ML17138A294: Difference between revisions

From kanterella
Jump to navigation Jump to search
(Created page by program invented by StriderTol)
(Created page by program invented by StriderTol)
 
(One intermediate revision by the same user not shown)
Line 16: Line 16:


=Text=
=Text=
{{#Wiki_filter:' ,. \ NIMA ASHKEBOUSSI Director, Fuel Cycle Programs iifoTstreet:, Nw, suite 1100 ** Washington, DC 20004 P: 202.739.8022 nxa@nei.org nei.org April 27, 2017 Ms. Cindy Bladey Office of Administration Mail Stop: OWFN-12H08 U.S. Nuclear Regulatory Commission Washington, DC 20555-0001 p1.v 1°;.-; i ! 6 1U1 1}!£1 NUCLEAR ENERGY INSTITUTE  
{{#Wiki_filter:' ,.
<3/13 /cJi>;7 g',?Z_ 7/{ /e;z-// (!),  
  *~.:
    ~
                                \
NIMA ASHKEBOUSSI Director, Fuel Cycle Programs iifoTstreet:, Nw, suite 1100 Washington, DC 20004 P: 202.739.8022
                                    **                                      p1.v 1&deg;;.-; i ! 6 1U1 I!:~>!
1}!&#xa3;1 NUCLEAR ENERGY INSTITUTE nxa@nei.org nei.org April 27, 2017
                                                                                                                <3/13/cJi>;7 Ms. Cindy Bladey                                                                                  g',?Z_ 7/{ /e;z-//
Office of Administration Mail Stop: OWFN-12H08 U.S. Nuclear Regulatory Commission Washington, DC 20555-0001
(!),


==Subject:==
==Subject:==
Comments on Security Design Considerations Preliminary Draft Guidance (Docket ID NRC-2017-0073) Project Number: 689  
Comments on Security Design Considerations Preliminary Draft Guidance (Docket ID NRC-2017-0073)
Project Number: 689


==Dear Ms. Bladey:==
==Dear Ms. Bladey:==
On behalf of the Nuclear Energy Institute's 1 (NEI) members, we appreciate the opportunity to comment on the Nuclear Regulatory Commission's (NRC) preliminary draft guidance on non-light water reactor LWR) security design considerations (Docket ID NRC-2017-0073).
 
The stated purpose ofthis preliminary guidance is to outline a set of security design considerations that a designer should consider while developing the facility design such that security issues can be effectively resolved through facility design, engineered security features, formulation of mitigation measures, and reduced reliance on human actions. Attached are general and spe!=ific comments on the draft guidance.
On behalf of the Nuclear Energy Institute's 1 (NEI) members, we appreciate the opportunity to comment on the Nuclear Regulatory Commission's (NRC) preliminary draft guidance on non-light water reactor (non-LWR) security design considerations (Docket ID NRC-2017-0073). The stated purpose ofthis preliminary guidance is to outline a set of security design considerations that a designer should consider while developing the facility design such that security issues can be effectively resolved through facility design, engineered security features, formulation of mitigation measures, and reduced reliance on human actions.
Small modular reactors (SMRs) and advanced non-LWRs will have significantly enhanced safety and security performance as compared to thereactors in operation today, including some designs utilizing fuel that is not susceptible to overheating and core damage. These technologies are capable of significantly lowering the risk of radiological sabotage, while reducing, or eliminating, the reliance on human actions. While we appreciate the NRC's attempt to provide designers information on incorporating security by design to meet regulatory requirements, as currently drafted the preliminary security design considerations only provide an overview of the existing regulatory requirements in 10 CFR Part 73. These regulations are intended for large light water reactors and do not provide new information or innovative guidance that recognizes the unique attributes of advanced reactors.
Attached are general and spe!=ific comments on the draft guidance.
Industry needs regulations and guidance that is appropriately framed for SMRs and non-LWRs.
Small modular reactors (SMRs) and advanced non-LWRs will have significantly enhanced safety and security performance as compared to thereactors in operation today, including some designs utilizing fuel that is not susceptible to overheating and core damage. These technologies are capable of significantly lowering the risk of radiological sabotage, while reducing, or eliminating, the reliance on human actions. While we appreciate the NRC's attempt to provide designers information on incorporating security by design to meet regulatory requirements, as currently drafted the preliminary security design considerations only provide an overview of the existing regulatory requirements in 10 CFR Part 73. These regulations are intended for large light water reactors and do not provide new information or innovative guidance that recognizes the unique attributes of advanced reactors. Industry needs regulations and guidance that is appropriately framed for SMRs and non-LWRs.
1 The Nuclear Energy Institute (NEI) is the organization responsible for establishing unified industry policy on matters affecting the nuclear energy industry, including the regulatory aspects of generic operational and technical issues. NEI's members include all entities licensed to operate commercial nuclear power plants in the United States, nuclear plant designers, major architect/engineering firms, fuel cycle facilities, nuclear materials licensees, and other organizations and entities involved in the nuclear energy industry.
1 The Nuclear Energy Institute (NEI) is the organization responsible for establishing unified industry policy on matters affecting the nuclear energy industry, including the regulatory aspects of generic operational and technical issues. NEI's members include all entities licensed to operate commercial nuclear power plants in the United States, nuclear plant designers, major architect/engineering firms, fuel cycle facilities, nuclear materials licensees, and other organizations and entities involved in the nuclear energy industry.
NUCLEAR. CLEAN AIR ENERGY SUNSI Review Complete Template=
NUCLEAR. CLEAN AIR ENERGY                                                             SUNSI Review Complete Template= ADM - 013 E-RIDS= ADM-03 Add= -{/- *r-/;; J,               Cb/./&J
ADM -013 E-RIDS= ADM-03 Add= -{/-*r-/;; J, Cb/./& J Ms. Cindy Bladey April 27, 2017 Page 2 NEI submitted a White Paper 2 to propose new physical security requirements that are more appropriate for advanced reactor technologies.
 
