Text

Response to NRC Staff Comments/Questions on NEI White Paper

, Proposed Physical Security Requirements for Advanced Reactor Technologies Page 1 of 8 Within the context of the industry responses below, advanced reactor designs and facilities should be understood to include light water small modular reactors (SMRs) and non

-light-water reactors (non-LWRs). Comment/Question #1 In addition to the suggested criteria, does the approach described in the white paper include assumptions on a likely scope for the applicability of the revised regulations in terms of reactor types, sizes, fuel, fuel enrichments, or other parameters

? Response #1 No; we do not believe such assumptions are necessary. The approach described in the white paper is based on establishing high-level "performance capabilities" (i.e., performance

-based criteria) as standards for determining if the proposed physical security requirements can be applied to a given facility.

The goal is to create standards that recognize the overall integrated performance of engineered safety and security features in achieving adequate physical protection, and are independent of an individual design feature or specification. This approach should allow application to the broadest range of new reactor technologies.

= = = =

= = = =

= = Comment/Question #

2 The NEI white paper suggested the following criteria:

1) Uses a reactor technology that is not susceptible to significant core damage and spent fuel sabotage, or

2) Does not have an achievable target set, or

3) Has engineered safety and security features that allow for implementation of mitigation strategies to prevent significant core damage and spent fuel sabotage if a target set is compromised, destroyed, or rendered nonfunctional.

(1) Inherent Safety Features (not susceptible to significant core/spent fuel sabotage) The terminology related to core damage, while consistent with current security requirements related to defining target sets, differs from other advanced reactor activities and recognition that some n on-LWR technologies do not involve damage mechanisms and states similar to those used for large LWRs. An NEI white paper from November 2015 (ADAMS Accession No. ML15323A245) discussed a possible approach using offsite dose consequences. If the criteria are considered to involve a logical progression, it might be appropriate to define the first criterion in terms of the radiological consequences from a hypothetical unmitigated event involving the loss of decay heat removal and physical structures surrounding the reactor, spent fuel, and other inventories of radioactive materials. In this context, unmitigated events would consider quantities, form, location, and dispersibility of radioactive materials as well as availability of physical heat sinks and barriers but would not consider those safety features included in the design to prevent or mitigate a release.

Response to NRC Staff Comments/Questions on NEI White Paper

, Proposed Physical Security Requirements for Advanced Reactor Technologies Page 2 of 8 Could such an evaluation replace the first criterion related to susceptibility to significant core damage or spent fuel sabotage

? The staff notes that analyses of hypothetical unmitigated events might support other design and regulatory decisions associated with advanced reactor designs. Response #2 To better address the differences in damage mechanisms and states between large LWRs and advanced reactors, an offsite dose consequence

-based standard could be included as an additional performance capability, with compliance demonstrated by an analysis of hypothetical unmitigated events. The industry strongly supports the addition of a consequence

-based performance capability.

The performance capability of a "reactor technology that is not susceptible to significant core damage and spent fuel sabotage" should be retained as it provides a standard that could be met without the need to submit a supporting offsite radiological consequence analysis.

The NRC staff is currently working to update emergency preparedness (EP) requirements for small modular reactors and other new technologies

.1 In accordance with the draft regulatory basis, 2 an applicant would not be required to establish an offsite plume exposure pathway emergency planning zone (EPZ) if an analysis can demonstrate that offsite radiological consequences are below the Protective Action Guides (PAG) values set by Environmental Protection Agency (EPA)

, for a spectrum of accidents. Provided that the underlying technical bases can be aligned, it may be possible to reference the EPZ sizing analysis to demonstrate compliance with a consequence-based physical security performance capability, an approach that would promote regulatory consistency and efficiency

. An additional consideration may be to add a performance capability specifically for advanced reactor designs that do not use fuel with a fixed geometry (e.g., the fuel is dispersed in the coolant). This capability could relate the concepts of significant core damage and spent fuel sabotage to the exceedance of an appropriate fuel or coolant system safety limit.

