Text

POLICY ISSUE (Information)

November 26, 2024 SECY-24-0097 FOR:

The Commissioners FROM:

Mirela Gavrilas, PhD Executive Director for Operations

SUBJECT:

ANNUAL UPDATE ON MODERNIZATION AND IMPLEMENTATION OF THE U.S. NUCLEAR REGULATORY COMMISSION'S DIGITAL INSTRUMENTATION AND CONTROLS REGULATORY INFRASTRUCTURE PURPOSE:

This paper provides the Commission with the update for fiscal year 2024 of progress related to modernization and implementation of the U.S. Nuclear Regulatory Commission's (NRC's) digital instrumentation and controls (Dl&C) regulatory infrastructure including: 1) reviewing associated licensing actions; 2) conducting related oversight, 3) conducting regulatory research, and 4) engaging domestic and international stakeholders. This paper summarizes significant Dl&C accomplishments completed since the last update in 2023 (Agencywide Documents Access and Management System Accession No. ML23228A226), as well as ongoing significant activities. This paper does not address any new commitments or associated resource implications.

BACKGROUND:

In 2022, the NRC staff completed the Dl&C integrated action plan (IAP) approved by the Commission in 2016 (ML16299A157). The staff is now focused on reviewing licensing actions, conducting effective oversight and continuing to explore additional infrastructure enhancements through regulatory research and engaging domestic and international stakeholders.

DISCUSSION:

The NRC staff has completed Dl&C infrastructure modernization activities and has begun to use the improved infrastructure to support Dl&C projects in accordance with the NRC Principles of Good Regulation. The NRC staff continues to apply the Be riskSMART framework as it uses the modernized Dl&C infrastructure to review requested licensing actions and research modern hazard analysis methodologies, which are discussed further below.

CONTACTS: Robert Kuntz, NRR/DORL 301-415-3733 Michael Marshall, NRR/DORL 301-415-2871

The Commissioners 2

Licensing (Infrastructure and Reviews)

The NRC staff continues to implement licensing infrastructure enhancements, encourage and conduct preapplication engagement with potential applicants, and conduct licensing reviews.

Significant 2024 activities are discussed below.

NRG Risk-Informed Dl&C Common Cause Failure (CCF) Guidance A significant accomplishment this fiscal year was issuance of revised staff review guidance 1 to reflect the Commission's risk informed policy on Dl&C CCF in SRM-SECY-22-0076 (ML23145A176) which incorporates a risk informed approach to diversity in digital systems.

CCF encompasses potential systematic, nonrandom, concurrent failures of redundant elements.

For example, software design errors, programming errors, or hardware design errors could result in a CCF of redundant trains controlled by identical digital l&C systems. These failures are of less concern in analog l&C systems because they do not rely on software and are not capable of the same degree of integration of functions as modern digital technologies. Notably, the NRC staff completed the final implementing guidance within a year.

Industry Methodology for Risk-Informed Dl&C CCF On July 24, 2023, the Nuclear Energy Institute (NEI) requested staff pre-endorsement discussions on an alternative to using diversity for defense in depth of Dl&C safety systems when addressing potential vulnerabilities to Dl&C CCF 2 and an associated fee exemption request (ML23205A192). The NRC's Chief Financial Officer granted the fee exemption on October 25, 2023 (ML23206A010). The NRC staff met with the NEI in January 2024 to gain further understanding of the alternative and provided feedback to NEI in February 2024 (ML24081A025). In March, April, July, and October 2024, follow-up meetings were held to discuss the staff's comments and changes NEI made to the draft document. The fee exemption expired on October 25, 2024, and NEI submitted an additional fee exemption on October 31, 2024 (ML24307A001 ), which the staff is currently reviewing.

Incorporation of Updated Codes and Standards To allow use of updated Dl&C codes and standards, the staff began activities to incorporate the current (2018) version of Institute of Electrical and Electronics Engineers (IEEE) Standard 6033 into the NRC's regulations4. In 2023, the staff met with stakeholders (ML23242A169) to discuss options for industry use of IEEE Standard 603-2018 and determined that rulemaking is the most appropriate option to provide industry with the regulatory confidence to use IEEE Standard 603-2018 and streamline the endorsement of new and improved standards that are developed to

• address digital technology advancements.

1 Branch Technical Position (BTP) 7-19, "Guidance for Evaluation of Defense in Depth and Diversity to Address Common-Cause Failure due to Latent Design Defects in Digital Instrumentation and Control Systems" (ML24005A077).

