|
Publication Date: 2/1/81
Pages: 6 Date Entered: 1/5/93 Title: Reporting of Physical Security Events February 1981 U.S. NUCLEAR REGULATORY COMMISSION REGULATORY GUIDE OFFICE OF STANDARDS DEVELOPMENT REGULATORY GUIDE 5.62 (Task SG 901-4) REPORTING OF PHYSICAL SECURITY EVENTS A. INTRODUCTION Paragraph 73.71(c) of 10 CFR Part 73, "Physical Protection of Plants and Materials," requires that licensees report to appropriate offices within the Nuclear Regulatory Commission events that significantly threaten or lessen the effectiveness of their physical security systems as established by safeguards regulations or an approved safeguards plan or both. As required by 10 CFR Part 50, "Domestic Licensing of Production and Utilization Facilities," and 10 CFR Part 70, "Domestic Licensing of Special Nuclear Material," a safeguards plan must include one or more of the following plans: physical security, contingency, and security personnel qualification and training. This regulatory guide provides an approach acceptable to the NRC staff for determining whether an event should be reported and the time frame during which the event should be reported and suggests a format that could be used for reporting the event. B. DISCUSSION Events of concern may be divided into two categories: (1) threat-related events, i.e., those that pose a possible threat to a facility or to a shipment, or (2) loss-of-physical-security-effectiveness events, i.e., those in which the physical security system has failed or has been compromised or degraded. In each of the categories, the reporting routine will vary, depending on the severity of the event. The event categories and the associated reporting routines are included in Table 1 of the regulatory position. Threats Explicit threats are those events in which information has come to the attention of a member of the licensee's security organization or any other employee of the licensee that an act of theft or radiological sabotage will be attempted. Potential threats are those in which information has come to the attention of a member of the licensee's security organization or any other employee of the licensee that supports a belief that an act of theft or radiological sabotage may be attempted. Some judgment has to be exercised about when to report potential threats. A licensee should report a potential threat as soon as it becomes evident that the threat is serious even though a report is not required until 24 hours after information of the potential threat is received. In some cases, explicit and potential threats have been addressed in the licensee's contingency plans. If they have been addressed and if the contingency plan procedure requires the event to be reported, the licensee should report the event. However, if after following the procedures of the contingency plan for the event it is determined that the event is not reportable, a report need not be made. Typical events and the respective reporting times are included in the regulatory position of this guide. Loss of Physical Security Effectiveness A major loss of physical security effectiveness (see footnote 2 to paragraph 73.71(c) of 10 CFR Part 73) occurs under any one of the following general conditions and should be reported within the time frame specified: 1. The breakdown of security systems designed or employed to prevent an unauthorized individual from entering a vital or material access area (see paragraphs 73.2(h) and (j) of 10 CFR Part 73) is such that access could have been gained without detection. The reason for reporting this event within an hour is that the vital and material access areas are the ultimate target for theft or radiological sabotage and, since the last line of defense to them has been completely degraded, the physical security system has no protection against an insider. 2. All communication systems used to summon local law enforcement response forces become inoperative. (The Emergency Notification System to the NRC is not considered a communication system used to summon local law enforcement response forces.) The reason for reporting this event within an hour is that the ability to directly summon offsite response forces has been completely eliminated. 3. Improper personnel procedures occur that lead to conditions in which unauthorized or undetected access to vital or material access areas, to a shipment of formula quantities (see paragraph 73.2(aa) of 10 CFR Part 73) of strategic special nuclear material, or to a shipment of irradiated reactor fuel is possible or the ability to summon response is not available. The effect of procedure violations that result in this condition is the same as that in the previous two conditions; hence, the event must be reported within an hour. Any condition that constitutes a major loss-of-physical-security-effectiveness event that has been properly compensated(1) for in a timely manner is considered to be a moderate event and does not have to be reported within an hour but must be reported within 24 hours. The delay in reporting is allowed because the physical security effectiveness has essentially been restored to the required level and the possibility for compromise of the physical protection system in the interim was minimal. A report, however, has to be made within 24 hours because of the potential severity of the event and because the NRC needs to be informed of the causes of such events and the actions taken to correct them. In contrast to licensees who have to meet the requirements of Section 73.20, 73.37, 73.50, and 73.55 of 10 CFR Part 73, licensees who possess, store, transport, or use only special nuclear material of moderate strategic significance or special nuclear material of low strategic significance (see Section 73.67 of 10 CFR Part 73) are not subject to the requirements for reporting major loss-of-physical-security-effectiveness events. A moderate loss of physical security effectiveness (see footnote 5 to paragraph 73.71(c) of 10 CFR Part 73) for a physical security system occurs under any one of the following conditions and should be reported to the NRC within 24 hours after discovery: 1. Any one of the conditions listed under a major loss of physical security effectiveness that has been properly compensated(1) for in a timely manner. 