ML20211A630
| ML20211A630 | |
| Person / Time | |
|---|---|
| Issue date: | 08/17/1999 |
| From: | Rathbun D NRC OFFICE OF CONGRESSIONAL AFFAIRS (OCA) |
| To: | J. J. Barton, Bennett R, Horn S, Inhofe J HOUSE OF REP., SENATE, SENATE, ENVIRONMENT & PUBLIC WORKS |
| Shared Package | |
| ML20211A636 | List: |
| References | |
| RULE-PRM-50-65, RULE-PRM-50-66, RULE-PRM-50-67 NUDOCS 9908240092 | |
| Download: ML20211A630 (8) | |
Text
hOubL g"% \\
UNITED STATES p'
NUCLEAR REGULATORY COMMISSION E
wAsmNGTON, D.C. 30088 4001 l
{
,m.
August 17, 1999 The Honorable James M. Inhofe, Chairman Subcommittee on Clean Air, Wetlands, Private Property and Nuclear Safety
~ Committee on Environment and Public Works United States Senate
- Washington, DC 20510
Dear Mr. Chairman:
I
- The U.S. Nuclear Regulatory Commisdon (NRC) has wnt the enclosed Federal Register
. notices to the Office of the Federal /fopisterfor publication. With this action, the NRC denies
- three related petitions for rulemakhg submitted by the Nuclear Information and Resource Service (NIRS). The petitioner, NRS, requested that the Commission amend its regulations to require that nuclear facilities be shut down if they are not compliant with Y2K issues (PRM 65). The additional two related petitions would require nuclear power plant and major fuel cycle facilities to develop and implement adequate contingency plans and conduct emergency planning exercises to address potential system failures (PRM-50-66) and to provide reliable back-up sources of power for nuclear facilities (PRM-50-67).
With respect to NIRS' petition for a rule requiring shutdown of nuclear facilities that are not
. Y2K compliant, the Commission finds that licensees are taking action to identify and address Y2K problems. The NRC has required licensees to provide information describing their activities for addressing Y2K issues, and to provide information by July 1,1999 that describes the status of their work. The NRC has received reports from all 103 operating nuclear power plant units. All nuclear power plants reported that no remaining Y2K-related problems exist that could directly affect the performance of safety systems or the capability for safe shutdown.
Seventy-three units have also indicated that their computer systems supporting safe plant operation are "Y2K ready." The remaining 30 units reported that they have additional work to
' complete on a few non-safety computer systems or devices to be fully Y2K ready and provided schedules for completing the work. None of the remaining work affects the ability of a plant to shutdown safely, if needed. As part of its oversight, the NRC audited and inspected the implementation of licensees' Y2K activities and will continue with follow-up where necessary.
If, by September 30,1999, it appears that Y2K readiness activities will not be completed in advance of the December 31,1999 transition, the NRC will take appropriate regulatory action, including issuance of orders, if warranted. Accordingly, the NRC concludes that NIRS' proposed rule is not necessary to provide reasonable assurance of adequate protection to L
public health and safety in the event of any Y2K-induced problems.
The NRC oversight activity to audit, on a sample basis, the plant-specific Y2K programs at 12 L
nuclear power plant sites included a variety of plants of different ages, types, and locations, to provide an effective evaluation of Y2K readiness program implementation. These audits were completed in January 1999. The audit results indicated that, in general, licensees began to
. develop contingency plans late in the Y2K preparation process. Consequently, we concluded 9908240092 990817 I
\\
-.. -..... - nww.-
Honorable J. M. Inhofe that six additional reviews were needed, focused differently and involving licensees other than the previous 12, to determine the effectiveness of licensee contingency planning. These reviews, which were completed in June 1999, focused on the licensees' approach to addressing both internal and external Y2K risks to safe plant operations. To gain additional confidence that nuclear power plant licensees were effectively implementing Y2K readiness programs, NRC regional staff reviewed plant-specific Y2K program implementation activities at all 103 NRC-licensed commercial nuclear power plant facilities. These inspection activities were completed between April and June 1999 and provided an independent assessment of licensee Y2K readiness programs which is documented in the enclosed NRC staff report.
Wdh respect to the NIRS' petition for a rule requiring a special emergency preparedness exercise at nuclear power plants to test the capability to cope with Y2K-induced failures, the NRC finds that emergency preparedness exercises routinely assume problems and equipment failures, in order to test the capability cf the onsite and offsite organizations to cope with such problems. Furthermore, licensees have prepared Y2K contingency plans with respect to emergency. preparedness implementation. The NRC audits and inspections included the implementation of these contingency plans. Accordingly, the NRC does not believe that NIRS' proposed rule is necessary to provide reasonable assurance of emergency preparedness capabilities at nuclear power plants.
Finally, with respect to the NIRS' petition for a rule requiring an alternative source of emergency power, the NRC has determined that sufficient redundant backup power sources are currently present at nuclear power plant facilities because of existing requirements with respect to loss of offsite power and station blackout. Redundant power sources are not necessary at other facilities which are the subject of NIRS' petition, either because such power is not required to shutdown and maintain the plants in a safe condition, or because adequate measures are already in place to address loss of power (primarily related to security and safeguards).
Sincerely,
$J A1 Dennis K. Rathbun, Director Office of Congressional Affairs
Enclosures:
1.
- FederalRegister Notice 50-65
- 2.
FedereiRegisterNotice 50-66
' 3.
FederalRegister Notice 50 4.
Preliminary Report on Nuclear Power Plant Year 2000 Readiness cc w/ encl: Senator Bob Graham 4
y uty j
k UNITED STATES f
NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. speeHoot k.m v
August 17,.1999 The Honorable Joe L. Barton, Chairman
- Subcommittee on Energy and Power Committee on Commerce United States House of Representatives
. Washington, DC 20515
Dear Mr. Chairman:
The U.S. Nuclear Regulatory Commission (NRC) has sent the enclosed Federa/ Register notices to the Office of the Feders/ Register for publication. With this action, the NRC denies
. three related petitions for rulemaking submitted by the Nuclear Information and Resource Service (NIRS). The petitioner, NIRS, requested that the Commission amend its regulations to require that nuclear facilities be shut down if they are not compliant with Y2K issues
_ (PRM-50-65). The additional two related petitions would require nuclear power plant and major fuel cycle facilities to develop and implement adequate contingency plans and conduct emergency planning exercises to address potential system failures (PRM-50-66) and to provide reliable back-up sources of power for nuclear facilities (PRM-50-67).
With respect to NIRS' petition for a rule requiring shutdown of nuclear facilities that are not Y2K compliant, the Commission finds that licensees are taking action to identify and address Y2K problems. The NRC has required licensees to provide information describing their activities for addressing Y2K issues, and to provide information by July 1,1999 that describes -
the status of their work. The NRC has received reports from all 103 operating nuclear power.
plant units. All nuclear power plants reported that no remaining Y2K-related problems exist that could directly affect the performance of safety systems or the capability for safe shutdown.
Seventy-three units have also indicated that their computer systems supporting safe plant
' operation are "Y2K ready." The remaining 30 units reported that they have additional work to complete on a few non-safety computer systems or devices to be fully Y2K ready and provided schedules for completing the work. None of the remaining work affects the ability of a plant to shutdown safely, if needed. As part of its oversight, the NRC audited and inspected the implementation of licensees' Y2K activities and will continue with follow-up where necessary.
If, by September 30,1999, it appears that Y2K readiness activities will not be completed in advance of the December 31,1999 transition, the NRC will take appropriate regulatory action, including issuance of orders, if warranted. Accordingly, the NRC concludes that NIRS' proposed rule is not necessary to provide reasonable assurance of adequate protection to public health and safety in the event of any Y2K-induced problems.
The NRC oversight activity to audit, on a sample basis, the plant-specific Y2K programs at 12 nuclear power plant sites included a variety of plants of different ages, types, and locations, to provide an effective evaluation of Y2K readiness program implementation. These audits were completed in January 1999. The audit results indicated that, in general, licensees began to develop contingency plans late in the Y2K preparation process. Consequently, we concluded
' that six additional reviews were needed, focused differently and involving licensees other than 1
, y. f.,, m,. a,.... c.,
,s_..
x,
' Honorable J. L. Barton the previous 12, to determine the effectiveness of licensee contingency planning. These reviews, which were completed in June 1999, focused on the licensees' approach to addressing both internal and extemal Y2K risks to safe plant operations.' To gain additional confidence that nuclear power plant licensees were effectively implementing Y2K readiness programs, NRC I
regional staff reviewed plant-specific Y2K program implementation activities at all 103 NRC-
. licensed commercial nuclear power plant facilities. These inspection activities were completed between April and June 1999 and provided an independent assessment of licensee Y2K readiness programs which is documented in the enclosed NRC staff report.
. Wdh respect to the NIRS' petition for a rule requiring a special emergency preparedness exercise at nuclear power plants to test the capability to cope with Y2K-induced failures, the NRC finds that emergency preparedness exercises routinely assume problems and equipment
. failures, in order to test the capability of the onsite and offsite organizations to cope with such problems. Furthermore, licensees have prepared Y2K contingency plans with respect to emergency preparedness implementation. The NRC audits and inspections included the implementation of these contingency plans. Accordingly, the NRC does not believe that NIRS' proposed rule is necessary to provide reasonable assurance of emergency preparedness capabilities at nuclear power plants.
Finally, with respect to the NIRS' petition for a rule requiring an attemative source of emergency power, the NRC has determined that sufficient redundant backup power sources are currently present at nuclear power plant facilities because of existing requirements with respect to loss of
' offsite power and station blackout. Redundant power sources are not necessary at other facilities which are the subject of NIRS' petition, either because such power is not required to shutdown and maintain the plants in a safe condition, or because adequate measures are
- already in place to address loss of power (primarily related to security and safeguaids).
Sincerely, Dennis K. Rathbun, Director Office of Congressional Affairs
Enclosures:
1, FederalRegister Notice 50-65 2.
FederalRegister Notice 50-66 3.
FederalRegister Notice 50-67 4.
