The Nuclear Regulatory Commission (NRC) published a Federal Register notice on July 16 requesting comments on a regulatory basis supporting a “limited scope” rulemaking to develop physical security requirements for advanced reactors. For this rulemaking, “advanced reactors” means “light-water small modular reactors (SMRs) and non-light water reactors (non-LWRs)” which includes, but “is not fully coextensive with,” the definition of an “Advanced Nuclear Reactor” in the recently enacted Nuclear Energy Innovation and Modernization Act. The deadline to submit comments is August 15.

We previously reported on this rulemaking process, which started with the NRC Staff’s August 1, 2018, report to the Commission, evaluating options for revising physical security regulations for advanced reactors. We also reported on the Commission’s approval of the NRC’s Staff’s proposed rulemaking plan, which occurred on November 19, 2018. The NRC’s physical security requirements for large LWRs—in 10 CFR § 73.55>—is focused on preventing significant core damage and spent fuel sabotage. Current regulations require each site to have at least 10 armed responders for emergency security response (10 CFR § 73.55(k)(5)(ii)), and an on-site secondary alarm station to monitor potential issues (10 CFR § 73.55(i)(4)(iii)).

To address national security interests and prevent the unauthorized transfer of scientific and technical information to certain foreign entities, the US Department of Energy (DOE) issued Order No. 486.1 on June 7. The order prohibits DOE employees and contractors from participating in certain “talent recruitment programs” – specifically “talent recruitment programs” of foreign governments determined by the DOE to be a “foreign country of risk.” DOE contractors and subcontractors within the utility and nuclear sectors should be prepared to implement controls to ensure that neither they nor their employees or subcontractors participate in these foreign-sponsored programs for identified countries, which apparently include China and Russia.

Read more about the new DOE order and what contractors and subcontractors should know.

Staff members from the US Nuclear Regulatory Commission’s (NRC’s) Office of Nuclear Security and Incident Response and Office of Nuclear Reactor Regulation held a public meeting on June 17 to discuss a summary of the Assessment of the NRC’s Power Reactor Cyber Security Program. In response to the Nuclear Energy Institute’s (NEI’s) PRM-73-18, “Petition to Amend 10 CFR 73.54, ‘Protection of Digital Computer and Communication Systems and Networks’,” and based on NRC guidance, this Assessment marked 10 years since the publication of 10 CFR 73.54.

The NRC on May 3 took the overdue step of withdrawing portions of certain power reactor security requirements—issued via three agency orders in the aftermath of the events of September 11, 2001, which were subsequently captured in agency regulations:

  • EA-02-026, “Order for Interim Safeguards and Security Compensatory Measures” (February 25, 2002)
  • EA-02-261, “Order for Compensatory Measures Related to Access Authorization” (January 7, 2003)
  • EA-03-039, “Order for Compensatory Measures Related to Training Enhancements on Tactical and Firearms Proficiency and Physical Fitness Applicable to Armed Nuclear power Plant Security Force Personnel” (April 29, 2003).

As we last reported on October 5, 2018, the NRC Staff appeared ready to recommend withdrawing a rulemaking on third-party arbitration of access authorization and fitness-for-duty determinations. On April 4, 2019, the NRC Staff formally made its recommendation in SECY-19-0033. In so doing, the NRC Staff “request[ed] Commission approval to discontinue the rulemaking activity, ‘Access Authorization and Fitness-for-Duty Determinations’,” which began nearly four years ago. As previously reported, this rulemaking activity was a response to a 2012 decision by the US Court of Appeals for the Seventh Circuit in which the court determined that NRC regulations permitted third-party arbitration of unescorted access determinations. At that time, the NRC Staff disagreed with the decision and asked for Commission approval to begin a rulemaking.

The NRC, with the approval of the US attorney general, recently published a second revision to its guidelines on the use of weapons by licensee security personnel whose official duties include the protection of designated facilities, certain radioactive material or other licensee property, and licensee material or property that is being transported to or from a licensee facility. The changes were made to ensure consistency with existing FBI procedures on appeals of background check delays or denials. The updated guidelines were published in the Federal Register on March 8, 2019, and took effect the same day.

Say hello to CUI and get ready to say goodbye to SUNSI. The commissioners of the Nuclear Regulatory Commission (NRC) have directed the staff to proceed with a rulemaking to implement the governmentwide Controlled Unclassified Information (CUI) program. One impact of this rulemaking will be to eliminate one of our favorite acronyms: Sensitive Unclassified Non-Safeguards Information (SUNSI). But we are still at least a year away from an official change because the staff doesn’t plan to issue a final rule until 2021.

By way of background, the US National Archives and Records Administration (NARA) published the governmentwide CUI rule on September 14, 2016 (81 Fed. Reg. 63,324), seeking to standardize the current patchwork of more than 100 agency-specific policies for handling sensitive unclassified information requiring safeguarding or dissemination controls. That rule (32 CFR Part 2002) establishes specific handling, incident management, inspection, and oversight requirements for covered information. The NRC CUI program will eventually replace the agency’s current SUNSI program, and will retain safeguards information (SGI).

On November 19, the Nuclear Regulatory Commission (NRC) Commissioners approved the Staff’s proposed rulemaking plan for expanding physical security licensing options for advanced reactors.

As we previously reported, the NRC Staff sent a report to the Commission on August 1, 2018, that evaluated four options for revising regulations and guidance on physical security for advanced reactors. The report recommended revising applicable regulations and guidance and attached a proposed rulemaking plan. The report noted that the rulemaking would retain the current framework for security requirements in 10 CFR Part 73, but would provide alternatives for the physical security of advanced reactors. According to the report, changes to physical security for advanced reactors would

  • eliminate the need for future applicants to propose alternatives or request exemptions from physical security requirements;
  • recognize technology advancements and design features associated with the NRC-recommended attributes of advanced reactors; and
  • replace prescriptive regulations with risk-informed, performance-based requirements, among other benefits.

The US Nuclear Regulatory Commission (NRC) staff is proposing to discontinue a rulemaking relating to third-party reviews of fitness-for-duty (FFD) and access authorization (AA) determinations. The NRC staff announced this proposal when it released reference material on October 1 in advance of an upcoming November 1 public meeting on the rulemaking. Rather than completing the rulemaking, the NRC staff proposes to “update NRC guidance to describe acceptable means of achieving an appeal process, including arbitration” to resolve disputes regarding FFD and AA denials and revocations. One thing this latest NRC action leaves unclear is how licensees required by an arbitrator to reinstate an individual previously found not to be trustworthy or reliable will be impacted under the NRC regulations and enforcement policy.

The NRC Staff sent a report on August 1 to the Commissioners that evaluates four options for revising regulations and guidance on physical security for advanced reactors. The Staff is recommending a limited-scope rulemaking that retains the current overall framework for security requirements in 10 CFR Part 73, but provides alternatives for advanced reactors for physical security. The Staff estimates that such a rulemaking could be completed within 44 months of the Commission’s authorization.

The NRC’s physical security requirements for large light-water reactors (LWRs) are intended to protect against attacks and sabotage. In addition to other measures, commercial power reactor licensees meet physical security requirements through the use of an armed guard force at an estimated cost in excess of $5 million per year at a given site.