ML21049A057

From kanterella
Jump to navigation Jump to search
Rulemaking: Proposed Rule: NRC Markup of NEI-20-05 Draft B Comments on Methodological Approach and Considerations for a Technical Analysis to Demonstrate Compliance with the Performance Criteria of 10 CFR 73.55(a)(7)
ML21049A057
Person / Time
Site: Nuclear Energy Institute
Issue date: 03/02/2021
From:
Nuclear Energy Institute
To:
Office of Nuclear Material Safety and Safeguards
Andrukat, Dennis
Shared Package
ML21049A029 List:
References
NRC-2017-0090, RIN 3150-AK04 NEI 20-05
Download: ML21049A057 (13)
v  d  e


Text

NEI 20-05 Methodological Approach and Considerations for a Technical Analysis to Demonstrate Compliance with the PerformanceEligibility Criteria of 10 CFR 73.55(a)(7)

Prepared by the Nuclear Energy Institute

[Month] 2020

© NEI 2020. All rights reserved. **DRAFT B** nei.org

[Month] 2020 Acknowledgements This technical report was prepared by the Nuclear Energy Institute (NEI). We greatly appreciate the efforts by our members and other organizations that contributed to the preparation and review this document.

NEI Project Lead: David Young

© NEI 2020. All rights reserved. **DRAFT B** nei.org

[Month] 2020 Table of Contents 1 Purpose ..................................................................................................... 1 2 Technical Analysis Guidelines .................................................................... 1 2.1 Threat Characteristics ....................................................................... 1 2.2 Probabilistic Risk Assessment Information ........................................ 1 2.3 Plant Configuration/Mode Changes .................................................. 2 2.4 Definition of Target Set and Relationship to Performance Criteria .... 2 2.5 Credit for Manual Actions ................................................................. 3 2.6 Credit for Law Enforcement Support ................................................. 3 2.7 Safety/Security Interface .................................................................. 3 2.8 Hazards from Adjacent Facilities and Transportation Routes ............. 4 2.9 NUREG/CR-7145................................................................................ 4 2.10 Use of Security Modelling Tools ..................................................... 4 3 PerformanceEligibility Criteria................................................................... 5 3.1 PerformanceEligibility Criterion § 73.55(a)(7)(i)(A) ............................ 5 3.2 PerformanceEligibility Criterion § 73.55(a)(7)(i)(B) ............................ 5 3.3 PerformanceEligibility Criterion § 73.55(a)(7)(i)(C) ............................ 6 4 Consequence Analysis Guidelines.............................................................. 7 4.1 General Instructions and Assumptions .............................................. 7 4.2 Meteorological Parameters ............................................................... 8 4.3 Atmospheric Transport Modeling ...................................................... 9 4.4 Exposure Parameters ........................................................................ 9 5 Updates .................................................................................................... 9

© NEI 2020. All rights reserved. **DRAFT B** nei.org

[Month] 2020 1 PURPOSE This technical report provides guidance for performing a technical analysis to demonstrate that a nuclear power reactor applicant or licensee qualifies for the voluntary, performance-based alternatives to certain physical security requirements contained in Title 10 of the Code of Federal Regulations (10 CFR) 73.55, Requirements for physical protection of licensed activities in nuclear power reactors against radiological sabotage. To qualify for the alternative requirements, the facility must be either a non-light water reactor or a small modular reactor as defined in §10 CFR 171.5, Definitions, and thean applicant or licensee must demonstrate that the nuclear power reactor facility meets one of the performanceeligibility criteria specified in § 73.55(a)(7). The guidance in this report addresses how to perform the technical analysies required by §10 CFR 73.55(a)(7)(ii) targeted at any of the three performance eligibility criteria listed in § 73.55(a)(7)(i) and repeated in Section 3 of this document.

2 TECHNICAL ANALYSIS GUIDELINES 2.1 Threat Characteristics The threat to be considered in a technical analysis is the design basis threat of radiological sabotage as stated in § 73.1, Purpose and scope, and referred to as the DBT.1 Analysis elements involving consideration of specific DBT capabilities and tacticsattributes should be informed by the guidance in Regulatory Guide (RG) 5.69, Guidance for the Application of Radiological Sabotage Design-Basis Threat in the Design, Development and Implementation of a Physical Security Program that Meets 10 CFR 73.55 Requirements.2 An applicant may use an alternative approach to a given capability or tacticattribute in their analysis; however, the alternative approach should be clearly identified and supported with a technical basis.

