Text

Pressurized Water Reactor Owners Group (PWROG)

Future Risk-Informed Initiatives Workshop Risk-Informing Security (Physical and Cyber)

June 21-22, 2021 Ismael Garcia Sunil D. Weerakkody Senior Level Advisor Senior Level Advisor Division of Physical and Cyber Security Policy Division of Risk Assessment Office of Nuclear Security and Incident Response Office of Nuclear Reactor Regulation

Key Messages

• U.S. NRC is focused on its strategic safety and security goals to further risk-inform our regulatory framework

• U.S. NRC continues to advance risk-informed approaches for security and has developed tools such as the framework to advance our application of both qualitative and quantitative risk insights 2

Outline

• U.S. NRC objectives and strategies to risk-inform safety and security

• Risk-informing security examples

• Conclusions 3

US NRC Strategic Plan and Mission on Nuclear Safety and Security NRC FY2018-2022 Strategic Plan (NUREG-1614, Volume 7):

The Commission as a whole formulates policies and regulations governing the safety and security of nuclear facilities and radioactive materials, issues orders to licensees, and adjudicates legal matters brought before it.

U.S. NRC Mission:

The NRC licenses and regulates the Nations civilian use of radioactive materials to provide reasonable assurance of adequate protection of public health and safety and to promote the common defense and security and to protect the environment.

4

Accomplishing Safety and Security Mission Safety Safety Safety Mission Strategies Objectives Goal Security Security Security Mission Strategies Objectives Goal 5

SAFETY GOAL, OBJECTIVES, AND STRATEGIES (NUREG-1614, Volume 7)

Safety Strategic Goal:

Ensure the safe use of nuclear materials

• Safety Objective 1: Prevent, Mitigate, and Respond to Accidents and Ensure Radiation Safety.

• Safety Strategy 2: Further risk-inform the current regulatory framework in response to advances in science and technology, policy decisions, and other factors, including prioritizing efforts to focus on the most safety-significant issues.

• Safety Strategy 4: Maintain effective and consistent oversight of licensee performance with a focus on the most safety significant issues 6

SECURITY GOAL, OBJECTIVES, AND STRATEGIES (NUREG-1614, Volume 7)

Security Strategic Goal:

Ensure the secure use of nuclear materials

• Security Objective 1: Ensure Protection of Nuclear Facilities and Radioactive Materials.

• Security Strategy 1: Maintain and further risk-inform the current regulatory framework for security using information gained from operating experience, lessons learned, external and internal assessments, technology advances, and changes in the threat environment.

• Security Strategy 2: Maintain effective, consistent, and risk-informed oversight of licensee performance with respect to meeting NRC security requirements.

7

Risk-Informing Security:

Cyber Security Examples

• Issued letters on industry use of focused cyber guidance to better risk-inform rule implementation based on lessons learned from implementation and oversight of the NRCs cyber security requirements for digital assets associated with:

- Emergency preparedness (ADAMS Accession No. ML20129J981)

- Balance of plant (ADAMS Accession No. ML20209A442)

- Safety-related and Important-to-safety (ADAMS Accession No. ML20223A256) 8

Risk-Informing Security:

Physical Security Examples

• Licensees would be able to use a more risk-informed methodology for establishing physical security compensatory measures based on site-specific threat conditions (ADAMS Accession No. ML18137A359)

• A Reasonable Assurance of Protection Time (RAPT) framework that considers how the many existing layers of defense, safety and security, work together for protection of the site 9

Risk-Informing Security:

Advanced Reactors (Physical/Cyber) Examples

• Development of a risk-informed, technology-inclusive regulatory framework for advanced reactors

• This effort includes the development of risk-informed approaches for physical and cyber security (ADAMS Accession No. ML21145A029, ML21145A047,and ML21145A043)

• Preliminary proposed rule language to be completed by April 2022 10

Conclusions

• U.S. NRC is focused on its strategic safety and security goals to further risk-inform our regulatory framework

• U.S. NRC continues to advance risk-informed approaches for security and has developed tools such as the framework to advance our application of both qualitative and quantitative risk insights 11