Risk-Informed Physical Security

In August 1995, the USNRC published a policy statement endorsing the use of PRA methods to reduce unnecessary conservatisms associated with current regulatory requirements.  The implementation of risk-informed guidance has resulted in cost beneficial changes to plant operations while maintaining or improving safety. Applying the lessons learned from risk-informing power operations provides an opportunity to optimize costs while maintaining adequate safeguards of nuclear materials.

There are several industry activities associated with risk-informed security guidance and standards that are currently ongoing.  These include activities associated with the light water reactor sustainability project (INL, Sandia), the International Atomic Energy Agency, and the ASME/ANS Joint Committee on Nuclear Risk Management (JCNRM).

Public policy supports a desire to achieve a more environmentally neutral power supply chain.  This has introduced and accelerated new options for meeting global power requirements.  Many countries have identified nuclear power as a key component of this evolution in the power generation mix.  In the United States, the Nuclear Promise and other policy directives help ensure the cost-effective operation of the current nuclear fleet to maintain nuclear power generation as a key component. Separately, the next generation of reactor designs provide simplification and margins.  These changes provide a chance to review and revise the current regulatory approaches for many areas of the licensing basis, including physical security.

Providing effective oversight of nuclear materials requires a substantial security presence and represents a significant operating cost for all nuclear power facilities.  Site security operations can cost on the order of 20% of the plant’s operating budget.  Several vendors are currently engaging the USNRC in discussions on a framework for simplified security requirements for the small modular reactors.

The development of the physical security posture is based on a deterministic evaluation of potential threats.  The design basis threat (DBT) is the basic design condition, but the application of force-on-force or threat simulation technologies expand on this basis.  The evaluations provide insights into the physical security posture but can also evolve into increased security costs with indeterminate benefit.  Figure 1 illustrates the assessment inputs and outputs.


Figure 1. Typical Physical Security Assessment

The only measured metric is the ability of the security team to mitigate the adversary prior to acquisition of specific targets.  It neglects any other aspect, such as mitigation of any impact on the facility or the reasonableness of the scenario given the capabilities of the adversary.  The current approach can be likened to the plant design basis with the design basis accident (DBA) forming the design condition and additional requirements being imposed based on industry or plant operating experience.  In this model, frequency of challenge and a quantitative evaluation of cost versus benefit cannot be applied, so the process has no avenue for reduced costs. The general approach for addressing new challenges is to provide additional gates, guns, and guards (termed 3Gs).

One method for assessing risk-informed physical security expands the current assessment to consider the basic risk considerations of initiating event likelihood, associated plant response, and consequence impacts.  Figure 2 illustrates how the current approach (blocks outlined in red) are expanded for the risk-informed process.

Figure 2.  Outline of Risk-Informed Physical Security Model

The additional elements in the risk-informed security model significantly improve the value of the overall assessment:

  • The review of the threat identification for site specific aspects and adversary capabilities provides a more realistic identification of possible threat scenarios.
  • The inclusion of the plant response model given an adversary attack allows for more realism in the severity of a specific scenario.
  • The consequence assessment relates the outcome to public safety.
  • The ability to quantitatively address the threats allows for ranking outcomes and determining the importance of elements within the assessment. This is expected to show that some specific security aspects are unnecessary or have an insignificant impact on overall plant physical security.

The outlined approach (i.e., current approach) was applied at a Swiss nuclear plant in response to a specific regulatory directive. The assessment identified that the directive did not substantially improve site security, but implementation costs alone would have exceeded 10 million Sfr.  The application of the method identified more significant threats that were addressed at an approximate cost of 100,000 Sfr. The regulator accepted the results of the risk-informed assessment resulting in a savings of over 9 million Sfr.  Subsequent use of the risk-informed model at the site allowed for reductions in patrols, extension of security equipment testing, and extended inoperability of some security features.

ENERCON PRA staff are currently involved in the development of future standards both domestically and internationally.  They are also working to identify industry sponsors to support the implementation of the previously utilized methods domestically.

ENGAGE with ENERCON to EMPOWER your next project.