BSSDP Public Meeting Presentation June 26, 2025

ML25175A194
Person / Time
Issue date:	06/26/2025
From:	Jeffrey Bream, Brooks M NRC/NSIR/DSO/SOSB
To:
References
Download: ML25175A194 (17)
v • d • e

Text

NRC Public Meeting Reshaping the Baseline Security Significance Determination Process (BSSDP)

Maury Brooks, Security Specialist Jeff Bream, Senior Security Risk Analyst NSIR/DSO/SOSB June 26, 2025

Agenda

Background

Objectives Incorporating External Stakeholder Feedback New Proposed Path Forward New Flowchart Overview Likelihood of Exploitability Impact to the Physical Protection Program IMC 0609, Appendix M Finding Examples Next Steps Slide 2

=

Background===

Slide 3 d

Phase I

• Evaluate survey feedback/problem statement/areas for BSSDP improvement.

• Set initial taskings to identify, develop, organize, and document BSSDP improvement ideas, including options.

Phase II Develop proposed changes to enhance the existing process for dispositioning performance deficiencies.

Submit proposed changes to the Commission for approval.

Objectives Slide 4 1.

Revise the existing BSSDP for consistency and repeatability. In doing so, the WG will explore ways to increase the use of risk information within the BSSDP.

2.

Identify specific areas of improvement for the BSSDP training course(s).

-Access Authorization

-Access Control

-Contingency Response

-Physical Protection

• Key Attributes Impacts to Physical Protection Program and Time

• Exploitation Probability

+ Duration Significance Determination

• Final step Determining Security Significance

Incorporating External Stakeholder Feedback Slide 5 In addition to internal NRC objectives, staff also incorporated feedback received from external stakeholders:

A clear distinction in significance between Human Performance and Programmatic Issues has been included in the revised process.

Programmatic PDs are predictable and identifiable through surveillance of licensee activities or through access to procedures, records, or documentation available to the passive insider.

Human Performance PDs are the result of staff not following all appropriate procedures, programs, and training, therefore less predictable/exploitable.

Incorporating External Stakeholder Feedback (contd)

Slide 6 Additional entry criteria and risk insights have been added to the Significance Screen, which further defines low/medium/high thresholds.

Specifically, the proposed process assesses risk based on the likelihood that a performance deficiency can be exploited by an adversary versus the actual or potential impact to the physical protection program.

This proposed revision considers site protective strategy defense-in-depth, totality of security plan requirements, and degree of availability of information to an adversary.

New Proposed Path Forward Slide 7

• As with the current SDP, only findings determined to be more than minor (IMC 0612, Appendix B, "Issue Screening Directions) require the inspector to enter the BSSDP at the top of Figure 1.

• The inspector determines which of the five areas best relates to the PD(s) being evaluated.

• If none of the previous pathways are sufficient in making a reliable, risk-informed significance determination, IMC 0609 Appendix M, Significance Determination Using Qualitative Criteria should be used.

New Flowchart Overview Slide 8

Slide 9 Likelihood of Exploitability I

Human Performance PD impacted only critical group staff (not involving contraband).

Programmatic PD existed for less than 30 days.

PD was not readily observable, predictable, or repeatable (e.g., unknown, contained in SGI procedures, etc.)

Limited or isolated impact to PA barrier security detection and assessment system or component.

II Human Performance PD impacted licensee staff and contractors with UA/UAA (including materials, vehicles, packages handled by staff with UA).

Programmatic PD existed for 30 days to one year.

PD could be identified by personnel with access to the site or non-SGI licensee procedures.

Multiple consecutive sections of the PA barrier security detection and assessment system or component.

III Human Performance PD impacted escorted personnel or personnel without UA/UAA (e.g., visitor, vehicle, bulk/hazardous material).

Programmatic PD existed for greater than one year.

PD could be identified with publicly available information or observation.

Significant (i.e., >75%) sections of the PA barrier security detection and assessment system or component with a single point vulnerability.

Likelihood of Exploitability

Impact to the Physical Protection Program (IPPP)

Low Failure of a component of the physical security plan or protective strategy for which there is limited impact to the ability of the licensee to respond to an adversary action.

Failure of a key program element related to the prescribed requirements and standards for the establishment, implementation, and maintenance of the fitness-for-duty (FFD) or Access Authorization (AA) program resulting in limited program impact.

Medium Failure of a component of the physical security plan or protective strategy for which there was a moderate impact to the ability of the licensee to respond to an adversary action.

Failure of a key program element related to the prescribed requirements and standards for the establishment, implementation, and maintenance of the FFD or AA program resulting in moderate program impact.

High Failure of a component of the physical security plan or protective strategy for which there is a significant impact to the ability of the licensee to respond to an adversary action.

Failure of a key program element related to the prescribed requirements and standards for the establishment, implementation, and maintenance of the FFD or AA program resulting in significant program impact.