2. In the following two conditions, the protected area is considered one of the redundant systems for protection of the vital or material access areas. However, unlike vital area and material access area systems, a breakdown of the protected area security system does not leave the material access or vital area without protection. Therefore, this type event does not have to be reported as soon. ---------- (1) "Properly compensated [for event]" is defined in footnote 4 to paragraph 73.71(c) of 10 CFR Part 73 as measures specified in a security or contingency plan that provide a level of security equivalent to that existing before the event, or, if the event is not specified in either of these plans, it means measures implemented within 10 minutes of an event's occurrence that provide a level of security equivalent to that existing before the event. ---------- a. The breakdown of security systems designed or employed to prevent an unauthorized individual from entering protected or controlled access areas (see paragraph 73.2(z) of 10 CFR Part 73) is such that access could have been gained without detection. b. Improper personnel procedures occur that lead to the condition in which unauthorized access to protected or controlled access areas or to a shipment of special nuclear material of moderate strategic significance (see paragraph 73.2(x) of 10 CFR Part 73) is possible or the ability to summon response is not available. 3. Loss of any one redundant or diverse vital or material access area security system leaves these areas under the protection of only one security system. This includes loss of either the central or secondary alarm station. Although the protection afforded the vital and material access areas has been degraded through the loss of one redundant or diverse system protecting it, a complete loss of protection has not occurred, and the event therefore does not have to be reported as soon. If conditions listed in 2 and 3 under the moderate loss of physical security effectiveness result in a moderate event and that event has been properly compensated(1) for in a timely manner, it does not have to be reported to NRC; however, the event does have to be recorded in the licensee's records. C. REGULATORY POSITION Licensees should evaluate physical-security-related events in accordance with Section 73.71(c) of 10 CFR Part 73 and the guidelines in the discussion of this guide to determine whether they are reportable. If after application of Table 1 and the guidelines it is determined that the event needs to be reported or, if any doubt exists about whether the event should be reported, it should be reported by telephone to the Director of the appropriate NRC Inspection and Enforcement Regional Office listed in Appendix A to 10 CFR Part 73. The telephone report should include, as a minimum, the information requested in the appendix to this guide. The written report should include, as a minimum, the information requested in the appendix to this guide as well as any additional information that the licensee is requested to furnish the NRC. Written information requested in the appendix should be supplemented, as needed, by additional narrative material to provide a complete explanation of the circumstances surrounding the event. Threat-related events affecting plants under construction should be reported under paragraph 73.71(c) of 10 CFR Part 73 only if the plant under construction has a license, i.e., the plant is licensed to have fuel on site. It is not expected that events involving loss of physical security effectiveness would occur for plants under construction. However, defects or deficiencies in security equipment or its installation are reportable either under 10 CFR Part 21 or paragraph 50.55(e) of 10 CFR Part 50. Threat-Related and Physical-Security-Effectiveness Events Time frames for reporting the various categories of threat-related and physical-security-effectiveness events are shown in Table 1. (Due to database constraints, Table 1 is not included. Please contact LIS to obtain a copy.) Some events that have been identified as reportable by the NRC staff after application of the procedures of this guide are listed below. 1. Events to be reported within 1 hour after a member of the licensee's security organization or any other employee of the licensee becomes aware of the event include the following: a. Attempted or confirmed intrusions at vital material access, protected, or controlled access areas. b. Attempted intrusions into protected area by protesting groups. c. Discovery of or attempted introduction of unauthorized weapons, explosives, or incendiary devices inside the protected or controlled access areas.(2) d. Bomb threats or extortion threats.(2) e. Mass demonstrations, picketing, or other job actions at the plant site.(2) f. Civil disturbances near the plant site.(2)---------- (2) These events should be evaluated and reported in accordance with contingency plans. If the threat is more potential in character than explicit, it can be reported within 24 hours from the time it has been estimated to be in existence. ---------- g. Loss of both central and secondary alarm stations.(3) h. Loss of all capability for offsite communication to the local law enforcement agency.(3) i. Loss or degradation of power for the physical security system below that level required to keep the security system operating at rated capacity.