By Robert "RJ" Hope, CPP, ABCP, and Jason Draper, PE
Operating a nuclear facility in today's changing and highly regulated landscape is a challenge for commercial nuclear power reactor licensees. It requires dedicated team members who remain abreast of and effectively implement new and updated regulations, as illustrated by the industry response to a recent security alert issued by the Nuclear Regulatory Commission (NRC).
Security at the Forefront of Regulations for Nuclear Facilities
There are 104 operating commercial nuclear power reactors in the United States. They range in age from 15 to 42 years old, and in location from rural America to just over 20 miles outside New York City. (See Figure 1.) All these commercial nuclear reactors fall under the regulatory authority of the NRC.
Regulations issued by the NRC range widely in scope. But because few topics raise public concern more than the security of America's nuclear facilities, effective security of these sites and their nuclear assets is a major NRC initiative. Safety- and security-related requirements are two areas in which licensees must adapt their operations to meet evolving NRC requirements.
The principal regulatory requirements governing security at commercial nuclear power plants are found in Title 10 Code of Federal Regulations Part 73, "Physical Protection of Plants and Materials." Protection of these facilities is multilayered, illustrating the concept of concentric rings of security. This concept is based in the theory that the level of security should increase as you bypass each layer surrounding vital nuclear assets. As you move from ring to ring, security increases in the number of devices and barriers, as well as their complexity. This graded approach to security ensures defense-in-depth against security threats and radiological sabotage.
Background: Owner-Controlled, Protected and Vital Areas
At commercial nuclear power plants, there are three concentric security areas. The outer ring is known as the Owner-Controlled Area (OCA). The OCA consists of the land owned by the licensee surrounding the unit. The licensee controls activities within the OCA and is authorized to make decisions regarding personnel access to this area. Access to this area is often, though not always, restricted through the use of fencing and guard posts. Contraband items, such as explosives, firearms and alcohol are prohibited within the OCA.
The next concentric ring of security is known as the Protected Area (PA). The Protected Area is the area immediately surrounding the plant. This area is protected using a robust perimeter of barriers, guard posts and electronic intrusion detection equipment, such that attempted exploitation through, below, or above the boundary is readily detected. In order to gain unescorted access within the PA, personnel must undergo a background check, a psychological evaluation and fitness-for-duty examinations (drug testing). Once granted access, all personnel are subject to ongoing behavioral and fitness-for-duty observations.
Visitors entering the PA are also screened and are continuously escorted by an individual granted unescorted access while in the PA (two-person line-of-sight rule). All personnel entering the PA are screened daily using explosive and metal detectors, and access is restricted through the use of biometric security devices.
The final, inner ring of security is known as the Vital Area (VA). The VA consists of the areas within the plant itself that contain vital equipment, which is essential to safely shutting down the reactor and maintaining the reactor in a safe shutdown state. At a minimum, this includes the control room, the spent fuel pool, and the central and secondary security alarm stations. The VA is protected by card readers, security doors and, in some instances, manned guard stations.
Security at nuclear facilities consists of both electronic means of detection and security officers. The security force is tested regularly, internally and by the NRC, through continual training and force-on-force evaluations. At times, the NRC identifies a potential security issue that should be addressed at the facility level. When these issues are identified, the NRC immediately notifies all facilities to ensure that operators are aware of the potential issue as well as approved and
tested mitigation methods.
Potential Security Issue Identified
Recently, an issue regarding unattended openings in security boundaries was identified that, in extreme circumstances, may have allowed potential access to the PA within nuclear facilities with limited possibility of detection. This issue had the potential to affect many, if not all nuclear facilities across the nation. Once this issue was identified, the NRC issued Regulatory Information Summary (RIS) 05-04 to alert facilities to the potential issue of unattended openings.
In order to provide additional guidance for meeting NRC regulations, the Nuclear Energy Institute developed NEI 09-05. NEI 09-05 identifies in great detail the security concerns related to unattended openings, and the NRC-tested and approved mitigation methods to secure traversable pathways that intersect security boundaries. These methods consisted of traditional security solutions such as increased security officer surveillance of the affected areas, increased camera and/or intrusion-detection device coverage, and engineered barriers qualified by analysis.
Decades of Drawings Reviewed; Vulnerabilities Identified
The NEI 09-05 received by each facility called for an intensive review of existing facility drawings, coupled with site walkdowns. This level of review can be a formidable task for licensees, as many facilities constructed decades ago have been subsequently modified, resulting in a large number of active and archived drawings requiring review.
To address RIS 05-04, licensees undertook a detailed review of all existing and abandoned infrastructure entering the PA. This literature review provided licensees with a starting point from which to coordinate and conduct physical walkdowns of the site. As potential vulnerabilities were identified from the drawings, teams were dispatched to the site to physically inspect and confirm the as-built configuration of these vulnerabilities.
Once all unattended openings were identified, the next phase of evaluation was to develop mitigation strategies for each opening. While the NRC may identify the methods by which these vulnerabilities may be mitigated, it is the licensee's responsibility to ensure that those measures or a mixture of other acceptable mitigation alternatives are correctly employed. This required effective coordination between engineering and security organizations to ensure that the solutions identified met NRC requirements and were suitable to the particular plant. Appropriate documentation from both organizations had to be implemented and maintained.
Adherence to and compliance with regulatory requirements is continually assessed by the NRC through the use of security inspections performed on a regular basis. While this process of continual inspection and, when necessary, revision of or addition to regulations adds complexity for licensees, it helps safeguard the nation's nuclear assets.
Unique Nuclear Safety Culture
The goal of each nuclear power facility in the United States is to provide safe and reliable power to its constituents. Each facility has teams of dedicated professionals responsible for the safety and security of nuclear assets, and rigorous safeguards have been established to protect these facilities a gainst security threats and radiological sabotage. The commercial nuclear power industry has established an extensive network of information exchange and self-regulation, whereby lessons learned and best practices are communicated and shared between all domestic nuclear power facilities.
This collaboration, coupled with effective regulation and oversight by the NRC, creates a unique nuclear safety-conscious culture. As a result, potential security risks are quickly identified and addressed.
About the Authors
Robert "RJ" Hope, CPP, ABCP, is a senior physical security analyst. He has experience addressing the special security needs of nuclear facilities.
Jason Draper, PE, is the lead structural engineer in the Burns & McDonnell Nuclear Group. He has been involved in structural design for new and existing nuclear power facilities.
