Download:
pdf |
pdfUNITED STATES
NUCLEAR REGULATORY COMMISSION
OFFICE OF NUCLEAR MATERIAL SAFETY AND SAFEGUARDS
OFFICE OF NUCLEAR REACTOR REGULATION
OFFICE OF NEW REACTORS
WASHINGTON, D.C. 20555
February 24, 2015
NRC REGULATORY ISSUE SUMMARY 2015-03,
IDENTIFYING AND REPORTING SECURITY INCIDENTS
UNDER 10 CFR PART 37
ADDRESSEES
All holders of and applicants for U.S. Nuclear Regulatory Commission (NRC) licenses that
possess category 1 and category 2 quantities of radioactive material, NRC Master Material
Licensees (MMLs), Agreement State Radiation Control Program Directors, and State Liaison
Officers.
INTENT
The NRC is issuing this regulatory issue summary (RIS) to inform licensees of the requirements
regarding identifying and reporting security incidents, including suspicious activity, involving
category 1 or category 2 quantities of radioactive material under 10 CFR Part 37; when and how
to report those matters; and to make recipients aware of a database used to track reports of
suspicious activity. No specific action or written response is required. NRC is providing this RIS
to the Agreement States for their information and for distribution to their licensees, as
appropriate.
BACKGROUND
Following the attacks of September 11, 2001, NRC issued orders, and in some cases, license
conditions requiring implementation of interim security measures to a number of categories of
licensees, including fuel cycle facilities, licensees who transport radioactive materials in
quantities of concern, manufacturers and distributors, large panoramic and underwater
irradiators, and licensees with risk-significant quantities of radioactive material. These orders
required licensees to notify NRC of security incidents involving certain types of byproduct
material. Agreement States issued similar requirements to their licensees.
In a final rule published in the Federal Register on March 19, 2013, (78 FR 16921) the NRC
added a new Part 37 to its regulations in Title 10 of the Code of Federal Regulations, and made
conforming changes to other parts of NRC regulations regarding radioactive materials. This
rule, in large part, replaces the orders referred to above. The new regulation, which NRC
licensees had to comply with by March 19, 2014, established, among other things, physical
security requirements for the possession and use of category 1 and category 2 quantities of
radioactive material. The new rule, 10 CFR Part 37, can be found at
http://www.nrc.gov/reading-rm/doc-collections/cfr/part037/. The related implementation
guidance can be found at http://www.nrc.gov/reading-rm/doc-collections/nuregs/staff/sr2155/.
ML14255A037
�RIS 2015-03
Page 2 of 6
Agreement States will issue similar updated requirements to their licensees by March 19, 2016.
The new regulation includes provisions in 10 CFR 37.57 and 10 CFR 37.81 to standardize the
reporting of actual incidents and of suspicious activity.
SUMMARY OF ISSUE
Reporting of Incidents; Including Incidents Involving Suspicious Activity
10 CFR Part 37.57(a) requires a licensee to report to local law enforcement and the NRC after
determining that an unauthorized entry resulted in an actual or attempted theft, sabotage, or
diversion of a category 1 or category 2 quantity of radioactive material. 10 CFR 37.57(b)
requires licensees to assess suspicious activity related to possible theft, sabotage, or diversion
of radionuclides of concern, and if appropriate, to report the suspicious activity to local law
enforcement and the NRC. The reporting of suspicious activities is an important component of
evaluating the threat against licensed facilities and material. The NRC 1) reviews individual
notifications of suspicious activities to evaluate whether potential preoperational activities (i.e.,
multiple events at a single site or multiple events at multiple sites) may be part of a larger plan,
and 2) integrates this information with other agencies in the homeland security and intelligence
communities. This has the potential to prevent or stop malicious activity at licensee facilities.
Examples of suspicious activity may include, but are not limited to, the following:
Stated threats against the licensee’s facility or staff
Use of forged, stolen, or fabricated documents to support access control or authorization
activities
Unusual challenges to security systems that could represent attempts to gather information
on system performance or personnel or equipment response actions
An individual(s) conducting unapproved photographing or videotaping of licensed facilities
Unauthorized attempts to probe or gain access to the licensee’s business secrets or other
sensitive information or to control systems, including the use of social engineering
techniques (e.g., impersonating authorized users)
The unauthorized operation, manipulation, or tampering of radioactive material in quantities
of concern or the unauthorized operation, manipulation, or tampering of security-related
structures, systems, and components that could prevent the implementation of the
licensee’s protective strategy
Additional examples of potentially reportable suspicious activities are listed in Annex C of
NUREG-2155, “Implementation Guidance for 10 CFR Part 37, Physical Protection of Category 1
and Category 2 Quantities of Radioactive Material”
http://pbadupws.nrc.gov/docs/ML1305/ML13053A061.pdf).
