Publication Date: 3/1/78
Pages: 64 Date Entered: 2/23/84 Title: STANDARD FORMAT AND CONTENT OF SAFEGUARDS CONTINGENCY PLANS FOR NUCLEAR POWER PLANTS (FOR COMMENT) March 1978 U.S. NUCLEAR REGULATORY COMMISSION REGULATORY GUIDE OFFICE OF STANDARDS DEVELOPMENT REGULATORY GUIDE 5.54 STANDARD FORMAT AND CONTENT OF SAFEGUARDS CONTINGENCY PLANS FOR NUCLEAR POWER PLANTS INTRODUCTION The Energy Reorganization Act of 1974, which established the Nuclear Regulatory Commission (NRC), directed the NRC, among other things, to develop contingency plans"... for dealing with threats, thefts, and sabotage relating to special nuclear materials, high level radioactive wastes and nuclear facilities resulting from all activities licensed under the Atomic Energy Act of 1954, as amended...." The principal requirements for the development of safeguards contingency plans for licensed nuclear power plant activities are found in 10 CFR Part 50, "Licensing of Production and Utilization Facilities," and Part 73, "Physical Protection of Plants and Materials." Paragraphs 10 CFR 50.34(d) and 73.40 identify the requirements for a safeguards contingency plan. Appendix C of 10 CFR Part 73 identifies the criteria to be followed in developing the contingency plan. A licensee safeguards contingency plan is a document that provides guidance to licensee personnel and identifies procedures to accomplish specific, defined objectives in the event of threats or sabotage that could directly or indirectly endanger the public health and safety by exposure to radiation. An acceptable safeguards contingency plan must contain (1) a predetermined set of decisions and actions to satisfy stated objectives, (2) an identification of the data, criteria, procedures, and mechanisms necessary to effect efficiently the decisions and actions, and (3) a specification of the individual, group, or organizational entity responsible for each decision and action. A safeguards contingency plan consists of five elements: (1) Background, (2) a Generic Planning Base, (3) a Licensee Planning Base, (4) a Responsibility Matrix, and (5) Procedures. The Background contains the purpose and scope of the plan, describes the environment within which the plan will be put into effect, and defines the terms used. The Generic Planning Base contains a list of events to be planned for and the associated objective to be reached for each event. It may also include for each event an overview of the general types of decisions and actions and other generic information helpful to the licensee in clearly presenting the planned responses to reach the objective. The Licensee Planning Base contains the planning information peculiar to a given licensee, including his organizational entities for contingency response tasking, facility descriptions and locations necessary for response planning and coordination, command and control functions, etc. The Responsibility Matrix is a format used to plan the specific decisions and actions that each organizational entity takes to effect such response. For each organizational entity, the decisions and actions, as planned in the Responsibility Matrix, are finally summarized in a Procedures Summary for that entity. The Procedures Summaries that result are simplified presentations of the assigned responsibilities for use in training and implementing the plan. The Procedures Summary, although part of the contingency plan, does not have to be submitted to the NRC for approval (see Chapter 5.1). This regulatory guide prescribes the proposed standard format for the safeguards contingency plan. It also contains an example contingency plan, included as a supplement, to illustrate the guide's application. This guide may be revised to reflect comments received and additional staff review. Purpose and Applicability This standard format and content document has been prepared as an aid to uniformity and completeness of the preparation and review of the contingency planning section of license applications. It is applicable to nuclear power plants and research and test reactors that are subject to the requirements of 10 CFR Section 73.50, Section 73.55 and/or Section 73.60. (Research and test reactors should also address the generic planning base of a similar guide for fuel cycle facilities entitled, "Standard Format and Content of Contingency Plans for Fuel Cycle Facilities," for events dealing with theft of certain quantities of special nuclear material.) This document describes the information required for a plan. Information submitted will be reviewed for completeness on the basis of unique site considerations and the contents of this guide. If submittal does not provide a reasonably complete presentation of the required information, final review will be delayed until the needed information is provided. It is anticipated that the safeguards contingency plan will be submitted as an attachment to the physical security plan. To the extent that the topics in the contingency plan are treated in adequate detail in a licensee's approved physical security plan, they may be incorporated by cross reference to the security plan. The applicant or licensee should include additional information as appropriate. It is also the responsibility of the applicant or licensee to be aware of new and revised NRC regulations. Information and procedures delineated in regulatory guides in Division 1, "Power Reactors," and Division 5, "Materials and Plant Protection," and technical reports and appropriate to certain sections of the physical security plan submitted under Paragraph 50.34(c) of 10 CFR Part 50 or 10 CFR Section 73.55 may be incorporated by reference. The applicant or licensee should discuss his plans and programs with the NRC staff before preparing his contingency plan, giving particular emphasis to the depth of information required for this plan. Use of the Standard Format The standard format and content is described in succeeding chapters and is illustrated in the example plan presented in the supplement. If the applicant or licensee chooses to adopt the standard format and content, he should follow the numbering system of this document at least down to the level of subsection (i.e., 3.4.1). Certain subsections may be omitted from a contingency plan if they are clearly unnecessary to provide a complete plan or if they are needlessly repetitive. In such cases, appropriate adaptation of the standard format to accommodate the particular circumstances is permissible. The applicant or licensee may wish to submit information in support of his contingency plan that is not required by regulations and is not essential to the description of the physical protection program. Such information could include, for example, historical data submitted in demonstration of certain criteria, discussions of alternatives considered, or supplementary data regarding assumed models, data, or calculations. This type of information should be clearly labeled and provided as an attachment to the submittal so that it will not be considered as a licensee condition. Style and Composition The applicant or licensee should strive for a clear, concise presentation of information that portrays the general perspective and concepts of the basic plan. Details about specific aspects of the plan may be relegated to appendices to enhance the clarity of the presentation in the basic plan and to facilitate updating and maintenance of the information. Confusing or ambiguous statements and general statements of intent should be avoided. Definitions and abbreviations should be consistent with generally accepted usage unless otherwise defined in the document. Drawings, diagrams, and tables should be used when information may be presented more adequately or conveniently by such means. In general, these illustrations should be numbered, have titles, and be located in the section where they are first referenced. Care should be taken to ensure that all information presented in drawings is legible, that symbols are defined, and that drawings are not reduced to the extent that they cannot be read by unaided normal eyes. A table of contents should be included in each submittal. Physical Specifications of Submittals All materials submitted in a safeguards contingency plan should conform to the following physical dimensions of page size, quality of paper and inks, numbering of pages, etc.: 1. Page Size Text pages: 8-1/2 x 11 inches. Drawings and graphics: 8-1/2 x 11 inches preferred; however, a larger size is acceptable provided the finished copy when folded does not exceed 8-1/2 x 11 inches. 