2.2 Probabilistic Risk Assessment Information A technical analysis may consider information available from a probabilistic risk assessment (PRA) developed to meet facility licensing requirements (e.g., evaluation of severe accidents) established by the U.S. Nuclear Regulatory Commission (NRC). Prior to beginning the analysis, an applicant is encouraged to become familiar with the guidance in RG 5.81, Target Set Identification and Development for Nuclear Power Reactors. RG 5.81 includes a discussion on the use of PRA information and insights to assist with the identification of target sets. This material discussion can help inform the content of a technical analysis performed to demonstrate compliance with § 73.55(a)(7).

RG 1.200, An Approach for Determining the Technical Adequacy of Probabilistic Risk Assessment Results for Risk-Informed Activities, provides an approach that the NRC has found acceptable for developing a PRA suitable for risk-informed regulatory decisions. The guidance in 1 An applicant planning to analyze a threat with characteristics different than the DBT (e.g., one with less capabilities) should also seek an exemption from this requirement as part of the facilitys licensing process.

2 RG 5.69 contains Safeguards Information (SGI) and is therefore not publicly available.

© NEI 2020. All rights reserved. **DRAFT B** Page 1

[Month] 2020 RG 1.200 should be followed to the extent practical and applicable when assessing the acceptability of probabilistic risk information used in a technical analysis.

2.3 Plant Configuration/Mode Changes As applicable to the facility design and features, a technical analysis should consider the effects from planned (routine) changes to the plant configuration, or mode of operation, on the ability to continuously meet a targeted performanceeligibility criterion. If needed, the analysis should describe the controls that will be implemented to ensure that the performanceeligibility criterion will always be met. Alternatively, a technical analysis could be directed at two (or all three) performanceeligibility criteria whereby one performanceeligibility criterion is met in one plant configuration or mode, and another criterion is met in a different configuration or mode.

2.4 Definition of Target Set and Relationship to PerformanceEligibility Criteria As used in this document:

  • A target set is the minimum combination of equipment or operator actions which, if all are prevented from performing their intended safety function or prevented from being accomplished, would likely result in offsite doses greater than the reference values in §§ 50.34(a)(1)(ii)(D) and 52.79(a)(1)(vi).
  • An achievable target set means a target set that is within the ability of the DBT to compromise, destroy, or render nonfunctional, absent actions by an onsite armed response force.

The relationship of a target set to the three performanceeligibility criteria presented in § 73.55(a)(7) is shown below.

Mitigation Measures PerformanceEligibility Achievable Target Facility Target Set? for Loss of Target Criterion Set?

Set?

§ 73.55(a)(7)(i)(A) No N/A N/A

§ 73.55(a)(7)(i)(B) Yes No N/A

§ 73.55(a)(7)(i)(C) Yes Yes Yes The material in RG 5.81 can help inform the identification and development of target sets.

© NEI 2020. All rights reserved. **DRAFT B** Page 2

[Month] 2020 2.5 Credit for Manual Actions A manual action performed by the facility staff may be credited3 in a technical analysis intended to meet §§ 73.55(a)(7)(i)(B) or 73.55(a)(7)(i)(C), including actions to prevent or mitigate offsite radiological consequences. The basis for assuming taking credit for the manual action performance should provide reasonable assurance that the action could be completed under the postulated attack conditions and be documented in the analysis. For example, an action to enable a physical protection element, such as changing the position of a barrier or arming a delay feature, could be credited provided the facilitys layout, staffing and physical security features give reasonable assurance of itsthat the action can be completedion during an attack.

Guidance for assessing the credibility (and thus acceptability) of a proposed manual action can be found in RG 5.81.4 Manual actions initiated from a remote location may also be credited. In these cases, the basis should also address potential challenges to timely performance of the action and mitigative measures. Topics to consider include cyber attacks, reliability and redundancy of communications systems, and potential collateral duties of personnel at the remote location.

2.6 Credit for Law Enforcement Support A technical analysis may credit an onsite response from a law enforcement agency to neutralize the threat; this credit may be applied in an analysis targeted at any of the three performanceeligibility criteria. The scope and timing of the law enforcement response should be consistent with the Reasonable Assurance of Protection Time (RAPT) described in RG 5.76, Physical Protection Programs at Nuclear Power Reactors. It is possible that a response time shorter than the RAPT could be used; however, the technical analysis would need to include a site-specific basis for the shorter time. [Augment this information with discussion in pending SECY on RAPT/SBT.]

2.7 Safety/Security Interface The performance of physical protection elements described in a technical analysis must be consistent with the requirements in § 73.58, Safety/security interface requirements for nuclear power reactors. More specifically, the design and performance of these elements cannot adversely affect reactor safety and, conversely, plant and operator responses to the event (e.g., changes in equipment configuration) cannot adversely affect physical protection elements. Further guidance on this topic can be found in RG 5.74, Managing the Safety/Security Interface.