Preliminary Report on Nuclear Power Plant Year 2000 Readiness cc w/ encl: Representative Ralph M. Hall J
I 4
t
[
,pa %
p UNITED STATES l
g j
NUCLEAR REGULATORY COMMISSION f
2 WASHINGTON, D.C. 20666 0001
.....l l
l August 17, 1999 The Honorable Steve Hom, Chairman Subcommittee on Govemment Management, Information and Technology Committee on Govemment Reform B-373 Raybum House Office Building Washington, DC 20515 l
Dear Mr. Chairman:
The U.S. Nuclear Regulotory Commission (NRC) has sent the enclosed FederalRegister notices to the Office of the Federa/ Registerfor publication. With this action, the NRC denies three related petitions for ruiemaking submitted by the Nuclear Information and Resource Service (NIRS). The petitioner, NIRS, requested that the Commission amend its regulations to require that nuclear facilities be shut down if they are not compliant with Y2K issues (PRM-50-65). The additional two related petitions would require nuclear power plant and major fuel cycle facilities to develop and implement adequate contingency plans and conduct emergency planning exercises to address potential system failures (PRM-50-66) and to provide reliable back-up sources of power for nuclear facilities (PRM-50 67).
With respect to NIRS' petition for a rule requiring shutdown of nuclear facilities that are not Y2K compliant, the Commission finds that licensees are taking action to identify and address Y2K problems. The NRC has required licensees to provide information describing their activities for addressing Y2K issues, and to provide information by July 1,1999 that describes the status of their work. The NRC has received reports from all 103 operating nuclear power plant units. All nuclear power plants reported that no remaining Y2K-related problems exist that could directly affect the performance of safety systems or the capability for safe shutdown.
Seventy-three units have also indicated that their computer systems supporting safe plant operation are *Y2K ready." The remaining 30 units reported that they have additional work to complete on a few non-safety computer systems or devices to be fully Y2K ready and provided schedules for completing the work. None of the remaining work affects the ability of a plant to shutdown safely,if needed. As part of its oversight, the NRC audited and inspected the implementation of licensees' Y2K activities and will continue with follow-up where necessary.
If, by September 30,1999, it appears that Y2K readiness activities will not be completed in advance of the December 31,1999 transition, the NRC will take appropriate regulatory action, j
including issuance of orders, if warranted. Accordingly, the NRC concludes that NIRS' proposed rule is not necessary to provide reasonable assurance of adequate protection to public health and safety in the event of any Y2K-induced problems.
The NRC oversight activity to audit, on a sample basis, the plant-specific Y2K programs at 12 l
nuclear power plant sites included a variety of plants of different ages, types, and locations, to provide an effective evaluation of Y2K readiness program implementation. These audits were completed in January 1999. The audit results indicated that, in general, licensees began to develop contingency plans late in the Y2K preparation process. Consequently, we concluded I
L l
l
. Honorable S. Hom. l l
that six additional reviews were needed, focused differently and involving licensees other than the previous 12, to determine the effectiveness of licensee contingency planning. These reviews, which were completed in June 1999, focused on the licensees' approach to addressing both intemal and extemal Y2K risks to safe plant operations. To gain additional confidence that nuclear power plant licensees were effectively implementing Y2K readiness programs, NRC
. regional staff reviewed plant-specific Y2K program implementation activities at all 103 NRC-licensed commercial nuclear power plant facilities. These inspection activities were completed between April and June 1999 and provided an independent assessment of licensee Y2K readiness programs which is documented in the enclosed NRC staff report.
Wdh respect to the NIRS' petition for a rule requiring a special emergency preparedness exercise at nuclear power plants to test the capability to cope with Y2K-induced failures, the NRC finds that emergency preparedness exercises routinely assume problems and equipment failures, in order to test the capability of the onsite and offsite organizations to cope with such problems. Furthermore, licensees have prepared Y2K contingency plans with respect to emergency preparedness implementation. The NRC audits and inspections included the implementation of these contingency plans. Accordingly, the NRC does not believe that NIRS' proposed rule is necessary to provide reasonable assurance of emergency preparedness capabilities at nuclear power plants.
Finally, with respect to the NIRS' petition for a rule requiring an attemative source of emergency power, the NRC has determined that sufficient redundant backup power sources are currently present at nuclear power plant facilities because of existing requirements with respect to loss of offsite power and station blackout. Redundant power sources are not necessary at other facilities which are the subject of NIRS' petition, either because such power is not required to snutdown and maintain the plants in a safe condition, or because adequate measures are already in place to address loss of power (primarily related to security and safeguards).
Sincerely,
)
A -f f
s Dennis K. Rathbun, Director Office of Congressional Affairs
' Enclosures.
1.
. FederalRegister Notice 50-65 i
. 2.
FederalRegister Notice 50-66 3.
FederalRegister Notice 50-67 4.
Preliminary Report on Nuclear Power Plant Year 2000 Readiness cc w/ encl: Representative Jim Tumer.
f.
\\
f *h p~
1 UNITED STATES y
NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 30006 0001
.g.
' August 17, 1999 The Honorable Robert F. Bennett, Chairman Special Committee on the Year 2000 Technology Problem Senate Dirksen Building-40, Suite 3 Washington, DC 20510
Dear Mr. Chairman:
l The U.S. Nuclear Regulatory Commission (NRC) has sent the enclosed Federal Register notices to the Office of the FederalRegisterfor publication. With this action, the NRC denies
!~
three related petitions for rulemaking submitted by the Nuclear Information and Resource Service (NIRS). The petitioner, NIRS, requested that the Cornmission amend its regulations to L
require that nuclear facilities be shut down if they are not compliant with Y2K issues (PRM !
_ 65). The additional two related petitions would require nuclear power plant and major fuel cycle facilities to develop and implement adequate contingency plans and conduct emergency planning exercises to address potential system failures (PRM-50-66) and to provide reliable L
back-up sources of power for nuclear facilities (PRM-50-67).
With respect to NIRS' petition for a rule requiring shutdown of nuclear facilities that are not
. Y2K compliant, the Commission finds that licensees are taking action to identify and address Y2K problems. The NRC has required licensees to provide information describing their activities for addressing Y2K lssues, and to provide information by July 1,1999 that describes
. the status of their work. The NRC has received reports from all 103 operating nuclear power
- plant units. All nuclear power plants reported that no remaining Y2K-related problems exist that could directly affect the performance of safety systems or the capability for safe shutdown.
Seventy-three units have also indicated that their computer systems supporting safe plant operation are *Y2K ready." The remaining 30 units reported that they have additional work to complete'on a few non-safety computer systems or devices to be fully Y2K ready and provided schedules for completing the work. None of the remaining work affects the ability of a plant to j
l shutdown safely, if needed. As part of its oversight, the NRC audited and inspected the l
implementation of licenseesY2K activities and will continue with follow-up where necessary.
l_
if, by September 30,1999, it appears that Y2K readiness activities will not be completed in l-
. advance of the December 31,1999 transition, the NRC will take appropriate regulatory action, including issuance of orders, if warranted. Accordingly, the NRC concludes that NIRS' proposed rule is not necessary to provide reasonable assurance of adequate protection to public health and safety in the event of any_Y2K-induced problems.
The NRC oversight activity to audit, on a sample basis, the plant-specific Y2K programs at 12 nuclear power plant sites included a variety of plants of different ages, types, and locations, to provide an effective evaluation of Y2K readiness program implementation. These audits were
- completed in January 1999. The audit results indicated that, in general, licensees began to develop contingency plans late in the Y2K preparation process. Consequently, we concluded that six additional reviews were needed, focused differently and involving licensees other than the previous 12, to determine the effectiveness of licensee contingency planning. These
((
l f
Honorable R. F. Bennett reviews, which were completed In June 1999, focused on the licensees' approach to addressing both intamal and extemal Y2K risks to safe plant operations. To gain additional confidence that nuclear power plant licensees were effectively implementing Y2K readiness programs, NRC regional staff reviewed plant-specific Y2K program implementation activities at all 103 NRC-licensed commercial nuclear power plant facilities. These inspection activities were completed between April and June 1999 and provided an independent assessment oflicensee Y2K readiness programs which is documented in the enclosed NRC staff report.
L With respect to the NIRS' petition for a rule requinng a special emergency preparedness.
. exercise at nuclear power plants to test the capability to cope with Y2K-induced failures, the NRC finds that emergency preparedness exercises routinely assume problems and equipment j
failures, in order to test the capability of the onsite and offsite organizhtions to cope $vith such problems. Furthermore, licensees have prepared Y2K contingency plans with respect to emergency preparedness implementation. The NRC audits and inspections included the j
implementation of these contingency plans. Accordingly, the NRC does not believe that NIRS' proposed rule is necessary to provide reasonable assurance of emergency preparedness l
capabilities at nuclear power plants.
i l
i Finally, with respect to the NIRS' petition for a rule requiring an atemative source of emergency j
power, the NRC has determined that sufficient redundant backup power sources are currently present at nuclear power plant facilities because of existing requirements with respect to loss of J
offsite power and station blackout. Redundant power sources are not necessary at other L
facilities which are the subject of NIRS' petition, either because such power is not required to shutdown and maintain the plants in a safe condition, or because adequate measures are l
already in place to address loss of power (primarily related to security and safeguards).
i Sincerely, I
l M
Dennis K. Rathbun, Director Office of Congressional Affairs
Enclosures:
1.
FederalRegister Notice 50-65 2.
FederalRegister Notice 50-66 3.
FederalRegister Notice 50-67 4.
Preliminary Report on Nuclear Power Plant Year 2000 Readiness cc w/enet: Senator Christopher J. Dodd, Vice-Chairman j
t l
e
c l.-
l-
[7590-01-P]
NUCLEAR REGULATORY COMMISSION l
10 CFR Parts 30,40,50, and 70
[ Docket No. PRM-50-65)
Nuclear information and Resource Service; Petition for Rulemaking Denial 4
~ AGENCY: Nuclear Regulatory Commission.
\\
f ACTION: Petition for rulemaking; denial.
SUMMARY
- The Nuclear Regulatory Commission (NRC)is denying a petition for rulemaking j
(PRM-50-65) from the Nuclear Information and Resource Service (NIRS). The petitioner requested that NRC amend its regulations to require the shutdown of nuclear facilities that are not compliant with date-sensitive, computer-related issues regarding the Year 2000 (Y2K) issue.
