Advises Commission of Recommendations Reached by Safeguards Performance Assessment Task Force for Evaluation of Licensees Tactical Response Capability at Nuclear Power Plants

ML20207E178
Person / Time
Issue date:	01/22/1999
From:	Travers W NRC OFFICE OF THE EXECUTIVE DIRECTOR FOR OPERATIONS (EDO)
To:
References
SECY-99-024, SECY-99-024-01, SECY-99-024-R, SECY-99-24, SECY-99-24-1, SECY-99-24-R, NUDOCS 9903100174
Download: ML20207E178 (27)
v • d • e

Text

{{#Wiki_filter:. _ _ _. - m e9300000000000000000000 4 l RELEASEDTOTHE PDR l 't 5 S/5/97 hlb i date initials j p a...e seeeeeeeeeeeeeeeea POLICY ISSUE January 22.1999 SECY-99-024 FOR: The Commissioners FROM: William D. Travers Executive Director for Operations

SUBJECT:

RECOMMENDATIONS OF THE SAFEGUARDS PERFORMANCE ASSESSMENT TASK FORCE (WITS 199800188) PURPOSE: To advise the Commission of recommendations reached by the Safeguards Performance Assessment (SPA) Task Force for the evaluation of licensees' tactical response capability at nuclear power plants. BACKGROUND: In June 1998, NRR recommended, and the Executive Council agreed, that the Operational Safeguards Response Evaluation (OSRE) program be eliminated by the end of Fiscal Year (FY) 1998. The goal of the OSRE program was to evaluate licensees' contingency response capability and interface between safety and safeguards (SECY-92-418, December 18,1992). Another assessment program, Regional Assists, provides support to the regions for testing the performance of the licensees' perimeter intrusion detection and alarm assessment systems (also described in SECY-92-418), but it does not evaluate the licensee's ability to meet the design basis threat. The OSRE program conducted site visits at nuclear power plants between 1991 and 1998 and / observed force-on-force exercises conducted by the licensees. The program identified a O/7 number of minor weaknesses and some significant weaknesses in licensees' observed

Contact:

R. Rosano, NRR 301-415-3282 9903100174 990122 PDR SECY 99-024 R PDR f 2-lO R /D +'l g Y phn VntM s _

N 4 l I 2- - performance.' Corrective actions for those weaknesses were implemented; however, not all - security plans were revised to incorporate these corrective actions, a step that would have made them regulatory commitments subject to later inspection and enforcement. Eliminating the OSRE program in FY 1998 left 11 power plant sites unevaluated under OSRE. (A list of these sites appears in Attachment 1.) This step generated extensive attention and-comments from the media and certain members of Congress, stemming in part from the . perception that the OSRE program was the only mechanism that the Commission had in place to evaluate licensees' ability to counter terrorism.' Two differing professional views (DPVs) were filed by NRC Headquarters and regional safeguards staff members who objected to elimination of the OSRE program. A panel was convened to review these DPVs and the panel issued its report and recommendations on November 4,1998 (Attachment 2). The staff responded to numerous inquiries from the media and Congress and briefed the Chairman and certain Commissioners on the OSRE program. These briefings included a discussion of possible attematives to the OSRE program to support NRC's future validation of licensees' tactical response capabilities. The Chairman instructed the staff to reinstate the OSRE program and to accelerate the efforts of the task force formed to review safeguards performance issues. The Chairman further instructed the task force to report its findings and recommendations to the Commission by the end of Calendar Year 1998. The task force that was formed in October 1998, now called the Safeguards Performance Assessment (SPA) Task Force, studied the lessons leamed from the OSRE program to develop recommendations for tactical response evaluations in the future. This paper summarizes the recommendations of the SPA Task Force. DISCUSSION: Section 73.55(a) of Tit!e 10 of the Code of Federal Regulations requires licensees to establish a - physical protection system and a security organization with the objective of providing high assurance that activities involving special nuclear material are not inimical to the common defense and security and do not constitute an unreasonable risk to the public health and safety. The physical protection system is required to protect against the design basis threat (DBT) of radiological sabotage (as defined in 10 CFR 73.1) and to " include, but not necessarily be limited to, the capabilities to meet the specific requirements contained in paragraphs [73.55) (b) 3 through (h)." l $ 1.icensees were allowed to carry out the exercises during OSRE visits using more response force personnel, and sometimes additional equipment, than are committed to in the approved security plans. During future OSREs, licensees will be limited to the response force i personnel and equipment that are specified in their security plan commitments. 2 The Differing Professional Views and media reports about the elimination of the OSRE program referred to it as a counter-terrorist and/or anti-terrorist program. In fact, the OSRE - program was actually focused on the broader concept of radiological sabotage, in accordance . with 10 CFR 73.1. y y--.. +.w a w -.,ma ,im .-e-, m.- y-

p ^ -3. L%nsees are required to develop physical security plans (PSPs) in accordance with 10 CFR 73.55(a) to satisfy the requirements of 10 CFR 73.55(a) and (b) through (h). These plans are submitted to the NRC for approval before implementation. Changes to approved PSPs that do . not decrease the effectiveness of the plan can be made through 10 CFR 50.54(p) and can be implemented without prior NRC approval; changes that do decrease the effectiveness of the plan are made under 10 CFR 50.90 and require NRC approval before implementation. NRC's regional security inspections are designed to evaluate compliance with commitments ~ made in approved PSPs and to assess the capabilities of the licensees' security programs. _Although these commitments are intended to ensure that the security organizations are able to protect against the DBT, the inspections carried out to evaluate compliance with these . commitments did not provide for performance testing of tactical response capabilities or evaluating the effectiveness of these commitments to protect against the DBT. ' The OSRE program, which is performance-based, was designed to enhance regional l inspection efforts by using force-on-force exercises conducted by licensees as a method of j. evaluating their response capabilities and it included the validation of licensees' target sets. A target set consists of interrelated equipment or a single component that if disabled or destroyed i ~ l could prevent the reactor from being maintained in a safe condition. The OSRE team works with the licensee to reach a consensus on appropriate target sets. The scenarios are then i given to the licensee's mock adversary force to carry out during the exercises. NRC l Headquarters and regional personnel, the NRC contractor, and the licensee's team of i j - observers oversee the exercises and evaluate the performance of the security force. OSRE _I visits were conducted at 57 sites between 1991 and 1998. During these visits, OSRE teams identified weaknesses a_t 27 plants; some of these weaknesses related to failures to prevent mock adversary forces from gaining access to vital equipment. These weaknesses have been i - corrected by the licensees. l l - Licensees have always been responsible for identifying vulnerabilities in their programs, including security. However, licensees' ability to identify vulnerabilities in their tactical response capability has been enhanced by NRC's OSRE program. Although the end result was a higher . confidence in t_he effectiveness of security programs throughout the industry, the SPA Task l. Force concludes that the industry can assume more responsibility for performance assessment of tactical response capability, thereby reducing the NRC's role in the assessment while . preserving the same level of confidence in the final product. t l 10 achieve this goal, the SPA Task Force recommends that: 1. The regulations be modified to require power reactor licensees to identify target sets, develop protective strategies, and exercise these strategies on a periodic basis. The L exercises would be subject to NRC inspection and observation. The rulemaking would i . also consider regulatory changes necessary to require licensees to maintain the ( effectiveness of their contingency plans and to upgrade their security plan commitments j' whenever these exercises reveal weaknesses in their ability to protect against the design i l basis threat, r

