Text

SECRETARY UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON , D.C. 20555-0001 October 9, 2018 COMMISSION VOTING RECORD DECISION ITEM: TITLE: SECY-17-0100 SECURITY BASELINE INSPECTION PROGRAM ASSESSMENT RESULTS AND RECOMMENDATIONS FOR PROGRAM EFFICIENCIES The Commission acted on the subject paper as recorded in the Staff Requirements Memorandum (SRM) of October 9, 2018. This Record contains a summary of voting on this matter together with the individual vote sheets, views and comments of the Commission.

Enclosures:

1. Voting Summary 2. Commissioner Vote Sheets cc: Chairman Svinicki Commissioner Baran Commissioner Burns Commissioner Caputo Commissioner Wright OGC EDO PDR Annette L. Vietti-Cook Secretary of the Commission VOTING

SUMMARY

-SECY-17-0100 RECORDED VOTES NOT APPROVED DISAPPROVED ABSTAIN PARTICIPATING COMMENTS DATE Chrm. Svinicki X X 09/13/18 Cmr. Baran X X 12/20/17 Cmr. Burns X X 02/20/18 Cmr. Caputo X X 09/14/18 Cmr. Wright X X 09/13/18 TO: FROM:

SUBJECT:

RESPONSE SHEET Annette Vietti-Cook, Secretary CHAIRMAN SVINICKI SECY-17-0100:

Security Baseline Inspection Program Assessment Results and Recommendations for Program Efficiencies Approved XX Disapproved Abstain Not Participating COMMENTS:

Below Entered on "STARS" ----Attached XX None S~ATURE D Z E 'It 118 Chairman Svinicki's Comments on SECY-17-0100 Security Baseline Inspection Program Assessment Results and Recommendations for Program Efficiencies I approve the staff's recommendation to modify the force-on-force (FOF) inspection program to include one NRC-conducted FOF exercise and an enhanced NRC inspection of a conducted annual FOF exercise (Option 3 in the staff's paper). Based on its assessment, the staff concludes that this modification would allow the staff to evaluate the licensee's performance in a new manner without compromising the NRC's regulatory oversight responsibility. Conducting an enhanced evaluation of a licensee-conducted FOF exercise would allow the NRC to better assess a licensee's understanding of the tactics, techniques, and procedures that the licensee intends to employ against real world adversaries. This could further result in strengthening the licensee's performance in the development and conduct of their annual exercise, thereby facilitating the licensee's self-assessment of security issues, to the overall benefit of their security programs.

Should Option 3 be approved by the Comm i ssion , I also find merit and much practicality i n the acceptance by NRC of the use of licensee MILES equipment i n both the NRC-conducted and the licensee-conducted FOF exercise.

The staff should assess whether there exist any obstacles to this changed practice and, if none , should adopt it. I differentiate Option 3 from the staff's previous work on potential changes to allow conducted FOF exercises to fully supplant NRC-conducted FOF exercises. This is a change that the staff has not advanced here and that I find no basis to support at the present time. In a similar light, I do not support the staff's continued work on converting the integrated response program into a regulatory requirement through the development of a rulemaking on this topic. The integrated response program , developed with the Defense Threat Reduction Agency and other Federal interagency partners , is an extra-regulatory, voluntary i ndustry effort. It exists separate and apart from our FOF regulations , and I find no basis to modify its status. To the extent any effort is currently ongoing, the staff should discontinue any work to develop rulemaking options for the integrated response program. Finally, I read with interest the discussion in Commissioner Burns' vote regarding the Commission's policy treatment of the reliance on law enforcement agencies to augment a licensee's ability to defend nuclear power plants against attack. The parallels he draws with our regulations on emergency preparedness a r e apt. As he points out , the NRC has codified its recognition that in an actual emergency , state and local government response is inevitable and , consequently , should be an element of response plann i ng. I agree that the staff should take this analogue into consideration in its work on crediting law enforcement response to security events. I TO: FROM:

SUBJECT:

Approved RESPONSE SHEET Annette Vietti-Cook, Secretary Commissioner Baran SECV-17-0100:

Security Baseline Inspection Program Assessment Results and Recommendations for Program Efficiencies Disapproved X Abstain Not Participating

COMMENTS:

Below Attached X None Entered in "STARS" Yes X I NATURE No I 2..-/ 1.--<> /, 7 DATE Commissioner Saran's Comments on SECY-17-0100, "Security Baseline Inspection Program Assessment Results and Recommendations for Program Efficiencies" In this paper, the NRG staff presents three options for conducting force-on-force (FOF) exercises as part of the security baseline inspections at nuclear power plants. The first option would continue NRG's current approach of holding two NRG-conducted FOF exercises at each nuclear power plant every three years. The other two options would move away from holding the second full-scope, NRG-conducted FOF exercise.