The petitioner requested that NRC take this action to ensure that Y2K issues will not cause the failure of nuclear safety systems and thereby pose a threat to public health and safety. NRC is denying the petition because the Commission has determined that the actions taken by reensees to implement a systematic and structured facility-specific Y2K readiness program and NRC's oversight of the licensees' implementation of these Y2K readiness programs provide i
reasonable assurance of adequate protection to public health and safety.
1 i
ADDRESSES: Copies of the petition for rulemaking, the public comments received, and NRC's letters to the petitioners are available for public inspection or copying in the NRC Public
m Document Room, 2120 L Street, NW. (Lower Level), Washington, DC, as well as on NRC's
~
rulemaking website at http://ruleforum.lini. gov.
- FOR FURTHER INFORMATION CONTACT: Matthew Chiramal, Office of Nuclear Reactor Regulation, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, telephone 301-415-2845, E-mail address <mxc@nrc. gov >, or Gary W. Purdy, Office of Nuclear Material Safety and Safeguards, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, telephone 301-415-7897, E-mail address <gwpi@nrc. gov >.
~
SUPPLEMENTARY INFORMATION:
Background
NRC received three related petitions for rulemaking (PRM-50-65, PRM 50-66, and PRM-1 50-67), each dated December 10,1998, submitted by NIRS concoming various aspects of Y2K issues and nuclear safety. This petition (PRM-50-65) requested that NRC adopt regulations that would require facilities licensed by NRC under 10 CFR Parts 30,40,50, and 70 to be Y2K compliant. The second petition (PRM-50-66) requested that NRC adopt regulations that would require facilities licensed by NRC under 10 CFR Part 50 to develop and implement adequate contingency and emergency plans to address potential system failures. The third petition (PRM-50 67) requested that NRC adopt regulations that would require facilities licensed by NRC under 10 CFR Parts 50 and 70 to provide reliable sources of back-up power. Because of the nature of these petitions and the date-specific issues they address, the petitioner requested that the j
petitions be addressed on an expedited schedule, 2
4
r I
L..
On January 25,1999, NRC published a notice of receipt of a petition for rulemaking in
' the Federa/ Register (64 FR 3789). It was available on NRC's rulemaking website and in the NR.C Public Document Room. The' notice of receipt of a petition for rulemaking invited interested persons to submit comments by February 24,1999.
The Petition The petitioner requested that NRC adopt the following text as a rule:
1 "Any and all facilities licensed by the Nuclear Regulatory Commission under 10 CFR Parts 30,40, 50, and 70 shall be closed by 12 pm Eastem Stahdard Time, i
December 1,1999, unless and until each facility has: (a) fully and comprehensively examined all computer systems, embedded chips, and other electronic equipmero.that may be date-sensitive to ensure that all such systems that may be relevant to safety are Y2K compliant; (b) repaired, modified, and/or replaced all such systems that are not found to be Y2K compliant; (c) made l
available to the public all infonation related to the examination and repair, modification and/or replacement of all such systems; (d) determined, through full-scale testing, that all repairs, modifications, and/or replacements of all such
. systems are, in fact, Y2K compliant."
The petitioner noted that in NRC Generic Letter (GL) 98-01, " Year 2000 Readiness of Computer SyGms at Nuclear Power Plants," dated May 11,1998, th6 NRC has recognized the
- potential for date-related problems that may affect a system or application (the Y2K problem).
- These potential problems include not representing the year properly, not recognizing leap years, 3
i
and improper date calculations. These problems could result in the inability of computer systems j
to operate or to function properiy. The pet boner stated that the Y2K problem could potentially l
interfere with the proper operation of computer systems, microprocessor-based hardware, and software or databases relied on at nuclea'r power plants., Further, the petitioner asserted that the Y2K problem could result in a plant trip and subsequent complications in tracking post-shutdown plant status and recovery as a result of a loss of emergency data collection.
1 Additionally, the petitioner is also concerned that power grids providing offsite power to nuclear stations could be affected to the extent that localized and widespread grid failures could occur.
1
~
~
The 'petitione'r acknowledged that NRC has recognized the potent;al safety and environmental problems that could result if date-sensitive electronic systems fail to operate or
['
provide false information. The petitioner asserted that NRC has required its licensees of reactor and major fuel cycle facilities to report by July 1,1999, on their programs to ensure compliance with Y2K issues. In addition, the petitioner asserted that NRC has not made explicit how it will
- define compliance nor what it plans to do for licensees of facilities that cannot prove compliance.
I in the petitioner's suggested regulatory text, NIRS defined compliance with Y2K issues as i.
evaluation of all potential problems that may be safety-related, repair of all such problems, and full-scale testing of all solutions.- The petitioner's proposed regulation would also require full l
i public disclosure of all evaluation, repair, and testing data so that the information may be examined by independent experts and the public. Finally, the petitioner's proposed regulation would make it clear that nuclear facilities will be closed until they can demonstrate full compliance with Y2K issues.
The petitioner. concluded by stating that NRC is obligated to act decisively to protect public health and safety and the environment. NIRS stated that anything short of the suggested 4
i
i 1
l.
[..
af+iesch in the petition is insufficient to fulfill this obligation and that NRC should adopt the suggested regulation as soon as possible.
Public Comments on the Petition In response to the petition, NRC received 70 comment letters, including i letter signed by 25 individuals from the State of Michigan,3 letters from industry groups,10 letters from utilities,13 letters from private organizations, and 43 letters from private citizens.
i
~
~
Fifty-four letters supported the petition,40 of which were from private citizens,13 were
' from private organizations, and 1 that was signed by 25 individuals. The comments supporting the petition addressed concerns related to avoiding the occurrence of a catastrophic nuclear accident, the reasonableness of the petitioner's request,' and opined that any uncertainty is too great for the nuclearindustry, i
Sixteen letters opposed the petition, of which 3 were from private citizens, 3 were from I
associated industries, and 10 were from utilities. The comments opposing the petition stated that the nuclear power industry has taken a coordinated approach to Y2K readiness, nuclear power plant licensees are implementing a structured Y2K program, NRC Y2K initiatives are e
underway, NRC staff is monitoring licensee activities, and current regulations and license conditions are adequate to address potential Y2K computer issues, in some of the letters supporting the petition, the authors included the following additional comments that provide information or request action that was not contained in the petition.
These comments noted:
5
1.
The date proposed in the petition, December 1,1999, to shut down all non-Y2K compliant nuclear power plants should be moved up 1 to 6 months before the year 2000. The reasons given were to allow sufficient time to shut down and to provide additional safety.
2.
Power grid failure would not allow controlled shutdown of the plant and plants could experience problems like the Russians. The Y2K problem could increase the chance of a core melt.
3.
The problem of " embedded systems," microchips, microprocessors, and such systems-within-systems are difficult to identify and the effects of their multiple failures are poorly understood, especially in the U.S. power grid.
4.
The audits conducted by NRC staff are too few.
These comments are addressed specifically in the discussion of " Reasons for Denial."
Reasons for Denial The NRC is denying the NIRS petition because the NRC h'ss determined that: (1) the actions taken by licensees to implement a systematic and structured facility-specific Y2K readiness program; and (2) NRC's oversight of licensees' implementation of these Y2K readiness programs together constitute an effective process for addressing Y2K issues such that there will continue to be reasonable assurance of adequate protection of public health and safety. NIRS has not presented any information (and no public comments have been received) 6 i
i
,,r
r
]
that demonstrates that: (1) the licensees' activities are fundamentally incapable of effectively g,
. :-f-E ::! g Y2K issues in a timely fashion; (2) licensees are not adequately implementing the Y2K readiness programs; (3) NRC's inspechon, audit, and oversight activities are fundamentally incapable of providing adequate regulatory control with respect to licensee implementation of Y2K readiness programs; and (4) the NRC is not effectively implementing its inspection, audit,
(
- and oversight activities with respect to Y2K issues. Finally, NIRS has not provided say basi.,
l why the NRC's current regulatory approach, which retains the regulatory authority to order licensees to discontinue or modify their licensed activities if the NRC finds that reasonable assurance of adequate protection to public health and safety will not be provided because of Y2K issues, will be inadequate in view of the 6-month time period between July 1,1999, when
~
licensees are required to inform the NRC of the status of their Y2K remediation activities and the l
December 31,1999, date, when Y2K-induced problems are most likely to begin occurring.
t i
Parts (a), (b), and (d) of the NIRS proposed rule are addressed below in Sections I,11, Ill, IV, and V for Part 50 operating nuclear power plants, Part 50 non-power reactors, Part 50 decommissioning nuclear power plants, major licensees under Parts 40 and 70, and Part 30 and I
minor Parts 40 and 70 licensees, respectively. Part (c) of NIRS' proposed rule, conceming public access to Y2K Information, is addressed for all types of licensees in Section VI.
j l
l.
Part 50 Operating Nuclear Power Plant Licensees A.
Industry and NRC Activities Addressing Y2K I
To alert nuclear facility. licensees to the Y2K problem, NRC issued Information Notice (IN) 96-70, " Year 2000 Effect on Computer Systern Software," on December 24,1996. IN 96-70 7
l --
desenbod the potential problems that nuclear power plant computer systems and software may encounter as a result of the change to the new century and how the Y2K issue may affect NRC licensees. IN 96-70 encouraged licensees to examine trair uses of computer systems and software well before the year 2000 and suggested that licensees consider appropnate actions for examining and evaluating their computer systems for Y2K vulnerabilities.
In 1997, the nuclear industry began to assess the Y2K challenge and work with key Federal agencies to help nuclear power plant operators prepare for continued safe operations at the start of the year 2000. In July 1997, the Nuclear Utilities Software Management Group (NUSMG), a nuclear industry working group, conducted the first industry-wide workshop on Y2K readiness.
I in October 1997, the Nuclear Energy Institute (NEl) and NUSMG issued a Y2K program plan guidance document, NEl/NUSMG 97-07, " Nuclear Utility Year 2000 Readiness," to all U.S.
nuclear power plant licensees. This document provides a step-by-step method to identify, test, and repair potential Y2K computer problems and contains detailed procedures and checklists for resolving Y2K issues, based on the best utility practices.