2. Paper Stock and Ink Suitable quality in substance, paper color, and ink density for handling and for microfilming. 3. Page Margins A margin of no less than one inch should be maintained on the top, bottom, and binding side of all pages submitted. 4. Printing Composition: text pages should be single spaced. Type face and style: must be suitable for microfilming. Reproduction: may be mechanically or photographically reproduced. Pages of the text may be printed on both sides with the images printed head to head. 5. Binding Pages should be punched for looseleaf standard 3-hole ring binding. 6. Page Numbering Pages should be numbered sequentially. 7. Format References In the application, references to this standard format should be by chapter and section numbers. Procedures for Updating or Revising Pages The updating or revising of data should be on a replacement page basis. The changed or revised portion of each page should be highlighted by a vertical line. The line should be on the margin opposite the binding margin for each line changed or added. All pages submitted to update, revise, or add pages to the report are to show the date of change. The transmittal letter should include an index page listing the pages to be inserted and the pages to be removed. When changes or additions that affect the table of contents are made, a revised table of contents should also be provided. Number of Copies The applicant or licensee should submit 5 copies to the Director, Office of Nuclear Reactor Regulation, U.S. Nuclear Regulatory Commission, Washington, D.C. 20555. These copies may be filed in person at the Commission's offices at 1717 H Street NW., Washington, D.C., or at 7920 Norfolk Avenue, Bethesda, MD. Public Disclosure The NRC has established that safeguards contingency plans contain information of a type specified in 10 CFR Section 2.790(d) and shall be subject to disclosure only in accordance with the provisions of 10 CFR Section 9.12. Compatibility The applicant or licensee should ensure that the contingency plan is compatible with the other sections of his application. Reference to sections in the physical security plan may be made in response to information requested by this guide. 1. BACKGROUND 1.1 PERCEIVED DANGER Provide a statement of the perceived danger that threatens the plant and could result in industrial sabotage. The general performance requirements defined in 10 CFR Section 73.55(a) provides the basis for the perceived danger to the security of licensee personnel and property. Applicants should review this paragraph to determine its validity to their contingency planning. Modification to the threat may be appropriate depending upon the situation at a particular plant. 1.2 PURPOSE OF THE PLAN Provide a statement that describes what the plan is to accomplish. For example, items for consideration include providing a framework for rapid response to contingency situations, for minimizing the danger to employees and the public from radiological release, or for satisfying an NRC requirement. The statement may include broad or specific objectives the applicant expects to achieve through plan development and implementation. 1.3 SCOPE OF THE PLAN This section will address the depth or level of detail to be covered by the plan. It should clearly indicate what is and is not covered. Descriptions of the adversary action types for which the plan is valid, the response force both internal and external to the power plant, and the conditions under which the plan will be implemented should be included. 1.4 DEFINITIONS Each term and acronym used in the document that takes on special meaning, other than that found in a standard dictionary, should be alphabetically listed in this section. 2. GENERIC PLANNING BASE 2.1 GENERAL This chapter identifies events (hostile or perceived actions) that signal the beginning of activities of particular concern to the safety and continued operation of a nuclear power plant. These events may be obvious or implied, and the timely response by the power plant's personnel may make the difference between nothing happening and industrial sabotage. Proper handling of situations is designed to further reduce the possibility of radiological release and to ensure that health and safety of employees and the public are maintained. In addition to identifying events, this chapter should include contingency objectives, descriptions of procedures (decision/actions) to be followed when a hostile situation is perceived to exist or develops, and the data required to effect the decision/actions. 2.2 EVENTS AND OBJECTIVES An event is a situation, incidence, or occurrence that signals the beginning of a safeguards contingency according to how it is perceived initially by the licensee's personnel. Events fall into three general categories: threats, thefts, and sabotage. This guide is concerned primarily with threats and industrial sabotage. Threats are defined as the expression of an intent to take hostile actions againts a power plant. Threats may be specific or implied. An implied threat might be the observation of a demonstration or civil disturbance, for example. Threat types include expressions of intent to destroy, damage, bomb, disrupt operations, harm personnel, etc. They may be delivered by telephone, messenger, letter, radio, TV, or individual or conveyed through a demonstration or civil disturbance. Industrial sabotage means any deliberate act directed against a plant, or to any component of such a plant, that could directly or indirectly endanger the public health and safety by exposure to radiation, other than such acts by an enemy of the United States, whether foreign government or other person. Events, either threats or sabotage, may be initiated by employees (insiders) as well as by personnel who do not normally have access to the facilities. Employees may act either alone or in concert with outside individuals or groups. Adversary actions may be overt or covert. It can be assumed that an adversary intent on sabotage will be dedicated, well-informed, and dangerously armed. "Dedicated" means the adversary is willing to give his life and is not concerned with the lives of others. "Well-informed" means the adversary has taken advantage of all public records and may have complete knowledge of a power plant's operation and location of vital areas and controls. "Dangerously armed" means the adversary may be equipped with automatic rifles of the M-16 type, explosives, and lesser weapons. For each event identified, objectives will be specified that represent the licensee's goal to effectively satisfy the requirement imposed by the contingency. Objectives should be achievable, clearly identified, and measurable. There may be a single objective for each event or multiple objectives depending on the complexity of the event. For example, if the event is a threat to attack the power plant, an acceptable objective would be to evaluate and determine the validity of the threat within a specific period of time or to alert guards and have them placed in defensive positions within a specified period of time. 2.3 DECISIONS/ACTIONS The procedure to advance from an event to the stated objective must be presented in terms of the decisions to be made and actions required to carry out the decisions. The decision/action sequence should flow in a logical order that shows the progression being made toward the achievement of the objective. 2.4 REQUIRED DATA Identify for each event the type of data or information to be on hand by the licensee security organization or compiled by the licensee during his response to the event. Typical data would include all relevant information regarding a threat such as names, phone numbers, locations, times, and bomb or explosive type. The names and phone numbers of local and Federal law enforcement agencies, NRC offices, bomb disposal units, guards, and key plant personnel would also be appropriate. Special procedures to be placed into effect, maps, or floor plans should be included or reference should be made to their locations. Locations of radios, alarms and surveillance devices should also be included. If disruption to the plant occurs, data to be collected would include the nature of the disruption, extent of damage, extent of radioactive release, number and names of injured personnel, time required to repair, expected date normal or degraded operations can begin. 