Text

{{#Wiki_filter:' ,.

 *~.:
    ~
                                \

NIMA ASHKEBOUSSI Director, Fuel Cycle Programs iifoTstreet:, Nw, suite 1100 Washington, DC 20004 P: 202.739.8022

                                    **                                       p1.v 1°;.-; i ! 6 1U1 I!:~>!

1}!£1 NUCLEAR ENERGY INSTITUTE nxa@nei.org nei.org April 27, 2017

                                                                                                               <3/13/cJi>;7 Ms. Cindy Bladey                                                                                   g',?Z_ 7/{ /e;z-//

Office of Administration Mail Stop: OWFN-12H08 U.S. Nuclear Regulatory Commission Washington, DC 20555-0001 (!),

Subject:

Comments on Security Design Considerations Preliminary Draft Guidance (Docket ID NRC-2017-0073) Project Number: 689

Dear Ms. Bladey:

On behalf of the Nuclear Energy Institute's 1 (NEI) members, we appreciate the opportunity to comment on the Nuclear Regulatory Commission's (NRC) preliminary draft guidance on non-light water reactor (non-LWR) security design considerations (Docket ID NRC-2017-0073). The stated purpose ofthis preliminary guidance is to outline a set of security design considerations that a designer should consider while developing the facility design such that security issues can be effectively resolved through facility design, engineered security features, formulation of mitigation measures, and reduced reliance on human actions. Attached are general and spe!=ific comments on the draft guidance. Small modular reactors (SMRs) and advanced non-LWRs will have significantly enhanced safety and security performance as compared to thereactors in operation today, including some designs utilizing fuel that is not susceptible to overheating and core damage. These technologies are capable of significantly lowering the risk of radiological sabotage, while reducing, or eliminating, the reliance on human actions. While we appreciate the NRC's attempt to provide designers information on incorporating security by design to meet regulatory requirements, as currently drafted the preliminary security design considerations only provide an overview of the existing regulatory requirements in 10 CFR Part 73. These regulations are intended for large light water reactors and do not provide new information or innovative guidance that recognizes the unique attributes of advanced reactors. Industry needs regulations and guidance that is appropriately framed for SMRs and non-LWRs. 1 The Nuclear Energy Institute (NEI) is the organization responsible for establishing unified industry policy on matters affecting the nuclear energy industry, including the regulatory aspects of generic operational and technical issues. NEI's members include all entities licensed to operate commercial nuclear power plants in the United States, nuclear plant designers, major architect/engineering firms, fuel cycle facilities, nuclear materials licensees, and other organizations and entities involved in the nuclear energy industry. NUCLEAR. CLEAN AIR ENERGY SUNSI Review Complete Template= ADM - 013 E-RIDS= ADM-03 Add= -{/- *r-/;; J, Cb/./&J

Ms. Cindy Bladey April 27, 2017 Page 2 NEI submitted a White Paper 2 to propose new physical security requirements that are more appropriate for advanced reactor technologies. These proposals would continue to provide assurance that activities are not inimical to the common defense and security and do not constitute an unreasonable risk to public health and safety. We respectfully suggest that NRC prioritize rulemaking to support the changes identified in the White Paper. Such action would provide a greater benefit to industry, enabling plant designers to incorporate enhanced security features early in the design process that meet new regulatory requirements, rather than using the preliminary security design considerations (based on regulations for large light water reactors) as currently drafted. NRC intends to incorporate the security design considerations with advanced reactor design criteria under one guidance document. In light of the future rulemaking, a better utilization of industry and Nl~C resources would be directed towards rulemaking and new guidance development, as opposed to developing security design considerations that fit into existing regulations. If the staff continues towards the development of security design considerations, it should do so in a coordinated manner with the NEI White Paper, where the considerations and guidance are based on advances achieved through the rulemaking process. Thank you for your consideration of these comments. We look forward to remaining engaged on right-sizing the security requirements for advanced nuclear power generation technologies. Please contact me if you have any questions. Sincerely, Nima Ashkeboussi Attachment c: Mr. George Tartal, NRO/DEIA, NRC Mr. John Monninger, NRO/DSRA, NRC. 2 December 14, 2016, Letter from Pamela Cowan, NEI, to Vanna Ordaz, NRC, "Proposed Physical Security Requirements for Advanced Reactor Technologies"

Attachment Docket ID NRC-2017-0073 Comments on Draft Security Design Considerations Affected Section Comment/Basis Recommendation

1. General The purpose of this draft document is unclear with respect _ Recommend elaborating further on the NRC's intent to its application to advanced reactors. Part 73 was behind this draft document.

developed to apply to large LWRs. This draft guidance summarizes some existing regulations and some regulatory guides and does not offer. non-LWR approaches to meeting security regulations. This draft document selectively addresses provisions of Part 73 for security considerations in the design of advanced reactors without an explanation of why the selective provisions are especially applicable to advanced reactor design. It would seem that the current design and licensing application process for identifying the security requirements, in accordance with Part 73 would be applicable for both LWRs and non-LWRs.

