(CPNPP) - Request for Exemption from Enhanced Weapons, Firearms Background Checks, and Security Event Notifications Implementation

ML23318A471
Person / Time
Site:	Comanche Peak
Issue date:	11/14/2023
From:	John Lloyd Luminant, Vistra Operating Co. (VistraOpCo)
To:	Office of Nuclear Material Safety and Safeguards, Office of Nuclear Reactor Regulation, Document Control Desk
References
CP-202300533, TXX-23086
Download: ML23318A471 (1)
v • d • e

Text

CP-202300533 TXX-23086 November 14th, 2023 U. S. Nuclear Regulatory Commission Ref 10 CFR 73.5 ATTN: Document Control Desk Washington, DC 20555-0001

Subject:

Comanche Peak Nuclear Power Plant (CPNPP)

Docket Nos. 50-445, 50-446 and 72-74 Request for Exemption from Enhanced Weapons, Firearms Background Checks, and Security Event Notifications Implementation

Dear Sir or Madam:

On March 14, 2023, the Nuclear Regulatory Commission (NRC) noticed in the Federal Register, Final Rule, Enhanced Weapons, Firearms Background Checks, and Security Event Notifications. This final rule became effective April 13, 2023, with a compliance date of January 8, 2024.

In response to the publication of the final rule, Vistra Operations Company LLC (Vistra OpCo)/Comanche Peak Nuclear Power Plant (CPNPP) performed a gap analysis to compare the new rule against current requirements, NRC endorsed documents, and other guidance documents published by the NRC. CPNPP also evaluated the broad impact across multiple organizations and the change management scope.

In accordance with 10 CFR 73.5, Vistra OpCo is requesting an exemption until the later of March 31, 2025, or 180 days after publication of the final Regulatory Guides from the following specific requirements in 10 CFR 73:

10 CFR Part 73, Subpart T, Security Notifications, Reports, and Recordkeeping 10 CFR 73.1200(a) through 10 CFR 73.1200(t), Notification of Physical Security Events 10 CFR 73.1205(a)(1) through 10 CFR 73.1205(e), Written Follow-up Reports of Physical Security Events 10 CFR 73.1210(a)(1) through 10 CFR 73.1210(h), Recordkeeping of Physical Security Events 10 CFR 73.1215(a) through 10 CFR 73.1215(f), Suspicious Activity Reports Vistra OpCo is also requesting an exemption from using the definitions for the terms Contraband, and Time of Discovery as recently revised in 10 CFR 73.2, Definitions, until the later of March 31, Jay J. Lloyd Senior Director, Engineering & Regulatory Affairs Comanche Peak Nuclear Power Plant (Vistra Operations Company LLC)

P.O. Box 1002 6322 North FM 56 Glen Rose, TX 76043 T 254.897.5337

2025, or 180 days after publication of the final Regulatory Guides. The exemption would not apply to the definitions of those terms that were in effect prior to the issuance of the 2023 revisions.

Vistra OpCo is requesting a new compliance date of March 31, 2025, or 180 days after publication of the final Regulatory Guides, whichever is later, based on the NRCs projected timeline for completion of revisions to the applicable Regulatory Guides associated with this final rule, to provide time necessary for CPNPP to go through the change management processes adequately to include the number of training weeks that will be required, and to allow for completion of the CPNPP Unit 2 outage scheduled for the Fall of 2024.

The attachment to this letter provides the justification and rationale for the exemption request. The requested exemption from the specific requirements in 10 CFR Part 73 is permissible under 10 CFR 73.5 because the exemption is authorized by law, will not present an undue risk to the public health and safety, and is consistent with the common defense and security.

Vistra OpCo requests approval of this exemption by December 15, 2023, so actions can be taken to ensure consistent and reliable reporting procedures.

This communication contains no new commitments regarding CPNPP Units 1 and 2.

Should you have any questions, please contact Latham Meier at (254) 897-6644 or Latham.Meier@luminant.com.

