Publication Date: 3/1/78     Pages: 64     Date Entered: 2/23/84     Title: STANDARD FORMAT AND CONTENT OF SAFEGUARDS CONTINGENCY PLANS FOR NUCLEAR POWER PLANTS (FOR COMMENT)     March 1978     U.S. NUCLEAR REGULATORY COMMISSION     REGULATORY GUIDE     OFFICE OF STANDARDS DEVELOPMENT     REGULATORY GUIDE 5.54     STANDARD FORMAT AND CONTENT OF SAFEGUARDS     CONTINGENCY PLANS FOR NUCLEAR POWER PLANTS     INTRODUCTION     The Energy Reorganization Act of 1974, which established the     Nuclear Regulatory Commission (NRC), directed the NRC, among other     things, to develop contingency plans"... for dealing with threats,     thefts, and sabotage relating to special nuclear materials, high level     radioactive wastes and nuclear facilities resulting from all activities     licensed under the Atomic Energy Act of 1954, as amended...."     The principal requirements for the development of safeguards     contingency plans for licensed nuclear power plant activities are found     in 10 CFR Part 50, "Licensing of Production and Utilization Facilities,"     and Part 73, "Physical Protection of Plants and Materials." Paragraphs     10 CFR 50.34(d) and 73.40 identify the requirements for a safeguards     contingency plan. Appendix C of 10 CFR Part 73 identifies the criteria     to be followed in developing the contingency plan.     A licensee safeguards contingency plan is a document that provides     guidance to licensee personnel and identifies procedures to accomplish     specific, defined objectives in the event of threats or sabotage that     could directly or indirectly endanger the public health and safety by     exposure to radiation. An acceptable safeguards contingency plan must     contain (1) a predetermined set of decisions and actions to satisfy     stated objectives, (2) an identification of the data, criteria,     procedures, and mechanisms necessary to effect efficiently the decisions     and actions, and (3) a specification of the individual, group, or     organizational entity responsible for each decision and action.     A safeguards contingency plan consists of five elements: (1)     Background, (2) a Generic Planning Base, (3) a Licensee Planning Base,     (4) a Responsibility Matrix, and (5) Procedures.     The Background contains the purpose and scope of the plan,     describes the environment within which the plan will be put into effect,     and defines the terms used.     The Generic Planning Base contains a list of events to be planned     for and the associated objective to be reached for each event. It may     also include for each event an overview of the general types of     decisions and actions and other generic information helpful to the     licensee in clearly presenting the planned responses to reach the     objective.     The Licensee Planning Base contains the planning information     peculiar to a given licensee, including his organizational entities for     contingency response tasking, facility descriptions and locations     necessary for response planning and coordination, command and control     functions, etc.     The Responsibility Matrix is a format used to plan the specific     decisions and actions that each organizational entity takes to effect     such response.     For each organizational entity, the decisions and actions, as     planned in the Responsibility Matrix, are finally summarized in a     Procedures Summary for that entity. The Procedures Summaries that     result are simplified presentations of the assigned responsibilities for     use in training and implementing the plan. The Procedures Summary,     although part of the contingency plan, does not have to be submitted to     the NRC for approval (see Chapter 5.1).     This regulatory guide prescribes the proposed standard format for     the safeguards contingency plan. It also contains an example     contingency plan, included as a supplement, to illustrate the guide's     application. This guide may be revised to reflect comments received and     additional staff review.     Purpose and Applicability     This standard format and content document has been prepared as an     aid to uniformity and completeness of the preparation and review of the     contingency planning section of license applications. It is applicable     to nuclear power plants and research and test reactors that are subject     to the requirements of 10 CFR Section 73.50, Section 73.55 and/or     Section 73.60. (Research and test reactors should also address the     generic planning base of a similar guide for fuel cycle facilities     entitled, "Standard Format and Content of Contingency Plans for Fuel     Cycle Facilities," for events dealing with theft of certain quantities     of special nuclear material.) This document describes the information required for a plan.     Information submitted will be reviewed for completeness on the basis of     unique site considerations and the contents of this guide. If submittal     does not provide a reasonably complete presentation of the required     information, final review will be delayed until the needed information     is provided. It is anticipated that the safeguards contingency plan     will be submitted as an attachment to the physical security plan. To     the extent that the topics in the contingency plan are treated in     adequate detail in a licensee's approved physical security plan, they     may be incorporated by cross reference to the security plan. The     applicant or licensee should include additional information as     appropriate. It is also the responsibility of the applicant or licensee     to be aware of new and revised NRC regulations.     Information and procedures delineated in regulatory guides in     Division 1, "Power Reactors," and Division 5, "Materials and Plant     Protection," and technical reports and appropriate to certain sections     of the physical security plan submitted under Paragraph 50.34(c) of 10     CFR Part 50 or 10 CFR Section 73.55 may be incorporated by reference.     The applicant or licensee should discuss his plans and programs with the     NRC staff before preparing his contingency plan, giving particular     emphasis to the depth of information required for this plan.     Use of the Standard Format     The standard format and content is described in succeeding     chapters and is illustrated in the example plan presented in the     supplement. If the applicant or licensee chooses to adopt the standard     format and content, he should follow the numbering system of this     document at least down to the level of subsection (i.e., 3.4.1).     Certain subsections may be omitted from a contingency plan if they are     clearly unnecessary to provide a complete plan or if they are needlessly     repetitive. In such cases, appropriate adaptation of the standard     format to accommodate the particular circumstances is permissible.     The applicant or licensee may wish to submit information in     support of his contingency plan that is not required by regulations and     is not essential to the description of the physical protection program.     Such information could include, for example, historical data submitted     in demonstration of certain criteria, discussions of alternatives     considered, or supplementary data regarding assumed models, data, or     calculations. This type of information should be clearly labeled and     provided as an attachment to the submittal so that it will not be     considered as a licensee condition.     Style and Composition     The applicant or licensee should strive for a clear, concise     presentation of information that portrays the general perspective and     concepts of the basic plan. Details about specific aspects of the plan     may be relegated to appendices to enhance the clarity of the     presentation in the basic plan and to facilitate updating and     maintenance of the information.     Confusing or ambiguous statements and general statements of intent     should be avoided. Definitions and abbreviations should be consistent     with generally accepted usage unless otherwise defined in the document.     Drawings, diagrams, and tables should be used when information may     be presented more adequately or conveniently by such means. In general,     these illustrations should be numbered, have titles, and be located in     the section where they are first referenced. Care should be taken to     ensure that all information presented in drawings is legible, that     symbols are defined, and that drawings are not reduced to the extent     that they cannot be read by unaided normal eyes.     A table of contents should be included in each submittal.     Physical Specifications of Submittals     All materials submitted in a safeguards contingency plan should     conform to the following physical dimensions of page size, quality of     paper and inks, numbering of pages, etc.: 1. Page Size     Text pages: 8-1/2 x 11 inches.     