NEl/NUSMG 97-07 presented a strategy for developing and implementing a nuclear utility Y2K program. The strategy recognizes management, implementation, quality assurance
. (QA) measures, regulatory considerations, and documentation as the fundamental elements of a successful Y2K project. The document contains examples currently in use by licensees and also recommends that the Y2K program be administered using standard project management techniques. The recommended components for management planning are management awareness, sponsorship, project leadership, project objectives, the project management team, 8
4 kg.
i --
(
the management plan, p oject reports, interfaces, resources, oversight, and QA. The suggested phases of implementation are awareness, initial assessnwt (which includes inventory, categorization, classification, prioritization, and analysis of initial ast,essment), detailed assessment (including vendor evaluation, utility-owned or utility-supported software evaluation, interface evaluation, and remedial planning), remediation, Y2K testing and validation, and notification.
I Y2K testing is used both as an investigative tool to examine systems and components to identify Y2K problems and as a validation tool to confirm that the corrective actions have eliminated the Y2K problem. Y2K testing in support of evaluation efforts to determine whether a Y2K problem is present is performed during detailed assessments. Systems and components wil! then be repaired or replaced in a process known as "remediation." Y2K testing subsequent i
to remediation is performed to determine whether the remediation efforts have eliminated the Y2K problem and no unintended functions are introduced. Y2K testing may be performed at severallevels:
l Unit testing, which focuses on functional and compliance testing of a single I
application or software module; 1
Integration testing, which tests the integration of related software modules and applications; and l
l System testing, which tests the hardware and software components of a system.
l t
9 Li
l,,
For systems, components, and equipment classified as safety-related or critical to operations, the Y2K remediation activities include Y2K testing. On one end of the spectrum, there are the stand-alone, date-aware, microprocessor-based components that do not
. communicate digital information to any other devices. Property performed bench testing of these devices, by the licensee or the vendor, coupled with software /firmware revision-level
~
verification of the field devices as required, is adequate to establish their Y2K status. Repeating this test in the field as part of a plant-wide integrated test will not add any additional benefds related to system Y2K readiness. On the other end of the spectrum, the most highly complex systems, such as distributed control systems, may require in-plant testing of the remediated
~
~
system. This testing may include a large portion of the plant equipment. However, even in this case, the maximum bounds of the test would involve the individual system being tested and the other devices and systems with which it communicates digital /date-related information.
NEl/NUSMG 97-07 specifies the QA measures that will apply to the activities in j
NEl/NUSMG 97-07 that apply primarily to project management and implementation.
Documentation of Y2K program activities and results includes documentation requirements, i
project management documentation, vendor documentation, inventory lists, checklists for initial and detailed assessments, and record retention. NEl/NUSMG 97-07 also contains examples of.
vanous plans and checklists as appendices that may be used or modified to meet the licensee's specific needs and/or requirements.
i After issuing NEl/NUSMG 97-07, NEl conducted workshops and other means of sharing l
the eneriences on the use of the document. In November 1997, NEl and NUSMG conducted the first in a series of industry-wide workshops on Y2K issues for ' roject' managers in charge of p
ensuring Y2K readiness at all operating nu:: lear power plants. In December 1997, NEl created 10 L...
an on-line bulletin board to share technicalinformation and experiences related to testing and repairing computers and equipment.
In January 1998, the NRC issued a draft generic letter for public comment which proposed. (1) that licensees of operating nuclear power plants be required to provide certain infor,mation regarding their programs that address the Y2K problem in computer systems at their facilities; and (2) to endorse the guidance in NEl/NUSMG 97-07 as one possible approach in implementing a plant specific Y2K readiness program, if augmented in the area of risk management,' contingency planning, and remediation of embedded systems [Federa/ Register (63 FR 4498)]. In the absence of adverse comment on the adequacy of the guidance in
' NEl/NUSMG 97-07, the NRC issued GL 98-01 on May 11,1998 [FederalRegister(63 FR
['
27607)). In August 1998, NEl issued an industry document, NEl/NUSMG 98-07,
- Nuclear Utility Year 2000 Readiness Contingency Planning," that provided additional guidance for establishing a plant-specific contingency planning process. NEl/NUSMG 98-07 addressed management controls, preparation of individual contingency plans, and development of an integrated contingency plan that allows the licensee to manage intemal and external risks associated with Y2K-induced events. External events that should be considered for facility-specific contingency planning include electric grid / transmission / distribution system events, such as loss of off-site power, gnd instability and voltage fluctuations, load fluctuations and loss of grid control systems; loss of emergency plan equipment and services; loss of essential services; and depletion of consumables. NRC considers the guidance in NEl/NUSMG 98-07, when properly l
l implemented, as an acceptable approach for licensees to mitigate and manage Y2K-induced events that could occur on Y2K-critical dates. In GL 98-01, NRC required all operating nuclear power plant licensees to submit written responses regarding their facility-specific Y2K readiness program in order to confirm that they are addressing the Y2K problem effectively. Alllicensees 11 L
i
p
' have responded to GL 98-01, stating that they have adopted a plant-specific Y2K readiness program based on the guidance of NEl/NUSMG 97-07, and the scope of the program includes identifying and, where appropriate, remediating, embedded systems, and provides for risk management and the development of contingency plans.
GL 98-01' also requests a written response, no later than July 1,1999, confirming that these facilities are Y2K ready with regard to compliance with the terms and conditions of thsir l
bcense and NRC regulations. Licensees that are not Y2K ready by July 1,1999, must provide a status report and schedule for the remaining work to ensure timely Y2K readiness. By July 1, 1999, all licensees responded to GL 98-01, Supplement 1. The responses indicated that 68 I
~
plants are Y2K ready and 35 plants need to complete work on a few non-safety computer l
systems or devices after July 1,1999 to be Y2K ready.
i As part of its oversight of licensee Y2K activities, NRC staff conducted sample audits of 12 plant-specific Y2K readiness programs. The objectives of the audits were to -
Assess the effe'ctiveness of licensees' programs for achieving Y2K readiness and in addressing compliance with the terms and conditions of their license and NRC regulations and continued safe operation.
l 1
'On January 14,1999, NRC issued GL 98-01, Supplement 1, " Year 2000 Readiness of l
Computer Systems at Nuclear Power Plants," which provided licensees with a voluntary l
altemate response to that required by GL 98-01. The alternate response, also due by July 1,
' 1999, should provide information on the overall Y2K readiness of the plant, including those systems necessary for continued plant operation that are not covered by the terms and j
conditions of the license and NRC regulations.-
j 12
?
L
i Evaluate program implementation activities to ensure that licensees are on l.,,
schedule to achieve Y2K readiness in accordance with GL 98-01 guidelines.
Assess licensees
- contingency planning for addressing risks associated with events resulting from Y2K problems.
The NRC determined that this approach was an appropriate means of oversight of licensee Y2K readiness efforts because: (1) alllicensees had committed to the nuclear power industry Y2K readiness guidance (NEl/NUSMG 97-07) in their first response to NRC GL 98-01; and (2) the audit would verify that licensees were effectively implementing the guidelines. The audit sample of 12 licensees included large utilities such as Commonweath Edison and
. o..
Tennessee Valley Authority as well as small single-unit licensees such as North Atlantic Energy (Seabrook) and Wolf Creek Nuclear Operating Corporation. The NRC staff selected a variety of types of plants of different ages and locations in this sample in order to obtain the necessary assurance that nuclear power industry Y2K readiness programs are being effectively implemented and that licensees are on schedule to meet the readiness target date of July 1, l
1999, established in GL 98-01. Also, NRC staff had not identified any Y2K problems in safety-related actuation systems as part of its audit activities, t
In late January 1999, the NRC staff completed the 12 audits. At the conclusion of the audits, the NRC staff had the following observations:
l Plant-specific Y2K projects based on NEl/NUSMG 97-07 began in mid to late
]
1997. Use of NEl/NUSMG 97-07 guidance results in an effective, structured i
program. The programs are generally on schedule for plants to be Y2K ready by i
13 l
l l.-
July 1,1999. However, at some plants the licensees have scheduled some remediation, testing, and final certification for the fall 1,999 outage.
- Management oversight is vital for program effectiveness.
Sharing information through owners groups, utility alliances, the Electric Power Research Institute, and NEl is aiding the overall nuclear industry effort.
Independent audits and peer reviews of programs are very useful.
Safety system functions are usually not affected. There is limited computer use in safety-related systems and components.
Failures identified in embedded devices have generally not affected the functions performed but have led to errors such as incorrect dates in printouts, logs, or -
displays.
Central control of Y2K program activities, effective QA (including the use of existing plant procedures and controls), and independent peer reviews promote consistency across activities and improve the program.
On the basis of these audit observations, the NRC staff concluded that the audited licensees are effectively addressing Y2K issues and are undertaking the actions necessary to achieve Y2K readiness in accordance with the GL 98-01 target date, although some plants will have some remediation, testing, and final certification scheduled for the fall 1999 outage. The 14 L
L
-. NRC sis # did not identify any issues that would prevent these licensees from achieving Y2K readiness.
Licensee Y2K contingency planning e# orts had not progressed far enough during the E
original 12 audits for a complete NRC staff review of the adequacy of implementation of the Y2K l
ectivities. Therefore, the NRC staff audited the contingency planning e# orts of six licensees dl#erent from the 12 included in the initial sample Y2K readiness audits. These audits focused on the licensee's approach to addressing both intomal and extemal Y2K risks to safe plant operations based on the guidance in NEl/NUSMG 98-07. These audits were completed in June
~-
1999.
f in soonin to NRC staff activities addressed above, NRC regional staff reviewed plant-specific Y2K program implementation activities at all operating nuclear power plants. The regional staff used guidance prepared by NRC Headquarters staff, which conducted the 12 sample audits. These reviews were completed by July 1999. One of the public comments received by NRC in response to the petition indicated that the audits conducted by NRC staff are too few. On the basis of the information above, the NRC staff has reviewed the Y2K programs at all operating nuclear power plants, thereby addressing this comment.
