ML23129A331
ML23129A331 | |
Person / Time | |
---|---|
Issue date: | 05/10/2023 |
From: | Phil Brochman NRC/NSIR/DPCP/MSB |
To: | |
References | |
Mtg 20230553, Mtg 20230555, ML23115A406 | |
Download: ML23129A331 (50) | |
Text
Physical Security Event Reporting Workshops (Power Reactors, ISFSIs, Fuel Cycle Facilities)
Phil Brochman, NSIR/DPCP May 10-11, 2023 ML23128A320
- Key Dates
- Reporting Requirements and Guidance
- Applicability
- Event Notifications
- Reports
- Recordable Events & Conditions
- Industry Questions Overview 2
- Rule published in the Federal Register
- March 14, 2023 (88 FR 15864)
- Effective date: April 13, 2023
- Compliance date: January 8, 2024 Key Dates 3
- 10 CFR 73.1200 Notification of Physical Security Events
- 10 CFR 73.1205 Written Follow-up Reports of Physical Security Events
- 10 CFR 73.1210 Recordkeeping of Physical Security Events
- RG 5.62, Revision 2 (ML17131A285)
Physical Security Event Notifications, Reports, and Records Reporting Requirements and Guidance 4
- The introduction to each major paragraph specifies the licensees that are subject to these provisions based upon the sections of Part 73
- For example, § 73.20 or § 73.55
- Regulatory Guide 5.62 provides a plain language interpretation of these various sections
- Not all paragraphs apply to all licensees
- For example, § 73.67 licensees are not subject to 15-minute facility event notifications under § 73.1200(a)
Applicability 5
Affected facilities:
- Production or utilization facilities (including both operating and decommissioning power reactors and non-power reactors)
- Facilities that possess Category I, II, or III quantities of SSNM
- Facilities that possess Category II or III quantities of SNM
- Hot cell facilities subject to § 73.50
- ISFSIs subject to §§ 73.51 or 73.55 Applicability (cont.)
6
- Monitored retrievable storage installations (MRSs) and geological repository operations areas (GROAs) subject to § 73.51
- Transportation activities:
- Category I, II, or III quantities of strategic special nuclear material (SSNM)
- Category II or III quantities of special nuclear material (SNM)
- SNF and high-level radioactive waste (HLW).
Applicability (cont.)
7
- The NRC used a graded-approach to determine the timeliness for notifications:
- Security significance of the event
- Urgency of the notification
- The underlying security risks to public health and safety or the common defense and security that are posed by the affected facility or the material being transported.
This means the time at which a cognizant individual observes, identifies, or is notified of a security significant event or condition. A cognizant individual is considered anyone who, by position, experience, and/or training, is expected to understand that a particular condition or event adversely impacts security. (§ 73.2)
- The NRC has removed the ability of licensees to use an evaluation of whether malevolent intent was present as a screening criterion in determining whether an event notification should be made
- NRC Office of Investigations, law enforcement and the intelligence community are considered capable of making such determinations
- A fuller discussion of this issue can be found in the NRCs Responses to Public Comments on the Proposed Rule (ML22287A156) under Comments K-1 and K-2 Malevolent Intent 10
- Licensees may retract an event, or re-categorize it as recordable, if they are notified by an authorized agency that malevolent intent was not present in an event Malevolent Intent (cont.)
11
- Q - Does the rule require licensees to increase LLEA resource use for any intent inquiries.
- A - No, malevolent intent was a screening criteria for not reporting a potential event. Licensees should make the notification within the required timeliness limit; should additional, subsequent information invalidate or modify the original notification, the licensee can retract or recharacterize the event.
- Q - If LLEA determines that there was no malevolent intent for a potential suspicious activity before the 4-hr report limit, can a licensee use that as a basis to not report the activity as suspicious?
- A - Yes.