2 NEI 20-07, "Guidance for Addressing Common Cause Failure in High Safety-Significant Safety-Related Digital l&C Systems," Draft Revision E (ML23205A193).

3 IEEE Standard 603-2018, "IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations."

4 Title 10 of the Code of Federal Regulations (10 CFR) 50.55a(h).

The Commissioners 3

Limerick License Amendment Request The staff continues to review the first major license amendment request using the modernized regulatory infrastructure. On September 26, 2022, Constellation Energy Generation, LLC (Constellation), submitted a license amendment request to incorporate digital modifications at Limerick Generating Station (ML22269A569), Constellation plans to install the digital modifications in April 2026 for Unit 1 and in April 2027 for Unit 25. Delays have occurred in the staff's review because of challenges that the licensee has had in providing information regarding safety-related protection systems and components. Specifically, the issue is the need for sufficient information to ensure the system appropriately responds to postulated accidents or events and the equipment qualification of new components. The information was highlighted as necessary in November 2022 during the acceptance review for the license amendment request.

The NRC staff will develop a new review completion date when Constellation provides the information. The delay is not currently expected to impact the licensee's current implementation schedule. The NRC staff and Constellation are discussing these information needs to address these gaps expeditiously and the NRC staff continues to coordinate licensee and vendor inspections to ensure effective oversight during the licensee's development activities.

Peach Bottom Preapplication Engagement The NRC staff and Constellation have held two preapplication meetings to discuss Constellation's planned Dl&C license amendment request for the Peach Bottom Atomic Power Station emergency core cooling system compensated level system to be submitted 2025. This would be a digital-to-digital upgrade to address obsolescence and spare part availability issues.

Withdrawal of Turkey Point License Amendment On June 19, 2024, NextEra/Florida Power & Light submitted a letter requesting the withdrawal of the Turkey Point Nuclear Generating Station Dl&C License Amendment Request (LAR)

(ML24171A005) based on its decision not to proceed with the digital modification at the site at this time. This review had been on hold since June 2023 at the licensee's request (ML23179A141 and ML23188A124). The licensee originally submitted the LAR on July 30, 2022 (ML22213A045).

Regulatory Research and Associated Domestic Collaboration The NRC staff conducts regulatory research to ensure it has sufficient awareness of anticipated methodologies and techniques being proposed by industry and understanding of approaches used by the automotive, aerospace and medical industries that might be applied in the nuclear industry. In conducting these activities, the staff engages with the U.S. Department of Energy (DOE) to coordinate technical readiness and the sharing of technical expertise and knowledge on advanced nuclear reactor technologies and nuclear energy innovation pursuant to the Nuclear Energy Innovation Capabilities Act of 2017. The NRC staff also benefitted from notable engagements with professors and researchers at Virginia Commonwealth University, the University of Michigan, George Mason University, McMaster University, and the Software Certification Consortium with researchers from Carnegie Mellon University. Significant 2024 regulatory research is discussed below.

5 Initially, the installation was planned for April 2024 for Unit 1 and April 2025 for Unit 2, but the licensee delayed it because of additional design considerations and issues as noted in the Constellation letter dated April 23, 2024 (ML24114A322).

The Commissioners 4

Hazard Analysis and Systems Engineering The nuclear industry is considering new approaches for designing Dl&C systems and analyzing associated hazards, including CCF. The most prominent example is NEI 20-07 discussed above. To prepare for these new approaches, the staff is conducting the research activities to assist in the staff's engagement on NEI 20-07 and which will support future anticipated applications and a revision of BTP 7-19. In 2024, the NRC completed research related to System-Theoretic Process Analysis (STPA)6, including discussions with experts on the methodology at the Massachusetts Institute of Technology and DOE to identify what information would need to be provided by an applicant using STPA. STPA is a hazard analysis method developed to fill gaps that may go uncaptured when traditional techniques are used such as unsafe interactions among systems and components that have not failed. The NRC staff also continues to conduct research on systems engineering techniques, including software-intensive model-based engineering, in response to industry interest.

Security By Design The staff is currently engaged with licensees and their vendors to explore the need and opportunities for performing cybersecurity audits parallel to the staff's licensing review of Dl&C upgrades. To support this engagement, the staff completed a research study7 in 2024 to investigate how a security-by-design framework could be integrated into a Dl&C safety-system upgrade at an operating power reactor. This study found that integrating cybersecurity into each phase of the Dl&C upgrade development lifecycle could more efficiently and effectively protect the systems from cyber threats and comply with associated requirements in the licensee's cybersecurity plan while meeting safety goals. After ongoing engagements with licensees are complete, the staff will consider updating appropriate regulatory guidance8.