NRC staff will continue its oversight of Y2K issues at nuclear power plants through the remainder of 1999. On the basis of the reviews of the licensee responses to GL 98-01,'
Supplement 1, findings of the additional audits and reviews, and ami additional information, NRC will, by September 1999, determine the need for issuing orders to address Y2K readiness f
issues, including, if warranted,' shutdown of a plant. At this time, NRC believes that all licensees t:
15 l'
L.
l
r i
will be able to operate their plants safely during the transition from 1999 to 2000 and does not believe that significant plant-specific action directed by NRC is likely to be needed As discussed above, GL 98-01 set a date of July 1,1999, for licensees to submit information on their efforts to complete their plant-specific Y2K program. The July 1,1999, date was selected to ensure that there would be adequate time for the Commission to determine what additional regulatory action, if any, would be necessary to ensure that Y2K problems will not threaten adequate protection to public health and safety. Licensees of plants with a projected completion date by September 30,1999, will be monitored to ensure that the schedules are maintained. Completion of plant-specific items identified by licensees in the generic letter responses will be documented in routine NRC inspection reports. The licensees of the plants that are scheduled to be Y2K ready after September 30 will receive additional scrutiny on a case-by-case basis to ensure that no Y2K deficiencies remain. If, by September 30,1999, it appears that Y2K readiness activities will not be completed by December 31,1999 transition such that there is sufficient assurance that all license conditions and relevant NRC regulations2 are met, the NRC will take appropriate regulatory action, including the issuance of orders requiring specific actions, if warranted.
'These regulations are -
10 CFR 50.36, " Technical Specifications," paragraph (c)(3), " Surveillance requirements," and paragraph (c)(5), " Administrative controls."
10 CFR 50.47, " Emergency Plans," paragraph (b)(8).
Appendix B to 10 CFR Part 50, Criterion lil, " Design Control," and Criterion XVil, " Quality Assurance Records."
Appendix E to 10 CFR Part 50, Section VI, " Emergency Response Data System."
Appendix A to 10 CFR Part 50, General Design Criterion (GDC) 13,
- !nstrumentation and Control'; GDC 19,
- Control Room"; and GDC 23,
- Protection System Failure Modes."
16 j..
NIRS presents no information or argument why these above actions by the licensees and the j
inspection, auditing, and oversight activities of the NRC are insufficient to address Y2K problems, such that actions required in NIRS' proposed rule are necessary.
B.
The Need for Y2K " Compliance," as Opposed to
- Readiness" l-NIRS' proposed rule would require that nuclear power plants be shut down by December 1,1999, unless licensees demonstrate that Y2K compliance has been achieved. However, NIRS has not explained why "Y2K compliance," as opposed to "Y2K readiness," is necessary.
~ '
'Y2K compliant" is generally understood as referring to computer systems or applications that 1
,' accurately process date/ time data (including but not limited to calculating, comparing, and sequencing) from, into, and between the 20th and 21st centuries, the years 1999 and 2000, and leap-year calculations. "Y2K ready" is generally understood as referring to a computer system or application that has been determined to be suitable for continued use into the year 2000 even though the computer system or application is not fully Y2K compliant. For "Y2K ready" systems, licensees may have to rely upon work arounds and other activities to ensure that the systems, components, and equipment function as intended. Prudence might lead to Y2K compliance as an objective for remedial activities in order to reduce licensee costs of implementing j
workarounds and other activities in the interim until full Y2K compliance is achieved. However, protection of public health and safety does not necessitate establishment of Y2K compliance as a regulatory requirement, and failure to achieve compliance should not require plant shutdown, so long as Y2K readiness is achieved. Accordingly, the NRC does not believe that a rule that I.
requires Y2K compliance, or Y2K readiness, is appropriate or necessary for ensuring reasonable assurance of adequate protection at nuclear power plants after December 1,1999.
17
~
L.,-
C.
Limited Susceptibility of Nuclear Power Plant Systems to Y2K Problems NRC audits' and reviews indicate that most nuclear power plant systems necessary for shutting down the reactor and maintaining it in a safe shutdown condition are not susceptible to
.Y2K problems..The majority of commercial nuclear power plants have protection systems that are analog rather than digital. Because Y2K concems are associated with digital systems, analog reactor protection system functions are not affected by the Y2K issue. Errors such as incorrect dates in printouts, logs, or displays have been identified by licensees in safety-related devices, but the errors do not affect the functions performed by the devices or systems. Most
~
Y2K issues are in balance-of-plant and other systems that have no direct functions necessary for safe operation of the reactor, With respect to safety systems using digital electronics that are necessary for performing safe-shutdown and maintaining the reactor in a safe shutdown condition, licensees are undertaking the NEl/NUSMG 97-07 and NEl/NUSMG 98-07 processes described above for addressing Y2K ' problems. ' With respect to balance-of-plant systems, licensees implementing their plant-specific Y2K program are classifying important balance-of-plant and other non-safety-related systems (such as those_that support continued plant operations, provide information and l
aid to the plant operators like sequence-of-events monitoring for tracking post-shutdown status l
of plants, and whose failure could lead to a plant transient or trip) as " mission-critical" or "high.'
Systems and equipment classified as mission-critical or high, when found to be Y2K susceptiole
. during the assessment stage of the Y2K program, are also scheduled to be remediated similar
.to safety-related systems.
t.
18 7
m kh
h E,.
. in sum, the NRC believes that the actual scope of plant systems necessary to provide reasonable assurance of adequate protection to public heath and safety, which are potentially susceptible to Y2K problems, is relatively limited and that the licensees' current activities are suNicient to ensure that Y2K problems will not adversely a#ect safety-related or balance-of-plant systems.
D..
Public Comments.
One public comment in support of t'he NIRS petition stated that embedded chips are di#icult to identify and the eNects of their failures are poorly understood, especially in the U.S.
power grid. When the NRC sta# was developing GL 98-01, it recognized that embedded
' systems pose a potential Y2K problem that must be recognized and addressed in any successful Y2K effort. Accordingly, GL 98-01 informed licensees that Y2K programs should be augmented to address remediation of embedded systems. Licensees have stated in their -
responses to the generic letter that embedded systems are being addressed in their Y2K
. programs, and these statements have been confirmed by NRC audits to date. NRC understands that the electric utilities providing power to the grid have similar efforts underway Lthat are being monitored by the North American Electric Reliability Council.
One public comment in support of the petition indicated that the rule should require'
. nuclear power plants to shut down 6 months before the end of the 1999 to allow a safe period of time to shut down the plant. The NRC does not agree that it takes 6 months to safely shut down a plant. Under normal conditions, it takes several hours to safely shut down a nuclear power plant by reducing reactor power gradually. However, in an emergency, the reactor can be shut down safely within seconds, either automatically or manually. The reactor will be shut down 19 4
' automatically by the reactor protection system upon the sensing of an unusual condition.
Moreover, the operator always has the capability to manually shut down the reactor using the
. reactor protection system. Accordingly, the NRC does not agree that it is necessary to shut down nuclear power plants 6 months before the end of 1999 in order to ensure a safe shutdown of the plants.
. A commenter in favor of the petition stated that the Y2K problem could increase the chance of a meltdown. However, the commenter did not provide any basis for this assertion.
The NRC disagrees with the commenter. Safety functions performed by the reactor protection
~ '
system for shutting down the reactor and by the engineered safety features actuation for
, ' mitigating accidents, cooling down the reactor, and providing emergency power to safety systems upon a loss of offsite power are not affected by the Y2K problem. Although there is some concem that the reliability of the offsite power sources may be lower during the Y2K transition, if a loss of offsite power were to occur because of Y2K, the plant would trip
. automatically because all nuclear plants are designed for such an event. The emergency onsite power supply system would provide power to the safety system equipment automatically. This sequence of events is not affected by the Y2K problem because all these safety systems do not rely upr,1 computer-operated systems or components that are date-sensitive. For these
. reasons, the NRC disagrees that a Y2K problem could increase the probability of a core melt accident at a nuclear power plant.
One public comment in support of the petition indicated that the audits conducted by l
NRC staff are too few. The NRC has responded to this comment in section I.A.
V 20 I
I l
E.
Summary The NRC believes that lioeneses' Y2K activities and programs, considered together with NRC oversight activities, provide a reasonable approach for ensuring that Y2K problems will not pose an unreasonable threat to pubic health and safety. NIRS has not explained why this regulatory approach will not provide reasonable assurance of adequate protection from any potential Y2K-initiated problems at operating nuclear power plants, such that the rule proposed by NIRS is necessary.
II.
Part 50 Non-Power Reactor 1.icens193 NRC used several methods to inform all non-power reactor (NPR) licerisees of the need to ensure that their facilities are ready for the year 2000. In 1996, NRC staff contacted all NPR I
licensees informing them of a potential for problems in systems either controlling or supporting the reactor because of Y2K issues. In December 1996, NRC issued IN 96-70 to alert nuclear facility licensees to the Y2K problem. IN 96-70 described the r tential problems that nuclear power plant computer systems and software may encounter as a result of the change to the new 1
century and how the Y2K issue may affect NRC licensees. IN 96-70 encouraged all licensees to examine their uses of computer s'ystems and software well before the year 2000. IN 96-70 also suggested that licensees consider appropriate actions for examining and evaluating their computer systems for Y2K vulnerabilities.
)
NRC also coordinated with the Organization of Test, Research and Training Reactors l
I (TRTR) to distribute information about the Y2K problem through TRTR newsletters. These newsletters were distributed to all members of the organization to focus attention on the Y2K 21 l
i i
U
problem and related ongoing activities. The staff at all 37 licensees with operating reactors receive copies of the TRTR newsletter. The TRTR newsletters articles included "Concems about the Millennium," February 1997; " Year 2000 Concems," February 1998; "NRC Response on Year 2000," May 1998; *More on the Y2K issue,' August 1998; and "Another Y2000 Notice,"
November 1998. NRC staff has confirmed through several telephone conversations and discussions during inspections that alllicensees of operating reactors are aware of the Y2K concems and have ongoing actions to be Y2K ready by the end of the year or sooner.
