ML21271A136

From kanterella
Jump to navigation Jump to search
Public Meeting NRC Presentation Rulemaking: Alternative Physical Security Requirements for Advanced Reactors
ML21271A136
Person / Time
Issue date: 09/29/2021
From: Dennis Andrukat
NRC/NMSS/DREFS/RRPB
To:
Andrukat, Dennis
References
NRC-2017-0227, RIN 3150-AK19
Download: ML21271A136 (35)
v  d  e


Text

Rulemaking: Alternative Physical Security Requirements for Advanced Reactors Public Meeting/Workshop September 29, 2021

Agenda

  • Opening Remarks & Logistics
  • NRC Presentation with discussion
  • Final Questions & Answers
  • Closing Remarks

Purpose Purpose The purpose of this meeting is to discuss the draft implementation guidance document (NEI 20-05) related to proposed rulemaking on alternative physical security requirements for non-light water reactors and small modular reactors.

Logistics This is a Comment-Gathering meeting, which means that NRC staff meet directly with individuals to receive comments from participants on specific NRC decisions and actions to ensure that NRC staff understands their views and concerns.

No regulatory decisions will be made at this meeting.

=

Background===

Rulemaking NRC is currently developing Alternative Physical Security Requirements for Advanced Reactors - proposed rule More information about this rulemaking and its supporting guidance can be found:

www.regulations.gov under docket ID: NRC-2017-0227 Supporting Guidance The NRC staff is developing DG-1365 which focuses on the physical security alternatives and will serve as the vehicle for endorsing any external implementing guidance for this rulemaking.

The NRC staff is developing DG-5071 (a revision to RG 5.81) which focuses on target sets.

NEI is developing NEI 20-05 which focuses on the eligibility criteria contained in the proposed rulemaking.

- Proposed target set process.

- Leveraging the time identified in a target set for offsite*

release when assessing performance capabilities.

- Methods to perform the consequence analysis.

Overview

  • offsite release greater than dose reference values defined in 50.34(a)(1)(ii)(D)(1)&(2) and 52.79(a)(1)(vi)(A)&(B)

Proposed Target Set Process Overview

Target Set Process At the end of the target set process there are target sets and achievable target sets.

An achievable target set is one that:

1)

Is within the capabilities of design basis threat, 2)

Results in an offsite release greater than dose reference values defined in 10 CFR 50.34(a)(1)(ii)(D)(1)&(2) and 52.79(a)(1)(vi)(A)&(B), and 3)

Results in a release that cannot be mitigated prior to offsite release.

Proposed Target Set Process (Cont.)

Identify high level objective, offsite release*.

As applicable to the design, determine the structures, systems and components (SSCs) that would need to be compromised to cause:

- significant core damage,

- significant damage to large inventories of radionuclides, and

- spent fuel sabotage.

Determine elements an adversary would need to compromise, destroy, or render nonfunctional to create a release pathway.

  • offsite release greater than dose reference values defined in 50.34(a)(1)(ii)(D)(1)&(2) and 52.79(a)(1)(vi)(A)&(B)

Proposed Target Set Process (Cont.)

Generate target sets.

Screen for achievable target sets.

- Safety analysis bounds DBT-initiated event consequences

  • Screen out for EC A, no consequence analysis.

- Capabilities of the DBT

  • Screen out for EC B, no consequence analysis.

- Consequence Analysis

  • Screen out for EC A (when not bounded by safety analysis).
  • Screen out for EC C if mitigation/recovery actions can prevent release after a bounding time (e.g., reasonable assurance of protection time or site-specific time) and before an offsite* release.
  • offsite release greater than dose reference values defined in 50.34(a)(1)(ii)(D)(1)&(2) and 52.79(a)(1)(vi)(A)&(B)

Proposed guidance will allow an applicant or licensee to use a safety analysis to demonstrate that an offsite release* does not occur.

- Additional analysis will not be needed in the target set process or to meet EC A.

