ML24298A065

From kanterella
Jump to navigation Jump to search
Comment (010) from Kati R. Austgen on Behalf of the Nuclear Energy Institute on PR-50, 52 and 73 - Alternative Physical Security Requirements for Advanced Reactors
ML24298A065
Person / Time
Site: Nuclear Energy Institute
Issue date: 10/23/2024
From: Austgen K
Nuclear Energy Institute
To: Carrie Safford
NRC/SECY
References
NRC-2017-0227, 89FR65226 00010
Download: ML24298A065 (1)
v  d  e


Text

Kati R. Austgen Sr. Project Manager, New Nuclear Phone: 202.340.1224 Email: kra@nei.org October 23, 2024 Secretary U.S. Nuclear Regulatory Commission Washington, DC 20555-0001 ATTN: Rulemakings and Adjudications Staff

Subject:

Nuclear Energy Institute Comments on Proposed Rule, Alternative Physical Security Requirements for Advanced Reactors [Docket ID NRC-2017-0227]

Project Number: 689 Submitted via Regulations.gov Rulemakings and Adjudications Staff:

On behalf of the nuclear energy industry, and as requested by the U.S. Nuclear Regulatory Commission (NRC) in 89 Fed. Reg. 65226, the Nuclear Energy Institute (NEI)1 hereby submits the following comments on the Proposed Rule, Alternative Physical Security Requirements for Advanced Reactors, and the associated draft guidance. NEI supports this effort by the NRC to amend its regulations to provide alternative risk-informed and performance-based physical security requirements for advanced reactors.

The alternative requirements will lead to greater regulatory stability, predictability, and clarity in the licensing process and reduce the need for exemptions. Our general support for this rulemaking notwithstanding, we are providing recommended changes that would make significant improvements to the proposed regulations and guidance.

The new requirements in the proposed rule will incentivize advanced reactor developers to incorporate a more a robust and effective security posture with less reliance on operational programs, i.e., incorporate security-by-design. Because a significant number of advanced reactor designers and potential operators 1 The Nuclear Energy Institute (NEI) is responsible for establishing unified policy on behalf of its members relating to matters affecting the nuclear energy industry, including the regulatory aspects of generic operational and technical issues. NEIs members include entities licensed to operate commercial nuclear power plants in the United States, nuclear plant designers, major architect and engineering firms, fuel cycle facilities, nuclear materials licensees, and other organizations involved in the nuclear energy industry.

Rulemakings and Adjudications Staff October 23, 2024 Page 2 Nuclear Energy Institute are either currently preparing applications or in the application process, we urge the NRC to complete this rulemaking in a timely manner to provide greater licensing certainty around security requirements for new facilities. NEI also suggests that during NRC deliberations on resolving the attached comments, the staff should consider the ongoing work in other areas where physical security-related topics are being addressed - this includes the Part 53 rulemaking and NRC actions in response to NEI Proposal Paper, Regulations of Rapid High-Volume Deployable Reactors in Remote Applications (RHDRA) and Other Advanced Reactors, dated July 2024.

NEIs comments identify several challenges with the proposed rule language and draft guidance, and propose solutions that will increase the effectiveness and efficiency of the alternative approach, while staying within the limited scope approved by the Commission. In particular, our comments address the following key topics:

1. The failure to remove interdiction and neutralization requirements from facilities that can maintain offsite doses below a consequence limit without the need for onsite and offsite armed responders is a disincentive for a designer to maximize security-by-design. NEIs proposed change would remove this disincentive and promote greater use of security-by-design. This outcome aligns with NRC policy goals and ensures that no regulatory burden is imposed on an applicant or licensee beyond what is necessary for adequate protection.
2. The proposed rule contains two consequence-based performance limits, one for determining overall security program acceptability [prevent releases that exceed those from Design Basis Accidents] and one for determining eligibility to use the alternative requirements [prevent releases exceeding offsite dose reference values]. This approach raises several issues and questions that must be resolved before publication of the final rule; the issues and questions are detailed in our comments. NEI is proposing a change that would result in a single consequence-based performance limit, one used by the agency in other regulatory areas to make determinations of reasonable assurance of adequate protection of the public health and safety.
3. In addition to a single consequence-based performance limit, NEI is also proposing the adoption of a general performance objective based on a security (vulnerability) assessment, which would include consideration of armed responders, to demonstrate that a facility has no achievable target sets. An alternative general performance objective is also provided that combines the consequence-based and security assessment-based standards into a single objective.

Our submittal comprises four attachments:

Comments on the Proposed Rule (Attachment 1)

Responses to the NRCs Specific Requests for Comment (Attachment 2)

Comments on DG-5071, Target Set Identification and Development for Nuclear Power Reactors

Rulemakings and Adjudications Staff October 23, 2024 Page 3 Nuclear Energy Institute (Attachment 3)

Comments on DG-5072, Guidance for Alternative Physical Security Requirements for Small Modular Reactors and Non-Light-Water Reactors (Attachment 4)

NEI has no comments relative to the NRC questions on Cumulative Effects of Regulation and potential impact of the information collection(s).

We appreciate the opportunity to provide our perspectives on this important regulatory matter. If you have questions or require additional information, please contact David Young at dly@nei.org.

