ML21082A512

From kanterella
Jump to navigation Jump to search
Enclosure 1 - Report to Congress on the Security Inspection Program for Operating Commercial Power Reactors and Category I Fuel Cycle Facilities: Results and Status Update: Annual Report for Calendar Year 2020 (Public Version)
ML21082A512
Person / Time
Issue date: 06/22/2021
From: Christopher Hanson
NRC/Chairman
To: Carper T, Markey E, Pallone F, Rush B, Tonko P
US HR (House of Representatives), US HR, Comm on Energy & Commerce, US HR, Subcomm on Energy, US HR, Subcomm on Environment and Climate Change, US SEN (Senate), US SEN, Comm on Environment & Public Works, US SEN, Subcomm on Clean Air & Nuclear Safety
Keene J
Shared Package
ML21082A513 List:
References
CORR-21-0040, EDO W200500377, NSIR-05-0861
Download: ML21082A512 (19)
v  d  e


Text

Report to Congress on the Security Inspection Program for Operating Commercial Power Reactors and Category I Fuel Cycle Facilities:

Results and Status Update Annual Report for Calendar Year 2020 U.S. Nuclear Regulatory Commission Office of Nuclear Security and Incident Response Washington, DC 20555-0001 Enclosure 1

ABSTRACT This report fulfills the requirements of Section 170D.e of the Atomic Energy Act (AEA) of 1954 (42 U.S.C. §2210d(e)), as amended, which states, [n]ot less often than once each year, the Commission shall submit to the Committee on Environment and Public Works of the Senate and the Committee on Energy and Commerce of the House of Representatives a report, in classified form and unclassified form, that describes the results of each security response evaluation conducted and any relevant corrective action taken by a licensee during the previous year.

Additionally, Section 170D.a of the AEA of 1954 (42 U.S.C. §2210d(a)) grants the U.S. Nuclear Regulatory Commission (NRC) the authority to determine which licensed facilities must undergo these security evaluations. The NRC is reporting the security response evaluation results for the nations fleet of operating commercial nuclear power plants (NPPs) and Category I (CAT I) fuel cycle facilities, given the significance of the nature, form, and quantity of nuclear material at these facilities. With respect to NPPs, the scope of this report includes those undergoing decommissioning but not yet transitioned to a dry-storage independent spent fuel storage installation due to the continued implementation of Title 10 of the Code of Federal Regulations (10 CFR) Part 73, Physical Protection of Plants and Materials. This report includes a comprehensive overview of the combined results of the security programs for calendar year (CY) 2020. To aid in understanding the context of how the NRC conducts evaluations, this report also provides a description of relevant security programs, including: Reactor Oversight Process, Security Baseline Inspection Program for NPPs, a force-on-force (FOF) evaluation description, and CAT I Fuel Cycle Facility Security Oversight Program.

Paperwork Reduction Act Statement NUREG-1885, Revision 14, Report to Congress on the Security Inspection Program for Commercial Power Reactors and Category I Fuel Cycle Facilities: Results and Status Update, does not contain information collection requirements and, therefore, is not subject to the requirements of the Paperwork Reduction Act of 1995 (44 U.S.C. §3501 et seq.).

Public Protection Notification The NRC may not conduct nor sponsor, and a person is not required to respond to, a request for information or an information collection requirement unless the requesting document displays a currently valid Office of Management and Budget control number.

ii

CONTENTS ABSTRACT .................................................................................................................................. ii

1. EXECUTIVE

SUMMARY

....................................................................................................... 1

