Text

TO:

FROM:

SUBJECT:

Approved X

POLICY ISSUE NOTATION VOTE RESPONSE SHEET Carrie M. Safford, Secretary Commissioner Crowell SECY-20-0070: Technical Evaluation of the Security Bounding Time Concept for Operating Nuclear Power Plants Disapproved Abstain Not Participating X

COMMENTS:

Below __ Attached X

None Entered in STARS Yes X

No Date 1

Commissioner Crowell's Comments on SECY-20-0070, "Technical Evaluation of the Security Bounding Time Concept for Operating Nuclear Power Plants" The NRC has established a comprehensive regulatory framework to develop effective strategies for safeguarding nuclear power plants against potential security threats, known as design basis threats (DBTs).

In the DBT final rule (72 FR 12705; March 19, 2007), the Commission stated that the rule reflects its "determination of the composite set of adversary features against which private security forces should reasonably have to defend" (72 FR 12708). Recognizing that the defense of our nation's critical infrastructure is a shared responsibility, the Commission acknowledged the involvement of various entities such as the NRC, the Department of Defense, the Department of Homeland Security, federal and state law enforcement, and other federal, state, and local emergency response agencies. For this reason, the Commission "expects that licensees, State, and Federal authorities will use whatever resources are necessary in response to both the DBT and beyond-DST" (72 FR 12714). However, while acknowledging concerns about the response time of external assistance during an attack, the Commission clarified (72 FR 12705) that the capabilities of off-site responders are not within the scope of the DBT rule.

Furthermore, in the Power Reactor Security Requirements final rule (74 FR 13926; March 27, 2009), the Commission emphasized that "a licensee's ability to defend against the design basis threat of radiological sabotage is not dependent on the availability of offsite responders" (7 4 FR 13940). Consistent with these principles, the NRC has consistently required licensees to design their physical protection strategies to withstand the DBT without dependence on the availability of offsite responders. Presently, licensees' physical protection programs do not rely upon law enforcement response to defend against the DBT, although licensees must document the general capabilities of available law enforcement in the overall physical protection plan.

In this paper, the NRC staff presented two policy options for the Commission's consideration, both of which would provide licensees with the opportunity to voluntarily develop a site-specific Security Bounding Time (SBT) and enhance protective strategies and response times through improved law enforcement coordination, increased utilization of FLEX equipment, and the robust recall of off-duty site personnel. These options were identified after extensive collaboration with internal and external stakeholders and present varying levels of regulatory risk. As part of the policy considerations in SECY 20-0070, the staff also discusses the concept of Reasonable Assurance of Protection Time (RAPT), which "clarifies the period of time that licensees should consider when analyzing their target sets within the current regulatory framework." In other words, the RAPT accounts for how quickly a licensee must be able to respond to a DBT using onsite resources and personnel within the broader context of the availability of external resources.

Option 1 proposes that the Commission approve a reinterpretation of existing security regulations to allow for a site-specific SBT. Option 2 proposes a rulemaking to enable nuclear power plant licensees to adopt a site-specific SBT. Although RAPT is distinct from these two policy options, under either option, each licensee would be able to justify an SBT that is less than the current 8-hour RAPT by conducting a site-specific analysis to demonstrate that its physical protection program would still provide reasonable assurance of adequate protection.

This assessment would include evaluating three criteria: (1) law enforcement response, (2) equipment used for response strategies and operator actions during beyond-design-basis events, and (3) the recall of off-duty site personnel. While the NRC lacks regulatory authority

over law enforcement agencies and thus the ability to compel them to maintain their documented capabilities, the staff is confident that "in a real emergency, law enforcement agencies will honor their commitments" (SECY-20-0070, at 15).

Option 2 would leverage this confidence by undertaking a targeted rulemaking to clarify the relevant rule language for a site-specific SBT, with a particular emphasis on the role of law enforcement response. The Option 2 rulemaking would establish the expectation that once an attack commences, law enforcement would arrive, which is similar to the approach followed in emergency preparedness. This clarification would allow licensees to design their protective strategies under the assumption that they will receive support from law enforcement when needed, instead of having to rely solely and indefinitely on their own resources to defend against a DBT.

Under both options proposed by staff, I have some unease about crediting local law enforcement uniformly in this way, mostly because there is so much uncertainty surrounding the availability of local law enforcement, the possible threats, and the extremely plant-specific nature of the response. During an event, it is possible that such a threat is only occurring at a licensee site versus the threat at the plant being just one vector of geographically broader events or threats affecting multiple targets beyond the NRC's jurisdiction. In such an instance, there is no guarantee that other federal, state, or local response agencies will be able to provide the projected response within in the timeline assumed by the licensee in establishing its SBT.

