Home > Electronic Reading Room > Document Collections > Commission Documents > Commission Papers (SECY) > 2007 > SECY-07-0148

POLICY ISSUE
(Notation Vote)

SECY-07-0148

August 28, 2007

• PURPOSE
• SUMMARY
• BACKGROUND
• DISCUSSION
• SCHEDULE AND IMPACTS
• COMMITMENTS
• RECOMMENDATIONS
• RESOURCES
• COORDINATION

PURPOSE:

To obtain Commission direction on policy issues necessary for the development of an upcoming proposed rulemaking on independent spent fuel storage installation (ISFSI) security requirements.

SUMMARY:

This paper provides a comprehensive evaluation of the current regulatory basis for ISFSI security requirements, identifies six policy issues requiring U.S. Nuclear Regulatory Commission (Commission or NRC) direction, and provides options and recommendations for the Commission's consideration. The outcome of these policy issues will inform an upcoming proposed ISFSI security rulemaking. This rulemaking is intended to: update the regulations to support the current regulatory environment, address insights gained from the ISFSI security assessments, apply a consistent approach across all ISFSIs irrespective of their license type or location, and resolve ISFSI security issues (e.g., applicability of the design basis threat (DBT) for radiological sabotage to ISFSIs). The Commission previously approved the accomplishment of the upcoming proposed ISFSI security rulemaking in Staff Requirements Memorandum (SRM)-COMSECY-05-0058. ⁽¹⁾

In this paper, the staff examines options for several policy issues. Specifically, the staff is recommending the development of new, risk-informed, performance-based security requirements applicable to all ISFSI licensees to enhance existing security requirements. These new security requirements, which would be informed by the existing ISFSI orders and by recent changes to the DBT for radiological sabotage, would establish a dose limit for security scenarios for ISFSIs that is consistent with the Commission assumptions and current dose limits for safety-related design basis accidents. To increase stakeholder understanding of these ISFSI security issues and participation in the proposed rulemaking, the staff recommends publicly releasing this paper along with redacted portions of Enclosures 1 through 5 .

Enclosures 1 through 4 contain detailed analyses of Policy Issues 1 through 4, respectively. Enclosure 5 contains supplemental background information on threat assessments and the CARVER-type analysis methodology referenced in Policy Issue 3. Enclosure 6 contains additional Safeguards Information developed in response to questions raised by the Commission at the staff's April 3, 2006, briefing on ISFSI security issues and licensing actions.

The goals of the upcoming proposed ISFSI security rulemaking include: (1) making generically applicable the requirements similar to those imposed by the October 2002 ISFSI security orders; (2) ensuring that a consistent overall protective strategy is maintained for all ISFSIs; (3) incorporating the direction on the policy issues discussed in this paper; and (4) incorporating any necessary conforming changes to the ISFSI licensing, security, and emergency planning requirements. The resource implications for the options and the out year implementation costs are described in the Resources section.

BACKGROUND:

The current ISFSI security regulatory structure is complex to many staff, licensees, and the public and thus does not meet the NRC's objective of regulatory clarity. This complexity is due to multiple factors, including: the different types of ISFSI licenses (both general and specific licenses); differing impacts and applicability of regulations (based upon whether the ISFSI is collocated with an operating power reactor, collocated with a decommissioning power reactor, or is located away from any power reactors); previous staff practices in applying security requirements; staff recommendations to defer addressing ISFSI issues in the April 2003 DBT orders and the subsequent DBT rulemaking; and the length of time since ISFSI security regulations were substantively updated.

Following the events of September 11, 2001, the NRC issued security orders in October 2002 to all ISFSI licensees, regardless of the ISFSI type. ⁽²⁾ ISFSI licensees were not, however, included within the scope of the April 2003 DBT orders issued to power reactor licensees. While the current regulations for ISFSI security differ depending on license type and location of the ISFSI, the ISFSI security orders ensured that a consistent overall protective strategy is in place for all ISFSIs. The proposed ISFSI security rulemaking would update the regulations and make the ISFSI security orders generically applicable to all ISFSI licensees, regardless of the type of license and the location of the ISFSI.

In addition to the security orders, the staff completed security assessments for several types of ISFSI storage cask designs. The staff informed the Commission of the results of this security assessment for spent fuel storage casks and transportation packages in SECY-06-0045. ⁽³⁾ The proposed ISFSI security rulemaking would address long-term issues raised by the security assessment and other ISFSI regulatory issues. Separately, the staff briefed the Commission on April 3, 2006, on ISFSI security issues and licensing actions. As a result of that briefing, the staff was asked to address three issues related to ISFSI security, which pertained to particular sites. The staff provided a Note to the Commissioners' Assistants on May 16, 2006, ⁽⁴⁾ which partially addressed the issues raised in the Commission briefing. Enclosure 6 to this paper clarifies and completes the staff's response to the Commission on these three remaining issues.

As the staff responded to the Commission's questions and began to analyze the regulatory and policy issues associated with the proposed ISFSI security rulemaking, a number of new policy issues arose for which early Commission direction is sought. In particular, the staff identified several questions on a number of differences between the current security regulations for the different types of ISFSI licensees. These differences do not pose an urgent safety or security concern because the ISFSI security orders issued subsequent to the events of September 11, 2001, ensure that all ISFSI licensees have the same level of protection. One of the differences in the regulations arose due to the scope of the recently completed final DBT rule, ⁽⁵⁾ which was limited to power reactors and to Category I special nuclear material licensees. Therefore, the staff recommended deferring resolution of issues on the consistent application of the DBT for radiological sabotage to all ISFSI licensees to a future ISFSI security rulemaking. ⁽⁶⁾ The proposed and final DBT rules were provided to the Commission in SECY-05-0106 and SECY-06-0219, respectively. ⁽⁷⁾

Under 10 CFR Part 72, "Licensing Requirements for the Independent Storage of Spent Nuclear Fuel, High-Level Radioactive Waste, and Reactor-Related Greater than Class C Waste," there are two types of ISFSI licenses (i.e., general and specific) that are available for the storage of spent fuel. Physical security requirements are located in various sections in 10 CFR Part 73, "Physical Protection of Plants and Materials," depending on the type of licensee. Additionally, the regulations in 10 CFR 72.212(b)(5), "Conditions of General License Issued under § 72.210," require general licensees to establish a physical protection program that protects the spent fuel against the DBT for radiological sabotage in accordance with 10 CFR 73.55, "Requirements for Physical Protection of Licensed Activities in Nuclear Power Reactors Against Radiological Sabotage." For general-license ISFSIs, neither 10 CFR 72.212(b)(5) nor 10 CFR 73.55 impose a dose limit for security events (i.e., acts of radiological sabotage). For certain specific license-ISFSIs, 10 CFR 72.106 does specify a 0.05-Sv (5-rem) dose limit for both safety-related and security-related events. ⁽⁸⁾

The staff has developed the above figure (Figure 1) as an aid in describing the applicability of the current ISFSI licensing and security regulations under 10 CFR Parts 72 and 73, respectively.