Drawings and graphics: 8-1/2 x 11 inches preferred; however, a     larger size is acceptable provided the finished copy when folded     does not exceed 8-1/2 x 11 inches. 2. Paper Stock and Ink     Suitable quality in substance, paper color, and ink density for     handling and for microfilming. 3. Page Margins     A margin of no less than one inch should be maintained on the top,     bottom, and binding side of all pages submitted. 4. Printing     Composition: text pages should be single spaced.     Type face and style: must be suitable for microfilming.     Reproduction: may be mechanically or photographically reproduced.     Pages of the text may be printed on both sides with the images     printed head to head. 5. Binding     Pages should be punched for looseleaf standard 3-hole ring     binding. 6. Page Numbering     Pages should be numbered sequentially. 7. Format References     In the application, references to this standard format should be     by chapter and section numbers.     Procedures for Updating or Revising Pages     The updating or revising of data should be on a replacement page     basis.     The changed or revised portion of each page should be highlighted     by a vertical line. The line should be on the margin opposite the     binding margin for each line changed or added. All pages submitted to     update, revise, or add pages to the report are to show the date of     change. The transmittal letter should include an index page listing the     pages to be inserted and the pages to be removed. When changes or     additions that affect the table of contents are made, a revised table of     contents should also be provided.     Number of Copies     The applicant or licensee should submit 5 copies to the Director,     Office of Nuclear Reactor Regulation, U.S. Nuclear Regulatory     Commission, Washington, D.C. 20555. These copies may be filed in person     at the Commission's offices at 1717 H Street NW., Washington, D.C., or     at 7920 Norfolk Avenue, Bethesda, MD.     Public Disclosure     The NRC has established that safeguards contingency plans contain     information of a type specified in 10 CFR Section 2.790(d) and shall be     subject to disclosure only in accordance with the provisions of 10 CFR     Section 9.12.     Compatibility     The applicant or licensee should ensure that the contingency plan     is compatible with the other sections of his application. Reference to     sections in the physical security plan may be made in response to     information requested by this guide. 1. BACKGROUND     1.1 PERCEIVED DANGER     Provide a statement of the perceived danger that threatens the     plant and could result in industrial sabotage. The general performance     requirements defined in 10 CFR Section 73.55(a) provides the basis for     the perceived danger to the security of licensee personnel and property.     Applicants should review this paragraph to determine its validity to     their contingency planning. Modification to the threat may be     appropriate depending upon the situation at a particular plant.     1.2 PURPOSE OF THE PLAN     Provide a statement that describes what the plan is to accomplish.     For example, items for consideration include providing a framework for     rapid response to contingency situations, for minimizing the danger to     employees and the public from radiological release, or for satisfying an     NRC requirement. The statement may include broad or specific objectives     the applicant expects to achieve through plan development and     implementation.     1.3 SCOPE OF THE PLAN     This section will address the depth or level of detail to be     covered by the plan. It should clearly indicate what is and is not     covered. Descriptions of the adversary action types for which the plan     is valid, the response force both internal and external to the power     plant, and the conditions under which the plan will be implemented     should be included.     1.4 DEFINITIONS     Each term and acronym used in the document that takes on special     meaning, other than that found in a standard dictionary, should be     alphabetically listed in this section. 2. GENERIC PLANNING BASE     2.1 GENERAL     This chapter identifies events (hostile or perceived actions) that     signal the beginning of activities of particular concern to the safety     and continued operation of a nuclear power plant. These events may be     obvious or implied, and the timely response by the power plant's     personnel may make the difference between nothing happening and     industrial sabotage. Proper handling of situations is designed to     further reduce the possibility of radiological release and to ensure     that health and safety of employees and the public are maintained.     In addition to identifying events, this chapter should include     contingency objectives, descriptions of procedures (decision/actions) to     be followed when a hostile situation is perceived to exist or develops,     and the data required to effect the decision/actions.     2.2 EVENTS AND OBJECTIVES     An event is a situation, incidence, or occurrence that signals the     beginning of a safeguards contingency according to how it is perceived     initially by the licensee's personnel. Events fall into three general     categories: threats, thefts, and sabotage. This guide is concerned     primarily with threats and industrial sabotage.     Threats are defined as the expression of an intent to take hostile     actions againts a power plant. Threats may be specific or implied. An     implied threat might be the observation of a demonstration or civil     disturbance, for example. Threat types include expressions of intent to     destroy, damage, bomb, disrupt operations, harm personnel, etc. They     may be delivered by telephone, messenger, letter, radio, TV, or     individual or conveyed through a demonstration or civil disturbance.     Industrial sabotage means any deliberate act directed against a     plant, or to any component of such a plant, that could directly or     indirectly endanger the public health and safety by exposure to     radiation, other than such acts by an enemy of the United States,     whether foreign government or other person.     Events, either threats or sabotage, may be initiated by employees     (insiders) as well as by personnel who do not normally have access to     the facilities. Employees may act either alone or in concert with     outside individuals or groups. Adversary actions may be overt or     covert. It can be assumed that an adversary intent on sabotage will be     dedicated, well-informed, and dangerously armed. "Dedicated" means the     adversary is willing to give his life and is not concerned with the     lives of others. "Well-informed" means the adversary has taken     advantage of all public records and may have complete knowledge of a     power plant's operation and location of vital areas and controls.     "Dangerously armed" means the adversary may be equipped with automatic     rifles of the M-16 type, explosives, and lesser weapons.     For each event identified, objectives will be specified that     represent the licensee's goal to effectively satisfy the requirement     imposed by the contingency. Objectives should be achievable, clearly     identified, and measurable. There may be a single objective for each     event or multiple objectives depending on the complexity of the event.     For example, if the event is a threat to attack the power plant, an     acceptable objective would be to evaluate and determine the validity of     the threat within a specific period of time or to alert guards and have     them placed in defensive positions within a specified period of time.     2.3 DECISIONS/ACTIONS     The procedure to advance from an event to the stated objective     must be presented in terms of the decisions to be made and actions     required to carry out the decisions. The decision/action sequence     should flow in a logical order that shows the progression being made     toward the achievement of the objective.     2.4 REQUIRED DATA     Identify for each event the type of data or information to be on     hand by the licensee security organization or compiled by the licensee     during his response to the event. Typical data would include all     relevant information regarding a threat such as names, phone numbers,     locations, times, and bomb or explosive type. The names and phone     numbers of local and Federal law enforcement agencies, NRC offices, bomb     disposal units, guards, and key plant personnel would also be     appropriate. Special procedures to be placed into effect, maps, or     floor plans should be included or reference should be made to their     locations. Locations of radios, alarms and surveillance devices should     also be included. If disruption to the plant occurs, data to be     collected would include the nature of the disruption, extent of damage,     extent of radioactive release, number and names of injured personnel,     time required to repair, expected date normal or degraded operations can     begin. 