Sincerely, Kati R. Austgen Sr. Project Manager, New Nuclear Attachment(s):

Comments on the Proposed Rule (Attachment 1)

Responses to the NRCs Specific Requests for Comment (Attachment 2)

Comments on DG-5071, Target Set Identification and Development for Nuclear Power Reactors (Attachment 3)

Comments on DG-5072, Guidance for Alternative Physical Security Requirements for Small Modular Reactors and Non-Light-Water Reactors (Attachment 4) c:

Mr. Greg Bowman, NRR, NRC Mr. Jeremy Bowen, NRR, NRC Mr. Jonathan Greives, NRR, NRC Mr. Craig Erlanger, NSIR, NRC Mr. Shakur Walker, NSIR/DPCP, NRC Mr. Tony Bowers, NSIR/DPCP, NRC Mr. Louis Cubellis, NSIR/DPCP/RPPB, NRC Ms. Beth Reed, NRR/DANU/UARP, NRC Mr. Dennis Andrukat, NMSS/REFS/RRPB, NRC

ATTACHMENT 1 Comments on the Proposed Rule

1. NRC policies encourage designers of new reactors to incorporate features that can provide a more robust and effective security posture with less reliance on operational programs, i.e., incorporate security-by-design. Recognizing that many different advanced reactor designs and approaches to security-by-design are possible, the NRC staff developed the proposed alternative requirements with a goal to make them technology-inclusive. While NEI supports this goal and appreciates the NRC staffs efforts toward it, we believe there is a category of advanced reactor that was not adequately considered in the development of the proposed rule. These are facilities that, if attacked by the Design Basis Threat (DBT) of radiological sabotage, possess the safety and security design features necessary to preclude an offsite consequence (dose) limit from being exceeded without any actions by an armed response force. As currently proposed, this type of facility would be required to have an interdiction and neutralization capability, even though actions by armed responders would not be necessary for adequate protection of public health and safety. This outcome is a disincentive for designers to incorporate features that maximize security-by-design.

NEI recommends the NRC amend the proposed alternative requirements concerning armed responders to recognize and accommodate facilities that will not require an armed response to maintain releases below those with consequences exceeding the offsite dose reference values defined in 10 CFR50.34(a)(1)(D)(1) and (2), and 52.79(a)(1)(vi)(A) and (B). These changes would incentivize more robust approaches to security-by-design, consistent with NRC policy, and ensure that no unnecessary regulatory burden is imposed on an applicant or licensee (i.e., only require what is necessary for adequate protection). In the approach envisioned by NEI, the licensee would be relieved of requirements related to an interdiction and neutralization capability, but, as a defense-in-depth measure, still be required to notify a supporting offsite agency or organization capable of providing an armed response. Because an armed response by a certain time would not be necessary to ensure that a release does not exceed a consequence limit, the timeline of an actual response to an attack would be determined by the incident commander (i.e., the lead law enforcement official dispatched to the site) based on public and plant worker safety considerations. NEI believes our recommended change is a logical outgrowth of the proposed rule and consistent with the Commission direction provided in Staff Requirements - SECY-18-0076 - Options and Recommendation for Physical Security for Advanced Reactors.2 As an example of how this change could be implemented, consider the achievable target set screening guidance in DG-5071 [not reproduced here because portions of the criteria are OUO-SRI]. The criteria could be revised to add a path whereby a facility is relieved of interdiction and neutralization requirements if a consequence threshold is not exceeded and no security bounding time or adversary interference precluded time (AIPT) is considered in the screening (i.e., the consequences are independent of the bounding or AIPT time).

2 Refer to https://www.nrc.gov/docs/ML1832/ML18324A469.html October 23, 2024 Page 5 An alternative approach to addressing this comment would be to retain the requirement for an applicant or licensee to have an interdiction and neutralization capability but remove the requirements in § 73.55(s)(2)(ii)(A)(2) through (5). Again, this option could be available if a threat-based analysis, with no consideration of on-site or offsite armed responders, demonstrates that the consequences do not exceed the offsite dose reference values defined in §§50.34(a)(1)(D)(1) and (2), and 52.79(a)(1)(vi)(A) and (B). As above, the licensee would be required to notify a supporting offsite agency or organization capable of providing the armed response, but the timeline of the response would be determined by the incident commander (i.e., the lead offsite official on the scene) based on public and plant worker safety considerations.

We also note that the proposed rule and guidance use release (which is taken as a proxy for dose) limits from Design Basis Accidents (DBAs) to support identification of target sets and to determine the acceptability of a physical security program. Given the reasonably expected offsite accident doses associated with advanced reactor designs, NEI believes that DBA releases are not a suitable standard for assessing the adequacy of a physical protection program. Our examples above use the offsite dose reference values in §§50.34(a)(1)(D)(1) and (2), and 52.79(a)(1)(vi)(A) and (B) instead of DBA doses.

If the NRC declines to use those reference values as a basis for granting relief from certain security requirements, then NEI recommends that the NRC determine a reasonable offsite dose limit based on a review of broadly recognized radiation protection standards for public exposures during an emergency. For example, in Radiation Protection and Safety of Radiation Sources: International Basic Safety Standards Development, the International Atomic Energy Agency (IAEA) recommends a public protection strategy centered on a residual dose in the range of 20-100 mSv (2-10 rem).

2. Proposed § 73.55(b)(3) states: A licensee holding an operating license under the provisions of part 50 of this chapter or a combined license under the provisions of part 52 of this chapter for a small modular reactor licensee or a non-light-water reactor licensee, must design the physical protection program to prevent a significant release of radionuclides from any source. The statements of consideration (SOC) clarify that the phrase a significant release of radionuclides from any source would encompass a postulated security-initiated event that would cause a release to the environment exceeding that analyzed in the design basis accident licensing basis. To be eligible to use the alternative physical security requirements, § 73.55(s)(1)(ii) requires an applicant or licensee to demonstrate that the consequences of a postulated radiological release that could result from a postulated security-initiated event do not exceed the offsite dose reference values defined in §§50.34(a)(1)(D) and 52.79(a)(1)(vi) of this chapter. So, the NRC in effect has proposed two consequence-based limits in this rule, one for determining overall security program acceptability [prevent releases that exceed those from DBAs] and one for determining eligibility to use the alternative requirements [prevent releases exceeding the 25-rem offsite dose reference values]. This approach raises several issues and questions that must be resolved before publication of the final rule:

October 23, 2024 Page 6 The proposed rule contains no clear basis for why there are different consequence/dose acceptance criteria in § 73.55(b)(3) and § 73.55(s)(1)(ii). Moreover, there may be cases where a consequence analysis could produce doses acceptable under § 73.55(s)(1)(ii) (i.e., less than the 25-rem offsite dose reference values) but contain releases exceeding those allowed by § 73.55(b)(3) (i.e., greater than a sites DBAs). Such a facility would be eligible to use the alternative requirements because the maximum dose is less than the offsite dose reference values defined in §§50.34(a)(1)(D) and 52.79(a)(1)(vi); however, because the maximum release exceeds that permitted by § 73.55(b)(3), the alternative requirements could not be used. During a public meeting on September 19, 2024,3 the NRC staff sought to address this regulatory incongruity by noting that the different consequence/dose acceptance criteria reflect the fact that armed responses are not considered in meeting the consequence limits stipulated in § 73.55(s)(1)(ii) but are a factor in determining compliance with § 73.55(b)(3). Many stakeholders find this distinction confusing. Therefore, NEI recommends that the NRC provide a full and clear explanation of this approach in the SOC if the NRC decides to retain it in the final rule.

Because releases (and hence offsite doses) from a security event must be less than those found in a facilitys suite of DBAs, the proposed § 73.55(b)(3) imposes much stricter (lower) acceptance limits than the NRCs 25-rem offsite dose reference values used for various reasonable assurance determinations. This seems inconsistent with the Commissions direction that security requirements reflect a reasonable assurance standard.4 Furthermore, the NRC proposes to use DBA releases as acceptance criteria with no consideration of the timing of the releases vis--vis the subsequent exceedance of an offsite dose limit. For example, suppose the limiting DBA offsite dose for a given source of radionuclides is 5 rem TEDE but that dose results from a release that begins three days into the accident sequence. A significant release taking many hours or days to develop would allow ample time for an ad hoc response from offsite agencies.

NEI recommends that the NRC either use the 25-rem offsite dose reference values or establish a new and reasonable offsite dose limit to serve as a general performance objective for physical security programs. This limit should be independent of facility design and accident characteristics.

The proposed general performance objective for Small Modular Reactors (SMRs) and non-Light Water Reactors (non-LWRs) in § 73.55(b)(3) is consequence-based (i.e., prevent 3 Refer to this public meeting notice - https://adamswebsearch2.nrc.gov/webSearch2/main.jsp?AccessionNumber=ML24247A070 4 Refer to Staff Requirements Memorandum (SRM)-SECY-16-0073 and SRM-SECY-18-0076.

October 23, 2024 Page 7 releases that exceed those from DBAs). While a consequence analysis is required to meet the eligibility requirements in § 73.55(s)(1), the NRC staff stated during the September 19, 2024, public meeting that a consequence analysis is not necessary to demonstrate compliance with § 73.55(b)(3). Given this information, it is not apparent how compliance with the general performance objective will be demonstrated.

In the September 19, 2024, public meeting, the NRC staff indicated that the goal of the proposed wording for § 73.55(b)(3) is to ensure that the licensee has a physical protection program that can protect at least one element of each target set. Because the target set explanation is more readily understood, NEI recommends that the NRC consider explicitly stating it in § 73.55(b)(3), either as an additional, alternative standard to the one proposed by the NRC (prevent a significant release or as modified in response to our other comments) or as a replacement for the proposed standard. Comment #5 provides a related recommendation concerning how these two standards could be combined into one performance objective.

The SOC clarifies that the phrase a significant release of radionuclides from any source would encompass a postulated security-initiated event that would cause a release to the environment exceeding that analyzed in the design basis accident licensing basis. Its not clear what is meant here with respect to that analyzed. Does this mean the highest release identified from the suite of facility DBAs? How is the limiting release determined - highest release rate, highest release concentration, highest total radioactivity released, or highest offsite consequence? Do different release bounding limits exist for different sources? For example, consider a site with two sources of radionuclides - one has a DBA release associated with an offsite consequence of 3 rem and the other 6 rem. The facility makes an NRC-approved change that raises the DBA consequence of an accident affecting the first source to 3.5 rem.

What changes, if any, to the facility security plan would be required in this case?

Basing the security general performance objective on DBA releases may have unintended consequences. For example, consider an operating facility that decides to invest in new features or technologies that could make the plant safer and lower potential releases and offsite consequences from accidents. This facility may need to increase physical security capabilities to align with the lower DBA releases. That is, a general performance objective linked to facility DBAs could provide a disincentive for a licensee to expend funds on increasing nuclear safety because they may be required to have more physical security capabilities to align with lower DBA releases.

During the consideration of this comment, and our other comments concerning the proposed DBA-based performance objective in § 73.55(b)(3), we suggest that additional perspectives on the suitability of this objective be sought from members of the NRCs Division of Advanced October 23, 2024 Page 8 Reactors and Non-Power Production and Utilization Facilities (DANU) and the Division of Safety Systems (DSS).

NOTE The next two comments (#3 and #4) deal with the NRCs proposed change to the General performance objective and requirements in § 73.55(b)(3). Comment #3 suggests new wording to better reflect the rules consequence-based approach while comment #4 suggests a change that would add clarity to the NRCs proposed wording. NEI recommends that the NRC adopt the new wording in comment #3; however, if that wording is found to be unacceptable, then the wording in comment #4 should be used.

3. For light water SMRs and non-LWRs, the General performance objective and requirements in § 73.55(b)(3) could be improved by using a clearer consequence-based standard, one that explicitly states acceptable dose limits. This could be done by incorporating the offsite dose reference values proposed in §73.55(s)(1)(ii). For example, proposed § 73.55(b)(3) could be revised to read:

... A licensee holding an operating license under the provisions of part 50 of this chapter or a combined license under the provisions of part 52 of this chapter for a small modular reactor licensee or a non-light-water reactor licensee, must design the physical protection program to prevent consequences from a postulated radiological release that could result from a postulated security-initiated event from exceeding the offsite dose reference values defined in

§§50.34(a)(1)(D) and 52.79(a)(1)(vi) of this chapter.