Industry Question - Malevolent Intent 12
- Events having a greater security significance have a shorter notification period: minute events (hostile actions) hour events (actual impact on physical security) hour events (potential impact on physical security) hour events (programmatic impact on physical security)
- Events that are grouped as applicable to a facility and then to a transportation activity
- § 73.1200(c) Hr facility-based events
- § 73.1200(d) Hr transportation-based events Timeliness Categories 13
Each licensee subject to the provisions of §§ 73.20, 73.45, 73.46, 73.51, or 73.55 must notify the NRC, as soon as possible but within 15 minutes, after:
- Initiation of a security response in accordance with its safeguards contingency plan or protective strategy, based on an imminent or actual hostile action against a licensees facility.
15-Minute Notifications 14
- Notification by law enforcement or government officials of a potential hostile action or act of sabotage anticipated within the next 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> against a licensees facility.
Some examples are:
- There is an armed assault
- There is a vehicle bomb
- Discovery of an explosive or incendiary device
- Act of sabotage or hostage taking 15-Minute Notifications (cont.)
15
- Production or utilization facilities that are in a decommissioning status are not required to make a 15-minute event notification if all spent fuel has been removed from the spent fuel pool.
- However, any potential events should be evaluated against other event notifications (e.g., 1-hr or 4-hr)
- Independent Spent Fuel Storage Installations (ISFSIs) subject to §§ 73.51 or 73.55 are required to make 15-minute event notifications
- Co-located ISFSI and reactor facilities can evaluate if a hostile action is directed against only one of the facilities (e.g., separate protected areas) 15-minute Notifications (cont.)
16
Each licensee subject to the provisions of §§ 73.20, 73.45, 73.46, 73.50, 73.51, 73.55, 73.60, or 73.67 must notify the NRC as soon as possible but no later than 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> after the time of discovery of the following significant facility security events:
- There is reason to believe that a person has committed or caused, or attempted to commit or cause, or has made a threat to commit or cause:
1-Hr Notifications 17
- Theft or diversion of a Category I, II, or III quantity of SSNM or a Category II or III quantity of SNM
- Significant physical damage to any nuclear power reactor, to a facility possessing a Category I or II quantity of SSNM, or to a facility storing or disposing of SNF and/or high-level waste (HLW)
- Unauthorized operation, manipulation, or tampering with any nuclear power reactors controls or with structures, systems, and components (SSCs) that results in the interruption of normal operation of the reactor 1-Hr Notifications (cont.)
18
- Unauthorized operation, manipulation, or tampering with any Category I SSNM facilitys SSCs that results in an accidental criticality
- Vehicle barrier system protecting their facility, the introduction beyond the vehicle barrier of a quantity of unauthorized explosives that meets or exceeds the relevant facilitys adversary characteristics
- Notification by law enforcement or government officials of a potential hostile action or act of sabotage anticipated within greater than 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> against a licensees facility 1-hr Notifications (cont.)
19
Each licensee subject to the provisions of §§ 73.20, 73.45, 73.46, 73.50, 73.51, 73.55, 73.60, or 73.67 must notify the NRC within 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> after time of discovery of the following facility security events:
- Actual or attempted access of an unauthorized person into a facilitys protected area (PA), vital area (VA),
material access area (MAA), or controlled access area (CAA)
- This does not include individuals who were granted access to a PA, VA, MAA, or CAA, but who omitted derogatory information or provided false information during the access authorization process 4-Hr Notifications (cont.)
20
- Actual or attempted introduction of contraband into a PA, VA, or MAA
- Discovery that a weapon that is authorized by the licensees security plan is lost or uncontrolled within a PA, VA, or MAA
- Unauthorized operation, manipulation, or tampering with any nuclear reactor or Category I SSNM facilitys controls or SSCs that could prevent the implementation of the licensees protective strategy for protecting any target set 4-Hr Notifications (cont.)
21
- At a vehicle barrier system (VBS) protecting a facility, the identification or discovery at or beyond the VBS of unauthorized explosives
- The licensees implementation of their security program for which a notification was made to local, State, or Federal law enforcement officials
- Event involving a law enforcement response to the facility that could reasonably be expected to result in public or media inquiries and that does not otherwise require a notification 4-Hr Notifications (cont.)