These proposals would continue to provide assurance that activities are not inimical to the common defense and security and do not constitute an unreasonable risk to public health and safety. We respectfully suggest that NRC prioritize rulemaking to support the changes identified in the White Paper. Such action would provide a greater benefit to industry, enabling plant designers to incorporate enhanced security features early in the design process that meet new regulatory requirements, rather than using the preliminary security design considerations (based on regulations for large light water reactors) as currently drafted. NRC intends to incorporate the security design considerations with advanced reactor design criteria under one guidance document.
Ms. Cindy Bladey April 27, 2017 Page 2 NEI submitted a White Paper 2 to propose new physical security requirements that are more appropriate for advanced reactor technologies. These proposals would continue to provide assurance that activities are not inimical to the common defense and security and do not constitute an unreasonable risk to public health and safety. We respectfully suggest that NRC prioritize rulemaking to support the changes identified in the White Paper. Such action would provide a greater benefit to industry, enabling plant designers to incorporate enhanced security features early in the design process that meet new regulatory requirements, rather than using the preliminary security design considerations (based on regulations for large light water reactors) as currently drafted.
In light of the future rulemaking, a better utilization of industry and resources would be directed towards rulemaking and new guidance development, as opposed to developing security design considerations that fit into existing regulations.
NRC intends to incorporate the security design considerations with advanced reactor design criteria under one guidance document. In light of the future rulemaking, a better utilization of industry and Nl~C resources would be directed towards rulemaking and new guidance development, as opposed to developing security design considerations that fit into existing regulations. If the staff continues towards the development of security design considerations, it should do so in a coordinated manner with the NEI White Paper, where the considerations and guidance are based on advances achieved through the rulemaking process.
If the staff continues towards the development of security design considerations, it should do so in a coordinated manner with the NEI White Paper, where the considerations and guidance are based on advances achieved through the rulemaking process. Thank you for your consideration of these comments.
Thank you for your consideration of these comments. We look forward to remaining engaged on right-sizing the security requirements for advanced nuclear power generation technologies.
We look forward to remaining engaged on right-sizing the security requirements for advanced nuclear power generation technologies.
Please contact me if you have any questions.
Please contact me if you have any questions.
Sincerely, Nima Ashkeboussi Attachment c: Mr. George Tartal, NRO/DEIA, NRC Mr. John Monninger, NRO/DSRA, NRC. 2 December 14, 2016, Letter from Pamela Cowan, NEI, to Vanna Ordaz, NRC, "Proposed Physical Security Requirements for Advanced Reactor Technologies" Affected Section 1. General 2. General 3. General Attachment Docket ID NRC-2017-0073 Comments on Draft Security Design Considerations Comment/Basis Recommendation The purpose of this draft document is unclear with respect _ Recommend elaborating further on the NRC's intent to its application to advanced reactors.
Sincerely, Nima Ashkeboussi Attachment c:       Mr. George Tartal, NRO/DEIA, NRC Mr. John Monninger, NRO/DSRA, NRC.
Part 73 was behind this draft document.
2 December 14, 2016, Letter from Pamela Cowan, NEI, to Vanna Ordaz, NRC, "Proposed Physical Security Requirements for Advanced Reactor Technologies"
developed to apply to large LWRs. This draft guidance summarizes some existing regulations and some regulatory guides and does not offer. non-LWR approaches to meeting security regulations.
 
This draft document selectively addresses provisions of Part 73 for security considerations in the design of advanced reactors without an explanation of why the selective provisions are especially applicable to advanced reactor design. It would seem that the current design and licensing application process for identifying the security requirements, in accordance with Part 73 would be applicable for both LWRs and non-LWRs.
Attachment Docket ID NRC-2017-0073 Comments on Draft Security Design Considerations Affected Section                        Comment/Basis                                           Recommendation
The document describes the draft security design criteria Revise the document applicability to include SMRs. as being applicable for advanced reactors.
: 1. General          The purpose of this draft document is unclear with respect _ Recommend elaborating further on the NRC's intent to its application to advanced reactors. Part 73 was         behind this draft document.
It appears that the same criteria could apply to small modular reactors.
developed to apply to large LWRs. This draft guidance summarizes some existing regulations and some regulatory guides and does not offer. non-LWR approaches to meeting security regulations. This draft document selectively addresses provisions of Part 73 for security considerations in the design of advanced reactors without an explanation of why the selective provisions are especially applicable to advanced reactor design. It would seem that the current design and licensing application process for identifying the security requirements, in accordance with Part 73 would be applicable for both LWRs and non-LWRs.
Is -there a rationale for the criteria to not be applicable to SM Rs? IAEA is developing a draft guideline called "Security for Staff should consider any relevant guidelines for the Lifetime of a Nuclear Facility." It sets international consideration.
: 2. General          The document describes the draft security design criteria   Revise the document applicability to include SMRs.
It can be found at www-standards for security to be incorporated into the concept, ns.iaea.org/downloads/security/security-series-design, layout, and construction of the facilitv.
as being applicable for advanced reactors. It appears that the same criteria could apply to small modular reactors. Is                                       -
drafts/imolem-quides/nst051.odf
there a rationale for the criteria to not be applicable to SM Rs?
: 4. General The Commission policy statement within 73 FR 60612 states, in part, "For new nuclear power reactors, the Commission considers it prudent to provide expectations and guidance on security matters to prospective applicants so that they can use this information early in the design stage of new reactors to identify potential mitigated measures and/or design features that provide a more robust and effective security posture." Although the Commission supports guidance with regard to security for advanced reactors, ttie policy statement is not prescriptive as to what regulatory vehicle the NRC staff should use to offer auidance to ootential aoolicants.
: 3. General          IAEA is developing a draft guideline called "Security for   Staff should consider any relevant guidelines for the Lifetime of a Nuclear Facility." It sets international   consideration. It can be found at www-standards for security to be incorporated into the concept, ns.iaea.org/downloads/security/security-series-design, layout, and construction of the facilitv.           drafts/imolem-quides/nst051.odf
: 5. General This draft guidance makes statements such as, "These \ considerations, if adequately implemented through detailed design, along with the adequate implementation of administrative controls and security programs, are one way to protect a nuclear power reactor against the DBT for radiological sabotage".
 