Based on their applicability provisions, 10 CFR 72.180, "Physical Protection Plan," and 10 CFR 73.51, "Requirements for the Physical Protection of Stored Spent Nuclear Fuel and High-level Radioactive Waste," apply to all specific-license ISFSIs without any options. However, past staff practice has permitted collocated, specific licensees ⁽⁹⁾ to develop their ISFSI's security plans based upon on the requirements of 10 CFR 73.55. ⁽¹⁰⁾ Additionally, the statements of consideration accompanying a Part 72 final rule ⁽¹¹⁾ clarifying the applicability of the various provisions of Part 72 to general licensees, specific licensees, and certificate holders indicated that specific licensees collocated at an operating 10 CFR Part 50 ("Domestic Licensing of Production and Utilization Facilities") power reactor facility are excluded from the provisions of 10 CFR 73.51. Therefore, in practice, the staff has only subjected non-collocated, specific licensees to the requirements of 10 CFR 72.180, which states such licensees must establish, maintain, and implement a detailed plan for physical protection as described in 10 CFR 73.51.

The regulations in 10 CFR 73.51 require non-collocated, specific licensees to have a physical protection system that is designed such that a loss of control of the facility (e.g., from a terrorist attack) would not result in a radiation exposure exceeding a 0.05-Sv (5-rem) dose limit at the controlled area boundary (the safety dose limits of 10 CFR 72.106). Unlike the regulations in 10 CFR 72.212(b)(5), neither 10 CFR 72.180 nor 73.51 includes specific language requiring a specific ISFSI licensee to protect the spent fuel or high-level radioactive waste against the DBT for radiological sabotage. Additionally, the scope of the recent final rule revising the DBT for radiological sabotage (10 CFR 73.1, "Purpose and scope") was silent on specific-license ISFSIs (i.e., it did not specifically exclude such a class of licensees). In fact, 10 CFR 73.1 lists exceptions to certain DBT requirements for various classes of licensees. Specific-license ISFSIs had previously been identified as being exempted from certain provisions of the DBT rule, but were removed by staff in this most recent final rule. This was because 10 CFR 72.180 did not contain specific language requiring protection of the spent fuel (in a specific-license ISFSI) against the DBT for radiological sabotage ⁽¹²⁾ (i.e., the intent of the rule was for 10 CFR 73.1 to remain consistent with 10 CFR 72.180). Consequently, the current regulations are inconsistent and do not specify whether collocated, specific-license ISFSIs are required to protect against the DBT for radiological sabotage, in contrast to the clear requirement for general-license ISFSIs under 10 CFR 72.212(b)(5).

Even though both general and collocated, specific licensees are required to comply with selected provisions of 10 CFR 73.55, the proposed power reactor security rule revising this regulation does not address security requirements for collocated, specific-license ISFSIs. The Commission approved the staff's proposed rule in SRM-SECY-06-0126. ⁽¹³⁾ The staff considered inclusion of ISFSI security requirements as beyond the scope of the proposed power reactor security rule, since the rule was focused on making generically applicable reactor security requirements previously imposed by Commission order and on other agency power reactor security initiatives.

Finally, staff notes that conservatisms may exist in the modeling of the quantity of radiological material that might be released from an attack against spent fuel in a storage cask (i.e., the release fraction). Consequently, staff embarked on a study of this issue in conjunction with several other countries and the U.S. Department of Energy (DOE). This study would perform experimental validation of release fractions using actual spent fuel. Additionally, staff is working with DOE and the U.S. Department of State to establish a multilateral agreement with these countries to permit the multilateral sharing of classified information on this topic that currently exists in these countries and the U.S. While these projects have been underway for several years, the staff does not expect to complete these efforts in time to provide input into the development of the technical bases for the proposed ISFSI security rulemaking. However, the results of these studies would be expected to be reflected in regulatory guidance documents supporting a final rule. Therefore, the status of these issues should not delay this proposed ISFSI security rule.

DISCUSSION:

One of the staff's major goals of the proposed ISFSI security rulemaking is to clarify the applicability of the ISFSI security requirements in 10 CFR Part 73 for both general-license and specific-license ISFSIs. A second goal is to make requirements similar to those imposed by the ISFSI security orders generically applicable to all ISFSI licensees. Accordingly, before beginning development of the technical bases supporting the ISFSI security rulemaking, the staff seeks early Commission direction on the following six policy issues. The staff has not engaged any external stakeholders in developing this paper. As an aid to reviewing this paper, the staff notes the discussions in the later policy issues build upon the staff's recommendations from the previous policy issues.

The staff anticipates that this rulemaking is likely to raise certain backfitting issues under 10 CFR 72.62, "Backfitting." The staff has not performed a backfit analysis for the various options under these six policy issues. Informed by the Commission's direction on these policy issues, the staff would perform a backfit analysis and cost assessment as part of the development of the proposed rule. In the interim, the staff has provided a rough assessment of potential licensee costs in the Schedule and Impacts section of this paper.

Issue 1: Should a radiological acceptance criterion for security scenarios be applied consistently to all ISFSIs?

