Slides for Physical Security Event Notification Workshop (EWR Npufs)

ML23128A338
Person / Time
Issue date:	05/10/2023
From:	Phil Brochman NRC/NSIR/DPCP/MSB
To:
References
Mtg 20230554, ML23115A406
Download: ML23128A338 (47)
v • d • e

Text

Physical Security Event Reporting Workshop (Non-Power Production and Utilization Facilities)

Phil Brochman, NSIR/DPCP May 10, 2023 ML23128A338

• Key Dates

• Reporting Requirements and Guidance

• Applicability

• Event Notifications

• Reports

• Recordable Events & Conditions

• Industry Questions Overview 2

• Rule published in the Federal Register

- March 14, 2023 (88 FR 15864)

• Effective date: April 13, 2023

• Compliance date: January 8, 2024 Key Dates 3

• 10 CFR 73.1200 Notification of Physical Security Events

• 10 CFR 73.1205 Written Follow-up Reports of Physical Security Events

• 10 CFR 73.1210 Recordkeeping of Physical Security Events

• RG 5.62, Revision 2 (ML17131A285)

Physical Security Event Notifications, Reports, and Records Reporting Requirements and Guidance 4

• The introduction to each major paragraph specifies the licensees that are subject to these provisions based upon the sections of Part 73

- For example, § 73.60 or § 73.67

- Regulatory Guide 5.62 provides a plain language interpretation of these various sections

• Not all paragraphs apply to all licensees

- For example, § 73.67 licensees are not subject to 15-minute facility event notifications under § 73.1200(a)

Applicability 5

Affected facilities:

• Non-power production or utilization facilities (NPUFs) subject to §§ 73.60 or 73.67

• NPUFs transporting SNF subject to § 73.37 Applicability (cont.)

6

• The NRC used a graded-approach to determine the timeliness for notifications:

- Security significance of the event

- Urgency of the notification

- The underlying security risks to public health and safety or the common defense and security that are posed by the affected facility or the material being transported.

Event Notification 7

This means the time at which a cognizant individual observes, identifies, or is notified of a security significant event or condition. A cognizant individual is considered anyone who, by position, experience, and/or training, is expected to understand that a particular condition or event adversely impacts security. (§ 73.2)

Time of Discovery 8

• The NRC has removed the ability of licensees to use an evaluation of whether malevolent intent was present as a screening criterion in determining whether an event notification should be made

- NRC Office of Investigations, law enforcement and the intelligence community are considered capable of making such determinations

- A fuller discussion of this issue can be found in the NRCs Responses to Public Comments on the Proposed Rule (ML22287A156) under Comments K-1 and K-2 Malevolent Intent 9

• Licensees may retract an event, or re-categorize it as recordable, if they are notified by an authorized agency that malevolent intent was not present in an event Malevolent Intent (cont.)

10

• Q - Does the rule require licensees to increase LLEA resource use for any intent inquires.

- A - No, malevolent intent was a screening criteria for not reporting a potential event. Licensees should make the notification within the required timeliness limit; should additional, subsequent information invalidate or modify the original notification, the licensee can retract or recharacterize the event.

• Q - If LLEA determines that there was no malevolent intent for a potential suspicious activity before the 4-hr report limit, can a licensee use that as a basis to not report the activity as suspicious?

- A - Yes.

Industry Question - Malevolent Intent 11

• Events having a greater security significance have a shorter notification period: minute events (hostile actions) hour events (actual impact on physical security) hour events (potential impact on physical security) hour events (programmatic impact on physical security)

• Events are grouped as applicable to a facility and then to a transportation activity

- § 73.1200(c) Hr facility-based events

- § 73.1200(d) Hr transportation-based events Timeliness Categories 12

• No NPUFs are subject to § 73.1200(a)

• However, NPUFs transporting spent fuel subject to

§73.37 are subject to § 73.1200(b)

• Each licensee must notify the NRC, as soon as possible but within 15 minutes, after:

- Initiation of a security response in accordance with its safeguards contingency plan or protective strategy, based on an imminent or actual hostile action against a shipment.

15-Minute Notifications 13

- Notification by law enforcement or government officials of a potential hostile action or act of sabotage anticipated within the next 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> against a licensees facility.

Some examples are:

• There is an armed assault

• There is a vehicle bomb

• Discovery of an explosive or incendiary device

• Act of sabotage or hostage taking 15-Minute Notifications (cont.)