2. ' The staff develop a regulatory guide to outline the process for developing target sets and i

sabotage scenarios, as well es to detail acceptable means of conducting the exercises.

l i 3. The staff develop changes to the existing inspection program and procedures to identify the inspector's role in observing tactical response exercises and documenting the findings. The l NRC Enforcement Manual should be revised to describe actions to take as a result of inspection findings related to licensee-run exercises. 4. The staff consider developing a training module to enhance security inspector knowledge of tactical response exercises and abilities in carrying out the responsibilities of the new or revised inspection procedure (s). All of these actions will be coordinated with the Nuclear Energy Institute, industry l representatives, and other public stakeholders. The actions described in item 3 above will be coordinated with the reactor oversight process improvements currently under development. The SPA Task Force believes it is feasible to develop a schedule providing for a new rule to be l published for public comment by the end of May 1999 and the attendant guidance and inspection procedure (s) be published in final form by the end of October 1999. Final resource l and schedule estimates will be provided in the rulemaking plan that will be forwarded for l Commission approval within 60 days of approval of the recommendations contained in this l paper. The SPA Task Force recommends that OSRE visits continue while the rulemaking is j underway and that the cycle of OSRE visits be allowed to conclude before any new program of performance assessment is implemented. However, if recommendations that emerge from this effort represent a significant departure from, or improvement to, the OSRE program, a more i immediate shift to the new program may be warranted. l l On December 11,1998, Samuel J. Collins issued a Tasking Memorandum for Staff Followup on l Differing Professional Views Regarding the Operational Safeguards Response Evaluation ) l Program, to consider the recommendations of the DPV panel (Attachment 3). The l recommendations of the DPV panel have been incorporated into the SPA Task Force recommendations, with one exception, viz., the Chairman's instruction to the staff to immediately reinstate the OSRE program superceded the panel's recommendation that the program be terminated pending resolution of other issues. RECOMMENDATIONS-That the Commission approve the SPA Task Force recommendations outlined in the Discussion section above and allow the staff to begin work on a rulemaking proposal that would address these recommendations. 3 i i ~

l :* COORDINATION: The Office of the General Counsel has reviewed this recommendation and has no legal objections to its content. h William D. Travers Executive Director for Operations i I ' Attachments: As Stated Commissioners' completed vote sheets / comments should be provided directly-to the Office of the Secretary by COB Tuesday, February 9, 1999. Commission Staff Office comments, if any, should be submitted to the Commissioners NLT February 2, 1999, with an information copy to the Office of the Secretary. If the paper is of such a nature that it requires additional review and comment, the Commissioners and the Secretariat should be apprised of when comments may be expected. DISTRIBUTION: Commissioners OGC OCAA OIG OPA OCA ACRS' ~CIO CFO EDO REGIONS SECY' i i I

E.- I . Power Reactor Sites Without an OSRE Visit As of November 1.1998 i Clinton Comanche Peak Davis Besse . Ginna ~ Limerick Perry - Quad Cities Seabrook St. Lucie Susquehanna l Watts Bar l i i i 4 l l l i i 4 l l l i l t i

smru p UNITED STATES g j NUCLEAR REGULATORY COMMISSION f WASHINGTON, D.C. 30506 4001 ,k*****[ November 4, 1998 i i 1 i MEMORANDUM TO: SamuelJ. Collins, Director ) ONice of Nuclear Reactor Regulation Frank P.' Gillespie, Chair [N k FROM: } Ad-Hoc Review Panel

SUBJECT:

DlFFERING PROFESSIONAL VIEW CONCERNING 1 TERMINATION OF THE OPERATIONAL SAFEGUARDS RESPONSE EVALUATION PROGRAM i 4 in memoranda dated August 7,1998, August 21,1998, Thomas W. Dexter, A. Bruce Eamest, Dennis W. Schaefer and David N. Orrik forwarded to you the differing professional view concoming termination of the Operational Safeguards Response Evaluation Program (OSRE). The primary concem of the submitters was that the current regulations, as implemented, are deficient in assunng the level of protection required by NRC's Design Basis Threat (DBT) for radiological sabotage at nuclear power plants. Therefore, the on site reviews and exercises a i done as part of the conduct of an OSRE and the licensees' voluntary modifications, which have preceded or proceeded the OSRE, have become the vehicle for ensuring the needed level of 4 protection. One submitter did raise the additional concem that following an OSRE, some licensees have discontinued the increased measures needed to meet the OSRE objectives. q { Additional concems were developed during the Panel's review. All concems are discussed in the enclosed report. Your memorandum dated September 1,1998, designated that an ad-hoc panel be formed to review this differing professional view. The members of the Ad-Hoc Review Panel were Frank P. Gillespie as Chair, Arthur B. Beach as a management member, and Elizabeth Q. Ten Eyck, as a staff member as recommended and agreed upon by all submitters. Enclosed is the Panel's report with its findings, conclusions, and recommendations.

Enclosure:

As stated s i s Ag A ne,d 2.

4.. : i;- AD-HOC REVIEW PANEL REPORT ON THE DIFFERING PROFESSIONAL VIEW f THOMAS W. DEXTER, RIV A. BRUCE EARNEST, RIV DAVID N. ORRIK, HQ j DENNIS W. SCHAEFER, RIV i f ( \\ TJ ka i Frank P. 'Gillespie," air' + ^ Ad-Hoc Review P l 4 i l 4 T$. h Elp Gt. TMyck, MemtsF ~ l Ad-Hoc Review Panel I i i x...A LL i ' Arthur B. Beach, Member Ad Hoc Review Panel

l.. I l-TABLE OF CONTENTS . I. PANEL REPO'RT II. RECOMMENDATIONS III.' ATTACHMENTS.