- If the target set cannot be bounded by the safety analysis, the target set process continues.

Safety Analysis Bounds DBT-Initiated Events

  • offsite release greater than dose reference values defined in 50.34(a)(1)(ii)(D)(1)&(2) and 52.79(a)(1)(vi)(A)&(B)
  • Proposed guidance will allow the applicant or licensee to demonstrate that a target set cannot be compromised within the DBT capabilities.

- Additional analysis will not be needed in the target set process or to meet EC B.

- The target set process does not provide consideration of the physical protection program.

- If the target set is determined to be within the capability of the DBT, the target set process continues and an analysis is needed in target set space, regardless if it is needed for the EC analysis.

Capabilities of the DBT

  • offsite release greater than dose reference values defined in 50.34(a)(1)(ii)(D)(1)&(2) and 52.79(a)(1)(vi)(A)&(B)

Proposed guidance will allow the applicant or licensee to demonstrate that a target set will not result in an offsite* release or be on an irreversible path to an offsite* release, before a bounding time.

- EC A is met.

- EC C is met if mitigative/recovery actions can be taken to prevent an offsite* release after a bounding time and before an offsite* release.

Consequence Analysis

  • offsite release greater than dose reference values defined in 50.34(a)(1)(ii)(D)(1)&(2) and 52.79(a)(1)(vi)(A)&(B)

At the end of the target set process, the applicant or licensee will have identified all target sets, including achievable target sets that are within the DBT capabilities and result in:

  • an offsite release* before a bounding time, or
  • an irreversible path to an offsite release* before a bounding time.

The applicant or licensee will only need to consider the above two scenarios when applying performance capabilities for EC.

Unachievable target sets have already been screened out and do not require any further analysis to meet the criteria.

Independent of time, identify mitigative / recovery measures that could be used prevent offsite release*.

  • offsite release greater than dose reference values defined in 50.34(a)(1)(ii)(D)(1)&(2) and 52.79(a)(1)(vi)(A)&(B)

Proposed Target Set Process

The target sets are required regardless of an applicants or licensees choice to use the EC.

- Target sets are required to be identified, analyzed, maintained, documented, and that changes to the configuration of equipment is considered in the protective strategy.

Target sets are used to inform the design of the physical protection program.

- The applicant or licensee can choose how and what to protect to prevent against radiological sabotage.

Summary

Leveraging the Target Set Consequence Analysis

Eligibility Criteria (Follow-up from 9/16 Public Meeting)

  • Todays discussion focuses on analysis of three eligibility criteria.

- NRCs working group engaged in discussion to consider comments raised during the last public meeting related to credit.

  • Since eligibility criterion C covers all possibilities of credit available, and alternative security controls are the same regardless of which criterion is met, should there be consideration of one criterion or applicability statement related to alternative security controls?

- The licensee analysis will credit what is available in the design.

- Guidance can show examples that reflect current criteria.

Consequence Analysis Assuming the applicant or licensee performed a consequence analysis to identify achievable target sets, they will have an analysis that:

- determined the time it would take, assuming a target set is lost at t=0, for an offsite release* to occur.

  • Reactor can be tripped when certain conditions are met.
  • Assumes no performance-based credit.

The target set consequence analysis can be leveraged so any additional offsite release* analyses may not be needed.

  • offsite release greater than dose reference values defined in 50.34(a)(1)(ii)(D)(1)&(2) and 52.79(a)(1)(vi)(A)&(B)

- Analysis begins at t = 0 and ends at t = bounding time.

  • DBT-initiated event with all target set elements and security systems functional and available that are applicable to this criterion.

- Analysis demonstrates:

  • resources that would reasonably be expended by the DBT adversary to defeat barriers and/or traverse to locations containing target set elements, would not leave an adversary with capability to destroy a full target set, or
  • if resources are available, target set cannot be compromised in a bounding time.