Under the staff's recommended Option 3, there would be no second NRG-conducted FOF exercise.

Instead, NRG would perform an "enhanced" inspection and evaluation of a regularly scheduled FOF exercise planned and conducted by the licensee.

The licensee would both develop the exercise scenario and provide personnel for the adversary force. Although the NRG staff argues that this approach "would increase the efficiency of the FOF inspection program," NRG would really just be doing less. Going from two NRG-conducted FOF exercises to one would provide no security benefits.

The only other potential benefit would be to reduce the costs of conducting the exercises, and that outcome is far from certain. If a licensee were to be rated "ineffective" or "marginal" during the sole NRG-conducted FOF exercise or if the results were "indeterminate," then there are two possibilities.

Either (1) NRG and the licensee would need to schedule, plan for, and participate in a second NRG-conducted exercise, which would eliminate the modest cost savings anticipated by the staff for this option, or (2) a nuclear power plant licensee would be allowed to operate without passing a single NRG-conducted FOF exercise during a three-year period. The first outcome offers no advantages over the current program, while the second outcome would be unacceptable.

Because this option does nothing to enhance the effectiveness of the FOF program, I do not support Option 3. Under Option 2, if a licensee is rated "effective" during the first NRG-conducted FOF exercise, then there would be no second NRG-conducted FOF exercise.

Instead, NRG would conduct a reduced-scope, defense-in-depth exercise to test "the internal layers of the licensee's protective strategy

by starting the adversary team "at or within the protected area boundary at a pre-determined location." Although there is an intuitive appeal to evaluating each layer of a licensee's protective strategy, this approach essentially assumes away certain key defenses and capabilities.

This could incentivize licensees to focus their attention and resources on the wrong things. As the staff explains, "By focusing on the internal strategy in the second exercise, the NRG may unintentionally encourage licensees with an effective external strategy to divert resources from maintaining that effective strategy to make unnecessary changes to their internal strategy solely for the purpose of performing well in the defense-in-depth exercise." Moreover, because NRG and the licensee would need to plan and prepare for two conducted FOF exercises in case the licensee did not achieve an "effective" result on the first exercise, the cost savings of this approach would be minimal. In fact, the staff estimates that the costs of this approach would actually exceed the costs of the current program whenever a licensee obtained an "other than effective" result. For these reasons, I do not support Option 2. Given these options, I support maintaining the current security baseline inspection program with two NRG-conducted FOF exercises at each nuclear power plant every three years (Option 1 ). As the staff details in the paper, the current program already reflects a number of recent efficiency improvements.

1 However, the staff should explore the feasibility and advisability of holding an ungraded, NRG-conducted, active violent insider exercise in lieu of the second full-scope FOF exercise whenever a licensee is rated "effective" in the first full-scope exercise.

Given the global trend toward "lone wolf" terrorist attacks , it would be prudent to further ensure that nuclear power plants could effectively protect against an attack by active violent insiders who have access to the plant. Unlike the staff's Option 2 defense-in-depth exercise, an active violent insider exercise would focus on a realistic threat rather than arbitrarily advancing a traditional adversary force beyond the protected area boundary.

Instead of NRC formally grading a licensee's performance, any issues found during such an exercise could be entered into and addressed through the licensee's corrective action program. The NRC staff should provide its evaluation of the active violent insider exercise concept to the Commission no later than six months from the date of the staff requirements memorandum for this paper. 2 TO: FROM:

SUBJECT:

RESPONSE SHEET Annette Vietti-Cook, Secretary Commissioner Burns SECY-17-0100:

Security Baseline Inspection Program Assessment Results and Recommendations for Program Efficiencies Approved X Disapproved Abstain Not Participating

COMMENTS:

Below Attached X None Entered in STARS Yes x / --No :ZO February 2018 Date Commissioner Burns's Comments on SECY-17-0100 Security Baseline Inspection Program Assessment Results and Recommendations for Program Efficiencies I approve the staff's proposal to modify the force-on-force (FOF) inspection program to include one NRG-conducted FOF exercise and an enhanced NRG inspection of a licensee-conducted annual FOF exercise (Option 3) no sooner than the beginning of the next triennial security inspection cycle. The threshold question regarding any effort to modify the NRG's FOF program is whether the proposed modification would satisfy Section 170D of the Atomic Energy Act of 1954, as amended (AEA). Section 170D requires , in part , that the NRG " conduct security evaluations at each licensed facility ... to assess the ability of a private security force of a licensed facility to defend against any applicable design basis threat" and that the " security evaluations shall include force-on-force exercises." The NRG must therefore ask itself whether the modification will maintain the agency's ability to " assess" the licensee's capability to defend against the design basis threat (DBT) of radiological sabotage.