3. LICENSEE PLANNING BASE 3.1 LICENSEE'S ORGANIZATIONAL STRUCTURE Provide a chart of the plant's management organization and a detailed chart of the plant's security organization. Delineate the general authority and responsibility assigned to each member or functional unit of the plant that will be involved in responses to safeguards contingencies. State the minimum number of (1) guards, (2) watchmen, and (3) armed response individuals who will be available for response on each shift. 3.2 PHYSICAL LAYOUT Describe in general terms the plant's physical structures and barriers. Provide scale drawings of the site that clearly show the location of the plant's structures and barriers. Describe the relationship of the site to nearby towns, roads, and important environmental and terrain features. Provide a scale drawing or map that clearly shows the location of the site and approaches in relation to nearby towns. Identify any offsite features that are critical to the operation of the power plant, such as power sources, coolant sources and storage, and communications lines. Also, identify offsite terrain features that could be used to the advantage of an adversary in gaining admittance to the facility. 3.3 SAFEGUARDS SYSTEM HARDWARE The applicant should list equipment available for the purpose of safeguarding the nuclear power plant. Specific types of equipment to be included are discussed below. 3.3.1Communications List the communications systems that are used onsite and offsite for power plant security. Briefly describe each system, its availability, the number of units distributed on site, and the location of each nonportable two-way radio or microwave set that can be used for offsite communications. 3.3.2Intrusion Detection Briefly describe the system of sensors and alarms for detecting intrusion through the protected area perimeter or into vital area portals. 3.3.3Surveillance If used, describe the surveillance system for detecting and assessing the source of perimeter intrusion alarms. State the type of units used and show in a diagram their locations and fields of view. Also describe internal surveillance systems and identify their location and areas covered. 3.3.4Locks, Keys, Combinations, and Related Equipment Describe briefly the lock types or lock systems used to secure portals and barriers to the protected and vital areas. Describe the system for issuance and control of combinations, keys, key cards, and related equipment. 3.3.5Security Personnel Equipment Describe the weapons and other equipment issued to each guard, watchman, or armed response individual. Include weapons and equipment available for issue in emergency situations. 3.3.6Security Vehicles Describe any vehicles used for security purposes. Include the passenger capacity, communications equipment, and any special characteristics of the vehicle. 3.4 LAW ENFORCEMENT INTERFACE AND ASSISTANCE List each separate law enforcement organization with which arrangements have been made for emergency assistance. For each agency, state the single point of contact, describe the notification procedure, state the expected response in terms of manpower as a function of time, and state the equipment responding personnel will have access to. Describe the procedures established for coordination with arriving offsite assistance. Also, describe any additional facilities that will be available such as helicopters, special weapons and tactics (SWAT) teams, and communications facilities that will be used to coordinate response activities. Indicate the principal power plant organization responsible for coordinating law enforcement agency response within the facility. Provide similar information on the interface and assistance of other organizations such as bomb disposal units with which arrangements have been made. As a minimum, this section should include the following subsections: 3.4.1Response Resources 3.4.2Communications 3.4.3Coordination with other LEA personnel 3.5 POLICY CONSTRAINTS AND ASSUMPTIONS Discuss the laws and company policies that govern licensee response to incidents. The discussion should include, but need not be limited to, the following areas: a. Extent to which local, county, State, and Federal authorities will be depended on to protect plant properties against adversary intrusion. b. Extent to which company employees will be used to perform hazardous physical security duties to protect the plant properties and to recover stolen company property. c. Extent to which deadly forces can be used in response to safeguards incidents. d. Extent to which off-duty employees and employee property may be used in response to safeguards incidents. e. State whether licensee personnel or local law enforcement agencies are in charge of joint onsite response. 3.6 ADMINISTRATIVE AND LOGISTICAL CONSIDERATIONS Describe (or reference appropriate plan/policy) the licensee practices that may have an influence on the response to security violations. The descriptions should include provisions for ensuring that all equipment needed to effect a successful response to a contingency will be easily accessible, in good working order, and in sufficient supply to provide redundancy in case of equipment failure. State the procedure to be followed to ensure that the provisions of this plan will be followed or the means for informing the security force of changes in the status of materials and supplies which could impact their ability to perform effectively. 4. RESPONSIBILITY MATRIX Develop an array of information for each event identified in Chapter 2. Each array will identify responsible individuals/organizations (operational elements) and their decisions/actions. The intent of the arrays is to display on a single chart for each event all the decisions/actions and operational elements that interact to resolve the event. The collection of arrays for all events is a three dimensional responsibility matrix as shown below. 5. PROCEDURES SUMMARY Develop a Procedures Summary for each operational element, which summarizes the actions from the Responsibility Matrix for assignment to that operational element. The set of Procedures Summaries that results is to aid in the assignment and training of tasks for effective implementation of the plan. The Procedures Summary, although part of the contingency plan, does not have to be submitted to the NRC for approval. It will be prepared and maintained at the licensee's facility and will be inspected by the NRC Office of Inspection and Enforcement to ensure compliance with the Responsibility Matrix. Each Procedures Summary should provide clear and concise statements of the general responsibilities of the operational element during any safeguards contingency, and of the specific actions assigned with respect to the range of contingency events covered in the plan. In that regard show where a task begins and follow its progress through each operational element until the task is completed; i.e., show the actions that each of the operational elements accomplishes to carry out the task. In summarizing actions from the Responsibility Matrix, a given set of summary statements may be utilized to cover more than one event when the events involved require the same or effectively the same type actions. Also, where a given action is found to be a common procedure for a number of operational elements regardless of the specific contingency, that action may be included in a summary grouping of standard operating procedures for presentation in each of the Procedures Summaries. Statements of standard operating procedures may also reflect information of general interest to all operational entities, such as the assignment of overall control responsibilities. Choice of the language used to prepare the Procedures Summaries should take into account on-the-job terminology. 