- Specific to more time-consuming methods an adversary could utilize to defeat or circumvent delays to get to target set equipment and/or slower methods to defeat target set equipment.

- Does not provide credit for mitigation / recovery actions that can occur after a bounding time.

EC B Analysis

  • EC B is met when:

- Applicant or licensee analysis demonstrates that the DBT adversary does not have the capability to achieve the full target set, as evident by at least one target set element remaining by a bounding time.

  • Does not need an additional analysis to determine offsite release*.
  • Must consider most advantageous use of adversary resources.
  • Does not need to consider all achievable target sets if the applicant or licensee can show the analysis performed bounds other achievable target sets.
  • Does not change that categorization of achievable target sets.

EC B

  • offsite release greater than dose reference values defined in 50.34(a)(1)(ii)(D)(1)&(2) and 52.79(a)(1)(vi)(A)&(B)

Achievable Target Set = A + B + C

- Based on the resources adversaries would expend to get to locations to compromise A and B, adversary would not have enough resources to compromise element C, or

  • Protecting element C prevents an offsite release*.

- Based on delays to defeat barriers to get to components A and B, adversary would not have enough time to compromise element C.

  • Protecting element C prevents an offsite release*.

EC B Example

  • offsite release greater than dose reference values defined in 50.34(a)(1)(ii)(D)(1)&(2) and 52.79(a)(1)(vi)(A)&(B)

- Analysis begins at t = 0.

  • Analysis is specific to the time it would take to achieve a target set, not when a time when offsite* release occurs.

- delay, interdiction, and neutralization associated with performance capabilities.

- DBT-initiated event with all target set elements and security systems functional and available that are applicable to this criterion.

  • Analysis identifies the time it takes for all target set elements to be compromised, destroyed, or rendered non-functional.

- For example, t=8 hours to achieve target set.

EC C Analysis

  • offsite release greater than dose reference values defined in 50.34(a)(1)(ii)(D)(1)&(2) and 52.79(a)(1)(vi)(A)&(B)

- EC C is met when the applicant or licensee analysis:

  • demonstrates at least one element from each target set remains to prevent offsite release* or an irreversible pathway to offsite release* by t=bounding time, or
  • demonstrates that with loss of target set

- offsite release* would not occur until after a bounding time, and

- mitigative/recovery actions occur, after a bounding time, and before offsite release* occurs.

EC C

  • offsite release greater than dose reference values defined in 50.34(a)(1)(ii)(D)(1)&(2) and 52.79(a)(1)(vi)(A)&(B)

Achievable Target Set = A + B + C Inputs (provided only for the example):

- Bounding time = 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />

- Target set consequence analysis identified offsite* release occurs at t = 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br />

- Analysis identified it takes t = 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> to compromise the full target set Offsite release* occurs in t = 14 hours1.62037e-4 days <br />0.00389 hours <br />2.314815e-5 weeks <br />5.327e-6 months <br /> (6+8)

Applicant or licensee demonstrates mitigative measure taken at t=bounding time=12 hours can mitigate offsite release* before 14 hours1.62037e-4 days <br />0.00389 hours <br />2.314815e-5 weeks <br />5.327e-6 months <br />.

EC C Example

  • offsite release greater than dose reference values defined in 50.34(a)(1)(ii)(D)(1)&(2) and 52.79(a)(1)(vi)(A)&(B)

- Mitigative/recovery actions occur, after a bounding time, and before offsite release* occurs.

  • Demonstrate how on-site and off-site response implement mitigative actions that meet the following criteria:

- Sufficient time is available to implement actions (Time),

- Environmental conditions allow access (Environment),

- Equipment is available and ready for use (Equipment),

- Approved procedures or guidelines exist (Procedures/Guidelines),

- Training is conducted on the existing procedures under conditions similar to the scenarios assumed (Training).

