Download: docx | pdf

SUSPICIOUS ACTIVITY REPORTS

UNDER 10 CFR PART 73

A. INTRODUCTION

Purpose

This regulatory guide (RG) describes methods and procedures that the staff of the U.S. Nuclear Regulatory Commission (NRC) considers acceptable for use by licensees to comply with NRC regulations for implementing the provisions of Title 10 of the Code of Federal Regulations (10 CFR) Part 73, “Physical Protection of Plants and Materials” (Ref. 1).

Applicability

This RG applies to NRC licensees who are subject to the provisions of 10 CFR 73.1215, “Suspicious activity reports,” (SARs). This includes licensees of facilities licensed under both 10 CFR Part 50, “Domestic Licensing of Production and Utilization Facilities,” (Ref. 2) and 10 CFR Part 52, “Licenses, Certifications, and Approvals for Nuclear Power Plants” (Ref. 3). This RG also applies to licensees possessing special nuclear material licensed under 10 CFR Part 70, “Domestic Licensing of Special Nuclear Material” (Ref. 4) and licensees of radioactive waste storage facilities licensed under 10 CFR Part 72, “Licensing Requirements for the Independent Storage of Spent Nuclear Fuel and High-Level Radioactive Waste, and Reactor-Related Greater Than Class C Waste” (Ref. 5). Moreover, this RG also apples to licensees transporting certain types of special nuclear material and radioactive waste. A detailed discussion of the applicability of 10 CFR 73.1215 to licensees who are subject to 10 CFR Part 50, Part 52, Part 70, or Part 72 is found in this RG’s section “B. Discussion” under the subsection “Applicability to Specific Facilities, Materials, and Shipping Activities.”

Applicable Regulations

• 10 CFR Part 73 requires licensees to establish and maintain a physical protection system which will have capabilities for the protection of special nuclear material (SNM) at fixed sites and in transit and of the plants or facilities in which SNM is used. This includes production and utilization facilities, including both operating and decommissioning production rectors, power reactors, non-power reactors, and other non-power production and utilization facilities. It also includes facilities possessing or transportation activities involving: strategic special nuclear material (SSNM), SNM, spent nuclear fuel (SNF), and high-level radioactive waste (HLW).

• 10 CFR 73.1200, “Notification of physical security events,” requires licensees to notify the NRC Headquarters Operations Center of involving imminent or actual hostile actions, significant security events, security challenges, and security program failures.

• 10 CFR 73.1215, “Suspicious activity reports,” requires licensees to report suspicious activities involving licensee facilities, materials, and shipping activities to their applicable local law enforcement agency (LLEA), their applicable Federal Bureau of Investigation (FBI) local field office, the NRC Headquarters Operations Center, and subsequently, their applicable Federal Aviation Administration (FAA) local control tower if the suspicious activity involves aircraft.
  
  

• 10 CFR Part 95, “Facility Security Clearance and Safeguarding of National Security Information and Restricted Data,” establishes procedures for obtaining facility security clearances and for safeguarding Secret and Confidential National Security Information (NSI) and Restricted Data (RD) received or developed in conjunction with activities licensed, certified, or regulated by the Commission (Ref. 6).

• 10 CFR 95.57, “Reports,” requires, in part, that licensees report any alleged or suspected violation of the Atomic Energy Act of 1954, as amended (AEA); Espionage Act; or other Federal statutes related to protection of classified information (e.g., the loss, theft, or deliberate disclosure of classified NSI or RD to unauthorized persons).

• 10 CFR Part 150, “Exemptions and Continued Regulatory Authority in Agreement States and In Offshore Waters Under Section 274,” provides certain exemptions to persons in Agreement States from the licensing requirements contained in Chapters 6, 7, and 8 of the AEA and from the regulations of the Commission imposing requirements upon persons who receive, possess, use or transfer byproduct material, source, or special nuclear material in quantities not sufficient to form a critical mass; and to define activities in Agreement States and in offshore waters over which the regulatory authority of the Commission continues (Ref. 7).

• 10 CFR 150.11, “Critical mass,” specifies the maximum quantity of SSNM or SNM that may be possessed by an Agreement State licensee.

• 10 CFR 150.14, “Commission regulatory authority for physical protection,” specifies that Agreement State licensees possessing a Category III quantity of SSNM remain subject to the NRC’s physical security requirements under 10 CFR 73.67, “Licensee fixed site and in-transit requirements for the physical protection of special nuclear material of moderate and low strategic significance.”

Related Guidance

• Regulatory Guide (RG) 5.62, “Physical Security Event Notifications, Reports, and Records,” provides guidance on physical security event notifications. For example, a notification that may arise because of an LLEA response to a suspicious activity report (Ref. 8). ¹

Purpose of Regulatory Guides

The NRC issues regulatory guides to describe to the public methods that the staff considers acceptable for use in implementing specific parts of the agency’s regulations, to explain techniques that the staff uses in evaluating specific issues or postulated events, and to provide guidance to applicants. Regulatory guides are not a substitute for regulations and compliance with regulatory guides is not required. Methods and solutions that differ from those set forth in regulatory guides will be deemed acceptable if they provide a basis for the findings required for the issuance or continuance of a permit or license by the Commission.

Paperwork Reduction Act

This RG provides voluntary guidance for implementing the mandatory information collections in 10 CFR Part 73 that are subject to the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et. seq.). This information collection was approved by the Office of Management and Budget (OMB), approval number 3150-0002. Send comments regarding this information collection to the FOIA, Library, and Information Collections Branch (T6‑A10M), U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, or by e-mail to [email protected], and to the OMB reviewer at: OMB Office of Information and Regulatory Affairs (3150-0002), Attn: Desk Officer for the Nuclear Regulatory Commission, 725 17th Street, NW Washington, DC 20503; e- mail: [email protected].

Public Protection Notification

The NRC may not conduct or sponsor, and a person is not required to respond to, a request for information or an information collection requirement unless the requesting document displays a valid OMB control number.

TABLE OF CONTENTS

Page

B. DISCUSSION

Reason for Issuance

This regulatory guide is being issued because the NRC has promulgated new requirements under 10 CFR 73.1215 on the reporting of suspicious activities. These new requirements are part of the final rule titled “Enhanced Weapons, Firearms Background Checks, and Security Event Notifications” (hereafter the enhanced weapons final rule) (Ref. 9).

Background

On February 3, 2011, the NRC issued the enhanced weapons proposed rule (Ref. 10). The proposed rule set forth requirements for licensees seeking to apply for preemption authority under Section 161A of the Atomic Energy Act of 1954, as amended. Also included in the proposed rule were new requirements for certain security event notifications. On the same date, the NRC issued Draft Regulatory Guide (DG)-5019, Revision 1, “Reporting and Recording Safeguards Events,” (Ref. 11) for public comment. The DG provided licensees with guidance in implementing the requirements in the proposed enhanced weapons rule. Specifically, DG‑5019 provided proposed guidance in three broad areas: (1) physical security event notifications, reports, and records, (2) cybersecurity event notifications and reports, and (3) suspicious activity reports. The NRC subsequently relocated the cybersecurity event notification guidance in DG‑5019 into RG 5.83, “Cyber Security Event Notifications” (Ref. 12). The NRC further divided DG‑5019 by placing the suspicious activity reporting guidance in this separate final RG 5.87. The remaining guidance on physical security event notifications, written follow-up reports, and records will remain in RG 5.62.

