AND SCIENTIFIC SUPPORT
M. LAYTON, T. HARRIS Division of Security Policy,
Office of Nuclear Security and Incident Response,
United States Nuclear Regulatory Commission,
Washington, DC, United States of America
Abstract
The paper discusses the types of support provided by technical and scientific support organizations (TSOs) to the United States Nuclear Regulatory Commission (NRC), the independent regulatory agency that regulates commercial nuclear power plants and other commercial uses of nuclear and radioactive materials in the United States of America. It lists significant factors that have contributed to the emerging need for support from TSOs, including the re-examination and re-evaluation of all of the NRC’s physical protection and security programmes undertaken in the light of the changing threat environment, and the submission of new reactor designs for technical review to verify that key components of the security plan and design meet the NRC’s regulations. The paper also highlights TSO contributions to two important areas — cybersecurity and the safety–security interface — and describes the technical challenges that regulatory bodies face in their use of TSOs. The paper concludes with a discussion of the responsibilities of the regulatory body in its use of TSOs.
The United States Nuclear Regulatory Commission (NRC) is an independent regulatory agency. It regulates commercial nuclear power plants and other commercial uses of nuclear and radioactive materials in the United States of America. In keeping with the theme of this conference, I would like to offer some examples of our experiences to date and hopefully promote discussion among the participants at this conference, not only here, but also when you return to your organizations. Although my examples are focused on nuclear power plants, these challenges are also applicable to all other programmes implemented by the regulatory authorities who use technical and scientific support organizations (TSOs).
Our mission is to protect the public health and safety and to promote America’s common defence and security. We have two primary goals:
LAYTON and HARRIS
132
—Safety goal: Ensure adequate protection of public health and safety and of the environment;
—Security goal (including safeguards): Ensure adequate protection in the secure use and management of nuclear and radioactive materials.
The Office of Nuclear Security and Incident Response (NSIR) within the NRC is responsible for developing the policy for evaluation and assessment of technical issues involving security at nuclear facilities. Our office also provides an interface with other federal and state agencies, such as the Department of Homeland Security (DHS), the intelligence and law enforcement communities, the Department of Energy (DOE) and other agencies, on safeguards and security issues. We also develop emergency preparedness policies, regulations, programmes and guidelines for both currently licensed nuclear reactors and potential new nuclear reactors.
Two significant factors have contributed to the emerging need for support from TSOs by the NRC. First, the terrorist events of 11 September 2001 precipitated a re-examination and re-evaluation of all of the NRC’s physical protection and security programmes. For example, analyses were performed to evaluate the potential impacts of a large aircraft crash at a nuclear power plant.
Also, as a result of our evaluations of the increased threat, the NRC first issued orders to enhance the security of all licensed activities at nuclear power plants, and later we revised our physical protection regulations to make these requirements generically applicable. This revision required additional technical and scientific support to form the basis for the associated rulemaking. Second, the nuclear renaissance resulted in new reactor designs being submitted for NRC review. The NRC has received applications for over 25 new reactor units at 18 sites. From a security perspective, these new designs consider security in the initial design phases, and the technical reviews are required to verify that key components of the security plan and design would meet the NRC’s regulations. I will discuss some of the unique challenges associated with the security reviews of facilities that are not yet constructed.
Regulatory authorities, whether regulating safety and/or security, share a common purpose of protecting public health and safety. To achieve this, a framework of regulations, licensing, inspection and enforcement is critical. The regulatory framework is not static and should be adapted to events and issues that have generic implications.
As I mentioned, the NRC revised its regulations to enhance security at nuclear power plants and updated its security regulatory framework. The NRC amended the existing security regulations to make the security requirements issued through orders generally applicable in the regulations. There is a list of the citations and topical areas included in the new requirements.
TOPICAL ISSUE 3
These new requirements were developed from:
— Insights gained from implementation of the security orders;
— Reviews of site security plans;
— Implementation of the enhanced baseline inspection programme;
— The NRC’s evaluation of performance testing through our force-on-force exercises.
I would like to highlight two important areas: cybersecurity and the safety–security interface. Cybersecurity has been an area of growing concern for some time. Our revised regulations require licensees to provide high assurance that digital computer and communication systems and networks are adequately protected against cyberattacks. This includes systems that perform: (1) safety related and important-to-safety functions; (2) security functions; (3) emergency preparedness functions, including off-site communications; and (4) support systems and equipment which, if compromised, would adversely impact safety, security or emergency preparedness functions.
Licensees must establish, implement and maintain a cybersecurity plan that satisfies the cybersecurity programme requirements. The cybersecurity plan describes how the licensee will implement the requirements of the regulation, including site specific conditions that affect implementation. The cybersecurity plan includes: (1) defence in depth protective strategies to protect, detect, respond to and recover from cyberattacks; (2) measures designed to mitigate the adverse effects of cyberattacks; (3) measures to ensure that the functions of protected assets are not adversely impacted by cyberattacks; and (4) cybersecurity awareness and training programmes.
Another key new feature is a specific regulatory requirement for a safety–security interface. This regulation requires licensees to establish programmes to identify potential adverse interfaces between safety and security and to take appropriate compensatory or mitigation actions to maintain both safety and security. We have been aware of examples of various actions taken by operations, maintenance or security personnel at our licensed facilities that were not promptly or effectively communicated to other potentially affected departments. This potentially could have resulted in adverse impacts on plant safety or security.