Sincerely, Jay J. Lloyd

Attachment:

Request for Exemption from Specific Requirements in New 2023 Security Rule c (email) -

John Monninger, Region IV [John.Monninger@nrc.gov]

Dennis Galvin, NRR [Dennis.Galvin@nrc.gov]

John Ellegood, Senior Resident Inspector, CPNPP [John.Ellegood@nrc.gov]

Dominic Antonangeli, Resident Inspector, CPNPP [Dominic.Antonangeli@nrc.gov]

Request for Exemption from Specific Requirements in New 2023 Security Rule

Attachment to TXX-23086 Page 2 of 9 Request for Exemption from Specific Requirements in New 2023 Security Rule A.

BACKGROUND On March 14, 2023, the Nuclear Regulatory Commission (NRC) issued a Final Rule entitled Enhanced Weapons, Firearms Background Checks, and Security Event Notifications.1 This final rule became effective April 13, 2023, with a compliance date of January 8, 2024. The final rule contains several new elements such as:

New terminology and associated requirements covering conditions adverse to security New definitions of the terms contraband and time of discovery in 10 CFR 73.2 New point of contact requirements with the Federal Aviation Administration (FAA)

Changes to reporting requirements applicable to security events:

o From 1-hour notifications and 24-hour recording of security events, to 1-hour, 4-hour, 8-hour notifications and 24-hour recording of security events o

Codifies the accelerated call to the NRC from NRC Bulletin 2005-02 to a new 15-minute notification Concurrently with the publication of the final rule, the NRC issued the following Regulatory Guides to support the implementation requirements set forth in the final rule:

5.62, Physical Security Event Notifications, Reports, and Records, Revision 2 5.86, Enhanced Weapons Authority, Preemption Authority, and Firearms Background Checks, Revision 0 5.87, Suspicious Activity Reports, Revision 0 During the August 23, 2023 public meeting, the NRC recognized there are ambiguities and inconsistencies contained within the final rule language and associated guidance. The discussed revision date for clarifying guidance publication was April 2024, which is 3 months after the compliance date of January 8, 2024. Additionally, the NRC recognized the need for rulemaking to address the issues with the final rule language.

Accordingly, Vistra Operations Company LLC (Vistra OpCo), is requesting an exemption from the specific requirements in 10 CFR Part 73, Subpart T, "Security Notifications, Reports, and Recordkeeping," 10 CFR 73.1200(a) through 10 CFR 73.1200(t), "Notification of Physical Security Events," 10 CFR 73.1205(a)(1) through 10 CFR 73.1205(e), "Written Follow-up Reports of Physical Security Events," 10 CFR 73.1210(a)(1) through10 CFR 73.1210(h), "Recordkeeping of Physical Security Events," and 10 CFR 73.1215(a) through 10 CFR 73.1215(f), "Suspicious Activity Reports," until the later of March 31, 2025, or 180 days after publication of the final Regulatory Guides.

Vistra OpCo is also requesting an exemption from using the definitions for the terms "Contraband," and "Time of Discovery," as recently revised in 10 CFR 73.2, "Definitions," until the later of March 31, 2025, or 180 days after publication of the final Regulatory Guides. The exemption would not apply to the definitions of those terms that were in effect prior to the issuance of the 2023 revisions.

1 Enhanced Weapons, Firearms Background Checks, and Security Event Notifications; Final rule and guidance, 88 Fed. Reg. 15864 (March 14, 2023).

Attachment to TXX-23086 Page 3 of 9 B.

BASIS FOR EXEMPTION REQUEST 10 CFR 73.5 allows the Commission to grant exemptions from the requirements of Part 73 as it determines are authorized by law and will not endanger life or property or the common defense and security and are otherwise in the public interest. As explained below, this exemption request meets the criteria provided in section 73.5.

Comanche Peak Nuclear Power Plant (CPNPP) has identified several issues in the final rule and the supporting Regulatory Guides that require clarification from the NRC staff to successfully implement the requirements. As mentioned above, the NRC is currently developing a resolution for code language issues and addressing guidance revisions. The NRC staff plans to issue additional guidance in April 2024, 3 months after the compliance date of January 8, 2024.