Since 1998, while conducting inspections of NPR facilities, the NRO staff is also verifying that licensees are addressing the Y2K problem with regard to reactor safety. NRC staff has inspected about 50 percent of the operating reactors and intends to complete the inspections of all operating NPRs by October 1999. These inspections will verify that the licensees have programs to deal with Y2K and that all digital safety equipment at these facilities are considered in the program. Moreover, most institutions that operate the NPRs have their own Y2K programs that include the NPRs.
i The safety systems at most operating reactors are analog systems that are not affected by the Y2K problem. Several operating reactors have digital safety equipment that provides instrument indication to the facility operator that is part of the licensee's Y2K program. Also, seven of these reactors have digital reactor protection system functions also considered in the licensee's Y2K program. These systems operate in parallel with the analog reactor protection systems, which are not affected by Y2K. Also, the digital systems initiate reactor scrams in case of a malfunction in the digital equipment. The analog systems generally provide the required reactor safety functions. The analog systems are independe'nt of the digital equipment and have
. built-in redundancy to ensure that the reactor scrams. The power levels of these reactors are 22
V p
j low (up to a maximum of 2 MWt) and many of them operate at low temperatures in relatively L
large pools of water. The only safety function that is generally required is for the reactor to i
scram. Thus,' the Y2K concem poses very low risk. NIRS does not explain why the licensees' Y2K program activities and NRC's oversight of the licensees' implementation of the programs are inadequate such that the rule proposed by NIRS is necessary to provide reasonable assurance of adequate protection.
Ill.
Part 50 Decommissioning Huclear Power Plant Licensees The suggested rule language in the petition would require that all facilities not compliant
, ' with Y2K issues be shut down by December 1,1999. Nuclear power plants that are permanently shutdown with fuel removed from the reactor core would, therefore, not be subject to the rule as proposed by NIRS. However, since the purpose of the proposed rule appears to be directed to ensuring that Y2K problems at all nuclear power plants - both operating and decommissioning - will not pose a threat to public health and safety, the following discussion on the activities for addressing the Y2K problem at decommissioning nuclear power plants is provided.
There are two potential radiological health and safety concems with respect to Y2K j
problems at decommissioning plants: (1) spent fuel storage, including site security; and (2) the actual conduct of dismantlement and decommissioning activities. Of greater concem is the spent fuel storage. The concems in this area relate to providing sufficient cooling to the spent fuel and providing sufficient security against diversion and sabotage of the spent fuel. There are 21 deco.mmissioning nuclear power plants that have been shut down more than a year,6 of
'which have had spent fuel removed from the site. Accordingly, there are only 15 23
I l.
i,.
decommissioning nuclear power plants where spent fuel storage is of concem. Although licensees for all of these facilities are implementing Y2K programs, it is unlikely that Y2K problems would pose a significant problem to providing sufficient spent fuel cooling. First, electrical and makeup water systems for spent fuel pools are not computer-controlled.
Moreover, even if there was an interruption in electrical power, there is a long time period for the licensee to respond to the problem before integrity of the spent fuel rods becomes an issue because sufficient time is available to take compensatory action before boiling starts. The spent fuel pool is conservatively estimated (based on the Zion units) to begin boiling 68 hours7.87037e-4 days <br />0.0189 hours <br />1.124339e-4 weeks <br />2.5874e-5 months <br /> after loss of the spent fuel pool cooling system. Boiling does not become a concem until the fuel rods
~
. begin to be uncovered by boil-off of cooling water. Since fuel rods are normally covered by 23 '
' ' feet of water (for purposes of shielding), and it would take approximately two weeks or more to begin uncovering the spent fuel rods (assuming that no make-up water is added to the pool), the
. NRC believes that there is sufficient time to recover electrical power and/or provide makeup I
. water to prevent the fuel rods from uncovering The other threat to spent fuel is diversion and sabotage. Licensees of decommissioning reactors are taking steps to ensure that Y2K problems will not disable necessary security and safeguards systems and controls. Licensees with computer-based site security systems that have been identified at potentially Y2K vulnerable have tested the system for Y2K, upgraded the system to be Y2K compliant, or will make the system Y2K compliant before the end of 1999.
l l
With respect to the safety of conducting dismantlement and decommissioning activities,
?
l the NRC does not believe that these activities are subject to Y2K problems that would pose a l
threat to public health and safety because the conduct of these activities in the field do not rely upon computer-controlled devices to ensure protection against radiological dangers.
24 l
e
in sum, licensees of decommissioning nuclear power plants are implementing Y2K activities that address equipment and systems important to safety, such that there is reasonable assurance of adequate protection to public health and safety.
IV.
Maior Parts 40 and 70 Licensees To alert major Parts 40 and 70 licensees of the potential Y2K problem, NRC issued Information Notice (IN) 96-70, ' Year 2000 Effect on Computer System Software," dated December 24,1996. IN 96-70 described the potential Y2K problems, encouraged licensees to
~ examine their uses of computer systems and software well before the year 2000, and suggested that licensees consider appropriate actions to examine and evaluate their computer systems for
~
Y2K vulnerabilities.
In order to gather Y2K information regarding materials and major fuel cycle facilities, NRC formed a Y2K Team within the Office of Nuclear Material Safety and Safeguards (NMSS) in 1997. From September 1997 through December 1997, this NMSS Y2K Team visited a cross-i section of materials licensees and fuel cycle facilities and conducted Y2K interviews. Each licensee or facility visited by the team indicated that they were aware of the Y2K issue and were in various stages of implementing their Y2K readiness program.
On June 22,1998, the NRC staff issued Generic Letter (GL) 98-03, *NMSS Licensees' and Certificate Holders' Year 2000 Readiness Programs." This GL requested major Parts 40 &
70 licensees to submit by September 20,1998, written responses regarding their facility-specific Y2K readiness program in order to confirm that they were addressing the Y2K problem l
effectively. Alllicensees responded to GL 98-03 by stating that they have adopted a facility-25 i
L
U 1
l.
J apecific Y2K readiness program and that the scope of the program included identifying and, where appropnate, remediating, hardware, software, and embedded systems, and provided for risk management and the development of contingency plans.
i GL 98-03 also requested a written response, no later than December 31,1998, which confirmed that these facilities were Y2K ready or provided a status report of work remaining to be done to become Y2K ready, including completion schedules. All licensees provided a second response to GL 98-03, which identified work remaining to be done, including completion schedules. Furthermore, following the second response, NRC requested a third written response, no later than July 1,1999, which would confirm that these facilities are Y2K ready or
~
would provide an updated status report.
l' i
On August 12,1998, IN 98-30, "Effect of the Year 2000 Computer Problem on NRC Licensees and Certificate Holders," provided licensees additional information on the Y2K issue.
IN 98-30 provided definitions of "Y2K ready" and "Y2K compliant," encouraged licensees to contact vendors and test their systems for Y2K problems, and described elements of a Y2K readiness program.
Between September 1997 and October 1998, the major Parts 40 & 70 licensees were also asked Y2K questions during other inspections. Based on these Y2K inspections, the licensees were aware of the Y2K problem and were adequately addressing Y2K issues. There have been no identified risk-significant Y2K concerns for major Parts 40 & 70 licensees.
NIRS' proposed rule would require that licensees be shutdown by December 1,1999, unless licensees demonstrate that "Y2K compliance" has been achieved. However, NIRS has 26 l
r 4
not explained why "Y2K compliance' as opposed to "Y2K readiness" is necessary. NIRS l
asserted that NRC has not made explicit how it will define "Y2K compliance." However, NRC explicitly defined the terms "Y2K ready" and "Y2K compliant' in GL 98-03. "Y2K ready" was 1
\\
defined as a computer system or application that has been determined to be suitable for contmund use into the year 2000, even though the computer system or application is not Y2K comphant. "Y2K compliant" was defined as a computer system or application that accurately processes date/ time data (including, but not limited to, calculating, comparing, and sequencing) from, into, and between the years 1999 and 2000, and beyond, including leap-year calculations.
lE Thus, by definition, systems that are 'Y2K ready" are able to perform their functions properly.
~
~ There is no discemable safety reason why achieving Y2K readiness rather than Y2K compliance should result in facility shutdown. Accordingly, there is no basis for requiring facility shutdown if a licensee cannot demonstrate Y2K compliance.
l N!RS presents no information or argument why those actions by the licensees and NRC desenbod above are insufficient to address Y2K problems and to demonstrate that reasonable l
. assurance of adequate protection will not be provided after December 1,1999, so that facility shutdown is necessary.
i i
l I
V.
Part 30 and_ Minor Parts 40 and 70 Licensees l
To alert Part 30 and minor Parts 40 and 70 licensees, the NRC issued ins 96-70 and 98-l 30, which have been discussed in Section IV, " Major Parts 40 and 70 Licensees."
. In addition to the efforts by the NMSS Y2K Team to gather information regarding materials licensees and major fuel facilities from September through December 1997, discussed 27 l
~
under Sechon IV, NMSS staff also conducted telephone interviews with device manufacturers and distnbutors. Further, NRC determined that few of approximately 5,800 materials licensees use processes or have safety systems that are c'omputer-controlled, thus minimizing potential Y2K impacts. The interviews and site visits confirmed that licensees were identifying and addressing potential Y2K problems.
From the interviews conducted by the NMSS Y2K Team, NRC leamed that early versicms of some treatment planning systems (computer systems for calculating dose to medical j
i patients being treated with radiation or radioactive material) have Y2K problems and that
)
i upgrades for treatment planning systems were available. However, treatment planning systems 1
are regulated by the U.S. Food and Drug Administration (FDA) and not by NRC because the systems do not contain licensed material. NRC has shared information on non-Y2K-compliant treatment planning systems with the FDA. For materials licensees, the NMSS Y2K Team did notidentify any Y2K issues for NRC-regulated material. As a result of the interviews and site visits, NRC's focus has been to determine if any commercially available devices (medical and l
l industrial) have potential Y2K vulnerabilities and to ensure that licensees evaluate self-l
[ developed systems, commercial off-the shelf software and hardware, and safety systems.
i l
j in addition to Y2K interviews, materials inspectors have been instructed to confirm receipt of NRC's information notices, determine whether the licensees have identified any potential problems associated with the Y2K issue, and note any corrective actions taken by the licensees. Through the routine inspection process, NRC has made assessments of the Y2K status of its materials licensees and continues to do so. To date, only the treatment planning systems described above, dose calibrators, and a tote position display for an irradiator have been identified through the inspection process as having Y2K problems. NRC materials 28
1,.
l L
l, inst. actors have indicated that licensees are aware of available upgrades for treatment planning j
systems and dose calibrators.' The irradiator tote position display is not a safety system.