Specific-license ISFSIs are currently required by 10 CFR 73.51 to meet a 0.05-Sv (5-rem) dose limit (see footnote 8) for acts of radiological sabotage. However, the current regulations do not specify an explicit dose limit for security (radiological sabotage) events for general-license ISFSIs. The staff has historically considered general licensees--which are required by 10 CFR 72.212(b)(v) to protect the spent nuclear fuel against the DBT of radiological sabotage--to have the same level of protection as required for specific licensees.

Policy Issue 1 and its options are discussed in more detail in Enclosure 1 . The staff has identified four options for Policy Issue 1:

1. Retain the current dose limits and clarify the applicability of the ISFSI security requirements.

2. Eliminate the radiological dose criterion for all ISFSIs and apply the current protective strategy, which includes the security orders.

3. Eliminate the radiological dose criterion for all ISFSIs and require ISFSI licensees to prevent or impede attempted acts of radiological sabotage.

4. Apply the radiological dose criterion to all ISFSIs.

   1. The staff performs the assessments to determine whether the ISFSI is in compliance with the dose limit; or

   2. The licensee performs the assessments and demonstrates that the ISFSI is in compliance with the dose limit.

The staff recommends Option 4(b). This option is performance-based, and affords the ISFSI licensee the greatest amount of flexibility in meeting the regulations. This option is consistent with the historic NRC regulatory model requiring licensees to demonstrate compliance, and minimizes licensee fee costs and the impact on staff resources. Additionally, this option provides consistency for the differing types of ISFSI licensees, and also provides a metric that is independent of future fuel loading characteristics and dry-cask storage designs. The licensee's assessments that their ISFSI was in compliance with the dose limits would be subject to review and/or inspection by the staff, as appropriate. The following paragraphs provide a brief assessment of some of the potential implications and impacts on ISFSI licensing and inspection programs that may arise from this policy option. A fuller discussion of these issues is provided in Enclosure 1 .

Under a dose-based acceptance criteria, some ISFSI licensees might have to revise their current protective strategy from a "detect, assess, and communicate" protective strategy to a "denial of task" protective strategy due to site-specific limitations (e.g., limited room to expand the distance between their ISFSI and their controlled area boundary). Consequently, if a constrained licensee cannot meet the dose limit through the use of passive security measures (e.g., the use of engineered security features or through changes to the ISFSI's design), one of the options available to the licensee would be to use active security measures (e.g., a "denial" protective strategy) to prevent a successful terrorist attack. The staff envisions that only very few licensees may be sufficiently constrained to be unable to meet the radiological dose criterion through the use of passive security measures and thus would be compelled to shift to a "denial of task" protective strategy. Moreover, the staff recommends continuing the current practice of not performing force-on-force (FOF) exercises against ISFSIs. However, if an ISFSI licensee revises its security program to employ a "denial of task" protective strategy, then the staff would reevaluate the need for a FOF exercise against that ISFSI on a case-by-case basis.

The use of a "denial of task" protective strategy raises issues of sufficient technical complexity to necessitate prior staff review and approval of a licensee's security plan. The staff bases this conclusion on: (1) experience gained in the CY 2003 - CY 2004 reviews of changes to reactor security plans to implement the security and DBT orders and the resultant degree of complexity and the need for interactions with licensees; and (2) a desire to maintain an appropriate independence and separation of NRC security plan review and approval and inspection functions. For a specific-license ISFSI, NRC prior review and approval of applicant's initial security plans is required under the current regulations. Under 10 CFR 72.44(e), "License Conditions," licensees may make certain changes to their security plan without NRC prior review and approval, if such changes do not decrease the effectiveness of the security plan. For a general-license ISFSI, the security requirements for the ISFSI are incorporated in the security plan (required under Part 50) for the associated power reactor license and are subject to inspection by NRC regional staff, not to staff prior review and approval. Similarly, reactor licensees are permitted under 10 CFR 50.54(p)(1), "Conditions of Licenses," to make certain changes to their security plan without prior NRC review and approval, provided such changes do not decrease the effectiveness of their security plan. In all likelihood, a general-license ISFSI's shift to a denial protective strategy would not decrease the effectiveness of the associated power reactor's security plan under 10 CFR 50.54(p)(1). However, as discussed earlier and notwithstanding the provisions of 10 CFR 50.54(p)(1), the staff would revise the regulations to require a reactor licensee, associated with a general-license ISFSI who chooses to employ a "denial of task" protective strategy for the ISFSI, to submit its security plan (for protecting both the reactor and ISFSI) to the NRC for prior review and approval. The NRC's approval of a revised security plan for the site would be a specific licensing action under the Part 50 license that would create a potential hearing right. ⁽¹⁴⁾

However, the staff notes that some Part 50 licenses who are currently using the Part 72 general license process have required amendments to their Part 50 license to accommodate the presence of the ISFSI, thus creating a potential hearing right under the Part 50 license. An example of this was for heavy loads issues (e.g., the use of single failure proof cranes and revised heavy load pathways). Therefore, revising the necessary regulations to require a general-license ISFSI, who was compelled to adopt a "denial of task" protective strategy, to submit the site (reactor and ISFSI) security plan to the NRC for review and approval would be consistent with the current Part 50 reactor license/Part 72 general-license ISFSI regulations. Consequently, the staff's view is that the potential for hearing requests would be essentially the same as it is under the current regulations.

Issue 2: Should the dose limits for acts of radiological sabotage (if any are established under Policy Issue 1) be the same as the dose limits for design-basis accidents?

In the current regulations, the dose limit for security scenarios for non-collocated, specific- license ISFSIs is consistent with the dose limit for design basis accidents (DBAs) of 0.05 Sv (5-rem) at the controlled area boundary. As discussed in the statements of consideration accompanying the final rule initially promulgating 10 CFR Part 72, ⁽¹⁵⁾ this dose limit was derived from protective actions recommended by the U.S. Environmental Protection Agency (EPA) for projected doses to populations for planning purposes. Additionally, an NRC 1995 ISFSI emergency planning final rule indicated that a release exceeding the EPA Protective Action Guidelines (PAGs) would not occur; ⁽¹⁶⁾ consequently, no verification was required that doses would be less than a 0.01-Sv (1-rem) dose limit at the site area boundary. Accordingly, if the Commission determines, under Policy Issue 1, that a radiological acceptance criterion for acts of radiological sabotage should be applied to all ISFSI licensees, is a 0.05-Sv (5-rem) dose limit criteria still the appropriate limit?