The NRC should clearly identify the specificregulation(s) that would be met by followina/coinmittina to this future reaulatorv auide. 6. General In response to comment UCS-1 within the Commission policy statement contained in 73 FR 60615, the NRC response is as follows, "The GDC establish minimum requirements for the principal design criteria for nuclear power plants. The goal of the policy statement is not to raise these minimum requirements, but rather to encourage advanced reactor designers to consider safety and security matters during the development of future reactor designs. No changes were made to the policy statement as a result of this comment." This draft guidance leaves the impression that the security design considerations may be issued as part of the ARDC regulatory guide, which would raise the minimum .. requirements.
Attachment Docket ID NRC-2017-0073
This action would be counter to NRC resoonse'in the Commission oolicv statement.
: 4. General   The Commission policy statement within 73 FR 60612           Consider deleting this draft guidance and re-issuing states, in part, "For new nuclear power reactors, the       as information only through the use of a NUREG, or Commission considers it prudent to provide expectations     other regulatory vehicle, as appropriate.
Attachment Docket ID NRC-2017-0073 Consider deleting this draft guidance and re-issuing as information only through the use of a NUREG, or other regulatory vehicle, as appropriate.
and guidance on security matters to prospective applicants so that they can use this information early in the design stage of new reactors to identify potential mitigated measures and/or design features that provide a more robust and effective security posture." Although the Commission supports guidance with regard to security for advanced reactors, ttie policy statement is not prescriptive as to what regulatory vehicle the NRC staff should use to offer auidance to ootential aoolicants.
Staff should clearly link each design consideration to a regulation and be clear that implementing the considerations satisfies the regulations.  
: 5. General   This draft guidance makes statements such as, "These         Staff should clearly link each design consideration
' . Remove this draft guidance from the ARDC regulatory guidance to maintain separation between these security considerations.  
    \
-
considerations, if adequately implemented through           to a regulation and be clear that implementing the detailed design, along with the adequate implementation     considerations satisfies the regulations.
: 7. General In Section III, "Final Policy Statement," within 73 FR 60615, the Commission stated, in part, "Designs that include considerations for safety and security requirements together in the design process such that security issues (e.g., newly identified threats of terrorist attacks) can be effectively resolved through facility design and engineered security features, and formulation of mitigation measures, with reduced reliance on human actions." This bullet point underlines the inherent safety of advanced reactor designs, with their characteristic of reduced reliance on human action to maintain safety to the public and the environment.
of administrative controls and security programs, are one                                         '
In contrast, this draft guidance continues to prescribe human action to mitigate unusual events when it may not be necessary to have any human action to resolve an event. 8. General This draft guidance discusses different avenues for advanced reactors to undertake, but does not discuss standard desiqn aoorovals (SDAs). 9. "NRC Policy on The draft guidance states, "The integration of safety and Advanced Reactors -security ... ," which is listed under an "NRC Policy" section. Security" Section NRC policy is Commission policy, as denoted in the first paragraph of this section. The second paragraph of the section was written by the NRC staff. Therefore, it is misleading to place that paragraph in this section without further clarification.
way to protect a nuclear power reactor against the DBT for radiological sabotage". The NRC should clearly identify the specificregulation(s) that would be met by followina/coinmittina to this future reaulatorv auide.
: 10. "Security Design This paragraph describes that this draft guidance contains Considerations for security design considerations, but provides no definition Non-Light Water for the term "considerations". "Considerations" is not a Reactors", 1st commonly used term by the NRC and the intent of this paragraph term is unclear. However, this paragraph states that considerations "should" be taken into account without any regulatory backing. Attachment Docket ID NRC-2017-0073 Consider relaxing human action requirements within the security design considerations.
: 6. General   In response to comment UCS-1 within the Commission           Remove this draft guidance from the ARDC policy statement contained in 73 FR 60615, the NRC           regulatory guidance to maintain separation response is as follows, "The GDC establish minimum           between these security considerations.
Any necessary actions could be demonstrated to be possible from remote locations, with the collaboration of the local law enforcement organizations, without having the necessity of a full onsite security team. --State the implication of this draft guidance on SD As. --Clarify that this definition of integration of safety and security is the NRC staff's interpretation, not Commission Policy. --Clarify what is meant by the term "considerations," and the regulatory impact on applicant and licensees.  
requirements for the principal design criteria for nuclear power plants. The goal of the policy statement is not to raise these minimum requirements, but rather to encourage advanced reactor designers to consider safety and security matters during the development of future             -
-
reactor designs. No changes were made to the policy statement as a result of this comment." This draft guidance leaves the impression that the security design considerations may be issued as part of the ARDC regulatory guide, which would raise the minimum
: 11. "Security Design The paragraph states, in part, "To establish guidance for Considerations for designers to identify opportunities for resolving security Non-Light Water issues." This phrase is confusing.
          .. requirements. This action would be counter to NRC resoonse'in the Commission oolicv statement.
It is unclear what Reactors" 2nd "security issues" are in this context. ' paragraph  
 
.' 12. "Security Design The paragraph states, in part, " ... the NRC staff considered Considerations for the requirements in 10 CFR Part 73 that are related to the Non-Light Water design of ... " Although Part 73 is the principal regulation Reactors" 2nd for security for power reactors, it is not the only part of ' ' paragraph  
Attachment Docket ID NRC-2017-0073
' the Code being considered by advanced reactor designers.
: 7. General              In Section III, "Final Policy Statement," within 73 FR        Consider relaxing human action requirements 60615, the Commission stated, in part, "Designs that          within the security design considerations. Any include considerations for safety and security                necessary actions could be demonstrated to be requirements together in the design process such that         possible from remote locations, with the security issues (e.g., newly identified threats of terrorist  collaboration of the local law enforcement attacks) can be effectively resolved through facility design  organizations, without having the necessity of a full and engineered security features, and formulation of          onsite security team.
Some small-scale advanced reactors may be considering a hybridization of 10 CFR Part 73 and 10 CFR Part 37. 13. "Security Design The paragraph states, "The design considerations were Considerations for informed by requirements in 10 CFR Part 73 as well as Non-Light Water existing guidance." It is unusual for regulatory guides that Reactors" 2nd are issued by the NRC to summarize other regulatory
mitigation measures, with reduced reliance on human actions." This bullet point underlines the inherent safety of advanced reactor designs, with their characteristic of reduced reliance on human action to maintain safety to                                --
' paragraph guides. Typically, a regulatory guide is one method that the NRC considers acceptable to meet a specific regulation.
the public and the environment. In contrast, this draft guidance continues to prescribe human action to mitigate unusual events when it may not be necessary to have any human action to resolve an event.
A regulatory guide is not a distillation of other regulatory guides. In addition to other regulatory guides, this draft guidance mostly considers 10 CFR Part 73, which is fairly prescriptive (unlike the GDCs, for example).
: 8. General              This draft guidance discusses different avenues for            State the implication of this draft guidance on advanced reactors to undertake, but does not discuss          SDAs.
It is unusual to issue guidance that does a high-level summary of a whole Part to the CFR. Issuing guidance \ that 1) summarizes other guidance and 2) summarizes certain sections from a part to the CFR, seems inaooropriate.
standard desiqn aoorovals (SDAs).
: 14. "Process" Section It is unclear in what form these security design considerations will ultimately be published.
: 9. "NRC Policy on      The draft guidance states, "The integration of safety and     Clarify that this definition of integration of safety Advanced Reactors - security ... ," which is listed under an "NRC Policy" section. and security is the NRC staff's interpretation, not Security" Section   NRC policy is Commission policy, as denoted in the first       Commission Policy.
The text gives the impression that they will be published as part of the ARDC RG. -Attachment Docket ID NRC-2017-0073 Clarify or revise the quoted text. ,, Consider deleting this draft guidance.
paragraph of this section. The second paragraph of the section was written by the NRC staff. Therefore, it is             --
Advanced reactor designers, as appropriate, will provide justification on how their designs will conform to 10 CFR Part 37 or Part 73, as applicable.
misleading to place that paragraph in this section without further clarification.
This preliminary draft guide provides no new information and reiterates the existing regulatory requirements that are described in other regulatory guides. It's not clear what the need for this document is. -Clarify on the intent and regulatory vehicle of publishing the security design considerations.
: 10. "Security Design   This paragraph describes that this draft guidance contains     Clarify what is meant by the term "considerations,"
: 15. Item 1, Intrusion detection systems 16. Item 1, Intrusion detection systems 17. Item 1, Intrusion detection systems 18. Item 1, Intrusion detection systems The draft guidance provides a design consideration that reads "design of physical security structures, systems, and components relied on for interior and exterior intrusion detection functions." This text is unnecessarily wordy and maybe subject to misinterpretation because the scope of SSCs that are relied on for intrusion detection may be misinterpreted.
Considerations for security design considerations, but provides no definition     and the regulatory impact on applicant and Non-Light Water     for the term "considerations". "Considerations" is not a       licensees.
The requirement text should focus on the detection system itself and be established at the system level. This suggestion aligns the requirement
Reactors", 1st     commonly used term by the NRC and the intent of this                                                       -
'with current industry guidance for security ITAAC. The draft guidance provides a design consideration that requires "detecting unauthorized access into vital and protected areas." The requirement should be the detection of attempted and actual unauthorized penetration.
paragraph           term is unclear. However, this paragraph states that considerations "should" be taken into account without any regulatory backing.
This suggestion aligns the requirement with current industry guidance for security ITAAC. The draft guidance provides a design consideration that requires a system to detect "unauthorized access into vital and protected areas." This text is somewhat ambiguous since a barrier could be violated without someone achieving access. Suggest changing the term to "unauthorized penetration-of vital and protected areas barriers." This suggestion aligns the requirement with . current industry quidance for security ITAAC. The draft guidance provides a design consideration that requires the intrusion detection system design to "apply the principle of diversity." The requirement for diversity is not contained in the' regulations.
 
