Publication Date: 3/1/78
    Pages: 64
    Date Entered: 2/23/84
    Title: STANDARD FORMAT AND CONTENT OF SAFEGUARDS CONTINGENCY PLANS FOR NUCLEAR POWER PLANTS (FOR COMMENT)
    March 1978
    U.S. NUCLEAR REGULATORY COMMISSION
    REGULATORY GUIDE
    OFFICE OF STANDARDS DEVELOPMENT
    REGULATORY GUIDE 5.54
    STANDARD FORMAT AND CONTENT OF SAFEGUARDS
    CONTINGENCY PLANS FOR NUCLEAR POWER PLANTS
    INTRODUCTION
    The Energy Reorganization Act of 1974, which established the
    Nuclear Regulatory Commission (NRC), directed the NRC, among other
    things, to develop contingency plans"... for dealing with threats,
    thefts, and sabotage relating to special nuclear materials, high level
    radioactive wastes and nuclear facilities resulting from all activities
    licensed under the Atomic Energy Act of 1954, as amended...."
    The principal requirements for the development of safeguards
    contingency plans for licensed nuclear power plant activities are found
    in 10 CFR Part 50, "Licensing of Production and Utilization Facilities,"
    and Part 73, "Physical Protection of Plants and Materials." Paragraphs
    10 CFR 50.34(d) and 73.40 identify the requirements for a safeguards
    contingency plan. Appendix C of 10 CFR Part 73 identifies the criteria
    to be followed in developing the contingency plan.
    A licensee safeguards contingency plan is a document that provides
    guidance to licensee personnel and identifies procedures to accomplish
    specific, defined objectives in the event of threats or sabotage that
    could directly or indirectly endanger the public health and safety by
    exposure to radiation. An acceptable safeguards contingency plan must
    contain (1) a predetermined set of decisions and actions to satisfy
    stated objectives, (2) an identification of the data, criteria,
    procedures, and mechanisms necessary to effect efficiently the decisions
    and actions, and (3) a specification of the individual, group, or
    organizational entity responsible for each decision and action.
    A safeguards contingency plan consists of five elements: (1)
    Background, (2) a Generic Planning Base, (3) a Licensee Planning Base,
    (4) a Responsibility Matrix, and (5) Procedures.
    The Background contains the purpose and scope of the plan,
    describes the environment within which the plan will be put into effect,
    and defines the terms used.
    The Generic Planning Base contains a list of events to be planned
    for and the associated objective to be reached for each event. It may
    also include for each event an overview of the general types of
    decisions and actions and other generic information helpful to the
    licensee in clearly presenting the planned responses to reach the
    objective.
    The Licensee Planning Base contains the planning information
    peculiar to a given licensee, including his organizational entities for
    contingency response tasking, facility descriptions and locations
    necessary for response planning and coordination, command and control
    functions, etc.
    The Responsibility Matrix is a format used to plan the specific
    decisions and actions that each organizational entity takes to effect
    such response.
    For each organizational entity, the decisions and actions, as
    planned in the Responsibility Matrix, are finally summarized in a
    Procedures Summary for that entity. The Procedures Summaries that
    result are simplified presentations of the assigned responsibilities for
    use in training and implementing the plan. The Procedures Summary,
    although part of the contingency plan, does not have to be submitted to
    the NRC for approval (see Chapter 5.1).
    This regulatory guide prescribes the proposed standard format for
    the safeguards contingency plan. It also contains an example
    contingency plan, included as a supplement, to illustrate the guide's
    application. This guide may be revised to reflect comments received and
    additional staff review.
    Purpose and Applicability
    This standard format and content document has been prepared as an
    aid to uniformity and completeness of the preparation and review of the
    contingency planning section of license applications. It is applicable
    to nuclear power plants and research and test reactors that are subject
    to the requirements of 10 CFR Section 73.50, Section 73.55 and/or
    Section 73.60. (Research and test reactors should also address the
    generic planning base of a similar guide for fuel cycle facilities
    entitled, "Standard Format and Content of Contingency Plans for Fuel
    Cycle Facilities," for events dealing with theft of certain quantities
    of special nuclear material.) This document describes the information required for a plan.
    Information submitted will be reviewed for completeness on the basis of
    unique site considerations and the contents of this guide. If submittal
    does not provide a reasonably complete presentation of the required
    information, final review will be delayed until the needed information
    is provided. It is anticipated that the safeguards contingency plan
    will be submitted as an attachment to the physical security plan. To
    the extent that the topics in the contingency plan are treated in
    adequate detail in a licensee's approved physical security plan, they
    may be incorporated by cross reference to the security plan. The
    applicant or licensee should include additional information as
    appropriate. It is also the responsibility of the applicant or licensee
    to be aware of new and revised NRC regulations.
    Information and procedures delineated in regulatory guides in
    Division 1, "Power Reactors," and Division 5, "Materials and Plant
    Protection," and technical reports and appropriate to certain sections
    of the physical security plan submitted under Paragraph 50.34(c) of 10
    CFR Part 50 or 10 CFR Section 73.55 may be incorporated by reference.
    The applicant or licensee should discuss his plans and programs with the
    NRC staff before preparing his contingency plan, giving particular
    emphasis to the depth of information required for this plan.
    Use of the Standard Format
    The standard format and content is described in succeeding
    chapters and is illustrated in the example plan presented in the
    supplement. If the applicant or licensee chooses to adopt the standard
    format and content, he should follow the numbering system of this
    document at least down to the level of subsection (i.e., 3.4.1).
    Certain subsections may be omitted from a contingency plan if they are
    clearly unnecessary to provide a complete plan or if they are needlessly
    repetitive. In such cases, appropriate adaptation of the standard
    format to accommodate the particular circumstances is permissible.
    The applicant or licensee may wish to submit information in
    support of his contingency plan that is not required by regulations and
    is not essential to the description of the physical protection program.
    Such information could include, for example, historical data submitted
    in demonstration of certain criteria, discussions of alternatives
    considered, or supplementary data regarding assumed models, data, or
    calculations. This type of information should be clearly labeled and
    provided as an attachment to the submittal so that it will not be
    considered as a licensee condition.
    Style and Composition
    The applicant or licensee should strive for a clear, concise
    presentation of information that portrays the general perspective and
    concepts of the basic plan. Details about specific aspects of the plan
    may be relegated to appendices to enhance the clarity of the
    presentation in the basic plan and to facilitate updating and
    maintenance of the information.
    Confusing or ambiguous statements and general statements of intent
    should be avoided. Definitions and abbreviations should be consistent
    with generally accepted usage unless otherwise defined in the document.
    Drawings, diagrams, and tables should be used when information may
    be presented more adequately or conveniently by such means. In general,
    these illustrations should be numbered, have titles, and be located in
    the section where they are first referenced. Care should be taken to
    ensure that all information presented in drawings is legible, that
    symbols are defined, and that drawings are not reduced to the extent
    that they cannot be read by unaided normal eyes.
    A table of contents should be included in each submittal.
    Physical Specifications of Submittals
    All materials submitted in a safeguards contingency plan should
    conform to the following physical dimensions of page size, quality of
    paper and inks, numbering of pages, etc.:
1. Page Size
    Text pages: 8-1/2 x 11 inches.
    Drawings and graphics: 8-1/2 x 11 inches preferred; however, a
    larger size is acceptable provided the finished copy when folded
    does not exceed 8-1/2 x 11 inches.
2. Paper Stock and Ink
    Suitable quality in substance, paper color, and ink density for
    handling and for microfilming.