2. SECURITY OVERSIGHT PROCESS FOR COMMERCIAL NUCLEAR POWER REACTORS .......................................................................................................................... 3
3. CALENDAR YEAR 2020 NUCLEAR POWER PLANT INSPECTION RESULTS .................. 5
4. CATEGORY I FUEL CYCLE FACILITY SECURITY OVERSIGHT PROGRAM .................... 6 4.1 Category I Fuel Cycle Facility Oversight Process Framework ....................................... 6 4.2 Calendary Year 2020 Inspection Results ....................................................................... 7
5. FORCE-ON-FORCE EVALUATIONS ..................................................................................... 8 5.1 Overview ......................................................................................................................... 8 5.2 Background ..................................................................................................................... 8 5.3 Program Activities for 2020 ........................................... Error! Bookmark not defined.0 5.4 Force-On-Force Evaluation Results .............................................................................. 10
6. OVERALL SECURITY INSPECTION RESULTS FOR 2020 ................................................ 12 6.1 Overview ....................................................................................................................... 13 6.2 Inspection Results ......................................................................................................... 13
7. CONCLUSION ...................................................................................................................... 16 iii
1. EXECUTIVE

SUMMARY

Conducting FOF inspections and implementing the security inspection program are two signature regulatory activities that the NRC performs to ensure the secure and safe use of radioactive and nuclear materials by the commercial nuclear power industry and at CAT I fuel cycle facilities. CY 2020 was dynamic and unprecedented for the NRC and its regulated entities because of the coronavirus disease 2019 (COVID-19) public health emergency (PHE). The NRC took appropriate measures to balance the needs of the program and the need to keep NRC and licensee staff safe while also applying the NRCs Principles of Good Regulation (independence, openness, efficiency, clarity, and reliability) in performing its safety and security mission.

Despite the far-reaching impacts of the COVID-19 PHE, the NRC developed innovative strategies to carry out risk-informed, performance-based oversight of the licensee physical protection programs while minimizing the risk for spreading the virus. These strategies included the use of remote inspections to augment onsite activities and continuous monitoring and tracking of site and local COVID-19 conditions to inform decisions regarding conducting onsite inspections.

As a result of these efforts in CY 2020, the NRC performed 162 security inspections to assess the multifaceted security programs licensees implement to protect and defend their sites, which represents only a 10-percent decrease from CY 2019 inspection numbers. Those inspections that were deferred in CY 2020 are expected to be completed by the end of CY 2021, which would be within the normal periodicity specified by the Reactor Oversight Process (ROP).

For CY 2020, there were a total of 67 inspection findings in the security baseline inspection program. About 91 percent of the findings were assessed as very low safety significance. The Official Use Only - Security-Related Information version of this report (Enclosure 2) contains additional details on the remaining 9 percent of the inspection findings. Overall, the NRC saw a 32 percent decrease in total inspection findings during CY 2020 when compared to CY 2019.

The declining trend in findings is consistent with trends observed in previous years; the NRC continues to monitor and evaluate trends to identify any potential influences, including from 1

COVID-19 PHE. While many changes to both licensee and NRC programs were enacted to mitigate risks associated with COVID-19, NRC inspections did not show degradation in the performance of licensee physical and cyber security programs. Furthermore, because the impacts of COVID-19 continued into CY 2021, NRC Approach to Force-on-the NRC used lessons learned and best practices from CY 2020 to establish modified Force Inspections in 2020 inspection approaches for security oversight as the Nation continues its recovery trajectory. FOF inspections serve as a capstone evaluation of licensees ability to use their security resources to More broadly, the NRC continues to assess detect, assess, and respond, in an integrated opportunities to risk-inform and modernize its fashion, to a threat. In CY 2020, 18 sites were oversight program to help ensure the health of scheduled for an NRC-conducted FOF. One site licensee security programs to provide for was inspected through the completion of a fully reasonable assurance of adequate protection of integrated FOF exercise prior to the start of the public health and safety and the common COVID-19 PHE. After a pause in FOF activities, the defense and security. In CY 2021, the NRC will NRC staff implemented a modified inspection continue to advance efforts targeted at approach to successfully complete limited-scope increasing realism in the FOF program. The tactical drill exercise inspections at 16 additional agency will also complete the initial sites, with one site being rescheduled to 2021 due implementation inspections of power reactor to site-specific circumstances (COVID-19 infection cyber security programs for all licensees and will rate spike).