3. LICENSEE PLANNING BASE     3.1 LICENSEE'S ORGANIZATIONAL STRUCTURE     Provide a chart of the plant's management organization and a     detailed chart of the plant's security organization. Delineate the     general authority and responsibility assigned to each member or     functional unit of the plant that will be involved in responses to     safeguards contingencies. State the minimum number of (1) guards, (2)     watchmen, and (3) armed response individuals who will be available for     response on each shift.     3.2 PHYSICAL LAYOUT     Describe in general terms the plant's physical structures and     barriers. Provide scale drawings of the site that clearly show the     location of the plant's structures and barriers. Describe the     relationship of the site to nearby towns, roads, and important     environmental and terrain features. Provide a scale drawing or map that     clearly shows the location of the site and approaches in relation to     nearby towns. Identify any offsite features that are critical to the     operation of the power plant, such as power sources, coolant sources and     storage, and communications lines. Also, identify offsite terrain     features that could be used to the advantage of an adversary in gaining     admittance to the facility.     3.3 SAFEGUARDS SYSTEM HARDWARE     The applicant should list equipment available for the purpose of     safeguarding the nuclear power plant. Specific types of equipment to be     included are discussed below.     3.3.1Communications     List the communications systems that are used onsite and offsite     for power plant security. Briefly describe each system, its     availability, the number of units distributed on site, and the location     of each nonportable two-way radio or microwave set that can be used for     offsite communications.     3.3.2Intrusion Detection     Briefly describe the system of sensors and alarms for detecting     intrusion through the protected area perimeter or into vital area     portals.     3.3.3Surveillance     If used, describe the surveillance system for detecting and     assessing the source of perimeter intrusion alarms. State the type of     units used and show in a diagram their locations and fields of view.     Also describe internal surveillance systems and identify their location     and areas covered.     3.3.4Locks, Keys, Combinations, and Related Equipment     Describe briefly the lock types or lock systems used to secure     portals and barriers to the protected and vital areas. Describe the     system for issuance and control of combinations, keys, key cards, and     related equipment.     3.3.5Security Personnel Equipment     Describe the weapons and other equipment issued to each guard,     watchman, or armed response individual. Include weapons and equipment     available for issue in emergency situations.     3.3.6Security Vehicles     Describe any vehicles used for security purposes. Include the     passenger capacity, communications equipment, and any special     characteristics of the vehicle.     3.4 LAW ENFORCEMENT INTERFACE AND ASSISTANCE     List each separate law enforcement organization with which     arrangements have been made for emergency assistance. For each agency,     state the single point of contact, describe the notification procedure,     state the expected response in terms of manpower as a function of time,     and state the equipment responding personnel will have access to.     Describe the procedures established for coordination with arriving     offsite assistance. Also, describe any additional facilities that will     be available such as helicopters, special weapons and tactics (SWAT)     teams, and communications facilities that will be used to coordinate     response activities. Indicate the principal power plant organization     responsible for coordinating law enforcement agency response within the     facility.     Provide similar information on the interface and assistance of     other organizations such as bomb disposal units with which arrangements     have been made.     As a minimum, this section should include the following     subsections:     3.4.1Response Resources     3.4.2Communications     3.4.3Coordination with other LEA personnel     3.5 POLICY CONSTRAINTS AND ASSUMPTIONS     Discuss the laws and company policies that govern licensee     response to incidents. The discussion should include, but need not be     limited to, the following areas:     a. Extent to which local, county, State, and Federal     authorities will be depended on to protect plant properties against     adversary intrusion.     b. Extent to which company employees will be used to perform     hazardous physical security duties to protect the plant properties and     to recover stolen company property.     c. Extent to which deadly forces can be used in response to     safeguards incidents.     d. Extent to which off-duty employees and employee property may     be used in response to safeguards incidents.     e. State whether licensee personnel or local law enforcement     agencies are in charge of joint onsite response.     3.6 ADMINISTRATIVE AND LOGISTICAL CONSIDERATIONS     Describe (or reference appropriate plan/policy) the licensee     practices that may have an influence on the response to security     violations. The descriptions should include provisions for ensuring     that all equipment needed to effect a successful response to a     contingency will be easily accessible, in good working order, and in     sufficient supply to provide redundancy in case of equipment failure.     State the procedure to be followed to ensure that the provisions     of this plan will be followed or the means for informing the security     force of changes in the status of materials and supplies which could     impact their ability to perform effectively. 4. RESPONSIBILITY MATRIX     Develop an array of information for each event identified in     Chapter 2. Each array will identify responsible     individuals/organizations (operational elements) and their     decisions/actions. The intent of the arrays is to display on a single     chart for each event all the decisions/actions and operational elements     that interact to resolve the event. The collection of arrays for all     events is a three dimensional responsibility matrix as shown below. 5. PROCEDURES SUMMARY     Develop a Procedures Summary for each operational element, which     summarizes the actions from the Responsibility Matrix for assignment to     that operational element. The set of Procedures Summaries that results     is to aid in the assignment and training of tasks for effective     implementation of the plan. The Procedures Summary, although part of     the contingency plan, does not have to be submitted to the NRC for     approval. It will be prepared and maintained at the licensee's facility     and will be inspected by the NRC Office of Inspection and Enforcement to     ensure compliance with the Responsibility Matrix.     Each Procedures Summary should provide clear and concise     statements of the general responsibilities of the operational element     during any safeguards contingency, and of the specific actions assigned     with respect to the range of contingency events covered in the plan. In     that regard show where a task begins and follow its progress through     each operational element until the task is completed; i.e., show the     actions that each of the operational elements accomplishes to carry out     the task. In summarizing actions from the Responsibility Matrix, a     given set of summary statements may be utilized to cover more than one     event when the events involved require the same or effectively the same     type actions. Also, where a given action is found to be a common     procedure for a number of operational elements regardless of the     specific contingency, that action may be included in a summary grouping     of standard operating procedures for presentation in each of the     Procedures Summaries. Statements of standard operating procedures may     also reflect information of general interest to all operational     entities, such as the assignment of overall control responsibilities.     Choice of the language used to prepare the Procedures Summaries     should take into account on-the-job terminology. 1. BACKGROUND     1.1 PERCEIVED DANGER     The Sunshine Nuclear Power Reactor may be confronted with     unexpected situations involving threats or sabotage that could result in     radioactive release, thus endangering the health and safety of employees     and the public at large. Because the nature of the confrontation is not     predictable and rapid response is required to prevent a potentially     catastrophic outcome, a plan is necessary and is provided herein to deal     with these situations. Thorough familiarization with this plan by     security personnel will greatly improve Sunshine's security posture and     lessen the chance of a successful action taken against the plant.     