Without additional guidance, enforcement relief, or the approval of this exemption, it is likely that CPNPP will need to make changes to the physical security plans and processes twice -

once to come into compliance with CPNPPs interpretation of the final rule (without the benefit of the additional guidance being developed by NRC staff), and again once the additional guidance is issued. The ambiguity and conflict created by the final rule language and existing guidance, which is described below, could result in unnecessary confusion and distraction that detract from the current high level of assurance provided by Comanche Peaks existing physical security program for CPNPP Units 1 and 2 and the Independent Spent Fuel Storage Installation (ISFSI). Consequently, implementation of the final rule prior to issuance of additional clarifying guidance, at a minimum, is not in the best interest of the public. The following are several issues that have been identified as examples:

1. CONDITIONS ADVERSE TO SECURITY The introduction of the term conditions adverse to security within 10 CFR 73.1210 is undefined, and ambiguous. CPNPP has established, as required, a formal Corrective Action Program IAW 10 CFR Part 50 Appendix B, Criterion XVI. NEI 16-07, Improving the Effectiveness of Issue Resolution to Enhance Safety and Efficiency, provided recommended approaches to the industry to enhance corrective actions, and facilitate a better organizational focus on conditions affecting safety and reliability. As a result, CPNPP has developed procedures/processes to determine conditions adverse to quality as they relate to the security organization, (e.g.,

Condition Adverse to Regulatory Compliance.)

CPNPP procedure STA-422, Corrective Action Program, and associated implementing procedures, define the specific events, situations or occurrences that result in a condition adverse to quality. Security-related items are included.

Given the robust nature of the CPNPP Corrective Action Program, the additional duplication of procedures and/or revision of procedures to accommodate a new term is unnecessary, adds burden, and provides no increased value, safety margin or improvements to security programs or the Corrective Action Program.

2. DEFINITIONS IN 10 CFR 73.2 New definitions in § 73.2 expand existing definitions provided in NRC endorsed NEI 03-12, Template for the Security Plan, Training and Qualification Plan, Safeguards Contingency Plan, [and Independent Spent Fuel Storage Installation Security Program], Revision 7 and RG 5.76, Physical Protection Programs at Nuclear Power Reactors. CPNPP has used the existing definitions to

Attachment to TXX-23086 Page 4 of 9 design the CPNPP Security Plan and associated programs and procedures. Examples of the issues include:

Contraband: Specifically, the exempli gratia or e.g. parenthetical describing other dangerous materials as specifically including disease causing agents requires licensees to protect against circumstances beyond the current Design Basis Threat (DBT) as described in 10 CFR 73.1. The application of this expanded definition will require changes to CPNPP methods of compliance with the requirements of 10 CFR 73.55(g)(1)(ii)(B). Section (g)(1)(ii)(B) requires (emphasis added):

§ 73.55(g) Access controls.

(1) Consistent with the function of each barrier or barrier system, the licensee shall control personnel, vehicle, and material access, as applicable, at each access control point in accordance with the physical protection program design requirements of § 73.55(b).

(ii) Where vehicle barriers are established, the licensee shall:

(B) Search vehicles and materials for contraband or other items which could be used to commit radiological sabotage in accordance with paragraph (h) of this section.

§ 73.55(h) Search programs.

(1) The objective of the search program is to detect, deter, and prevent the introduction of firearms, explosives, incendiary devices, or other items which could be used to commit radiological sabotage. To accomplish this the licensee shall search individuals, vehicles, and materials consistent with the physical protection program design requirements in paragraph (b) of this section, and the function to be performed at each access control point or portal before granting access.

(2) Owner controlled area searches.

(iv) Vehicle searches must be accomplished through the use of equipment capable of detecting firearms, explosives, incendiary devices, or other items which could be used to commit radiological sabotage, or through visual and physical searches, or both, to ensure that all items are identified before granting access.

(3) Protected area searches. Licensees shall search all personnel, vehicles and materials requesting access to protected areas.

(i) The search for firearms, explosives, incendiary devices, or other items which could be used to commit radiological sabotage shall be accomplished through the use of equipment capable of detecting these items, or through visual and physical searches, or both, to ensure that all items are clearly identified before granting access to protected areas. The licensee shall subject all persons except official Federal, state, and local law enforcement personnel on official duty to these searches upon entry to the protected area. Armed security officers who are on duty and have exited the protected area may re-enter the protected area without being searched for firearms.