If a facility can demonstrate that an attack cannot result in exceedance of a safety limit, then it could meet a performance capability without the need for an offsite radiological c onsequence analysis

. = = = = = = = = = = = =

= = Comment/Question #

3 In the context of either the 2015 or 2016 physical security white papers, did the NEI working group consider what threshold of radiological consequences from such a hypothetical event might be appropriate for determining which designs could apply revised physical security requirements

?

1 Refer to regulatons.gov Docket ID #NRC-2015-0225. 2 Refer to ML16309A332.

Response to NRC Staff Comments/Questions on NEI White Paper

, Proposed Physical Security Requirements for Advanced Reactor Technologies Page 3 of 8 Response #3 We believe the threshold of radiological consequences should be EPA PAGs; specifically, the guidance in Table 2-1 of the EPA PAG Manual, EPA-400/R-17/001, dated January 2017.

The PAG Manual provides Federal guidance for responding to radiological incidents, including those involving a nuclear power plant. In addition, use of the PAG Manual guidance would further regulatory consistency sin ce the EPA PAGs serve as a basis for determining the size of a plume exposure pathway EPZ. = = = = = = = = = = = =

= = Comment/Question #

4 Does NEI have some confidence that some advanced reactor designs being considered could meet a criterion based on the offsite consequences from an unmitigated event? Response #4 Yes. For example, the staff is currently reviewing a design certification application for a SMR; it is expected that this applicant will be able to demonstrate meeting this criterion. Beyond that, design work is proceeding on several technologies that we understand should be able to meet a consequence

-based criterion. Notable among these are high temperature gas cooled reactors (which the staff already has review experience with) and most liquid metal

-cooled reactors. The latter designs offer high heat transport rates and can operate at near-atmospheric pressures.

Liquid metal reactors also have passive cooling features (e.g., placed in pool of coolant or allowing the coolant and fuel to drain to a catch basin for long

-term cooling) that preclude coolant boiling or generation of a driving force for a radiological release.

= = = = = = = = = =

= = Comment/Question #

5 Did the NEI working group consider a graded approach for the suggested requirements in Attachment 1 to the white paper based on the progressive nature of the criteria? For example, the overall requirements for a facility meeting criterion 1 might be less than the requirements requiring mitigation strategies (criterion 3). Note that the staff is not at this time providing detailed comments or questions on the suggested requirements in Attachment 1 to the white paper. Response #5 No; with respect to advanced reactor designs, we believe the appropriate demarcation in physical security requirements should be whether or not a facility is required to maintain armed responders. The other proposed requirements are reasonable and consistent with the need to maintain a prudent minimum level of site asset protection. They also provide a measure of defense

-in-depth in that, regardless of event analysis results, a licensee will Response to NRC Staff Comments/Questions on NEI White Paper

, Proposed Physical Security Requirements for Advanced Reactor Technologies Page 4 of 8 maintain a capability to detect and assess an intrusion, and promptly summon local law enforce ment agency (LLEA) assistance. Further, it would be difficult to square such an approach with the fact that all three proposed performance capabilities describe the same thing - nuclear power plants with designs that can preclude radiological sabotage

.3 We do not see a compelling reason or rationale for developing a graded approach; however, we are open to discussing this question with the staff during a public meeting

. = = = = = = = = = = = =

= = Comment/Question #

6 (2) Achievable target set For those advanced reactor designs for which a hypothetical unmitigated loss of decay heat removal and physical structures could result in an offsite dose exceeding a possible threshold , a second consideration could involve the ability of attackers to cause a loss of safety functions and barriers to the release of fission products from the reactor core, spent fuel, or other on

-site sources. In terms of the second criterion in the NEI white paper, how does the suggested use of an achievable target set consider the assumptions related to an on

-site armed response to an attack during the development of the current design

-basis threat (DBT) and the use of that DBT under different scenarios for an advanced reactor without armed responders

? Do the different possible scenarios, including longer and less hampered access to facilities, require reconsideration of the DBT for potential advanced reactors without armed responders

? Response #6 With respect to the comment in the first paragraph, the second performance capability could be reworded to state, "The facility design precludes the loss of safety functions and barriers to the release of fission products from the reactor core or spent fuel by threats up to and including the design basis threat of radiological sabotage as stated in § 73.1." Note that the proposed wording does not include "other onsite sources

." Compared to the reactor core and spent fuel, these types of sources typically have a much smaller inventory of radioactive materials and a release from them would not be expected to have offsite radiological consequences significant enough to warrant protective actions for the public.