The threat to Sunshine is essentially that described in Title 10     Code of Federal Regulations Part 73.55(a) and is provided as follows: 1. A determined violent external assault or attack by stealth     or deception by several persons with the following attributes,     assistance, and equipment: (a) well-trained (including military     training and skills) and dedicated individuals, (b) inside assistance     that may include a knowledgeable individual who attempts to participate     in both a passive role (e.g., provide information) and an active role     (e.g., facilitate entrance and exit, disable alarms and communications,     participate in violent attack), (c) suitable weapons, up to and     including hand-held automatic weapons, equipped with silencers and     having long range accuracy, and (d) hand-carried equipment including     incapacitating agents and explosives for use as tools of entry or means     of destroying the reactor integrity. 2. An internal threat of an insider including an employee in     any position. Industrial sabotage attempted by the internal adversary     may be covertly performed over a period of time, may involve guile and     subterfuge, and may or may not involve assaults upon plant employees.     A detailed description of specific situations involving the threat     is given in Chapter 2.     1.2 PURPOSE OF THE PLAN     The plan provides the guidance and procedures to be followed by     security and designated management personnel during the contingencies     identified herein. The plan provides personnel with sufficient     understanding of contingency situations, in general, to effectively deal     with and counter situations not considered herein. The plan also     satisfies a requirement imposed by the NRC to document Sunshine's     ability to respond to contingencies.     1.3 SCOPE OF THE PLAN     This plan is to be used in conjunction with Sunshine's security     plan, which provides detailed information regarding the security     organization, facility layout, and liaison procedures with law     enforcement authorities.     1.3.1Situations Covered     The following situations are developed in this plan to provide the     mechanism needed to recognize potential warning signals and to provide     guidance for reacting to these warnings.     Bomb threats Sabotage attempts     Attack threats Fire, explosion, or other catastrophe     Civil disturbance Communications failure     Perimeter and Internal disturbance     protected area Vital area intrusion     intrusion     This plan identifies the activities of the facility's guards,     watchmen, and managerial personnel involved. Also identified is the     expected assistance to be provided by the Lotsapowa Sheriff's Office,     the State Police, and the FBI.     1.3.2Situations Not Covered     Actions taken against Sunshine that will not result in industrial     sabotage are not the concerns of the plan. However, it may not be     possible during the early stages of an incident to distinguish between     types of incidents. Therefore, until the expected results of an     incident are known with certainty, it will be assumed that the incident     is directed toward industrial sabotage. The plan does not include the     emergency plans to be implemented if a radiological release results from     a successful sabotage attempt. However, this plan includes the     mechanism for initiating the emergency plan contained in Sunshine's     "Emergency Plans," SNPR 10-77.     1.4 DEFINITIONS     All Clear: A return to normal security operations indicating that     the event resulting in special actions has been resolved.     All Concerned Parties: All onsite individuals and offsite law     enforcement and/or other agencies that need to make decisions or take     actions or that may provide information concerning the event that just     occurred. These parties are specified for each event in the procedures.     Authorized Personnel: Those personnel granted routine access to     an area (i.e., employees, designated nonemployees).     CAS: The central alarm station as defined in 10 CFR Section     73.55(e)(1).     Exclusion Area: Plant property outside of the protected area     barrier.     Interdict: To authoritatively prohibit access or restrict the     actions of intruders or saboteurs in accordance with 10 CFR Section     73.55(h)(4), applicable State laws, and company policies.     Intruder: An individual present in a protected or vital area     without authorization.     Investigation: Actions by individuals to determine if attempted     sabotage or intrusion is in progress and if so, the source, nature, and     extent of it.     LLEA: The local law enforcement agencies with whom the plant has     agreements for assistance.     Mitigate Anticipated Consequences: Actions taken to minimize     radiological effects (particularly offsite) based on the assumption that     certain vital equipment will or have suffered damage or derangement.     Nonserious Threat: A threat perceived as having a probability of     being executed that is so low that it can be dismissed as a hoax.     NRC: U.S. Nuclear Regulatory Commission, Region IV, Office of     Inspection and Enforcement.     OP&L: Omega Power and Light Company, the parent company of     Sunshine Nuclear Power Reactor.     Plant Manager: The plant manager or alternate, in his absence, in     the following order of succession: (1) operations manager, (2)     operations supervisor, (3) shift supervisor. The individual acting as     plant manager shall execute all duties assigned to the plant manager.     Reduce Vulnerability: Take actions that will decrease the     probability of success of an attempt to sabotage (e.g., increased guard     patrols, stricter access controls, barriers at full strength condition,     increased remote surveillance, frequent checks of vital equipment).     Response: As defined in 10 CFR Section 73.55(h).     SAS: The secondary alarm station as defined in 10 CFR Section     73.55(e)(1).     Security Alert: A security-related situation that may not     necessarily pose an immediate threat or danger to the plant but does     call for an increased alertness posture by plant personnel and the     execution of specified procedures.     Security Emergency: A security-related situation that poses a     clear or imminent threat or danger to the plant and calls for prompt     response by plant personnel according to specified procedures.     Security Shift Supervisor: The member of the security force     assigned to each shift who, in accordance with 10 CFR Section     73.55(b)(2), has the authority to direct the security activities of all     members of the security force. Responsibilities assigned to this     individual may be assumed by the Plant Security Supervisor, Assistance     Plant Security Supervisor, or the Security Force Supervisor, if present.     Serious Threat: A threat perceived as having a low probability of     being executed, but of enough concern to warrant some actions as a hedge     against its execution.     S-P-O-C: Single Point of Contact.     Unauthorized Personnel: Persons not routinely granted access to     an area.     VA: Vital area.     Very Serious Threat: A threat perceived as having such a high     probability of being executed that it warrants a response on the     assumption that it will occur. 2. GENERIC PLANNING BASE     2.1 GENERAL     The primary security mission at the Sunshine Nuclear Power Plant     is the protection of plant facilities and the prevention of sabotage     that could cause radiological releases. This mission is performed     continuously by the security organization aided by an access/egress     control system that operates in conjunction with physical barriers and     alarm systems covering the protected area and the vital areas. Events     that would signal the prelude to an impending attack or adversary action     must be evaluated to determine if an incursion is about to take place,     is in progress, or has taken place.     To deal decisively with an adversary incursion and thereby     accomplish the mission under extraordinary circumstances, the Lotsapowa     sheriff's emergency response force will be requested immediately upon     becoming aware of such an incursion. While the response is developing,     the Sunshine security force will respond to ascertain and assess the     adversary situation and, depending upon the estimated strength and     nature of the incursion, to apprehend, neutralize, or delay the     adversary until the Lotsapowa sheriff's force arrives.     