Attachment to TXX-23086 Page 5 of 9

§ 73.55(g) uses the term contraband, while § 73.55(h) uses terminology consistent with that found in the definition of contraband in NEI 03-12 (and RG 5.76). The specific inclusion of disease causing agents in the new regulatory definition of contraband will require CPNPP to modify its programs and procedures describing the methods of compliance with paragraph § 73.55(g).

CPNPP understands that the NRC is considering potential resolutions for this issue, but until further guidance is issued, or rulemaking occurs, CPNPP is unable to comply with this requirement as written without making significant changes to the physical security program.

Time of Discovery: Specifically, the term cognizant individual and is considered anyone who, by position, experience, and/or training, is expected to understand that a particular condition or event adversely impacts security. Currently, security plans incorporate the definition for Time of Discovery, that is found in NEI 03-12 and RG 5.76, being a supervisor or manager makes a determination that a verified degradation of a security safeguards measure or a contingency situation exists, to establish T=0 for a security related event.

The new definition expands the pool of personnel previously used by licensees to determine T=0 for an event, due to the undefined nature of position, experience, and/or training. Additionally, the broader nature and lower threshold for recognition of something that simply adversely impacts security, versus recognition of verified degradation of a security safeguards measure or a contingency situation contributes to the expansion of pool of personnel. CPNPP is confident, the term in NEI 03-12 and RG 5.76, is the appropriate threshold for T=0 for security related events.

The application of this expanded definition will require CPNPP to broaden current security programs and revise training modules onsite for general plant employees, (potentially with INPO and the NANTeL course they facilitate) and the responsibility for implementation of the expanded training across a broad spectrum of personnel at the station.

3. FEDERAL AVIATION ADMINISTRATION (FAA) LOCAL CONTROL TOWER POINT OF CONTACT 10 CFR 73.1215 establishes reporting requirements for suspicious activities involving aircraft to a licensees FAA local control tower. Specifically, licensees are required to:

Establish a point of contact with their local FAA control tower, and Document the point of contact in written communication procedures.

The code language is very specific in regard to establishing a point of contact with the local control tower. Current CPNPP procedure STA-501, Nonroutine Reporting, the Security Reportability Job Aid and Security Field Report (SFR) Template Aircraft Observations, provide guidance for contacting the FAA 24 Hour Watch Desk and/or the FAA backup, but not a specific FAA control tower or single point of contact. As a result, CPNPP is not capable of obtaining a single point of contact from a Federal Agency.

Attachment to TXX-23086 Page 6 of 9 The requirement of establishing and documenting an FAA local control tower point of contact does not add additional safety margin to the protection or operation of CPNPP and adds difficulty for compliance due to the lack of participation from a local control tower.

4. REGULATORY GUIDES Examples of clarification needed in the supporting Regulatory Guide 5.62, Revision 2, Physical Security Event Notifications, Reports, and Records include:

4-hour vs. 15-minute notification requirement:

§ 73.1200(e)(1)(iii) and (iv) requires a 4-hour notification for attempted or actual introduction of contraband into a PA, VA, or MAA.

o The definition of contraband contains the term incendiaries.

§ 73.1200(a) requires a 15-minute notification for hostile actions.

o RG 5.62, Rev 2, Section 7.1, page 24, provides examples of hostile actions:

(4) The discovery of unauthorized explosive materials, incendiary materials, or an improvised explosive device within the licensees site boundary.

The code language requires a 4-hour notification for an incendiary device at or inside the PA, VA, or MAA. The regulatory guide drives licensees to a 15-minute notification for an incendiary device at the site boundary, which is further away from safety related equipment.

The notification conflict the regulatory guide introduced between a 15-minute and 4-hour notification is burdensome, confusing, and makes the consistency and success for this notification unpredictable. Station personnel are trained to reference published Regulatory Guides, station procedures and guidance, and other industry documents, as a best practice, to support the accuracy of determination of notification events.

The inconsistency created by RG 5.62 unnecessarily creates the potential for confusion and human performance error.