Furthermore, the implementation of the term "diversity" may incur qifferent interpretations regarding how a design should be diverse. The objective should be to design the system with multiple approaches to provide an integrated capability.
Attachment Docket ID NRC-2017-0073
This suggestion is consistent with wording in NUREG-1959. Revise sentence to read: Attachment Docket ID NRC-2017-0073 "The design of interior and exterior physical security intrusion detection systems ... " Revise sentence to read: " ... should provide assurance of detecting attempted and actual unauthorized penetration of vital and protected area barriers." See comment 15 above. Revise sentence to read: "The design should apply multiple methodologies to provide an integrated detection capability."
: 11. "Security Design    The paragraph states, in part, "To establish guidance for    Clarify or revise the quoted text.
: 19. Item 1, Intrusion detection systems 20. Item 2, Intrusion assessment systems. 21. Item 2, Intrusion assessment systems 22. Item 2, Intrusion assessment systems 23. Item 2, Rationale The draft guidance provides a design consideration that requires "reliability and availability of systems and components to achieve the intended intrusion detection functions." 10 CFR 73.SS(b) does not address reliability of equipment.
Considerations for  designers to identify opportunities for resolving security Non-Light Water      issues." This phrase is confusing. It is unclear what Reactors" 2nd        "security issues" are in this context.
Since probability analysis is not applied to the design of security systems the application of terms such as "reliability" can be ambiguous.
paragraph'                                                              .'                        ,,
Suggest removing this requirement as part of the changes suggested in comment 4. The draft guidance provides a design consideration that requires "design of physical security structures, systems, and components relied on for intrusion assessment functions." This text is unnecessarily wordy and maybe subject to misinterpretation because the scope of SSCs that are relied on for intrusion assessment may be misinterpreted.
: 12. "Security Design     The paragraph states, in part, " ... the NRC staff considered Consider deleting this draft guidance. Advanced Considerations for   the requirements in 10 CFR Part 73 that are related to the    reactor designers, as appropriate, will provide Non-Light Water     design of... " Although Part 73 is the principal regulation  justification on how their designs will conform to 10 Reactors" 2nd        for security for power reactors, it is not the only part of  CFR Part 37 or Part 73, as applicable.
The requirement should be established at the system level. This suggestion aligns the requirement with current industry quidance for security ITMC. The draft guidance provides a design consideration that requires "diversity necessary for the reliability and availability of systems and components to achieve the intended intrusion assessment functions." It is unclear why diversity is necessary for intrusion assessment equipment.
paragraph           the Code being considered by advanced reactor designers.
There is no underlying requirement for this design feature in the regulations.
Some small-scale advanced reactors may be considering a hybridization of 10 CFR Part 73 and 10 CFR Part 37.
Furthermore, the implementation of the term "diversity" may incur different interpretations regarding implementing design requirements.
: 13. "Security Design     The paragraph states, "The design considerations were        This preliminary draft guide provides no new Considerations for   informed by requirements in 10 CFR Part 73 as well as        information and reiterates the existing regulatory Non-Light Water     existing guidance." It is unusual for regulatory guides that  requirements that are described in other regulatory Reactors" 2nd       are issued by the NRC to summarize other regulatory          guides. It's not clear what the need for this paragraph'           guides. Typically, a regulatory guide is one method that      document is.
Suggest revising the requirement to more closely align with current COL/DCD securitv ITMC. "The design should apply the principle of diversity necessary for the reliability and availability of systems and components to achieve the intended intrusion assessment functions." The draft guidance states, "Engineered intrusion assessment systems ... provides, at all times the capabilitv See comment 17 above. Revise to read: Attachment Docket ID NRC-2017-0073 "The design of physical security intrusion assessment systems ... " Revise to read: -" ... should provide visual displays and suitable annunciation of alarms in the central and secondary alarm stations." -, Even though redundancy is not mentioned, if a camera system is lost the other diverse systems do not provide the same intrusion detection time and therefore you are driven to redundancy.
the NRC considers acceptable to meet a specific regulation. A regulatory guide is not a distillation of other regulatory guides. In addition to other regulatory guides,     -
Revise the wording "capability to assess unauthorized persons" to read "capability to. detect to assess unauthorized persons .... " This language, "capability to assess unauthorized persons," is incomplete with respect to the lanquaqe in 10 CFR 73.55(i).
this draft guidance mostly considers 10 CFR Part 73, which is fairly prescriptive (unlike the GDCs, for example).
: 24. Item 3, Security The draft guidance provides a design consideration that communication requires communications systems "provide assurance of systems continuity and integrity of communications.
It is unusual to issue guidance that does a high-level summary of a whole Part to the CFR. Issuing guidance
Communication systems should account for design basis threats that can interrupt or interfere with continuity or integrity of communications." This requirement is beyond anything that current LWR COL holders are required to meet, is not consistent with the latest COL/DCD ITAAC for physical security, and is beyond the requirements in 10 CFR 73.55U). Suggest revising to more closely align with current COL/DCD phvsical-securitv ITAAC. 25. Item 4, Security "The design of security delay systems should -delay syster:ns appropriately layered for defense-in depth 26. Item 5, Security The draft guidance provides a design consideration title response for item 5 as "Security response." This title does not correspond t6 the desion of anv particular equipment.  
\                          that 1) summarizes other guidance and 2) summarizes certain sections from a part to the CFR, seems inaooropriate.
)7. Item 5, Security The design of engineered physical security structures, . response systems, and components performing neutralization functions and engineered fighting positions relied on -to protect security personnel performing neutralization functions should provide overlapping fields of fire. The design configuration should provide layers of opportunities for security response, with each layer assuring that a single failure does not result in the loss of capability to neutralize the design basis threat adversary." Attachment Docket ID NRC-2017-0073 and assess unauthorized persons," consistent with 10 CFR 73.55(i)(1).
: 14. "Process" Section    It is unclear in what form these security design              Clarify on the intent and regulatory vehicle of considerations will ultimately be published. The text gives  publishing the security design considerations.
Revise to read: "The central and secondary alarm stations are capable of continuous communication with security personnel, and have communications capability with the main control room and local law enforcement authorities.
the impression that they will be published as part of the ARDC RG.                         -
Non-portable communication equipment in the central and secondary alarm stations remains operable from an independent power source in the event of loss of normal power." This is not specific in what would satisfy this requirement.
 