Policy Issue 2 and its options are discussed in more detail in Enclosure 2 . The staff has identified four options for Policy Issue 2:

1. Keep the dose limit for radiological sabotage consistent with the dose limit for ISFSI DBAs (i.e., a 0.05-Sv (5-rem) dose limit at the controlled area boundary).

2. Keep the dose limit for radiological sabotage consistent with the dose limit for ISFSI DBAs (i.e., a 0.05-Sv (5-rem) dose limit at the controlled area boundary); and also meet a 0.01-Sv (1-rem) dose limit for both safety and security events at the site area boundary.

3. Keep the dose limit for radiological sabotage consistent with the dose limit for ISFSI DBAs (i.e., 0.05 Sv (5 rem)), but apply it at the site area boundary instead of at the controlled area boundary. (Changes to ISFSI emergency planning requirements--i.e., the potential to classify events to a "general emergency" level-would likely be required.)

4. Increase the dose limit for radiological sabotage consistent with the dose limit for reactor DBAs (i.e., 0.25 Sv (25 rem) at the site area boundary). (Changes to ISFSI emergency planning requirements--i.e., the potential to classify events to a "general emergency" level--would be required.)

The staff recommends Option 2. This option provides consistency between the dose limits for ISFSI DBAs and acts of radiological sabotage. Since this paper contemplates ISFSI licensees potentially extending their controlled area boundary outward (to meet a radiological sabotage dose limit), the staff would propose adding a new requirement for licensees to verify doses are also less than 0.01 Sv (1 rem) at the site boundary. The term "site boundary" is defined in 10 CFR 20.1003 ("Definitions"); however, it is not defined in 10 CFR Part 72 or Part 73. Given the differences in the physical location of an ISFSI at the various reactor sites, as well as the presence of ISFSIs located away from any reactor, the staff would seek stakeholder input (as discussed in the Commitments section) on applying existing or developing new definitions (and criteria) for defining the term "site boundary" for ISFSIs.

While the staff would apply the dose limits in Option 2 to both safety and security events, no impacts would be expected for safety events. For security events, certain licensees may have challenges due to the short distance to their controlled area boundary. The options in this paper would provide ISFSI licensees sufficient flexibility to address these challenges. Potential options would include changes to the design of the ISFSI, the use of engineered security features to protect the ISFSI, changes to the ISFSI protective strategy, or changes to the ISFSI emergency planning program (see Enclosure 2 for further discussion of these approaches). Furthermore, this option would not impact the public health and safety objectives currently contained within the ISFSI's emergency planning program requirements and would continue to support the staff's assumptions that underlie the NRC's 1995 ISFSI emergency planning final rule.

Options 3 and 4 would require reassessment and expansion of the ISFSI emergency planning program requirements, since a foundational assumption from the 1995 ISFSI emergency planning final rule may no longer be valid (i.e., the dose at the site area boundary could exceed the EPA PAGs' dose limit of 0.01 Sv (1 rem)). Should the Commission conclude that Options 3 or 4 are preferable to Option 2, the staff would need to evaluate several safety, legal, policy, and technical issues, including whether a collocated or a non collocated ISFSI's emergency planning program, capable of classifying events at a "general emergency" level, should contain the same elements as a power reactor's emergency planning program to ensure adequate protection of public health and safety. This would include discussions with the U.S. Federal Emergency Management Agency (FEMA) on whether conforming changes to FEMA's offsite emergency planning regulations would also be necessary.

Issue 3: Should the DBT for radiological sabotage be applied consistently to all ISFSIs (not just to general licensees)?

The majority of ISFSI licensees (30 of the current 45) are general licensees that are already required to establish a physical protection system which protects the spent fuel against the DBT for radiological sabotage in accordance with the power reactor security requirements of 10 CFR 73.55. Changes to the DBT regulations and staff practice have resulted in regulatory questions (uncertainty) on whether a specific-license ISFSI is required to protect the spent nuclear fuel against the DBT for radiological sabotage.

Policy Issue 3 and its options are discussed in more detail in Enclosure 3 . The staff has identified three options for Policy Issue 3:

1. Take no action. Do not require specific licensees to protect against the DBT for radiological sabotage. (The regulations would continue to apply the DBT for radiological sabotage to general-license ISFSIs, but not to specific-license ISFSIs.)

2. Continue to apply the DBT for radiological sabotage to general-license ISFSIs. Additionally, apply the DBT for radiological sabotage to specific-license ISFSIs. (The regulations would apply the DBT for radiological sabotage to all ISFSI licensees.)

1. Develop a separate adversary characteristics guidance document for ISFSIs; or

2. Retain a single adversary characteristics guidance document (applicable to all classes of licensees subject to the DBT for radiological sabotage) and develop an ISFSI-specific sub-tier document.

3. Develop new, risk-informed, performance-based security requirements applicable to all ISFSI licensees to enhance existing security requirements (ISFSI licensees would not be required to protect the ISFSI against the DBT for radiological sabotage). Develop ISFSI-specific regulatory guidance supporting the new regulations.

The staff recommends Option 3. Both Options 2(a) and 3 would achieve the staff's goals for this rulemaking. Both options are performance-based, both achieve technically acceptable levels of security, and both provide flexibility to ISFSI licensees. However, the staff prefers Option 3, because: (1) the staff views creation of a risk-informed, performance-based security regulatory structure as providing the greatest support to the Commission's strategic objective of developing performance based regulations by allowing licensees to tailor their security programs and protective measures to the circumstances specific to their ISFSI, while providing the requisite high assurance that the common defense and security will be adequately protected; and (2) the staff does not view the creation of multiple adversary characteristics regulatory guidance documents underlying a singular DBT for radiological sabotage as a vehicle for promoting regulatory clarity.