Further, the irradiator tote position display system that had the Y2K problem was a one-of-a-kind
~ modification made by the licensee (the licensee was authorized by NRC to make the modification). The irradiator licensee is updating the tote position display system to eliminate the Y2K problemc No generic Y2K issues for NRC-regulated material used by materials licensees have been identified.
NIRS asserted that NRC has not made explicit what it plans to do about those facilities that cannot prove compliance. As discussed in Section IV,
- Major Parts 40 and 70 Licensees" l
' : stuvo, NIRS has not explained why "Y2K compliance" as opposed to "Y2K readiness" is e.
l.l" necessary.' Furthermore, Y2K readiness is not required for protection of public health and safety for Part 30 and minor Parts 40 and 70 licensees due to the amount and type of licensed l
. material used by them. The risks to the public from these facilities are low, in addition, NRC
' has determined that few of the approximately 5,800 materials licensees use processes or have safety systems that are computer-controlled, thus minimizing potential Y2K impacts.
Accordingly, there is no basis for requiring facHity shutdown if a licensee cannot demonstrate "Y2K compliance."
NIRS presents no information or argument why those actions by the licensees and NRC l
i described above are insufficient to address Y2K problems and to demonstrate that reasonable i
l assurance of adequate protection will not be provided after December 1,1999, so that facility l.
shutdown is necessary.
l 29 j
l'1
E l
VI.
Public Information NIRS requested in item (c) of its petition that NRC adopt regulations that would require that licensees make available to the public by December 1,1999, allinformation related to the examinstion and repair, modification, and/or replacement of all computer systems, embedded chips, and other electronic equipment that may be date-sensitive. NIRS indicated that this rule provision is necessary in order to allow " independent experts' and the public to examine this information.
~
~
The NRC has already made available to the public substantial information on Y2K and the status of licensees' activities to address potential Y2K problems and will continue to make this information public. The audit reports of the NRC staff reviews of the 12 nuclear power plant-
+
specificV2K readiness project activities and documentation are publicly available both in the Public Document Rooms and the NRC Year 2000 Web site. The Y2K readiness information submitted in July 1999 by nuclear power plant licensees under GL 98-01, Supplement 1, is available to the public, as with any other correspondence that is received from licensees. The reports documenting the NRC staff audits of the six nuclear power plant-specific contingency planning activities and the results of the facility-specific Y2K program reviews of all operating nuclear power plants are also available to the public. The NRC inspection reports with Y2K Information from Parts 30,40, and 70 licensees and the licensees' responses to GL 98-03 have been placed in the PDR. Summaries of (1) inspection reports with Y2K information, (2) GL 98-03 responses, and (3) interviews with a cross-section of materials and fuel cycle licensees on Y2K issues are available on the NRC Year 2000 Web site.
30 L
r in view of the information that has been made available and will be made available to the public, NIRS has not provided any basis for requiring licensees, by rule, to provide public access to Y2K information beyond that which the NRC has determined must be submitted to the NRC in furtherance of the NRC's regulatory oversight.
Conclusion -
The rule proposed by NIRS is not needed because the Commission has determined that the activities taken by licensees to implement a systematic and structured facility-specific Y2K
~
~
readiness program, together with the NRC's oversight of the licensees' implementation of these Y2K readiness programs, provide reasonable assurance of adequate protection to public health and safety.
For these reasons, the Commission denies the petition.
. h Dated at Rockville, Maryland, this / 7 day of [
.1999.
/
For the Nuclear Regulatory Commission.
f
~
Andrew L. Bates Acting Secretary of the Commission.
31
[7590-01-P]
NUCLEAR REGUI.ATORY COMMISSION 10 CFR Part 50
[ Docket No. PRM-50-66)
Nuclear Information and Resource Service; Petition for Rulemaking Denial AGENCY: Nuclear Regulatory Commission.
4 ACTION: Petition for rulemaking; denial.
SUMMARY
- The Nuclear Regulatory Commission (NRC)is denying a petition for rulemaking (PRM-50-66) from the Nuclear information and Resource Service (NIRS). The petitioner requested that NRC amend its regulations to require licensees of operating nuclear power plant facilities to conduct a full-scale emergency planning exercise that involves coping with a date-sensitive, computer-related failure resulting from a Year 2000 (Y2K) issue. The petitioner requested that NRC take this action to ensure that licensees of nuclear facilities have developed and can implement adequate contingency and emergency plans to address potential major system failures that may be caused by a Y2K computer problem. NRC is denying the petition because the Commission has determined that the actions taken by the licensees to implement
- systematic and structured Y2K readiness contingency plans for critical Y2K dates in concert with existing required emergency response plans and procedures, and NRC's oversight of the
[
t
- n. -
O g
licensees' implementation of these Y2K readiness contingency plans provide reasonable assurance of adequate protection to public health and safety.
l l'
ADDRESSES: Copies of the petition for rulemaking, the public comments received, and the l
NRC's letters to the petitioners are available for public inspection or copying in the NRC Public Document Room, 2120 L Street, NW. (Lower Level), Washington, DC, as well as NRC's rulemaking web site at http://ruleforum.llnl. gov.
FOR FURTHER INFORMATION CONTACT: Matthew Chiramal, Office of Nuclear Reactor Regulation, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, telephone 301-415-2845, E-mail address mxc@nrc. gov.
SUPPLEMENTARY INFORMATION:
Background
NRC received three related petitions for rulemaking (PRM 50-65, PRM-50-66, and PRM-50-67), each dated December 10,1998, submitted by the NIRS concerning various aspects of Y2K issues and nuclear safety. This petition (PRM-50-66) requested that NRC adopt regulations that would require facilities licensed by NRC under 10 CFR Part 50 to develop and L implement adequate contingency and emergency plans to address potential system failures.
The first petition (PRM-50-65) requested that NRC adopt regulations that would require facilities licensed by NRC under 10 CFR Parts 30,40,50, and 70 to be Y2K compliant. The third petition i
2 l
/
(PRM-50-67) requested that NRC adopt regulations that would require facilities licensed by NRC under 10 CFR Parts 50 and 70 to provide reliable sources of backup power.
Because of the nature of these petitions and the date-specific issues they address, the petitioner requested that the petitions be addressed on an expedited schedule.
On January 25,1999, NRC published a notice of receipt of this petition for rulemaking in the Federa/ Register (64 FR 3791). It was available on the NRC's rulemaking website and NRC Public Document Room. The notice of receipt of petition for rulemaking invited interested persons to submit comments by February 24,1999.
The Petition The petitioner requested that NRC adopt the following text as a rule':
i "Alllicensees subject to 10 CFR Part 50 and Appendix E will conduct a full-scale i
emergency planning t.xercise (as normally required under 10 CFR 50.47) during 1999. This sxercise shallinclude a component that includes failure of one or more computer or other digital systems (this is popularly known as the "Y2K bug")
on January 1,2000, or other relevant date. Licensees that do not conduct, or
~
that fail, this exercise shall close their facilities licensed under this Part by 4
' in preliminary discussion, the petitioner stated, "We also believe that other major fuel cycle facilities should be subject to a similar rule." However, the petitioner provided no supporting reasoning, no regulatory text, and no specific request that NRC adopt such a rule. Therefore, NRC has considered only the specifically requested rule language.
3 4
l
)
o i
December 1,1999, until such time as the licensees have conducted a successful exercise.
NRC shall publish and provide to each licerisee, within 30 days of the date of this rule, a Regulatory Guide that outlines potential emergency exercise scenarios.
NRC shall publish and provide to each licensee, by December 1,1999, a l
Regulatory Guide that desribes the various scenarios that have been undertaken and the successful (and unsuccessful) responses to the problems posed."'
The petitioner stated that although the probability of the occurrence of Y2K-related events that would require emergency response and the implementation of contingency plans is unknown, it would fall within the range of safety matters for which NRC requires emergency planning exercises. Furthermore, the petitioner asserts that addressing Y2K-related problems will require the use of potentially unfamiliar contingency plans, relying on ingenuity to circumvent i
failure of essential communications systems or failure of offsite emergency responders to perform their tasks effectively and coping with issues not normally tested during emergency exercises.
The petitioner considers it prudent to require each licensee to conduct an exercise and that each exercise address a different aspect of the Y2K problem. The petitioner suggested that some exercises should test problems initiated by Y2K-related failures and that others should test problems exacerbated by Y2K-related failures. The petitioner believes that this approach would 4
4
c provide some familiarity with the possible range of issues that could develop and create an overall industry capability to effectively address potential Y2K problems.
L Under the petitioner's suggested regulation, the licensees would develop exercise scenarios that would be approved by NRC in an expedited fashion, and NRC would publish and distribute regulatory guides that would outline potential emergency response scenarios and describe the scenarios that were tested and the successful responses to the problem posed.
The petitioner scated that these actions would provide reasonable assurance that nuclear power plant licensees have developed and can implement adequate contingency and emergency plans to address major system failures that may be caused by the Y2K problem.
Public Comments on the Petition in response to this petition, NRC received 64 comment letters, including 1 letter signed by 25 citizens from the State of Michigan,3 from nuclear associated industries,11 from utilities, i
i 13 from private organizations,1 from the State of Illinois Department of Nuclear Safety, and 35 from private citizens.
Forty-six letters supported the petition, of which 13 were from private organizations,32 were from private citizens, and one which was signed by 25 citizens of the State of Michigan.
Thirty-nine of these 46 letters communicated a brief statement in support of the petition. Seven of the 46 letters, of which 3 were from private individuals and 4 were from private organizations, discussed reasons for supporting the petition.
5 L
In some letters, support of the petition was based on belief that actual emergency response exercises will provide invaluable information in addressing Y2K issues because of the complexity of Y2K issues and the lack of experience of licensees of nuclear facilities in responding to such an event.