1. BACKGROUND 1.1 PERCEIVED DANGER The Sunshine Nuclear Power Reactor may be confronted with unexpected situations involving threats or sabotage that could result in radioactive release, thus endangering the health and safety of employees and the public at large. Because the nature of the confrontation is not predictable and rapid response is required to prevent a potentially catastrophic outcome, a plan is necessary and is provided herein to deal with these situations. Thorough familiarization with this plan by security personnel will greatly improve Sunshine's security posture and lessen the chance of a successful action taken against the plant. The threat to Sunshine is essentially that described in Title 10 Code of Federal Regulations Part 73.55(a) and is provided as follows: 1. A determined violent external assault or attack by stealth or deception by several persons with the following attributes, assistance, and equipment: (a) well-trained (including military training and skills) and dedicated individuals, (b) inside assistance that may include a knowledgeable individual who attempts to participate in both a passive role (e.g., provide information) and an active role (e.g., facilitate entrance and exit, disable alarms and communications, participate in violent attack), (c) suitable weapons, up to and including hand-held automatic weapons, equipped with silencers and having long range accuracy, and (d) hand-carried equipment including incapacitating agents and explosives for use as tools of entry or means of destroying the reactor integrity. 2. An internal threat of an insider including an employee in any position. Industrial sabotage attempted by the internal adversary may be covertly performed over a period of time, may involve guile and subterfuge, and may or may not involve assaults upon plant employees. A detailed description of specific situations involving the threat is given in Chapter 2. 1.2 PURPOSE OF THE PLAN The plan provides the guidance and procedures to be followed by security and designated management personnel during the contingencies identified herein. The plan provides personnel with sufficient understanding of contingency situations, in general, to effectively deal with and counter situations not considered herein. The plan also satisfies a requirement imposed by the NRC to document Sunshine's ability to respond to contingencies. 1.3 SCOPE OF THE PLAN This plan is to be used in conjunction with Sunshine's security plan, which provides detailed information regarding the security organization, facility layout, and liaison procedures with law enforcement authorities. 1.3.1Situations Covered The following situations are developed in this plan to provide the mechanism needed to recognize potential warning signals and to provide guidance for reacting to these warnings. Bomb threats Sabotage attempts Attack threats Fire, explosion, or other catastrophe Civil disturbance Communications failure Perimeter and Internal disturbance protected area Vital area intrusion intrusion This plan identifies the activities of the facility's guards, watchmen, and managerial personnel involved. Also identified is the expected assistance to be provided by the Lotsapowa Sheriff's Office, the State Police, and the FBI. 1.3.2Situations Not Covered Actions taken against Sunshine that will not result in industrial sabotage are not the concerns of the plan. However, it may not be possible during the early stages of an incident to distinguish between types of incidents. Therefore, until the expected results of an incident are known with certainty, it will be assumed that the incident is directed toward industrial sabotage. The plan does not include the emergency plans to be implemented if a radiological release results from a successful sabotage attempt. However, this plan includes the mechanism for initiating the emergency plan contained in Sunshine's "Emergency Plans," SNPR 10-77. 1.4 DEFINITIONS All Clear: A return to normal security operations indicating that the event resulting in special actions has been resolved. All Concerned Parties: All onsite individuals and offsite law enforcement and/or other agencies that need to make decisions or take actions or that may provide information concerning the event that just occurred. These parties are specified for each event in the procedures. Authorized Personnel: Those personnel granted routine access to an area (i.e., employees, designated nonemployees). CAS: The central alarm station as defined in 10 CFR Section 73.55(e)(1). Exclusion Area: Plant property outside of the protected area barrier. Interdict: To authoritatively prohibit access or restrict the actions of intruders or saboteurs in accordance with 10 CFR Section 73.55(h)(4), applicable State laws, and company policies. Intruder: An individual present in a protected or vital area without authorization. Investigation: Actions by individuals to determine if attempted sabotage or intrusion is in progress and if so, the source, nature, and extent of it. LLEA: The local law enforcement agencies with whom the plant has agreements for assistance. Mitigate Anticipated Consequences: Actions taken to minimize radiological effects (particularly offsite) based on the assumption that certain vital equipment will or have suffered damage or derangement. Nonserious Threat: A threat perceived as having a probability of being executed that is so low that it can be dismissed as a hoax. NRC: U.S. Nuclear Regulatory Commission, Region IV, Office of Inspection and Enforcement. OP&L: Omega Power and Light Company, the parent company of Sunshine Nuclear Power Reactor. Plant Manager: The plant manager or alternate, in his absence, in the following order of succession: (1) operations manager, (2) operations supervisor, (3) shift supervisor. The individual acting as plant manager shall execute all duties assigned to the plant manager. Reduce Vulnerability: Take actions that will decrease the probability of success of an attempt to sabotage (e.g., increased guard patrols, stricter access controls, barriers at full strength condition, increased remote surveillance, frequent checks of vital equipment). Response: As defined in 10 CFR Section 73.55(h). SAS: The secondary alarm station as defined in 10 CFR Section 73.55(e)(1). Security Alert: A security-related situation that may not necessarily pose an immediate threat or danger to the plant but does call for an increased alertness posture by plant personnel and the execution of specified procedures. Security Emergency: A security-related situation that poses a clear or imminent threat or danger to the plant and calls for prompt response by plant personnel according to specified procedures. Security Shift Supervisor: The member of the security force assigned to each shift who, in accordance with 10 CFR Section 73.55(b)(2), has the authority to direct the security activities of all members of the security force. Responsibilities assigned to this individual may be assumed by the Plant Security Supervisor, Assistance Plant Security Supervisor, or the Security Force Supervisor, if present. Serious Threat: A threat perceived as having a low probability of being executed, but of enough concern to warrant some actions as a hedge against its execution. S-P-O-C: Single Point of Contact. Unauthorized Personnel: Persons not routinely granted access to an area. VA: Vital area. Very Serious Threat: A threat perceived as having such a high probability of being executed that it warrants a response on the assumption that it will occur. 2. GENERIC PLANNING BASE 2.1 GENERAL The primary security mission at the Sunshine Nuclear Power Plant is the protection of plant facilities and the prevention of sabotage that could cause radiological releases. This mission is performed continuously by the security organization aided by an access/egress control system that operates in conjunction with physical barriers and alarm systems covering the protected area and the vital areas. Events that would signal the prelude to an impending attack or adversary action must be evaluated to determine if an incursion is about to take place, is in progress, or has taken place. To deal decisively with an adversary incursion and thereby accomplish the mission under extraordinary circumstances, the Lotsapowa sheriff's emergency response force will be requested immediately upon becoming aware of such an incursion. While the response is developing, the Sunshine security force will respond to ascertain and assess the adversary situation and, depending upon the estimated strength and nature of the incursion, to apprehend, neutralize, or delay the adversary until the Lotsapowa sheriff's force arrives. The Sunshine security force will endeavor to fulfill the above role by intercepting an external adversary prior to penetration into buildings or enclosures containing vital areas. In the event the adversary penetrates any of these buildings or enclosures, or in the case of an internal adversary, the security force will attempt to intercept the adversary within these areas, again depending upon the adversary's nature and strength. Concurrent with these actions, the security force will maintain a flow of situational information among themselves and the Sunshine Plant management to coordinate the onsite response actions and to the Lotsapowa sheriff's response force to facilitate their effectiveness upon arrival. As the situation develops, plant security employees will assist in delaying the adversary whenever possible without jeopardizing their personal safety. In this regard, they will lock doors as necessary to secure the VAs, deny information to the adversary, and report adversary and situational circumstances to plant management to assist in illuminating the situation. 