivity from atmospheric releases would involve both external (groundshine and cloudshine) and internal (inhalation of airborne material during cloud passage or as a result of resuspension) exposure. In order to assess the dose, the exposure parameters (e.g., shielding factors, breathing rates, exposure durations, etc.) would need to be characterized. Dose estimations should be carried out by combining the results of the release, transport, and exposure assessment with a recognized source of dose conversion factors (such as Federal Guidance Reports issued by the U.S. Environmental Protection Agency) to estimate the doses at the boundaries of the exclusion area and low population zone.

5 UPDATES As needed, a technical analysis should be updated to reflect changes to facility features or offsite support resources described in the analysis. The NRC should be notified of a change that affects compliance with an applicable performance criterion (e.g., an anticipated change will result in the performance criterion no longer being met).

Documentation of support from offsite resource providers should be verified on an annual basis.

© NEI 2020. All rights reserved. **DRAFT B** Page 9