1. (SEC.-91-052) Commission Paper dated February 26,1991

2. (SEC.-92-418) A subsequent paper dated December 18,1992

3. "A memorandum from the Director ofNRR to all Regional Administrators dated July 14,1992

4. Inspection Procedure 81700

5. Regulatory Guide 5.44

6. Of5ce ofInspector and Auditor Report dated April 24,1987 7.' Examples of OSREs IV.

REFERENCES

1. OriginalDPVs

' 2. Additional comments for submitters

3. DPV Related Information i

9 PANEL REPORT The panel has met to review and develop recommendations concerning the consolidated D.P.V. which strongly disagrees with the decision ofNRC raanagement to elimmate the Operational . Safeguards Response Evaluation (OSRE) program and what the submitters see as fundamental _ questions on the agency's approach to safeguards regulation for power reactors. The D.P.V. . panel held a nwing on September 11,1998, which included all the submitters by telephone except Mr. Orrick who was out of the office. The submitters supplemented their initial written - package at this meeting with additional material relevant to their concerns. A panel member supplied insights and subsequent information relevant to the international considerations, domestic considerations and internal consistency of the NRC's approach to performance testing of security equipment and security force response between fuel facilities and reactors. ' This additional information bears directly on the questions raised in the D.P.V. Following the meeting subsequent discussion between the panel members has occurred resulting in this draft set of recommendations for panel consideration. The primary concern of the submitters was that the current regulations, as implemented, are deficient in assuring the level of protection required by NRC's Design Basis Threat (DBT) for radiolog cal sabotage at nuclear power plants. Therefore, the on site reviews and exercises done as Part of the conduct of an OSRE and the licensees' voluntary modifications, which have preceded or proceeded the OSRE, have become the vehicle for ensurmg the needed level of protection. One subinitter did raise the additional concern that following an OSRE, some licensees have discontinued the increased measures needed to meet the OSRE objectives. During the. discussions several considerations were surfaced which bear on the conclusions reached and the recommendations for subsequent actions. The foremost consideration deals with the relationship within 10CFR73.55 between the requirement to submit a security plan which ensures the facility can protect agamst the DBT and the approved plans which meet as a mmimum the technical requirements ofp.tragraphs (b) thru (h). The current NRR inspection program for the most part inspects against the requirements of the security plan at a facility and not necessarily agamst the facility's ability to protect agamst the DBT as demonstrated during an OSRE. Enforcement guidance has been issued that indicates that the sole basis for secunty enforcement action is the facility secunty plan. This has led most facihties to be in compliance with applicable requirements in the security plan, but not maa ily being able to demonstrate that they can

stect against the DBT; the concern raised by the submitters. In discussions with the submitters, they recognized the corrective steps being taken by the licensees to the performance-based OSRE inspections as usually beyond the current requirements if based solely on the exisdng security plans, but withm the scepe ofthe NRC requirement to protect against the DBT These extra security rnaammes were viewed by the submitters as voluntary in nature.

The issues related to the effectiveness of safeguards requirements were documented in an Office fInspector and Auditor report dated April 24,1987 (ATTACHMENT 6 ), Regulatory o I ( Effectiveness Reviews for Operating Power Plants. The Regulatory Effectiveness Review (RER) program proceeded the OSRE program. This report addressed both the problem of plant specific j i

L.,. e 2 L backfit from each review and the need to re-examine the regulations and licensing basis of licensees for potential backfit requirements. This review was positive in its characterization of the RER assessments for evaluatmg safeguards effectiveness. This was the first of a number of i documents reviewed which address the fundamental question raised by the rabmitters. In a commission paper dated February 26,- 1991 (SECY-91-052) (ATTACHMENT 1) which - 1 discussed the RER program, the question of backfit and the inconsistency mentioned above were briefly touched upon. Backfit and the relationship of the RER, now OSRE, to the security plan is specifically addressed on page 3. "The staff'has analyzed the resuhs of the past RERs and concluded that, in general, i performance weaknesses have not resuhed from' weaknesses in the related regulations of the NRC. Most of the significant weaknesses identified during RERs involve capabili*y i specifically required by 10CFR73.55. Primarily the weaknesses have occurred because the licensee's security systems had not been evaluated for performance using the design basis threat as a benchmark." This conflict between the approved secunty plans potentially not resultmg in a security program which can protect against NRC's DBT requirement, the cautions on the backfit implications, and the assenion that the rules were sufficient was not reconciled in the February 26,1991 commission paper. In a subsequent paper dated December 18,1992 (SECY-92-418) (ATTACHMENT 2), the transition from the RER to the OSRE program is described, as well as, a summary of the benefits that have accrued from conducting the assessments. In this paper, the same conflict is described, as the results of all assessments are referred to as weaknesses to be corrected by licensees in recognition that the findings were beyond enforceable requirements. Finally, in a Memorandum to the Director ofNRR from the Chief of the Safeguards Branch dated September 27,1996, the question of the need to address the inconsistency of secunty plan and the . DBT through rule makmg was addressed On page 4 of that memorandum it states: " All four regions expressed a need for rule changes. These included rules to require improved planning for defending the plant, periodic response drills, improved traming for armed response officers, changes to Appendix C Part 73, Contingency Plans, and changes to allow adversary interdiction within vital areas, consistent with OSRE methodology. We intend to revisit an earlier plan to ask the Office of Nuclear Regulatory Research to replace the highly prescriptive training and qualification requirements in Appendix B of 10CFR Part 73 with performance-oriented requirements that would enable licensees to

tailor their tratmng and qualification programs to the specific needs to their site-specific defensive strategy. We will also consider whether a sufficient basis exists to request the l

' other rule changes suggested by the regions. We will also evaluate the possibility of issuing a generic commurladon or other documentation in response to Region III and IV recommendations to better communicate acceptable performance standards for security response, training, and performance testing." I i m

5 i a I 3 This previous commitment to revisit the need to correct what appears to be a significant inconsistency remains valid. In addition, the consistency in approach to the safeguards regulations between the Office ofNuclear Materials Safety and Safeguards (NMSS) and NRR on the topic of l ' response drills and exercises should also be addressed. NMSS addressed this issue in 10CFR73.46 as it relates to fuel facilities, by requmng certam exercises and the reporting of schedules to the NRC so that observation of the exercises by the NRC could be factored into the routine inspection program. A regulatory basis is also provided in 10 CFR 73.20 which requires NMSS licensees to mamtam the ability to protect agamst the DBT. The Safeguards Branch was asked to provide some perspective on the differences between the requirements of a facility security plan and OSRE resuhs.' Recognizmg this is a force on force exercise, the differences were weaknesses in the numbers ofguards and their response strategy. is the material supplied and does provide a perspective on the range of differences. While additional rigor is need for a rulemakmg or backfit analysis the changes that might evolve appear to be bounded. RECOMMENDATIONS

1. Specific resources should be dedicated to satisfying the commitment in the September 27, 1996, Memorandum to the Director ofNRR to reconcile as soon as possible the differences between facilities with security plans which are consistent with 10CFR73.55 (b) through (h) and

which may not protect against the DBT for radiological sabotage as demonstrated by OSRE and RER results. In doing so, reconcile the differences in approach between NRR and NMSS as they relate to response testmg and exercises. Based on their findings, a determination should be made whether to proceed to correct difficulties through order or through the normal rule makmg process, including consideration of 10CFR50.109 requirements as applied to backfit

- considerations.