14

Each licensee subject to the provisions of §§ 73.60 or 73.67 must notify the NRC as soon as possible but no later than 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> after the time of discovery of the following significant facility security events:

- There is reason to believe that a person has committed or caused, or attempted to commit or cause, or has made a threat to commit or cause:

1-Hr Notifications 15

- Theft or diversion of a Category I, II, or III quantity of strategic special nuclear material (SSNM) or a Category II or III quantity of special nuclear material (SNM)

- Significant physical damage to any nuclear power reactor, to a facility possessing a Category I or II quantity of SSNM, or to a facility storing or disposing of SNF and/or HLW

- Unauthorized operation, manipulation, or tampering with any nuclear power reactors controls or with structures, systems, and components (SSCs) that results in the interruption of normal operation of the reactor 1-Hr Notifications (cont.)

16

- Unauthorized operation, manipulation, or tampering with any Category I SSNM facilitys SSCs that results in an accidental criticality

- Notification by law enforcement or government officials of a potential hostile action or act of sabotage anticipated within greater than 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> against a licensees facility 1-hr Notifications (cont.)

17

Each licensee subject to the provisions of §§ 73.60 or 73.67 must notify the NRC within 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> after time of discovery of the following facility security events:

- Actual or attempted access of an unauthorized person into a facilitys protected area (PA), vital area (VA),

material access area (MAA), or controlled access area (CAA)

• This does not include individuals who were granted access to a PA, VA, MAA, or CAA, but who omitted derogatory information or provided false information during the access authorization process 4-Hr Notifications (cont.)

18

- Actual or attempted introduction of contraband into a PA, VA, or MAA

- Discovery that a weapon that is authorized by the licensees security plan is lost or uncontrolled within a PA, VA, or MAA

- Unauthorized operation, manipulation, or tampering with any nuclear reactor or Category I SSNM facilitys controls or SSCs that could prevent the implementation of the licensees protective strategy for protecting any target set 4-Hr Notifications (cont.)

19

- The licensees implementation of their security program for which a notification was made to local, State, or Federal law enforcement officials

- Event involving a law enforcement response to the facility that could reasonably be expected to result in public or media inquiries and that does not otherwise require a notification 4-Hr Notifications (cont.)

20

Each licensee subject to the provisions of §§ 73.60 or 73.67 must notify the NRC Headquarters within 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> after time of discovery of the following facility security program failures involving:

8-Hr Notifications 21

- Failure, degradation, or vulnerability in a security or safeguards system, for which compensatory measures have not been employed within the required timeframe, that could allow unauthorized or undetected access of:

• Unauthorized personnel into a PA, VA, MAA, or CAA.

• Contraband into a PA, VA, or MAA 8-Hr Notifications (cont.)

22

• Notification process contained in § 73.1200(o)

- Continuous communications channel timeliness and staffing (knowledgeable personnel)

- Communication of SGI information in actual events does not require secure communications per

§73.22(f)(3)

- Communication of classified information requires secure comms, unless NRC directs otherwise due to exigent circumstances

• Elimination of duplication - single communication of multiple event notifications Notification Process Issues 23

• A licensee transporting or receiving SNF or SNM may monitor the shipment themselves, or they may use a movement control center (MCC) [see § 73.2]

to monitor a shipment

• The movement control center may make event notifications to the NRC under § 73.1200

- § 73.1200 uses the same 15-min, 1-hr, 4-hr, and 8-hr structure for transportation events as for facility-based events

- In adjacent paragraphs, § 73.1200(c) specifies 1-hr facility events and § 73.1200(d) specifies 1-hr transportation events.

Movement Control Center 24

• A movement control center may staff a continuous communications channel, if requested by the NRC

• A single movement control center may monitor multiple shipments in transit

• A movement control center may prepare written follow-up reports under § 73.1205; however, these reports are submitted to the NRC by the cognizant (affected) licensee Movement Control Center (cont.)

25

Within 60 days of a licensee making a verbal notification under § 73.1200, the licensee must submit a written follow-up report under § 73.1205, including:

- A brief abstract describing the major occurrences during the event or condition, including all component or system failures that contributed to the event or condition, and significant corrective actions taken or planned to prevent recurrence.

- A clear, specific, narrative description of what occurred so that a knowledgeable reader conversant with general security program requirements, but not familiar with the security requirements for the specific facility or activity, can understand the complete event.