4-hour notification vs. 24-hour recording of lost or uncontrolled weapon:

§ 73.1200(e)(1)(v) requires a 4-hour notification for a lost or uncontrolled weapon.

§ 73.1210(f) requires recording within 24-hours physical security events or conditions that decreases the effectiveness of the physical security program.

o RG 5.62, Rev 2, Section 18.2, page 38, provides examples of the Recordable Events and Conditions Regarding Decreases in Effectiveness, that 73.1210(f) requires. The regulatory guide includes an event involving the loss of control of an authorized security weapon within a PA, VA, MAA, or CAA.

The conflict between the notification and recording of a lost or uncontrolled weapon only exists because of the regulatory guidance in RG 5.62. As a best practice, and to support accurate determination of notification events, station personnel are trained to reference published Regulatory Guides, station procedures

Attachment to TXX-23086 Page 7 of 9 and guidance, and other industry documents. Additional clarity is needed in order to support the implementation of notifications and recordkeeping in a consistent and successful manner.

Malevolent intent discussion:

10 CFR 73.1200 only refers to the term malevolent intent in § 73.1200(q)(2) as exempli gratia or e.g. parenthetical describing a circumstance where a licensee may desire to retract a previous physical security event notification.

o RG 5.62, Rev 2, Section 2, page 21, titled, Malevolent Intent and Credible Bomb Threat Considerations, states the NRCs position that only government officials have the necessary resources and qualifications to determine whether malevolent intent was present in a security event.

o During the May 2023, and August 2023, public meetings, the NRC was unable to consistently describe when licensees were capable of this determination, and when licensees were required to have government officials make this determination.

o Within the NRC Response to Public Comments, ML16264A004,2 comment K-21 contains the discussion regarding credible, and puts into context, the circumstances of the NRCs position, as it relates to the determination of malevolent intent.

It is clear, that as of the publication date of March 2023, the discussion revolves around the 15-minute notification requirements, and not blanketly across all security related events.

Vistra OpCo is aligned that in certain circumstances, external government agencies would be the most appropriate to determine malevolent intent, (e.g.,

credible bomb threat, credible threat). However, it is Vistra OpCos position the capability to determine intent as it relates to identifying human performance errors, as well as determining a person to be trustworthy and reliable for plant access purposes remains with CPNPP.

The lack of clarity of the scope and/or intent of when it is appropriate for external government officials to determine malevolent intent creates ambiguity.

Final clarity is needed to prevent CPNPP having to unnecessarily change security programs and procedures, such as access authorization procedures, to incorporate a process to await investigation results from the NRCs Office of Investigations (OI), the intelligence community, or a federal, state, or local law enforcement agency.

C.

CONSIDERATIONS FOR EXEMPTION As highlighted in the selected examples above, Vistra OpCo progressing towards a compliance date of January 8, 2024, without full clarity on key parts of the final rule would result in an inadequate implementation. Unknown success paths towards compliance with the final rule, as written in current code language; along with the conflict and confusion engendered by the published, publicly available, stated positions of the NRC, are key bases for this request. CPNPP would be required to revise security plans and procedures at least twice, based on interpretation of this new rule. Vistra OpCo is requesting the following considerations be taken into account during review of this request:

2 NRC Response to Public Comments, Enhanced Weapons, Firearms Background Checks, and Security Event notifications Rule, NRC-2011-0018; RIN 3150-AI49

Attachment to TXX-23086 Page 8 of 9 CPNPPs current site security plan implements the requirements of 10 CFR 73.71, Reporting of Safeguards Events for reporting the suspension of security measures.

CPNPP will continue to comply with security event reporting, as previously required in 10 CFR 73.71 Reporting of Safeguards Events and Appendix G to Part 73, Reportable Safeguards Events.

CPNPP will use the definitions for the terms Contraband and Discovery (time of) in its current site Security Plan consistent with how these terms are currently defined in Regulatory Guide 5.76, Revision 1, Physical Protection Programs at Nuclear Power Reactors.

CPNPP is currently implementing a formal Corrective Action Program and has identified Conditions Adverse to Quality as they relate to Security Programs and items that are Conditions Adverse to Regulatory Compliance.