2.2 EVENTS, OBJECTIVES, AND DATA REQUIRED The Generic Planning Base delineates the events for which there are plans and for each event states an objective to be accomplished, a sequence of decisions and actions to be undertaken if the event occurs, and a set of data to facilitate making those decisions and taking those actions. The decisions and actions for each event in this chapter are listed sequentially in approximately chronological order. It should be recognized that the true representation of these decisions and actions would be decision/action logic tree. As represented here, many of the decisions and actions may or may not apply depending upon the outcome of previous decisions and actions. The Responsibility Matrix in Chapter 4 clarifies these relationships. 2.2.1Event 1: Bomb Threat Bomb threats may be expressed by telephone, by mail, by a hand delivered message, or by some other means. Threats may be given directly or indirectly through a law enforcement agency, mass media organization, or some other third party. Threats also may be perceived from indirect evidence by plant personnel, authorities offsite, or other third parties who then notify plant management. Objectives: 1. Validate the threat. 2. If valid, minimize vulnerability to the threat. 3. If imminent, minimize anticipated consequences of the threat execution. Decisions/Actions: 1. Gather information from the threat communication. 2. Evaluate the threat. 3. Notify all concerned parties. 4. Take action to reduce vulnerability to the threat (e.g., search for bomb, etc.). 5. Determine if the threat is imminent. 6. Take action to mitigate anticipated consequences. 7. Determine if the threat is no longer valid. 8. Alert, shutdown, evaluate, sound all clear. Next Step: Event 6B if suspected bomb is found. Data Required: 1. Single-point-of-contact (S-P-O-C) for Lotsapowa Sheriff's Office. a. Telephone number w/alternatives. b. Entry point. c. Criteria. d. Format. e. Procedures for contact. 2. S-P-O-C for FBI. 3. S-P-O-C for bomb disposal unit. 4. S-P-O-C for NRC regional office. 5. S-P-O-C for State police. 6. All available data from threat message. 7. All available data pertinent to the threat from concerned parties. a. Adversary intent. b. Adversary capability. c. Adversary background and history. 8. Bomb search results (if search is conducted). 9. Determination of vital systems that may be degraded by threat execution. 10. Delineation of safety measures to take in event of degradation of any systems of the above. 11. Information from any subsequent communications with threat perpetrator or third parties. 2.2.2Event 2: Attack Threat Threats to assault the plant may be expressed over the telephone, by mail, by a hand delivered message, or by some other means. Threats may be expressed directly or indirectly through a third party. Threats may also be perceived from indirect evidence by plant personnel, offsite authorities, or other third parties, who then notify plant management. Objectives: 1. Validate the threat. 2. If valid minimize vulnerability to the threat. 3. If imminent, minimize anticipated consequences of the threat execution. Decisions/Actions: 1. Gather information from threat communication. 2. Evaluate the threat. 3. Notify all concerned parties. 4. Take action to reduce vulnerability to the threat. 5. Determine if the threat is imminent. 6. Take action to mitigate anticipated consequences. 7. Determine if the threat is no longer valid. 8. Alert, shutdown, evaluate, sound alarm. Next Step: Dependent upon type of threat and whether or not threat is executed, Data Required: Same as for Event 1. 2.2.3Event 3: Civil Disturbance A group of unexpected, unidentified, or unauthorized individuals is observed outside the protected area, or plant management is informed of plans to stage such a gathering (e.g., labor picket line, protest demonstration, etc.). Objectives: 1. Determine if there is a danger of the disturbance becoming an attack. 2. Prevent people participating in the disturbance from penetrating the protected area barrier. Decisions/Actions: 1. Notify all concerned parties. 2. Gather information on group identity and intent. 3. Determine if there is a danger of the disturbance becoming an attack. 4. Maintain surveillance during the disturbance. 5. Determine if the disturbance is over. Next Step: Event 4D if assault occurs. Event 2 if danger of attack exists. Data Required: 1. S-P-O-C of offsite agencies (see Event 1). 2. On-the-scene assessment. 3. Background information on group. a. Intent. b. Capability. c. Modus operandi. 2.2.4Event 4: Perimeter and Protected Area Intrusions 2.2.4.1 Event 4A: Perimeter Intrusion Alarm Annunciates at CAS. Objective: Determine if an intrusion has occurred. Decisions/Actions: 1. Acknowledge alarm. 2. Assess cause of alarm (look at CCTV, dispatch guards, etc.). 3. Determine if intrusion has occurred or if tampering of the alarm system is evident. Next Step: Event 4D, if intrusion has occurred or if alarm system has been tampered with. Data Required: 1. Location or zone of alarm. 2. Results of alarm assessment. a. False alarm. b. False or innocent target. c. Intrusion. d. Alarm tampering. 3. Procedure for guard notification. 2.2.4.2 Event 4B: Visual Observation of Unidentified Person(s) at or Within the Protected Area Perimeter. Objective: Determine if unidentified person(s) is (are) authorized for access. Decisions/Actions: 1. Dispatch guards to investigate. 2. Determine if unidentified person(s) is (are) authorized access. Next Step: Event 4D if an intrusion has occurred. Data Required: 1. Location of unidentified person(s). 2. Guard notification procedure. 3. Identity of suspect(s). 4. List of authorized personnel. 5. List of visitors requiring escort. 6. List of visitors not requiring escort. 2.2.4.3 Event 4C: Discovery of Breach of Perimeter Barrier. The perimeter barrier is observed to be cut open, knocked down, or otherwise breached. Objective: Determine if an intrusion has occurred. Decisions/Actions: 1. Dispatch guards to investigate. 2. Determine if intrusion has occurred. Next Step: Event 4D if an intrusion has occurred. Data Required: 1. Guard notification procedure. 2. Location of breach. 3. Results of guard investigation. 2.2.4.4 Event 4D: Confirmed Protected Area Intrusion. An unauthorized person in the protected area has resisted efforts by guards to interdict him, an unexplained breached barrier is assumed to reveal a recent intrusion, or a perimeter alarm is found tampered with. Objective: 1. Prevent, access to Vital Areas. 2. Interdict Intruders. Decisions/Actions: 1. Secure vital area portals. 2. Notify Lotsapowa Sheriff's Office. 3. Dispatch guards to interdict intruders. 4. Take actions to mitigate consequences of any anticipated sabotage. 5. Determine if vital areas have been penetrated or if sabotage is imminent. Next Step: Event 7 if vital areas have been penetrated or if sabotage is imminent. Event 8 if intruders have been successfully interdicted. Data Required: 1. S-P-O-C for Lotsapowa Sheriff's Office. 2. Guard notification procedure. 3. Location of intruder. 4. Status of vital area portals and alarms. 5. Determination of vulnerable vital systems. 6. Delineation of safety measures to take in the event any system specified in (5) is degraded. 7. Results of guard investigations. 2.2.5Event 5: Vital Area Intrusion 2.2.5.1 Event 5A: Vital Area Intrusion Alarm Annunciates at CAS. Objective: Determine if an intrusion has occurred. Decisions/Actions: 1. Acknowledge alarm. 2. Assess cause of alarm (e.g., look at CCTV, dispatch guards, etc.). 