By adopting this approach, the NRC would directly incorporate into § 73.55(b)(3) the offsite dose reference values that are used by the agency to make adequate protection findings in other areas, thus providing greater regulatory stability, predictability, and clarity in the licensing process. It would also help resolve the issues and questions discussed in comment #2 above because the same consequence criteria would be used in both § 73.55(b)(3) and § 73.55(s)(1)(ii).

4. The SOC for the proposed rule clarifies that the phrase a significant release of radionuclides from any source would encompass a postulated security-initiated event that would cause a release to the environment exceeding that analyzed in the design basis accident licensing basis. Given the importance of this statement in understanding the performance objective, it should be incorporated directly into § 73.55(b)(3), e.g., A licensee holding an operating license under the provisions of part 50 of this chapter or a combined license under the provisions of part 52 of this chapter for a small modular reactor licensee or a non-light-water reactor licensee, must design the physical protection program to prevent a significant release of radionuclides from any source greater than those associated with design basis accidents and events included in the facility licensing basis.

October 23, 2024 Page 9 While the change shown above would improve the clarity of the current proposed wording, NEI encourages the NRC to discard this approach and adopt new consequence-based wording like that shown in comment #3 above.

5. For light water SMRs and non-LWRs, NEI encourages the NRC to develop a second, alternative standard for the General performance objective and requirements in § 73.55(b)(3) (i.e., in addition to the consequence-based standard). The alternative standard would give the applicant or licensee the option to demonstrate high (reasonable) assurance5 that no target set can be compromised, destroyed, or rendered non-functional by the DBT of radiological sabotage. Compliance would be demonstrated through an assessment of the effectiveness of the facilitys physical protection program, like that described in NUREG/CR-7145, Nuclear Power Plant Security Assessment Guide.6 By meeting this requirement, no significant releases and associated offsite consequences are possible.

This approach would allow consideration of all aspects of a physical protection program, including realistically expected actions by armed responders, and no consequence analysis should be necessary. Also see the related comment in our response to the NRCs Specific Requests for Comment #1(a) in Attachment #2.

The flowchart in Attachment 1 on page 13 shows an example of how the proposed security assessment option could fit into the security framework discussed in the proposed rule. The process and techniques for performing a security assessment, including the use of computer modeling and simulation tools, could be discussed in guidance. The guidance could also provide acceptance values for key analysis parameters such as probabilities of detection and neutralization, and minimum overall effectiveness.

Finally, it may be advantageous to combine a target set-based performance objective with one based on offsite consequences. The resulting § 73.55(b)(3) would be simpler and clearer, and could explicitly recognize mitigation capabilities made possible by the smaller and slower releases of fission products following the loss of certain safety functions noted in the SOC. For example, a single performance objective could read: The applicant or licensee must demonstrate that (1) the design of the physical protection program provides reasonable assurance that no target set objective can be achieved by the design basis threat of radiological sabotage; or (2) measures can be taken to prevent a release of radionuclides resulting in consequences exceeding the offsite dose reference values defined in 5 As explained in the proposed rule statements of consideration, the NRC views the concept of high assurance of adequate protection found in the NRC security regulations as equivalent to reasonable assurance when it comes to determining what level of regulation is appropriate. See also comment No. 10, infra, 6 Refer to https://www.nrc.gov/docs/ML1312/ML13122A181.pdf. Other examples of this approach can be found in DOE vulnerability assessment guidance that is not publicly available and in Sandia Report SAND2021-0768, U.S. Domestic Small Modular Reactor Security by Design.

October 23, 2024 Page 10

§§50.34(a)(1)(D) and 52.79(a)(1)(vi) of this chapter in the event a target set objective is achieved. As noted above, if the NRC determines that the offsite dose reference values are not suitable for this application, then another consequence limit could be used.

6. The NRC should reassess the decision to not allow consideration of any actions by an onsite armed response force (i.e., implementation of a site protective strategy) in scenarios used for the consequence analysis required by § 73.55(s)(1). The processes used by both the Department of Energy and the Department of Defense to perform security (vulnerability) assessments require that armed responder actions be considered in the construction of security scenarios. The NRC should also follow this approach. In addition, it is unclear why the NRC does not allow consideration of onsite armed response capabilities in the consequence analysis required by § 73.55(s)(1) but does include this consideration when determining if the general performance objective in § 73.55(b)(3) is met.

Relatedly, Regulatory Guide 5.81, Revision 1, the revision upon which DG-5071 is based, permits an alternative method to assess potential adversary interference with operator actions [not reproduced here because the discussion is OUO-SRI]. It is unclear why the alternative method permits consideration of certain response actions when determining the acceptability of an operator action, but those same response actions cannot be considered when developing security scenarios to use in the consequence analysis required by § 73.55(s)(1). Further, as proposed in DG-5071, the alternative method for assessing operator actions would also be applicable to SMR and non-LWR applicants and licensees. The NRC staff has not provided any criteria or guidance on how an applicant or licensee could implement this provision, and virtually no large LWR licensee has done so because of the implementation uncertainty and associated inspection risk.

7. The proposed rule states that The term advanced reactors, as used in this document, refers to nuclear power reactors that are non-light-water reactors (non-LWRs) or small modular reactors (SMRs) as SMR is defined in §171.5, Definitions. This section defines an SMR as follows:

Small modular reactor (SMR) for the purposes of calculating fees means the class of power reactors having a licensed thermal power rating less than or equal to 1,000 MWt per module. This rating is based on the thermal power equivalent of an SMR with an electrical power generating capacity of 300 MWe or less per module.