�RIS 2015-03
Page 3 of 6
To ensure compliance with the requirements in 10 CFR 37.57 and 10 CFR 37.81, the NRC staff
wants to remind licensees of the following:
For licensees who possess category 1 and category 2 quantities of radioactive material:
1. The licensee must notify the local law enforcement agency (LLEA) immediately after
determining that an unauthorized entry resulted in an actual or attempted theft,
sabotage, or diversion of a category 1 or 2 quantity of radioactive material. The licensee
must also notify the NRC Operations Center as soon as possible (not later than 4 hours
after discovery) but not at the expense of causing delay or interfering with the LLEA
response to the event. [§37.57(a)] After notifying the LLEA and the NRC, the licensee
must submit a written report within 30 days to the NRC for its analysis and evaluation.
The report must identify any necessary corrective actions. [§37.57(c)]
2. The licensee must assess any suspicious activity related to the possible theft, sabotage,
or diversion of category 1 or 2 quantities of radioactive material and must notify the
LLEA as appropriate. If the LLEA is notified, the licensee must also notify the NRC
Operations Center as soon as possible, but not later than 4 hours after notifying the
LLEA. [§37.57(b)]
For licensees shipping category 1 quantities of radioactive material:
1. The shipping licensee must notify the LLEA and the NRC Operations Center within 1
hour after determining that a shipment of category 1 quantities of radioactive material is
lost or missing. [§37.81(a)]
2. The shipping licensee must notify the designated LLEA along the shipment route as
soon as possible upon discovery of any actual or attempted theft or diversion of a
shipment or upon discovery of suspicious activities related to a shipment of category 1
quantities of radioactive material. After notifying the LLEA, the licensee must also notify
the NRC Operations Center. [§37.81(c)]
3. The shipping licensee must notify the NRC and the LLEA as soon as possible upon
recovery of any lost or missing category 1 quantities of radioactive material. [§37.81(e)]
4. The shipping licensee must submit a written report to the NRC within 30 days of an initial
report of lost or missing material or attempted or actual theft or diversion of a shipment
of category 1 quantities of radioactive material. [§37.81(g)]
For licensees shipping category 2 quantities of radioactive material:
1. The shipping licensee must notify the NRC Operations Center within 4 hours of the
determination that a shipment of category 2 quantities of radioactive material is lost or
missing and must call the NRC Operations Center after 24 hours if the shipment has not
been located. [§37.81(b)]
2. The shipping licensee must notify the NRC as soon as possible upon discovery of any
actual or attempted theft or diversion of a shipment or suspicious activities related to a
shipment of a category 2 quantity of radioactive material. [§37.81(d)]
�RIS 2015-03
Page 4 of 6
3. The shipping licensee must notify the NRC as soon as possible upon recovery of any
lost or missing category 2 quantities of radioactive material. [§37.81(f)]
4. The shipping licensee must submit a written report to the NRC within 30 days of an initial
report of lost or missing material or attempted or actual theft or diversion of a shipment
of category 2 quantities of radioactive material. [§37.81(g)]
Security Incident Information Access
NRC maintains a database, called the Protected Web Server (PWS), to report and analyze
suspicious activities. Information provided on this web site is considered ‘law enforcement
sensitive’. Authorized PWS users, such as homeland security and law enforcement officials,
emergency management personnel, NRC licensees, and Agreement State officials and
licensees, may access the suspicious activity reports on the PWS to maintain situational
awareness of security incidents.
Authorized Agreement State and licensee personnel may request access to the PWS by visiting
https://pws.nrc.gov/ and clicking on the link to register for a new account. The applicant will be
prompted to enter his or her name, e-mail address, and other applicable information. After the
request is submitted, it is reviewed by the NRC. Applicants will be notified via e-mail if their
PWS account is approved. The approval e-mail contains initial login credentials which the user
updates when they login to the system for the first time.