This regulatory guide provides acceptable methods that licensees subject to 10 CFR 73.1215 may use in reporting suspicious activities to applicable LLEA, applicable FBI local field office, the NRC, and, applicable FAA local control tower (for activities involving suspicious aircraft). Following the events of September 11, 2001, the NRC issued security advisories and other guidance on suspicious activities and requested that such activity be voluntarily reported to the NRC. The new requirements in 10 CFR 73.1215 make the reporting of suspicious activities to these various agencies mandatory for certain licensees. The guide contains both examples of suspicious activities that require reporting and other examples of activities for which a licensee may exercise discretion and not report the activity as suspicious. The NRC staff does not consider these examples to be all‑inclusive.

The NRC has determined that licensees’ timely submission of SARs to the NRC and to law enforcement is an important part of the U.S. government’s efforts to disrupt or dissuade malevolent acts against the nation’s critical infrastructure. Despite the increasingly fluid and unpredictable nature of the threat environment, some elements of terrorist tactics, techniques, and procedures remain constant. For example, attack planning and preparation generally proceed through several predictable stages, including intelligence gathering and pre-attack surveillance. Reporting suspicious activities that could be indicative of preoperational surveillance or reconnaissance efforts, challenges to security systems and protocols, or elicitation of non-public information related to security or emergency response programs, offer law enforcement and security personnel the greatest opportunity to disrupt or dissuade acts of terrorism before they occur. Additionally, licensees’ timely submission of SARs to the NRC supports one of the agency’s primary mission essential functions of threat assessment for licensed facilities, materials, and shipping activities.

In this new regulation, the NRC is seeking to balance agency and national objectives of reporting suspicious activities, while not imposing unnecessary or undue burden on licensees. In this regard, it is not the NRC’s intent to dispute a licensee’s conclusions about whether an event is considered to be suspicious. Accordingly, the NRC intends to focus any inspection and enforcement efforts regarding this new regulation on programmatic aspects (e.g., adherence to established procedures, training, points of contact, and the reporting process).

Completing Assessments

The regulations in 10 CFR 73.1215(c) require licensees to promptly assess whether an activity is suspicious and if so, report it as soon as possible, but within 4 hours of the time of discovery. The language in 10 CFR 73.1215(c)(2)(i) establishes a firm 4-hour time limit for reporting suspicious activities. By the end of 4 hours, licensees need to use their best judgment and conclude their assessment of whether a given activity is suspicious and must be reported. In accomplishing such assessments, the licensee may take into account other information, as determined to be relevant by the licensee, associated with its locale and the local population (e.g., the presence of parks and recreational areas or hunting seasons), video or surveillance imagery, and discussions with LLEA or other appropriate officials (e.g., government officials or campus police). A licensee’s actions in gathering additional information or conducting discussions with LLEA or others are not considered, in and of themselves, to constitute a conclusion that an activity is suspicious.

The intelligence-collection value of a SAR to law enforcement is perishable; and therefore, a licensee’s timely submission is more important than a detailed assessment to determine whether a potential activity is suspicious. Accordingly, the NRC staff recommends that licensees should err on the side of prompt reporting of activities that initially appear to be suspicious. Suspicious activity reporting is not part of the NRC’s performance monitoring program, nor is a retraction required for an activity that is subsequently determined not to be suspicious. Licensees face no consequences for submitting a report that is later determined not to be a suspicious activity. The regulations in 10 CFR 73.1215(c) do not require a licensee to report an activity that the licensee assesses is innocent or innocuous.

Retraction of Invalid Reports Not Required

A licensee is not required to retract a suspicious activity report when the licensee subsequently discovers that the activity reported is not suspicious. Licensees will not face any consequences or penalties for reporting an activity that is subsequently determined to not be suspicious.

Elimination of Duplication

Certain activities may be both a suspicious activity and a physical security event. A suspicious activity that requires the licensee to make a physical security event notification pursuant to 10 CFR 73.1200 does not need to also be reported as a suspicious activity under 10 CFR 73.1215(c).

Certain activities may be both a suspicious activity and an information security event. A licensee is not required by 10 CFR 73.1215(f) to report a suspicious activity involving conspiracies to obtain or, actual or attempted efforts by unauthorized individuals to obtain RD, communicate RD, remove RD, or disclose RD if the suspicious activity is also required to be reported pursuant to 10 CFR 95.57.

Additionally, under 10 CFR 73.1215(c)(1)(iii), if a suspicious activity report subsequently results in a LLEA response then the licensee must notify the NRC of the event pursuant to 10 CFR 73.1200(e)(3), if the LLEA response could reasonably be expected to result in public or media inquiries to the NRC. Licensees should refer to RG 5.62 for further guidance on such a notification.

Reporting Timeliness and Order of Precedence

The regulations in 10 CFR 73.1215(c) require licensees (or a licensee’s movement control center for shipping activities) to report suspicious activities applicable to their facility, material, or shipping activity as soon as possible, but within 4 hours of the time of discovery in the following order:

1. First, to the applicable LLEA;

Notes: The applicable LLEA refers to the agency with jurisdiction over the site containing the facility or material.

For licensees located on a college campus, the applicable LLEA refers to a city or county police department or a sheriff’s department and may also refer to a campus police department, depending on jurisdiction. If campus police have jurisdiction over the site then licensees may also report the suspicious activity to the local off campus police department, as appropriate.

For shipping activities, the applicable LLEA refers to the agency with jurisdiction over the physical location where the suspicious activity occurred.

2. Second, to the applicable FBI local field office;

Note: See Staff Regulatory Guidance position 4 for further guidance on determining the applicable FBI local field office for reporting suspicious activities for shipping activities.

3. Third, to the NRC Headquarters Operations Center; and

4. Lastly, to the applicable FAA local control tower, if the suspicious activity involves aircraft overflights in proximity to the licensee’s facility.

Note: The requirement to report suspicious aircraft activities to applicable FAA local control tower applies only to facilities and materials subject to 10 CFR 73.1215(d).

Under 10 CFR 73.1215(c)(2), a licensee must promptly assess whether an activity is suspicious. However, in completing the assessment process, a licensee may review additional information, including interacting with LLEA, to assess whether the activity is suspicious. Additionally, for potentially suspicious aircraft activity, the licensee may also interact with the applicable FAA local control tower and/or nearby military airfield, to assess whether the activity is suspicious. See Appendix A for further guidance.

Applicability to Specific Facilities, Materials, and Shipping Activities

The suspicious activity reporting requirements in 10 CFR 73.1215 apply to a broad range of NRC‑licensed facilities, materials, and shipping activities that are subject to the physical security program requirements in 10 CFR Part 73. However, certain specific suspicious activity reporting requirements may only be applicable to a particular class of facilities, materials, or shipping activities. The NRC staff is providing the following information regarding the applicability of specific provisions in 10 CFR 73.1215.