The Sunshine security force will endeavor to fulfill the above     role by intercepting an external adversary prior to penetration into     buildings or enclosures containing vital areas. In the event the     adversary penetrates any of these buildings or enclosures, or in the     case of an internal adversary, the security force will attempt to     intercept the adversary within these areas, again depending upon the     adversary's nature and strength. Concurrent with these actions, the     security force will maintain a flow of situational information among     themselves and the Sunshine Plant management to coordinate the onsite     response actions and to the Lotsapowa sheriff's response force to     facilitate their effectiveness upon arrival.     As the situation develops, plant security employees will assist in     delaying the adversary whenever possible without jeopardizing their     personal safety. In this regard, they will lock doors as necessary to     secure the VAs, deny information to the adversary, and report adversary     and situational circumstances to plant management to assist in     illuminating the situation.     2.2 EVENTS, OBJECTIVES, AND DATA REQUIRED     The Generic Planning Base delineates the events for which there     are plans and for each event states an objective to be accomplished, a     sequence of decisions and actions to be undertaken if the event occurs,     and a set of data to facilitate making those decisions and taking those     actions.     The decisions and actions for each event in this chapter are     listed sequentially in approximately chronological order. It should be     recognized that the true representation of these decisions and actions     would be decision/action logic tree. As represented here, many of the     decisions and actions may or may not apply depending upon the outcome of     previous decisions and actions. The Responsibility Matrix in Chapter 4     clarifies these relationships.     2.2.1Event 1: Bomb Threat     Bomb threats may be expressed by telephone, by mail, by a hand     delivered message, or by some other means. Threats may be given     directly or indirectly through a law enforcement agency, mass media     organization, or some other third party. Threats also may be perceived     from indirect evidence by plant personnel, authorities offsite, or other     third parties who then notify plant management.     Objectives: 1. Validate the threat. 2. If valid, minimize vulnerability to the threat. 3. If imminent, minimize anticipated consequences of the     threat execution.     Decisions/Actions: 1. Gather information from the threat communication. 2. Evaluate the threat. 3. Notify all concerned parties. 4. Take action to reduce vulnerability to the threat     (e.g., search for bomb, etc.). 5. Determine if the threat is imminent. 6. Take action to mitigate anticipated consequences. 7. Determine if the threat is no longer valid. 8. Alert, shutdown, evaluate, sound all clear.     Next Step:     Event 6B if suspected bomb is found.     Data Required: 1. Single-point-of-contact (S-P-O-C) for Lotsapowa     Sheriff's Office.     a. Telephone number w/alternatives.     b. Entry point.     c. Criteria.     d. Format.     e. Procedures for contact. 2. S-P-O-C for FBI. 3. S-P-O-C for bomb disposal unit. 4. S-P-O-C for NRC regional office. 5. S-P-O-C for State police. 6. All available data from threat message. 7. All available data pertinent to the threat from     concerned parties.     a. Adversary intent.     b. Adversary capability.     c. Adversary background and history. 8. Bomb search results (if search is conducted). 9. Determination of vital systems that may be degraded by     threat execution. 10. Delineation of safety measures to take in event of     degradation of any systems of the above.     11. Information from any subsequent communications with     threat perpetrator or third parties.     2.2.2Event 2: Attack Threat     Threats to assault the plant may be expressed over the telephone,     by mail, by a hand delivered message, or by some other means. Threats     may be expressed directly or indirectly through a third party. Threats     may also be perceived from indirect evidence by plant personnel, offsite     authorities, or other third parties, who then notify plant management.     Objectives: 1. Validate the threat. 2. If valid minimize vulnerability to the threat. 3. If imminent, minimize anticipated consequences of the     threat execution.     Decisions/Actions: 1. Gather information from threat communication. 2. Evaluate the threat. 3. Notify all concerned parties. 4. Take action to reduce vulnerability to the threat. 5. Determine if the threat is imminent. 6. Take action to mitigate anticipated consequences. 7. Determine if the threat is no longer valid. 8. Alert, shutdown, evaluate, sound alarm.     Next Step:     Dependent upon type of threat and whether or not threat is     executed,     Data Required:     Same as for Event 1.     2.2.3Event 3: Civil Disturbance     A group of unexpected, unidentified, or unauthorized individuals     is observed outside the protected area, or plant management is informed     of plans to stage such a gathering (e.g., labor picket line, protest     demonstration, etc.).     Objectives: 1. Determine if there is a danger of the disturbance     becoming an attack. 2. Prevent people participating in the disturbance from     penetrating the protected area barrier.     Decisions/Actions: 1. Notify all concerned parties. 2. Gather information on group identity and intent. 3. Determine if there is a danger of the disturbance     becoming an attack. 4. Maintain surveillance during the disturbance. 5. Determine if the disturbance is over.     Next Step:     Event 4D if assault occurs. Event 2 if danger of attack exists.     Data Required: 1. S-P-O-C of offsite agencies (see Event 1). 2. On-the-scene assessment. 3. Background information on group.     a. Intent.     b. Capability.     c. Modus operandi.     2.2.4Event 4: Perimeter and Protected Area Intrusions     2.2.4.1 Event 4A: Perimeter Intrusion Alarm Annunciates at     CAS.     Objective:     Determine if an intrusion has occurred.     Decisions/Actions: 1. Acknowledge alarm. 2. Assess cause of alarm (look at CCTV, dispatch guards,     etc.). 3. Determine if intrusion has occurred or if tampering of     the alarm system is evident.     Next Step:     Event 4D, if intrusion has occurred or if alarm system has been     tampered with.     Data Required: 1. Location or zone of alarm. 2. Results of alarm assessment.     a. False alarm.     b. False or innocent target.     c. Intrusion.     d. Alarm tampering. 3. Procedure for guard notification.     2.2.4.2 Event 4B: Visual Observation of Unidentified     Person(s) at or Within the Protected Area Perimeter.     Objective:     Determine if unidentified person(s) is (are) authorized for     access.     Decisions/Actions: 1. Dispatch guards to investigate. 2. Determine if unidentified person(s) is (are)     authorized access.     Next Step:     Event 4D if an intrusion has occurred.     Data Required: 1. Location of unidentified person(s). 2. Guard notification procedure. 3. Identity of suspect(s). 4. List of authorized personnel. 5. List of visitors requiring escort. 6. List of visitors not requiring escort.     2.2.4.3 Event 4C: Discovery of Breach of Perimeter Barrier.     The perimeter barrier is observed to be cut open,     knocked down, or otherwise breached.     Objective:     Determine if an intrusion has occurred.     Decisions/Actions: 1. Dispatch guards to investigate. 2. Determine if intrusion has occurred.     Next Step:     Event 4D if an intrusion has occurred.     Data Required: 1. Guard notification procedure. 2. Location of breach. 3. Results of guard investigation.     2.2.4.4 Event 4D: Confirmed Protected Area Intrusion. An     unauthorized person in the protected area has resisted     efforts by guards to interdict him, an unexplained     breached barrier is assumed to reveal a recent     intrusion, or a perimeter alarm is found tampered     with.     Objective: 1. Prevent, access to Vital Areas. 2. Interdict Intruders.     Decisions/Actions: 1. Secure vital area portals. 2. Notify Lotsapowa Sheriff's Office. 3. Dispatch guards to interdict intruders. 4. Take actions to mitigate consequences of any     anticipated sabotage. 5. Determine if vital areas have been penetrated or if     sabotage is imminent.     Next Step:     Event 7 if vital areas have been penetrated or if sabotage is     imminent. Event 8 if intruders have been successfully     interdicted.     Data Required: 1. S-P-O-C for Lotsapowa Sheriff's Office. 2. Guard notification procedure. 3. Location of intruder. 4. Status of vital area portals and alarms. 5. Determination of vulnerable vital systems. 6. Delineation of safety measures to take in the event any     system specified in (5) is degraded. 7. Results of guard investigations.     2.2.5Event 5: Vital Area Intrusion     2.2.5.1 Event 5A: Vital Area Intrusion Alarm Annunciates at     CAS.     Objective:     Determine if an intrusion has occurred.     Decisions/Actions: 1. Acknowledge alarm. 2. Assess cause of alarm (e.g., look at CCTV, dispatch     guards, etc.). 