Written Follow-up Reports 26

• Reports submitted by licensees subject to § 50.73 must use NRC Form 366 format

• All other licensees must use a letter format

• § 73.1205(a)(2) exempts several event notifications made under § 73.1200 from the requirement for a written follow-up report under § 73.1205

• Events that are retracted under § 73.1200(q) before the 60-day timeliness limit are not required to submit a written follow-up report Written Follow-up Reports (cont.)

27

Licensees with facilities or shipment activities subject to the provisions of §§ 73.37, 73.60, or 73.67, must record physical security events and conditions adverse to security.

- These records facilitate the licensees monitoring of the effectiveness of its physical security program.

Recordkeeping of Security Events 28

Physical security events and conditions adverse to security include:

- Human performance security errors;

- Failure to comply with security procedures;

- Insufficient or inadequate security procedures;

- Security equipment failures malfunctions;

- Security structures, systems, and components design deficiencies; or

- Inadequate or insufficient security structures, systems, and components

• This includes events or conditions where the licensee has implemented compensatory measures within the required timeframe specified in its physical security plan.

Recordkeeping (cont.)

29

These requirements apply to any failure, degradation, or discovered vulnerability in a security or safeguards system for which compensatory measures were established within the required timeframe and for which the following could have resulted in:

- Undetected access of unauthorized explosives beyond a required vehicle barrier.

- Unauthorized personnel gaining access into a protected area (PA), vital area (VA), material access area (MAA), or controlled access area (CAA);

Recordkeeping (cont.)

30

- Undetected access of contraband into a PA, VA, or MAA

- Unauthorized personnel accessing a vehicle transporting a Category I or II quantity of strategic special nuclear material (SSNM), spent nuclear fuel (SNF), or high-level radioactive waste (HLW)

- Unauthorized personnel accessing a Category I or II quantity of SSNM, SNF, or HLW being transported

- Undetected introduction of contraband into a vehicle transporting a Category I or II quantity of SSNM, SNF, or HLW; Recordkeeping (cont.)

31

- Undetected introduction of contraband into the Category I or II quantity of SSNM, SNF, or HLW being transported;

- Ammunition Events;

- Any other threatened, attempted, or committed act not previously defined that has resulted in or has the potential for decreasing the effectiveness of the licensees physical security program below that committed to in a licensees NRC-approved physical security plan; or

- Licensee recordkeeping requirements regarding any security events or conditions adverse to security involving any infractions, losses, compromises, or possible compromise of classified information or classified documents are found in § 95.57 Recordkeeping (cont.)

32

Decreases in the effectiveness of the physical security program includes events where:

- An individual was improperly granted unescorted access to a PA, VA, MAA, or CAA;

- An individual authorized for unescorted access tailgates through a security control barrier;

- A programmatic breakdown of a licensees access authorization or criminal history review programs has occurred;

- A loss of control or protection over Safeguards Information where there does not appear to be evidence of theft or compromise; Recordkeeping (cont.)

33

- Failure to accomplish security patrols or checks within the required timeframe;

- Failure or degradation of illumination systems required for a PA, VA, or MAA; or

- The full loss of a single alarm station, where the facility has two or more alarm stations.

Recordkeeping (cont.)

34

A licensee may use a separate safeguards event log to record events or may use their corrective action program

- A licensee may also choose to bifurcate the information in such records systems so as to maximize the use and advantages of their corrective action programs tracking, trending, and performance monitoring capabilities while simultaneously compartmenting sensitive security information and security vulnerabilities

- However, information security considerations for protection of Safeguards Information or classified information must also be met and may impact where an event is recorded Recordkeeping (cont.)

35

• The NRC added a new definition for contraband in §73.2, which included other dangerous materials (e.g., disease causing agents) language. This term was previously undefined in Part 73

- This new language is consistent with the language in Sec. 229 of the Atomic Energy Act of 1954 regarding other dangerous instrument or material likely to produce substantial injury or damage to persons or property

- The NRC does not expect a licensee to establish new capabilities or procedures to identify other dangerous materials, but if such an event occurs the NRC should be notified per § 73.1200 Industry Question - Contraband 36

- The previous approach to contraband was reactor centric and radiological sabotage focused. However, Part 73 (both current and anticipated future licensees) need to address both physical security and information security considerations that also considers theft and diversion

- In RG 5.62, Rev. 2, under Staff Regulatory Guidance position C.6, the staff has discussed the difference between prohibited items and contraband

• A licensees prohibition of something (e.g., alcohol) does not make it contraband

- Items such as authorized explosives or authorized incendiaries that are specifically approved by facility management under controlled purposes are not considered contraband

• As a good practice, NRC staff recommends that such approval and controls be in writing Industry Question - Contraband (cont.)