Each of the sections has this same type of high level language which is open to a wide ranqe of interpretation.
Attachment Docket ID NRC-2017-0073
Revise to read: "Security response equipment." The highlighted text implies that a non-LWR must have a security staff appropriately sized to engage a threat in similar fashion to the approach employed at conventional LWRs. Although the guidance identifies th 1 e potential use of remotely controlled weapons systems, a security approach based on assessment and delay until engagement coming from an offsite force must be considered given the small footprint, power output and associated staff numbers anticipated for these plants.
: 15. Item 1, Intrusion The draft guidance provides a design consideration that      Revise sentence to read:
: 28. Item 6, Control measures protecting against land and waterborne vehicle bomb assaults.
detection systems reads "design of physical security structures, systems, and "The design of interior and exterior physical components relied on for interior and exterior intrusion      security intrusion detection systems ... "
: 29. Item 6, Control measures protecting
detection functions." This text is unnecessarily wordy and maybe subject to misinterpretation because the scope of SSCs that are relied on for intrusion detection may be misinterpreted. The requirement text should focus on the detection system itself and be established at the system level. This suggestion aligns the requirement 'with current industry guidance for security ITAAC.
* against land and waterborne vehicle bomb assaults.
: 16. Item 1, Intrusion The draft guidance provides a design consideration that       Revise sentence to read:
: 30. Item 9, Cyber Security Defense in Depth. -The draft guidance provides a design consideration for protection from vehicle bombs for "the reactor building and structures containing safety related structures, systems, and components." This terminology is different than is typically used for security protection, which usually refers to "vital areas." The draft guidance discusses a design consideration to provide a "minimum safe stand-off distance to adequately protect all structures, systems, and components required for safety and security." This terminology is too ambiguous and is different than is typically used for security protection, which usually refers to "vital areas." The draft guidance discusses a "strategy consisting of complementary and redundant cyber security Controls" to be implemented to establish layers of protections to safeguard critical digital assets. Rather than discussing the addition of redundant cyber security controls, these considerations should encourage design that includes non-digital safety-systems that can avoid the need to implement cvber security proqrams.
detection systems requires "detecting unauthorized access into vital and       " ... should provide assurance of detecting attempted protected areas." The requirement should be the detection and actual unauthorized penetration of vital and of attempted and actual unauthorized penetration. This        protected area barriers."
Attachment Docket ID NRC-2017-0073 Replace the reference to "the reactor building and structures containing safety related structures, systems, and components" with "vital areas." Replace the reference to "structures, systems, and components required for safety and security" with "vital areas." Identify considerations that designers use to avoid the need to implement NRC cyber security programs per 10 CFR 73.54. If non-digital assets provide redundancy, cyber security protections should not be regulatory requirements.}}
suggestion aligns the requirement with current industry guidance for security ITAAC.
: 17. Item 1, Intrusion The draft guidance provides a design consideration that       See comment 15 above.
detection systems requires a system to detect "unauthorized access into vital and protected areas." This text is somewhat ambiguous since a barrier could be violated without someone achieving access. Suggest changing the term to "unauthorized penetration- of vital and protected areas barriers." This suggestion
                                          .      aligns the requirement with
                                                      ~
current industry quidance for security ITAAC.
: 18. Item 1, Intrusion The draft guidance provides a design consideration that       Revise sentence to read: "The design should apply detection systems requires the intrusion detection system design to "apply      multiple methodologies to provide an integrated the principle of diversity." The requirement for diversity is detection capability."
not contained in the' regulations. Furthermore, the implementation of the term "diversity" may incur qifferent interpretations regarding how a design should be diverse.
The objective should be to design the system with multiple approaches to provide an integrated capability.
This suggestion is consistent with wording in NUREG-1959.
 
Attachment Docket ID NRC-2017-0073
: 19. Item 1, Intrusion  The draft guidance provides a design consideration that      See comment 17 above.
detection systems  requires "reliability and availability of systems and components to achieve the intended intrusion detection functions." 10 CFR 73.SS(b) does not address reliability of equipment. Since probability analysis is not applied to the design of security systems the application of terms such as "reliability" can be ambiguous. Suggest removing this requirement as part of the changes suggested in comment 4.
: 20. Item 2, Intrusion  The draft guidance provides a design consideration that      Revise to read:
assessment systems. requires "design of physical security structures, systems,   "The design of physical security intrusion and components relied on for intrusion assessment            assessment systems ... "
functions." This text is unnecessarily wordy and maybe subject to misinterpretation because the scope of SSCs that are relied on for intrusion assessment may be misinterpreted. The requirement should be established at the system level. This suggestion aligns the requirement with current industry quidance for security ITMC.
: 21. Item 2, Intrusion  The draft guidance provides a design consideration that      Revise to read:      -
assessment systems requires "diversity necessary for the reliability and        " ... should provide visual displays and suitable availability of systems and components to achieve the         annunciation of alarms in the central and secondary intended intrusion assessment functions." It is unclear      alarm stations."-,
why diversity is necessary for intrusion assessment equipment. There is no underlying requirement for this design feature in the regulations. Furthermore, the implementation of the term "diversity" may incur different interpretations regarding implementing design requirements. Suggest revising the requirement to more closely align with current COL/DCD securitv ITMC.
: 22. Item 2, Intrusion  "The design should apply the principle of diversity           Even though redundancy is not mentioned, if a assessment systems  necessary for the reliability and availability of systems and camera system is lost the other diverse systems do components to achieve the intended intrusion assessment       not provide the same intrusion detection time and functions."                                                   therefore you are driven to redundancy.
: 23. Item 2, Rationale  The draft guidance states, "Engineered intrusion              Revise the wording "capability to assess assessment systems ... provides, at all times the capabilitv  unauthorized persons" to read "capability to. detect
 
Attachment Docket ID NRC-2017-0073 to assess unauthorized persons .... " This language,        and assess unauthorized persons," consistent with "capability to assess unauthorized persons," is incomplete  10 CFR 73.55(i)(1).
with respect to the lanquaqe in 10 CFR 73.55(i).
: 24. Item 3, Security The draft guidance provides a design consideration that    Revise to read:
communication  requires communications systems "provide assurance of      "The central and secondary alarm stations are systems        continuity and integrity of communications.                capable of continuous communication with security Communication systems should account for design basis      personnel, and have communications capability threats that can interrupt or interfere with continuity or  with the main control room and local law integrity of communications." This requirement is beyond    enforcement authorities. Non-portable anything that current LWR COL holders are required to      communication equipment in the central and meet, is not consistent with the latest COL/DCD ITAAC for  secondary alarm stations remains operable from an physical security, and is beyond the requirements in 10    independent power source in the event of loss of CFR 73.55U). Suggest revising to more closely align with    normal power."
current COL/DCD phvsical-securitv ITAAC.
: 25. Item 4, Security "The design of security delay systems should be~            This is not specific in what would satisfy this
-    delay syster:ns appropriately layered for defense-in depth                  requirement. Each of the sections has this same type of high level language which is open to a wide ranqe of interpretation.
: 26. Item 5, Security The draft guidance provides a design consideration title    Revise to read:
response        for item 5 as "Security response." This title does not      "Security response equipment."
correspond t6 the desion of anv particular equipment.
)7. Item 5, Security  The design of engineered physical security structures,      The highlighted text implies that a non-LWR must
    . response        systems, and components performing neutralization          have a security staff appropriately sized to engage functions and engineered fighting positions relied on      a threat in similar fashion to the approach
                    - to protect security personnel performing                    employed at conventional LWRs. Although the neutralization functions should provide overlapping        guidance identifies th1e potential use of remotely fields of fire. The design configuration should provide    controlled weapons systems, a security approach layers of opportunities for security response, with each    based on assessment and delay until engagement layer assuring that a single failure does not result in the coming from an offsite force must be considered loss of capability to neutralize the design basis threat    given the small footprint, power output and adversary."                                                associated staff numbers anticipated for these plants.
 