3. Page Margins
    A margin of no less than one inch should be maintained on the top,
    bottom, and binding side of all pages submitted.
4. Printing
    Composition: text pages should be single spaced.
    Type face and style: must be suitable for microfilming.
    Reproduction: may be mechanically or photographically reproduced.
    Pages of the text may be printed on both sides with the images
    printed head to head.
5. Binding
    Pages should be punched for looseleaf standard 3-hole ring
    binding.
6. Page Numbering
    Pages should be numbered sequentially.
7. Format References
    In the application, references to this standard format should be
    by chapter and section numbers.
    Procedures for Updating or Revising Pages
    The updating or revising of data should be on a replacement page
    basis.
    The changed or revised portion of each page should be highlighted
    by a vertical line. The line should be on the margin opposite the
    binding margin for each line changed or added. All pages submitted to
    update, revise, or add pages to the report are to show the date of
    change. The transmittal letter should include an index page listing the
    pages to be inserted and the pages to be removed. When changes or
    additions that affect the table of contents are made, a revised table of
    contents should also be provided.
    Number of Copies
    The applicant or licensee should submit 5 copies to the Director,
    Office of Nuclear Reactor Regulation, U.S. Nuclear Regulatory
    Commission, Washington, D.C. 20555. These copies may be filed in person
    at the Commission's offices at 1717 H Street NW., Washington, D.C., or
    at 7920 Norfolk Avenue, Bethesda, MD.
    Public Disclosure
    The NRC has established that safeguards contingency plans contain
    information of a type specified in 10 CFR Section 2.790(d) and shall be
    subject to disclosure only in accordance with the provisions of 10 CFR
    Section 9.12.
    Compatibility
    The applicant or licensee should ensure that the contingency plan
    is compatible with the other sections of his application. Reference to
    sections in the physical security plan may be made in response to
    information requested by this guide.
1. BACKGROUND
    1.1 PERCEIVED DANGER
    Provide a statement of the perceived danger that threatens the
    plant and could result in industrial sabotage. The general performance
    requirements defined in 10 CFR Section 73.55(a) provides the basis for
    the perceived danger to the security of licensee personnel and property.
    Applicants should review this paragraph to determine its validity to
    their contingency planning. Modification to the threat may be
    appropriate depending upon the situation at a particular plant.
    1.2 PURPOSE OF THE PLAN
    Provide a statement that describes what the plan is to accomplish.
    For example, items for consideration include providing a framework for
    rapid response to contingency situations, for minimizing the danger to
    employees and the public from radiological release, or for satisfying an
    NRC requirement. The statement may include broad or specific objectives
    the applicant expects to achieve through plan development and
    implementation.
    1.3 SCOPE OF THE PLAN
    This section will address the depth or level of detail to be
    covered by the plan. It should clearly indicate what is and is not
    covered. Descriptions of the adversary action types for which the plan
    is valid, the response force both internal and external to the power
    plant, and the conditions under which the plan will be implemented
    should be included.
    1.4 DEFINITIONS
    Each term and acronym used in the document that takes on special
    meaning, other than that found in a standard dictionary, should be
    alphabetically listed in this section.
2. GENERIC PLANNING BASE
    2.1 GENERAL
    This chapter identifies events (hostile or perceived actions) that
    signal the beginning of activities of particular concern to the safety
    and continued operation of a nuclear power plant. These events may be
    obvious or implied, and the timely response by the power plant's
    personnel may make the difference between nothing happening and
    industrial sabotage. Proper handling of situations is designed to
    further reduce the possibility of radiological release and to ensure
    that health and safety of employees and the public are maintained.
    In addition to identifying events, this chapter should include
    contingency objectives, descriptions of procedures (decision/actions) to
    be followed when a hostile situation is perceived to exist or develops,
    and the data required to effect the decision/actions.
    2.2 EVENTS AND OBJECTIVES
    An event is a situation, incidence, or occurrence that signals the
    beginning of a safeguards contingency according to how it is perceived
    initially by the licensee's personnel. Events fall into three general
    categories: threats, thefts, and sabotage. This guide is concerned
    primarily with threats and industrial sabotage.
    Threats are defined as the expression of an intent to take hostile
    actions againts a power plant. Threats may be specific or implied. An
    implied threat might be the observation of a demonstration or civil
    disturbance, for example. Threat types include expressions of intent to
    destroy, damage, bomb, disrupt operations, harm personnel, etc. They
    may be delivered by telephone, messenger, letter, radio, TV, or
    individual or conveyed through a demonstration or civil disturbance.
    Industrial sabotage means any deliberate act directed against a
    plant, or to any component of such a plant, that could directly or
    indirectly endanger the public health and safety by exposure to
    radiation, other than such acts by an enemy of the United States,
    whether foreign government or other person.
    Events, either threats or sabotage, may be initiated by employees
    (insiders) as well as by personnel who do not normally have access to
    the facilities. Employees may act either alone or in concert with
    outside individuals or groups. Adversary actions may be overt or
    covert. It can be assumed that an adversary intent on sabotage will be
    dedicated, well-informed, and dangerously armed. "Dedicated" means the
    adversary is willing to give his life and is not concerned with the
    lives of others. "Well-informed" means the adversary has taken
    advantage of all public records and may have complete knowledge of a
    power plant's operation and location of vital areas and controls.
    "Dangerously armed" means the adversary may be equipped with automatic
    rifles of the M-16 type, explosives, and lesser weapons.
    For each event identified, objectives will be specified that
    represent the licensee's goal to effectively satisfy the requirement
    imposed by the contingency. Objectives should be achievable, clearly
    identified, and measurable. There may be a single objective for each
    event or multiple objectives depending on the complexity of the event.
    For example, if the event is a threat to attack the power plant, an
    acceptable objective would be to evaluate and determine the validity of
    the threat within a specific period of time or to alert guards and have
    them placed in defensive positions within a specified period of time.
    2.3 DECISIONS/ACTIONS
    The procedure to advance from an event to the stated objective
    must be presented in terms of the decisions to be made and actions
    required to carry out the decisions. The decision/action sequence
    should flow in a logical order that shows the progression being made
    toward the achievement of the objective.
    2.4 REQUIRED DATA
    Identify for each event the type of data or information to be on
    hand by the licensee security organization or compiled by the licensee
    during his response to the event. Typical data would include all
    relevant information regarding a threat such as names, phone numbers,
    locations, times, and bomb or explosive type. The names and phone
    numbers of local and Federal law enforcement agencies, NRC offices, bomb
    disposal units, guards, and key plant personnel would also be
    appropriate. Special procedures to be placed into effect, maps, or
    floor plans should be included or reference should be made to their
    locations. Locations of radios, alarms and surveillance devices should
    also be included. If disruption to the plant occurs, data to be
    collected would include the nature of the disruption, extent of damage,
    extent of radioactive release, number and names of injured personnel,
    time required to repair, expected date normal or degraded operations can
    begin.
3. LICENSEE PLANNING BASE
    3.1 LICENSEE'S ORGANIZATIONAL STRUCTURE
    Provide a chart of the plant's management organization and a
    detailed chart of the plant's security organization. Delineate the
    general authority and responsibility assigned to each member or
    functional unit of the plant that will be involved in responses to
    safeguards contingencies. State the minimum number of (1) guards, (2)
    watchmen, and (3) armed response individuals who will be available for
    response on each shift.