3 For the purpose of this document, credit means a determination that a proposed action or activity can be performed in response to a potential or active attackduring an attack, thereby permitting the action or activity to be relied upon to support conclusions in the analysis. The determination should meet a reasonable assurance standard.

4 RG 5.81 uses the term operator action.

© NEI 2020. All rights reserved. **DRAFT B** Page 3

[Month] 2020 2.8 Hazards from Adjacent Facilities and Transportation Routes When applicable, the technical analysis should identify and evaluate hazards from an adjacent non-nuclear facility that could potentially affect the safety or security features relied upon to meet an performanceeligibility criterion. The analysis should also examine similar hazards emanating from an onsite or nearby transportation route (e.g., a roadway or rail line).

Consideration should be given to potentially hazardous conditions that could be created by the DBT adversary as well as those arising from other causes. Potential hazards to consider include, but are not limited to:

  • Steam releases
  • Chemical explosions, releases or spills
  • Fires
  • Misuse of industrial radiation sources The characteristics of each hazard, such as timing, severity, and persistence, should be determined. The technical analysis should then describe the design provisions and/or response actions that will mitigate the impacts of each hazard and ensure that the capability to meet the performanceeligibility criterion is maintained. Hazard analyses performed to meet other NRC licensing requirements (e.g., reactor siting criteria) may be referenced as applicable; there is no need to perform duplicative analyses.

2.9 NUREG/CR-7145 Prior to beginning a technical analysis, an applicant is encouraged to become familiar with the guidance in NUREG/CR-7145, Nuclear Power Plant Security Assessment Guide. NUREG/CR-7145 provides guidance to design certification and combined license applicants for optimizing physical security during the design phase and minimizing reliance on operational programs (human actions). The material in NUREG/CR-7145 can help inform the content of a technical analysis performed to demonstrate compliance with § 73.55(a)(7).

2.10 Use of Security Modelling Tools An applicant may employ a computer application in a technical analysis to model the security-related aspects of an attack on the facility. For example, an application could be used to evaluate the detection and delay capabilities described in the analysis. For additional information on security assessment modeling tools, see Sandia National Laboratories Report SAND2007-5591, Nuclear Power Plant Security Assessment Technical Manual.

© NEI 2020. All rights reserved. **DRAFT B** Page 4

[Month] 2020 3 PERFORMANCEELIGIBILITY CRITERIA 3.1 PerformanceEligibility Criterion § 73.55(a)(7)(i)(A)

This performanceeligibility criterion states:

The radiological consequences from a hypothetical, unmitigated event involving the loss of engineered systems for decay heat removal and possible breaches in physical structures surrounding the reactor, spent fuel, and other inventories of radioactive materials result in offsite doses below the reference values defined in

§§ 50.34(a)(1)(ii)(D) and 52.79(a)(1)(vi) of this chapter.

To meet this performanceeligibility criterion, a facility must have no combination of equipment or operator actions that, if prevented from performing their intended safety function or prevented from being accomplished, would likely result in offsite doses exceeding the cited reference values (i.e., the facility does not have a target set). An applicant can demonstrate compliance with this criterion through a technical analysis based on a consequence analysis that determines offsite doses for the postulated security events do not exceed the reference values defined in §§ 50.34(a)(1)(ii)(D)(1)&(2) and 52.79(a)(1)(vi)(A)&(B). The assessment may not consider all any engineered safety and security features in place at the beginning of the event; manual actions to operate these features after the attack has begun should may not be considered.

Guidelines for performing a consequence analysis are presented in section 4 of this document.

3.2 PerformanceEligibility Criterion § 73.55(a)(7)(i)(B)

This performanceeligibility criterion states:

The plant features necessary to mitigate an event and maintain offsite doses below the reference values in §§ 50.34(a)(1)(ii)(D) and 52.79(a)(1)(vi) of this chapter cannot reasonably be compromised by an adversary as defined by the design basis threat for radiological sabotage.

To meet this performanceeligibility criterion, a facility must have no achievable target set that would likely result in offsite doses exceeding the cited reference values; in other words, the facility does not have a target set that can be compromised by an adversary with DBT capabilities to an extent necessary to result in offsite doses exceeding the cited reference values. An applicant can demonstrate compliance with this criterion through a technical analysis that identifies plant target sets and demonstrates the capability of safety and security features to prevent the DBT from compromiseing of any target set by a DBT adversary. To meet this criterion, the analysis results cannot rely upon actions by an onsite armed response force.