2. General The document describes the draft security design criteria Revise the document applicability to include SMRs.

as being applicable for advanced reactors. It appears that the same criteria could apply to small modular reactors. Is - there a rationale for the criteria to not be applicable to SM Rs?

3. General IAEA is developing a draft guideline called "Security for Staff should consider any relevant guidelines for the Lifetime of a Nuclear Facility." It sets international consideration. It can be found at www-standards for security to be incorporated into the concept, ns.iaea.org/downloads/security/security-series-design, layout, and construction of the facilitv. drafts/imolem-quides/nst051.odf

Attachment Docket ID NRC-2017-0073

4. General The Commission policy statement within 73 FR 60612 Consider deleting this draft guidance and re-issuing states, in part, "For new nuclear power reactors, the as information only through the use of a NUREG, or Commission considers it prudent to provide expectations other regulatory vehicle, as appropriate.

and guidance on security matters to prospective applicants so that they can use this information early in the design stage of new reactors to identify potential mitigated measures and/or design features that provide a more robust and effective security posture." Although the Commission supports guidance with regard to security for advanced reactors, ttie policy statement is not prescriptive as to what regulatory vehicle the NRC staff should use to offer auidance to ootential aoolicants.

5. General This draft guidance makes statements such as, "These Staff should clearly link each design consideration

   \

considerations, if adequately implemented through to a regulation and be clear that implementing the detailed design, along with the adequate implementation considerations satisfies the regulations. of administrative controls and security programs, are one ' way to protect a nuclear power reactor against the DBT for radiological sabotage". The NRC should clearly identify the specificregulation(s) that would be met by followina/coinmittina to this future reaulatorv auide.

6. General In response to comment UCS-1 within the Commission Remove this draft guidance from the ARDC policy statement contained in 73 FR 60615, the NRC regulatory guidance to maintain separation response is as follows, "The GDC establish minimum between these security considerations.

requirements for the principal design criteria for nuclear power plants. The goal of the policy statement is not to raise these minimum requirements, but rather to encourage advanced reactor designers to consider safety and security matters during the development of future - reactor designs. No changes were made to the policy statement as a result of this comment." This draft guidance leaves the impression that the security design considerations may be issued as part of the ARDC regulatory guide, which would raise the minimum

          .. requirements. This action would be counter to NRC resoonse'in the Commission oolicv statement.

Attachment Docket ID NRC-2017-0073

7. General In Section III, "Final Policy Statement," within 73 FR Consider relaxing human action requirements 60615, the Commission stated, in part, "Designs that within the security design considerations. Any include considerations for safety and security necessary actions could be demonstrated to be requirements together in the design process such that possible from remote locations, with the security issues (e.g., newly identified threats of terrorist collaboration of the local law enforcement attacks) can be effectively resolved through facility design organizations, without having the necessity of a full and engineered security features, and formulation of onsite security team.

mitigation measures, with reduced reliance on human actions." This bullet point underlines the inherent safety of advanced reactor designs, with their characteristic of reduced reliance on human action to maintain safety to -- the public and the environment. In contrast, this draft guidance continues to prescribe human action to mitigate unusual events when it may not be necessary to have any human action to resolve an event.

8. General This draft guidance discusses different avenues for State the implication of this draft guidance on advanced reactors to undertake, but does not discuss SDAs.

standard desiqn aoorovals (SDAs).

9. "NRC Policy on The draft guidance states, "The integration of safety and Clarify that this definition of integration of safety Advanced Reactors - security ... ," which is listed under an "NRC Policy" section. and security is the NRC staff's interpretation, not Security" Section NRC policy is Commission policy, as denoted in the first Commission Policy.

paragraph of this section. The second paragraph of the section was written by the NRC staff. Therefore, it is -- misleading to place that paragraph in this section without further clarification.

10. "Security Design This paragraph describes that this draft guidance contains Clarify what is meant by the term "considerations,"

Considerations for security design considerations, but provides no definition and the regulatory impact on applicant and Non-Light Water for the term "considerations". "Considerations" is not a licensees. Reactors", 1st commonly used term by the NRC and the intent of this - paragraph term is unclear. However, this paragraph states that considerations "should" be taken into account without any regulatory backing.

Attachment Docket ID NRC-2017-0073

11. "Security Design The paragraph states, in part, "To establish guidance for Clarify or revise the quoted text.