The staff would use a "risk-informed, performance based" process to define a new regulatory structure for ISFSI security activities. The "risk-informed" element would apply a vulnerability assessment methodology against ISFSIs that is informed by both the intelligence community's developed threat stream and by vulnerability information that is not threat based (i.e., the evaluation of whether ISFSIs may be vulnerable to certain specific weapons effects for which an underlying threat stream does not currently support their inclusion under the DBT for radiological sabotage). The "performance based" element would apply specific radiological dose acceptance limits to ISFSI security activities. This combined approach would provide licensees flexibility in crafting an appropriate security regulatory structure for ISFSIs that may be different than that used for power reactors and would provide clear and objective performance standards. This new approach would recognize that the security regulatory structure applied to ISFSIs may be appropriately different from the security regulatory structure applied to power reactors, due to significant differences in: (1) the designs of these two types of facilities; (2) the nature of their security vulnerabilities; (3) differences in the physical and regulatory approaches used to create defense-in-depth for these facilities; and (4) differences in the nature and size of a potential radiological release from these facilities. The staff envisions an annual review of the threat stream to evaluate whether any changes in the adversary capabilities would differ significantly from the basis for Commission decisions underlying the security assessment frameworks or ISFSI security requirements.

In implementing this option, the staff would develop a regulatory guidance document that describes the details of the ISFSI security-related scenarios in order to support the new regulations. Staff recommendations on the scope and content of this regulatory guidance document (e.g., the use of the power reactor adversary characteristics) are discussed further in Policy Issue 4 (see Enclosure 4 ). The radiological sabotage scenarios described in the regulatory guidance document would enable ISFSI licensees to perform a CARVER ⁽¹⁷⁾ analysis (see Enclosure 5 for background information on CARVER analysis) to determine whether the ISFSI meets the 0.05-Sv (5-rem) dose limit criteria. In recommending this option, the staff additionally recommends continuing the agency's current practice of not performing FOF exercises against ISFSIs.

Regardless of which options the Commission chooses with this policy issue, when combined with the recommendations for Policy Issues 1 and 2 to use a dose-based acceptance criteria, the staff notes that some ISFSIs may be compelled to revise their current protective strategy from a "detect, assess, and communicate" protective strategy to a "denial of task" protective strategy, due to site-specific limitations.

Issue 4: Should the regulatory guidance supporting the performance-based security regulations recommended under Policy Issue 3 be bounded by the (power reactor) adversary characteristics that support the DBT for radiological sabotage?

In Policy Issue 3 the staff recommended development of risk-informed, performance-based security regulations that would apply to all ISFSIs (i.e., both general- and specific-license ISFSIs), in lieu of applying the DBT for radiological sabotage under 10 CFR 73.1. The staff also recommended developing a regulatory guidance document supporting these new regulations that would be specific to ISFSIs. This guidance document would be controlled as Safeguards Information or classified information, as appropriate, and would enable ISFSI licensees to perform an analysis of their facilities as described in Policy Issues 1 and 2.

The regulations currently exempt general-license ISFSIs from some elements of the DBT for radiological sabotage (e.g., the waterborne vehicle bomb assault), thereby setting a precedent for requiring a power reactor licensee with a general-license ISFSI to address different threats which may lead to developing two protective strategies for essentially the same site. Since no specific regulatory guidance supporting the DBT for radiological sabotage has yet been developed for general-license ISFSIs, the staff would need to develop guidance for use by all (general and specific) ISFSI licensees when demonstrating compliance with the performance-based regulations recommended under Policy Issue 3. The current adversary characteristics associated with the DBT for radiological sabotage are focused on power reactors. Therefore, the staff is seeking Commission direction on whether the ISFSI security scenarios should be bounded by the adversary characteristics associated with the DBT for radiological sabotage (as applied to power reactors).

Policy Issue 4 and its options are discussed in more detail in Enclosure 4 . The staff has identified three options for Policy Issue 4:

1. Develop ISFSI regulatory guidance that would be bounded by the adversary characteristics regulatory guidance supporting the DBT for radiological sabotage associated with power reactors. (The ISFSI guidance would be consistent with the power reactor guidance.)

2. Develop ISFSI regulatory guidance that would not be bounded by the adversary characteristics regulatory guidance supporting the DBT for radiological sabotage associated with power reactors. (The ISFSI guidance document may include capabilities to which ISFSIs may be vulnerable, but to which power reactors are not.)

3. Develop ISFSI regulatory guidance that would be a combination of Options 1 and 2, depending on the location of the ISFSI. ISFSIs located away from any power reactors or ISFSIs collocated with a decommissioning power reactor would follow Option 2. ISFSIs collocated with an operating power reactor would follow Option 1 or Option 2, as follows.

   • (a) For collocated ISFSIs (located inside of an operating power reactor's protected area only) the regulatory guidance would be consistent with Option 1. (All other ISFSIs would follow Option 2.); or

   • (b) For collocated ISFSIs (located either inside or outside of an operating power reactor's protected area) the regulatory guidance would be consistent with Option 1. (All other ISFSIs would follow Option 2.)

The staff recommends Option 1. This option is consistent with current security requirements for general-license ISFSIs, which are subject to some, but not all, elements of the DBT for radiological sabotage. Overall, this option provides consistent security requirements for protection against radiological sabotage for all ISFSIs, regardless of license type or location. Additionally, this option provides consistency between the scope of the adversary capabilities against which both power-reactor licensees and ISFSI licensees are required to defend.

The staff is recommending this option based principally upon the direction previously provided by the Commission in SRM-SECY-05-0218 on the nature and scope of the adversary characteristics associated with the DBT for radiological sabotage. ⁽¹⁸⁾ In contrast, options 2 and 3 would permit ISFSI-specific guidance that is not bounded by the current (operating power reactor) adversary characteristics regulatory guidance (i.e., the suite of adversary characteristics may be different, but would be appropriate for ISFSIs).