• The requirements in 10 CFR 73.1215(d) apply to licensees that are subject to the following regulations:

• 10 CFR 73.20, “General performance objective and requirements”;

• 10 CFR 73.45, “Performance capabilities for fixed site physical protection systems”;

• 10 CFR 73.46, “Fixed site physical protection systems, subsystems, components, and procedures”;

• 10 CFR 73.50, “Requirements for physical protection of licensed activities”;

• 10 CFR 73.51, “Requirements for the physical protection of stored spent nuclear fuel and high‑level radioactive waste”;

• 10 CFR 73.55, “Requirements for physical protection of licensed activities in nuclear power reactors against radiological sabotage”;

• 10 CFR 73.60, “Additional requirements for physical protection at nonpower reactors”; and

• 10 CFR 73.67, “Licensee fixed site and in-transit requirements for the physical protection of special nuclear material of moderate and low strategic significance.”

These regulations affect the following:

• Facilities authorized to possess Category I, Category II, or Category III quantities of SSNM;

• facilities authorized to possess Category II or Category III quantities of SNM;

Notes: Under the exemption in 10 CFR 73.1215(d)(2)(i), NRC licensees who are subject to 10 CFR 73.67 and who are engaged in the enrichment of uranium using Restricted Data (RD) information, technology, or materials, are not subject to the reporting requirements of 10 CFR 73.1215(d). This applies to licensees who are engaged in enrichment and who are authorized to only possess either Category II or Category III quantities of SSNM or Category II or Category III quantities of SNM. However, licensees engaged in such enrichment activities are subject to the reporting requirements of 10 CFR 73.1215(f).

Under the exemption in 10 CFR 73.1215(d)(2)(ii), NRC licensees who are subject to 10 CFR 73.67 and who are engaged in the fabrication of new fuel assemblies are not subject to the reporting requirements of 10 CFR 73.1215(d). This applies to licensees who are engaged in the fabrication of new fuel assemblies and who are authorized to only possess either Category II or Category III quantities of SSNM or Category II or Category III quantities of SNM.

Under the exemption in 10 CFR 1215(g)(1), NRC or Agreement State licensees who are subject to 10 CFR 73.67 and who are authorized to possess a Category III quantity of SSNM, where the total quantity of SSNM is limited to less than the critical mass limit specified in 10 CFR 150.11(a) are not subject to the reporting requirements of 10 CFR 73.1215. This means that a licensee who is authorized to possess a total quantity of SSNM greater than 15 grams (g) but is less than 350 g of U-235 (enriched to 20 percent or greater in U‑235), less than 200 g of U-233, less than 200 g of Pu, or less than any combination of these three nuclides using the following unity formula.

• hot cell facilities (for examination of irradiated SNM and SNF);

• independent spent fuel storage installations (ISFSIs) (both general license and specific license ISFSIs);

• monitored retrievable storage installations;

• geologic repository operations areas; and

• production and utilization facilities licensed under 10 CFR 50.21 and 10 CFR 50.22 (including both operating and decommissioning production reactors, power reactors, and non-power reactors).

Notes: The terms “production facility” and “utilization facility” have the same meanings given these terms in 10 CFR 50.2, “Definitions.”

• The regulations in 10 CFR 73.1215(d) apply to:

• Licensees that are engaged in the enrichment of SNM, using RD technology, equipment, or materials where the licensee is authorized to enrich and/or possess Category I quantities of SSNM.

• Licensees of utilization facilities (power reactors and non-power reactors) that have permanently ceased operations, provided that the licensee still has SNF stored within the reactor facility. However, once the licensee has transferred all of its SNF from their spent fuel pool to an offsite facility or to an ISFSI, and that reality is reflected in NRC-approval of reductions to the licensee’s physical security plan, then the licensee may no longer report suspicious activities related to the reactor facility.

• The requirements in 10 CFR 73.1215(e) are applicable to licensees engaged in the transportation of radioactive and nuclear materials and who are also subject to the following regulations:

• 10 CFR 73.20, “General performance objective and requirements”;

• 10 CFR 73.25, “Performance capabilities for physical protection of strategic special nuclear material in transit”;

• 10 CFR 73.26, “Transportation physical protection systems, subsystems, components, and procedures”;

• 10 CFR 73.27, “Notification requirements”; and

• 10 CFR 73.37, “Requirements for physical protection of irradiated reactor fuel in transit.”

These regulations affect licensees engaged in the following shipping activities:

• The transportation of Category I quantities of SSNM;

• The transportation of SNF; and

• The transportation of HLW.

Notes: The regulations in 10 CFR 73.1215(e) do not apply to licensees who are subject to 10 CFR 73.67 and who are engaged in the transportation of unirradiated Category II or Category III quantities of SSNM or Category II or Category III quantities of SNM.

However, the regulations in 10 CFR 73.1215(e) do apply to licensees who are subject to 10 CFR 73.67 and who are engaged in the transportation of SNF under 10 CFR 73.37, (e.g., a non-power reactor shipping SNF).

• The requirements in 10 CFR 73.1215(f) are applicable to licensed facilities subject to 10 CFR 73.67 that are engaged in the enrichment of SNM using RD technology, equipment, or materials. These licensees include the following:

• Fuel cycle facilities that are authorized to enrich SNM to Category II or III quantity levels.

• The regulations in 10 CFR 73.1215(g)(2) exempts the following specific NRC licensee subject to 10 CFR 73.67, Docket number 70-7020, from reporting suspicious activities.

• Certain facilities, materials, and shipping activities are not subject to the physical security program requirements in 10 CFR Part 73. Therefore, these facilities, materials, and shipping activities are also not subject to the suspicious activity reporting requirements in 10 CFR 73.1215. Consequently, this guide does not apply to the following classes of facilities, materials, and shipping activities:

• NRC-licensed or Agreement State‑licensed facilities, materials, and activities that involve the production, use, storage, and transportation of byproduct materials that are subject to the requirements of 10 CFR Part 37, “Physical Protection of Category 1 and Category 2 Quantities of Radioactive Material” (Ref. 14). These 10 CFR Part 37 licensees are subject to a separate suspicious activity reporting requirement found in 10 CFR 37.57, “Reporting of Events.”

• NRC-licensed or Agreement State‑licensed facilities, materials, and activities that involve the production, use, storage, conversion, deconversion, and transportation of source materials that are subject to the requirements of 10 CFR Part 40, “Domestic Licensing of Source Material” (Ref. 15).

Applicants for a License or Construction Permit Holders

Suspicious activity reporting requirements apply to licensees as that term is defined in 10 CFR 50.2, “Definitions.” The term license is broadly defined in 10 CFR 50.2. These reporting requirements do not apply to an applicant for a license as that term is defined in 10 CFR 50.2.