22
Each licensee subject to the provisions of §§ 73.20, 73.45, 73.46, 73.50, 73.51, 73.55, 73.60, or 73.67 must notify the NRC Headquarters within 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> after time of discovery of the following facility security program failures involving:
- Unauthorized operation, manipulation, or tampering with any nuclear power reactors controls or with SSCs that does not result in the interruption of normal operation of the reactor 8-Hr Notifications 23
- Unauthorized operation, manipulation, or tampering with any Category I SSNM facilitys SSCs that does not result in the interruption of normal operation of the facility or an accidental criticality
- Failure, degradation, or vulnerability in a security or safeguards system, for which compensatory measures have not been employed within the required timeframe, that could allow unauthorized or undetected access of:
- Contraband into a PA, VA, or MAA 8-Hr Notifications (cont.)
24
- Notification process contained in § 73.1200(o)
- Specifies continuous communications channel timeliness and staffing (knowledgeable personnel)
- Communication of SGI information in actual events does not require secure communications per
§73.22(f)(3)
- Communication of classified information requires secure communications, unless NRC directs otherwise due to exigent circumstances
- Elimination of duplication - single communication of multiple event notifications Notification Process Issues 25
- A licensee transporting or receiving SNF or SNM may monitor the shipment themselves, or they may use a movement control center (MCC) [see § 73.2]
to monitor a shipment
- The movement control center may make event notifications to the NRC under § 73.1200
- § 73.1200 uses the same 15-min, 1-hr, 4-hr, and 8-hr structure for transportation events as for facility-based events
- In adjacent paragraphs, § 73.1200(c) specifies 1-hr facility events and § 73.1200(d) specifies 1-hr transportation events Movement Control Center 26
- An MCC may staff a continuous communications channel, if requested by the NRC
- A single movement control center may monitor multiple shipments in transit
- A movement control center may prepare written follow-up reports under § 73.1205; however, these reports are submitted to the NRC by the cognizant (affected) licensee Movement Control Center (cont.)
27
Within 60 days of a licensee making a verbal notification under § 73.1200, the licensee must submit a written follow-up report under § 73.1205, including:
- A brief abstract describing the major occurrences during the event or condition, including all component or system failures that contributed to the event or condition, and significant corrective actions taken or planned to prevent recurrence
- A clear, specific, narrative description of what occurred so that a knowledgeable reader conversant with general security program requirements, but not familiar with the security requirements for the specific facility or activity, can understand the complete event Written Follow-up Reports 28
- Reports submitted by licensees subject to § 50.73 must use NRC Form 366 format
- All other licensees must use a letter format
- § 73.1205(a)(2) exempts several event notifications made under § 73.1200 from the requirement for a written follow-up report under § 73.1205
- Events that are retracted under § 73.1200(q) before the 60-day timeliness limit are not required to submit a written follow-up report Written Follow-up Reports (cont.)
29
Licensees with facilities or shipment activities subject to the provisions of §§ 73.20, 73.25, 73.26, 73.27, 73.37, 73.45, 73.46, 73.50, 73.51, 73.55, 73.60, or 73.67, must record physical security events and conditions adverse to security.
- These records facilitate the licensees monitoring of the effectiveness of its physical security program.
Recordkeeping of Security Events 30
Physical security events and conditions adverse to security include:
- Human performance security errors;
- Failure to comply with security procedures;
- Insufficient or inadequate security procedures;
- Security equipment failures malfunctions;
- Security structures, systems, and components design deficiencies; or
- Inadequate or insufficient security structures, systems, and components
- This includes events or conditions where the licensee has implemented compensatory measures within the required timeframe specified in its physical security plan.
Recordkeeping (cont.)
31
These requirements apply to any failure, degradation, or discovered vulnerability in a security or safeguards system for which compensatory measures were established within the required timeframe and for which the following could have resulted in:
- Undetected access of unauthorized explosives beyond a required vehicle barrier.
- Unauthorized personnel gaining access into a PA, VA, MAA, or CAA; Recordkeeping (cont.)