    3.2 PHYSICAL LAYOUT
    Describe in general terms the plant's physical structures and
    barriers. Provide scale drawings of the site that clearly show the
    location of the plant's structures and barriers. Describe the
    relationship of the site to nearby towns, roads, and important
    environmental and terrain features. Provide a scale drawing or map that
    clearly shows the location of the site and approaches in relation to
    nearby towns. Identify any offsite features that are critical to the
    operation of the power plant, such as power sources, coolant sources and
    storage, and communications lines. Also, identify offsite terrain
    features that could be used to the advantage of an adversary in gaining
    admittance to the facility.
    3.3 SAFEGUARDS SYSTEM HARDWARE
    The applicant should list equipment available for the purpose of
    safeguarding the nuclear power plant. Specific types of equipment to be
    included are discussed below.
    3.3.1Communications
    List the communications systems that are used onsite and offsite
    for power plant security. Briefly describe each system, its
    availability, the number of units distributed on site, and the location
    of each nonportable two-way radio or microwave set that can be used for
    offsite communications.
    3.3.2Intrusion Detection
    Briefly describe the system of sensors and alarms for detecting
    intrusion through the protected area perimeter or into vital area
    portals.
    3.3.3Surveillance
    If used, describe the surveillance system for detecting and
    assessing the source of perimeter intrusion alarms. State the type of
    units used and show in a diagram their locations and fields of view.
    Also describe internal surveillance systems and identify their location
    and areas covered.
    3.3.4Locks, Keys, Combinations, and Related Equipment
    Describe briefly the lock types or lock systems used to secure
    portals and barriers to the protected and vital areas. Describe the
    system for issuance and control of combinations, keys, key cards, and
    related equipment.
    3.3.5Security Personnel Equipment
    Describe the weapons and other equipment issued to each guard,
    watchman, or armed response individual. Include weapons and equipment
    available for issue in emergency situations.
    3.3.6Security Vehicles
    Describe any vehicles used for security purposes. Include the
    passenger capacity, communications equipment, and any special
    characteristics of the vehicle.
    3.4 LAW ENFORCEMENT INTERFACE AND ASSISTANCE
    List each separate law enforcement organization with which
    arrangements have been made for emergency assistance. For each agency,
    state the single point of contact, describe the notification procedure,
    state the expected response in terms of manpower as a function of time,
    and state the equipment responding personnel will have access to.
    Describe the procedures established for coordination with arriving
    offsite assistance. Also, describe any additional facilities that will
    be available such as helicopters, special weapons and tactics (SWAT)
    teams, and communications facilities that will be used to coordinate
    response activities. Indicate the principal power plant organization
    responsible for coordinating law enforcement agency response within the
    facility.
    Provide similar information on the interface and assistance of
    other organizations such as bomb disposal units with which arrangements
    have been made.
    As a minimum, this section should include the following
    subsections:
    3.4.1Response Resources
    3.4.2Communications
    3.4.3Coordination with other LEA personnel
    3.5 POLICY CONSTRAINTS AND ASSUMPTIONS
    Discuss the laws and company policies that govern licensee
    response to incidents. The discussion should include, but need not be
    limited to, the following areas:
    a. Extent to which local, county, State, and Federal
    authorities will be depended on to protect plant properties against
    adversary intrusion.
    b. Extent to which company employees will be used to perform
    hazardous physical security duties to protect the plant properties and
    to recover stolen company property.
    c. Extent to which deadly forces can be used in response to
    safeguards incidents.
    d. Extent to which off-duty employees and employee property may
    be used in response to safeguards incidents.
    e. State whether licensee personnel or local law enforcement
    agencies are in charge of joint onsite response.
    3.6 ADMINISTRATIVE AND LOGISTICAL CONSIDERATIONS
    Describe (or reference appropriate plan/policy) the licensee
    practices that may have an influence on the response to security
    violations. The descriptions should include provisions for ensuring
    that all equipment needed to effect a successful response to a
    contingency will be easily accessible, in good working order, and in
    sufficient supply to provide redundancy in case of equipment failure.
    State the procedure to be followed to ensure that the provisions
    of this plan will be followed or the means for informing the security
    force of changes in the status of materials and supplies which could
    impact their ability to perform effectively.
4. RESPONSIBILITY MATRIX
    Develop an array of information for each event identified in
    Chapter 2. Each array will identify responsible
    individuals/organizations (operational elements) and their
    decisions/actions. The intent of the arrays is to display on a single
    chart for each event all the decisions/actions and operational elements
    that interact to resolve the event. The collection of arrays for all
    events is a three dimensional responsibility matrix as shown below.
5. PROCEDURES SUMMARY
    Develop a Procedures Summary for each operational element, which
    summarizes the actions from the Responsibility Matrix for assignment to
    that operational element. The set of Procedures Summaries that results
    is to aid in the assignment and training of tasks for effective
    implementation of the plan. The Procedures Summary, although part of
    the contingency plan, does not have to be submitted to the NRC for
    approval. It will be prepared and maintained at the licensee's facility
    and will be inspected by the NRC Office of Inspection and Enforcement to
    ensure compliance with the Responsibility Matrix.
    Each Procedures Summary should provide clear and concise
    statements of the general responsibilities of the operational element
    during any safeguards contingency, and of the specific actions assigned
    with respect to the range of contingency events covered in the plan. In
    that regard show where a task begins and follow its progress through
    each operational element until the task is completed; i.e., show the
    actions that each of the operational elements accomplishes to carry out
    the task. In summarizing actions from the Responsibility Matrix, a
    given set of summary statements may be utilized to cover more than one
    event when the events involved require the same or effectively the same
    type actions. Also, where a given action is found to be a common
    procedure for a number of operational elements regardless of the
    specific contingency, that action may be included in a summary grouping
    of standard operating procedures for presentation in each of the
    Procedures Summaries. Statements of standard operating procedures may
    also reflect information of general interest to all operational
    entities, such as the assignment of overall control responsibilities.
    Choice of the language used to prepare the Procedures Summaries
    should take into account on-the-job terminology.
1. BACKGROUND
    1.1 PERCEIVED DANGER
    The Sunshine Nuclear Power Reactor may be confronted with
    unexpected situations involving threats or sabotage that could result in
    radioactive release, thus endangering the health and safety of employees
    and the public at large. Because the nature of the confrontation is not
    predictable and rapid response is required to prevent a potentially
    catastrophic outcome, a plan is necessary and is provided herein to deal
    with these situations. Thorough familiarization with this plan by
    security personnel will greatly improve Sunshine's security posture and
    lessen the chance of a successful action taken against the plant.
    The threat to Sunshine is essentially that described in Title 10
    Code of Federal Regulations Part 73.55(a) and is provided as follows:
1. A determined violent external assault or attack by stealth
    or deception by several persons with the following attributes,
    assistance, and equipment: (a) well-trained (including military
    training and skills) and dedicated individuals, (b) inside assistance
    that may include a knowledgeable individual who attempts to participate
    in both a passive role (e.g., provide information) and an active role
    (e.g., facilitate entrance and exit, disable alarms and communications,
    participate in violent attack), (c) suitable weapons, up to and
    including hand-held automatic weapons, equipped with silencers and
    having long range accuracy, and (d) hand-carried equipment including
    incapacitating agents and explosives for use as tools of entry or means
    of destroying the reactor integrity.
2. An internal threat of an insider including an employee in
    any position. Industrial sabotage attempted by the internal adversary
    may be covertly performed over a period of time, may involve guile and
    subterfuge, and may or may not involve assaults upon plant employees.
    A detailed description of specific situations involving the threat
    is given in Chapter 2.