Concerning the questions in the second paragraph, we do not believe any changes are necessary to the characteristics or tactics of the DBT. Under the proposed requirements, sites will maintain a capability to detect and assess an intrusion, and promptly summon LLEA assistance; however, the applicant must still demonstrate through an analysis that facility does not have an achievable target set

.4 The fact that an intruder may have longer and less hampered access to the facility should be addressed in the physical security analysis by citing

3 From a practical perspective, gaining alignment on how to selectively apply each security requirement to different performance capabilities would likely be a long process and could delay a much needed rulemaking for little additional benefit.

4 Defined as a target set that is within the ability of the design basis threat of radiological sabotage as defined in § 73.1 t o compromise, destroy, or render nonfunctional, independent of response strategy.

Response to NRC Staff Comments/Questions on NEI White Paper

, Proposed Physical Security Requirements for Advanced Reactor Technologies Page 5 of 8 the appropriate engineered safety and security features. For example, a site may install remote operated weapons or employ armed drones to preclude unhindered access to critical plant rooms or areas

.5 Another site may use a design with all safety critical components contained in a reinforced concrete structure located below ground level such that the DBT cannot generate an explosive blast overpressure necessary to cause radiological sabotage.

= = = = = = = = = =

= = Comment/Question #

7 During the meeting held on May 3, 2017, some views were provided related to the role of security assessments using guidance from NUREG/CR-7145, "Nuclear Power Plant Security Assessment Guide," and a potentially graded approach to the number of armed responders.

Would such a performance

-based approach to physical security requirements be beneficial to the advanced reactor developers

? Response #7 While a graded approach to armed responders may be useful, this concept is not compatible with the goal of the new section proposed in our white paper (10 CFR 73.52). If the security assessment performed by an applicant determines that one or more armed responders are required , then the requirements of 10 CFR 73.55 appertain to those positions and the physical protection program. In such case s , the applicant would submit their security assessment, identify the number of armed responders necessary to implement the protective strategy, and, if less than the ten positions required by 10 CFR 73.55(k)(5)(ii), request approval for an exemption or alternative measure

. = = = = = = = = = = = =

= = Comment/Question #

8 Would it be likely that licensees would have armed responders for asset protection reasons in the absence of NRC requirements

? Response #8 In the absence of NRC requirements, it would be the licensee's decision whether to maintain armed responders; however, it is likely that a site would have a complement of security personnel for business reasons (e.g., related to asset protection

). = = = = = = = = = = = =

5 The operator of a remote

-controlled weapon system is not an "armed responder" as the term is used 10 CFR 73.55.

Response to NRC Staff Comments/Questions on NEI White Paper

, Proposed Physical Security Requirements for Advanced Reactor Technologies Page 6 of 8 Comment/Question #

9 Would it be beneficial to credit some armed response capability to prevent a loss of control of a facility due to an individual or group less equipped than adversaries defined in the DBT? Response #9 The regulatory requirement is to use the DBT to design safeguards systems to protect against acts of radiological sabotage and to prevent the theft or diversion of special nuclear material (per 10 CFR 73.1).

We are uncertain how a physical security program could be designed for only a subset/portion of the DBT

. = = = = = = = = = = = =

= = Comment/Question #

1 0 (3) Mitigation Strategies In theory, safety and security requirements for advanced reactors should reflect inherent design characteristics such as longer time constants before degradation of barriers and release of radioactive material given a loss of safety functions. The third criterion in the NEI white paper suggests that longer reactor/spent fuel time constants could support allowing credit for offsite responders to recover a facility and implement mitigation strategies. The NEI white paper acknowledges that additional guidance would be needed to cover topics associated with this criterion.