complete the development of inspection procedures for routine oversight of licensee cyber security programs. Finally, the NRC will The modified inspection procedure allowed key continue its important mission of monitoring the elements of NPP physical protection strategies to threat directed toward NPPs and CAT I fuel cycle be tested in a manner that mitigated the risk of facilities to communicate time-sensitive COVID-19 transmission. The procedure included information and assess the need for any changes the use of tabletop exercises, limited-scope tactical to the design-basis threat (DBT) applicable to response drills, and site walkdowns. While some these facilities. well-established elements associated with the routine FOF inspections were not able to be used (i.e., full security force participation, determination of an outcome associated with the exercise, and use of an NRC-vetted mock adversary force and NRC-owned laser engagement simulated weapons systems), this approach allowed NRC to verify some key aspects of licensee protective strategies and security responder performance and ensure confidence in licensees security posture.

Note: No CAT I fuel cycle facilities were scheduled for a 2

2. SECURITY OVERSIGHT FOR COMMERCIAL POWER REACTORS Reactor Oversight Process Framework The ROP1 is the NRC's risk-informed process to inspect, measure, and assess the safety and security performance of an NPP licensee and to respond to any decline in their performance.

The ROP is anchored in the NRC's mission to provide reasonable assurance of adequate protection of public health and safety and to promote the common defense and security and to protect the environment. The ROP encompasses three key strategic performance areas and measures NPP performance in seven specific cornerstones and in three cross-cutting areas as shown in Figure 2.

Figure 2: Reactor Oversight Framework The NRC evaluates NPP performance by analyzing two distinct inputs: inspection findings resulting from the NRC's inspection programs and performance indicators (PIs) reported by the licensees. The staff uses the NRCs baseline security significance determination process (SDP) to evaluate security inspection-related findings and determine the significance of security program deficiencies2 as shown in Figure 3. The staff uses the process for an initial screening to identify inspection findings that would not significantly increase risk and thus do not need to be further analyzed. Remaining inspection findings are then subject to a more thorough risk assessment to determine whether further regulatory action is warranted. Similarly, each PI is measured against the ROP criteria using a color-coded system for performance.3 Figure 3: Assessing Significance within the Reactor Oversight Program 1

Additional details regarding the ROP can be found on the NRCs public Web site:

https://www.nrc.gov/reactors/operating/oversight/rop-description.html.

2 The SDP for nuclear power reactors uses risk insights, where appropriate, to help the NRC to determine the significance of inspection findings. These findings include both programmatic and process deficiencies.

3 Publicly available PI data is posted at https://www.nrc.gov/reactors/operating/oversight/pi-summary.html.

3

Based on the use of the SDP to assess licensee performance, the NRC determines the appropriate level of agency response, including supplemental inspection and pertinent regulatory actions. Information regarding security findings is included in the NRCs action matrix4 and is identified in the publicly available Action Matrix Summary as either very low significance (i.e., green), or of greater significance (i.e., white, yellow, or red) which is presented in a different color (i.e., blue) to reflect greater-than-green significance.5 The NRC's enforcement jurisdiction is derived from the AEA and the Energy Reorganization Act of 1974, as amended (ERA). The enforcement program has two goals: (1) compliance with regulatory requirements, and (2) prompt and comprehensive identification as well as correction of violations. When violations are identified through the conduct of inspections and investigations, the NRC uses three primary enforcement sanctions: notices of violation (NOVs),

civil penalties, and orders. NOVs and civil penalties are issued based on violations. Orders may be issued for violations or, in the absence of a violation, because of a public health or safety issue.