" Assess" is not defined by the AEA. With respect to Option 3 the question therefore is whether it continues to allow the NRC to effectively assess the licensee's capability and thus meet its statutory obligations. Subject to addressing the concerns I have outlined below , I believe that Option 3 satisfies the requirements of Section 170D. First, Section 170D does not specify the number of FOF exercises the NRC must conduct. Further, the number of exercises conducted has evolved over the years and has no special regulatory significance.

The FOF program is mature , and the staff has conducted hundreds of exercises since the current program was implemented in 2004. Thus, the staff is in a strong position to evaluate the appropriate level and type of inspection necessary for the NRC to be able to effectively assess licensees' abilities to defend against the DBT as it has done with its current proposal.

Therefore , I am comfortable with the staff's proposal to reduce the number of NRC-conducted FOF exercises from two to one while simultaneously enhancing NRC's inspection of licensee-conducted FOF exercises. I agree with staff's assessment that Option 3 would provide a different perspective (other than the NRC-conducted exercise) from which staff could assess the licensee's ability to defend against the DBT of radiological sabotage.

The staff also indicated that conducting an enhanced evaluation of a licensee-conducted FOF exercise would allow the NRC to better assess licensees' understanding of the tactics, techniques , and procedures that might be used by real world adversaries.

A closer NRG evaluation of licensee-conducted FOF exercises may also help to promote consistency across the industry in how licensees control their own FOF exercises. I do not see this as relegating our regulatory responsibility to the licensee, but, rather , as an opportunity to improve our oversight of licensees' own FOF programs.

Although I believe that Option 3 would , in concept , allow the NRC to effectively assess licensees' capabilities , one uncertainty with respect to Option 3 is how the staff would handle cases where the sole NRG-conducted FOF exercise results in an indeterminate outcome. An indeterminate exercise is one in which certain conditions result in the NRC's inability to determine the outcome of the exercise.

An indeterm i nate outcome may result from any number of reasons, many of which may not reflect on t he effectiveness of a licensee's security strategy. Nevertheless , the staff may be unable to make a definitive assessment of the effectiveness of the exercise. The staff did not explain in SECY-17-0100 how it would deal with an indeterminate outcome. If the NRC cannot determine the outcome of the FOF exercise , then it is unclear whether or how that exercise can contribute to the NRC's assessment of the licensee's ability to defend against the DBT. I note that this same challenge does not exist with regard to FOF exercises rated as ineffective by the NRC because , in such cases, the NRC would still be able to assess the ability of the licensee's security force to defend against the DBT. The FOF exercise program is just one element of the NRC's overall security inspection program. Simply because a single conducted FOF exercise is deemed ineffective does not in and of itself call into question a licensee's entire security program. Inspection findings resulting from ineffective FOF exercises must be run through the FOF significance determination process to determine the findings' significance.

FOF findings are , like any other inspection findings in the ROP , just one input used in determining the licensee's overall performance and the potential need for corrective actions to ensure the licensee meets regulatory standards. In light of the uncertainty of indeterminate exercises, I propose that the staff develop and submit a framework for a revised security inspection program to the Commission for review and approval within 12 months from the date of the staff requirements memorandum for SECY-17-0100. This deadline is based on the staff's estimate that it will need approximately 12 months to develop an inspection prog r am based on Option 3. The paper transmitting the proposed framework should include a discussion of how the new inspection regime would address an indeterminate exercise , including how the staff would determine what, if any, additional inspection activities are warranted to ensure NRC can still meet its oversight responsibilities even in the case of an indeterminate exercise outcome. I would also offer one observation on a matter not expressly put before the Commission in SECY-17-0100. In its discussion of the advantages of Option 3 , the staff stated that " this option would provide the staff with data that would inform a thorough consideration of potential future program changes , such as NEl's proposal to " ultimately

[allow] licensees to prepare and conduct FOF exercises as a replacement for the NRG-conducted FOF exercises." I have expressed some trepidation over such a proposal in the past, but now I am convinced that such an approach is currently untenable under Section 1700. Thus, the staff should not pursu*e any proposal to end all NRG-conducted FOF exercises at nuclear facilities absent further direction from the Commission.