    1.2 PURPOSE OF THE PLAN
    The plan provides the guidance and procedures to be followed by
    security and designated management personnel during the contingencies
    identified herein. The plan provides personnel with sufficient
    understanding of contingency situations, in general, to effectively deal
    with and counter situations not considered herein. The plan also
    satisfies a requirement imposed by the NRC to document Sunshine's
    ability to respond to contingencies.
    1.3 SCOPE OF THE PLAN
    This plan is to be used in conjunction with Sunshine's security
    plan, which provides detailed information regarding the security
    organization, facility layout, and liaison procedures with law
    enforcement authorities.
    1.3.1Situations Covered
    The following situations are developed in this plan to provide the
    mechanism needed to recognize potential warning signals and to provide
    guidance for reacting to these warnings.
    Bomb threats Sabotage attempts
    Attack threats Fire, explosion, or other catastrophe
    Civil disturbance Communications failure
    Perimeter and Internal disturbance
    protected area Vital area intrusion
    intrusion
    This plan identifies the activities of the facility's guards,
    watchmen, and managerial personnel involved. Also identified is the
    expected assistance to be provided by the Lotsapowa Sheriff's Office,
    the State Police, and the FBI.
    1.3.2Situations Not Covered
    Actions taken against Sunshine that will not result in industrial
    sabotage are not the concerns of the plan. However, it may not be
    possible during the early stages of an incident to distinguish between
    types of incidents. Therefore, until the expected results of an
    incident are known with certainty, it will be assumed that the incident
    is directed toward industrial sabotage. The plan does not include the
    emergency plans to be implemented if a radiological release results from
    a successful sabotage attempt. However, this plan includes the
    mechanism for initiating the emergency plan contained in Sunshine's
    "Emergency Plans," SNPR 10-77.
    1.4 DEFINITIONS
    All Clear: A return to normal security operations indicating that
    the event resulting in special actions has been resolved.
    All Concerned Parties: All onsite individuals and offsite law
    enforcement and/or other agencies that need to make decisions or take
    actions or that may provide information concerning the event that just
    occurred. These parties are specified for each event in the procedures.
    Authorized Personnel: Those personnel granted routine access to
    an area (i.e., employees, designated nonemployees).
    CAS: The central alarm station as defined in 10 CFR Section
    73.55(e)(1).
    Exclusion Area: Plant property outside of the protected area
    barrier.
    Interdict: To authoritatively prohibit access or restrict the
    actions of intruders or saboteurs in accordance with 10 CFR Section
    73.55(h)(4), applicable State laws, and company policies.
    Intruder: An individual present in a protected or vital area
    without authorization.
    Investigation: Actions by individuals to determine if attempted
    sabotage or intrusion is in progress and if so, the source, nature, and
    extent of it.
    LLEA: The local law enforcement agencies with whom the plant has
    agreements for assistance.
    Mitigate Anticipated Consequences: Actions taken to minimize
    radiological effects (particularly offsite) based on the assumption that
    certain vital equipment will or have suffered damage or derangement.
    Nonserious Threat: A threat perceived as having a probability of
    being executed that is so low that it can be dismissed as a hoax.
    NRC: U.S. Nuclear Regulatory Commission, Region IV, Office of
    Inspection and Enforcement.
    OP&L: Omega Power and Light Company, the parent company of
    Sunshine Nuclear Power Reactor.
    Plant Manager: The plant manager or alternate, in his absence, in
    the following order of succession: (1) operations manager, (2)
    operations supervisor, (3) shift supervisor. The individual acting as
    plant manager shall execute all duties assigned to the plant manager.
    Reduce Vulnerability: Take actions that will decrease the
    probability of success of an attempt to sabotage (e.g., increased guard
    patrols, stricter access controls, barriers at full strength condition,
    increased remote surveillance, frequent checks of vital equipment).
    Response: As defined in 10 CFR Section 73.55(h).
    SAS: The secondary alarm station as defined in 10 CFR Section
    73.55(e)(1).
    Security Alert: A security-related situation that may not
    necessarily pose an immediate threat or danger to the plant but does
    call for an increased alertness posture by plant personnel and the
    execution of specified procedures.
    Security Emergency: A security-related situation that poses a
    clear or imminent threat or danger to the plant and calls for prompt
    response by plant personnel according to specified procedures.
    Security Shift Supervisor: The member of the security force
    assigned to each shift who, in accordance with 10 CFR Section
    73.55(b)(2), has the authority to direct the security activities of all
    members of the security force. Responsibilities assigned to this
    individual may be assumed by the Plant Security Supervisor, Assistance
    Plant Security Supervisor, or the Security Force Supervisor, if present.
    Serious Threat: A threat perceived as having a low probability of
    being executed, but of enough concern to warrant some actions as a hedge
    against its execution.
    S-P-O-C: Single Point of Contact.
    Unauthorized Personnel: Persons not routinely granted access to
    an area.
    VA: Vital area.
    Very Serious Threat: A threat perceived as having such a high
    probability of being executed that it warrants a response on the
    assumption that it will occur.
2. GENERIC PLANNING BASE
    2.1 GENERAL
    The primary security mission at the Sunshine Nuclear Power Plant
    is the protection of plant facilities and the prevention of sabotage
    that could cause radiological releases. This mission is performed
    continuously by the security organization aided by an access/egress
    control system that operates in conjunction with physical barriers and
    alarm systems covering the protected area and the vital areas. Events
    that would signal the prelude to an impending attack or adversary action
    must be evaluated to determine if an incursion is about to take place,
    is in progress, or has taken place.
    To deal decisively with an adversary incursion and thereby
    accomplish the mission under extraordinary circumstances, the Lotsapowa
    sheriff's emergency response force will be requested immediately upon
    becoming aware of such an incursion. While the response is developing,
    the Sunshine security force will respond to ascertain and assess the
    adversary situation and, depending upon the estimated strength and
    nature of the incursion, to apprehend, neutralize, or delay the
    adversary until the Lotsapowa sheriff's force arrives.
    The Sunshine security force will endeavor to fulfill the above
    role by intercepting an external adversary prior to penetration into
    buildings or enclosures containing vital areas. In the event the
    adversary penetrates any of these buildings or enclosures, or in the
    case of an internal adversary, the security force will attempt to
    intercept the adversary within these areas, again depending upon the
    adversary's nature and strength. Concurrent with these actions, the
    security force will maintain a flow of situational information among
    themselves and the Sunshine Plant management to coordinate the onsite
    response actions and to the Lotsapowa sheriff's response force to
    facilitate their effectiveness upon arrival.
    As the situation develops, plant security employees will assist in
    delaying the adversary whenever possible without jeopardizing their
    personal safety. In this regard, they will lock doors as necessary to
    secure the VAs, deny information to the adversary, and report adversary
    and situational circumstances to plant management to assist in
    illuminating the situation.
    2.2 EVENTS, OBJECTIVES, AND DATA REQUIRED
    The Generic Planning Base delineates the events for which there
    are plans and for each event states an objective to be accomplished, a
    sequence of decisions and actions to be undertaken if the event occurs,
    and a set of data to facilitate making those decisions and taking those
    actions.
    The decisions and actions for each event in this chapter are
    listed sequentially in approximately chronological order. It should be
    recognized that the true representation of these decisions and actions
    would be decision/action logic tree. As represented here, many of the
    decisions and actions may or may not apply depending upon the outcome of
    previous decisions and actions. The Responsibility Matrix in Chapter 4
    clarifies these relationships.