Notification Process

Under 10 CFR 73.1215, licensees are required to report suspicious activities involving facilities, material, and shipping activities to the applicable LLEA. This LLEA would typically have jurisdiction over the physical location of the facility or material. For shipments this would be the physical location of the shipment when the suspicious activity occurred. If a licensee has an existing LLEA point of contact, then the licensee should confirm if this LLEA point of contact is also appropriate for receiving reports of suspicious activities. If not appropriate, then the licensee should coordinate with the LLEA to update its point of contact. For reports of suspicious activities for shipments the appropriate LLEA contact phone numbers along the shipment route are specified in the NRC-reviewed route approval document (e.g., a state police force communications center).

Under 10 CFR 73.1215(c), licensees that are required to report suspicious activities must establish a point of contact with the applicable FBI local field office. The applicable FBI local field office should be based on the geographic location of the licensee’s facility or material. A list of the FBI’s local field offices is available on the FBI’s Web site at https://www.fbi.gov/contact-us/field-offices.

For a licensee that uses a third‑party movement control center to monitor shipments, the licensee may also elect to have movement control center report suspicious activities to the applicable LLEA, FBI local field office, and subsequently the NRC. Licensees involved in shipping activities or movement control centers employed to monitor licensee shipments must establish a point of contact with the appropriate FBI local field office.

Note: A licensee or its movement control center should refer to Staff Regulatory Guidance position 4 to determine the most appropriate FBI local field office with which to establish a point of contact for shipping activities.

A good practice for a licensee or its movement control center employed to monitor shipping activities is to also establish a preferred communications method to use with the appropriate FBI local field office (e.g., voice, fax, or electronic message).

After reporting a suspicious activity to the FBI, licensees or a movement control center, as applicable, must report the suspicious activity to the NRC Headquarters Operations Center. The NRC may be reached by telephone 24 hours a day at the telephone numbers found in Table 1 of “Appendix A to Part 73 - U.S. Nuclear Regulatory Commission Offices and Classified Mailing Addresses.”

Under 10 CFR 73.1215(c), licensees that are subject to 10 CFR 73.1215(d) are required to report suspicious aircraft activities to the licensee’s applicable FAA control tower. Consistent with 10 CFR 73.1215(c)(5)(ii), licensees must establish a point of contact with the applicable FAA control tower. The NRC staff recommends as a good practice that a licensee should also establish a preferred communications method to use with their applicable FAA control tower.

Under 10 CFR 73.1215(c)(8) a licensee or its movement control center must document any LLEA or FBI point of contact information for reporting suspicious activities in their written security communication procedures or route approval documents. A licensee must document any FAA contact information in written communications procedures.

Licensees requesting the assistance of the U.S. Coast Guard, State Departments of Conservation, or State Department of Natural Resources personnel for watercraft entries into posted areas should treat the activity in the same way that they would report a suspicious activity to the LLEA. However, licensees are not required to report unauthorized personnel inside of posted areas that do not have a direct nexus to facility safety (e.g., entry into a circulating cooling water discharge canal cascade that is located a distance from the facility and is posted as “Danger—No Entry” (because of personnel safety concerns)).

Consideration of International Standards

The International Atomic Energy Agency (IAEA) works with member states and other partners to promote the safe, secure, and peaceful use of nuclear technologies. The IAEA develops Safety Requirements and Safety Guides for protecting people and the environment from harmful effects of ionizing radiation. This system of safety fundamentals, safety requirements, safety guides, and other relevant reports, reflects an international perspective on what constitutes a high level of safety. To inform its development of this RG, the NRC considered IAEA Safety Requirements and Safety Guides pursuant to the Commission’s International Policy Statement (Ref. 16), and Management Directive and Handbook 6.6, “Regulatory Guides” (Ref. 17). The NRC staff did not identify any IAEA Safety Requirements or Guides with information related to the topic of this RG.

C. STAFF REGULATORY GUIDANCE

1. General Guidance on Assessing What Constitutes a Suspicious Activity

Licensees have the best knowledge and understanding of their facilities and the local population and environment in which their facilities are situated. The NRC staff views licensees as best positioned to assess whether wrong, abnormal, or unusual activities or behaviors are actually suspicious relative to their facility, material, or activity and, therefore, warrant reporting. Similarly, the NRC staff also views licensees as best positioned to assess whether the activity or behavior is innocent or innocuous and does not warrant reporting. Therefore, licensees should use their experience and a broad perspective in evaluating an activity and based on this experience and perspective report as suspicious any activity that they consider wrong, abnormal, or unusual. The NRC staff recommends that licensees apply an overall philosophy regarding the reporting of suspicious activities that is best reflected by the U.S Department of Homeland Security’s (DHS’) campaign message of “If You See Something, Say Something.” ^®

To reduce unnecessary burden on licensees, the NRC has structured the suspicious activity reporting requirements and this supporting guide to provide licensees with flexibility to use their best judgment to determine if an activity appears suspicious. Consequently, a licensee should consider locality‑specific information when assessing whether an activity is suspicious. This can include the locale surrounding the facility, the local population, and other individual circumstances (e.g., the presence of recreational areas or activities such as hunting, fishing, and hiking) in its surroundings. For example, what “Licensee A” considers to be a suspicious activity at a research reactor located on a college campus in a large urban city may differ significantly from what “Licensee B” considers to be a suspicious activity for similar circumstances at an operating power reactor site located on a 5,000‑acre rural complex next to a recreational lake. A licensee may gather additional information, review electronic records, or communicate with its LLEA to assess whether an activity is suspicious. However, in gathering such information and conducting an assessment, NRC staff notes that law enforcement has indicated that receiving reports of suspicious activity within 60 minutes of the time of discovery provides the greatest potential for their effective use of this information.

Given the subjective nature of such assessments, the NRC staff intends to defer to the licensee’s conclusions as to whether an activity is suspicious. Consequently, the NRC will focus its oversight actions regarding this regulation on whether a licensee has implemented the programmatic aspects of 10 CFR 73.1215 (e.g., establishing points of contact, documenting this information in communications procedures, and training responsible personnel on this information). The NRC’s oversight process will not typically focus on a licensee’s substantive conclusion regarding the assessment of a potentially suspicious activity.

A good practice for licensees or applicable movement control centers is to consider including any point of contact information and preferred communication method for reporting suspicious activities in their security communication procedures or route approval document. This information should include LLEA, FBI, and FAA contact information, as applicable. Licensees or applicable movement control centers should include this written contact information in periodic training for personnel responsible for making such reports (e.g., security managers, alarm station operators, facility operators, or shipment monitors).

2. Time of Discovery

The NRC has included the following definition of “time of discovery” to 10 CFR 73.2, “Definitions,” to clarify timeliness goals for both physical security event notifications under 10 CFR 73.1200 and suspicious activity reporting under 10 CFR 73.1215.

Time of discovery means the time at which a cognizant individual observes, identifies, or is notified of a security‑significant event or condition. A cognizant individual is considered anyone who, by position, experience, and/or training, is expected to understand that a particular condition or event adversely impacts security.