3. Determine if intrusion has occurred or if alarm has     been tampered with.     Next Step:     Event 7 if sabotage is imminent, if alarm has been tampered with,     or if intruders are discovered in vital area.     Data Required:     Same as for Event 4A.     2.2.5.2 Event 5B: Visual Observation of Unidentified Person     or Unauthorized Person Entering or Within a Vital     Area.     Objective:     Determine if unidentified person(s) is (are) authorized for     access.     Decisions/Actions: 1. Dispatch guards to investigate. 2. Determine if unidentified person(s) is (are) authorized for     access.     Next Step:     Event 7 if an intruder is in a vital area or if sabotage is     imminent. Event 8 if the unidentified individual was an intruder and     has been successfully interdicted.     Data Required:     Same as for Event 4B.     2.2.5.3 Event 5C: Vital Area Found Unlocked and Unattended or     Vital Area Barrier Found Breached.     Objective:     Determine if an intrusion has occurred.     Decisions/Actions: 1. Dispatch guards or armed response individuals to     investigate. 2. Determine if an intrusion has occurred.     Next Step:     Event 7 if vital areas have been penetrated or if sabotage is     imminent. Event 6 if something is found amiss.     Data Required:     Same as for Event 4C.     2.2.6Event 6: Miscellaneous Events     2.2.6.1 Event 6A: Member of Security Force (MSF) Fails to     Perform Duty. Contact is lost with a MSF, a MSF fails to report in, CAS     fails to respond to an alarm, or some other indication exists that an     MSF may have been incapacitated or may have compromised security.     Objective: 1. Re-establish adequate level of protection. 2. Determine if the MSF's failure to execute his duties     has compromised security.     Decisions/Actions: 1. Dispatch guards or armed response individuals to     investigate. 2. Take compensatory measures to re-establish minimum     acceptable level of protection. 3. Determine if MSF failure to execute duties has     compromised security.     Next Step:     Event 4D if protected area is penetrated. Event 7 if a vital area     is penetrated or if sabotage is imminent.     Data Required: 1. Location of MSF. 2. Normal duties and responsibilities of MSF. 3. Guard notification procedure. 4. Assessment of cause of failure of security force     member to perform duties. 5. Assessment of vulnerability due to MSF failure. 6. Results of investigation of areas that may have been     compromised by failure to perform duties.     2.2.6.2 Event 6B: Suspected Bomb or Sabotage Device     Discovered.     Objective:     Determine if object is a sabotage device.     Decisions/Actions: 1. Dispatch knowledgable guards, operators, or armed     response individuals to investigate. 2. Take actions to isolate area. 3. Determine if suspicious object is attempt to sabotage.     Next Step:     Event 7 if suspicious object is determined to be an attempt to     sabotage.     Data Required: 1. Guard, operator, or armed response individual     notification procedure. 2. Location of sabotage device. 3. Procedure for isolating area. 4. Assessment by knowledgable person of nature of     suspicious object.     2.2.6.3 Event 6C: Fire, Explosion, or Other Catastrophe. A     disruptive emergency occurs that has the potential for     covering an attempt to gain unauthorized access to     vital areas to attempt sabotage.     Objectives: 1. Determine if the cause of the event is security     related. 2. Minimize vulnerability during emergency.     Decisions/Actions: 1. Evaluate potential for impact on plant safety. 2. Mitigate anticipated consequences. 3. Investigate security-related aspects and impacts of     the event. Check for possible sabotage. 4. Determine if event is security related. 5. Request offsite assistance, if appropriate.     Next Step:     Event 7 if occurrence is security related.     Data Required: 1. S-P-O-C for Lotsapowa Fire Dept., etc. 2. Guard, operator, armed response individual     notification procedure. 3. Source of catastrophe. 4. Determination of degraded or threatened safety     systems. 5. Delineation of procedures to compensate for     degradation of each system in (4). 6. Results of investigation to determine cause of     catastrophe. 7. Determination of areas in which security measures were     compromised. 8. Assessment of vulnerabilities due to compromised     security. 9. Results of investigations, inspections, etc., of     compromised areas.     2.2.6.4 Event 6D: Internal Disturbance. A disturbance occurs     involving one or more individuals within the perimeter other than one     perceived to be a short-lived and harmless @@.     Objectives: 1. Stop the disturbance. 2. Minimize vulnerability during disturbance.     Decisions/Actions: 1. Determine if the disturbance could affect vital     equipment. 2. Determine if the disturbance involves individuals     having on-watch safety responsibilities. 3. Direct appropriate response to terminate the     disturbance including requesting offsite assistance if     necessary to stop the disturbance. 4. Mitigate anticipated safety consequences. 5. Determine if disturbance is uncontrollable.     Next Step:     Event 7 if disturbance is perceived to be uncontrollable.     Data Required: 1. Guard notification procedures. 2. Location of disturbance. 3. Number of people involved. 4. S-P-O-C for offsite assistance. 5. Determination of threatened vital systems. 6. Delineation of countermeasures taken in event of     derangement of systems in (5). 7. Assessment by guards of their ability to control the     disturbance.     2.2.6.5 Event 6E: Multiple Loss of Onsite Communications     Systems. Two or more means of onsite communications are not     functioning.     Objective: 1. Re-establish communications capability. 2. Determine if the cause of the failure is security     related.     Decisions/Actions: 1. Establish alternate communications systems. 2. Institute any necessary compensatory measures. 3. Investigate nonfunctioning equipment for cause of     failure. 4. Determine if cause is security related.     Next Step:     Event 8 if loss is security related.     Data Required: 1. Determination of set of alternative communication     systems. 2. Means of access by CAS, SAS, and other plant security     force to alternate communications systems. 3. Operability of alternate communications systems. 4. Established set of compensatory measures. 5. Results of investigation of equipment.     2.2.6.6 Event 6F: Multiple Loss of Offsite Communications     Systems. Two or more means of communicating with offsite authorities     are not functioning.     Objectives: 1. Re-establish communications capability. 2. Determine if the cause of the failure is security     related.     Decisions/Actions: 1. Establish alternate communications systems. 2. Institute any necessary compensatory measures. 3. Investigate nonfunctioning equipment for cause of     failure. 4. Determine if the cause is security related.     Next Step:     Event 8 if loss is security related.     Data Required:     Same as for Event 6E.     2.2.7Event 7: Obvious Attempt to Sabotage or Confirmed Intrusion into     Vital Areas in Progress     Objectives: 1. Prevent access to vital equipment. 2. Contain adversaries until Lotsapowa sheriff's deputies     arrive. 3. Mitigate anticipated consequences.     Decisions/Actions: 1. Dispatch responders to interdict intruders if     applicable. 2. Secure vital area portals. 3. Request offsite assistance. 4. Determine impact on plant safety. 5. Mitigate anticipated consequences. 6. Initiate appropriate portions of Emergency Plan     whenever radiological release is perceived to be     imminent or occurs.     Next Step:     Event 8 if intruders are captured or escape. Emergency Plan if     offsite radiological consequences are imminent or occur.     Data Required: 1. Location of intruders or sabotage device. 2. Guards and armed response force notification     procedure. 3. Status of vital area portals. 4. S-P-O-C for Lotsapowa Sheriff's Office. 5. Determination of set of vulnerable vital systems. 6. Delineation of safety measures to take in event of     degradation of vital systems determined in 5. 7. Emergency Plan initiation procedures.     2.2.8Event 8: Sabotage Device Rendered Inoperable, Tampered/Deranged     Equipment Restored, Intruder/Saboteur Captured or Escaped     Objective:     Determine if any other intrusions or sabotage attempts have been     made.     Decisions/Actions: 1. Investigate for evidence of sabotage, sabotage     devices, or intrusions in all affected areas. 2. Notify all concerned parties. 3. Determine if anything is amiss.     Next Step:     Dependent upon results of investigation. ALL CLEAR if nothing     amiss.     Data Required: 1. Results of investigation. 2. S-P-O-C for each notified offsite party. 3. LICENSEE PLANNING BASE     3.1 ORGANIZATIONAL OVERVIEW     Figure 3-1 presents Sunshine organizational structure as it     relates to the Omega Power and Light Company. Responsibilities of key     personnel are given below.     