Has the NEI working group formulated an approach or could NEI provide examples of how this criterion might be applie d? Response #1 0 The NEI working group has formulated a general approach to how the third criterion might be applied and would undertake the development of detailed implementing guidance when we understand that there is staff support for crediting mitigation strategies as a "performance capability."

The following points illustrate how the general approach would be applied.

Perform an analysis to determine the elapsed time from the loss of a target set (or loss of safety functions and barriers to the release of fission products from the reactor core or spent fuel) to the onset of significant core damage, spent fuel sabotage o r , for non-LWR designs , exceedance of an appropriate fuel or coolant system safety limit. The analysis would assume an unmitigated event involving the loss of decay heat removal systems

, and physical structures surrounding the reactor and spent fuel (to the extent that the DBT could credibly impact such systems)

. Use (to be developed) criteria and/or a methodology to determine the total time necessary for

Response to NRC Staff Comments/Questions on NEI White Paper

, Proposed Physical Security Requirements for Advanced Reactor Technologies Page 7 of 8 1) a LLEA to respond to the site and take action to facilitate movement of the plant staff necessary to implement a mitigation strategy, and 2) the plant staff to implement the mitigation strategy.

If the total time above is less than the time to significant core damage, spent fuel sabotage or exceedance of an appropriate fuel or coolant system safety limit , with sufficient margin to account for uncertainties and performance variability, then the applicant would meet the third performance capability.

The above approach could also be applied using acceptance criteria based on offsite radiological consequences, e.g

., an analysis could demonstrate that implementation of a mitigation strategy would be accomplished before offsite doses exceed the EPA PAG limit.

As noted in our white paper, the industry is prepared to participate in the development of new guidance necessary to support the proposed rule changes, such as those necessary to implement the third performance capability

. The path forward would involve discussions with the staff during public meetings and submittal of an industry guidance document to the NRC for review and endorsement.

= = = = = = = = = =

= = Comment/Question #

1 1 The NEI white paper notes that this criterion is related to an ongoing staff activity assessing physical security requirements for operating reactors, and in particular the potential role of crediting local, State, or Federal law enforcement response to establish coping times (see SRM-SECY-16-0073). The staff would appreciate any insights that NEI might offer on how a consistent logic and approach related to crediting offsite support could be developed for current large LWRs and advanced reactor designs

. Does the NEI working group envision a generic approach or assumption related to offsite support (e.g., it is reasonable to assume offsite security and operational support within a given time period) or a site

-specific assessment taking into account design

-specific reactor behavior and expected capabilities of offsite agencies (e.g., response times and force sizes)

? Would site

-specific assessments need to be supported by related operational programs and periodic assessments to verify assumptions related to offsite capabilities

? Response #1 1 NEI and the industry are in discussions with the NRC staff on proposed policy and guidance changes that would allow a licensee to receive response credit for LLEA support and establish a security coping time. To this end, the industry has developed and submitted a proposed methodology, the "Security Event Mitigation Assessment

" or SEMA, that a licensee could use to determine permissible credit for LLEA support

the SEMA document is currently under review by the staff

. The SEMA methodology is a site-specific assessment taking into account design-specific reactor behavior and the expected capabilities of offsite agencies (e.g., response Response to NRC Staff Comments/Questions on NEI White Paper

, Proposed Physical Security Requirements for Advanced Reactor Technologies Page 8 of 8 times and force sizes)

. Subsequent to the submittal of the SEMA white paper, the industry began exploring an alternative approach for establishing LLEA credit and security coping time

. This approach does not employ an analysis (as the SEMA methodology does); rather, it is based meeting a defined a set of planning requirements, response capabilities and practice opportunities which would be documented in an agreement between the licensee and a LLEA. The alternative approach is a potentially more efficient way to determine security coping time. Should a feasible proposal be developed , it will be submitted it to the NRC for review and endorsement; this submittal could be in addition to or replace the SEMA methodology.

The logic and approach related to crediting offsite support for current large LWRs and advanced reactor designs should be similar , to the degree practical. The industry believes that the two approaches described above could, in general, be applied to an advanced reactor facility. With respect to the last question above, an assessment or technical basis supporting a site-specific security coping time would need to be supported by related operational programs and periodic verification of offsite capabilities.