Stakeholder Workshop Report: Periodic Review of the Nuclear Security Regulations

1. Introduction

The Canadian Nuclear Safety Commission (CNSC) regulates the use of nuclear energy and materials to protect health, safety, security and the environment; to implement Canada’s international commitments on the peaceful use of nuclear energy; and to disseminate objective scientific, technical and regulatory information to the public.

A key part of the CNSC’s mission is to regulate the security of nuclear material and nuclear facilities. The Nuclear Security Regulations (NSR) set out security requirements that are applicable to certain nuclear materials and certain nuclear facilities. Part 1 of the NSR applies to Category I, II and III nuclear material (described in Schedule 1 of the NSR) and nuclear power plants. Part 1 includes general obligations and additional requirements for high-security sites (a nuclear power plant or a nuclear facility where Category I or II nuclear materials are processed, used or stored). Part 2 of the NSR sets out requirements that are specific to the nuclear facilities listed in Schedule 2 of the NSR, such as nuclear fuel fabrication facilities and nuclear substance processing facilities.

In 2016, in its ongoing efforts to modernize its regulations and as part of its routine periodic review of individual regulations, the CNSC initiated a review of its NSR. The objective of the review is to ensure that the NSR continues to fulfill its role in ensuring that nuclear facilities have robust security measures that protect health and safety. The review also aims to ensure that the NSR are flexible enough to adapt to an evolving security environment, and that Canada continues to fulfill its international obligations for the security of nuclear and radioactive materials.

To obtain early input into the review of the NSR, the CNSC organized three workshops with stakeholders. Due to the nature of the file, the stakeholders who attended the workshops were those directly responsible for implementing security measures at nuclear facilities or responsible for the security of nuclear material. The purpose of this document is to share the feedback that the CNSC received during those workshops.

In keeping with the CNSC's commitment to stakeholder engagement, comments and suggestions on specific CNSC regulations or by-laws are welcome at any time. As part of ongoing efforts to enhance and clarify the CNSC’s regulatory framework, the CNSC will use these comments to inform future reviews of its regulatory tools.

2. Changes Since Last Review

The last major revision of the NSR was completed in 2006. Since then, there have been a number of drivers for certain amendments to the NSR. The following sections describe those changes.

2.1 Evolving security threats

Since the NSR were last published, potential threats to nuclear infrastructure have continued to evolve. The NSR are being reviewed to ensure that they continue to be fit for purpose and consider these evolving threats. For example, one of the fastest-growing threats to have evolved in the past few years is cyber attacks. A number of cyber attacks have been directed at critical infrastructure. As a result, cyber security has been considered during the NSR review.

2.2 Technological advances

Technology continues to have a major impact on nuclear security. New technology can present new challenges for the security of nuclear facilities, such as cyber-security threats, as well as opportunities to better protect nuclear security infrastructure against threats. Examples of new technology that could improve security include thermal imaging, night vision and infrared cameras, digital fingerprint screening, computed tomography, and advanced imaging and screening technology to detect firearms and explosive substances.

2.3 Entry into force of the Amendment to the Convention on the Physical Protection of Nuclear Material

On May 8, 2016, the Amendment to the Convention on the Physical Protection of Nuclear Material (CPPNM) came into effect. The Convention is the only international legally binding undertaking in the area of physical protection of nuclear material. The amended CPPNM legally binds Canada to the protection of nuclear facilities and material used for peaceful domestic purposes, storage, and transport. It also provides for enhanced cooperation between states in rapidly locating and recovering stolen or smuggled nuclear materials, mitigating radiological consequences of sabotage, and preventing combat-related offenses.

While the Amendment to the CPPNM only came into force in 2016, it was known and subsequently incorporated into the 2006 revision of the NSR. Consequently, the current review focused on three areas in which the international approaches have evolved since 2006, specifically:

  • Fundamental Principle F: Security Culture
  • Fundamental Principle I: Defence in Depth
  • Fundamental Principle L: Confidentiality

2.4 New recommendations published by the International Atomic Energy Agency

Since the NSR were last published, the International Atomic Energy Agency (IAEA) has published several new recommendations on the security of nuclear infrastructure and materials. These publications include:

These recommendations include several new security considerations, such as performance testing, cyber security, contingency planning and increased focus on the insider threat. These recommendations were considered during the NSR review.

2.5 Recommendations from the International Physical Protection Advisory Service 2015 mission in Canada

In October 2015 the International Physical Protection Advisory Service (IPPAS) conducted a mission in Canada. The purpose of the IPPAS mission was to review the nuclear security regime in Canada. Following the review, IPPAS issued a mission report with its findings.

The mission report made 3 recommendations and 30 suggestions that could enhance nuclear security. Recommendations and suggestions from the mission report were considered during the NSR review.

2.6 Changes to Government of Canada security clearance standards

Currently, the NSR reference the Personnel Security Standard, published by the Treasury Board of Canada Secretariat in 1994. The Standard was superseded by the Standard on Security Screening. The new standard took effect on October 20, 2014. Since the NSR reference a standard that has been superseded, the CNSC is considering whether this standard should be updated as part of the NSR review. Section 3.9 discusses this change further.

2.7 Operational experience

Since the last major revision to the NSR, a number of relevant lessons have been learned from CNSC and licensee operational experience. For example, a number of performance testing exercises have been conducted over the past several years. Operational experience has been considered as part of the NSR review. Additionally, the CNSC has considered feedback from licensees on the NSR. For example, licensees have proactively approached the CNSC in the past with potential amendments and new considerations.