3. Priority of Timely Reporting versus Accuracy of Assessment

The NRC recognizes that a licensee’s assessment of whether an activity is suspicious may involve complexities and unknowns. The purpose of the suspicious activity reporting requirement is to have licensees report in a timely manner any activities that they determine are suspicious, even if the activity is subsequently determined to be innocent. Therefore, the NRC considers the timely reporting of a suspicious activity based on a reasonable assessment of the circumstances to have greater value than making a definitive determination that the activity is actually associated with some potentially malevolent intent. Under 10 CFR 73.1215(c), the NRC allows a licensee up to 4 hours to assess and report a suspicious activity. Consequently, licensees should not delay reporting a suspicious activity to gather more information or complete a more thorough assessment beyond the 4-hour timeliness requirement.

4. Applicable FBI Local Field Office for Shipping Activities

For licensees engaged in shipping activities specified under 10 CFR 73.1215(e), the location of the applicable FBI local field office to report suspicious activities may vary. For example, the originating licensee may be responsible for monitoring the shipment or the receiving licensee may be responsible for monitoring the shipment. Consequently, the applicable FBI local field office may be located nearest to the monitoring facility. Alternatively, the licensee may use a transportation contractor or a third‑party entity to perform the functions of a movement control center. Consequently, the applicable FBI local field office may be located nearest to the movement control center. Any contractual agreements between the licensee and the movement control center and the associated security plans to transport radioactive or special nuclear material should clearly delineate responsibility for reporting suspicious activities. The licensees should discuss such considerations with the FBI when establishing the points of contact for reporting suspicious activities that involve shipping activity.

5. Examples of Suspicious Activity

The regulations in 10 CFR 73.1215(d), (e), and (f) identify several broad categories of activities that licensees should assess as potentially suspicious depending upon the type of facility or activity. The NRC staff have developed the following examples and/or clarifications of these broad categories to assist a licensee or its movement control center in assessing whether a particular activity is suspicious.

When a licensee uses a movement control center to monitor shipments, the movement control center may report suspicious activity (as specified in 10 CFR 73.1215(e)) on behalf of the licensee. In such circumstances, the guidance, examples, and direction contained in Section C of this RG applying to licensees may also be used by a movement control center. Suspicious activities may target a movement control center itself or the personnel supporting a movement control center’s operation, rather than just the ongoing or future shipments that the movement control center is monitoring. In such circumstances, the movement control center should report such suspicious activities against itself using the process specified in 10 CFR 73.1215(c).

1. Elicitation of Sensitive Non-public Information

Elicitation refers to a process used by individuals with malevolent intent to gather classified or sensitive non-public information through their interactions with people. Such information can be extracted knowingly or unknowingly (e.g., through casual conversations).

1. For facilities: Elicitation may be used to gain access to information on security programs, emergency response programs, or sensitive design details associated with protection of the facility or material.

2. For shipments: Elicitation may be used to gain access to information on security programs, emergency response programs, or sensitive design details associated with security programs, emergency response programs, shipment routes, safe-haven locations, or other sensitive design details associated with protection of the shipment (e.g., immobilization devices).

3. For enrichment facilities with RD technology, information, or materials: Elicitation may be used to gain access to information on security programs associated with the facility’s protection of the RD technology, or information, or materials.

Note: If the elicitation activities shift from the security measures protecting the RD technology, information, or materials to the RD information itself, then the licensee should refer to Staff Regulatory Guidance position 6.

4. If the elicitation activities shift from the security of the RD information or technology, to the RD information itself (i.e. potential espionage), the licensee should also refer to Staff Regulatory Guidance position 6.

5. Licensees should consider elicitation activities directed at obtaining sensitive non-public information as a suspicious activity. This is especially true where the elicitation activity involves illegal or questionable activities.

6. Licensees should consider that knowledgeable personnel are more likely to be the target of elicitation. Such personnel typically have the greatest access to and knowledge of a licensee’s sensitive non-public information. Such personnel should include individuals in the licensee’s insider mitigation or human reliability programs and persons with detailed knowledge of the licensee’s security programs or emergency response programs, response actions, or vulnerabilities. However, licensees should also be aware that adversaries often attempt to elicit information from less knowledgeable personnel in order to compile (or aggregate) sensitive non-public information on a licensee’s facility or activities.

7. Elicitation may include: an offer of tangible material goods (i.e., quid pro quo acts), such as cash payments, illegal drugs, illegal pornography, gambling, debt repayment, expensive meals, expensive vacations or travel, or sexual favors, in exchange for sensitive non-public information; or intangible acts such as extortion, blackmail, or threats of physical violence directed against the individual or their family members.

1. Elicitation may include: an offer of tangible material goods (i.e., quid pro quo acts), such as cash payments, illegal drugs, illegal pornography, gambling, debt repayment, expensive meals, expensive vacations or travel, or sexual favors, in exchange for sensitive non-public information; or intangible acts such as extortion, blackmail, or threats of physical violence directed against the individual or their family members.

5.2 Challenges to Licensee’s Security Systems and Procedures - Facilities

Licensees should be aware that adversaries may initiate activities to challenge a licensee’s security systems or response procedures. Adversary activities that challenge a licensee’s security systems or response procedures are typically intended to assess a licensee’s response to an abnormal security situation. Such activities may be significant enough to warrant the licensee’s initiation of security response functions, protocols, or contingency response procedures. In such instances, a licensee should make any notifications required by 10 CFR 73.1200. If a physical security event notification is not required, a licensee may consider whether this activity should instead be reported as a suspicious activity.

The NRC staff is providing the following examples of some activities challenging a licensee’s security systems or response procedures that a licensee may consider assessing as a potentially reportable suspicious activity.

1. Apparent willful, deliberate, or aggressive attempts to not follow facility traffic control directions or stop at traffic control or security control checkpoints or control points.

2. Unauthorized entry of personnel or watercraft into posted off‑limit areas (e.g., near cooling water intake structures).

3. Individuals entering posted off‑limit areas in watercraft and then fail to exit when directed by security personnel.

4. Unauthorized tests or challenges of security screening, detection, and assessment systems. This reporting applies to both interior and exterior security systems.

5. Events that involve individuals that appear to be lost or inebriated are not required to be reported as suspicious activity.

2. Preattack Surveillance or Reconnaissance - Facilities

Preattack surveillance or reconnaissance activities are typically intended to assess a licensee’s physical layout for a facility, as well as the arrangement, coverage, and implementation of intrusion detection, monitoring, and assessment systems. Such activities may include surface, subsurface, and aerial events and may occur from within public areas adjacent to the facility or within restricted or posted areas. Additionally, although such activities are typically conducted external to the facility, reconnaissance activities may also occur internally, such as at the facility or its personnel screening systems (e.g., during tours or visits). Preattack activities can be differentiated from operational surveillance activities (i.e., those surveillance activities directly related to actual or imminent hostile actions). Licensees experiencing surveillance that may be indicative of imminent hostile actions (e.g., where a licensee implements a change in its protective response status) should refer to Regulatory Guide 5.62 regarding physical security event notifications.

5.3.1 Potentially Reportable Examples

The NRC staff is providing the following examples of some activities a licensee may consider assessing as a potentially reportable suspicious activity. These examples are not exhaustive.