However, in recommending Option 1, the staff acknowledges that uncertainty exists on whether additional weapons capabilities may or may not pose a vulnerability to spent fuel storage cask designs. This uncertainty has only been partially assessed by staff, but would involve, for example, adversaries using explosives to create kinetic, shear, or hydrodynamic weapons effects to penetrate a cask's confinement barrier. Because of differences between power reactor critical target sets and ISFSI cask designs, the staff would not expect use of explosives to create these weapons effects, by themselves, to defeat a power reactor target set. The staff acknowledges that an adversary's use of certain types of explosive attacks (using either manufactured or improvised devices)--which the Commission has required certain non-power reactor licensees (but not ISFSIs) to defend against--could likely breach some ISFSI casks' confinement barrier and would thus cause the release of radioactive material. However, the quantity and radionuclide content of the released material and the resultant dose consequences would be significantly influenced by site-specific parameters. Therefore, this type of event may or may not have the potential to yield dose consequences that would exceed a 0.05-Sv (5-rem) dose limit at a particular ISFSI's controlled area boundary or exceed a 0.01-Sv (1 rem) dose limit at a particular ISFSI's site area boundary.

Should the Commission conclude that Option 2 or 3 is preferable to Option 1, the staff would recommend assessing additional threat and vulnerability information to support developing the ISFSI-specific regulatory guidance document. Staff would accomplish this assessment in parallel with the development of the technical basis for the proposed rule. Staff would provide the results of the threat and vulnerability evaluation, and any recommendations, to the Commission for its review; and these results and the Commission's review would inform the final technical basis for the proposed rule.

Issue 5: Should the proposed ISFSI security rulemaking apply to future ISFSI licenses only or to both current and future ISFSI licenses?

Given the goals of the proposed ISFSI security rulemaking, the staff has identified two options for Policy Issue 5.

1. The proposed ISFSI security rulemaking would apply to all existing and future ISFSIs.

2. The proposed ISFSI security rulemaking would apply only to ISFSIs licensed subsequent to the effective date of a final rule.

The staff recommends Option 1. Because one of the staff's main goals of this rulemaking is to achieve regulatory consistency for all ISFSIs and to make the security orders generically applicable to all ISFSIs, the staff recommends applying the proposed ISFSI security rulemaking to both current and future ISFSI licenses. Should the Commission chose to apply the proposed ISFSI security rulemaking only to future ISFSIs, the staff would then recommend leaving the ISFSI security orders (on current licensees) in place indefinitely.

The staff views regulatory consistency across a single class of licensees as fundamental regulatory goal for the agency. Applying the rulemaking to the varied types of ISFSI licensees would ensure that the staff could address future, site-specific ISFSI licensing actions in a consistent manner. Additionally, licensees would have sufficient regulatory flexibility to address site-specific issues under the current 10 CFR Parts 72 and 73 exemption processes and under "alternate measures" provisions. The staff would propose using the same "alternate measures" provisions for ISFSI security requirements as were recently approved by the Commission in SRM-SECY-06-0126 for the proposed power reactor security rule (see 10 CFR 73.55(t)).

The principal advantage with Option 2 is that since it would only apply to future ISFSI licensees, no backfit would occur under 10 CFR 72.62. The principal disadvantage is the lack of regulatory consistency.

Issue 6: Should this paper (either in whole or in part) be made available to the public to support the development of the proposed ISFSI security rulemaking?

The staff has not engaged with any external stakeholders in developing this policy paper. Effective communication of these issues, policy options, and proposed solutions during the development of both the technical bases and the proposed ISFSI security rule language will be necessary for a range of stakeholders (e.g., licensees, States, public interest groups, etc.). Consequently, the staff views this Commission paper as an effective vehicle to facilitate stakeholder understanding of these issues and to achieve regulatory transparency and openness in the proposed ISFSI security rulemaking. In considering this issue, the staff was informed by the Commission's direction in SRM-SECY-06-0180 ⁽¹⁹⁾ to "ensure rulemaking packages reflect potential views of a wider range of stakeholders."

This Commission paper is marked as containing Safeguards Information, consistent with NRC transmittal document requirements; however, when separated from Enclosure 6 it contains only Official Use Only--Security-Related Information. Enclosures 1 , 2 , 3 , and 4 , contain Official Use Only--Security-Related Information. Enclosure 5 contains Official Use Only--Sensitive Internal Information. Enclosure 6 contains Safeguards Information and would not be publicly released under any of these options. The staff has identified four options for Policy Issue 6.

1. Do not publicly release this paper or its enclosures.

2. Publicly release this paper only and do not release Enclosures 1 through 5 .

3. Publicly release this paper and Enclosures 1 through 5 .

4. Publicly release this paper and only redacted portions of Enclosures 1 through 5 .

The staff recommends Option 4. Under Option 2 the Commission would approve the decontrol of this Commission paper from Official Use Only--Security-Related Information (OUO-SRI), thus support the public release of a limited amount of information from this paper only. Under Option 3 the Commission would approve the decontrol of both the Commission paper and enclosures 1 through 5, thus supporting the public release of more comprehensive information. Under Option 4, the Commission would approve the decontrol of this Commission paper and staff would redact enclosures 1 through 5 to remove OUO-SRI information, to support their public release. Option 4 would release less information than Option 3, but more information than Option 2. Additionally, under Options 2, 3, or 4 the staff would develop a communications plan to support the release of this information and to obtain stakeholder input for the ISFSI security rulemaking.

The staff considers the information in this Commission paper to be of sufficient importance and technical and regulatory complexity to warrant public dissemination to: (1) meet the objectives of SRM-SECY-06-0180; (2) support the development of the technical bases and proposed rule with sufficient publicly-available information for use by non-industry stakeholders; and (3) support the Commission's fundamental goal of regulatory transparency during the rulemaking process. As noted above, no external stakeholders were engaged during the development of this Commission paper. While the staff has prepared this paper at the OUO-SRI level to provide the Commission sufficiently detailed information to facilitate an informed decision, the staff also supports a Commission decision to deliberately decontrol this paper, and portions of the enclosures, to support the agency's ultimate objective of a successful rulemaking.

Because of the complexity of these policy issues and the benefit of communicating detailed information on these issues, the staff views Option 1 as inconsistent with the Commission's previous direction in SRM-SECY-06-0180. The staff views Option 2 as workable, but not preferred, because the degree of regulatory complexity involved in these issues--especially for non-knowledgeable individuals--and the level of detail contained in the enclosures warrants the public release of both the Commission paper and Enclosures 1 through 5 , either in whole or in part, to achieve the Commission's goal set forth in SRM-SECY-06-0180. Thus, staff prefers Options 3 and 4 over Option 2. Option 3 publicly releases more sensitive information (the Commission paper and the enclosures), but involves less staff effort (i.e., no redaction of the enclosures is required). Option 4 publicly releases less sensitive information, but requires additional staff effort to appropriately redact the information in Enclosures 1 through 5 .