Finally, I look forward to the staff's future paper providing the results of its evaluation of proposals to provide expanded credit in FOF evaluations for operator actions , including those associated with FLEX equipment, and credit for a tactical law enforcement response.

I understand that discussions of the latter will include an evaluation about whether rulemaking is needed to ensure full implementation by industry of the integrated response program. In SECY-17-0100 , the staff states that it is " current Commission policy to defend against the DBT without external assistance." In support of this statement , the staff cites language from the Statements of Consideration for the 2007 DBT rulemaking and the 2009 , Power Reactor Security Rulemaking.

Although I do not dispute that the Commission noted concerns about reliance on law enforcement agencies to augment a licensee's ability to defend nuclear power plants , I do challenge the view that the Commission has taken a particular policy position on the matter. This question was not specifically put to the Commission in either of these rulemakings relied on by the staff. The staff's references cited above were, in actuality , responses to comments on those rulemakings , and I would suggest that the comments that resulted in those responses were not precisely germane to the question of whether licensees can rely on the assistance of law enforcement.

I appreciate the regulatory challenge in giving credit to licensees for something that is beyond the control of both the licensee and the NRC, but I would observe that the NRC has considered such matters in another context, emergency preparedness.

In its regulations on emergency preparedness , the NRC has codified its recognition of " the reality that in an actual emergency, state and local government officials will exercise their best efforts to protect the health and safety of the public." 10 CFR 50.47(c)(1

)(iii)(B).

I would suggest the staff take these observations under advisement as it develops its recommendation to the Commission.

Stephen G. Burns e;, February 2018 TO: FROM:

SUBJECT:

RESPONSE SHEET Annette Vietti-Cook, Secretary COMMISSIONER CAPUTO SECY-17-0100:

Security Baseline Inspection Program Assessment Results and Recommendations for Program Efficiencies Approved XX Disapproved Abstain Not Participating

COMMENTS:

Below Attached XX None Entered in STARS Yes XX No Commissioner Caputo's Comments on SECY-17-0100 Security Baseline Inspection Program Assessment Results and Recommendations for Program Efficiencies I approve the staff's recommended Option 3 to modify the force-on-force (FOF) inspection program to include one NRG-conducted FOF exercise and an enhanced NRC inspection of a licensee-conducted annual FOF exercise.

The staff concluded in their assessment that the proposed modifications would allow for the evaluation of the licensee's performance without compromising the NRC's regulatory and statutory responsibilities. I support the staff's view that the enhanced inspection would allow the NRC to better assess a licensee's understanding of the tactics, techniques, and procedures that the licensee would employ against real world adversaries.

COMSECY-13-0005, "Integrated Law Enforcement Response at Nuclear Power Plants," defines "integrated response activities" as voluntary efforts which seek to establish or leverage existing tactical law enforcement capabilities to effectively respond to nuclear power plant sites so that local, State, and Federal governments can effectively meet their responsibilities for design basis threat incidents.

In this paper, the staff reports that the NRC, as well as other Federal agencies, has been working for the past 10 years to establish a voluntary integrated response program. But the program has not achieved its full potential.

The staff is now considering converting this voluntary program into a regulatory requirement through the development of a rulemaking. But there is no basis for converting the program into a regulatory requirement.

I join the Chairman in directing the staff to discontinue any work to develop rulemaking options for the integrated response program. In SRM-SECY-16-0073, the Commission directed staff that when implementing the NRC's regulatory program -either in developing new regulations, inspecting licensee compliance with regulations, or executing the FOF program -they should be mindful that the concept of "high assurance" of adequate protection found in our security regulations is equivalent to "reasonable assurance" as mandated by the Atomic Energy Act. The Commission directed the staff to operate under this paradigm and eliminate ambiguity on this point in its guidance documents or other internal directives, instructions, or training materials, to the extent such ambiguity exists. I echo the Commission's statement at that time that the staff should not be applying a "zero risk" mentality to security any more than we should be doing so with respect to safety. In response to the Commission's direction, this clarification should be reflected in all NRC guidance documents, internal directives, instructions, and training materials where it can be used to inform future regulatory and licensing actions , and inspections.

Staff should provide the status of this effort in the notation vote paper requested below. The Commission further directed staff in SRM-SECY-16-0073 to assess the security baseline inspection program including whether "crediting of operator actions; the use of FLEX equipment; or response by local, State, and Federal law enforcement would make the FOF exercises more realistic." The staff was directed to "submit a notation vote paper to the Commission within 12 months from the date of this Staff Requirements Memorandum with recommendations on improvements to the security inspection program." SECY-17-0100 is that paper. However , it is only partially responsive to the Commission's direction in SRM-SECY-16-0073.