BACKFITTING AND ISSUE FINALITY
This RIS informs licensees of the requirements regarding identifying and reporting security
incidents, including suspicious activity, involving category 1 or category 2 quantities of
radioactive material under 10 CFR Part 37; when and how to report those matters; and to make
recipients aware of a database used to track reports of suspicious activity. This RIS requires no
action or written response beyond that already required by the NRC regulations. Therefore, this
RIS does not represent backfitting as defined in 10 CFR 72.62(a) or 50.109(a)(1), nor is it
otherwise inconsistent with any issue finality provision in 10 CFR Part 52. Consequently, for
this RIS, the NRC staff did not perform a backfit analysis or further address the issue finality
criteria.
FEDERAL REGISTER NOTIFICATION
A notice of opportunity for public comment on this RIS was not published in the Federal Register
because this RIS is informational and does not represent a departure from current regulatory
requirements.
�RIS 2015-03
Page 5 of 6
CONGRESSIONAL REVIEW ACT
This RIS is not a rule as defined in the Congressional Review Act (5 U.S.C. §§ 801-808).
PAPERWORK REDUCTION ACT STATEMENT
This RIS does not contain new or amended information collection requirements that are subject
to the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). Existing requirements were
approved by the Office of Management and Budget (OMB), approval number 3150-0214.
PUBLIC PROTECTION NOTIFICATION
The NRC may not conduct or sponsor, and a person is not required to respond to, an
information collection unless the requesting document displays a currently valid OMB control
number.
�RIS 2015-03
Page 6 of 6
CONTACTS
This RIS requires no specific action, or written response. If you have any questions about this
summary, please contact the technical contacts listed below or the appropriate regional office.
/RA/
/RA LKokajko/
Laura A. Dudes, Director
Division of Material Safety, State, Tribal,
and Rulemaking Programs
Office of Nuclear Material Safety
and Safeguards
/RA Andrea D. Valentin for/
Michael C. Cheok, Director
Division of Construction Inspection
and Operational Programs
Office of New Reactors
Technical Contacts:
Paul Goldberg
(301) 415-7842
[email protected]
Irene Wu
(301) 415-1951
[email protected]
Lawrence E. Kokajko, Director
Division of Policy and Rulemaking
Office of Nuclear Reactor Regulation
�RIS 2015-03
Page 6 of 6
CONTACTS
This RIS requires no specific action, or written response. If you have any questions about this
summary, please contact the technical contacts listed below or the appropriate regional office.
/RA/
/RA LKokajko/
Laura A. Dudes, Director
Division of Material Safety, State, Tribal,
and Rulemaking Programs
Office of Nuclear Material Safety
and Safeguards
Lawrence E. Kokajko, Director
Division of Policy and Rulemaking
Office of Nuclear Reactor Regulation
/RA Andrea D. Valentin for/
Michael C. Cheok, Director
Division of Construction Inspection
and Operational Programs
Office of New Reactors
Technical Contacts:
Paul Goldberg
(301) 415-7842
[email protected]
Irene Wu
(301) 415-1951
[email protected]
DISTRIBUTION: MSTR r/f
OFFICE
MLombard, NMSS
ADAMS Accession No.: ML14255A037
NMSS/MSTR
NMSS/MSTR
NMSS/MSTR
NMSS/MSTR
NSIR
NSIR
NSIR
NAME
IWu
PGoldberg
AMcIntosh
AGiantelli
KZiebell
GWest
TMasse
DATE
9/12/14
9/12/14
9/12/14
10/08/14
10/14/14
10/15/14
10/20/14
OFFICE
NSIR
NSIR
NRR/DPR
OE
OIS
OGC – CRA
OGC - NLO
NAME
SWastler
RFranovich
ACoggins
ACoggins
10/23/14
10/23/14
(DFurst for)
NHilton
11/17/14
TDonnell
DATE
(PIsaac for)
KHsueh
11/05/14
11/25/14
01/07/15
01/07/15
OFFICE
NRO/DCIP
NRR/DPR/PGCB
NRR/DPR
NRR/DPR
NRR/DPR
NMSS/MSTR
NAME
MCheok
ELee
SStuchell
AMohseni
LKokajko
LDudes
DATE
01/29/15
02/04/15
01/ 30 /15
02/11/15
02/19/15
02/24/15
OFFICIAL RECORD COPY
�
| File Type | application/pdf |
| File Title | NRC Regulatory Issue Summary 2015-03 Identifying and Reporting Security Incidents Under 10 CFR Part 37. |
| File Modified | 2015-02-25 |
| File Created | 2015-02-25 |