SCHEDULE AND IMPACTS:

The staff would begin principal work on the proposed ISFSI security rule in FY 2009. Development of the technical basis for the rulemaking would be completed by the end of FY 2008, subsequent to the receipt of Commission direction on this paper. The staff is not proposing to submit a rulemaking plan for this rulemaking, since this policy paper addresses the substantive issues associated with the proposed rulemaking.

The staff estimates the resources required to accomplish the staff reviews of licensee assessments recommended under Policy Issue 1 would involve 1.5 staff-months to review each ISFSI's analysis to verify compliance with the 0.05-Sv (5-rem) dose limit criterion. Currently, there are 45 licensed ISFSIs that would need to be evaluated requiring an estimated 5.6 FTE and $225K spread out over a 3-year period. The staff would anticipate beginning such reviews in FY 2011 (i.e., approximately a year after the issuance of a final rule--which the staff anticipates would be by the end of FY 2010). Resources for staff reviews of these current ISFSIs and any future ISFSI license applications would be addressed in out-year budgets via the agency's planning, budgeting, and performance management (PBPM) process.

As an aid to the Commission's deliberations and recognizing that industry has not been approached on these rough cost numbers, the staff is providing the following estimates of numbers of impacted licensees and of potential licensee expenses to implement the policy options recommended in this paper. Licensee accomplishment of the recommended assessments would likely require a multi-discipline team with engineering, health physics, and security expertise. Given these caveats, the staff would estimate (out of the current population of 45 ISFSIs) that (1) 40 ISFSIs would require 0.5 to 1 staff months ($20K to $41K) to verify their ISFSI meets the proposed dose limits without significant additional effort; (2) 4 ISFSIs would require 1 to 2 staff months ($41K to $82K) to perform more detailed or iterated calculations to verify their ISFSI meets the proposed dose limits; and (3) 1 ISFSI would require an additional 6 staff months (i.e., 7 to 8 months total) ($289K to $330K) to revise their security plan or emergency plan to meet the dose limits. The staff used a rate of $258 per hour from the FY 2007 fee rule in making these estimates. Alternatively, if instead changes to its security plan or emergency plan, the ISFSI licensee in (3) above had to make changes to the design of its ISFSI, move its ISFSI, use engineered security features to provide additional security, or purchase additional land to meet the dose limits, then costs of such changes could range from $750K to $7.5M or more depending on the specific site and the nature of the changes.

COMMITMENTS:

The staff will accomplish the proposed ISFSI security rulemaking as previously directed by the Commission.

If the Commission approves the staff's recommendation for Policy Issue 6 (i.e., Option 4), the staff will develop a communication plan to: (1) support the public release of this paper and any redacted enclosures; and (2) engage stakeholders during development of the technical basis and the proposed ISFSI security rulemaking.

RECOMMENDATIONS:

The staff recommends that the Commission approve the following policy options:

Issue 1: Should a radiological acceptance criterion be applied consistently to all ISFSIs?

The staff recommends Option 4(b): Apply the radiological dose criterion to all ISFSIs. The licensee performs the assessments and demonstrates the ISFSI is in compliance with the dose limit.

Issue 2: Should the dose limits for acts of radiological sabotage (if any are established under Policy Issue 1) be the same as the dose limits for safety-related DBAs?

The staff recommends Option 2: Keep the dose limit for radiological sabotage consistent with the dose limit for ISFSI DBAs (i.e., a 0.05-Sv (5-rem) dose limit at the controlled area boundary); and also meet a 0.01-Sv (1-rem) dose limit for both safety and security events at the site area boundary.

Issue 3: Should the DBT for Radiological Sabotage Be Applied Consistently to All ISFSIs (Not Just to General Licensees)?

The staff recommends Option 3: Develop new, risk-informed, performance-based security requirements applicable to all ISFSI licensees to enhance existing security requirements (ISFSI licensees would not be required to protect the ISFSI against the DBT for radiological sabotage). Develop ISFSI-specific regulatory guidance supporting the new regulations.

Issue 4: Should the regulatory guidance supporting the performance-based security regulations recommended under Policy Issue 3 be bounded by the (power reactor) adversary characteristics that support the DBT for radiological sabotage?

The staff recommends Option 1: Develop ISFSI regulatory guidance that would be bounded by the adversary characteristics regulatory guidance supporting the DBT for radiological sabotage associated with power reactors. (The ISFSI guidance would be consistent with the power reactor guidance.)

Issue 5: Should the proposed ISFSI security rulemaking apply to future ISFSI licensees only or to both current and future ISFSI licensees?

The staff recommends Option 1: The proposed ISFSI security rulemaking would apply to all existing and future ISFSI licenses.

Issue 6: Should this paper (either in whole or in part) be made available to the public to support the development of the proposed ISFSI security rulemaking?

The staff recommends Option 4: Publicly release this paper and only redacted portions of Enclosures 1 through 5 .

RESOURCES:

The resources required to accomplish the development of the technical basis and the proposed ISFSI security rulemaking implementing the recommendations of Policy Issues 1, 2, 3, 4, and 6 are as follows:

1. The Office of Nuclear Security and Incident Response (NSIR) estimates these resources to be 0.3 FTE in FY 2007, 0.3 FTE in FY 2008, 0.7 FTE and $100K in FY 2009, and 0.7 FTE in FY 2010.

2. The Office of Federal and State Materials and Environmental Management Programs (FSME) estimates these resources to be 0.8 FTE in FY 2009 and 0.7 FTE in FY 2010.

3. The Office of Nuclear Material Safety and Safeguards (NMSS) estimates these resources to be 0.3 FTE in FY 2008.

These resources are currently budgeted for FY 2007 and FY 2008. Resources for FY 2009 are included in the proposed budget that was submitted to the Commission. Resources for FY 2010 would be addressed via the agency's PBPM process.