3. Determine if intrusion has occurred or if alarm has been tampered with. Next Step: Event 7 if sabotage is imminent, if alarm has been tampered with, or if intruders are discovered in vital area. Data Required: Same as for Event 4A. 2.2.5.2 Event 5B: Visual Observation of Unidentified Person or Unauthorized Person Entering or Within a Vital Area. Objective: Determine if unidentified person(s) is (are) authorized for access. Decisions/Actions: 1. Dispatch guards to investigate. 2. Determine if unidentified person(s) is (are) authorized for access. Next Step: Event 7 if an intruder is in a vital area or if sabotage is imminent. Event 8 if the unidentified individual was an intruder and has been successfully interdicted. Data Required: Same as for Event 4B. 2.2.5.3 Event 5C: Vital Area Found Unlocked and Unattended or Vital Area Barrier Found Breached. Objective: Determine if an intrusion has occurred. Decisions/Actions: 1. Dispatch guards or armed response individuals to investigate. 2. Determine if an intrusion has occurred. Next Step: Event 7 if vital areas have been penetrated or if sabotage is imminent. Event 6 if something is found amiss. Data Required: Same as for Event 4C. 2.2.6Event 6: Miscellaneous Events 2.2.6.1 Event 6A: Member of Security Force (MSF) Fails to Perform Duty. Contact is lost with a MSF, a MSF fails to report in, CAS fails to respond to an alarm, or some other indication exists that an MSF may have been incapacitated or may have compromised security. Objective: 1. Re-establish adequate level of protection. 2. Determine if the MSF's failure to execute his duties has compromised security. Decisions/Actions: 1. Dispatch guards or armed response individuals to investigate. 2. Take compensatory measures to re-establish minimum acceptable level of protection. 3. Determine if MSF failure to execute duties has compromised security. Next Step: Event 4D if protected area is penetrated. Event 7 if a vital area is penetrated or if sabotage is imminent. Data Required: 1. Location of MSF. 2. Normal duties and responsibilities of MSF. 3. Guard notification procedure. 4. Assessment of cause of failure of security force member to perform duties. 5. Assessment of vulnerability due to MSF failure. 6. Results of investigation of areas that may have been compromised by failure to perform duties. 2.2.6.2 Event 6B: Suspected Bomb or Sabotage Device Discovered. Objective: Determine if object is a sabotage device. Decisions/Actions: 1. Dispatch knowledgable guards, operators, or armed response individuals to investigate. 2. Take actions to isolate area. 3. Determine if suspicious object is attempt to sabotage. Next Step: Event 7 if suspicious object is determined to be an attempt to sabotage. Data Required: 1. Guard, operator, or armed response individual notification procedure. 2. Location of sabotage device. 3. Procedure for isolating area. 4. Assessment by knowledgable person of nature of suspicious object. 2.2.6.3 Event 6C: Fire, Explosion, or Other Catastrophe. A disruptive emergency occurs that has the potential for covering an attempt to gain unauthorized access to vital areas to attempt sabotage. Objectives: 1. Determine if the cause of the event is security related. 2. Minimize vulnerability during emergency. Decisions/Actions: 1. Evaluate potential for impact on plant safety. 2. Mitigate anticipated consequences. 3. Investigate security-related aspects and impacts of the event. Check for possible sabotage. 4. Determine if event is security related. 5. Request offsite assistance, if appropriate. Next Step: Event 7 if occurrence is security related. Data Required: 1. S-P-O-C for Lotsapowa Fire Dept., etc. 2. Guard, operator, armed response individual notification procedure. 3. Source of catastrophe. 4. Determination of degraded or threatened safety systems. 5. Delineation of procedures to compensate for degradation of each system in (4). 6. Results of investigation to determine cause of catastrophe. 7. Determination of areas in which security measures were compromised. 8. Assessment of vulnerabilities due to compromised security. 9. Results of investigations, inspections, etc., of compromised areas. 2.2.6.4 Event 6D: Internal Disturbance. A disturbance occurs involving one or more individuals within the perimeter other than one perceived to be a short-lived and harmless @@. Objectives: 1. Stop the disturbance. 2. Minimize vulnerability during disturbance. Decisions/Actions: 1. Determine if the disturbance could affect vital equipment. 2. Determine if the disturbance involves individuals having on-watch safety responsibilities. 3. Direct appropriate response to terminate the disturbance including requesting offsite assistance if necessary to stop the disturbance. 4. Mitigate anticipated safety consequences. 5. Determine if disturbance is uncontrollable. Next Step: Event 7 if disturbance is perceived to be uncontrollable. Data Required: 1. Guard notification procedures. 2. Location of disturbance. 3. Number of people involved. 4. S-P-O-C for offsite assistance. 5. Determination of threatened vital systems. 6. Delineation of countermeasures taken in event of derangement of systems in (5). 7. Assessment by guards of their ability to control the disturbance. 2.2.6.5 Event 6E: Multiple Loss of Onsite Communications Systems. Two or more means of onsite communications are not functioning. Objective: 1. Re-establish communications capability. 2. Determine if the cause of the failure is security related. Decisions/Actions: 1. Establish alternate communications systems. 2. Institute any necessary compensatory measures. 3. Investigate nonfunctioning equipment for cause of failure. 4. Determine if cause is security related. Next Step: Event 8 if loss is security related. Data Required: 1. Determination of set of alternative communication systems. 2. Means of access by CAS, SAS, and other plant security force to alternate communications systems. 3. Operability of alternate communications systems. 4. Established set of compensatory measures. 5. Results of investigation of equipment. 2.2.6.6 Event 6F: Multiple Loss of Offsite Communications Systems. Two or more means of communicating with offsite authorities are not functioning. Objectives: 1. Re-establish communications capability. 2. Determine if the cause of the failure is security related. Decisions/Actions: 1. Establish alternate communications systems. 2. Institute any necessary compensatory measures. 3. Investigate nonfunctioning equipment for cause of failure. 4. Determine if the cause is security related. Next Step: Event 8 if loss is security related. Data Required: Same as for Event 6E. 2.2.7Event 7: Obvious Attempt to Sabotage or Confirmed Intrusion into Vital Areas in Progress Objectives: 1. Prevent access to vital equipment. 2. Contain adversaries until Lotsapowa sheriff's deputies arrive. 3. Mitigate anticipated consequences. Decisions/Actions: 1. Dispatch responders to interdict intruders if applicable. 2. Secure vital area portals. 3. Request offsite assistance. 4. Determine impact on plant safety. 5. Mitigate anticipated consequences. 6. Initiate appropriate portions of Emergency Plan whenever radiological release is perceived to be imminent or occurs. Next Step: Event 8 if intruders are captured or escape. Emergency Plan if offsite radiological consequences are imminent or occur. Data Required: 1. Location of intruders or sabotage device. 2. Guards and armed response force notification procedure. 3. Status of vital area portals. 4. S-P-O-C for Lotsapowa Sheriff's Office. 5. Determination of set of vulnerable vital systems. 6. Delineation of safety measures to take in event of degradation of vital systems determined in 5. 7. Emergency Plan initiation procedures. 2.2.8Event 8: Sabotage Device Rendered Inoperable, Tampered/Deranged Equipment Restored, Intruder/Saboteur Captured or Escaped Objective: Determine if any other intrusions or sabotage attempts have been made. Decisions/Actions: 1. Investigate for evidence of sabotage, sabotage devices, or intrusions in all affected areas. 2. Notify all concerned parties. 3. Determine if anything is amiss. Next Step: Dependent upon results of investigation. ALL CLEAR if nothing amiss. Data Required: 1. Results of investigation. 2. S-P-O-C for each notified offsite party. 