EC C

  • offsite release greater than dose reference values defined in 50.34(a)(1)(ii)(D)(1)&(2) and 52.79(a)(1)(vi)(A)&(B)

- Could alleviate the need to perform multiple consequence analyses related to different permutations of target set loss (e.g., time each element is compromised by adversary depending on pathway, sequence elements are lost, time based on which location of the target set is compromised.

etc.)

- Changes to SSCs or the physical protection program would likely be easier to assess.

  • A change to the target set would only affect the time to offsite*

release.

  • A change to the performance capabilities would only affect analysis performed to support the EC.

Advantages

  • offsite release greater than dose reference values defined in 50.34(a)(1)(ii)(D)(1)&(2) and 52.79(a)(1)(vi)(A)&(B)

- Allows the applicant or licensee to use a process that already exists outside of the EC.

- Consequence analysis can be performed outside of security space.

Advantages

  • offsite release greater than dose reference values defined in 50.34(a)(1)(ii)(D)(1)&(2) and 52.79(a)(1)(vi)(A)&(B)

- May not be useful if applicants or licensees choose to be conservative in identifying offsite* release times for all target sets.

  • For example, some sites choose to only analyze the target set with the shortest time to the adversarys objective and apply that, conservatively, to all target sets.

- Consequence analysis times identified in each target set is the most conservative combination and applies to all permutations of that specific target set.

  • Will not be as accurate as an analysis that assesses each location (sub-system) of each target set element and the time the target set component will be compromised based on consideration of pathway, DBT attribute used, etc.
  • This assumes applicant or licensee did not screen out locations and/or components of target sets using a bounding time.

Disadvantages

  • offsite release greater than dose reference values defined in 50.34(a)(1)(ii)(D)(1)&(2) and 52.79(a)(1)(vi)(A)&(B)

Consequence Analysis

Analysis starts with target set loss at t=0.

- Target set structures fail in a way that results in an offsite release* in the shortest amount of time (within the DBT capabilities).

Independent of the assumptions in the eligibility criteria.

Analysis would model:

onsite accident progression, offsite release of radioactive material, and mitigation measures.

Consequence Analysis (target set process - not crediting performance-based capabilities)

Consequence Analysis (crediting performance-based capabilities)

  • Starts at t=0

- all conditions applicable to that EC.

  • Determines:

- Capabilities credited by applicant or licensee either delay/interdict/neutralize the adversaries to prevent:

  • Compromise of full target sets,
  • Compromise of the full target set that can be mitigated after a bounding time.

- What could be done to make this method more advantageous?

- Are there any additional disadvantages of this method that should be addressed?

- Is there particular software that licensees would like to utilize for the offsite* release?

  • Can the software / processes licensee already use model these scenarios?

Similar to today, when licensees use severe accident software to model time to significant core damage for target sets (as adjusted, based on the threat).

- Is there particular software that licensees would like to utilize for delay/interdiction/neutralization?

Discussion

  • offsite release greater than dose reference values defined in 50.34(a)(1)(ii)(D)(1)&(2) and 52.79(a)(1)(vi)(A)&(B)

Summary

  • As the concepts in this presentation will be described in guidance, this is only one way that may be acceptable to demonstrate EC are met, utilizing processes that exist outside of the eligibility criteria.

Questions?

  • Target Set

- For small modular reactors (SMRs) and non-light water reactors (LWRs), the minimum combination of equipment, operator actions, and/or structures that, if all are prevented from performing their intended safety function or prevented from being accomplished, barring extraordinary actions by plant operations, could result in a potentially significant radiological release.

Key Terms

  • Achievable Target Set

- A target set that, in the case of any DBT initiated event: (1) is within the capabilities of design basis threat; (2) results in an offsite release greater than dose reference values defined in 10 CFR 50.34(a)(1)(ii)(D)(1)&(2) and 52.79(a)(1)(vi)(A)&(B); and (3) results in a release that cannot be mitigated prior to offsite release.

Key Terms

Retrieved from "https://kanterella.com/w/index.php?title=ML21271A136&oldid=3808807"