1. Observed pre-operational surveillance, reconnaissance, or intelligence gathering activity from within posted or restricted areas (i.e., non-public areas).

2. Individuals entering or loitering in areas immediately adjacent to the licensee’s facility. For example, individuals loitering in unposted areas outside of a nonpower reactor located within a multiuse building on a college campus in a large metropolitan area may not raise the same concern as individuals loitering outside of a power reactor site within a 2,000‑acre rural complex.

3. Individuals taking photographs or videos from public areas adjacent to the licensee’s facility.

4. Individuals taking photographs or videos from non-public areas immediately adjacent to their facility (e.g., the owner-controlled area). Individuals taking unauthorized photographs or videos from inside the facility.

5. Unauthorized aerial overflights by unmanned aerial systems (UAS) or low flying or circling conventional aircraft overflights of a licensee’s facility.

6. Unauthorized aerial overflights by UAS over a licensee’s facility when the FAA has designated the airspace as restricted airspace under 14 CFR 99.7, “Special security instructions,” (Ref. 18).

Note: See Appendix A, Section A-5, of this RG for further discussion of restricted airspace.

5.3.2 Potentially Not-Reportable Examples

The NRC staff is also providing the following examples of some activities that a licensee may not consider as suspicious activity. These examples are not exhaustive.

1. Recording of information into personal diaries that would not be indicative of potential preoperational surveillance, reconnaissance, or intelligence-gathering activities.

2. Photographs by members of a tour group at locations where the licensee has authorized photography.

3. Planned aerial overflights supporting licensee transmission line monitoring or maintenance, emergency preparedness planning, emergency preparedness exercises, emergency response events, and thermal imaging or radiation survey studies. Licensees should coordinate such flights with their local FAA if the airspace over their facility has been designated by the FAA as restricted airspace.

4. Planned aerial overflights conducted by State or Federal agencies or their contractors or other external entities that have coordinated their flights with the licensee.

5.4 Challenges to Communication Systems or Security Systems - Shipping

Challenges to a licensee’s communication or security systems are typically intended to assess the ability of a licensee or a movement control center to evaluate an abnormal security situation and then to observe responses by personnel and any implementation of contingency response procedures or protocols.

The NRC staff is providing the following examples of activities a licensee may consider assessing as a potentially reportable suspicious activity.

1. Attempted challenges to transport vehicle security systems, vehicle communication or position monitoring systems, immobilization systems, or transportation package security systems.

2. Attempted challenges involving the testing of response capabilities of protective forces or escort personnel.

3. Attempted challenges to a movement control center’s shipment position monitoring or communications systems.

5.5 Interference with or Harassment of an Ongoing Shipment

Consistent with 10 CFR 73.12115(e)(1(iii), licensees must report suspicious activities involving interference with or harassment of an ongoing shipment.

The NRC staff is providing examples of some activities a licensee may consider assessing as a potentially reportable suspicious activity.

1. Blocking or harassing a shipment’s transport or escort vehicles.

2. Interfering with the safe operation of a shipment’s transport or escort vehicles.

3. Pouring or throwing biologic material (e.g., blood) or simulants (e.g., red paint or water) onto a transportation package.

5.6 Preattack Surveillance or Reconnaissance - Shipment

Preattack surveillance or reconnaissance of shipments typically occurs in the public domain away from the licensee’s facility. Consequently, adversaries may choose both the time and location for such activities. Preattack surveillance or reconnaissance activities are typically intended to assess a licensee’s ongoing (i.e., actual) shipments and the security and communication systems used for such shipments. In addition, for extended shipping campaigns, the use of the same routes or schedules increases the vulnerability of these shipments to adversaries conducting pattern analysis or traffic analysis to identify potential points of greatest vulnerability or of highest exploitability.

Preattack activities are differentiated from operational surveillance activities (i.e., those directly related to actual or imminent hostile actions). Licensees should refer to Regulatory Guide 5.62 regarding actual or imminent hostile actions.

The NRC staff is providing examples of some activities a licensee may not consider as a suspicious activity.

1. Individuals entering or loitering in public areas immediately adjacent to a temporarily stopped shipment (for example, at a truck stop, interstate highway rest areas or weigh scales).

2. Individuals photographing or video recording of shipments or shipment vehicles from public areas (e.g., “train spotting” activities).

5.7 Aggressive Actions to Gather Information - Enrichment Facilities

Category II or Category III SNM enrichment facilities subject to 10 CFR 73.67 are also subject to the suspicious activity reporting requirements of 10 CFR 73.1215(f) with respect to their RD information, technology, or materials.

Accordingly, the NRC staff is providing examples of some activities a licensee may consider assessing as a potentially reportable suspicious activity.

1. Consistent with 10 CFR 73.1215(f)(1), licensees must report suspicious activities involving aggressive noncompliance with visitor restrictions during onsite visits or tours, including but not limited to the following:

1. Willful unauthorized departure from a tour group, or

2. Willful entry into unauthorized areas or into 10 CFR Part 95 restricted areas.

3. Persistent, aggressive, or detailed questions by visitors or tour groups or significant unauthorized behavior by visitors or tour groups.

Notes: For example, persistent questioning following a licensee’s initial reply that the information is non-public or sensitive; and, therefore, cannot be discussed. The NRC staff considers persistent questioning to be different from mere curiosity by visitors or tour groups.

Such activities, especially by foreign national visitors, may also be potentially indicative of attempted espionage activities. (See also Staff Regulatory Guidance position 6)

2. Licensees should be aware that official foreign visitors and joint research efforts may be exploited by foreign government organizations, including their intelligence services, to target and collect sensitive information. This may include official visits to facilities, as well as joint research projects between foreign entities and U.S. licensees.

3. Licensees should report suspicious activities involving the attempted unauthorized introduction of the following electronic devices or recording media inside a 10 CFR Part 95 restricted area containing RD technology, information, or materials:

1. cell phones;

2. cameras;

3. wireless or Bluetooth devices (e.g., Fitbits or Google Glasses); or

4. USB memory, CD memory, or DVD memory devices.

Notes: Under 10 CFR 73.2 such recording media and communication devices in a 10 CFR Part 95 restricted area are considered contraband. Consequently, the discovery or observation of contraband inside a restricted area typically requires notification under 10 CFR 95.57.

If an event involving unauthorized introduction of contraband is reported under 10 CFR 95.57, then a suspicious activity report is not required under 10 CFR 73.1215.

Licensees have the discretion to also report contraband events at RD facilities to their FBI local field office, even if a notification was made to the NRC under 10 CFR 95.57.

4. Consistent with 10 CFR 73.1215(f)(1)(ii), licensees must report activities involving the actual or attempted unauthorized recording or imaging of RD sensitive technology, equipment, or material inside a 10 CFR Part 95 restricted area under the requirements of 10 CFR 95.57(a).