Attachment Docket ID NRC-2017-0073
: 28. Item 6, Control      The draft guidance provides a design consideration for        Replace the reference to "the reactor building and measures protecting protection from vehicle bombs for "the reactor building      structures containing safety related structures, against land and    and structures containing safety related structures,          systems, and components" with "vital areas."
waterborne vehicle  systems, and components." This terminology is different bomb assaults.      than is typically used for security protection, which usually refers to "vital areas."
: 29. Item 6, Control      The draft guidance discusses a design consideration to        Replace the reference to "structures, systems, and measures protecting provide a "minimum safe stand-off distance to adequately      components required for safety and security" with
* against land and    protect all structures, systems, and components required      "vital areas."
waterborne vehicle  for safety and security." This terminology is too bomb assaults.     ambiguous and is different than is typically used for security protection, which usually refers to "vital areas."
: 30. Item 9, Cyber        The draft guidance discusses a "strategy consisting of        Identify considerations that designers use to avoid Security Defense in complementary and redundant cyber security                    the need to implement NRC cyber security Depth.             Controls" to be implemented to establish layers of           programs per 10 CFR 73.54. If non-digital assets protections to safeguard critical digital assets. Rather than provide redundancy, cyber security protections discussing the addition of redundant cyber security          should not be regulatory requirements.
controls, these considerations should encourage design that includes non-digital safety- systems that can avoid the
                -        need to implement cvber security proqrams.}}

Latest revision as of 17:01, 4 February 2020

Comment (1) of Nima Ashkeboussi on Behalf of Nuclear Energy Institute on Security Design Considerations Preliminary Draft Guidance
ML17138A294
Person / Time
Site: Nuclear Energy Institute
Issue date: 04/27/2017
From: Ashkeboussi N
Nuclear Energy Institute
To: Cindy Bladey
Rules, Announcements, and Directives Branch
References
82FR13511 00001, NRC-2017-0073
Download: ML17138A294 (10)


Text

{{#Wiki_filter:' ,.

 *~.:
    ~
                                \

NIMA ASHKEBOUSSI Director, Fuel Cycle Programs iifoTstreet:, Nw, suite 1100 Washington, DC 20004 P: 202.739.8022

                                    **                                       p1.v 1°;.-; i ! 6 1U1 I!:~>!

1}!£1 NUCLEAR ENERGY INSTITUTE nxa@nei.org nei.org April 27, 2017

                                                                                                               <3/13/cJi>;7 Ms. Cindy Bladey                                                                                   g',?Z_ 7/{ /e;z-//

Office of Administration Mail Stop: OWFN-12H08 U.S. Nuclear Regulatory Commission Washington, DC 20555-0001 (!),

Subject:

Comments on Security Design Considerations Preliminary Draft Guidance (Docket ID NRC-2017-0073) Project Number: 689

Dear Ms. Bladey:

On behalf of the Nuclear Energy Institute's 1 (NEI) members, we appreciate the opportunity to comment on the Nuclear Regulatory Commission's (NRC) preliminary draft guidance on non-light water reactor (non-LWR) security design considerations (Docket ID NRC-2017-0073). The stated purpose ofthis preliminary guidance is to outline a set of security design considerations that a designer should consider while developing the facility design such that security issues can be effectively resolved through facility design, engineered security features, formulation of mitigation measures, and reduced reliance on human actions. Attached are general and spe!=ific comments on the draft guidance. Small modular reactors (SMRs) and advanced non-LWRs will have significantly enhanced safety and security performance as compared to thereactors in operation today, including some designs utilizing fuel that is not susceptible to overheating and core damage. These technologies are capable of significantly lowering the risk of radiological sabotage, while reducing, or eliminating, the reliance on human actions. While we appreciate the NRC's attempt to provide designers information on incorporating security by design to meet regulatory requirements, as currently drafted the preliminary security design considerations only provide an overview of the existing regulatory requirements in 10 CFR Part 73. These regulations are intended for large light water reactors and do not provide new information or innovative guidance that recognizes the unique attributes of advanced reactors. Industry needs regulations and guidance that is appropriately framed for SMRs and non-LWRs. 1 The Nuclear Energy Institute (NEI) is the organization responsible for establishing unified industry policy on matters affecting the nuclear energy industry, including the regulatory aspects of generic operational and technical issues. NEI's members include all entities licensed to operate commercial nuclear power plants in the United States, nuclear plant designers, major architect/engineering firms, fuel cycle facilities, nuclear materials licensees, and other organizations and entities involved in the nuclear energy industry. NUCLEAR. CLEAN AIR ENERGY SUNSI Review Complete Template= ADM - 013 E-RIDS= ADM-03 Add= -{/- *r-/;; J, Cb/./&J

Ms. Cindy Bladey April 27, 2017 Page 2 NEI submitted a White Paper 2 to propose new physical security requirements that are more appropriate for advanced reactor technologies. These proposals would continue to provide assurance that activities are not inimical to the common defense and security and do not constitute an unreasonable risk to public health and safety. We respectfully suggest that NRC prioritize rulemaking to support the changes identified in the White Paper. Such action would provide a greater benefit to industry, enabling plant designers to incorporate enhanced security features early in the design process that meet new regulatory requirements, rather than using the preliminary security design considerations (based on regulations for large light water reactors) as currently drafted. NRC intends to incorporate the security design considerations with advanced reactor design criteria under one guidance document. In light of the future rulemaking, a better utilization of industry and Nl~C resources would be directed towards rulemaking and new guidance development, as opposed to developing security design considerations that fit into existing regulations. If the staff continues towards the development of security design considerations, it should do so in a coordinated manner with the NEI White Paper, where the considerations and guidance are based on advances achieved through the rulemaking process. Thank you for your consideration of these comments. We look forward to remaining engaged on right-sizing the security requirements for advanced nuclear power generation technologies. Please contact me if you have any questions. Sincerely, Nima Ashkeboussi Attachment c: Mr. George Tartal, NRO/DEIA, NRC Mr. John Monninger, NRO/DSRA, NRC. 2 December 14, 2016, Letter from Pamela Cowan, NEI, to Vanna Ordaz, NRC, "Proposed Physical Security Requirements for Advanced Reactor Technologies"

Attachment Docket ID NRC-2017-0073 Comments on Draft Security Design Considerations Affected Section Comment/Basis Recommendation

1. General The purpose of this draft document is unclear with respect _ Recommend elaborating further on the NRC's intent to its application to advanced reactors. Part 73 was behind this draft document.

developed to apply to large LWRs. This draft guidance summarizes some existing regulations and some regulatory guides and does not offer. non-LWR approaches to meeting security regulations. This draft document selectively addresses provisions of Part 73 for security considerations in the design of advanced reactors without an explanation of why the selective provisions are especially applicable to advanced reactor design. It would seem that the current design and licensing application process for identifying the security requirements, in accordance with Part 73 would be applicable for both LWRs and non-LWRs.