3. LICENSEE PLANNING BASE 3.1 ORGANIZATIONAL OVERVIEW Figure 3-1 presents Sunshine organizational structure as it relates to the Omega Power and Light Company. Responsibilities of key personnel are given below. Operations Manager, Omega Power and Light Company - The Operations Manager, or his designated representative acts as the offsite Emergency Control Office. In the event that an act of sabotage culminates in the release of radioactivity to the environment, he is responsible for notifying the nonlocal offsite emergency response authorities. He may also assume a command position during protracted security emergencies at Sunshine plant. (Due to database constraints, Figures 1 - 4 are not included. Please contact LIS to obtain a copy.) Plant Manager - The Plant Manager reports to Corporate Headquarters and has direct responsibility for operating and maintaining the plant in a safe and secure manner. He is responsible for protecting the plant staff and the general public from avoidable radiation exposure and any other consequences of a security emergency at the plant. He bears responsibility for compliance with the facility operating license. He has authority to take any action necessary, without consultation, to prevent or mitigate the consequences of a security emergency. Operations Manager, Sunshine Plant - The Operations Manager reports to the Plant Manager and acts in his behalf during his absence. He is responsible to the Plant Manager for operating and maintaining the plant in a safe and secure manner. He will assume the duties and responsibilities of the Plant Manager in his absence as the primary alternate to the position. Operations Supervisor - The Operations Supervisor has the responsibility for directing the actual day-to-day operation of the unit. He reports directly to the Operations Manager and directs the plant operating staff. He coordinates operations related to activities with all departmental supervisors. He assumes all of the Operations Manager's responsibilities and authority in his absence. He is responsible for overall supervision of fuel handling operations. He has the authority to shut down the unit, and he has the authority to initiate the Emergency Plans. Shift Supervisor - The Shift Supervisor is responsible for the actual operation of the plant on his assigned shift. He directs the activities of the operators on his shift and must be cognizant of all maintenance activity being performed while he is on duty. The Shift Supervisor on duty has the authority to shut down the unit if, in his opinion, conditions warrant this action. He has the authority to initiate the Emergency Plans. Plant Security Manager - The Plant Security Manager is responsible for the overall supervision of the Security Force and the day-to-day implementation of the security plan. He reports directly to the Plant Manager. Operators - Operators report directly to the Shift Supervisor, are responsible for operating equipment in a safe and secure manner, and respond as directed by the Shift Supervisor to safeguards contingencies. 3.1.1Security Organization Figure 3-2 presents the Sunshine security organizational structure. Within the security organization there are guard posts and alarm stations, which require continuous or scheduled manning. The responsibility of the personnel assigned to these posts and stations and security management responsibilities are described below. Security Force Supervisor - The Security Force Supervisor has supervisory responsibility over the guards and watchmen and reports directly to the Plant Security Manager. Security Shift Supervisor - The Security Shift Supervisor is responsible for the supervision of the security activities of personnel on his shift, reports to the Security Force Supervisor, and assumes his responsibilities in his absence. He has the authority to declare "security emergency" and to request offsite assistance. Guards/Watchmen - Guards and Watchmen (as defined in 10 CFR Section 73.2) report directly to the Security Shift Supervisor and are responsible for carrying out post assignments by established procedures or by specific order for all safeguards contingencies. Armed Response Individuals - Armed Response Individuals, preassigned to the post orders, are personnel trained in security procedures that can be available to assist the security force during safeguard incidents. During security alerts or emergencies, they report to the Security Shift Supervisor. Central Alarm Station (CAS) - CAS guard is responsible for the immediate initiation and coordination of response to intrusion-related security contingencies. CAS guard receives notification of the event, dispatches investigators, and determines if an intrusion occurs. CAS guard has the authority, when necessary, to declare "security emergency" and request off-site assistance. Secondary Alarm Station (SAS) - Secondary Alarm Station guard is a backup to CAS, is responsible for monitoring CAS guard's response, and assumes CAS guard's responsibilities if CAS system fails in its responsibilities. Main Guard Station - The Main Guard Station is responsible for controlling authorized access to and from the Protected Area. Fixed Posts - Fixed Posts may be established at other points at the site for purposes of surveillance, access control, and response. Location of fixed post can be found in the security manual. 3.2 PHYSICAL LAYOUT Sunshine Nuclear Power Plant, shown in Figure 3-3, is located on a 1000 acre tract of land fronting on Sunshine Lake about 17 miles northeast of Lotsapowa, Montana. The site is generally flat and has vegetation characteristic of the semiarid country of eastern Montana. The plant presented in Figure 3-4 is a 1000 MW(e) PWR. The main buildings include the fuel building, the reactor containment building, the turbine building, the auxiliary building, and the administration building. All are of substantial construction, and with the exception of the main gate guardhouse (part of the administration building) all are surrounded by an 8-foot tall, 11-AWG fence per 10 CFR Section 73.2. In addition, a remote intake structure is located on the lake and is surrounded on the land side by an 8-foot, 11-AWG fence. 3.3 SAFEGUARDS SYSTEM HARDWARE Detailed information regarding equipment available to support the security system during a contingency is documented in the "Sunshine Physical Security Plan," SNPR 6-77. General information on communications, intrusion detection, surveillance, locks, keys, combinations, and related security personnel equipment and security vehicles is provided in this section. 3.3.1Communications Sunshine plant is served by the following communications systems: External a. Bell telephone distributed throughout the facility. b. Two-way radio to local law enforcement. c. Microwave transmitter to dispatcher. d. Transmission line carrier to dispatcher. Internal a. Plant telephone. b. Plant public address. c. Portable transceiver (primary onsite communications net). d. Bell telephone. Central Alarm Station and SAS have access to commercial telephone, portable transceiver, plant telephone, an indirect link through the plant telephone to the plant public address system, and radio communication to the Lotsapowa Sheriff's Office. Microwave communication to the dispatcher and transmission line carrier to the dispatcher are located in the control room, and operators can relay a request from CAS or SAS for assistance to offsite authorities if necessary. The dispatcher will relay requests for assistance from the control room to authorities specified by the control room. All guards are equipped with portable transceiver system(s), and all fixed guard posts have at least one other means of internal communication. Twenty portable transceivers are available for use, including one in CAS and one in SAS. 3.3.2Intrusion Detection Hardware Protective alarm systems provide a means of determining whether a gate or door is open or closed, therefore providing a means of detecting and announcing the intrusion by an element that endangers or may endanger facility security. Intrusion detection devices relating to the perimeter barrier are also provided. The barrier surrounding the protected area is continuously monitored by intrusion detection devices and a series of closed circuit television cameras. Personnel and vehicle gates at the protected area perimeter barrier are controlled by locks, security guards, and alarms. Alarms are monitored in both CAS and SAS in accordance with 10 CFR Section 73.55. Normal access points to vital areas will be locked and alarmed or monitored by a guard. 