Operations Manager, Omega Power and Light Company - The Operations     Manager, or his designated representative acts as the offsite Emergency     Control Office. In the event that an act of sabotage culminates in the     release of radioactivity to the environment, he is responsible for     notifying the nonlocal offsite emergency response authorities. He may     also assume a command position during protracted security emergencies at     Sunshine plant.     (Due to database constraints, Figures 1 - 4 are not included. Please     contact LIS to obtain a copy.) Plant Manager - The Plant Manager reports to Corporate     Headquarters and has direct responsibility for operating and maintaining     the plant in a safe and secure manner. He is responsible for protecting     the plant staff and the general public from avoidable radiation exposure     and any other consequences of a security emergency at the plant. He     bears responsibility for compliance with the facility operating license.     He has authority to take any action necessary, without consultation, to     prevent or mitigate the consequences of a security emergency.     Operations Manager, Sunshine Plant - The Operations Manager     reports to the Plant Manager and acts in his behalf during his absence.     He is responsible to the Plant Manager for operating and maintaining the     plant in a safe and secure manner. He will assume the duties and     responsibilities of the Plant Manager in his absence as the primary     alternate to the position.     Operations Supervisor - The Operations Supervisor has the     responsibility for directing the actual day-to-day operation of the     unit. He reports directly to the Operations Manager and directs the     plant operating staff. He coordinates operations related to activities     with all departmental supervisors. He assumes all of the Operations     Manager's responsibilities and authority in his absence. He is     responsible for overall supervision of fuel handling operations. He has     the authority to shut down the unit, and he has the authority to     initiate the Emergency Plans.     Shift Supervisor - The Shift Supervisor is responsible for the     actual operation of the plant on his assigned shift. He directs the     activities of the operators on his shift and must be cognizant of all     maintenance activity being performed while he is on duty. The Shift     Supervisor on duty has the authority to shut down the unit if, in his     opinion, conditions warrant this action. He has the authority to     initiate the Emergency Plans.     Plant Security Manager - The Plant Security Manager is responsible     for the overall supervision of the Security Force and the day-to-day     implementation of the security plan. He reports directly to the Plant     Manager.     Operators - Operators report directly to the Shift Supervisor, are     responsible for operating equipment in a safe and secure manner, and     respond as directed by the Shift Supervisor to safeguards contingencies.     3.1.1Security Organization     Figure 3-2 presents the Sunshine security organizational     structure. Within the security organization there are guard posts and     alarm stations, which require continuous or scheduled manning. The     responsibility of the personnel assigned to these posts and stations and     security management responsibilities are described below.     Security Force Supervisor - The Security Force Supervisor has     supervisory responsibility over the guards and watchmen and reports     directly to the Plant Security Manager.     Security Shift Supervisor - The Security Shift Supervisor is     responsible for the supervision of the security activities of personnel     on his shift, reports to the Security Force Supervisor, and assumes his     responsibilities in his absence. He has the authority to declare     "security emergency" and to request offsite assistance.     Guards/Watchmen - Guards and Watchmen (as defined in 10 CFR     Section 73.2) report directly to the Security Shift Supervisor and are     responsible for carrying out post assignments by established procedures     or by specific order for all safeguards contingencies.     Armed Response Individuals - Armed Response Individuals,     preassigned to the post orders, are personnel trained in security     procedures that can be available to assist the security force during     safeguard incidents. During security alerts or emergencies, they report     to the Security Shift Supervisor.     Central Alarm Station (CAS) - CAS guard is responsible for the     immediate initiation and coordination of response to intrusion-related     security contingencies. CAS guard receives notification of the event,     dispatches investigators, and determines if an intrusion occurs. CAS     guard has the authority, when necessary, to declare "security emergency"     and request off-site assistance.     Secondary Alarm Station (SAS) - Secondary Alarm Station guard is a     backup to CAS, is responsible for monitoring CAS guard's response, and     assumes CAS guard's responsibilities if CAS system fails in its     responsibilities.     Main Guard Station - The Main Guard Station is responsible for     controlling authorized access to and from the Protected Area.     Fixed Posts - Fixed Posts may be established at other points at     the site for purposes of surveillance, access control, and response.     Location of fixed post can be found in the security manual.     3.2 PHYSICAL LAYOUT     Sunshine Nuclear Power Plant, shown in Figure 3-3, is located on a     1000 acre tract of land fronting on Sunshine Lake about 17 miles     northeast of Lotsapowa, Montana. The site is generally flat and has     vegetation characteristic of the semiarid country of eastern Montana.     The plant presented in Figure 3-4 is a 1000 MW(e) PWR. The main     buildings include the fuel building, the reactor containment building,     the turbine building, the auxiliary building, and the administration     building.     All are of substantial construction, and with the exception of the     main gate guardhouse (part of the administration building) all are     surrounded by an 8-foot tall, 11-AWG fence per 10 CFR Section 73.2. In     addition, a remote intake structure is located on the lake and is     surrounded on the land side by an 8-foot, 11-AWG fence.     3.3 SAFEGUARDS SYSTEM HARDWARE     Detailed information regarding equipment available to support the     security system during a contingency is documented in the "Sunshine     Physical Security Plan," SNPR 6-77. General information on     communications, intrusion detection, surveillance, locks, keys,     combinations, and related security personnel equipment and security     vehicles is provided in this section.     3.3.1Communications     Sunshine plant is served by the following communications systems:     External     a. Bell telephone distributed throughout the facility.     b. Two-way radio to local law enforcement.     c. Microwave transmitter to dispatcher.     d. Transmission line carrier to dispatcher.     Internal     a. Plant telephone.     b. Plant public address.     c. Portable transceiver (primary onsite communications     net).     d. Bell telephone.     Central Alarm Station and SAS have access to commercial telephone,     portable transceiver, plant telephone, an indirect link through the     plant telephone to the plant public address system, and radio     communication to the Lotsapowa Sheriff's Office. Microwave     communication to the dispatcher and transmission line carrier to the     dispatcher are located in the control room, and operators can relay a     request from CAS or SAS for assistance to offsite authorities if     necessary. The dispatcher will relay requests for assistance from the     control room to authorities specified by the control room.     All guards are equipped with portable transceiver system(s), and     all fixed guard posts have at least one other means of internal     communication. Twenty portable transceivers are available for use,     including one in CAS and one in SAS.     3.3.2Intrusion Detection Hardware     Protective alarm systems provide a means of determining whether a     gate or door is open or closed, therefore providing a means of detecting     and announcing the intrusion by an element that endangers or may     endanger facility security. Intrusion detection devices relating to the     perimeter barrier are also provided. The barrier surrounding the     protected area is continuously monitored by intrusion detection devices     and a series of closed circuit television cameras. Personnel and     vehicle gates at the protected area perimeter barrier are controlled by     locks, security guards, and alarms. Alarms are monitored in both CAS     and SAS in accordance with 10 CFR Section 73.55. Normal access points     to vital areas will be locked and alarmed or monitored by a guard.     