It is important to recognize that the SMR definition in 10 CFR part 171 specifically says that it is for the purposes of calculating fees for a class of power reactors (i.e., part of the criteria for setting NRC fees). The definition provides no suggestion that the power level threshold should be applied to other regulatory activities, such as setting safety-or security-related requirements. While the generally used definition of an SMR is based on a power level of 300 MWe (roughly equivalent to 1,000 MWt) or less, a reactor power level by itself does not determine the safety and release consequence characteristics of a given design. There may well be LWR SMR facilities with reactor power levels above 300 MWe /

October 23, 2024 Page 11 1,000 MWt that could meet the consequence-based acceptance criteria for using the alternative physical security requirements. Moreover, an operating facility meeting the reactor power level criteria when licensed, but later deciding to uprate the reactor power level beyond the 300 MWe / 1,000 MWt limit, could be required to make unnecessary changes to their physical protection program, even if the consequence-based criteria are still met.

For these reasons, the NRC should not tie the eligibility to use the alternative requirements to arbitrary reactor power levels and the references to the definition containing SMR power limits should be removed. This recommendation notwithstanding, we understand and agree that the APSRAR rule is not intended to be used by the currently operating fleet of large LWRs. Including this stipulation in the rule would provide greater clarity and, in addition, the NRC could consider adding eligibility criteria tied to a set of performance-based design capabilities/attributes.

8. Proposed § 73.55(s)(1)(ii) states: Eligibility. The applicant or licensee must demonstrate that the consequences of a postulated radiological release that could result from a postulated security-initiated event do not exceed the offsite dose reference values defined in §§50.34(a)(1)(D) and 52.79(a)(1)(vi) of this chapter. Both of the cited regulations contain introductory paragraphs with LWR-centric language, and an applicant or licensee for an advanced reactor could find this requirement confusing given the guidance found in DANU-ISG-2022-01, Review of Risk-Informed, Technology-Inclusive Advanced Reactor Applications Roadmap, Interim Staff Guidance.7 For these reasons, § 73.55(s)(1)(ii) should be revised to omit the LWR-related information and point specifically to the offsite dose reference values of interest, as follows:

Eligibility. The applicant or licensee must demonstrate that the consequences of a postulated radiological release that could result from a postulated security-initiated event do not exceed the offsite dose reference values defined in §§50.34(a)(1)(D)(1) and (2), and 52.79(a)(1)(vi)(A) and (B) of this chapter.

If this change is accepted, then it would also be applicable to our comment #3 above and our response to NRC question (1) in Attachment 2, as well as to DG-5071 and DG-5072.

9. To make the regulations more technology-inclusive (i.e., for non-LWRs that do not have a spent fuel pool), the following change is recommended to § 73.55(e)(9)(v):

(B) The spent fuel pool or, for non-LWRs, the spent fuel storage area; 7 Refer to https://www.nrc.gov/docs/ML2327/ML23277A139.pdf October 23, 2024 Page 12 This recommended change should also be considered for DG-5071 and DG-5072.

10. The proposed regulations and associated SOC use the term high assurance. The first instance of this term in the SOC has a footnote that references two Staff Requirements Memoranda with Commission direction that the NRC staff consider the concept of high assurance' of adequate protection found in the NRC security regulations to be equivalent to reasonable assurance' when it comes to determining what level of regulation is appropriate. Given this direction and in the interest of regulatory clarity, we believe the proposed regulations and SOC should use the term reasonable assurance. This change would also ensure consistency with the use of reasonable assurance in the proposed § 73.100, Technology-inclusive requirements for physical protection of licensed activities at commercial nuclear plants against radiological sabotage, which is part of the proposed Risk-Informed, Technology-Inclusive Regulatory Framework for Advanced Reactors rule.8 Outside of this rulemaking, the NRC should consider revising 10 CFR part 73 to change the seven instances of high assurance to reasonable assurance.
11. The proposed rule contains new provisions that would permit a licensee to rely on law enforcement to fulfill the interdiction and neutralization functions to protect against the DBT of radiological sabotage.

While this is a reasonable and beneficial change, we recommend that, outside of this rulemaking, the NRC consider a broader examination of how the United States' multi-layered national security framework supports the detection and mitigation of threats directed against nuclear power plants (i.e.,

can prevent attacks from happening or provide early warning of such attacks). The activities of a DBT-like group to plan, prepare, and practice an attack on a nuclear power plant would yield multiple opportunities for threat detection by Federal, State, and local law enforcement and homeland security agencies. The capabilities of these agencies to detect threats involving the level of resources and sophistication necessary to successfully attack a nuclear power plant should be evaluated to determine how they could inform NRC security regulation and policy. We note that the NRC was considering this type of evaluation several years ago.9

12. Editorial comment concerning the second sentence in § 73.55(b)(3): A licensee holding an operating license under the provisions of part 50 of this chapter or a combined license under the provisions of part 52 of this chapter for a small modular reactor licensee or a non-light-water reactor licensee, must design the physical protection program to prevent a significant release of radionuclides from any source. Remove the term licensee in the two struck instances.

8 Refer to https://adamswebsearch2.nrc.gov/webSearch2/main.jsp?AccessionNumber=ML24283A027 9 Refer to Risk Informed Activities Completed or Not Active (FY2020 Update) -

https://adamswebsearch2.nrc.gov/webSearch2/main.jsp?AccessionNumber=ML20356A069 October 23, 2024 Page 13 High-Level Flowchart of Example Process for Implementing an Optional Security Assessment Facility meets SMR or non-LWR criteria Determine target elements and target sets (DG-5071)

Assessment results V&Ved in FOF exercise prior to startup Screen for achievable target sets (DG-5071) -

no response force credit Achievable Target Set?