37

• The NRC added a new definition for the time of discovery in § 73.2 that refers to a cognizant individual making an informed decision.

- The NRC understands that industry intends to develop language regarding a cognizant individual to provide flexibility for differing licensee organizational structures. This is acceptable.

- The NRC staff recommends such personnel have familiarity with a licensees security program, the security event notification requirements and guidance, and licensees implementing procedures Industry Question - Time of Discovery 38

• The NRC agrees that there is an inconsistency between language in RG 5.62, Rev 2, Staff Regulatory Guidance position C.7.1(4) [15-min event notification] on within the licensees site boundary and the 4-hr event notification for actual introduction of contraband inside of a licensees PA, VA, or MAA.

• The NRC recommends that licensees instead apply an approach of within the licensees facility for such 15-min event notifications, due to the greater potential for impact within the facility rather than simply being within the PA.

• The NRC will consider this issue as a potential technical correction to RG 5.62.

Industry Question min Events 39

• The NRC did not change any emergency plan (e-plan) notification requirements under this rule, instead hostile action and e-plan notifications are in parallel and may be separate

• The rule and guidance (RG 5.62, position C.7.3) permit a licensee to notify local and state officials first to fulfill their response and protective measure functions; however, the NRC should be notified as soon as possible thereafter to alert other licensees and government agencies

• § 73.1200(a)(3) does not require 15-min notifications to include the emergency action level (EAL) information

- A licensee may provide that information to the NRC within 60 min of the events classification under the current regulations Industry Question min Events 40

• The NRC did not intend for the similar language in

§73.1200(a)(3)(ii)(A) and §73.1200(b)(3)(ii)(A) to be inconsistent. Both provisions should refer to hostile action.

- The NRC will consider a technical correction for this issue.

Industry Question min Events 41

• Q - Should an event involving unauthorized operation, manipulation, or tampering under § 73.1200(c)(1)(i)(C) and (D) exclude events due to human performance errors?

- A - The NRC agrees that human performance errors (e.g., unintentional operation of the wrong switch or valve) do not rise to the level of a reportable security event. However, licensees should evaluate the associated events consequences (interruption of normal operation of a reactor or an accidental criticality, respectively) for reportability under the NRCs applicable safety-based event notification regulations.

Industry Question Hr Events 42

Q - Do the event notifications in § 50.72(b)(2)(xi) and

§73.1200(e)(3) overlap (i.e., are they duplicative)?

- A - No, the NRC considers these types of events to be dissimilar and do not overlap.

• § 50.72(b)(2)(xi) refers to an event where a news release is planned relating to health and safety of the public or onsite personnel, or protection of the environment.

• § 73.1200(e)(3) refers to a law enforcement response to the facility that could reasonably result in a public or media inquiry.

• A licensee issued news release is not the same as a public or media inquiry due to a law enforcement response.

• Moreover, § 73.1200(e)(3) specifies the event is not otherwise reportable under § 50.72(b)(2)(xi).

Industry Question hr Events 43

• Q - For a lost or uncontrolled weapon event under

§73.1200(e)(1)(v)(A), is there a line of sight or timeliness requirement on the weapon?

- A - No, the NRC has not established any guidance regarding whether a weapon is lost or uncontrolled. The NRC staff recommends that the licensees procedures for this event consider the likelihood that an unauthorized person could access the weapon and whether the weapon was loaded.

Industry Question hr Events 44

• Q - In RG 5.87, Section B, Notification Process, is the cognizant LLEA (with jurisdiction over the location where the facility is located) the same as coordinated by a power reactor licensee under § 73.55(k)(9)?

- A - Yes, for reactors. For other types of licensees, the relevant LLEA (e.g., city police or county sheriff) would apply in establishing a point of contact

• Q - In RG 5.87, Staff Regulatory Guidance position 5.2, should these example apply to willful or intentional unauthorized challenges, not human errors?

- A - Yes. The rule and guidance provide a licensee with the flexibility to determine whether a challenge was a human error and therefore not reportable.

Industry Question - Suspicious activity 45

QUESTIONS 46

• GROA - geologic repository operations area

• HLW - high-level radioactive waste

• ISFSI - independent spent fuel storage installation

• MCC - movement control center

• MRS - monitored retrievable storage installation

• SNF - spent nuclear fuel (or spent fuel)

• SSN - special nuclear material

• SSNM - strategic special nuclear material Acronyms 47