2. Upgrades implemented by licensees to their secunty programs to demonstrate their ability to i

protect against the DBT for radiological sabotage as a result of the OSRE program may represent a backfit. OSREs should be terminated pendmg resolution of the first recommendation. Tlie _ inspection program should then be adjusted, if applicable. i

3. The regional assist or equipment testing efforts which are not connected with the force on force exercises appear to be less a question of backfit and more a question of responsibility for I

testing If a parallel is drawn to other areas in the NRC inspection program, performance testing should be completed by the licensee and observed by NRC. If the testmg requirements are consistent with guidance contained in' Regulatory Guide 5.44 (ATTACHMENT 5) and committed . to by the licensee in their security plans, a case for indWent NRC testing has not been established. A memorandum from the Director ofNRR to all Regional Administrators dated July 14,1992 (ATTACHMENT 3), on testing appears to remain valid and should be enforced. This is .j referenced in Inspection Procedure 81700 Physical Security at Power Reactors. l l' l

V.- i 4 'l "The guidance pnmarily applies to performance testing of security equipment First, inspector requests for licensees to conduct equipment performance tests should be limited to tests specified in the licensee's security plan or tests normally performed by the licensee. 1 Requests by inspectors for licensees to conduct such tests should be made as part of the preparation for an announced inspection. Second, regional inspector s should not conduct performance testing as part ofroutine inspections. There may be special circumstances appropriate for inspectors to conduct performance testing, such as follow up to an event. In those cases, approval should be obtained from the Director, Division ofReactor Inspection and Safeguards, NRR. Regions are encouraged to make use of the headquarters regional assist capability, which includes contractor support, when there is a j. determined need for the NRC to conduct performance testing of security equipment." 1 In this memorandum, the need for independent testing must first be established by the region before requesting assistance from NRR. This guidance was modified in April,1994 through the updating ofInspection Procedure 81700 (ATTACHMENT 4) which incorporated performance testing as part of the normal program to be done by headquarters with contractor assistance every l' fourth inspection cycle. This change to the procedure and the need for NRC staff or contractors to conduct the test should be re-enmineA in view of the October 1997 Regulatory Guide 5.44 on testing. i i l ) 1 l \\ i 4-1 I' ~ m - w-w

r_.. q e,. \\Mf August 7,1998 MEMORANDUMTO: SamuelJ. Collins,Dierector Office ofNuclear Reactor RegnW ^ PROM: David N. Orrik, Capt USN(Ret), Secudty Specialist,NRR/DRPM/PSGB

SUBJECT:

DIFFERING PROFESSIONAL VIEW REGARDING NRC ABANDONIN .ONLY COUNTER-TERRORISM PROGRAM. This Differing Professional View pertains to the NRC's's plan to eliminate Operational Safeguards Response Evaluations and Regional Assists, as currently described in the NRC i Inspection Manual as, respectively, procedures 81110 and 81700.

SUMMARY

The United States Nuclear Regulatory Commission has had a security program since 1991 focused on the ability ofnuclear power plant security forces to protect against a terrorist attack aimed at causing radiological sabotage, with equivalent consequences of i

Chernobyl. The heart of this program is security force demonstrations of their armed response capability in onsite force-on force exercises. Weaknesses were identified in 47% of the plants j evaluated to date. There is no other NRC counter-terrorism inspection or oversight effort. The NRC is canceling this program September 30,1998. Thisactionisill-advised. Thegovemment j and the public have placed a high priority on countering the perceived increasing threat of terrorism on U.S. soil. Nuclear plants are a key part of the American infrastructure. The nuclear l power industry continues to demonstrate an inability to prepare to protect their plants without ) i NRC oversight / pressure, i.e., "self-regulation"is a failure in plant protection. 4

1. THE PROBLFM-i

_a Protecting apaintt vio$ent stemt}t-L ' NRC has only one - small - program to ensure that the 60+ nuclear power plants are able to protect against a terrorist attack aimed at causing radiological sabotage,i.e, an "American L Cherncbyl". The program tests and evaluates their armed response force to respond to a specific threat capability, regardless ofits likelihood. The threat capability is specified in 10 CFR 73.1(I), which defines a design basis threat for radiological sabotage. Essentially, it is a small group of i

well-trained, well-equipped (weapons, explosives, etc.), dedicated terrorists with insider knowledge / assistance making a " determined violent external assault..."

L l~ This program is now scheduled to be eliminated on September 30,1998 (end ofFY98). 1 l i

7 ?1. NRC & COUNTER-TERRORISM bL Protecting meninst atta4 hv stamith-This same program also assins NRC regional inspections by performing a second type of performance evaluation (ofperimeter detection and access control equipment) to ensure that nuclear power plants can protect against one or more individuals attempting to surreptitious pwade into the plant in order to cause radiological sabotage. This " attack by mealth" is also part of the design basis threat (10CFR73.1(I)). This part of the program is now scheduled to be eliminated on September 30,1999 (end ofFY99 c_ Implications for USG noliev and public tu: There has been, and will be, no formal announcement or notification of any kind to anyone. An internal-NRC program willjust end. However, this action puts the USNRC in the unique posit of being the only government agency to end its active involvement in counter-terrorism when both the executive and legislative branches of the govemment are increasing the emphasis (and funding) for counter-terrorism for (other) government agencies. Also, the public, when advised, could perceive this as the NRC placing private profit before public and environmental health & safety,