With regard to crediting operator actions, including FLEX equipment , the staff indicates that it is continuing to work with industry and would use the change management process to give credit for any additional operator actions. No mention is made of bringing this matter to the Commission. Clearly, it was the direction of the Commission in SRM-SECY-16-0073 that the staff submit a notation vote paper with recommendations on improvements to the security inspection program including crediting operator actions including FLEX equipment.

Additionally, SECY-17-0100 includes a discussion of credit for law enforcement response.

The staff states its belief that "the approval of such an approach would first require a change to the current Commission policy." Rather than presenting recommendations for the Commission

's consideration, the staff intends to address this in a subsequent paper to the Commission , further delaying consideration of the matter. According to the Commission

's direction in SRM-SECY-16-0073, the staff should have presented recommendations for crediting of operator actions , the use of FLEX equipment, and law enforcement response by October 4, 2017. The staff has had nearly an additional year to work on these issues. Commissioner Burns states in his vote that the staff should provide a paper to the Commission within twelve months with the revised inspection procedures.

While I agree in principal with Commissioner Burns, such an approach is complicated by the fact that SECY-17-0100 is incomplete and does not provide recommendations regarding credit for operator actions, use of FLEX equipment, and law enforcement response.

Waiting for staff recommendations on these topics prior to revising inspection procedures would unnecessarily delay implementation of Option 3. Conversely, revising inspection procedures to implement Option 3 immediately and considering the remaining issues in future papers would necessitate an additional revision to the inspection procedures. To address these issues , the staff should provide a notation vote paper to the Commission within 60 days of the date of the SRM on this paper with recommendations for improvements to the security inspection program including crediting operator actions, including the use of FLEX equipment, and including credit for law enforcement response.

Within three months of the SRM on the requested notation vote paper, the staff should then complete the necessary revisions to inspection procedures to incorporate the Commission's direction on the requested notation vote paper and the Commission

's decision on SECY-17-0100.

At that time, the staff should submit the framework for a revised security inspection program to the Commission for review and approval.

TO: FROM:

SUBJECT:

RESPONSE SHEET Annette Vietti-Cook, Secretary Commissioner Wright SECY-17-0100:

Security Baseline Inspection Program Assessment Results and Recommendations for Program Efficiencies Approved X Disapproved Abstain Not Participating COMMENTS:

Below Original vote date: September 13, 2018 Entered in STARS Yes V No ----Attached X None c-DL-Ll_ Date Commissioner Wright's Comments on SECY-17-0100, Security Baseline Inspection Program Assessment Results and Recommendations for Program Efficiencies I appreciate the staff's efforts to assess and recommend potential efficiencies for the security baseline inspection program, including force-on-force (FOF). I approve the staff's proposal to modify the FOF inspection program to include one NRC-conducted FOF exercise and an enhanced NRC inspection of a licensee-conducted annual FOF exercise (Option 3). My approval is based on the staff's analysis and conclusion that Option 3 would increase the efficiency of the FOF inspection program and allow the staff to evaluate the licensee's performance in a new manner without compromising the NRC's regulatory oversight responsibility.

As Commissioner Burns notes in his vote, the threshold question regarding any effort to modify the NRC's FOF program is whether the proposed modification would satisfy Section 1700 of the Atomic Energy Act of 1954, as amended. After considering the staff's analysis and the statute, I believe that Option 3 satisfies Section 170D's requirements.

1 I agree with the staff that conducting an enhanced evaluation of a licensee-conducted FOF exercise would allow the NRC to better assess licensees' understanding of the tactics, techniques, and procedures that might be used by real world adversaries.

I also agree with the staff's assessment that Option 3 could strengthen the licensees' performance in the development and conduct of their annual exercise, thereby facilitating the licensee's self-assessment of security issues, to the overall benefit of their security programs.

Finally, I look forward to the staff's future paper addressing possible approaches to providing credit for local, state , and Federal law enforcement response.

The NRC has already codified its recognition of "the reality that in an actual emergency, state and local government officials will exercise their best efforts to protect the health and safety of the public." 10 CFR 50.47(c)(1

)(iii)(B). Therefore, the staff should account for this when developing its recommendations for the Commission's consideration.

1 In its discussion of Option 3, the staff references an NEI proposal to replace NRG-conducted FOF exercises with licensee-conducted FOF exercises. The question whether this would satisfy Section 1700 is not before me at this time.