Considerations for designers to identify opportunities for resolving security Non-Light Water issues." This phrase is confusing. It is unclear what Reactors" 2nd "security issues" are in this context. paragraph' .' ,,

12. "Security Design The paragraph states, in part, " ... the NRC staff considered Consider deleting this draft guidance. Advanced Considerations for the requirements in 10 CFR Part 73 that are related to the reactor designers, as appropriate, will provide Non-Light Water design of... " Although Part 73 is the principal regulation justification on how their designs will conform to 10 Reactors" 2nd for security for power reactors, it is not the only part of CFR Part 37 or Part 73, as applicable.

paragraph the Code being considered by advanced reactor designers. Some small-scale advanced reactors may be considering a hybridization of 10 CFR Part 73 and 10 CFR Part 37.

13. "Security Design The paragraph states, "The design considerations were This preliminary draft guide provides no new Considerations for informed by requirements in 10 CFR Part 73 as well as information and reiterates the existing regulatory Non-Light Water existing guidance." It is unusual for regulatory guides that requirements that are described in other regulatory Reactors" 2nd are issued by the NRC to summarize other regulatory guides. It's not clear what the need for this paragraph' guides. Typically, a regulatory guide is one method that document is.

the NRC considers acceptable to meet a specific regulation. A regulatory guide is not a distillation of other regulatory guides. In addition to other regulatory guides, - this draft guidance mostly considers 10 CFR Part 73, which is fairly prescriptive (unlike the GDCs, for example). It is unusual to issue guidance that does a high-level summary of a whole Part to the CFR. Issuing guidance \ that 1) summarizes other guidance and 2) summarizes certain sections from a part to the CFR, seems inaooropriate.

14. "Process" Section It is unclear in what form these security design Clarify on the intent and regulatory vehicle of considerations will ultimately be published. The text gives publishing the security design considerations.

the impression that they will be published as part of the ARDC RG. -

Attachment Docket ID NRC-2017-0073

15. Item 1, Intrusion The draft guidance provides a design consideration that Revise sentence to read:

detection systems reads "design of physical security structures, systems, and "The design of interior and exterior physical components relied on for interior and exterior intrusion security intrusion detection systems ... " detection functions." This text is unnecessarily wordy and maybe subject to misinterpretation because the scope of SSCs that are relied on for intrusion detection may be misinterpreted. The requirement text should focus on the detection system itself and be established at the system level. This suggestion aligns the requirement 'with current industry guidance for security ITAAC.

16. Item 1, Intrusion The draft guidance provides a design consideration that Revise sentence to read:

detection systems requires "detecting unauthorized access into vital and " ... should provide assurance of detecting attempted protected areas." The requirement should be the detection and actual unauthorized penetration of vital and of attempted and actual unauthorized penetration. This protected area barriers." suggestion aligns the requirement with current industry guidance for security ITAAC.

17. Item 1, Intrusion The draft guidance provides a design consideration that See comment 15 above.

detection systems requires a system to detect "unauthorized access into vital and protected areas." This text is somewhat ambiguous since a barrier could be violated without someone achieving access. Suggest changing the term to "unauthorized penetration- of vital and protected areas barriers." This suggestion

                                          .       aligns the requirement with
                                                      ~

current industry quidance for security ITAAC.

18. Item 1, Intrusion The draft guidance provides a design consideration that Revise sentence to read: "The design should apply detection systems requires the intrusion detection system design to "apply multiple methodologies to provide an integrated the principle of diversity." The requirement for diversity is detection capability."

not contained in the' regulations. Furthermore, the implementation of the term "diversity" may incur qifferent interpretations regarding how a design should be diverse. The objective should be to design the system with multiple approaches to provide an integrated capability. This suggestion is consistent with wording in NUREG-1959.

Attachment Docket ID NRC-2017-0073

19. Item 1, Intrusion The draft guidance provides a design consideration that See comment 17 above.

detection systems requires "reliability and availability of systems and components to achieve the intended intrusion detection functions." 10 CFR 73.SS(b) does not address reliability of equipment. Since probability analysis is not applied to the design of security systems the application of terms such as "reliability" can be ambiguous. Suggest removing this requirement as part of the changes suggested in comment 4.

20. Item 2, Intrusion The draft guidance provides a design consideration that Revise to read:

assessment systems. requires "design of physical security structures, systems, "The design of physical security intrusion and components relied on for intrusion assessment assessment systems ... " functions." This text is unnecessarily wordy and maybe subject to misinterpretation because the scope of SSCs that are relied on for intrusion assessment may be misinterpreted. The requirement should be established at the system level. This suggestion aligns the requirement with current industry quidance for security ITMC.