    2.2.1Event 1: Bomb Threat
    Bomb threats may be expressed by telephone, by mail, by a hand
    delivered message, or by some other means. Threats may be given
    directly or indirectly through a law enforcement agency, mass media
    organization, or some other third party. Threats also may be perceived
    from indirect evidence by plant personnel, authorities offsite, or other
    third parties who then notify plant management.
    Objectives:
1. Validate the threat.
2. If valid, minimize vulnerability to the threat.
3. If imminent, minimize anticipated consequences of the
    threat execution.
    Decisions/Actions:
1. Gather information from the threat communication.
2. Evaluate the threat.
3. Notify all concerned parties.
4. Take action to reduce vulnerability to the threat
    (e.g., search for bomb, etc.).
5. Determine if the threat is imminent.
6. Take action to mitigate anticipated consequences.
7. Determine if the threat is no longer valid.
8. Alert, shutdown, evaluate, sound all clear.
    Next Step:
    Event 6B if suspected bomb is found.
    Data Required:
1. Single-point-of-contact (S-P-O-C) for Lotsapowa
    Sheriff's Office.
    a. Telephone number w/alternatives.
    b. Entry point.
    c. Criteria.
    d. Format.
    e. Procedures for contact.
2. S-P-O-C for FBI.
3. S-P-O-C for bomb disposal unit.
4. S-P-O-C for NRC regional office.
5. S-P-O-C for State police.
6. All available data from threat message.
7. All available data pertinent to the threat from
    concerned parties.
    a. Adversary intent.
    b. Adversary capability.
    c. Adversary background and history.
8. Bomb search results (if search is conducted).
9. Determination of vital systems that may be degraded by
    threat execution.
10. Delineation of safety measures to take in event of
    degradation of any systems of the above.
    11. Information from any subsequent communications with
    threat perpetrator or third parties.
    2.2.2Event 2: Attack Threat
    Threats to assault the plant may be expressed over the telephone,
    by mail, by a hand delivered message, or by some other means. Threats
    may be expressed directly or indirectly through a third party. Threats
    may also be perceived from indirect evidence by plant personnel, offsite
    authorities, or other third parties, who then notify plant management.
    Objectives:
1. Validate the threat.
2. If valid minimize vulnerability to the threat.
3. If imminent, minimize anticipated consequences of the
    threat execution.
    Decisions/Actions:
1. Gather information from threat communication.
2. Evaluate the threat.
3. Notify all concerned parties.
4. Take action to reduce vulnerability to the threat.
5. Determine if the threat is imminent.
6. Take action to mitigate anticipated consequences.
7. Determine if the threat is no longer valid.
8. Alert, shutdown, evaluate, sound alarm.
    Next Step:
    Dependent upon type of threat and whether or not threat is
    executed,
    Data Required:
    Same as for Event 1.
    2.2.3Event 3: Civil Disturbance
    A group of unexpected, unidentified, or unauthorized individuals
    is observed outside the protected area, or plant management is informed
    of plans to stage such a gathering (e.g., labor picket line, protest
    demonstration, etc.).
    Objectives:
1. Determine if there is a danger of the disturbance
    becoming an attack.
2. Prevent people participating in the disturbance from
    penetrating the protected area barrier.
    Decisions/Actions:
1. Notify all concerned parties.
2. Gather information on group identity and intent.
3. Determine if there is a danger of the disturbance
    becoming an attack.
4. Maintain surveillance during the disturbance.
5. Determine if the disturbance is over.
    Next Step:
    Event 4D if assault occurs. Event 2 if danger of attack exists.
    Data Required:
1. S-P-O-C of offsite agencies (see Event 1).
2. On-the-scene assessment.
3. Background information on group.
    a. Intent.
    b. Capability.
    c. Modus operandi.
    2.2.4Event 4: Perimeter and Protected Area Intrusions
    2.2.4.1 Event 4A: Perimeter Intrusion Alarm Annunciates at
    CAS.
    Objective:
    Determine if an intrusion has occurred.
    Decisions/Actions:
1. Acknowledge alarm.
2. Assess cause of alarm (look at CCTV, dispatch guards,
    etc.).
3. Determine if intrusion has occurred or if tampering of
    the alarm system is evident.
    Next Step:
    Event 4D, if intrusion has occurred or if alarm system has been
    tampered with.
    Data Required:
1. Location or zone of alarm.
2. Results of alarm assessment.
    a. False alarm.
    b. False or innocent target.
    c. Intrusion.
    d. Alarm tampering.
3. Procedure for guard notification.
    2.2.4.2 Event 4B: Visual Observation of Unidentified
    Person(s) at or Within the Protected Area Perimeter.
    Objective:
    Determine if unidentified person(s) is (are) authorized for
    access.
    Decisions/Actions:
1. Dispatch guards to investigate.
2. Determine if unidentified person(s) is (are)
    authorized access.
    Next Step:
    Event 4D if an intrusion has occurred.
    Data Required:
1. Location of unidentified person(s).
2. Guard notification procedure.
3. Identity of suspect(s).
4. List of authorized personnel.
5. List of visitors requiring escort.
6. List of visitors not requiring escort.
    2.2.4.3 Event 4C: Discovery of Breach of Perimeter Barrier.
    The perimeter barrier is observed to be cut open,
    knocked down, or otherwise breached.
    Objective:
    Determine if an intrusion has occurred.
    Decisions/Actions:
1. Dispatch guards to investigate.
2. Determine if intrusion has occurred.
    Next Step:
    Event 4D if an intrusion has occurred.
    Data Required:
1. Guard notification procedure.
2. Location of breach.
3. Results of guard investigation.
    2.2.4.4 Event 4D: Confirmed Protected Area Intrusion. An
    unauthorized person in the protected area has resisted
    efforts by guards to interdict him, an unexplained
    breached barrier is assumed to reveal a recent
    intrusion, or a perimeter alarm is found tampered
    with.
    Objective:
1. Prevent, access to Vital Areas.
2. Interdict Intruders.
    Decisions/Actions:
1. Secure vital area portals.
2. Notify Lotsapowa Sheriff's Office.
3. Dispatch guards to interdict intruders.
4. Take actions to mitigate consequences of any
    anticipated sabotage.
5. Determine if vital areas have been penetrated or if
    sabotage is imminent.
    Next Step:
    Event 7 if vital areas have been penetrated or if sabotage is
    imminent. Event 8 if intruders have been successfully
    interdicted.
    Data Required:
1. S-P-O-C for Lotsapowa Sheriff's Office.
2. Guard notification procedure.
3. Location of intruder.
4. Status of vital area portals and alarms.
5. Determination of vulnerable vital systems.
6. Delineation of safety measures to take in the event any
    system specified in (5) is degraded.
7. Results of guard investigations.
    2.2.5Event 5: Vital Area Intrusion
    2.2.5.1 Event 5A: Vital Area Intrusion Alarm Annunciates at
    CAS.
    Objective:
    Determine if an intrusion has occurred.
    Decisions/Actions:
1. Acknowledge alarm.
2. Assess cause of alarm (e.g., look at CCTV, dispatch
    guards, etc.).
3. Determine if intrusion has occurred or if alarm has
    been tampered with.
    Next Step:
    Event 7 if sabotage is imminent, if alarm has been tampered with,
    or if intruders are discovered in vital area.
    Data Required:
    Same as for Event 4A.
    2.2.5.2 Event 5B: Visual Observation of Unidentified Person
    or Unauthorized Person Entering or Within a Vital
    Area.
    Objective:
    Determine if unidentified person(s) is (are) authorized for
    access.
    Decisions/Actions:
1. Dispatch guards to investigate.
2. Determine if unidentified person(s) is (are) authorized for
    access.