6. Potential Prohibited Activities Involving Restricted Data

Licensees are required under 10 CFR 95.57 to report alleged or suspected activities where unauthorized personnel obtain, attempt to obtain, or conspire to obtain RD, communicate RD, remove RD, or disclose RD. Consistent with 10 CFR 73.1215(f)(2), licensees are not required to report suspicious activities that were reported separately under the requirements of 10 CFR 95.57.

6. Recording the Disposition of Suspicious Activities

The NRC staff suggests as a good practice that licensees may wish to keep a record (e.g., a simple log) of potential suspicious activities and their disposition (e.g., a description of the activities and whether the activities were assessed as nonsuspicious or were reported as suspicious). This record may also assist the licensee in long term tracking or trending of potential suspicious activities.

6. Non-power Reactors and Campus Police Forces

Licensees of non-power reactors located in college or university campus settings may consider activities conducted by the campus police force as being part of a licensee’s overall security program. The NRC staff considers this approach acceptable provided that it is adequately described in the facility security plan. In this case, the campus police force is also a component of a much larger organization (i.e., the college or university hosting the non-power reactor). Consequently, a licensee that requests a response by campus police forces for minor matters (e.g., illegal parking or loitering) does not need to consider these as suspicious activities and, therefore, do not require a report under 10 CFR 73.1215. However, while investigating a minor matter, if the campus police do determine the matter to be suspicious, the licensee should contact its LLEA (e.g., city police, county police, or county sheriff) and coordinate any necessary LLEA response an ongoing suspicious activity. The licensee should follow the guidance contained in Section B above regarding notification to the FBI and the NRC.

6. Discontinue Use of Previous Guidance IA-04‑08

Licensees who are subject to the requirements of 10 CFR 73.1215 should use this regulatory guide. Additionally, such licensees should discontinue using the NRC’s previous guidance on reporting suspicious activities contained in Information Assessment Team Advisory (IA)‑04-08, “Reporting Suspicious Activity Criteria,” dated October 5, 2004.

6. DHS and FBI Guidance on Suspicious Activity Reporting

The DHS and the FBI have issued separate guidance and information bulletins on suspicious activity reporting. Some previous examples of such guidance include:

1. DHS and FBI, “Suspicious Activity Reporting Criteria for Infrastructure Owners and Operators,” dated August 3, 2004,

2. DHS, Information Bulletin HQ‑006‑1B‑2015, “(U) Suspicious Activity Reporting,” dated May 7, 2015.

Such guidance is typically not publicly available, and the NRC staff is not aware if such guidance has been superseded by more current guidance. The NRC is not requiring licensees to use such guidance to comply with the requirements of 10 CFR 73.1215. However, licensees wishing to access DHS or FBI guidance should contact the DHS or the FBI directly to request access to these documents or other current suspicious activity reporting guidance.

D. IMPLEMENTATION

The NRC staff may use this regulatory guide as a reference in its regulatory processes, such as licensing, inspection, or enforcement. The NRC staff does not expect or plan to require the use of this regulatory guide. However, should the NRC determine to require the use of this regulatory guide, such an imposition would not constitute backfitting, as that term is defined in 10 CFR 50.109, “Backfitting,” 10 CFR 70.76, “Backfitting,” or 10 CFR 72.62, “Backfitting”; affect the issue finality of an approval issued under 10 CFR Part 52, “Licenses, Certifications, and Approvals for Nuclear Power Plants”; or constitute forward fitting, as that term is defined in NRC Management Directive 8.4, “Management of Backfitting, Forward Fitting, Issue Finality, and Information Requests” (Ref.19), because reporting requirements are not included within the scope of the NRC’s backfitting or issue finality rules or forward fitting policy.

GLOSSARY

assessment	An evaluation performed by a licensee to determine whether an event is reportable as a suspicious activity under the provisions of 10 CFR 73.1215. An assessment may include review of electronic surveillance records, interviews of individuals, or discussion with the licensee’s LLEA regarding the circumstances of the event.
Cognizant Security Agency (CSA)	The term Cognizant Security Agency has the same meaning as is found in 10 CFR 95.5, “Definitions.”
LLEA	A local law enforcement agency that has jurisdiction over the location of the licensee’s facility or has jurisdiction over the location of an underway shipment.
movement control center	A movement control center (on behalf of a licensee) maintains position information during the shipment (i.e., transportation) of SSNM or SNF; receives reports of actual or attempted attacks, thefts, or sabotage; receives reports of suspicious activity; notifies and reports any suspicious activities to the NRC and other agencies, as appropriate, and requests and coordinates aid or response from the appropriate LLEA, as necessary.
production facility	The term production facility has the same meaning as is found in 10 CFR 50.2, “Definitions.”
restricted area	The term restricted area has the same meaning as is found in 10 CFR 95.5.
Restricted Data (RD)	The term Restricted Data has the same meaning as found in 10 CFR 95.5.
UAS	unmanned aircraft systems 2 3
utilization facility	The term utilization facility has the same meaning as is found in 10 CFR 50.2.

REFERENCES⁴

1. U.S. Code of Federal Regulations (CFR), “Physical Protection of Plants and Materials,” Part 73, Chapter I, Title 10, “Energy.”

2. CFR, “Domestic Licensing of Production and Utilization Facilities,” Part 50, Chapter I, Title 10, “Energy.”

3. CFR, “Licenses, Certifications, and Approvals for Nuclear Power Plants,” Part 52, Chapter I, Title 10, “Energy.”

4. CFR, “Domestic Licensing of Special Nuclear Material,” Part 70, Chapter I, Title 10, “Energy.”

5. CFR, “Licensing Requirements for the Independent Storage of Spent Nuclear Fuel, High‑Level Radioactive Waste, and Reactor‑Related Greater Than Class C Waste,” Part 72, Chapter I, Title 10, “Energy.”

6. CFR, “Facility Security Clearance and Safeguarding of National Security Information and Restricted Data,” Part 95, Chapter I, Title 10, “Energy.”

7. CFR, “Exemptions and Continued Regulatory Authority in Agreement States and In Offshore Waters Under Section 274,” Part 150, Chapter I, Title 10, “Energy.”

8. U.S. Nuclear Regulatory Commission (NRC), Regulatory Guide (RG) 5.62, “Physical Security Event Notifications, Reports, and Records,” Washington, DC.

9. NRC, “Enhanced Weapons, Firearms Background Checks, and Security Event Notifications” [Final Rule], Federal Register, Vol. 87, No. xxx: pp. xxxxx, (87 FR xxxxx), Washington, DC, Month DD, 2022.

10. NRC, “Enhanced Weapons, Firearms Background Checks, and Security Event Notifications” [Proposed Rule], Federal Register, Vol. 76, No. 23: pp. 6200, (76 FR 6200), Washington, DC, February 3, 2011.

11. NRC, Draft Regulatory Guide (DG)-5019, Revision 1, “Reporting and Recording Safeguards Events,” Washington, DC (Agencywide Documents Access and Management System Accession No. ML100830413).

12. NRC, RG 5.83, “Cyber Security Event Notifications,” Washington, DC.

13. CFR, “Physical Protection of Category 1 and Category 2 Quantities of Radioactive Material,” Part 37, Chapter I, Title 10, “Energy.”