21. Item 2, Intrusion The draft guidance provides a design consideration that Revise to read: -

assessment systems requires "diversity necessary for the reliability and " ... should provide visual displays and suitable availability of systems and components to achieve the annunciation of alarms in the central and secondary intended intrusion assessment functions." It is unclear alarm stations."-, why diversity is necessary for intrusion assessment equipment. There is no underlying requirement for this design feature in the regulations. Furthermore, the implementation of the term "diversity" may incur different interpretations regarding implementing design requirements. Suggest revising the requirement to more closely align with current COL/DCD securitv ITMC.

22. Item 2, Intrusion "The design should apply the principle of diversity Even though redundancy is not mentioned, if a assessment systems necessary for the reliability and availability of systems and camera system is lost the other diverse systems do components to achieve the intended intrusion assessment not provide the same intrusion detection time and functions." therefore you are driven to redundancy.

23. Item 2, Rationale The draft guidance states, "Engineered intrusion Revise the wording "capability to assess assessment systems ... provides, at all times the capabilitv unauthorized persons" to read "capability to. detect

Attachment Docket ID NRC-2017-0073 to assess unauthorized persons .... " This language, and assess unauthorized persons," consistent with "capability to assess unauthorized persons," is incomplete 10 CFR 73.55(i)(1). with respect to the lanquaqe in 10 CFR 73.55(i).

24. Item 3, Security The draft guidance provides a design consideration that Revise to read:

communication requires communications systems "provide assurance of "The central and secondary alarm stations are systems continuity and integrity of communications. capable of continuous communication with security Communication systems should account for design basis personnel, and have communications capability threats that can interrupt or interfere with continuity or with the main control room and local law integrity of communications." This requirement is beyond enforcement authorities. Non-portable anything that current LWR COL holders are required to communication equipment in the central and meet, is not consistent with the latest COL/DCD ITAAC for secondary alarm stations remains operable from an physical security, and is beyond the requirements in 10 independent power source in the event of loss of CFR 73.55U). Suggest revising to more closely align with normal power." current COL/DCD phvsical-securitv ITAAC.

25. Item 4, Security "The design of security delay systems should be~ This is not specific in what would satisfy this

- delay syster:ns appropriately layered for defense-in depth requirement. Each of the sections has this same type of high level language which is open to a wide ranqe of interpretation.

26. Item 5, Security The draft guidance provides a design consideration title Revise to read:

response for item 5 as "Security response." This title does not "Security response equipment." correspond t6 the desion of anv particular equipment. )7. Item 5, Security The design of engineered physical security structures, The highlighted text implies that a non-LWR must

   . response        systems, and components performing neutralization           have a security staff appropriately sized to engage functions and engineered fighting positions relied on       a threat in similar fashion to the approach
                   - to protect security personnel performing                    employed at conventional LWRs. Although the neutralization functions should provide overlapping         guidance identifies th1e potential use of remotely fields of fire. The design configuration should provide     controlled weapons systems, a security approach layers of opportunities for security response, with each    based on assessment and delay until engagement layer assuring that a single failure does not result in the coming from an offsite force must be considered loss of capability to neutralize the design basis threat    given the small footprint, power output and adversary."                                                 associated staff numbers anticipated for these plants.

Attachment Docket ID NRC-2017-0073

28. Item 6, Control The draft guidance provides a design consideration for Replace the reference to "the reactor building and measures protecting protection from vehicle bombs for "the reactor building structures containing safety related structures, against land and and structures containing safety related structures, systems, and components" with "vital areas."

waterborne vehicle systems, and components." This terminology is different bomb assaults. than is typically used for security protection, which usually refers to "vital areas."

29. Item 6, Control The draft guidance discusses a design consideration to Replace the reference to "structures, systems, and measures protecting provide a "minimum safe stand-off distance to adequately components required for safety and security" with

• against land and protect all structures, systems, and components required "vital areas."

waterborne vehicle for safety and security." This terminology is too bomb assaults. ambiguous and is different than is typically used for security protection, which usually refers to "vital areas."

30. Item 9, Cyber The draft guidance discusses a "strategy consisting of Identify considerations that designers use to avoid Security Defense in complementary and redundant cyber security the need to implement NRC cyber security Depth. Controls" to be implemented to establish layers of programs per 10 CFR 73.54. If non-digital assets protections to safeguard critical digital assets. Rather than provide redundancy, cyber security protections discussing the addition of redundant cyber security should not be regulatory requirements.

controls, these considerations should encourage design that includes non-digital safety- systems that can avoid the

               -        need to implement cvber security proqrams.}}