    Next Step:
    Event 7 if an intruder is in a vital area or if sabotage is
    imminent. Event 8 if the unidentified individual was an intruder and
    has been successfully interdicted.
    Data Required:
    Same as for Event 4B.
    2.2.5.3 Event 5C: Vital Area Found Unlocked and Unattended or
    Vital Area Barrier Found Breached.
    Objective:
    Determine if an intrusion has occurred.
    Decisions/Actions:
1. Dispatch guards or armed response individuals to
    investigate.
2. Determine if an intrusion has occurred.
    Next Step:
    Event 7 if vital areas have been penetrated or if sabotage is
    imminent. Event 6 if something is found amiss.
    Data Required:
    Same as for Event 4C.
    2.2.6Event 6: Miscellaneous Events
    2.2.6.1 Event 6A: Member of Security Force (MSF) Fails to
    Perform Duty. Contact is lost with a MSF, a MSF fails to report in, CAS
    fails to respond to an alarm, or some other indication exists that an
    MSF may have been incapacitated or may have compromised security.
    Objective:
1. Re-establish adequate level of protection.
2. Determine if the MSF's failure to execute his duties
    has compromised security.
    Decisions/Actions:
1. Dispatch guards or armed response individuals to
    investigate.
2. Take compensatory measures to re-establish minimum
    acceptable level of protection.
3. Determine if MSF failure to execute duties has
    compromised security.
    Next Step:
    Event 4D if protected area is penetrated. Event 7 if a vital area
    is penetrated or if sabotage is imminent.
    Data Required:
1. Location of MSF.
2. Normal duties and responsibilities of MSF.
3. Guard notification procedure.
4. Assessment of cause of failure of security force
    member to perform duties.
5. Assessment of vulnerability due to MSF failure.
6. Results of investigation of areas that may have been
    compromised by failure to perform duties.
    2.2.6.2 Event 6B: Suspected Bomb or Sabotage Device
    Discovered.
    Objective:
    Determine if object is a sabotage device.
    Decisions/Actions:
1. Dispatch knowledgable guards, operators, or armed
    response individuals to investigate.
2. Take actions to isolate area.
3. Determine if suspicious object is attempt to sabotage.
    Next Step:
    Event 7 if suspicious object is determined to be an attempt to
    sabotage.
    Data Required:
1. Guard, operator, or armed response individual
    notification procedure.
2. Location of sabotage device.
3. Procedure for isolating area.
4. Assessment by knowledgable person of nature of
    suspicious object.
    2.2.6.3 Event 6C: Fire, Explosion, or Other Catastrophe. A
    disruptive emergency occurs that has the potential for
    covering an attempt to gain unauthorized access to
    vital areas to attempt sabotage.
    Objectives:
1. Determine if the cause of the event is security
    related.
2. Minimize vulnerability during emergency.
    Decisions/Actions:
1. Evaluate potential for impact on plant safety.
2. Mitigate anticipated consequences.
3. Investigate security-related aspects and impacts of
    the event. Check for possible sabotage.
4. Determine if event is security related.
5. Request offsite assistance, if appropriate.
    Next Step:
    Event 7 if occurrence is security related.
    Data Required:
1. S-P-O-C for Lotsapowa Fire Dept., etc.
2. Guard, operator, armed response individual
    notification procedure.
3. Source of catastrophe.
4. Determination of degraded or threatened safety
    systems.
5. Delineation of procedures to compensate for
    degradation of each system in (4).
6. Results of investigation to determine cause of
    catastrophe.
7. Determination of areas in which security measures were
    compromised.
8. Assessment of vulnerabilities due to compromised
    security.
9. Results of investigations, inspections, etc., of
    compromised areas.
    2.2.6.4 Event 6D: Internal Disturbance. A disturbance occurs
    involving one or more individuals within the perimeter other than one
    perceived to be a short-lived and harmless @@.
    Objectives:
1. Stop the disturbance.
2. Minimize vulnerability during disturbance.
    Decisions/Actions:
1. Determine if the disturbance could affect vital
    equipment.
2. Determine if the disturbance involves individuals
    having on-watch safety responsibilities.
3. Direct appropriate response to terminate the
    disturbance including requesting offsite assistance if
    necessary to stop the disturbance.
4. Mitigate anticipated safety consequences.
5. Determine if disturbance is uncontrollable.
    Next Step:
    Event 7 if disturbance is perceived to be uncontrollable.
    Data Required:
1. Guard notification procedures.
2. Location of disturbance.
3. Number of people involved.
4. S-P-O-C for offsite assistance.
5. Determination of threatened vital systems.
6. Delineation of countermeasures taken in event of
    derangement of systems in (5).
7. Assessment by guards of their ability to control the
    disturbance.
    2.2.6.5 Event 6E: Multiple Loss of Onsite Communications
    Systems. Two or more means of onsite communications are not
    functioning.
    Objective:
1. Re-establish communications capability.
2. Determine if the cause of the failure is security
    related.
    Decisions/Actions:
1. Establish alternate communications systems.
2. Institute any necessary compensatory measures.
3. Investigate nonfunctioning equipment for cause of
    failure.
4. Determine if cause is security related.
    Next Step:
    Event 8 if loss is security related.
    Data Required:
1. Determination of set of alternative communication
    systems.
2. Means of access by CAS, SAS, and other plant security
    force to alternate communications systems.
3. Operability of alternate communications systems.
4. Established set of compensatory measures.
5. Results of investigation of equipment.
    2.2.6.6 Event 6F: Multiple Loss of Offsite Communications
    Systems. Two or more means of communicating with offsite authorities
    are not functioning.
    Objectives:
1. Re-establish communications capability.
2. Determine if the cause of the failure is security
    related.
    Decisions/Actions:
1. Establish alternate communications systems.
2. Institute any necessary compensatory measures.
3. Investigate nonfunctioning equipment for cause of
    failure.
4. Determine if the cause is security related.
    Next Step:
    Event 8 if loss is security related.
    Data Required:
    Same as for Event 6E.
    2.2.7Event 7: Obvious Attempt to Sabotage or Confirmed Intrusion into
    Vital Areas in Progress
    Objectives:
1. Prevent access to vital equipment.
2. Contain adversaries until Lotsapowa sheriff's deputies
    arrive.
3. Mitigate anticipated consequences.
    Decisions/Actions:
1. Dispatch responders to interdict intruders if
    applicable.
2. Secure vital area portals.
3. Request offsite assistance.
4. Determine impact on plant safety.
5. Mitigate anticipated consequences.
6. Initiate appropriate portions of Emergency Plan
    whenever radiological release is perceived to be
    imminent or occurs.
    Next Step:
    Event 8 if intruders are captured or escape. Emergency Plan if
    offsite radiological consequences are imminent or occur.
    Data Required:
1. Location of intruders or sabotage device.
2. Guards and armed response force notification
    procedure.
3. Status of vital area portals.
4. S-P-O-C for Lotsapowa Sheriff's Office.
5. Determination of set of vulnerable vital systems.
6. Delineation of safety measures to take in event of
    degradation of vital systems determined in 5.
7. Emergency Plan initiation procedures.
    2.2.8Event 8: Sabotage Device Rendered Inoperable, Tampered/Deranged
    Equipment Restored, Intruder/Saboteur Captured or Escaped
    Objective:
    Determine if any other intrusions or sabotage attempts have been
    made.
    Decisions/Actions:
1. Investigate for evidence of sabotage, sabotage
    devices, or intrusions in all affected areas.