2. THE COUNTER-TERRORISM PROGRAM-This program is small, employing 3 NRC headquarters personnel (out of 3000 total NRC),

assisted by contractors at a cost of 590K/ year. The program consists primarily ofonsite performance evalentions ofa plant's security force and equipment. The heart ofthese evaluations, called Operational Safeguards Response Evaluations (OSREs), are onsite force-on-force (FOF) exercises with mock terrorists attacking the plant. The " terrorist" force in these I exercises vades from a single amateurish individual to a team with the capabilities of the NRC design basis threat. The typical exercise lasts only a few minutes; either the mock terrorists have reached all of their target equipment or they have been interdicted by armed responders who have deployed to key defensive positions with appropriate weapons. 'Ihis program is almost identical i to the one used by DOE for its facilities, except that the NRC was on a much slower frequency, i.e. an OSRE once every 7 years The contractors, who assist both NRC and DOE, are exceptionally well qualified and trained for this program's efforts. The second type ofperformance evaluati5n, called Regional Assists, conducted by the OSRE team is to physically test the perimeter baniers and alarm systems, CCTV alarm assessment systems, and acceu control equipment (i.e, X-ray and metal detectors). Byjumping, crawling, climbing, etc. the team attempts to defeat the alarm systems and make undetected penetrations into the plant. (Note: Plant personnel are always present so the tests are not confused with actual ( alarms.) Both individual (i.e., the " lone wolf' terrorist) and team penetration methods are used. 2

m.....

a. { I NRC & COUNTER-TERRORISM This effort also is almost identical to the one used by the DOE for its facilities. i

3. PLANT PROTECTION CAPABILTTY-AS DEMONSTRATFn -

l i The evidence over the last seven years from 55 OSREs is that, prior to preparing for an OSR I plants would not have been able to demonstrate an assured ability to protect their plant aga terrorist attack. They were unprepared. Why? Regulations do not require nuclear power plants 4 to conduct onsite contingency exercises. (However, category I fuel facilities are required by regulation to conduct contingency exercises onsite and, at least once a year, for observation NRC.) In preparing for their OSRE, ALL plants: conducted a vulnerability analysis; developed a new protective strategy; trained trainers; gave new training to their largely inexperienced, civilian guard force in response weapons and tactics; exercised all 3,4, or 5 shifts in onsite FOF exercises in the new strategy and tactics; added new delay or denial barriers in intruders' likely paths, .. added protecteNballistic defensive positions for responding o5cers, ne estimated real cost to a plant, most ofit one-time capital expenditures for delay / protection modifications, has been $140k to $800k. 4 Further,52 of 55 plants determined in their pre-OSRE work-up that they needed an average 80% more armed responders than they had committed to in their security plan if they were to " pass" the OSRE. Only when they had to demonstrate their protection capability to the NRC did they arrive at a realistic number based on rea! performance data. Only one plant had to hire additional security o5cers; the other plantsjun assigned response duties to more o5cers al on shift and tl.en train them. However, despite 6-12 months advance scheduling, an unvarying design basis threat and list of test-events, and much, intense preparation,26 of 55 (47%) plants still demonstrated significant protection weaknesses during their OSRE. Further, seven plants had such egregious weaknesses that a return OSRE was scheduled to test the corrective measures. Examples ofthese weaknesses are when a plant's response force failed to interdict the mock terrorists in all ofthe onsite exercises, or when a mock-terrorist " success-scenario"is predictable. (Six of these plants have since satisfactorily corrected their w *%ses; the seventh will be retested in August.) After an OSRE, all plants have relaxed their training / exercising program from the pre-OSRE ~ period. This has meant, in some cases, the end ofany formal training or exercising program, no onsite exercises, little or no F0F exercises (which normally requires additional, overtime personnel, e.g., " shadow" shift and exercise controllers), reduction ofresponse team size (to the plan-commitment level), and assignment ofresponse o5cers to other duties (e.g., fire watch) preventing those o5cers from being able to meet their response " time-lines". ( i L 3 ,--.e

e. -.,

-e-- -~<.,s-a.

NRC & COUNTER-TERRORISM Additionally, in thirty-six Regional Assists, the OSRE team has identified 117 pedmeter intrusion detection sensor weaknesses by physical testing. The team limits tesdng to the capabilities ~ asedbed to the NRC design basis threat. The team couples this with knowledge ofthe sensor systems to devise and execute plausible penetration methods. However, in many cases the - penetration method, the weakness, lies beyond the plan commitment.

4. OTHER NRC SECURITY EFFORTS-I These two evaluations are the onlyNRC security evaluations that are performance based. They were begun in 1991 to focus on the armed response and perimeter protection weaknesses being identi6ed in Regulatory Effectiveness Reviews (RERs), which evaluated the effectiveness of safeguards programs, determining ifsecurity regulations,'as translated into secudty plans, were effective. The RERs identified 644 weaknesses; the majority were beyond plan commitments and had, therefore, never been previously identified. All were corrected.

The other, current secudty inspections are regionally based and evaluate a plants' compliance with its secudty plan, not if the plan works. The OSRE program's benchmark is the NRC's design basis threat. Only the OSRE program physically tests the functioning of the plants total program's ability to protect against the threat. The regional inspectors are, in fact, neither authorized, nor trained, nor physically qualified to do this kind of testing NRC regional inspectors cannot require or enforce correction of any observed weakness that is beyond commitments in the secudty plan. However, there has been no correlation bm, a plant's OSRE performance and either (1) its compliance with commitments in its security plan or, (2)its periodic security quality ratings by NRC, which is derived from, among other things, regional inspection results. In other words, a plant can be in compliance with its security plan and still be unable to protect, with "high assurance, against the design basis threat. t This lack of correlation can become critical. In only 2 plants, of the 26 plants that had response l weaknesses identified in an OSRE, were plan violations an issue. In one recent Regional Assist, i the perimeter alarm system was penetrated without alarming in 8 places, but in 6 of those locations the penetration method was beyond plan commitments. This was not unusual. NRC inspectors cannot enforce correction ofweaknesses that are beyond plan commitments. Further, a plant can reduce its response force to its (minimum) plan commitment with impunity since that reduced number is in the NRC-approved plan. However, the OSRE routinely has caused corrections to be made to weaknesses that appear beyond plan commitments. Ofcourse, the weaknesses are demonstrated; they were real, significant, and obvious, once identified. Only 3 plants have ever challenged RER/OSRE-findings and, for various reasons were unsumeefb1 Again, all weaknesses have been corrected. 4 I -m 4

... _ _ _ _. _ _.. _.. _.. _ _ _. _.. _ _ _ _ _. ~.. _ _ _ _. _ NRC & COUNTER-TERRORISM

5. PROGRAM OUALTTY:

The OSRE team hu consistently received praise frorn plant / utility management for their professional conduct and the bene 5cial impact of the OSRE experience on the plant's protec capability. (More speci5cally, it's been the plants' preparations for the OSRE that has had she salutary impact.) The high quality and impact of the OSRE, and the team, can be veri 5ed questioning the security directors and plant managers of the nuclear power plants that have undergone an OSRE as to their capability before and after the OSRE and the OSRE experie-{ general. Additionally, this NRC program has become the model for other govemment nuclear agencies - Foreign govemment nuclear officials have observed OSREs or Regional Assists in the last 2-3 ) years. As a result, parts or all of the program are being copied or used as models in Russia, KaW=n, Ukraine, Japan, and Germany. At Russia's request, NRC is conducting an OSRE seminar in Russia this August. DOE personnel have also observed an OSRE, and as a resul DOE is planning on devoting one day ofits 1999 International Physical Protection Training Course to a presentation ofNRC's OSRE and Regional Assist Methodology. Ofcourse, NRC wiD have canceled it by then. By what criteria wiD it have been canceled? Cost? Effectiveness? Needin America today?