The resources required to develop the supporting regulatory guidance for the proposed ISFSI security rulemaking under Policy Issue 4 is 0.2 FTE in FY 2008 for NSIR. This resource is budgeted. However, if the Commission concludes further analysis is required of potential ISFSI vulnerabilities (to address certain uses of explosives) not previously analyzed, NSIR would need an additional 0.2 FTE in FY 2007 and 0.2 FTE in FY 2008. Those resources are currently unbudgeted.

The resources required to accomplish the recommendation for Policy Issue 6 and associated communications plan are 0.1 FTE in FY 2007 for NSIR. NMSS resources for the communication plan are included in the 0.3 FTE in FY 2008 mentioned above in item (3). These resources are currently budgeted in NSIR and unbudgeted in NMSS. The information on resources and schedules reflect the current planning environment. If a significant amount of time (greater than 90 days) passes, or the Commission provides the staff direction that differs from or adds to the staff's recommended actions, this section and the schedule and impacts section of the paper would need to be revisited after issuance of the draft SRM.

COORDINATION:

The Office of the Chief Financial Officer has reviewed this Commission Paper for resource implications and has no objection. The Office of the General Counsel has reviewed this Commission Paper and has no legal objection.

1. COMSECY-05-0058, "Schedules and Resources for Security Rulemakings," Agencywide Documents Access and Management System (ADAMS) No. ML052990371, dated November 16, 2005.

2. See Federal Register notices 67 FR 65150 and 67 FR 65152, dated October 23, 2002.

3. SECY-06-0045, "Results of Implementation of the Decisionmaking Framework for Materials and Research and Test Reactor Security Assessments," ADAMS No. ML060340452, dated March 1, 2006.

4. Note to the Commissioners' Assistants, "Response to Commissioner McGaffigan on Independent Spent Fuel Storage Installations (ISFSI) Security," ADAMS No. ML061370015, dated May 16, 2006.

5. Final Rule - 10 CFR Part 73, "Design Basis Threat." Published in the Federal Register (72 FR 12705) on March 19, 2007.

6. See previous Federal Register notice 72 FR 12705, public comment Issue 5 (at 72 FR 12716).

7. SECY-05-0106, "Proposed Rulemaking to Revise 10 CFR 73.1, Design Basis Threat (DBT) Requirements," ADAMS No. ML050530088, dated June 14, 2005. SECY-06-0219, "Final Rulemaking to Revise 10 CFR 73.1, Design Basis Threat (DBT) Requirements," ADAMS No. ML062130289, dated October 30, 2006.

8. The dose criteria in Title 10 of the Code of Federal Regulations (CFR) 72.106, "Controlled area of an ISFSI or MRS," (0.05 Sievert (Sv) [5 rem] total effective dose equivalent; 0.15 Sv [15 rem] to the lens of the eye; 0.5 Sv [50 rem] as either the sum of the deep dose equivalent and any organ dose, or the shallow dose equivalent to the skin or any extremity) are hereinafter referred to as the 0.05-Sv (5-rem) dose limit.

9. For the purposes of this paper, the staff will use the term "collocated, specific licensee" to mean a specific-license ISFSI that is collocated at a power reactor facility which has a license to operate. The term "non-collocated, specific licensee" will include both a specific-license ISFSI that is collocated with a power reactor with a possession-only license and a specific-license ISFSI located away from any power reactors. This nomenclature is reflected in Figure 1.

10. Letter to Mr. James P. O'Hanlon, "Request for Exemption from 10 CFR 73.51(d)(3) Requirements, North Anna Independent Spent Fuel Storage Installation (ISFSI) and Surry ISFSI (TAC Nos. L22707 and L22708)," ADAMS No. ML060320261, dated November 12, 1998.

11. Final Rule - 10 CFR Part 72, "Clarification and Addition of Flexibility." Published in the Federal Register (65 FR 50606) on August 21, 2000. See public comment Issue A.1.

12.See previous Federal Register notice 72 FR 12705, public comment Issue 5 (at 72 FR 12716).

13. SECY-06-0126, "Proposed Rulemaking - Power Reactor Security Requirements," ADAMS No. ML00830634, dated May 31, 2006. Approved by SRM-SECY-06-0126, ADAMS No. ML061840301, dated June 30, 2006. Published for comment in the Federal Register (72 FR 62663) on October 26, 2006.

14. The current Part 72 general license regulations implement provisions of Section 218(a) of the Nuclear Waste Policy Act of 1982, as amended (42 U.S.C. 10198), that mandated that the Commission by rule approve technologies for the dry storage of spent fuel at civilian nuclear power reactors, "without to the extent practicable," the need for additional site specific [licensing] approvals by the Commission. Under the current Part 72 general license regulations, no site-specific licensing actions are required to use dry storage casks to store spent fuel.

15. Final rule - 10 CFR Part 72, "Licensing Requirements for the Storage of Spent Fuel In an Independent Fuel Spent Storage Installation." Published in the Federal Register (45 FR 74693) on November 12, 1980. See public comment Issues 20 and 21 (at 45 FR 74696 and 74697).

16. Final rule - 10 CFR Part 72, "Emergency Planning Licensing Requirements for Independent Spent Fuel Storage Facilities (ISFSI) and Monitored Retrievable Storage Facilities (MRS)." Published in the Federal Register (60 FR 32430) on June 22, 1995. See public comment Issues 17 and 25 (at 60 FR 32434 and 32435).

17. C.A.R.V.E.R. analysis includes an evaluation against the following factors: Criticality - identify critical assets; Accessability - determine ease of access to critical assets; Recuperability - compare time to repair, replace, or bypass critical assets; Vulnerability - evaluate security system effectiveness against malevolent capabilities; Effect - consider the scope and consequences of the adverse effects from malevolent acts; and Recognizability - evaluate the potential that adversaries would recognize a critical asset.

18. SRM-SECY-05-0218, "Semiannual Threat Environment Review," Classified (ADAMS No. not applicable), dated March 30, 2006.

19. SRM-SECY-06-0180, "Supplemental Proposed Rulemaking on Limited Work Authorizations," ADAMS No. ML062750047, dated October 2, 2006.

Privacy Policy | Site Disclaimer
Tuesday, February 05, 2008