The traditional enforcement process is used in conjunction with the ROP SDP for violations that resulted in actual security consequences, affected the ability of the NRC to perform its regulatory oversight function, or were deliberate in nature. Traditional enforcement includes four severity levels (SLs) that demonstrate the relative importance of the violation:

  • SL I violations are those that resulted in, or could have resulted in, serious safety or security consequences;
  • SL II violations are those that resulted in, or could have resulted in, significant safety or security consequences;
  • SL III violations are those that resulted in, or could have resulted in, moderate safety or security consequences; and
  • SL IV violations are those that are less serious but are of more-than-minor concern, that resulted in no or relatively inappreciable potential safety or security consequences.

4 The action matrix identifies the range of NRC and licensee actions and the appropriate level of communication for different levels of licensee performance. Information on the action matrix is provided in Inspection Manual Chapter 0305, Section 10, ROP Action Matrix, dated November 4, 2020. The current action matrix is posted at https://www.nrc.gov/reactors/operating/oversight/actionmatrix-summary.html.

5 Staff Requirements Memorandum (SRM) for SECY-04-0191, Withholding Sensitive Unclassified Information Concerning Nuclear Power Reactors from Public Disclosure, dated November 9, 2004 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML043140175) ordered the NRC staff to withhold specific information relating to findings and PIs to ensure that security-related information is not provided to a potential adversary, including not specifying the actual color of greater-than-green security findings.

4

3. CALENDAR YEAR 2020 NUCLEAR POWER PLANT INSPECTION RESULTS Table 1 summarizes the results of the security baseline inspection program for commercial NPPs in CY 2020. Table 1 indicates that 59 out of 65 security findings at NPPs issued in CY 2020 were of very low security significance (i.e., green or SL IV violations). Furthermore, at the end of CY 2020, all licensees reported that their security PI was green and therefore did not warrant additional NRC inspection.

Table 1: Calendar Year 2020 Security Baseline Inspection Program Summary for Commercial Nuclear Power Reactors Total number of security inspections conducted 151 Total number of inspection findings 65 Distribution of Inspection Findings:

Total number of green findings 57 Total number of greater-than-green findings 1 Total number of SL IV violations 2 Total number of greater-than-SL IV violations 5 Table 2 summarizes the associated findings related to security baseline inspections for commercial nuclear power reactors. The areas with the most inspection findings within the security baseline inspection program are cyber security, access control, and access authorization. This is consistent with previous years security baseline inspection results and associated findings.

Table 2: Calendar Year 2020 Security Baseline Inspections and Associated Findings for Commercial Nuclear Power Reactors by Inspection Procedure Number of Number of Inspection Procedure Inspections Findings 01 - Access Authorization 12 8 02 - Access Control 61 10 03 - Contingency Response (FOF)/Inspection Procedure 92707 17 0 04 - Equipment Performance, Testing and Maintenance 44 2 05 - Protective Strategy Evaluation 12 1 06 - Protection of Safeguards Information 4 3 07 - Security Training 28 3 08 - Fitness-for-Duty Program 26 4 09 - Security Plan Changes 0 0 10 - Cyber Security 13 33 11 - Materials Control and Accounting 17 1 14 - Target Set Inspection 14 0 TOTAL: 248* 65

  • Note: Security baseline inspections may involve multiple inspection procedures, thus a higher total number.

5

4. CATEGORY I FUEL CYCLE FACILITY SECURITY OVERSIGHT PROGRAM 4.1 Category I Fuel Cycle Facility Oversight Process Framework The NRC maintains regulatory oversight of safeguards and security programs at two CAT I fuel cycle facilities: BWX Technologies, Inc., located in Lynchburg, Virginia, and Nuclear Fuel Services, Inc., located in Erwin, Tennessee. These facilities manufacture fuel for government reactors and also down-blend highly enriched uranium (HEU) into low-enriched uranium for use in commercial nuclear power reactors. Each CAT I fuel cycle facility is licensed to use and process a formula quantity of strategic special nuclear material (SSNM). The SSNM must be protected against acts of radiological sabotage as well as theft and diversion.