Slide 10

Impact to the Physical Protection Program (IPPP)

Low Inadequate search of personnel, material, or vehicle for which no contraband was present, or unauthorized personnel entered the protected area but was immediately identified or in positive control of security personnel the entire time.

UA/UAA inappropriately granted or maintained but affected staff never entered the PA.

Staff with UA inappropriately granted access to VA for which they do not have continuing need.

Previously unidentified or unanalyzed vulnerability in the protective strategy that could allow an adversary to compromise one component of a multi-component target set.

One armed responder, armed security officer, or alarm station operator unavailable or unable to respond to a contingency event due to availability of response equipment, being out of position, or attentiveness.

Limited failure of the training and qualification program not directly associated with protective strategy response duties.

Limited failure of detection or assessment system such that unauthorized persons could enter the protected area undetected but would likely be detected through other means.

A cyber event, cyber vulnerability, or failure to implement cybersecurity controls on a CDA or CDAs that would adversely degrade the security function or security functions of a CDA, but the compromise would likely be detected through alternate controls that are in place.

Slide 11

Impact to the Physical Protection Program (contd)

Medium UA/UAA inappropriately granted or maintained and affected staff entered the PA.

Previously unidentified vulnerability in the protective strategy that could allow an adversary to compromise a complete target set but for which the protective strategy can respond.

Multiple (but not full shift complement) armed responders, armed security officers, or alarm station operators unavailable or unable to respond to a contingency event due to failure to be properly qualified (IAW the training and qualification plan), availability of response equipment, being out of position, or attentiveness.

Significant failure of detection or assessment system such that unauthorized persons could enter the protected area undetected.

A cyber event, cyber vulnerability, or failure to implement cybersecurity controls on a CDA or CDAs that would degrade a security function or security functions on a CDA.

Personnel responsible for program implementation lack sufficient knowledge, skills, and abilities to implement the FFD program according to procedural requirement.

Slide 12

Impact to the Physical Protection Program (contd)

High Contraband entered the protected area, or an unauthorized person entered the protected area and was uncontrolled.

UA/UAA inappropriately granted or maintained and affected staff should have been denied for trustworthiness and reliability.

Previously unidentified vulnerability in the protective strategy that could allow an adversary to compromise a complete target set for which the protective strategy cannot prevent.

A full shift of armed responders, armed security officers, or alarm station operators unavailable or unable to respond to a contingency event due to be properly qualified (IAW the training and qualification plan), availability of response equipment, being out of position, or attentiveness.

Significant failure of the security training and qualification program such that security officers would be unable to implement the protective strategy to successfully respond to an adversary attack.

A cyber event, cyber vulnerability, or failure to implement cybersecurity controls on a CDA or CDAs that has degraded a security function or security functions on a CDA that would affect the security forces ability to respond with in the protective strategy assumed timelines.

Inadequate FFD written procedures, such that armed responders, armed security officers, or alarm station operators could not be able to implement the protective strategy due to impairment.

Slide 13

IMC 0609, Appendix M, Significance Determination Process Using Qualitative Criteria New guidance for use in the Security Cornerstone.

Used in rare and unique situations when the BSSDP is not adequate to assess significance of a finding.

This appendix provides guidance for assessing the significance of inspection findings in all cornerstones of the Reactor Oversight Process (ROP) to allow the NRC to apply a consistent process of using qualitative and quantitative attributes for risk-informed decision making.

Slide 14

Finding Examples

1) The licensee failed to correct a fault in the security power distribution system that could have resulted in an uncompensated loss of the PA perimeter intrusion detection and assessment system upon a loss of offsite power. The deficiency was documented in licensee maintenance records and existed for greater than one year.

- Likelihood of Exploitability: Level III

• Level III - Significant (i.e., >75%) sections of the PA barrier security detection and assessment system or component with single point vulnerability;

• Level III - Programmatic PD existed for greater than one year;

• Level II - PD could be identified by personnel with access to the site or licensee procedures;

- IPPP: Medium

• Significant failure of detection or assessment system such that unauthorized persons could enter the protected area undetected.

- Significance: White Slide 15

Finding Examples (contd)

2) The licensee failed to implement a required element of the access authorization program such that a contractor was granted unescorted access inappropriately. The contractor entered the PA prior to the identification of the error. Upon completion of the required element, the licensee determined that the contractor should have been denied access authorization.

- Likelihood of Exploitability: Level II

• Level III - Human Performance PD impacted escorted personnel or personnel without UA/UAA (e.g., visitor, vehicle, bulk/hazardous material);

• Level I - PD was not readily observable, predictable, or repeatable (e.g., unknown, contained in SGI procedures, etc.);

- IPPP: High

• UA/UAA inappropriately granted or maintained and affected staff should have been denied for trustworthiness and reliability.

- Significance: White Slide 16

Next Steps Slide 17 Milestone Target Date SECY Drafting/Finalization June-July 2025 SECY Submission to OEDO October 1, 2025 Questions?