6. SIGNIFICANCE OF IDEN m n-o WEAKNERRER:

a. Only the capabilities of the NRC design basis threat was used. Therefore, the plants should be able to protect againn it. At all times.' (Actually, the capabilities used in OSREs are somewhat LESS THAN those specified in 10 CFR 73.1.) The threat has been the same in all 1

OSREs and RERs

b. Many weaknesses were identi5ed; some were severe.

c. The weaknesses were neiether identi5ed by other NRC inspections nor by the licensees.

d. The weaknesses were predominantly beyond security plan commitments (e.g., in personnel levels and response team exercising).

e. The weaknesses were not identified, or at least not corrected, by the power plants until pre-OSRE preparations. Industry self-regulation failed 5s failing.

f. Economic pressure to cut back, reduce personnel (e.g., to plan commitments) is already sev at nucicar power plants. Eliminating the OSRE program will eliminate any countervailing pressure to this economic pressure to reduce plant security forces. Reductions have already been identi5ed by regional inspectors.

g. - OSREs have identi5ed some plants where the onsite, F0F exercises indcated that ' reductions in the actual response team size could be made. - The team stipulates only that the plant validate the reductions (with analysis and exercises) and then notify NRC.

h. This program is the ONLY NRC active counter-terrorism effort. It has been effective; plants are correcting significant weaknesses in their protection capability.

(

i. Armed response weaknesses at power plants regulated by NRC are not new. The GAO

i 4 NRC & COUNTER-TERRORISM identified this in 1977 in a repon titled, " Security at Nuclear Powerplants - At Best, Inadequate." On page 11, the report noted that "... studies conclude that security at nuclear l powerplants could not counter sabotage forces ofseveral individuals that were armed and had j 1 - knowledge of the plant." i

7. IMPACT OF CANrTT1 ATION-l CanceHation of the OSRE program means that 11 plants will not have had an OSRE by the end of FY98. Evidence from the first 55 OSREs is that ONLY those plants that prepare for an OSRE i

wiB be prepared to protect the plant against radiological sabotage. Plant security plans have failed to do this. Industry self-regulation has failed to do this. This is as true in 1998 as h was in 1991. Therefore, to the extent that these plants have not prepared for an OSRE, the evidence is clear that ' hese plants will not be capable ofprotecting against the design basis threat for radiological t sabotage. J Further, security managers admit - volunteer - that, without the specter of a return OSRE visit, they would find it impossible to justify continuing external-threat analysis and shift training to plant / utility management. This is especially true since there is no current regulatory requirement for nuclear power plants (unlike fuel facilities) to exercise their shift response teams onsite, or anywhere. This is a result of utility pressure to reduce costs. Therefore, it isjust a matter oftime before all or most response forces will have stopped realistic, or any, onsite exercising. Without exercising, the OSRE experience is that these response team's quahty willinevitably deteriorate to an inadequatelevel. Further, the strong and increasing pressure for nuclear power plants to downsize is especially significant since all plants commit to a specific response force size in their security plans to counter radiological sabotage. (These plans were approved by NRC before the plants went on-line.) However, in 52 of the 55 OSREs, the plants used an average of 80% more responders than they committed to and, therefore, are required -by regulation-to have. The industry's priority has been shown to be, understandably, economic survival then economic profit. Security is a non-productive overhead cost. Plants in all regions are already reducing or planning on reducing security force size, and concomitantly, response force size. Without OSREs (in some form) to - evaluate these reductions, to require plants to demontrate capability with these reduced numbers, NRC wiD have no recourse but to accept the reduced numbers. His, despite the fact that it was - the licensees themselves that determined that they needed the larger number ofresponders to " pass" an OSRE, whose sole criteria was the NRC design basis threat Therefore, nuclear power plants will inevitably have an insufficient number ofresponse officers to counter the NRC design basis threat. ll-It must be emphasized that the NRC design basis threat does not rely on any probabilistic estimate d of the likelihood of a " violent external assault." It is a capability, not an intention. Unfortunately, i. l 6 L i

Y *- * * ' L**~. NRC & COUNTER TERRORISM effort will inevitably weaken plant protection to levels unable to protect against the design b threat capability. "Self-regulation" has clearly failed. It has only been the " threat", i.e., ) scheduling, of an OSRE that prompted utihties to adequately protect public heahh and sa 1 i The money they spent preparing for their OSRE in the immediate pre-OSRE period is evidenc this. There has also been a failure within the NRC to agree upon and ensure that a regulatory b l exists that ensures that power plant licensees (!ike fuel facilities) can (demonstrably) protec l against the NRC design basis threat. It is not an extraordinary capability. Relying on license i plans, " signed" to pro roven Mer=~~y. David Orrik, Capt USN(Ret) cc: J. Roe, NRR R. Rosano,NRR MModes, RI GBelisle, RII JCreed, RHI BMurray, RIV l [c t 7

-.___._._.-._.m_ a 4 ( l, y August 21,1998 ' j MEMORANDUM TO: Samuel J. Collins, Director Office of Nuclear Reactor Regulation FROM: Thomas W. Dexter /s/ ' Senior Physical Security Specialist, Region IV Dennis W. Schaefer /s/- { Physical Security Specialist, Region IV A, Bruce Earnest /s/ Physical Security Specialist, Region IV

SUBJECT:

DIFFERING PROFESSIONAL VIEW REGARDING NRC i TERMINATION OF ITS COUNTER-TERRORISM PROGRAM . FOR NUCLEAR POWER PLANTS The attached Differing Professional View pertains to NRC announcing its termination of the Operational Safeguards Response Evaluation (OSRE) program. We strongly disagree with NRC's management decision to eliminate the OSRE program. i instead, we recommend that this highly successful, performance-based program be continued. 1 The NRC cannot afford to eliminate (abandon) its only counter-terrorism program. The defense of a nuclear plant against a terrorist attack is only as good as the execution of the defensive plan.- The OSRE program is NRC's single measure of licensees' ability to adequately defend a plant against an attack by a terrorist group. As a result of the OSRE program, nuclear power plants have developed into hardened' targets. Elimination of the OSRE program will cause a ' softening" of nuclear plant security. The NRC OSRE program is essentialin todays hostile environment because: - it causes nuclear plants to successfully demonstrate their ability to defend against a terrorist attack aimed at causing radiological sabotage. j The nuclear industry has failed to self-regulate in the desigrFbasis threat area. Frequently, nuclear plants have not begun to finalize effective defense strategy until i announcement of the OSRE program at the site. Occasionally, even with 6-8 months advance notification, licensees have ' failed" their initial OSRE. During reevaluation, all licensees have successfully passed the OSRE. The nuclear industry continues to challenge the existence of a nuclear" threat" and the L{ need for protecting against the design basis threat. The OSRE program has caused the threat to become real. Terrorist acts in the United States and ongoing world tensions j. have reinforced the need to continually protect against the design basis theat.

v A successful attack on a single nuclear plant will adversely effect the entire nuclear industry. The public willimmediately perceive that all nuclear plants are unsecure and, tnerefore, unsafe. In past years, nuclear power plants have not been a likely target for terrorist groups. However, this philosophy is changing. The FBI reports that a lesson from terrorist attacks in recent years, domestic and intemational, has proven that there is no such thing as an unlikely target. From an economic and safety standpoint, termination of the highly effective OSRE program is ill-advised. A successful

• hit" upon a nuclear plant by a terrorist group would have a ripple effect through the nuclearindustry. In tum, this would have a devastating economic effect upon the NRC and the country.

The continued success of the NRC OSRE program could very well deiermine the future successful operation of the nuclear industry. Likewise, the effects of eliminating the OSRE program could initiate a downturn in the nuclear industry. The nuclear industry has stated that the OSRE program is expensive and has encouraged the NRC to eliminate the OSRE program. Elimination of the NRC OSRE program demonstrates that NRC and the nuclear industry have placed industry profits ahead of public health and safety. This memorandum and its attachment do not contain safeguards information.

Attachment:

As stated cc: (via e-mail) E. Merchoff, Regional Administrator, RIV J. Dyer, Deputy Regional Administrator, RIV A. Howell, Director, DRS, RIV B. Murray, Chief, Plant Support Branch, RIV J. Roe, Acting Director, Division of Reactor Program Management, NRR R. Rosano, Acting Chief, Safeguards Branch, DRPM, NRR M. Modes, Chief, Emergency Preparedness and Safeguards Branch, RI G. Belisle, Chief, Special Inspection Branch, Ril J. Creed, Chief, Plant Support Branch 1, Rlli ( 4

n. ATTACHMENT k DIFFERING PROFESSIONAL VIEW REGARDING NRC TERMINATION OF ITS COUNTER-TERRORISM PROGRAM FOR NUCLEAR POWER PLANTS

Background

On August 17,1998, Sam Collins, Director, NRR, advised a group of NRC security managers and inspectors (from NRC headquarters and all four regions) that NRC senior management had decided that effechve September 30,1998, the NRC OSRE program would be eliminated. Since 1991, the NRC has been conducting Operational Safeguards Response Evaluations (OSREs) at nuclear power plants. To date, OSREs have been conducted at approximately 95 percent of all nuclear power plants. The OSREs have successfully evaluated the ability of nuclear power plants to pmtect themselves against a terrorist attack aimed at causing radiological sabotage. There has been no other program that measures licensees' ability to defend against a terrorist attack. Differino PieL==%ml View We strongly disagree with NRC's management decision to eliminate the OSRE program. Instead, we recommend that this highly successful, performance based program be continued. Federal Burman of Irr;nua hn On August 18,1998, representatives from Headquarters, FBI addressed a group of NRC security managers and inspectors and stated the following: (1) in the' past years, nuclear plants have been a *hard" target and as such, were not a likely target for a terronst group. However, this philosophy is changing. A lesson from terrorist attacks in recent years, domestic and intemational, has proven that there is no such thing as an unlikely target. (2) That a defensive plan (at a nuclear power plant) is only as good as the execution of this plan. A plan by itselfis oflittle value. (3) That " soft

• targets are more vulnerable to a terrorist attack than hard* targets.

(4) That secunty officers carrying weapons at nuclear power plants provide a visible and significant deterrent to a terrorist attack. The OSRE Preui in The OSRE program is NRC's single measure of licensees' ability to adequately defend against the (10 CFR 73.1) desigressis threat and against an attack by a +~m:ist group. 4 The NRC cannot afford to eliminate its only performance-based counter-terrorism program. L

.e. Execution of the OSRE program is described in NRC Inspection Procedure 81810. The centralized OSRE program at NRC Headquarters has insured that regulatory requirements are applied consistently. The conduct of an OSRE requires a minimum of 5-7 personnel. Regions do not have sufhient resources to conduct OSREs. As a result of the OSRE program, nuclear power plants in the United States have developed into "hardenod" targets. Elimination of this program will cause a " softening" of nuclear plant security. The NRC OSRE program has become the model for other govemment nuclear agencies and for other foreign govemments. 1 Nuclear inrio=+rv Has Failed Self Ramdation in rwinw.ie Threat Area Since the initiation of the OSRE program in 1991, several nuclear plants have demonstrated an inability to self-regulate and adequately defend its plants. Examples are documented in several OSRE reports on file. For initial OSREs, ficensees have normally been provided fM months advance notification. Without exception, if advance notifications were not provided, licensees' ability to defend the plant would be limited.' Even with advance notification, some licensees (in all regions) have failed their initial OSRE. The " failed" licensees demonstrated that they could not provide a sufficient number of responders, appropriately armed and equipped, in protected positions, in time to interdict the mock adversary force. During reinspection, all licensees successfully passed the OSRE. On numerous occasions, security officers at nuclear plants have stated to the inspectors that the OSRE caused their plant to adopt a realistic and viable defense p!an. Prior to the scheduling of the OSRE, the plants' defensive plan and their ability to protect against a small group of armed terrorists, was inadequate. On July 30,1998, a supervisor at a Region IV plant stated that the rumored elimination - of the NRC OSRE program will make it difficuit to implement additional security defense. modifications at the plant. General Public Gives f6'uelaar Irwin=+rv Oniv One Chance The consensus of NRC security inspectors is that a successful attack on any single nuclear plant will have an immediate and adverse effect upon the entire nuclear industry. Public opinion following a successful terrorist attack at a nuclear plant willnet support j the rebuilding of that plant and will no longer support the continued production of nuclear power at any nuclear plant. As a resutt of one plant being successfully" hit," the general public will immediately perceive that all nuclear plants are unsecure and, therefore, ( unsafe. l