CPNPP is currently capable of making voluntary reports of suspicious activities, and this will not change in the interim until the new compliance date and allow for final revised regulatory guidance issuance.

o STA-501, Nonroutine Reporting, provides reporting requirements and considerations for voluntary reporting associated with suspicious activity The burden associated with rework for CPNPP is unnecessary while awaiting final clarity with publication of associated Regulatory Guides. Several examples of where rework will be required are:

o Revisions of associated procedures/processes, job aids, training materials and lesson plans that are used to describe and elaborate on reporting requirements.

o Coordination of work management and resources to align with station outage schedule(s). CPNPP is a two-unit site, with 18-month fuel cycles, resulting in a spring and fall outage for 2023, and a fall outage 2024.

o The re-training of impacted station personnel with updated information contained within the revised guidance documents:

Security Regulatory/Compliance Emergency Response Radiation Protection Operations - Accredited Training Program, requiring the use of the Systematic Approach to Training process. Examples of elements that drive the number of available weeks to train operators within a year are:

CPNPP executes [6] cycles per year.

CPNPP requires [6] weeks for each cycle of training, based on the number of operating crews, and licensed operators we have.

CPNPP requires some tasks to be trained every year, every 2 years and every 4 years; based on commitments, regulatory requirements and DIF (Difficulty, Importance, Frequency) ratings for accredited tasks.

CPNPP is required to meet a minimum number of technical training hours in accordance with ACAD 07-001, Guidelines for Continuing Training of Licensed Personnel.

CPNPP is required to administer annual operational exams and biennial written exams for licensed operators.

CPNPP is required to incorporate certain elements within its 2-year training cycle, that include outage applicable objectives, (including, but not limited to: core changes, plant modifications, Lower Mode operations).

Attachment to TXX-23086 Page 9 of 9 The Fall, 2024 refueling outage will impact scheduling of Operations training cycles and personnel availability for training.

D.

JUSTIFICATION FOR EXEMPTION Based on the NRCs projected timeline for completion of revisions to the Regulatory Guides associated with this final rule, Vistra OpCo is requesting a new compliance date of March 31, 2025, or 180 days after publication of final Regulatory Guides, whichever is later.

As stated above, Vistra OpCo will continue to implement the Security Plan as documented.

Since it has been reviewed and approved by the NRC, the CPNPP Security Plan provides reasonable assurance of safety and security. The delay in implementation of the final rule will not impact proper implementation of the current Security Plan and will ensure that the final rule is effectively implemented. Therefore, granting of this exemption will not endanger the life or property or common defense and security.

Implementation of the final rule without further interface, clarity, and refined guidance may result in unintended consequences which could reduce the effectiveness of the current Security Plan. Therefore, it is in the publics interest that CPNPPs Security Plan and associated procedures/processes comprehensively and accurately implement the regulation and guidance documents once resolution is obtained of identified issues.

The granting of this exemption would not violate the Atomic Energy Act, as the compliance date for the final rule is not required nor specified in the AEA as amended, any provisions of the Commissions regulations, or any other legally binding requirements imposed by the Commission.

The approval of this exemption request would be consistent with 10 CFR 73.5 because it is authorized by law and will not endanger life or property or the common defense and security and [is] otherwise in the public interest.

D.

ENVIRONMENTAL ASSESSMENT Vistra OpCo is requesting an exemption from the compliance date of January 8, 2024, for the Enhanced Weapons, Firearms Background Checks, and Security Event Notifications. The following information is provided in support of an environmental assessment and finding of no significant impact for the proposed exemption.

Vistra OpCo has determined that the exemption involves no significant increase in the amounts, and no significant change in the types, of any effluents that may be released offsite; that there is no significant increase in individual or cumulative public or occupational radiation exposure; that there is no construction impact; and there is no significant increase in the potential for or consequences from a radiological accident. Accordingly, the proposed one-time exemption meets the eligibility criteria for categorical exclusion set forth in 10 CFR 51.22(c)(25).

Pursuant to 10 CFR 51.22(b), no environmental impact statement or environmental assessment need be prepared in connection with the issuance of this proposed exemption request.