14. CFR, “Domestic Licensing of Source Material,” Part 40, Chapter I, Title 10, “Energy.”

15. NRC, “Nuclear Regulatory Commission International Policy Statement,” Federal Register, Vol. 79, No. 132, July 10, 2014, pp. 39415-39418.

16. NRC, Management Directive (MD) 6.6, “Regulatory Guides,” Washington, DC, May 2, 2016 (ADAMS Accession No. ML18073A170).

17. CFR, “Security Control of Air Traffic,” Part 99, Subchapter F, Chapter I, Title 14, “Aeronautics and Space.”

18. NRC, MD 8.4, “Management of Backfitting, Forward Fitting, Issue Finality and Information Requests,” Washington, DC, September 20, 2019 (ADAMS Accession No. ML18093B087).

19. CFR, “Definitions and Abbreviations,” Part 1, Subchapter A, Chapter I, Title 14, “Aeronautics and Space.”

APPENDIX A

SUSPICIOUS AVIATION-RELATED ACTIVITIES

This appendix provides further guidance to licensees regarding prior coordination, assessing potentially suspicious aviation-related activities, and reporting of suspicious aviation-related activities with law enforcement, the NRC, and the Federal Aviation Administration (FAA).

A-1. Types of Aircraft

Suspicious aviation-related activities may involve either manned aircraft or unmanned aircraft (colloquially referred to as drones) operating over or in proximity to a licensee’s facilities.

A-2. Prior Coordination

The NRC staff recommends that licensees subject to 10 CFR 73.1215(d) engage in prior coordination efforts with any nearby FAA facilities and military airfields.

A-2.1 Coordination with the FAA

In 2004, the FAA issued the following Notice to Airmen (NOTAM). This NOTAM advises pilots to avoid not only the airspace above or in proximity to U.S. nuclear power plants but also includes other key infrastructure facilities. The following is the published language contained in the most current NOTAM:

Flight Data Center (FDC) 4/0811 FDC Special Notice: “This is a restatement of a previously issued advisory notice. In the interest of national security and to the extent practicable, pilots are strongly advised to avoid the airspace above, or in proximity to such sites as power plants (nuclear, hydro-electric, or coal), dams, refineries, industrial complexes, military facilities and other similar facilities. Pilots should not circle as to loiter in the vicinity over these types of facilities.”

The NRC staff recommends that licensees contact their nearest FAA Air Traffic Control (ATC) facility to discuss this NOTAM, any successors, and its relevance to their facility, and to maintain a relationship with the ATC personnel. Information on FAA Air Traffic Organization, Air Traffic Control Towers, Terminal Radar Approach Control facilities, Air Route Traffic Control Centers, and Flight Standards District Offices are available on the FAA Web site at https://www.faa.gov/.

A-2.2 Coordination with Nearby Military Airfields

Licensees should also establish one or more points of contact with any nearby active-duty or reserve military airfields, as applicable (e.g., the airfield’s operations center or control tower). This point of contact can facilitate advance notifications of planned training activities as well as queries of unplanned low-level, military flights in proximity to or over licensee facilities. For example, some licensees have experienced overflights due to routine military aerial training exercises that used the licensee’s facility as a low-level navigation way point. Such planned military aircraft overflights are not considered suspicious.

A-3. Assessing Potentially Suspicious Aviation-Related Activity

Under 10 CFR 73.1215(c)(2), a licensee must promptly assess whether an activity is suspicious. However, in completing the assessment process, a licensee may review additional information, including interacting with LLEA, to assess whether the activity is suspicious. Additionally, for potentially suspicious aviation-related activity, the licensee may also interact with the applicable FAA local control tower and/or nearby military airfield, to assess whether the activity is suspicious. The NRC staff also recommends that licensees should assess as suspicious multiple sightings of the same aviation-related asset, circling or loitering above or in close proximity to its facilities, or photographing its facilities or surrounding areas.

If the interaction with the local FAA facility or military airfield indicates that the aviation-related activity is associated with a municipal, State, or Federal entity, or a contractor for such entities, or if the FAA indicates that an authorized flight deviation had occurred, then the licensee may assess the activity as not suspicious. If a licensee assesses that a potentially suspicious aviation-related activity is suspicious, then the activity should be reported as specified under 10 CFR 73.1215(c)(3).

Moreover, licensees should also exercise judgment in determining whether an aviation-related activity is suspicious with respect to normal air traffic patterns, proximity of the facility to local airports and military airfields, the use of rivers and coastal waterways for navigational purposes, local weather conditions, and other unforeseen local circumstances.

A-4. Reporting of Suspicious Aviation-Related Activity

Licensees subject to 10 CFR 73.1215(d) should report suspicious flight activity above, or in close proximity to their facility 10 CFR 73.1215(c)(3) (see “Reporting Timeliness and Order of Precedence” under Section B of this RG).

As a good practice, NRC staff recommends that licensee’s reporting suspicious aviation-related activity include key information, if available, that is of interest to law enforcement and FAA authorities. The following are examples of key information (listed in no specific order):

1. facility location

2. flyover location (e.g., owner-controlled area, protected area, cooling tower, power block)

3. date and time of day

4. duration of flight

5. number of manned aircraft or UAS

6. description of manned aircraft or UAS (e.g., size, fixed wing, multirotor)

7. types of maneuvers

8. pictures and video of the manned aircraft or UAS, if obtained

9. payload, if observed (e.g., camera, attachments)

10. manned aircraft ID number or UAS ID number, if observed⁵

11. operator identification, if observed.

The licensee’s use of special photographic or visual sighting equipment may enhance its ability to capture pertinent identification information more accurately. However, the NRC staff does not consider such special photographic or visual sighting equipment to be a requirement; rather it is simply an enhancement licensee’s may choose to make to facilitate their reporting of suspicious aviation-related activities.

A-5. Restricted Airspace Designation

In 2018, power reactor industry representatives coordinated with the U.S. Department of Energy (DOE) to obtain Federal sponsorship for nuclear facilities to petition the FAA for restricted airspace under 14 CFR 99.7, “Special security instructions.” ⁶ The Diablo Canyon Power Plant in California volunteered to pilot the process for receiving FAA approval for restricted airspace for UAS at commercial nuclear facilities. The power reactor industry representatives, the DOE, and the FAA developed a process that all operating reactor sites may use to request these airspace restrictions. On October 28, 2020, Diablo Canyon received a “National Security” designation for restricted airspace over their facility.

The NRC encourages licensees to voluntarily inform the NRC Headquarters Operations Center of any requests to the FAA for a restricted airspace designation for its facilities and any action taken by the FAA in response to such a request. The NRC Headquarters Operations Center may be reached by telephone 24 hours a day at the telephone numbers found in Table 1 of “Appendix A to Part 73 - U.S. Nuclear Regulatory Commission Offices and Classified Mailing Addresses.”

File Type	application/vnd.openxmlformats-officedocument.wordprocessingml.document
Author	Woods, Mary
File Modified	0000-00-00
File Created	2023-08-02