And regardless of the response time and availability of offsite assistance, licensee security forces will generally be better trained to handle site-specific threats and understand the plant layout. On balance, however, the staff's proposal is not inconsistent with a reasonably expected real-world response and represents a step towards making NRC requirements more performance-based. I agree with the NRC staff that it would be appropriate for law enforcement and off-duty site security personnel to be credited only if licensees can demonstrate coordination with law enforcement to facilitate a timely and effective response. Overall, the implementation of these proposed changes will require extensive effort and collaboration between the NRC, licensees, and law enforcement agencies. Therefore, as the NRC considers other changes to the force-on-force program, it is essential to consider the impacts of each of these changes on the overall security framework. While I share the concerns expressed by some NRC staff regarding the viability of SBT, improving licensee and law enforcement coordination should still prove beneficial for protecting nuclear power plant facilities.

Given the severity of potential threats and the multi-jurisdictional elements of responding to a DBT, I feel strongly that broad stakeholder feedback on this proposal will be vitally important. Of the staff's presented options, Option 2 would maximize the opportunity for interested stakeholders to weigh in on the framework through a notice-and-comment rulemaking process to address site-specific SBT. I also note that this approach would be consistent with both the staff's recommendations for establishing security requirements related to advanced reactors (SECY-22-0072: "Proposed Rule: Alternative Physical Security Requirements for Advanced Reactors," and SECY-23-0021, "Proposed Rule: Risk-Informed, Technology-Inclusive Regulatory Framework for Advanced Reactors"). However, for the current operating fleet, we have well-established security requirements in place, as well as a working understanding of real-time security needs and how to meet them. Having SBT programs should be a net benefit to the security of nuclear power plants by better utilizing available resources. Therefore, I approve proceeding with a limited-scope, notice-and-comment rulemaking to enable licensees to voluntarily adopt a site-specific SBT. While an interpretive rule under Option 1 might require fewer agency resources in the near-term, a limited-scope rulemaking affords a durable and predictable framework for licensees. Additionally, this option would be enhanced by the benefits

and insights of stakeholder engagement, thereby minimizing future uncertainties and providing a firm legal foundation for making these changes. In my view, there are numerous benefits to soliciting input from stakeholders, including interested members of the public, early in the process, as provided for in a rulemaking before regulatory changes are made.

Currently, an eight-hour protection time is an expectation that staff uses to determine the significance of a potential inspection finding and, since the publication of SECY-20-0070, has been adopted in Regulatory Guide 5. 76, Rev. 1, as one acceptable approach for meeting physical protection requirements at reactors. Additionally, the paper discusses the concept of "time to core damage" (TTCD) as a principal component of the SBT calculation. To support the implementation of a SBT program, the NRC staff should establish clear guidance on defining "core damage" for the purpose of calculating security bounding time. The methodology for determining TTCD currently varies across sites, and while the timing portion is rightly site-specific, a consistent approach to determining what constitutes core damage is necessary to avoid insufficient protection or the exclusion of vital safety equipment. Given that, as a practical matter, a licensee could always elect to submit a license amendment request seeking to establish a site-specific SBT based on elements discussed in the staff's paper, it is prudent to have clear guidance in this area.

I also agree with my colleagues that the NRC staff should provide biennial updates on the Integrated Response Program instead of semi-annual updates as currently required by SRM-COMSECY-13-0005. Additionally, I look forward to the staff's response to SRM-COMSECY 0008, "Proposed Update on Unmanned Aerial Systems" to further complement efforts to improve security by considering rapidly emerging real-world factors. Given the advances in drone technology, it is vital to complete this review and update the Commission.

I commend the NRC security risk analysts performing target set inspections, as well as the security inspectors and resident inspectors, who raised concerns about using the existing regulatory framework in 10 CFR Part 73 to allow a nuclear power plant licensee to add or remove target sets from its physical security plan. I also agree with the view that we should assess how the SBT methodology is working before we consider allowing licensees to drop "target set elements that would not be required to be protected in accordance with licensees' physical protection strategies." After a full triennial force-on-force cycle of experience with the new SBT framework, the NRC staff should submit a notation vote paper to the Commission that presents the results of the initiative and discusses whether participating licensees should be allowed to seek permanent target set changes.