Can use alternative requirements Perform security assessment - can credit response force actions Assessment results indicate PE* > NRC acceptance value

  • Probability of effectiveness Initial demonstration per existing NRC requirements Perform § 73.55(s)(iv) analysis - no response force credit Analysis demonstrates that offsite reference doses are not exceeded No Yes Applicant option #2 -

Perform security assessment (proposed)

Applicant option #1 -

Perform consequence analysis (DG-5072)

Can use alternative requirements De"ne physical protection program, including alternatives

ATTACHMENT 2 Responses to the NRCs Specific Requests for Comment In the Specific Requests for Comment section of the proposed rule, the NRC staff indicated that they are seeking comments and supporting rationale from the public on four questions. The questions are presented below and following by NEIs response.

(1) Some advanced reactors may have designs that are significantly different from the current operating large LWRs. These large LWRs must meet the requirement found in §73.55(b)(3) for preventing significant core damage and spent fuel sabotage. The NRC is proposing that advanced reactors meet a new technology-inclusive requirement that would prevent a significant release of radionuclides from any source.

(a) If non-LWRs and SMRs should use a different requirement, then what other suitable requirement besides preventing a significant release of radionuclides from any source could be applicable to SMRs and non-LWRs? Please provide the basis for your response.

NEI response: The NRC should consider adding a second, alternative requirement (i.e., an alternative to a consequence-based requirement). While a consequence-based general performance objective is appropriate and useful for the licensing of light water SMRs and non-LWRs, an alternative requirement should be added (i.e., as a second standard). This alternative approach should allow an applicant or licensee to demonstrate that the physical protection program provides high (reasonable) assurance against the loss of a target set.

This demonstration would be done by performing a security assessment, like that described in NUREG/CR-7145, Nuclear Power Plant Security Assessment Guide.10 The distinction here is that an alternative approach based on a security assessment may not require a consequence analysis and, unlike the achievable target set screening described in DG-5071 and the analysis described in DG-5072, a security assessment could consider actions performed by the security organization, including any use of armed responders to implement the site protective strategy. The security assessment would consider the selected alternatives, and installed safety and security features, and reflect armed response capabilities in a bifurcated manner:

If the design of the physical protection program does NOT make use of an offsite response force (i.e., no offsite armed responders are required to implement the protective strategy), then the alternative requirements may be used provided the assessment results demonstrate a sufficiently high effectiveness against the loss of any target set (e.g., a probability of effective, PE, greater than some value).

If the design of the physical protection program makes use of an offsite response force (e.g., law enforcement), then the assessment should demonstrate a sufficiently high 10 Refer to https://www.nrc.gov/docs/ML1312/ML13122A181.pdf. Other examples of this approach can be found in DOE vulnerability assessment guidance that is not publicly available and in Sandia Report SAND2021-0768, U.S. Domestic Small Modular Reactor Security by Design.

October 23, 2024 Page 15 effectiveness against the loss of any target set or that actions to mitigate the loss of a target set can be performed to prevent a consequence limit from being exceeded.

We note that security (vulnerability) assessments are used by the U.S. Department of Energy (DOE) to support the development and maintenance of security programs at their facilities, including facilities handling nuclear materials.11 The DOE has requirements on how these assessments can be integrated into the design, construction, and transition to operations phases of a new facility. Additional requirements ensure that security assessments are periodically performed at operating facilities to support determinations of the effectiveness and adequacy of security programs. The results of these assessments are verified and validated through evaluations of security organization performance in force-on-force exercises.

We recognize that this alternative approach could be considered subsumed in the regulatory language aimed at preventing a release of radioactive materials greater than some limit (because without the loss of a target set, no release limits could be challenged);

however, to ensure regulatory clarity, we believe the security assessment approach should be specifically addressed as an alternative to an approach requiring a consequence analysis. The process and techniques for performing the security assessment, including the use of computer modelling and simulation tools, would be discussed in guidance. The guidance would also provide acceptance values for key analysis parameters such as probabilities of detection, neutralization, and overall effectiveness.

(b) The NRC also considered using a more specific technology-inclusive requirement, such as the dose reference values currently found in §§50.34(a)(1)(ii)(D) and 52.79(a)(1)(vi). How could the NRC implement the use of such a dose-based requirement (e.g., offsite dose reference values) in the context of evaluating physical security for a site? If there should be alternative value(s) (such as a different dose-based or safety-based value(s)), what would be a suitable alternative value(s)?

Please provide the basis for your response.

NEI response: As discussed in Attachment 1, we believe the proposed dose reference values found in §§50.34(a)(1)(D)(1) and (2), and 52.79(a)(1)(vi)(A) and (B) are appropriate for establishing technology-inclusive security general performance objective and requirements. In fact, in our view, basing the general performance objective in §73.55(b)(3) on the dose criteria in these sections is a superior approach to that described in the proposed rule (i.e., preventing a significant release of radionuclides from any source). The dose reference values have long been used by the NRC to support findings of adequate 11 For example, refer to DOE O 470.3, Design Basis Threat, and DOE G 413.3-3A, Safeguards and Security for Program and Project Management.

October 23, 2024 Page 16 protection. This includes determinations of site suitability for a commercial nuclear power plant as well as a reference value used in the evaluation of plant design features with respect to postulated reactor accidents. An applicant or licensee could demonstrate compliance with this dose-based requirement through performance of a consequence analysis using scenarios based on the results of a security assessment.

In addition, a dose-based requirement could be used to evaluate physical security for a site by utilizing offsite dose reference values as a measure to assess the effectiveness of a Force-on-Force (FOF) exercise. For example, if a target set were lost, a licensee could assess the impact of that occurrence by examining the timing and magnitude of a subsequent release, including consideration of all safety features and operator actions that could be completed after adversary interference is precluded or a security bounding time.

Concerning the second question and as noted above, an alternative approach to would be to base the §73.55(b)(3) general performance objective on the licensee having a physical protection program that prevents the loss of any target set. The alternative value for demonstrating compliance would be a programs probability of effectiveness, PE, as determined by a security assessment. This type of assessment, sometimes referred to as a vulnerability assessment, would consider all aspects of a facilitys physical protection program, including any use of armed responders to implement the site protective strategy.