Expanded Use of Wireless Technologies The nuclear industry is considering expanding the use of wireless technologies to safety-related (SR) and important-to-safety (ITS) systems by removing the existing wireless access restrictions in their cybersecurity plans9. However, the use of wireless technologies has the potential to compromise the defense-in-depth cybersecurity posture at commercial nuclear power plants that has been established to protect SR/ITS systems. In 2024, the staff completed a research report10 which documented potential security risks associated with introducing wireless technologies and identified considerations that licensees should consider when determining whether remote wireless monitoring equipment is a critical digital asset. The staff is using this information to continue to engage with NEI on their proposed revisions to their associated guidance 11 which currently prohibits the use of wireless technologies to SR/ITS systems.

6 TLR-RES-DE-2024-02, "A Case Study for Building System-Theoretic Process Analysis Review Capabilities at the Nuclear Regulatory Commission" {ML24213A251 ).

7 Research Information Letter (RIL) 2024-09, "Cybersecurity Audits Alongside a Digital Instrumentation and Controls Licensing Review" {ML24173A211 ).

8 Regulatory Guide (RG) 5.71, Revision 1, "Cyber Security Programs for Nuclear Power Reactors"

{ML22258A204) 9 NEI Letter, "Wireless Security Guidance" (ML23060A327).

10 TLR-RES-DE-2024-005, "Analyzing the Impact of Using Wireless Technologies for Monitoring Safety-Related Critical Digital Assets" (ML23264A148).

11 NEI 08-09, Rev. 6, "Cyber Security Plan for Nuclear Power Reactors" (ML101180437).

The Commissioners 5

International Engagement The NRC staff engages in international Dl&C activities to share NRC regulatory improvements for the benefit of the international community, and to learn about regulatory approaches used by other countries to determine whether those approaches could improve the NRC's Dl&C regulatory framework. Significant 2024 examples are discussed below.

Commercial Grade Dedication Commercial-grade Dl&C equipment is widely available, and industry is interested in using it in safety-related applications. This led to the NRC issuing guidance12 in 2022 for dedicating this equipment which the NRC presented along with operating experience and good practices at a 2024 International Atomic Energy Agency Technical Meeting on "Commercial Digital Equipment in Nuclear Safety Applications." This meeting also provided the NRC staff insights into how other member states use commercial-grade Dl&C items in safety-critical applications.

Use of Safety Assurance Cases Industry is interested in the NRC developing the technical basis to evaluate a safety analysis based on a safety assurance case. To support industry's request, in 2024 the staff participated in the Organisation for Economic Co-operation Nuclear Energy Agency Halden Human Tech Organization digital systems research for existing and new reactors. This engagement is intended to enable the shift towards a safety-outcome-oriented, performance-based, risk-informed approach, moving away from more traditional approaches based on prescriptive guidance and providing greater flexibility to applicants. Elements of this work are being used by the staff on its engagement with industry on NEI 20-07.

CONCLUSION:

The NRC staff will continue to implement the revised Dl&C regulatory infrastructure to facilitate the expanded safe and secure use of Dl&C in nuclear reactors. The NRC staff is using the improved infrastructure to review requested licensing actions and continues to engage external stakeholders extensively on both developing and implementing key Dl&C activities. The NRC staff also continues to look for opportunities to innovate and to be risk-informed.

COORDINATION:

The Office of the General Counsel reviewed this paper and has no legal objections.

Mirela Gavrilas, PhD Executive Director for Operations 12 RG 1.250, "Dedication of Commercial-Grade Digital l&C Items for Use in Nuclear power Plants" (ML22153A408)

ML24222A574 (Annual Update)

SECY-012 OFFICE NRR/DORL/LPL3/PM NRR/DORL/LPL3/LA NRR/DEX/E ICB/BC NRR/DEX/EL TB/BC NAME RKuntz SRohrer FSacko JPaige DATE 8/14/24 8/12/24 8/21/24 8/21/24 OFFICE RES/DE/ICEEB/BC RES/DE/RGPMB/BC RES/DE/D NRR/DORL/D NAME CCook MRahimi CAraguas BPham (JPelton for)

(JMcKirgan for)

DATE 8/22/24 8/21 /24 9/3/24 8/30/24 OFFICE NRR/DEX/D (A)

QTE OGC-NLO NRR/D NAME TMartinezNavedo KAzariah-Kribbs JEzell AVeil (AKock for)

DATE 8/23/24 09/06/2024 10/24/2024 10/18/24 OFFICE EDO NAME MGavrilas DATE 11 / 26 /24