32
- Undetected access of contraband into a PA, VA, or MAA
- Unauthorized personnel accessing a vehicle transporting a Category I or II quantity of SSNM, SNF, or HLW
- Unauthorized personnel accessing a Category I or II quantity of SSNM, SNF, or HLW being transported
- Undetected introduction of contraband into a vehicle transporting a Category I or II quantity of SSNM, SNF, or HLW; Recordkeeping (cont.)
33
- Undetected introduction of contraband into the Category I or II quantity of SSNM, SNF, or HLW being transported;
- Ammunition Events;
- Any other threatened, attempted, or committed act not previously defined that has resulted in or has the potential for decreasing the effectiveness of the licensees physical security program below that committed to in a licensees NRC-approved physical security plan; or
- Licensee recordkeeping requirements regarding any security events or conditions adverse to security involving any infractions, losses, compromises, or possible compromise of classified information or classified documents are found in § 95.57 Recordkeeping (cont.)
34
Decreases in the effectiveness of the physical security program includes events where:
- An individual was improperly granted unescorted access to a PA, VA, MAA, or CAA;
- An individual authorized for unescorted access tailgates through a security control barrier;
- A programmatic breakdown of a licensees access authorization or criminal history review programs has occurred;
- A loss of control or protection over Safeguards Information where there does not appear to be evidence of theft or compromise; Recordkeeping (cont.)
35
- Failure to accomplish security patrols or checks within the required timeframe;
- Failure or degradation of illumination systems required for a PA, VA, or MAA; or
- The full loss of a single alarm station, where the facility has two or more alarm stations Recordkeeping (cont.)
36
A licensee may use a separate safeguards event log to record events or may use their corrective action program
- A licensee may also choose to bifurcate the information in such records systems so as to maximize the use and advantages of their corrective action programs tracking, trending, and performance monitoring capabilities while simultaneously compartmenting sensitive security information and security vulnerabilities
- However, information security considerations for protection of Safeguards Information or classified information must also be met and may impact where an event is recorded Recordkeeping (cont.)
37
Licensees also subject to 10 CFR Part 95 requirements
- A licensee possessing SNM can be subject to both 10 CFR Part 73 and Part 95 requirements in a single event. Two examples:
- The loss or theft of SNM with classified characteristics
- Unauthorized access to an MAA with SNM with classified characteristics
- For some licensees, the cognizant security agency (CSA) is the NRC; for other licensees, it is a different agency
- Consequently, a licensee with a separate CSA should notify both their CSA and the NRC Operations Center of any dual event notifications (this meets the NRC regional notification in § 95.57)
- Both event notifications may be communicated to the NRC in a single communication (under the elimination of duplication)
Industry Question - Part 95 38
- The NRC added a new definition for contraband in §73.2, which included other dangerous materials (e.g., disease causing agents) language. This term was previously undefined in Part 73
- This new language is consistent with the language in Sec. 229 of the Atomic Energy Act of 1954 regarding other dangerous instrument or material likely to produce substantial injury or damage to persons or property
- The NRC does not expect a licensee to establish new capabilities or procedures to identify other dangerous materials, but if such an event occurs the NRC should be notified per § 73.1200 Industry Question - Contraband 39
- The previous approach to contraband was reactor centric and radiological sabotage focused. However, Part 73 (both current and anticipated future licensees) need to address both physical security and information security considerations that also addresses theft and diversion
- In RG 5.62, Rev. 2, under Staff Regulatory Guidance position C.6, the staff has discussed the difference between prohibited items and contraband
- A licensees prohibition of something (e.g., alcohol) does not make it contraband
- Items such as authorized explosives or authorized incendiaries that are specifically approved by facility management under controlled purposes are not considered contraband
- As a good practice, NRC staff recommends that such approval and controls be in writing Industry Question - Contraband (cont.)
40
- The NRC added a new definition for the time of discovery in § 73.2 that refers to a cognizant individual making an informed decision.
- The NRC understands that industry intends to develop language regarding a cognizant individual to provide flexibility for differing licensee organizational structures. This is acceptable.