Security features that may be considered in the analysis include, but are not limited to:

  • Access control measures

© NEI 2020. All rights reserved. **DRAFT B** Page 5

[Month] 2020

  • Detection and assessment capabilities
  • Delay and barrier features
  • Actions by the facility staff or performed remotely
  • Insider threat mitigation 3.3 PerformanceEligibility Criterion § 73.55(a)(7)(i)(C)

This performanceeligibility criterion states:

Plant features include inherent reactor characteristics combined with engineered safety and security features that allow for facility recovery and mitigation strategy implementation if a target set is compromised, destroyed, or rendered nonfunctional, such that offsite radiological consequences are maintained below the reference values defined in §§ 50.34(a)(1)(ii)(D) and 52.79(a)(1)(vi) of this chapter.

To meet this performanceeligibility criterion, a facility should have a reactor design with a large heat capacity and slow progression from loss of safety equipment to degradation of fission product barriers and release of radionuclides from the facility. An applicant can demonstrate compliance with this criterion through a technical analysis based on a consequence analysis that determines the shortest elapsed time from event initiation to the onset of conditions that would produce a release with radiological consequences exceeding the cited reference values.

The analysis will also need to describe the planned mitigation strategies that would be implemented, within the time available before offsite radiological consequences, to prevent the conditions leading to the radiological release. Guidelines for performing a consequence analysis are presented in section 4 of this document.

A strategy should be understood asis a plan of action for maintaining or restoring a safety function that is challenged due to the loss of a target element or target set. A strategy can be implemented by one or more methods. A method is a series of actions designed to implement a specific strategy. As an illustrative example of these terms, consider that placing a portable pump in service (a method) to inject water into a reactor vessel (a strategy) would maintain or restore the core cooling safety function.

The description of a mitigation strategy should identify the safety function performed, the events that would prompt implementation, the anticipated time for performance (with consideration of reasonably expected conditions prevailing during an attack), and the following elements needed for execution, as applicable.

  • Equipment (e.g., portable pumps, generators, hoses, cables, etc.)
  • Storage locations (onsite and/or offsite)
  • Transport and deployment arrangements (i.e., provisions for moving the equipment

© NEI 2020. All rights reserved. **DRAFT B** Page 6

[Month] 2020 from a storage location to the location where it will be placed into service)

  • Key actions to place equipment in service
  • Staffing
  • Communications A facility meeting the performanceeligibility criterion in § 73.55(a)(7)(i)(C) will need to perform periodic administrative and maintenance activities that support the ongoing capability to implement mitigation strategies. To this end, the technical analysis should discuss the following items.
  • Anticipated or actual documentation of support from offsite resource providers (e.g., letter of agreement, memorandum of understanding, contract, etc.) and how this documentation will be periodically verified and updated.
  • Plant design change and configuration control measures to ensure that credited strategies can be readily implemented or modified as needed.
  • Maintenance and testing of equipment.
  • Training and drills to validate strategies and maintain proficiency of personnel.

An applicant complying with the requirements of § 50.155, Mitigation of beyond-design-basis events, is encouraged to become familiar with the guidance in RG 1.226, Flexible Mitigation Strategies for Beyond-Design-Basis Events. RG 1.226 identifies methods and procedures the NRC staff considers acceptable for nuclear power reactor applicants and licensees to demonstrate compliance with NRC regulations covering planning and preparedness for beyond-design-basis events. The material in RG 1.226 can help inform the content of a technical analysis performed to demonstrate compliance with § 73.55(a)(7)(i)(C).

4 CONSEQUENCE ANALYSIS GUIDELINES 4.1 General Instructions and Assumptions For the purpose of this document, a consequence analysis is an activity performed by the applicant to determine radiation doses at the boundary of the exclusion area and the boundary of the low population zone. As noted above, a consequence analysis will be needed to support demonstration of compliance with Performanceeligibility Ccriteria §§ 73.55(a)(7)(i)(A) and 73.55(a)(7)(i)(C). The analysis should describe the initiating event (i.e., the actions taken by the DBT adversary), the compromised target set (for analysies directed at § 73.55(a)(7)(i)(C)), and the subsequent responses by the plant, facility staff and supporting organizations and agencies, including law enforcement. With this information, the analysis should then determine the type and amount of radioactivity released to the environment.