The primary objectives of the CAT I Fuel Cycle Facility Security Oversight Program are to:

  • determine if the fuel cycle facilities are operating safely, securely, and pursuant to the NRCs regulatory requirements and orders issued to fuel cycle facilities to implement compensatory security measures;
  • detect indications of declining safeguards performance;
  • investigate specific safeguards events and weaknesses; and
  • identify generic security issues.

Like the ROP for NPPs, the CAT I fuel cycle facility oversight program includes an inspection program to identify findings, determine their significance, document the results, and assess licensees corrective actions. The CAT I fuel cycle facility security inspection program uses traditional enforcement to assign the appropriate SL based on the significance of the finding as discussed in Section 2 of this report. The core inspection program requires HEU-related physical security areas to be inspected annually, biennially, or triennially using established inspection procedures. The results of these inspections contribute to an overall assessment of licensee performance.

The HEU inspectable security areas include:

  • access authorization
  • protection of sensitive and
  • access control classified information
  • contingency response
  • target area review
  • equipment performance
  • security training
  • fitness-for-duty
  • transportation security
  • material control and accounting The core inspection program also includes FOF evaluations. In addition, like NPPs, NRC resident inspectors assigned to each CAT I fuel cycle facility provide an onsite NRC presence for direct observation and verification of a licensees ongoing activities. Through the results obtained from all oversight efforts, the NRC determines whether licensees comply with regulatory requirements and can provide adequate protection against the DBT of radiological sabotage and theft or diversion.

6

4.2 Calendar Year 2020 Inspection Results Table 3 summarizes the overall results of the security inspection program for CAT I fuel cycle facilities during CY 2020. All baseline security findings issued in CY 2020 at CAT I fuel cycle facilities were of very low security significance (i.e., SL IV findings). Additional information regarding the inspection findings is provided in Enclosure 2.

Table 3: Calendar Year 2020 Security Inspection Summary for Category I Fuel Cycle Facilities Total number of security inspections conducted 11 Total number of inspection findings 2 Total number of SL IV findings 2*

Total number of greater-than-SL IV findings 0

  • Note: Both SL IV findings were identified during access control inspections.

7

5. FORCE-ON-FORCE EVALUATIONS 5.1 Overview FOF inspections include both tabletop drills and performance-based FOF inspection exercises.

These FOF inspection exercises simulate combat between a mock adversary force and a licensees security force. At a NPP, the mock adversary force attempts to reach and simulate damage to significant components of safety-related systems (referred to as target sets) that protect the reactors core or the spent fuel. Compromise of target sets could potentially cause a radioactive release to the environment. The licensees security force, in turn, attempts to interdict the mock adversary force to prevent the adversary from reaching target sets, thus preventing such a release. At a CAT I fuel cycle facility, a similar process is used to assess the effectiveness of a licensees protective strategy capabilities relative to the DBT of radiological sabotage and theft or diversion of SSNM.

In CY 2020, the NRC modified or deferred many of its planned inspection activities to align with practices recommended by the Centers for Disease Control and Prevention to limit the spread of the COVID-19 virus and to protect the health and safety of plant personnel and NRC employees.

Shortly after the PHE declaration, FOF inspections were temporarily suspended due to the complex nature of the inspections.

Specifically, FOF exercises require extensive planning, a large number of interdisciplinary participants, and a broad range of activities that require gatherings of both small and large groups (e.g., site walkdowns, meetings, interviews, and tabletop exercises). In addition, some FOF elements involve close quarters interactions using Multiple Integrated Laser Engagement System (MILES) (e.g., controllers, players, and on-duty staff in a bullet-resistant enclosure). These factors could create a heightened risk of virus transmission and, therefore, required thorough consideration and mitigation.