Others letters stated that all emergency plans rely heavily on offsite sources of help, such as police, fire, and other essential services, but that these services, as well as critical communications entities, may also be vulnerable to the Y2K problem if they are not properly assessed, remedied, and tested. Some letters cited numerous problems that have occurred in previous emergency planning exercises, irrespective of the Y2K problem. An example stated was the Pilgrim exercise of December 13,1995, in which the Boston Edison Company was unable to communicate to the proper authorities. Other examples cited the occurrer.ce of lost electrical buses. Some letters communicated the importance of testing and retesting for every conceivable contingency.
Eighteen letters opposed the petition, of which 3 were from private citizens,3 were from
' nuclear associated industries, one was from the State of Illinois Department of Nuclear Safety, and 11'were from utilities. The letters opposing the petition stated that the additional emergency
- planning exercise suggested by the petition is not needed to ensure public health and safety.
These letters indicated that NRC analysis and industry testing have confirmed that safety systems will function to shut down a reactor if required, that licensees and NRC are developing contingency plans for key Y2K rollover dates, and that these contingency plans will evaluate specific risk factors and, where appropriate, provide mitigation strategies to allow continued safe operation. These letters stated that this effort provides a rational review and systematic l
6 l
l-j
l l
l approach to issues that could affect the continued safe operation of a plant within the conditions ofits license, which the commenters believe is a more effective approach for ensuring that plants continue to operate and meet commitments.
Reasons for Denial Pursuant to 10 CFR 50.47, " Emergency Plans"; 10 CFR 50.54, " Conditions of Licenses,*
paragraphs (q), (s), and (t); and Appendix E to 10 CFR Part 50, nuclear facilities are required to provide emergency response capabilities that take into account a variety of circumstances and challenges, to exercise their plans periodically to develop and maintain key skills of involved personal, and to identify deficiencies in the emergency plan and personnel and take appropriate y..
actions to correct identified deficiencies. In accordance with 10 CFR 50.54(q), nuclear power reactor licensees are required to follow and maintain in effect emergency plans that meet the planning standards in 10 CFR 50.47(b) and the requirements of Appendix E to Part 50. In part, l
l licensees are required to train and test their organization and associated equipment to ensure that under all conditions and contingencies, such as power outages and computer and l
l communication failures, appropriate emergency response is available and effective in an i
emergency.
1 i
To accomplish these requirements, licensees conduct numerous exercises and drills l
throughout the year. Inherent in the nature of emergency response is the realization that in an emergency, equipment may fail, loss o'f power may occur, personnel may not be available, and j
I weather conditions may cause the emergency or escalate it. It is typical that, in the development of scenarios for exercises and drills, as well as in employee training programs, 7
l
F l
l communication links, plant computers, and display and monitoring equipment are "out of service" or " fail" at inappropriate times. The NRC staff commonly oversees exercises that l
include these types of problems and the licensee's staff benefits from having to work around this training obstacle when a particular approach has been blocked. The NRC staff has observed licensees resorting to manual and backup systems to respond effectively and l
overcome these obstacles.
In terms of the effects of the Y2K problem, the NRC staff believes that the Y2K problem is not unique -it is a software error. Although the cause of computer and equipment failure may be different under Y2K, the result and the expected response are the same as situations encountered during many previous emergency exercises and drills. Therefore, there is no need to require licensees to conduct additional exercises to test specifically for potential Y2K failures.
In addition to existing emergency response plans, licensees of operating nuclear power plants and decommissioning power plants where spent fuelis stored at the plant site are preparing and implementing Y2K contingency plans as part of the plant-specific Y2K program.
Operating nuclear power plant-specific Y2K contingency plans are based on the guidance in Nuclear Energy Institute / Nuclear Utilities Software Management Group NEl/NUSMG 98-072,
" Nuclear Utility Year 2000 Readiness Contingency Planning," dated August 1998, which provides a process and a method for preparing and implementing a facility-specific integrated contingency plan that considers specific risks from internal and extemal sources. The Y2K 8 NEl/NUSMG 98-07 was preceded by NEl/NUSMG 97-07, " Nuclear Utility Year 2000 Readiness," dated October 1997, which presented a strategy for developing and implementing a nuclear utility Y2K program.
8 l
\\
i
E g
contingency plans are generally built upon existing contingency activities (such as emergency preparedness, disaster recovery, storm damage restoration, grid restoration, and station
- blackout) and plant emergcncy procedures, coupled with the consideration that potential Y2K-related failures could affect many systems and components. Among the extemal events that are considered for contingency planning are -
p the loss of emergency plan equipment and services: pagers, radios, sirens and
(.
meteorology information, and l
l the loss of essential services: telephone, microwave, water, satellites, networks, security, police, and fire-fighting capability.
y.
6 The need for simulated exercises, development of special procedures, and Y2K contingency plan specific training is considered in the Y2K contingency planning process.
Contingency plan verification is included in NEl/NUSMG 98-07 guidelines to provide confidence that the plans can be executed as intended. The contingency planning efforts, as outlined in NEl/NUSMG 98-07, provide additional training, staffing, and material procurement for occurrences that could happen at any time but that have a higher probability of occurring during the critical Y2K-related dates. Licensees and NRC are currently developing contingency plans for critical Y2K rollover dates. These contingency plans evaluate specific risk factors and, where appropriate, provide mitigation strategies to cope with plant-specific effects of the most probable
- and serious failures that might be initiated or exacerbated by the Y2K problem.
9 I
[
On May 11,1998, NRC issued Generic Letter (GL) 98-01, " Year 2000 Readiness of Computer Systems at Nuclear Power Plants." In GL 98-01, NRC requested that all operating nuclear power plant licensees submit written responses regarding their facility-specific Y2K f
- readiness programs in order to obtain confirmation that licensees are addressing the Y2K problem effectively. All licensees have responded to GL 98-01, stating that they have adopted plant-specific programs that are intended to make the plants Y2K ready by July 1,1999. These programs are patterned on industry guidelines (NEl/NUSMG 97-07, " Nuclear Utilities Year 2000 Readiness") that have been found acceptable by NRC. GL 98-01 also requests a written response, no later than July 1,1999, confirming that these facilities are Y2K ready, including contingency planning. Licensees who are not Y2K ready by July 1,1999, must provide a status report and schedule for the remaining work to ensure timely Y2K readiness.
NRC considers the guidance in NEl/NUSMG 98-07, when properly implemented, as an acceptable approach for licensees to mitigate and manage Y2K-induced events that could occur on Y2K-critical dates.
As part of its oversight of licensee Y2K program activities, NRC staff audited the contingency planning effort of six licensee facilities. These audits were completed during June 1999. These audits focused on the licensee's approach to addressing both internal and external Y2K risks to safe plant operation, based on the guidance in NEl/NUSMG 98-07. The audits at these facilities examined in detail back-up measures the utilities have in place to deal with possible Y2K problems, either on site or off site, including problems with the loss of emergency plan equipment and services (pagers, radios, sirens, and meteorology), the loss of essential
]
10
services (telephone, microwave, water, satellites, networks, securi?/, police), and the failure of the offsite emergency responders to perform their task effectively.
Additionally, NRC regional staff reviewed Y2K activities at all operating nuclear power plants to verify the status of licensee efforts to ensure that all plants will be able to function safely on January 1,2000, and beyond. The reviews: (1) verify that all NRC licensees have implemented Y2K program activities; (2) evaluate the progress they have made to ensure that they are on schedule to achieve Y2K readiness; and (3) assess their contingency plans for addressing Y2K-related issues. The regional staff is using guidance prepared by the NRC -
' Headquarters staff that ic based on NRC GL 98-01, NEl/NUSMG 97-07, and NEl/NUSMG 98-
- 07. These reviews were completed by July 1999.
The offsite components of emergency preparedness and response, which are the responsibility of States, counties, and municipalities, are already utilized by those governmental entities to address a wide range of events (e.g., grid failures, tornadoes, floods, hurricanes, snowstorms, industrial accidents). These events often involve widespread loss of normal
~
capabilities and services (e.g., loss of electricity and telephone service, blocking of roads) coupled with the need for a multi-capability response. NRC is also working closely with the Federal Emergency Management Agency (FEMA) on its plans to conduct Y2K workshops for the State and local radiological emergency preparedness community. NRC and nuclear facilities licensees will participate in these workshops. NRC is an active member of the Emergency Services Sector Working Group for Y2K, which is headed by FEMA. In addition, to facilitate Agreement State efforts to address the Y2K issue, a link to State Govemment Year 11
E
~
2000 Web sites has been provided by the NRC NRC will make every effort to share with the l
States any Y2K issue that may also affect Agreement States or Agreement State licensees.
NIRS has not explained why the approach currently being pursued by the licensees, the nuclearindustry, and NRC does not provide reasonable assurance of adequate emergency response capabilities during the transition from 1999 to 2000.
In the case of research and training / test reactors, licensees of these facilities also have established programs to evaluate and correct Y2K deficiencies. Many research reactors will be shut down on January 1,2000, as the institutions operating them (e.g., universities and i
laboratories) will be closed for the holiday. Further, these reactors often have passive safety 1
features and low power levels, which ensure minimal potential offsite consequences. In addition, NRC staff concluded that any research reactor in operation on January 1,2000, could be readily shut down manustly using emergency procedures and existing shutdown systems, even if their operational systems should experience a Y2K problem.
Conclusion Plant-specific industry planning for Y2K contingencies, which is built upon existing emergency response plans and procedures required by the current emergency preparedness l
regulations, provides a reasonable assurance that adequate protection measures will be taken l
I in the event of radiological emergency during Y2K critical dates. Imposing a 'ew prescriptive l
l l
rule as proposed in the petition in an area in which the industry action is already exceeding the i
actions that address the petitioner's generalissues would be counterproductive to the ongoing 1
12 I
i o
Y2K readiness efforts of the licensees. Therefore, the additional full-scale emergency planning exercise requested by the NIRS is not necessary to ensure emergency response capabilities to provide reasonable assurance of adequate protection to public health and safety despite the l
occurrence of Y2K problems.
l l
For these reasons, the Commission denies the petition.
I h
l Dated at Rockville, Maryland, this 17 day of bu
.1999.
1
/
For the Nuclear Regulatory Commission.
ft_k 1.I3.h
~'
Andres L. Bates Acting Secretary of the Commission.
l l
l 13 4
l