The acceptance value for PE could be defined in guidance.

(2) The NRC is not proposing a hybrid approach that would allow a licensee to rely on a combination of onsite armed responders and law enforcement or other offsite armed responders to implement the licensee's protective strategy. Why should or shouldn't the NRC establish requirements and supporting guidance to allow for such a hybrid approach? What changes are necessary to the proposed rule and supporting guidance to address potential hybrid approaches?

Please provide the basis for your response.

NEI response: The NRC should establish requirements and supporting guidance to allow for a hybrid approach, as this will provide applicants and licensees with greater flexibility in developing physical security programs. Given the proposed rule language and the level of detail in DG-5072, it would seem that relatively little additional effort would be needed to provide this option. The regulations and guidance could state that a hybrid approach is permitted and that if an applicant or licensee chooses to implement this option, the requirements for onsite and offsite responders would apply as applicable to both subsets of responders.

(3) The NRC recognizes that allowing licensees to rely entirely or partially on law enforcement, rather than onsite armed responders, to interdict and neutralize threats up to and including the DBT of radiological sabotage, is a novel approach to meeting the performance objectives in October 23, 2024 Page 17

§73.55(b). Has the NRC adequately addressed the uncertainties associated with the proposed requirements at 10 CFR 73.55(s)(2)(ii)? Please provide the basis for your response.

NEI response: Yes, the NRC has adequately addressed the uncertainties associated with the proposed requirements in § 73.55(s)(2)(ii). These uncertainties and the methods for addressing them are discussed in the proposed rule (e.g., requirements for compensatory measures) and DG-5072 (e.g., use of safety margin factors in Security Bounding Time and AIPT calculations). In our comments on DG-5072 in Attachment #4, we state our belief that the proposed guidance for addressing uncertainties is overly conservative and suggest changes to make it reasonable.

(4) Some advanced reactors may have design characteristics or engineered safety features that would contribute to the ability of a designer to show that the criteria in proposed §73.55(s)(1) are met. However, the NRC is not currently proposing to add any submittal requirements in this regard for standard design certification applications under subpart B to 10 CFR part 52. What would be the potential benefits and challenges if the NRC were to add optional submittal requirements on such design characteristics or engineered safety features to §52.47, Contents of applications; technical information, similar to those for emergency plans for early site permit applicants in

§52.17(b)(2) and (3)? To what extent should the NRC consider security matters resolved under

§52.63(a)(5) for a standard design certification when the information that would be required to show that the criteria in proposed §73.55(s)(1) are met is provided by a design certification applicant and reviewed by the NRC as part of the certification process?

NEI response: Including optional physical security plan-related submittal requirements in § 52.47 for design certification applicants would incentivize security-by-design and reduce the reliance on operational programs for physical security. Nonetheless, design certification applicants should be afforded an opportunity to provide standardized physical security plans that could be referenced by future applicants and licensees to support facility operation. While the NRCs review of this information would result in increased resources spent on design certification application reviews, these challenges likely would be outweighed by the resource savings that would be achieved in subsequent license application reviews. Specifically, license applications referencing a certified design that included physical security plan-related information could be reviewed in a more streamlined fashion, since all or some portion of the physical security-related information would have been reviewed as part of the design certification application. Considering that multiple license applications could reference the certified design, the resource savings would be multiplied since the NRC would not need to review physical security plan-related information in each of these subsequent applications (as is the current practice with operating license and combined license application reviews).

October 23, 2024 Page 18 From a finality perspective, matters related to physical security (including design-and program-related information) should be afforded the same level of finality as other portions of a design certification covered by § 52.63(a)(5). Deviations from those design requirements or standardized operational programs addressed by the design certification could be addressed in the same manner as other information in the certified design.

Similar to the discussion above regarding design certification applications, the NRC should also implement similar modifications to the requirements in Part 52 Subpart E for standard design approval applications and Part 52 Subpart F for manufacturing license applications.

Specifically, applicants for standard design approvals and manufacturing licenses should be incentivized to implement security-by-design and provided with an option to submit major features or a portion of a security plan as part of the license application requirements outlined in § 52.137 and § 52.157, respectively. This change could provide efficiency gains for future license applicants referencing either the standard design approval or manufacturing license and would facilitate the implementation of standardized operational programs across multiple facilities using the same technology. Further, the aforementioned physical security information included as part of a standard design approval or manufacturing license should be afforded the same level of finality currently described in § 52.145 and § 52.171, respectively. This is consistent with the discussion above regarding § 52.63(a)(5) and the finality that would be afforded to this type of information in a certified design.

NEI notes that at the time these comments were developed and submitted, the NRC made a draft of the staff white paper Nth-of-a-Kind Micro-Reactor Licensing and Deployment Considerations,12 dated September 2024, publicly available (to support interactions with the Advisory Committee on Reactor Safeguards). The NRC staff should consider the material in this white paper when determining the changes to be made to the proposed rule as a result of stakeholder responses Question #4.

12 Refer to https://adamswebsearch2.nrc.gov/webSearch2/main.jsp?AccessionNumber=ML24268A310

ATTACHMENT 3 Comments on DG-5071, Target Set Identification and Development for Nuclear Power Reactors NEI has no comments on DG-5071; however, some of our comments made in Attachments #1 and #2, if accepted, will necessitate changes to this document.