5.2 Background

Due to the prolonged safety concerns related to COVID-19, the staff developed a new special-use procedure, Inspection Procedure (IP) 92707, Security Inspection of Facilities Impacted by a Local, State, or Federal Emergency Where the NRCs Ability to Conduct Triennial Force-on-Force Exercises is Limited. This IP was used in accordance with Inspection Manual Chapter 2201, Appendix C, Generic, Special, and Infrequent Inspections, to perform prudent inspection activities during the special circumstances associated with the PHE. The IP 8

enabled a limited resumption of onsite, performance-based inspections in August 2020, by using select elements of the routine triennial inspection procedure (e.g., walkdowns, tabletop exercises) and adapting elements to limit the risk of COVID-19 transmission. For example, entrance and exit meetings and safety briefings were held remotely where possible, and an increased acceptance of simulations was applied to reduce close contact conditions. To reduce the number of individuals on site and further reduce the potential for COVID transmission, limited-scope tactical response drills were used instead of full scope FOF exercises to assess key elements of the licensee protective strategy, including responder performance. In addition, licensees were able to choose to use site- or fleet-provided MILES equipment and adversary forces, rather than the typical NRC-provided engagement systems and an NRC-approved industry composite adversary forces to further reduce the potential for COVID-19 transmission through contact. While these factors presented a shift from the well-established FOF approach used for NPPs, the NRC sought to balance the need for routine licensee demonstrations with the adjustments made due to COVID-19.

The objectives of IP 92707 are threefold:

  • to verify and assess specific key elements of the licensees protective strategy to ensure that it has been appropriately developed and designed to meet Title 10 of the Code of Federal Regulations (10 CFR) 73.55(b), the general performance objective and requirements for physical protection of licensed activities in NPPs against radiological sabotage, when all elements cannot be verified and assessed in accordance with IP 71130.03 due to a local, State, or Federal emergency beyond the control of the licensee and the NRC;
  • to gather sufficient information to develop a scenario that can be segmented into limited-scope tactical response drills that allows for an assessment and verification of specific key elements of the ability of licensees physical security systems and security organization to meet the general performance objective of 10 CFR 73.55(b) and to determine whether any changes made to the physical protection program in response to a local, State, or Federal emergency (e.g., state of emergency, disaster, or the PHE) have not adversely impacted the licensees implementation of their protective strategy;
  • to verify and assess the licensees ability to conduct limited-scope tactical response drills in accordance with Commission-approved security plans, the licensees protective strategy, and implementing procedures consistent with 10 CFR Part 73, Appendix B, paragraph VI.C.3(c).

During the modified inspections using IP 92707, NRC inspectors conducted walkdowns of the owner-controlled, protected, and vital areas to familiarize themselves with the licensees procedures and processes to detect, assess, and interdict unauthorized vehicles, personnel, and equipment attempting to gain access to target set equipment, defensive positions, or other protective measures. The inspectors also observed tabletop exercises to understand how the licensees physical protection program maintains the capability to detect, assess, interdict, and neutralize threats up to, and including, the DBT of radiological sabotage. From the information gained from site walkdowns and tabletop exercises, the inspectors selected a scenario for performance testing. In this activity, the inspectors identified key response positions that would be important to the licensees defense in the selected scenario, then observed the performance of licensee security forces during limited-scope tactical response drills. This allowed the inspectors to evaluate the ability of selected security response force members to effectively implement a limited portion of the protective strategy responsibilities and to verify that changes 9

made to the physical protection program in response to the PHE did not adversely impact the licensees response capabilities.

At the completion of the limited-scope tactical response drills, the NRC inspectors did not have sufficient information to classify the outcome of the exercises in the same manner as a full-scale FOF inspection. The drills were limited in scope using the minimum number of responders in order to minimize the risk of COVID-19 transmission and were not designed to test defense-in-depth aspects of the licensees protective strategy. Although IP 92707 allowed the NRC staff to observe the impact of licensee actions in response to COVID-19 on the protective strategy and to ensure perishable skills did not deteriorate, because of the constraints associated with the limited assessment, the staff did not use this activity as an input to the ROP as typically done with full-scope FOF inspections.