o l The OSRE program provides a valid performance base for evaluating licensees' ability j to defend plants against a terrorist attack. The continued success of the NRC OSRE 1 program could very well determine the future operation of the nuclear industry. Likewise, the effects of eliminating the OSRE program could initiate a downturn in the nuclear industry. i Economics and Public Health and Safetv From an economic and safety standpoint, termination of the highly effective OSRE program is ill-advised. The NRC cannot afford to eliminate (abandon) its only counter-terrorism program. Licensees have often reported that preparation for an OSRE is very expensive. Plants that incur tremendous expenses in OSRE preparation are normally those plants that have waited until announcement of the OSRE to begin their preparation. The nuclear industry has encouraged the NRC to eliminate the expensive OSRE program. Elimination of the OSRE prognm demonstrates that NRC and the industry have placed industry profits before public hetalth and safety. As discussed above, the successful

• hit" upon a nuclear plant by a terrorist group would have a ripple effect through the nuclear industry. In tum, this would have a devastating economic effect upon the NRC and upon the industry.

Securitv/ Terrorist Threat is Often Not Understood bv Members of the Nuclear Industrv Licensees (non security) staffs have routinely challenged the existence of a threat to nuclear plants, and the need for protecting against the design-basis threat. In response, licensees have been continually advised that just because you *can't see" the enemy, does not mean thR the enemy (or the threat) is not real. The OSRE program has . caused the threat to become real; however, in some cases, licensees have envisioned NRC as "the threat." Without exception, licensees have drastically improved their defensive plans as a result of the OSRE program. In most cases, "the threat" remains invisible until it is to late. On August 7,1998,"the threat" became real (and visible) after the 4-story U.S. Embassy building in Nairobi was badly damaged by a large vehicle bomb. Previously, in the United States, bombings of the World Trade Center in New York City and the Federal Building in Oklahoma City, made the threat very real and visible. i

• w.*

p arco g UNITED STATES i e I NUCLEAR REGULATORY t;OMMISSION WASHINGTON. D.C. 3NE6

• \\,...../

December 11, 1998 4 MEMORANDUM TO: Jack W. Roe, Acting Drector j ' vision of Rea-tor Program Management a]D IL FROM: @ns, Drector i Office of Nuclear Reactor Regulation j

SUBJECT:

TASKING MEMORANDUM FOR STAFF FOLLOWUP ON DIFFERING PROFESSIONAL VIEWS REGARDING THE OPERATIONAL SAFEGUARDS RESPONSE EVALUATION PROGRAM By memorandum dated November 4,1998, the ad hoc panel on the consolidated Differing Professional Views regarding the cancellation of the Operational Safeguards Response Evaluation program forwarded their report to me. That report contained the following recommendations:

1. a. Dedicate specific resources to satisfying the commitment in the 9/27/96 memo "to reconcile... the differences between facilities with security plans which are consistent with 10 CFR 73.55 (b) through (h) and which may not protect against the DBT for radiological sabotage..."

b. "[R}econcile the differences... between NRR and NMSS as they relate to response testing and exercises.'

c. Determine "whether to proceed to correct difficulties through order or through the normal rule making process, including consideration of 10 CFR 50.109 requirements."

2. *0SRE should be terminated pending resolution of the first recommendation. The i

inspection program should then be adjusted, if applicable."

3. a. Inspection Procedure 81700 (which references equipment testing as part of the normal program to be done by headquarters with contractor assistance) should be "re-examined in view of Regulatory Guide 5.44 (October 1997) on testing.

b. Terminate equipment testing by NRC or its contractor (refers to 7/14/92 memo from Director, NRR, to all Regional Administrators, and inspechon Procedere 81700).

I have adopted these recommendations, with the exception ofitems 2 and 3b. The OSRE program has been reinstated and the equipment testing porhon of the Regional Assiu will remain in place. To carry out the recommendatzms of the panel, the staff is tasked to do the 7e"25:

1. Continue with the efforts of the Safeguards Parformance Assessment (SPA) Task Force to examine the regulatory basis for performance testing of heensees' security programs 2

and make recommendations as to how the NRC should conduct performance testing in i the future. l Wkad 3 L 4

7_ / .w-j,(gf_C J. Roe 2 The SPA Task Force should consider whether a changes in reguisbons, inspechon i procedures, and/or agency poimies are appropriate to address this issue. In this j process, the team should consider the requirements in 10 CFR 73.46 for Category I licensees to condum periode exercises of their contingency plans and whether those i requirements have a bearing on the need for power roedor reactors to test their j contingency response plans

2. Working with OGC, tw team should examine the issue of comphance with requirements and the expematon that bcensees'secanity programs we be able to i

defend against the design base threat. This examinston should consider whether. i j_

a. boensees are lega#y required to be able to defend against the design basis threat (73.55(a)) and to demonstrate that capabWty when cased upon to do so by a representative of the NRC (73.55(b)(4)).

b. a heensee can be cited for woimbons of 73.55(a) when they fail to successfully demonstrate the capability to defend aganst the design basis threat, even when it

{ can be shown that the licensee is in compliance with appbcable regulatons and j coramstments. l j

c. some NRC sction other than a Notice of Violabon is appropriate and legally supportable when a licensee fails to comply with 73.55(a) 1 1

3. Reconcile the differences between inspection Procedure 81700 and Regulatory l

Guide 5.44 with respect to NRC-conducted equipment tests and, if there are actual i differences, determine the appropnate means of resotyng them ) l I note that the SPA Task Force has already made considerable progress in answering these questions and that a report detailing the Task Force's recommendatens is forthcoming. The Task Force should accelerate its efforts in this regard and prepara recommendsbons to be forwarded to the Commission by the end of December 19g8. cc: D. Onik, NRR Distribution: T. Dexter, RIV File Center B. Eamest, Riv PSGB r/f D. Schafer, RIV J. Roe H. Miller, Rl D. Matthews L Reyes, Ril T. Quay 1 J. Caldwell, Rill R. Rosano J. Dyer, RIV l J. Wiggins, RI B. Mallett, Ril J. Grobe, Rill A. Howell, RIV F. Mragha, OEDO i S. Comns, NRR DOCUMENT NAME: ,=.- g:\\rosano\\ tasking y _ n. j OFFICE PSGB lE (A)D: DRPH nl ti;M** #[ j NAME DRosano h JRoe. ellins j DATE 121 ? 198 121 X 198 1218 198 OFFICIAL RECORD COPY 2 k --.}}