3.3.3Surveillance by CCTV     The system consists of a series of 20 strategically located     cameras having the capability of monitoring isolation zones adjacent to     the physical barriers around the entire perimeter of the protected area.     The CCTV is integrated with the intrusion detection system.     3.3.4Locks, Keys, Combinations, and Related Equipment     a. Card Reader/Key Card System - A card reader system connected     to computer is provided. Key cards are issued to employees upon entry to     the protected area each day, and are coded for identification and vital     area access. The system allows access only to those personnel     possessing cards that are coded for entry to that area. All insertions     of cards into readers are recorded, and reader rejections result in     alarms.     b. Locks and Keys - In the event of failure of the Card     Reader/Key Card system, access portals so controlled fail in the locked     (from outside) condition. Tumbler locks are installed on those accesses     and, in conjunction with keys controlled under the key control system,     described in the Security Plan, would serve to maintain positive access     control.     3.3.5Security Personnel Equipment     Each guard is issued his own semiautomatic weapon upon employment.     Arms are kept in the Main Guard Station when guards are off duty. Each     member of the security force is issued a portable transceiver at the     beginning of each shift.     3.3.6Security Vehicles     The security force has a radio-equipped (portable transceiver)     vehicle used exclusively for security. The vehicle is capable of     operating on unimproved terrain in remote areas of the site.     3.4 LAW ENFORCEMENT ASSISTANCE     Arrangements for emergency assistance have been made with     Lotsapowa Sheriff's Office, State Police, and the FBI. Information     concerning notification and expected response for each law enforcement     activity is given below.     3.4.1Response Resources     a. Lotsapowa Sheriff's Office - The Lotsapowa Sheriff's Office     has primary law enforcement jurisdiction at the plant. The following is     the anticipated level of the sheriff's response to requests for     assistance from the plant:     Strength Avg. Response Time Equipment     1-2 officers 20 minutes Officers equipped with 38     caliber revolvers, shotguns,     and radio patrol car.     15 officers 30 minutes Riot control equipment     consisting of gasmasks,     75 officers 90-120 minutes helmets, and riot sticks can     be distributed at police     headquarters.     The Lotsapowa Sheriff's Office could coordinate the mobilization     of a local 5-man SWAT capability made up of municipal and State police.     In addition, the sheriff's office can mobilize an ordnance disposal unit     and be onsite in 30 minutes.     b. State Police - The State police have a working arrangement     with the Lotsapowa Sheriff's Office which in effect states they will     respond when called by the sheriff or his representative. They will     also respond to emergency requests from Sunshine when the sheriff's     office cannot be reached. Expected response would vary from one officer     within 30 minutes to 150 officers in four hours.     c. FBI - Missoula - The FBI has jurisdiction in situations     involving violations of Federal laws. Response is dependent upon the     availability of Missoula FBI agents. An FBI agent could be onsite     within six hours after notification. The FBI office in Missoula can be     reached by telephone between 9 a.m. and 5 p.m. weekdays only. During     off hours the FBI can be reached at the duty number.     3.4.2Communications     Current phone numbers, radio channel assignments, call signals,     and names are located in the Security Communications Directory. The     Lotsapowa Sheriff's Office is the principal point of contact for     requesting assistance. Requests for assistance would normally be made     by telephone. The VHF radio provides a backup means of communication in     the event of telephone failure or for emergencies when lines are busy.     Alternative emergency communication through the system used for     power distribution (load dispatching) that links the plant to the     central facility is possible. Use of this system requires closely     following the detailed procedures specified in the Security     Communications Directory. This communication system should only be used     when all others fail.     3.4.3Coordination with Lotsapowa Sheriff's Personnel     Responding law enforcement personnel will enter the protected area     through the main guard station and will be issued portable transceivers     by the main guard station guard. A specified member of the security     force will escort them to the CAS where they will be briefed on the     situation by the Security Shift Supervisor. A plan of attack will be     formulated, and the law enforcement personnel will be assisted as     required.     3.5 POLICY CONSTRAINTS AND ASSUMPTIONS     a. Sunshine plant will depend on law enforcement agencies to     the maximum extent possible to protect plant personnel and property     against adversary actions. Local law enforcement personnel, upon     arrival at the site, will assume authority and responsibility for     engaging and apprehending intruders. Plant security personnel serve to     deter, detect, and interdict adversary actions, employing firearms only     in accordance with 10 CFR Section 73.55, Montana State Law, and company     policy. In general, a guard will draw a weapon only if his or another's     life is directly threatened and no other means of resolving the     situation is evident.     b. Excepting guards and armed response individuals, no company     employee can be directed to perform hazardous physical security duties     to protect the site.     c. No company employee is expected to contribute his own     personal property or off-duty time to support active contingency     response activities. However, when time permits in contingencies,     consideration will be given to overtime or rescheduling security force     shift.     d. Omega Power and Light Company reserves the right to regulate     or exclude personnel access to the exclusion area surrounding the site,     including the lake front.     e. The security system at the site complies with 10 CFR Section     73.55.     f. The Plant Manager is responsible for requesting offsite     assistance in security emergencies. However, both the CAS guard and the     Security Shift Supervisor have the authority to declare a "Security     Emergency" and to request offsite assistance if a clear and imminent     danger to the plant is evident and if the Plant Manager or his alternate     cannot be reached.     g. Plant management, in response to certain safeguards     incidents that contain factors unforeseen in the preparation of this     plan and that may therefore render the procedures in this plan     ineffective or impractical, may be compelled to take alternative courses     of action based on available information, good intentions, and judgment.     3.6 ADMINISTRATIVE AND LOGISTICAL CONSIDERATIONS     The Security Manager will ensure that copies of the Physical     Security Plan, Contingency Plan, and Security Communications Directory     are made available to all security personnel. One set of the above     documents will be maintained at the Central Alarm Staton. Additional     copies of the documents may be requested from the Plant Manager's     office.     The Security Manager will publish a guard plan daily, weekly, or     monthly, that establishes guard schedules, gives names of guards not     available, and equipment status. The equipment to be considered for the     status report includes detection, surveillance, communication, weapons     and ammunition, and vehicles. The plan will also identify any     security-related problems such as broken locks, lost badges, broken     fences, broken gates, etc. Any shortage of materials or changes to     inventories, maintenance schedules, etc., as specified in the Physical     Security Plan will be included. Changes of issue points and times for     weapons and equipment issue will also be included, as will any changes     in procedures and phone numbers of law enforcement agencies and     management personnel. 4. RESPONSIBILITY MATRIX     The information contained in Chapters 2 and 3 relating to     decision/actions and organizational structure, respectively, have been     integrated to show the relationships between operational elements as the     decision/action sequence progresses from event identification to     objective attainment. The tables that follow make up the responsibility     matrix and tie together the functions being performed by those personnel     identified as operational elements.     (Due to database constraints, Tables 4-1 through 4-20 are not included.     Please contact LIS to obtain a copy.)     48