Some examples include:
— Placing security barriers that diminished access to fire suppression equipment;
LAYTON and HARRIS
134
— Placing scaffolding during maintenance activities that affected security lines of fire;
— Staging temporary equipment within security isolation zones.
Licensees already had controls and processes to evaluate safety issues, but security issues were not always included. Therefore, the rule requires licensees to:
— Assess and manage the potential for adverse effects on safety and security, including the site emergency plan, before implementing changes to the plant configurations, facility conditions or security;
— Where potential adverse interactions are identified, communicate them to appropriate licensee personnel and take compensatory and/or mitigation actions to maintain safety and security under applicable Commission regulations, requirements and licence conditions.
In using TSOs, there are several technical challenges that face us as a regulator. An essential characteristic of TSOs should be their independence, which refers to not only the quality of the products but also the structure of the organization. A TSO’s role with a regulatory authority is somewhat more complex than the TSO’s role in supporting the industry, because of potential questions concerning independent judgement and public confidence in the licensing process, in addition to the TSO’s technical credibility. TSOs can provide highly specialized technical expertise to aid the regulator over the long term or provide short term assistance with large casework loads that must be accomplished in a timely manner.
We rely on TSOs not only for many of our research needs, but also to augment our own staff in completing regulatory licensing reviews and inspections. We also use TSOs to assist us with regulatory reviews of new reactor applications. These TSOs include not only the national laboratories, but also universities, private commercial contractors, consensus standards committees and national research centres.
The mechanism by which the NRC engages TSOs is commercial contracting. In awarding contracts, the NRC is required by law to avoid contracting with sources that have conflicts of interest owing to their work with the nuclear industry or with specific licensees. Avoiding such conflicts of interest is extremely important in maintaining the public’s confidence. Our contracting procedures require that contractor proposals affirm, in writing, the absence of any conflict of interest, and NRC contracting specialists and technical monitoring are required to carefully examine and check the basis of this assertion.
TOPICAL ISSUE 3
As with the industry, the technical credibility of the regulator’s TSO is essential. Through the contracting process, the expertise and experience of the TSO’s staff and the facilities, equipment and resources are evaluated, along with the TSO’s past performance, to ensure that their capabilities will support the technical credibility and public confidence of the regulator. The proper security clearances for TSO staff and facilities are also important considerations.
As mentioned, one of the factors that have contributed to the emerging need for TSO support for the NRC is the nuclear renaissance. New reactor designs have been submitted for NRC review, and additional regulatory infrastructure is required to support the NRC’s licensing decisions. The revisions to our regulations have required additional regulatory infrastructure improvements.
Infrastructure improvement includes development of standard review plans, safety evaluation report templates, inspection procedures, regulatory guides and technical guidance. Key drivers in obtaining TSO assistance in improving this regulatory infrastructure are short term staffing needs, budgets and the timing required to complete the infrastructure development to support timely licensing decisions. For new reactor reviews, TSOs were used to develop portions of standard review plans and safety evaluation report templates for design certifications, early site permit applications, combined operating licence applications, and inspections, test, analyses, acceptance criteria (ITTAC) reviews.
In the cybersecurity arena, TSOs were used to develop a regulatory guide and technical guidance. During the development of the new reactor security rule, TSOs were used to supplement NRC staff technical capabilities in the area of target set analysis and blast analysis, and in assisting with regulatory guidance development. While the NRC has technical capabilities in these areas, specialized technical expertise was required. In addition, the NRC is in the very early stages of exploring ways of potentially risk-informing security requirements and is reaching out to TSOs.
From a security perspective, these new reactor designs considered security in the initial design phases, and technical reviews must verify that key components of the security plan and design would meet the NRC’s regulations.
For existing reactors, changes to their security plans were required to meet the new regulations. TSO support has been used to supplement NRC staff technical reviews and in documenting those reviews in safety evaluation reports. Because the requirement for a cybersecurity plan was new, licensees were required to submit cybersecurity plans for the first time. TSO support supplements the technical reviews and tracking of status of the reviews. TSOs, as the technical experts, will also be used to support mandatory public hearings for new reactor combined operating licences.
Regulatory bodies will continue to be challenged with increased workloads
LAYTON and HARRIS
136
renaissance and, in security, from the changing threat environment. With the increased use of TSOs, it is important to recognize that the regulatory body retains the responsibility for making the decision and must not be unduly influenced by the TSO.
The regulatory body needs to supervise the work, not just blindly accept the TSO’s outcomes. TSO work should be technically reviewed before, during and after implementation. The regulatory body’s staff must have sufficient technical knowledge to enable them to identify problems, to determine whether it would be appropriate to seek assistance from an external expert, and to evaluate the external expert’s advice.
Transparency is a means to promote independence and confidence in regulatory decision making and to demonstrate such independence to elected officials, licensees and other stakeholders, as well as to the general public.
External experts should be chosen with the understanding that they should provide impartial advice. It should be confirmed that the external expert’s other activities, as a specialist, do not give rise to a bias in the advice given; the potential for any such conflict of interest should be minimized and when recognized, dealt with immediately.