© NEI 2020. All rights reserved. **DRAFT B** Page 7

[Month] 2020 The following assumptions should be employed in a consequence analysis.

a. Both active and passive safety features may be considered in the analysis.
b. The atmospheric release pathway is the risk-dominant contributor to offsite doses (i.e.,

no consideration of direct exposures from the facility or releases to liquid pathways is necessary).

c. The atmospheric release consists of aerosols or gasses (with radioactive decay and in-growth corrections as appropriate). If a release pathway requires more complex atmospheric transport modeling, additional analyses may be needed.
d. A straight-line Gaussian plume segment-type atmospheric dispersion model, with modifications as needed to account for near-field dispersion phenomena, is used to estimate atmospheric concentrations. Such models are generally most suitable for relatively simple transport situations, such as open and level terrain, relatively steady meteorology, and relatively close distances (<10 km). Use of a more advanced dispersion model may require a different set of assumptions or methodological steps than those described in this document.

For facilities with relatively small exclusion areas, a straight-line Gaussian plume model may overestimate near-field radiological consequences. In these cases, other consequence analysis models may be used.

e. There is no credit for pre-planned offsite protective actions such as evacuation or sheltering.
f. The exposure durations should be consistent with the durations specified in §§ 50.34(a)(1)(ii)(D) and 52.79(a)(1)(vi).
g. The analysis need not postulate coincident events (e.g., a seismic or flooding event), or failures of structures, systems or components unrelated to the event.

For the release scenario and dose projections, a quantitative radiological source term should be developed by specifying atmospheric release characteristics such as the time dependent isotopic release rates to the atmosphere, release durations, release locations, physical/chemical form, plume buoyancy, etc. The radiological source term should be estimated using analysis methods and codes evaluated by an NRC-accepted process. In cases where more than one release scenario is identified, the consequence analysis should use the scenario (i.e.,

the event sequence) that produces the greatest offsite dose at the boundaries of the exclusion area and low population zones.

4.2 Meteorological Parameters An analysis to develop meteorological data may be needed to evaluate a range of meteorological conditions in a probabilistic fashion. Alternately, conservative transport and

© NEI 2020. All rights reserved. **DRAFT B** Page 8

[Month] 2020 dispersion conditions may be assumed, although the conservatism of the selected conditions should be evaluated to ensure that the combination of parameters selected for transport and dispersion modeling was in fact conservative. For example, with appropriate justification, site-specific meteorological information could be used to develop average expected atmospheric dispersion characteristics (i.e., 50th percentile meteorology for the site), which would then be employed in the analysis.

Selection of a source of meteorological data would include an evaluation of data needs such as wind speeds, atmospheric stability, precipitation, mixing height, etc., for temporal and geographical representativeness. The quality and completeness of the meteorological data should be assessed, and significant uncertainties identified and characterized. It is expected that site-specific meteorological data will be used; however, there may be instances where site-specific data is not available or of sufficient quality and completeness. In these cases, there should be an explanation of the appropriateness of the meteorological data used for the analysis.

4.3 Atmospheric Transport Modeling An atmospheric transport model appropriate for the range of distances under consideration should be identified. For Gaussian-type models, dispersion parameters appropriate to the characteristics of the area and distance ranges under consideration should be identified, and conceptual approaches for the treatment of near-field effects such as elevated releases, building wake effects, plume meander, plume rise, etc. should also be identified. The selection of an atmospheric transport model should also involve selection of a conceptual approach for treatment of wet and dry deposition. Any assumptions made in the atmospheric transport model should be identified.

4.4 Exposure Parameters The relevant exposure pathways should be identified; for example, exposure to both airborne and deposited radioactivity from atmospheric releases would involve both external (groundshine and cloudshine) and internal (inhalation of airborne material during cloud passage or as a result of resuspension) exposure. In order to assess the dose, the exposure parameters (e.g., shielding factors, breathing rates, exposure durations, etc.) would need to be characterized. Dose estimations should be carried out by combining the results of the release, transport, and exposure assessment with a recognized source of dose conversion factors (such as Federal Guidance Reports issued by the U.S. Environmental Protection Agency) to estimate the doses at the boundaries of the exclusion area and low population zone.

5 UPDATES As needed, The crediteda technical analysis should be updated to reflect changes to facility features or offsite support resources described in the analysis. The NRC should be notified of a change that affects compliance with an applicable performanceeligibility criterion (e.g., an anticipated change will result in the performanceeligibility criterion no longer being met).

© NEI 2020. All rights reserved. **DRAFT B** Page 9

[Month] 2020 Documentation of support from offsite resource providers should be verified on an annual basis.

© NEI 2020. All rights reserved. **DRAFT B** Page 10

Retrieved from "https://kanterella.com/w/index.php?title=ML21049A057&oldid=3416490"