3.3.3Surveillance by CCTV The system consists of a series of 20 strategically located cameras having the capability of monitoring isolation zones adjacent to the physical barriers around the entire perimeter of the protected area. The CCTV is integrated with the intrusion detection system. 3.3.4Locks, Keys, Combinations, and Related Equipment a. Card Reader/Key Card System - A card reader system connected to computer is provided. Key cards are issued to employees upon entry to the protected area each day, and are coded for identification and vital area access. The system allows access only to those personnel possessing cards that are coded for entry to that area. All insertions of cards into readers are recorded, and reader rejections result in alarms. b. Locks and Keys - In the event of failure of the Card Reader/Key Card system, access portals so controlled fail in the locked (from outside) condition. Tumbler locks are installed on those accesses and, in conjunction with keys controlled under the key control system, described in the Security Plan, would serve to maintain positive access control. 3.3.5Security Personnel Equipment Each guard is issued his own semiautomatic weapon upon employment. Arms are kept in the Main Guard Station when guards are off duty. Each member of the security force is issued a portable transceiver at the beginning of each shift. 3.3.6Security Vehicles The security force has a radio-equipped (portable transceiver) vehicle used exclusively for security. The vehicle is capable of operating on unimproved terrain in remote areas of the site. 3.4 LAW ENFORCEMENT ASSISTANCE Arrangements for emergency assistance have been made with Lotsapowa Sheriff's Office, State Police, and the FBI. Information concerning notification and expected response for each law enforcement activity is given below. 3.4.1Response Resources a. Lotsapowa Sheriff's Office - The Lotsapowa Sheriff's Office has primary law enforcement jurisdiction at the plant. The following is the anticipated level of the sheriff's response to requests for assistance from the plant: Strength Avg. Response Time Equipment 1-2 officers 20 minutes Officers equipped with 38 caliber revolvers, shotguns, and radio patrol car. 15 officers 30 minutes Riot control equipment consisting of gasmasks, 75 officers 90-120 minutes helmets, and riot sticks can be distributed at police headquarters. The Lotsapowa Sheriff's Office could coordinate the mobilization of a local 5-man SWAT capability made up of municipal and State police. In addition, the sheriff's office can mobilize an ordnance disposal unit and be onsite in 30 minutes. b. State Police - The State police have a working arrangement with the Lotsapowa Sheriff's Office which in effect states they will respond when called by the sheriff or his representative. They will also respond to emergency requests from Sunshine when the sheriff's office cannot be reached. Expected response would vary from one officer within 30 minutes to 150 officers in four hours. c. FBI - Missoula - The FBI has jurisdiction in situations involving violations of Federal laws. Response is dependent upon the availability of Missoula FBI agents. An FBI agent could be onsite within six hours after notification. The FBI office in Missoula can be reached by telephone between 9 a.m. and 5 p.m. weekdays only. During off hours the FBI can be reached at the duty number. 3.4.2Communications Current phone numbers, radio channel assignments, call signals, and names are located in the Security Communications Directory. The Lotsapowa Sheriff's Office is the principal point of contact for requesting assistance. Requests for assistance would normally be made by telephone. The VHF radio provides a backup means of communication in the event of telephone failure or for emergencies when lines are busy. Alternative emergency communication through the system used for power distribution (load dispatching) that links the plant to the central facility is possible. Use of this system requires closely following the detailed procedures specified in the Security Communications Directory. This communication system should only be used when all others fail. 3.4.3Coordination with Lotsapowa Sheriff's Personnel Responding law enforcement personnel will enter the protected area through the main guard station and will be issued portable transceivers by the main guard station guard. A specified member of the security force will escort them to the CAS where they will be briefed on the situation by the Security Shift Supervisor. A plan of attack will be formulated, and the law enforcement personnel will be assisted as required. 3.5 POLICY CONSTRAINTS AND ASSUMPTIONS a. Sunshine plant will depend on law enforcement agencies to the maximum extent possible to protect plant personnel and property against adversary actions. Local law enforcement personnel, upon arrival at the site, will assume authority and responsibility for engaging and apprehending intruders. Plant security personnel serve to deter, detect, and interdict adversary actions, employing firearms only in accordance with 10 CFR Section 73.55, Montana State Law, and company policy. In general, a guard will draw a weapon only if his or another's life is directly threatened and no other means of resolving the situation is evident. b. Excepting guards and armed response individuals, no company employee can be directed to perform hazardous physical security duties to protect the site. c. No company employee is expected to contribute his own personal property or off-duty time to support active contingency response activities. However, when time permits in contingencies, consideration will be given to overtime or rescheduling security force shift. d. Omega Power and Light Company reserves the right to regulate or exclude personnel access to the exclusion area surrounding the site, including the lake front. e. The security system at the site complies with 10 CFR Section 73.55. f. The Plant Manager is responsible for requesting offsite assistance in security emergencies. However, both the CAS guard and the Security Shift Supervisor have the authority to declare a "Security Emergency" and to request offsite assistance if a clear and imminent danger to the plant is evident and if the Plant Manager or his alternate cannot be reached. g. Plant management, in response to certain safeguards incidents that contain factors unforeseen in the preparation of this plan and that may therefore render the procedures in this plan ineffective or impractical, may be compelled to take alternative courses of action based on available information, good intentions, and judgment. 3.6 ADMINISTRATIVE AND LOGISTICAL CONSIDERATIONS The Security Manager will ensure that copies of the Physical Security Plan, Contingency Plan, and Security Communications Directory are made available to all security personnel. One set of the above documents will be maintained at the Central Alarm Staton. Additional copies of the documents may be requested from the Plant Manager's office. The Security Manager will publish a guard plan daily, weekly, or monthly, that establishes guard schedules, gives names of guards not available, and equipment status. The equipment to be considered for the status report includes detection, surveillance, communication, weapons and ammunition, and vehicles. The plan will also identify any security-related problems such as broken locks, lost badges, broken fences, broken gates, etc. Any shortage of materials or changes to inventories, maintenance schedules, etc., as specified in the Physical Security Plan will be included. Changes of issue points and times for weapons and equipment issue will also be included, as will any changes in procedures and phone numbers of law enforcement agencies and management personnel. 4. RESPONSIBILITY MATRIX The information contained in Chapters 2 and 3 relating to decision/actions and organizational structure, respectively, have been integrated to show the relationships between operational elements as the decision/action sequence progresses from event identification to objective attainment. The tables that follow make up the responsibility matrix and tie together the functions being performed by those personnel identified as operational elements. (Due to database constraints, Tables 4-1 through 4-20 are not included. Please contact LIS to obtain a copy.) 48 |