2. Notify all concerned parties.
3. Determine if anything is amiss.
    Next Step:
    Dependent upon results of investigation. ALL CLEAR if nothing
    amiss.
    Data Required:
1. Results of investigation.
2. S-P-O-C for each notified offsite party.
3. LICENSEE PLANNING BASE
    3.1 ORGANIZATIONAL OVERVIEW
    Figure 3-1 presents Sunshine organizational structure as it
    relates to the Omega Power and Light Company. Responsibilities of key
    personnel are given below.
    Operations Manager, Omega Power and Light Company - The Operations
    Manager, or his designated representative acts as the offsite Emergency
    Control Office. In the event that an act of sabotage culminates in the
    release of radioactivity to the environment, he is responsible for
    notifying the nonlocal offsite emergency response authorities. He may
    also assume a command position during protracted security emergencies at
    Sunshine plant.
    (Due to database constraints, Figures 1 - 4 are not included. Please
    contact LIS to obtain a copy.) Plant Manager - The Plant Manager reports to Corporate
    Headquarters and has direct responsibility for operating and maintaining
    the plant in a safe and secure manner. He is responsible for protecting
    the plant staff and the general public from avoidable radiation exposure
    and any other consequences of a security emergency at the plant. He
    bears responsibility for compliance with the facility operating license.
    He has authority to take any action necessary, without consultation, to
    prevent or mitigate the consequences of a security emergency.
    Operations Manager, Sunshine Plant - The Operations Manager
    reports to the Plant Manager and acts in his behalf during his absence.
    He is responsible to the Plant Manager for operating and maintaining the
    plant in a safe and secure manner. He will assume the duties and
    responsibilities of the Plant Manager in his absence as the primary
    alternate to the position.
    Operations Supervisor - The Operations Supervisor has the
    responsibility for directing the actual day-to-day operation of the
    unit. He reports directly to the Operations Manager and directs the
    plant operating staff. He coordinates operations related to activities
    with all departmental supervisors. He assumes all of the Operations
    Manager's responsibilities and authority in his absence. He is
    responsible for overall supervision of fuel handling operations. He has
    the authority to shut down the unit, and he has the authority to
    initiate the Emergency Plans.
    Shift Supervisor - The Shift Supervisor is responsible for the
    actual operation of the plant on his assigned shift. He directs the
    activities of the operators on his shift and must be cognizant of all
    maintenance activity being performed while he is on duty. The Shift
    Supervisor on duty has the authority to shut down the unit if, in his
    opinion, conditions warrant this action. He has the authority to
    initiate the Emergency Plans.
    Plant Security Manager - The Plant Security Manager is responsible
    for the overall supervision of the Security Force and the day-to-day
    implementation of the security plan. He reports directly to the Plant
    Manager.
    Operators - Operators report directly to the Shift Supervisor, are
    responsible for operating equipment in a safe and secure manner, and
    respond as directed by the Shift Supervisor to safeguards contingencies.
    3.1.1Security Organization
    Figure 3-2 presents the Sunshine security organizational
    structure. Within the security organization there are guard posts and
    alarm stations, which require continuous or scheduled manning. The
    responsibility of the personnel assigned to these posts and stations and
    security management responsibilities are described below.
    Security Force Supervisor - The Security Force Supervisor has
    supervisory responsibility over the guards and watchmen and reports
    directly to the Plant Security Manager.
    Security Shift Supervisor - The Security Shift Supervisor is
    responsible for the supervision of the security activities of personnel
    on his shift, reports to the Security Force Supervisor, and assumes his
    responsibilities in his absence. He has the authority to declare
    "security emergency" and to request offsite assistance.
    Guards/Watchmen - Guards and Watchmen (as defined in 10 CFR
    Section 73.2) report directly to the Security Shift Supervisor and are
    responsible for carrying out post assignments by established procedures
    or by specific order for all safeguards contingencies.
    Armed Response Individuals - Armed Response Individuals,
    preassigned to the post orders, are personnel trained in security
    procedures that can be available to assist the security force during
    safeguard incidents. During security alerts or emergencies, they report
    to the Security Shift Supervisor.
    Central Alarm Station (CAS) - CAS guard is responsible for the
    immediate initiation and coordination of response to intrusion-related
    security contingencies. CAS guard receives notification of the event,
    dispatches investigators, and determines if an intrusion occurs. CAS
    guard has the authority, when necessary, to declare "security emergency"
    and request off-site assistance.
    Secondary Alarm Station (SAS) - Secondary Alarm Station guard is a
    backup to CAS, is responsible for monitoring CAS guard's response, and
    assumes CAS guard's responsibilities if CAS system fails in its
    responsibilities.
    Main Guard Station - The Main Guard Station is responsible for
    controlling authorized access to and from the Protected Area.
    Fixed Posts - Fixed Posts may be established at other points at
    the site for purposes of surveillance, access control, and response.
    Location of fixed post can be found in the security manual.
    3.2 PHYSICAL LAYOUT
    Sunshine Nuclear Power Plant, shown in Figure 3-3, is located on a
    1000 acre tract of land fronting on Sunshine Lake about 17 miles
    northeast of Lotsapowa, Montana. The site is generally flat and has
    vegetation characteristic of the semiarid country of eastern Montana.
    The plant presented in Figure 3-4 is a 1000 MW(e) PWR. The main
    buildings include the fuel building, the reactor containment building,
    the turbine building, the auxiliary building, and the administration
    building.
    All are of substantial construction, and with the exception of the
    main gate guardhouse (part of the administration building) all are
    surrounded by an 8-foot tall, 11-AWG fence per 10 CFR Section 73.2. In
    addition, a remote intake structure is located on the lake and is
    surrounded on the land side by an 8-foot, 11-AWG fence.
    3.3 SAFEGUARDS SYSTEM HARDWARE
    Detailed information regarding equipment available to support the
    security system during a contingency is documented in the "Sunshine
    Physical Security Plan," SNPR 6-77. General information on
    communications, intrusion detection, surveillance, locks, keys,
    combinations, and related security personnel equipment and security
    vehicles is provided in this section.
    3.3.1Communications
    Sunshine plant is served by the following communications systems:
    External
    a. Bell telephone distributed throughout the facility.
    b. Two-way radio to local law enforcement.
    c. Microwave transmitter to dispatcher.
    d. Transmission line carrier to dispatcher.
    Internal
    a. Plant telephone.
    b. Plant public address.
    c. Portable transceiver (primary onsite communications
    net).
    d. Bell telephone.
    Central Alarm Station and SAS have access to commercial telephone,
    portable transceiver, plant telephone, an indirect link through the
    plant telephone to the plant public address system, and radio
    communication to the Lotsapowa Sheriff's Office. Microwave
    communication to the dispatcher and transmission line carrier to the
    dispatcher are located in the control room, and operators can relay a
    request from CAS or SAS for assistance to offsite authorities if
    necessary. The dispatcher will relay requests for assistance from the
    control room to authorities specified by the control room.
    All guards are equipped with portable transceiver system(s), and
    all fixed guard posts have at least one other means of internal
    communication. Twenty portable transceivers are available for use,
    including one in CAS and one in SAS.
    3.3.2Intrusion Detection Hardware
    Protective alarm systems provide a means of determining whether a
    gate or door is open or closed, therefore providing a means of detecting
    and announcing the intrusion by an element that endangers or may
    endanger facility security. Intrusion detection devices relating to the
    perimeter barrier are also provided. The barrier surrounding the
    protected area is continuously monitored by intrusion detection devices
    and a series of closed circuit television cameras. Personnel and
    vehicle gates at the protected area perimeter barrier are controlled by
    locks, security guards, and alarms. Alarms are monitored in both CAS
    and SAS in accordance with 10 CFR Section 73.55. Normal access points
    to vital areas will be locked and alarmed or monitored by a guard.