(3) j. Failure or loss of operability of any alarm or intrusion detection system or portion thereof that could be directly exploited to allow undetected access to vital or material access areas such as (1) card reader access control system malfunction so that unauthorized personnel could gain access to vital areas or (2) simultaneous failure of vital or material access area intrusion detection and threat assessment equipment.(3) k. Unavailability of minimum number of security personnel.(3) 2. Events to be reported within 24 hours after a member of the licensee's security organization or any other employee of the licensee is made aware of their occurrence include the following: a. Theft of security weapon at the site. b. Confirmed tampering with security equipment. c. Discovery of spurious identification badges, key cards, or security locks and keys. d. Theft of documents containing proprietary or classified security information. e. Unexplained fire or explosion within the isolation zone, protected area, or controlled access area that could affect plant security. f. Sudden retirement, discharge, or resignation of key security personnel if the event results in a moderate loss of physical security effectiveness.(4) g. Security-related injury to a member of the security organization such as that caused by malfunctioning security equipment. h. Sickouts or other labor problems affecting the readiness of the security forces. i. Any event that reduces the capability for offsite communication to the local law enforcement agencies. (This would not include loss of service of any one regular telephone, even from an alarm station. However, it would include loss or malfunction of an alarm station radio or hotline equipment.)(4)---------- (3) These events do not have to be reported within one hour if properly compensated for in a timely manner; however, they have to be reported within 24 hours. (4) These events do not have to be reported if properly compensated for in a timely manner; however, they do have to be recorded in the licensee's records. ---------- j. Failure or loss of operability of any alarm or intrusion detection system or portion thereof that could be directly exploited to allow undetected access to the protected area such as (1) simultaneous failure of any one perimeter intrusion alarm segment and threat assessment equipment or (2) undetected failure of any one perimeter intrusion alarm segment.(4) k. Failure of perimeter lighting to an extent that would impair threat assessment.(4) l. Loss of either the central or secondary alarm station.(4) m. Number of guards at transfer points of a shipment fewer than that required by the regulation or security plan.(4) n. Unexplainable security situations impeding the effectiveness of security to the limit defined in the physical security plan. Classification and Transmittal of Sensitive Information A report of a physical security event may contain information that is sensitive; such an event needs to be protected from disclosure. Sensitive information can be proprietary, classified, or both. The licensee should review an event to determine whether the information associated with the event is classified, proprietary, or unclassified. The determinatiin of whether information is classified should be made by the licensee after referring to the NRC Classification Guide for Safeguards Information (Appendix A to 10 CFR Part 95) and other applicable classification guides issued by other government agencies. The licensee is responsible for determining what information is categorized proprietary. If an event is categorized as proprietary, all the information regarding the event can be transmitted to the NRC by an unsecured telephone and by first-class mail. If an event is categorized as classified, the telephone report to the NRC should convey only that an event that meets the criteria of paragraph 73.71(c) of 10 CFR Part 73 has occurred. The written report should be marked with the appropriate classification markings and handled accordingly. Section 95.39, "External Transmission of Documents and Materials," of 10 CFR Part 95 (45 FR 14488, March 5, 1980) contains the requirements for transmittal of classified documents and material. (Due to database constraints, the Appendix is not included. Please contact LIS to obtain a copy.)VALUE/IMPACT STATEMENT(*) The revision to Section 73.71, "Reports of Unaccounted-For Shipments, Suspected Thefts, Unlawful Diversion, Industrial Sabotage or Events Which Significantly Threaten or Lessen the Effectiveness of Safeguards," of 10 CFR Part 73 includes the requirement that licensees report events that could significantly threaten or lessen the effectiveness of their physical security systems as established by regulations or by their NRC-approved physical security, contingency, and security personnel qualification and training plans. ---------- (*) The original draft value/impact statement for Draft Guide SG 901-4, published in October 1979, and the value/impact and report justification analysis prepared for proposed amendments to Part 73, "Physical Protection of Plants and Materials," of 10 CFR Part 73, which have been revised to change "safeguards" events to "physical security" events but otherwise are still valid, are available for inspection at the NRC Public Document Room, 1717 H Street NW., Washington, D.C. ---------- As a result, more explicit reporting requirements than presently exist for certain physical security events are clearly needed. These explicit reporting requirements, as described in Regulatory Guide 5.62 (Task SG 901-4), include the reporting of events that may not have been reported in the past under the requirements of 10 CFR Part 21 as leading to a substantial safety hazard and put NRC into an improved overview position from the standpoint of maintenance of physical security effectiveness and reaction to physical security events. This guide provides guidance for identifying physical security events that should be reported and recommends the procedures for reporting them. 15 |