ATTACHMENT 4 Comments on DG-5072, Guidance for Alternative Physical Security Requirements for Small Modular Reactors and Non-Light-Water Reactors

1. General comment - the DG should include a discussion of an option for an advanced reactor designer (or other party) to propose a standard security plan template along with the geographic bounding conditions that must be met to support use by a facility applicant or licensee. Once approved by the NRC, the security plan template could be adopted by an applicant or licensee and submitted with site-specific information along with material demonstrating that the bounding conditions have been met. The NRC staff discusses this approach in Enclosure 1 to Draft NRC Staff White Paper, Nth-of-a-Kind Micro-Reactor Licensing and Deployment Considerations.13
2. On page 3, in the Related Guidance section, there appears to be an editorial error. LLWRs should be the abbreviation for large light-water reactors.
3. On page 7, in the Background section, we believe the reference to the current fleet of operating reactors as Generation III LWRs is incorrect. Most government, academic and industry organizations label the current fleet of BWRs and PWRs (outside of Vogtle 3 and 4) as Generation II LWRs.
4. On page 9, in Figure 1, the Eligibility block note says Eligibility: Verify, independent from security program, through What does independent from security program mean? It is industrys understanding that the scenarios analyzed as required by § 73.55(s)(1)(ii) can credit/account for all safety and security features (exclusive of armed responders). If this is not the case, then it would be a disconnect from what industry heard as stated NRC staff positions in the public meetings held to gather stakeholder input for the proposed rule.
5. On page 10, step 3.2 contains a typo - the NRC to determine a that the
6. With respect to Figure 1:

Figure 1 Block DG-5072 Sections

  1. 1 - Eligibility 2, 4
  1. 2 - Identify and Document 3
  1. 3 - Demonstrate No section is provided, and one should be added. It is assumed that this refers to demonstrations under a performance evaluation program required by Appendix B, General Criteria for Security Personnel, to 10 CFR part 73.

13 Refer to https://adamswebsearch2.nrc.gov/webSearch2/main.jsp?AccessionNumber=ML24268A314, pages 24 and 25.

October 23, 2024 Page 21 In addition, on page 11, it is unclear why section 4 is separate from section 2 on page 10. It is assumed that these sections refer to the same analysis. That being the case, the sections should be combined so that they reflect the process order presented in Figure 1.

7. On page 11, step 3.4 contains a typo - change exiting to existing.
8. On page 12, steps 4.4, 4.5, and 4.6 provide minimal guidance on creating the DBT-and security-related event scenarios to analyze in accordance with the requirements in § 73.55(s)(1)(ii) and (iv). This guidance is not sufficient for an applicant or licensee to develop the necessary event scenarios, or to understand what associated assumptions and analysis techniques are acceptable to the NRC. Given that this guidance is central to being able to understand and implement a key aspect of the final rule, we recommend that the NRC develop additional guidance and make it available for public comment prior to sending the final rule to the Commission for approval.
9. On page 12, step 4.3 should be revised to make clear how the applicant or licensee is to use the sites Security Bounding Time (SBT) when evaluating potential radiological releases from DBT-and security-related events. How exactly is the SBT-related information to be considered in this regard?
10. On page 12, steps 4.5.1 and 4.5.2 need the word significant added to the phrase...

release of radioactive... to maintain alignment with rule wording and DG-5071.

11. On pages 13 and 14, step 4.11 should also reference Regulatory Guide 1.249, Use of ARCON Methodology for Calculation of Accident-Related Offsite Atmospheric Dispersion Factors.
12. On page 16, step 6.4.2 - to maintain consistency with the rule wording and DG-5071, we suggest changing the text to read... design and configure the structures housing the reactor, spent fuel, and other inventories capable of causing a significant release of radiological material to withstand the effect of the DBT vehicle bomb.
13. On page 19, step 6.7.8 - to maintain consistency with the rule wording and DG-5071, the last sentence should read:... prevent the DBT of radiological sabotage from causing a significant release of radionuclides from any source that would...
14. On page 25, step 8.1.5 - to promote consistent performance and regulatory reviews of analyses (and security plans more broadly), the NRC should clearly define whether a Remotely Operated Weapons System (ROWS) operator is considered to be an armed October 23, 2024 Page 22 responder. This information should specify the attributes needed by an applicant or licensee to make this determination.
15. On page 27, step 9.2 - some communications and data transmissions between a site alarm station and an offsite secondary alarm station could contain Safeguards Information (SGI).

Step 9.2 should instruct the applicant or licensee to consider these potential occurrences and ensure that appropriate controls and technologies, such as those supporting communications using encrypted data, are in place to prevent unauthorized access to SGI.

16. On page 2 of Appendix C, step 2.3 - while NEI agrees that rounding up the sum of the six SBT time elements is appropriate, the directed rounding to the next full hour is excessive for sums that includes a number of minutes under 30. NEI recommends that the minutes in a sum of SBT time elements be rounded up to the next 30-minute time increment (e.g. a sum of 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> and 15 minutes would be rounded up to 4.5 hours5.787037e-5 days <br />0.00139 hours <br />8.267196e-6 weeks <br />1.9025e-6 months <br />).
17. On page 11 of Appendix C, step 3.6 - while NEI agrees that a Safety Margin Time factor is appropriate to account for uncertainties, the proposed 50% factor is excessive and will lead to unreasonable security bounding times. NEI recommends that the factor be changed to 25%.
18. On page 13 of Appendix C, step 5.2 - while NEI agrees that rounding up the sum of the four AIPT time elements is appropriate, the directed rounding to the next full hour is excessive for sums that includes a number of minutes under 30. NEI recommends that the minutes in a sum of AIPT time elements be rounded up to the next 30-minute time increment (e.g. a sum of 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> and 15 minutes would be rounded up to 4.5 hours5.787037e-5 days <br />0.00139 hours <br />8.267196e-6 weeks <br />1.9025e-6 months <br />).
19. On page 13 of Appendix C, step 5.3 - while NEI agrees that a safety margin factor is appropriate to account for uncertainties, the proposed 50% factor is excessive and will lead to unreasonable AIPTs. NEI recommends that the factor be changed to 25%.
Retrieved from "https://kanterella.com/w/index.php?title=ML24298A065&oldid=3748417"