5.3 Program Activities for 2020 Program activities in CY 2020 marked the first year of a new 3-year FOF inspection cycle, the sixth one in the history of the program. The NRC uses IP 71130.03 to conduct fully integrated FOF exercises. The IP includes the use of site walkdowns, tabletops, and two full-scope exercises. On October 9, 2018, the Commission approved a staff proposal to modify the FOF inspection program to include one NRC-conducted FOF exercise and an enhanced NRC inspection of a licensee-conducted annual FOF exercise at NPPs, in lieu of two NRC-conducted exercises per inspection.6 In response, the staff submitted a proposed framework to implement this change for the Commissions review in COMSECY-19-0006, Revised Security Inspection Program Framework (Option 3) in Response to SRM-17-0100 (ADAMS Accession No. ML19058A094).

A total of 18 NRC-conducted FOF inspections were scheduled at NPPs for CY 2020. There were no scheduled FOF inspections at CAT I fuel cycle facilities in CY 2020. Prior to initiation of the PHE response in March 2020, one fully integrated FOF inspection was completed at VC Summer using the routine inspection procedure (IP 71130.03). In the remaining months, NRC inspectors used IP 92707 to conduct limited-scope tactical response drill exercise inspections at 16 sites, including Cooper, Millstone, Peach Bottom, Farley, Oconee, Seabrook, Robinson, St. Lucie, Sequoyah, Clinton, Nine Mile Point, Palisades, Fitzpatrick, Davis-Besse, Prairie Island, and Salem-Hope Creek. Due to a localized spike in COVID-19 cases in December 2020, the scheduled IP 92707 inspection at Callaway was postponed until 2021, and is planned to be completed using IP 71130.03, with COVID-19 mitigations.

5.4 Force-on-Force Evaluation Results In CY 2020, the NRC completed one fully-integrated FOF inspection and 16 limited-scope tactical response drill exercise inspections at commercial power reactor sites. There were no security baseline inspection program findings identified during these inspections. Table 4 summarizes the 17 inspections conducted in CY 2020.

6 Security Baseline Inspection Program Assessment Results and Recommendations for Program, NRC, October 14, 2017 (ADAMS Accession No. ML17223A279).

10

Table 4: Calendar Year 2020 Force-on-Force Evaluations Summary Total number of inspections of limited-scope tactical response drill exercises using 16 IP 927077 Total number of fully integrated FOF inspections conducted (two exercises per 1

inspection)

Total number of effective exercises 1 Total number of indeterminate exercises 0 Total number of marginal exercises 0 Total number of ineffective exercises 0 Total number of canceled (fully integrated) exercises 16 Since there was only one fully integrated triennial FOF exercise in CY 2020 and the NRC deemed it effective, Table 4 shows zero ineffective, marginal, or indeterminate exercise outcomes. For the 16 limited-scope tactical response drills conducted under the new IP 92707, a complete assessment of the FOF exercise was not possible because the drills were limited in scope and a determination of a licensees overall protective strategy effectiveness could not be made. However, use of IP 92707 provided NRC inspectors the ability to conduct prudent inspection activities while minimizing the risk of COVID-19 transmission. Figure 5 provides a summary of FOF inspection findings from 2015 through 2020. While the figure shows a declining number of inspection findings in the FOF program overall, the number of ineffective exercises has remained at a frequency of about once per year (or once per 20 inspections).

The trend of decreasing FOF-related findings can be attributed to the licensees security programs becoming more mature and the NRC inspection teams increasingly taking a risk-informed approach to conducting inspections. During CY 2020, the number of findings associated with FOF inspections was significantly decreased due to the revised inspection program as a result of the PHE. This can be attributed, in part, to IP 92707s reduced scope, complexity, and duration compared to the full FOF exercises conducted under IP 71130.03.

During IP 92707 inspections, the inspection team did not evaluate the licensees command and control element (i.e., alarm stations, security shift supervisors) or use of security monitoring equipment, such as intrusion detection systems, cameras, or other devices.

