Text

Nuclear Security by Design: A U.S.

NRC Regulatory Perspective Travis Ryan Leach, Security Specialist, United Stated Nuclear Regulatory Commission

What is Security by Design (SeBD)?

Definition: Integrating physical protection and cyber security into the earliest design phases of nuclear facilities.

Objective: Prevent theft and sabotage without relying solely on operational procedures or retrofits.

Safety (Advanced Reactor)

Most predominant concepts:

• Inherent Safety - the design and operational characteristics that prevent or mitigate accidents without relying on active safety systems or human intervention

• Passive Safety Systems - enhance safety by using natural phenomena like gravity and heat transfer, rather than relying on active mechanical or electrical systems, to mitigate accidents and prevent radiation release of the designs with low potential accident sequences.

Security (Advanced Reactor)

Potential factors leading reducing security resources:

• Smaller operational size

• Underground siting

• Longer refueling intervals (i.e., limit access to fresh and spent fuels)

Technology inclusive Flexible security strategies

Why SeBD Matters Enhances effectiveness and resilience Reduces lifecycle costs Avoids design conflicts with safety or operations Improves insider threat mitigation

NRCs Authority & Responsibilities Security:

• 10 CFR Part 73 - Physical Protection of Plants and Materials Licensing:

• 10 CFR Part 50 - Domestic Licensing of Production

• 10 CFR Part 52 - Licenses, Certifications, and Approvals for Nuclear Power Plants

• 10 CFR Part 53 * - Risk Informed, Technology Inclusive Regulatory Framework for Advanced Reactors

• 10 CFR Part 57 * - Licensing Requirements for Microreactors and Other Low Consequence Reactors

Performance-Based Regulation & SeBD Shift from prescriptive to performance-based requirements Focus on outcomes not just means Evaluate the Design Basis Threat (DBT) and continued monitoring of emerging threats - (drones, etc.)

Design Stages Where Security is Integrated Conceptual Design Preliminary Design Final Design Construction and Commissioning

Security Design Principles Defense-in-Depth Assessment, Detection, Interdiction, Neutralization Redundancy &

Diversity Access Control Zoning Cyber-Physical Integration

Interfaces with Safety and Safeguards Importance of avoiding design conflicts (e.g., emergency egress vs access denial)

Integrated assessments and coordinated reviews between security and operations

Technology Inclusive Delay Barriers Interdiction Capabilities Assessment/Detection Digital Inspection and Patrols - Drones, Robots Floor Pressure Sensors with CCTV

Application to Advanced Reactors Modular designs, microreactors, and transportable reactors

• Smaller footprints

• Remote Locations

• Autonomous Operation

• Use of Novel Fuels

Lessons Learned from Past Projects Example: Westinghouse AP1000 or NuScale design Coordination between design teams, operators, and regulators

• Safeguards Information must be appropriately shared on a Need-to-Know basis

Advanced Reactor Advanced Reactor sited in an extremely rural low population zone Unique considerations:

• Maintenance of Equipment Failures

• Could robotic dogs/drones be utilized for compensatory measures and/or security patrols

• Underground location for Microreactor Benefits - Robust structure from a security threat Disadvantages: Extreme weather - flooding could be a concern

Advanced Reactor Offsite vs. Onsite security

• Timeline for offsite response could be extensive Could be offset with increased delays and high detection rates with the use of multiple and redundant systems Nuisance alarm rates

• Consider how offsite response would access the site with autonomous operation and no staffing

Key Takeaways SeBD is essential for sustainable nuclear security.

• Reduces costly retrofits Balance of safety, security, and operations

• Interface between safety and security as early as the design process to avoid disruptions between groups The NRC promotes early integration through its licensing and review processes

• Early engagement with the regulator

Key Takeaways Reduce vulnerabilities by Design

• Protect vital areas through layout and equipment placement Leverage Technology for Detection and Delay Public Confidence

• Improves public trust, investor confidence, and international cooperation in deployment strategies

Q&A / Discussion