    3.3.3Surveillance by CCTV
    The system consists of a series of 20 strategically located
    cameras having the capability of monitoring isolation zones adjacent to
    the physical barriers around the entire perimeter of the protected area.
    The CCTV is integrated with the intrusion detection system.
    3.3.4Locks, Keys, Combinations, and Related Equipment
    a. Card Reader/Key Card System - A card reader system connected
    to computer is provided. Key cards are issued to employees upon entry to
    the protected area each day, and are coded for identification and vital
    area access. The system allows access only to those personnel
    possessing cards that are coded for entry to that area. All insertions
    of cards into readers are recorded, and reader rejections result in
    alarms.
    b. Locks and Keys - In the event of failure of the Card
    Reader/Key Card system, access portals so controlled fail in the locked
    (from outside) condition. Tumbler locks are installed on those accesses
    and, in conjunction with keys controlled under the key control system,
    described in the Security Plan, would serve to maintain positive access
    control.
    3.3.5Security Personnel Equipment
    Each guard is issued his own semiautomatic weapon upon employment.
    Arms are kept in the Main Guard Station when guards are off duty. Each
    member of the security force is issued a portable transceiver at the
    beginning of each shift.
    3.3.6Security Vehicles
    The security force has a radio-equipped (portable transceiver)
    vehicle used exclusively for security. The vehicle is capable of
    operating on unimproved terrain in remote areas of the site.
    3.4 LAW ENFORCEMENT ASSISTANCE
    Arrangements for emergency assistance have been made with
    Lotsapowa Sheriff's Office, State Police, and the FBI. Information
    concerning notification and expected response for each law enforcement
    activity is given below.
    3.4.1Response Resources
    a. Lotsapowa Sheriff's Office - The Lotsapowa Sheriff's Office
    has primary law enforcement jurisdiction at the plant. The following is
    the anticipated level of the sheriff's response to requests for
    assistance from the plant:
    Strength Avg. Response Time Equipment
    1-2 officers 20 minutes Officers equipped with 38
    caliber revolvers, shotguns,
    and radio patrol car.
    15 officers 30 minutes Riot control equipment
    consisting of gasmasks,
    75 officers 90-120 minutes helmets, and riot sticks can
    be distributed at police
    headquarters.
    The Lotsapowa Sheriff's Office could coordinate the mobilization
    of a local 5-man SWAT capability made up of municipal and State police.
    In addition, the sheriff's office can mobilize an ordnance disposal unit
    and be onsite in 30 minutes.
    b. State Police - The State police have a working arrangement
    with the Lotsapowa Sheriff's Office which in effect states they will
    respond when called by the sheriff or his representative. They will
    also respond to emergency requests from Sunshine when the sheriff's
    office cannot be reached. Expected response would vary from one officer
    within 30 minutes to 150 officers in four hours.
    c. FBI - Missoula - The FBI has jurisdiction in situations
    involving violations of Federal laws. Response is dependent upon the
    availability of Missoula FBI agents. An FBI agent could be onsite
    within six hours after notification. The FBI office in Missoula can be
    reached by telephone between 9 a.m. and 5 p.m. weekdays only. During
    off hours the FBI can be reached at the duty number.
    3.4.2Communications
    Current phone numbers, radio channel assignments, call signals,
    and names are located in the Security Communications Directory. The
    Lotsapowa Sheriff's Office is the principal point of contact for
    requesting assistance. Requests for assistance would normally be made
    by telephone. The VHF radio provides a backup means of communication in
    the event of telephone failure or for emergencies when lines are busy.
    Alternative emergency communication through the system used for
    power distribution (load dispatching) that links the plant to the
    central facility is possible. Use of this system requires closely
    following the detailed procedures specified in the Security
    Communications Directory. This communication system should only be used
    when all others fail.
    3.4.3Coordination with Lotsapowa Sheriff's Personnel
    Responding law enforcement personnel will enter the protected area
    through the main guard station and will be issued portable transceivers
    by the main guard station guard. A specified member of the security
    force will escort them to the CAS where they will be briefed on the
    situation by the Security Shift Supervisor. A plan of attack will be
    formulated, and the law enforcement personnel will be assisted as
    required.
    3.5 POLICY CONSTRAINTS AND ASSUMPTIONS
    a. Sunshine plant will depend on law enforcement agencies to
    the maximum extent possible to protect plant personnel and property
    against adversary actions. Local law enforcement personnel, upon
    arrival at the site, will assume authority and responsibility for
    engaging and apprehending intruders. Plant security personnel serve to
    deter, detect, and interdict adversary actions, employing firearms only
    in accordance with 10 CFR Section 73.55, Montana State Law, and company
    policy. In general, a guard will draw a weapon only if his or another's
    life is directly threatened and no other means of resolving the
    situation is evident.
    b. Excepting guards and armed response individuals, no company
    employee can be directed to perform hazardous physical security duties
    to protect the site.
    c. No company employee is expected to contribute his own
    personal property or off-duty time to support active contingency
    response activities. However, when time permits in contingencies,
    consideration will be given to overtime or rescheduling security force
    shift.
    d. Omega Power and Light Company reserves the right to regulate
    or exclude personnel access to the exclusion area surrounding the site,
    including the lake front.
    e. The security system at the site complies with 10 CFR Section
    73.55.
    f. The Plant Manager is responsible for requesting offsite
    assistance in security emergencies. However, both the CAS guard and the
    Security Shift Supervisor have the authority to declare a "Security
    Emergency" and to request offsite assistance if a clear and imminent
    danger to the plant is evident and if the Plant Manager or his alternate
    cannot be reached.
    g. Plant management, in response to certain safeguards
    incidents that contain factors unforeseen in the preparation of this
    plan and that may therefore render the procedures in this plan
    ineffective or impractical, may be compelled to take alternative courses
    of action based on available information, good intentions, and judgment.
    3.6 ADMINISTRATIVE AND LOGISTICAL CONSIDERATIONS
    The Security Manager will ensure that copies of the Physical
    Security Plan, Contingency Plan, and Security Communications Directory
    are made available to all security personnel. One set of the above
    documents will be maintained at the Central Alarm Staton. Additional
    copies of the documents may be requested from the Plant Manager's
    office.
    The Security Manager will publish a guard plan daily, weekly, or
    monthly, that establishes guard schedules, gives names of guards not
    available, and equipment status. The equipment to be considered for the
    status report includes detection, surveillance, communication, weapons
    and ammunition, and vehicles. The plan will also identify any
    security-related problems such as broken locks, lost badges, broken
    fences, broken gates, etc. Any shortage of materials or changes to
    inventories, maintenance schedules, etc., as specified in the Physical
    Security Plan will be included. Changes of issue points and times for
    weapons and equipment issue will also be included, as will any changes
    in procedures and phone numbers of law enforcement agencies and
    management personnel.
4. RESPONSIBILITY MATRIX
    The information contained in Chapters 2 and 3 relating to
    decision/actions and organizational structure, respectively, have been
    integrated to show the relationships between operational elements as the
    decision/action sequence progresses from event identification to
    objective attainment. The tables that follow make up the responsibility
    matrix and tie together the functions being performed by those personnel
    identified as operational elements.
    (Due to database constraints, Tables 4-1 through 4-20 are not included.
    Please contact LIS to obtain a copy.)
    48