2. General The document describes the draft security design criteria Revise the document applicability to include SMRs.

as being applicable for advanced reactors. It appears that the same criteria could apply to small modular reactors. Is - there a rationale for the criteria to not be applicable to SM Rs?

3. General IAEA is developing a draft guideline called "Security for Staff should consider any relevant guidelines for the Lifetime of a Nuclear Facility." It sets international consideration. It can be found at www-standards for security to be incorporated into the concept, ns.iaea.org/downloads/security/security-series-design, layout, and construction of the facilitv. drafts/imolem-quides/nst051.odf

Attachment Docket ID NRC-2017-0073

4. General The Commission policy statement within 73 FR 60612 Consider deleting this draft guidance and re-issuing states, in part, "For new nuclear power reactors, the as information only through the use of a NUREG, or Commission considers it prudent to provide expectations other regulatory vehicle, as appropriate.

and guidance on security matters to prospective applicants so that they can use this information early in the design stage of new reactors to identify potential mitigated measures and/or design features that provide a more robust and effective security posture." Although the Commission supports guidance with regard to security for advanced reactors, ttie policy statement is not prescriptive as to what regulatory vehicle the NRC staff should use to offer auidance to ootential aoolicants.

5. General This draft guidance makes statements such as, "These Staff should clearly link each design consideration
   \

considerations, if adequately implemented through to a regulation and be clear that implementing the detailed design, along with the adequate implementation considerations satisfies the regulations. of administrative controls and security programs, are one ' way to protect a nuclear power reactor against the DBT for radiological sabotage". The NRC should clearly identify the specificregulation(s) that would be met by followina/coinmittina to this future reaulatorv auide.

6. General In response to comment UCS-1 within the Commission Remove this draft guidance from the ARDC policy statement contained in 73 FR 60615, the NRC regulatory guidance to maintain separation response is as follows, "The GDC establish minimum between these security considerations.

requirements for the principal design criteria for nuclear power plants. The goal of the policy statement is not to raise these minimum requirements, but rather to encourage advanced reactor designers to consider safety and security matters during the development of future - reactor designs. No changes were made to the policy statement as a result of this comment." This draft guidance leaves the impression that the security design considerations may be issued as part of the ARDC regulatory guide, which would raise the minimum

          .. requirements. This action would be counter to NRC resoonse'in the Commission oolicv statement.

Attachment Docket ID NRC-2017-0073

7. General In Section III, "Final Policy Statement," within 73 FR Consider relaxing human action requirements 60615, the Commission stated, in part, "Designs that within the security design considerations. Any include considerations for safety and security necessary actions could be demonstrated to be requirements together in the design process such that possible from remote locations, with the security issues (e.g., newly identified threats of terrorist collaboration of the local law enforcement attacks) can be effectively resolved through facility design organizations, without having the necessity of a full and engineered security features, and formulation of onsite security team.

mitigation measures, with reduced reliance on human actions." This bullet point underlines the inherent safety of advanced reactor designs, with their characteristic of reduced reliance on human action to maintain safety to -- the public and the environment. In contrast, this draft guidance continues to prescribe human action to mitigate unusual events when it may not be necessary to have any human action to resolve an event.

8. General This draft guidance discusses different avenues for State the implication of this draft guidance on advanced reactors to undertake, but does not discuss SDAs.

standard desiqn aoorovals (SDAs).

9. "NRC Policy on The draft guidance states, "The integration of safety and Clarify that this definition of integration of safety Advanced Reactors - security ... ," which is listed under an "NRC Policy" section. and security is the NRC staff's interpretation, not Security" Section NRC policy is Commission policy, as denoted in the first Commission Policy.

paragraph of this section. The second paragraph of the section was written by the NRC staff. Therefore, it is -- misleading to place that paragraph in this section without further clarification.

10. "Security Design This paragraph describes that this draft guidance contains Clarify what is meant by the term "considerations,"

Considerations for security design considerations, but provides no definition and the regulatory impact on applicant and Non-Light Water for the term "considerations". "Considerations" is not a licensees. Reactors", 1st commonly used term by the NRC and the intent of this - paragraph term is unclear. However, this paragraph states that considerations "should" be taken into account without any regulatory backing.

Attachment Docket ID NRC-2017-0073

11. "Security Design The paragraph states, in part, "To establish guidance for Clarify or revise the quoted text.

Considerations for designers to identify opportunities for resolving security Non-Light Water issues." This phrase is confusing. It is unclear what Reactors" 2nd "security issues" are in this context. paragraph' .' ,,

12. "Security Design The paragraph states, in part, " ... the NRC staff considered Consider deleting this draft guidance. Advanced Considerations for the requirements in 10 CFR Part 73 that are related to the reactor designers, as appropriate, will provide Non-Light Water design of... " Although Part 73 is the principal regulation justification on how their designs will conform to 10 Reactors" 2nd for security for power reactors, it is not the only part of CFR Part 37 or Part 73, as applicable.

paragraph the Code being considered by advanced reactor designers. Some small-scale advanced reactors may be considering a hybridization of 10 CFR Part 73 and 10 CFR Part 37.

13. "Security Design The paragraph states, "The design considerations were This preliminary draft guide provides no new Considerations for informed by requirements in 10 CFR Part 73 as well as information and reiterates the existing regulatory Non-Light Water existing guidance." It is unusual for regulatory guides that requirements that are described in other regulatory Reactors" 2nd are issued by the NRC to summarize other regulatory guides. It's not clear what the need for this paragraph' guides. Typically, a regulatory guide is one method that document is.

the NRC considers acceptable to meet a specific regulation. A regulatory guide is not a distillation of other regulatory guides. In addition to other regulatory guides, - this draft guidance mostly considers 10 CFR Part 73, which is fairly prescriptive (unlike the GDCs, for example). It is unusual to issue guidance that does a high-level summary of a whole Part to the CFR. Issuing guidance \ that 1) summarizes other guidance and 2) summarizes certain sections from a part to the CFR, seems inaooropriate.

14. "Process" Section It is unclear in what form these security design Clarify on the intent and regulatory vehicle of considerations will ultimately be published. The text gives publishing the security design considerations.

the impression that they will be published as part of the ARDC RG. -

Attachment Docket ID NRC-2017-0073

15. Item 1, Intrusion The draft guidance provides a design consideration that Revise sentence to read:

detection systems reads "design of physical security structures, systems, and "The design of interior and exterior physical components relied on for interior and exterior intrusion security intrusion detection systems ... " detection functions." This text is unnecessarily wordy and maybe subject to misinterpretation because the scope of SSCs that are relied on for intrusion detection may be misinterpreted. The requirement text should focus on the detection system itself and be established at the system level. This suggestion aligns the requirement 'with current industry guidance for security ITAAC.