- The NRC staff recommends such personnel have familiarity with a licensees security program, the security event notification requirements and guidance, and licensees implementing procedures Industry Question - Time of Discovery 41
- The NRC agrees that there is an inconsistency between language in RG 5.62, Rev 2, Staff Regulatory Guidance position C.7.1(4) [15-min event notification] on within the licensees site boundary and the 4-hr event notification for actual introduction of contraband inside of a licensees PA, VA, or MAA.
- The NRC recommends that licensees instead apply an approach of within the licensees facility for such 15-min event notifications, due to the greater potential for impact within the facility rather than simply being within the PA.
- The NRC will consider this issue as a potential technical correction to RG 5.62.
Industry Question min Notifications 42
- The NRC did not change any emergency plan (e-plan) notification requirements under this rule, instead hostile action and e-plan notifications are in parallel and may be separate
- The rule and guidance (RG 5.62, position C.7.3) permit a licensee to notify local and state officials first to fulfill their response and protective measure functions; however, the NRC should be notified as soon as possible thereafter to alert other licensees and government agencies
- § 73.1200(a)(3) does not require 15-min notifications to include the emergency action level (EAL) information
- A licensee may provide that information to the NRC within 60 min of the events classification under the current regulations Industry Question min Notifications 43
- The NRC did not intend for the similar language in
§73.1200(a)(3)(ii)(A) and §73.1200(b)(3)(ii)(A) to be inconsistent. Both provisions should refer to hostile action.
- The NRC will consider a technical correction for this issue.
Industry Question min Notifications 44
- Q - Should an event involving unauthorized operation, manipulation, or tampering under § 73.1200(c)(1)(i)(C) and (D) exclude events due to human performance errors?
- A - The NRC agrees that human performance errors (e.g., unintentional operation of the wrong switch or valve) do not rise to the level of a reportable security event. However, licensees should evaluate the associated events consequences (interruption of normal operation of a reactor or an accidental criticality, respectively) for reportability under the NRCs applicable safety-based event notification regulations.
Industry Question Hr Notifications 45
Q - Do the event notifications in § 50.72(b)(2)(xi) and
§73.1200(e)(3) overlap (i.e., are they duplicative)?
- A - No, the NRC considers these types of event notifications to be dissimilar and do not overlap.
- § 50.72(b)(2)(xi) refers to an event notification where a licensee news release is planned relating to health and safety of the public or onsite personnel, or protection of the environment.
- § 73.1200(e)(3) refers to an event notification regarding a law enforcement response to the facility that could reasonably result in a public or media inquiry.
- A licensee issued news release is not the same as a potential public or media inquiry due to a law enforcement response.
- Moreover, § 73.1200(e)(3) specifies the event notification is not otherwise reportable under § 50.72(b)(2)(xi).
Industry Question hr Notifications 46
- Q - For a lost or uncontrolled weapon event under
§73.1200(e)(1)(v)(A), is there a line of sight or timeliness requirement on the weapon?
- A - No, the NRC has not established any guidance regarding whether a weapon is lost or uncontrolled. The NRC staff recommends that the licensees procedures for this event notification consider the likelihood that an unauthorized person could access the weapon and whether the weapon was loaded.
Industry Question hr Notifications 47
- Q - In RG 5.87, Section B, Notification Process, is the cognizant LLEA (with jurisdiction over the location where the facility is located) the same as coordinated by a power reactor licensee under § 73.55(k)(9)?
- A - Yes, for reactors. For other types of licensees, the relevant LLEA (e.g., city police or county sheriff) would apply in establishing a point of contact
- Q - In RG 5.87, Staff Regulatory Guidance position 5.2, should these example apply to willful or intentional unauthorized challenges, not human errors?
- A - Yes. The rule and guidance provide a licensee with the flexibility to determine whether a challenge was a human error and therefore not reportable.
Industry Question - Suspicious activity 48
QUESTIONS 49
- GROA - geologic repository operations area
- HLW - high-level radioactive waste
- ISFSI - independent spent fuel storage installation
- MCC - movement control center
- MRS - monitored retrievable storage installation
- SNF - spent nuclear fuel (or spent fuel)
- SSNM - strategic special nuclear material Acronyms 50