7 Inspections conducted using IP 92707 were not assigned an exercise outcome.

11

Figure 5: Total Force-on-Force Findings Issued by Level of Significance 12

6. OVERALL SECURITY INSPECTION RESULTS FOR 2020 6.1 Overview In CY 2020, the NRC performed 162 security inspections at operating commercial NPPs and CAT I fuel cycle facilities (including FOF inspections). This was a 10-percent decrease in the number of total security inspections compared to the previous CY due to the impact of the COVID-19 PHE where remote inspection activities could not be accomplished. The deferred inspections are expected to be completed in subsequent CYs and within the normal periodicity specified by the ROP. The CY 2020 inspections resulted in a total of 67 findings, a 32-percent drop compared to the number of findings in CY 2019. The NRC issued revised ROP guidance in response to the COVID-19 PHE and implemented both onsite and remote inspection activities. While there is no single reason for the reduction in violations, potential contributing factors include changes to inspection approaches, reduced time onsite, reduced number of NPPs due to some sites moving to decommissioning, and the increasing maturity of licensee security programs.

6.2 Inspection Results Table 5 summarizes the overall results of the NRCs security inspection program at operating NPPs and CAT I fuel cycle facilities during CY 2020, including FOF inspections (see Figure 6).

Table 5 indicates that 61 out of 67 security inspection findings issued in CY 2020 were of very low security significance (i.e., the combined green and SL IV violations). This information gives an overview of licensee performance within the security cornerstone. The Official Use Only -

Security-Related Information version of this report (Enclosure 2) contains additional details on each finding.

Table 5: Security Inspection Results for 2020 162 Total number of security inspections conducted 67 Total number of inspection findings 57 Total number of green findings 1 Total number of greater-than-green findings 4 Total number of SL IV violations 5 Total number of greater-than-SL IV violations 13

Figure 6: Summary of Security Inspection Program Results for Calendar Year 2020 As shown in Figure 7, the decline in security inspection findings observed in CY 2020 is consistent with the declining trend observed in previous years. However, the NRC continues to monitor and evaluate trends to identify any potential influences from COVID-19 or ROP inspection guidance issued during the PHE.

14

Figure 7: Number of Security Inspections (2014-2020) 15

7. CONCLUSION The NRC remains focused on the mission of protecting public health and safety and has applied risk insights and the use of technology to perform oversight activities during the COVID-19 PHE.

The agency continues to monitor conditions to optimize inspection approaches as the PHE conditions evolve in CY 2021.

The NRC has a long history of evaluating the ROP and its effectiveness to enact continuous improvement, and the security oversight program is no exception. In addition to tailoring inspection procedures to focus on licensee processes and programs to maintain a healthy security posture, the NRC actively monitors the threat environment to assess the need to communicate advisory information to licensees or to consider changes to the DBT. The NRC also maintains frequent engagement with Federal counterparts, the intelligence community, and law enforcement to maintain the agencys understanding of the evolving security landscape and to facilitate prompt screening and follow-up for suspicious activity reports and events. This enables the NRC to provide security oversight to help ensure that licensee programs are focused on protecting their sites in a dynamic environment.

As evidenced in this report, sustained performance has been demonstrated in NPP and CAT I fuel cycle security during CY 2020. Sites employ defense-in-depth strategies to protect against terrorism and radiological sabotage, including well-trained security forces, robust physical barriers, intrusion detection systems, surveillance systems, and plant access controls. NRC oversight continues to probe for any vulnerabilities or deficiencies in site-protective strategies and programs and takes prompt action where identified. In addition, kinetic assessment methods, such as FOF inspections, continue to provide performance-based insights regarding licensee readiness to defend their sites. As 2021 progresses, the staff continues to balance the measures taken to mitigate the risks of COVID-19 with efforts to increase onsite presence and reinstate more comprehensive performance-based activities, including full-scope FOF inspections.

16

Retrieved from "https://kanterella.com/w/index.php?title=ML21082A512&oldid=3412772"