16. Item 1, Intrusion The draft guidance provides a design consideration that Revise sentence to read:

detection systems requires "detecting unauthorized access into vital and " ... should provide assurance of detecting attempted protected areas." The requirement should be the detection and actual unauthorized penetration of vital and of attempted and actual unauthorized penetration. This protected area barriers." suggestion aligns the requirement with current industry guidance for security ITAAC.

17. Item 1, Intrusion The draft guidance provides a design consideration that See comment 15 above.

detection systems requires a system to detect "unauthorized access into vital and protected areas." This text is somewhat ambiguous since a barrier could be violated without someone achieving access. Suggest changing the term to "unauthorized penetration- of vital and protected areas barriers." This suggestion

                                          .       aligns the requirement with
                                                      ~

current industry quidance for security ITAAC.

18. Item 1, Intrusion The draft guidance provides a design consideration that Revise sentence to read: "The design should apply detection systems requires the intrusion detection system design to "apply multiple methodologies to provide an integrated the principle of diversity." The requirement for diversity is detection capability."

not contained in the' regulations. Furthermore, the implementation of the term "diversity" may incur qifferent interpretations regarding how a design should be diverse. The objective should be to design the system with multiple approaches to provide an integrated capability. This suggestion is consistent with wording in NUREG-1959.

Attachment Docket ID NRC-2017-0073

19. Item 1, Intrusion The draft guidance provides a design consideration that See comment 17 above.

detection systems requires "reliability and availability of systems and components to achieve the intended intrusion detection functions." 10 CFR 73.SS(b) does not address reliability of equipment. Since probability analysis is not applied to the design of security systems the application of terms such as "reliability" can be ambiguous. Suggest removing this requirement as part of the changes suggested in comment 4.

20. Item 2, Intrusion The draft guidance provides a design consideration that Revise to read:

assessment systems. requires "design of physical security structures, systems, "The design of physical security intrusion and components relied on for intrusion assessment assessment systems ... " functions." This text is unnecessarily wordy and maybe subject to misinterpretation because the scope of SSCs that are relied on for intrusion assessment may be misinterpreted. The requirement should be established at the system level. This suggestion aligns the requirement with current industry quidance for security ITMC.

21. Item 2, Intrusion The draft guidance provides a design consideration that Revise to read: -

assessment systems requires "diversity necessary for the reliability and " ... should provide visual displays and suitable availability of systems and components to achieve the annunciation of alarms in the central and secondary intended intrusion assessment functions." It is unclear alarm stations."-, why diversity is necessary for intrusion assessment equipment. There is no underlying requirement for this design feature in the regulations. Furthermore, the implementation of the term "diversity" may incur different interpretations regarding implementing design requirements. Suggest revising the requirement to more closely align with current COL/DCD securitv ITMC.

22. Item 2, Intrusion "The design should apply the principle of diversity Even though redundancy is not mentioned, if a assessment systems necessary for the reliability and availability of systems and camera system is lost the other diverse systems do components to achieve the intended intrusion assessment not provide the same intrusion detection time and functions." therefore you are driven to redundancy.
23. Item 2, Rationale The draft guidance states, "Engineered intrusion Revise the wording "capability to assess assessment systems ... provides, at all times the capabilitv unauthorized persons" to read "capability to. detect

Attachment Docket ID NRC-2017-0073 to assess unauthorized persons .... " This language, and assess unauthorized persons," consistent with "capability to assess unauthorized persons," is incomplete 10 CFR 73.55(i)(1). with respect to the lanquaqe in 10 CFR 73.55(i).

24. Item 3, Security The draft guidance provides a design consideration that Revise to read:

communication requires communications systems "provide assurance of "The central and secondary alarm stations are systems continuity and integrity of communications. capable of continuous communication with security Communication systems should account for design basis personnel, and have communications capability threats that can interrupt or interfere with continuity or with the main control room and local law integrity of communications." This requirement is beyond enforcement authorities. Non-portable anything that current LWR COL holders are required to communication equipment in the central and meet, is not consistent with the latest COL/DCD ITAAC for secondary alarm stations remains operable from an physical security, and is beyond the requirements in 10 independent power source in the event of loss of CFR 73.55U). Suggest revising to more closely align with normal power." current COL/DCD phvsical-securitv ITAAC.

25. Item 4, Security "The design of security delay systems should be~ This is not specific in what would satisfy this

- delay syster:ns appropriately layered for defense-in depth requirement. Each of the sections has this same type of high level language which is open to a wide ranqe of interpretation.

26. Item 5, Security The draft guidance provides a design consideration title Revise to read:

response for item 5 as "Security response." This title does not "Security response equipment." correspond t6 the desion of anv particular equipment. )7. Item 5, Security The design of engineered physical security structures, The highlighted text implies that a non-LWR must

   . response        systems, and components performing neutralization           have a security staff appropriately sized to engage functions and engineered fighting positions relied on       a threat in similar fashion to the approach
                   - to protect security personnel performing                    employed at conventional LWRs. Although the neutralization functions should provide overlapping         guidance identifies th1e potential use of remotely fields of fire. The design configuration should provide     controlled weapons systems, a security approach layers of opportunities for security response, with each    based on assessment and delay until engagement layer assuring that a single failure does not result in the coming from an offsite force must be considered loss of capability to neutralize the design basis threat    given the small footprint, power output and adversary."                                                 associated staff numbers anticipated for these plants.

Attachment Docket ID NRC-2017-0073

28. Item 6, Control The draft guidance provides a design consideration for Replace the reference to "the reactor building and measures protecting protection from vehicle bombs for "the reactor building structures containing safety related structures, against land and and structures containing safety related structures, systems, and components" with "vital areas."

waterborne vehicle systems, and components." This terminology is different bomb assaults. than is typically used for security protection, which usually refers to "vital areas."

29. Item 6, Control The draft guidance discusses a design consideration to Replace the reference to "structures, systems, and measures protecting provide a "minimum safe stand-off distance to adequately components required for safety and security" with
  • against land and protect all structures, systems, and components required "vital areas."

waterborne vehicle for safety and security." This terminology is too bomb assaults. ambiguous and is different than is typically used for security protection, which usually refers to "vital areas."

30. Item 9, Cyber The draft guidance discusses a "strategy consisting of Identify considerations that designers use to avoid Security Defense in complementary and redundant cyber security the need to implement NRC cyber security Depth. Controls" to be implemented to establish layers of programs per 10 CFR 73.54. If non-digital assets protections to safeguard critical digital assets. Rather than provide redundancy, cyber security protections discussing the addition of redundant cyber security should not be regulatory requirements.

controls, these considerations should encourage design that includes non-digital safety- systems that can avoid the

               -        need to implement cvber security proqrams.}}