3. Stakeholder Workshops

To obtain early input into the review of the NSR, the CNSC organized three workshops with stakeholders. The stakeholders who attended the workshops were those directly responsible for implementing security measures at nuclear facilities or responsible for the security of nuclear material. The workshops, listed below by date, targeted three different participant groups:

  • October 12, 2016 – Licensees listed in Schedule 2 of the NSR, licensees who possess, use, store and transport Category III nuclear material, and licensees who operate research-type reactor facilities (e.g., SLOWPOKE operators)
  • October 13, 2016Footnote1 – Licensees who operate high-security sites (e.g., nuclear power plants) and possess, use or transport Category I and II nuclear material
  • January 31, 2017 – Vendors, designers and licensees interested in the construction and deployment of small modular reactors

During the workshops, the CNSC provided an overview of the areas in which the CNSC is considering amendments to the NSR. During the workshops the CNSC provided stakeholders with an opportunity to provide comments on those areas, suggest additional areas in which the CNSC could consider making amendments, and provide information on the impact of those potential amendments.

The next sections of this document outline the themes that were discussed during the workshops and the feedback that was received. Appendix A contains a list of the organizations and number of participants who attended each workshop.

3.1 Simplified layout

The current layout of the NSR can make it challenging to determine which requirements apply to nuclear material and which apply to a specific facility. For example, requirements that apply to Category III nuclear material are found in both Part 1 and Part 2 of the NSR. A new simplified modular layout could make it easier for licence applicants and licensees to locate the requirements applicable to their facilities or activities.

Feedback received from Schedule 2 licensees, transporters of nuclear material, and SLOWPOKE reactor licensees

There was general agreement on simplifying the layout of the NSR in modular format. Participants noted that it is sometimes cumbersome or challenging to find all of the requirements that apply to the licensees listed in Schedule 2 of the NSR.

Feedback received from high-security site licensees

Licensees generally support the proposal to simplify the NSR using a modular format with index, sections and parts laid out in a logical and organized fashion. Some participants felt that it is currently challenging to find some information in the regulations.

It was recommended that the NSR should have a separate section specific to nuclear materials storage, especially for irradiated (spent) nuclear fuel storage facilities.

Feedback received from small modular reactor vendors and designers

There was general agreement on simplifying the layout of the NSR using a modular format. The current structure of the NSR is difficult to navigate. It would also be beneficial to have all of the licence application security requirements consolidated in one place within the amended NSR.

There was agreement on having Category I, II and III nuclear material requirements listed in a consolidated (modular) fashion so that all requirements applicable to Category I nuclear material, for example, are listed or found in one area. It was recommended that the NSR define the objectives of the NSR at the front end and include the option of security by design, to protect against the threat of theft and/or sabotage of nuclear material or facilities. The definition of a high-security site may have to be revised, especially in the context of small modular reactors versus larger-scale commercial nuclear power plants.

3.2 Performance-based approach

A performance-based approach to the regulations could be applied where it would make sense to do so. Under this approach, the regulations would establish high-level requirements, and regulatory documents would contain technical requirements and guidance in support of these high-level requirements. This approach could impact the following sections of the existing NSR:

  • section 9: Barrier Enclosing Protected Area
  • section 10: Unobstructed Area Surrounding Protected Area
  • section 11: Protected Area Intrusion Detection
  • section 12: Location of Inner Area
  • section 14: Inner Area Intrusion Detection
  • section 15: Security Monitoring Room

Summary of feedback received from Schedule 2 licensees, transporters of nuclear material, and SLOWPOKE reactor licensees

It was recommended that a graded approach be applied to lessen the regulatory burden. Small facilities do not see a need for a stand-alone program and want to be regulated based on performance. The preference is to have performance-based, high-level requirements. Comments indicate that the operators prefer to stay away from prescribed requirements in regulations where possible, as they may become outdated very quickly. It was also suggested to address cyber threats from both the insider and outsider perspectives.

Feedback received from high-security site licensees

There was broad support for a performance-based approach when revising the NSR. There was consensus with technical requirements and/or guidance being moved to regulatory documents. Regulatory documents should be clear, provide suitable guidance, and provide examples.

There was general consensus that the performance-based approach is the most suitable option, as it provides good flexibility. Clear performance criteria are needed when an approach is based on performance or when a combined (performance and prescriptive) approach is applied. Participants recognized that a prescriptive approach may be necessary in certain areas of the regulations.

Feedback received from small modular reactor vendors and designers

There is general agreement on a performance-based approach when revising or amending the current NSR. The NSR should establish high-level security requirements. The regulator should clearly identify the expectations and objectives at the front end of the regulations, and the proponent/operator/applicant can propose how they will meet the required objectives.

It was suggested that, where possible, detailed technical requirements and guidance be moved to regulatory documents. Some of the existing high-security site requirements within the NSR are very prescriptive. Regulations should be more performance-based, where it makes sense to do so. For example, technical details of barrier requirements (e.g., fence height) are an example of what could be moved to a regulatory document.

It was recommended that CNSC staff use a threat and risk assessment methodology as well as the design-basis threat analysis (DBTA) process as the baseline for performance-based regulation. The graded approach should be considered when drafting performance-based regulations.

There is a need for emphasis on the consideration for "security by design" in the NSR. Performance requirements should be provided by the regulator. Some small modular reactors may be high-security sites due to the categorization of their nuclear material and may be located in remote areas, so this option should be considered when drafting changes to the NSR. The regulator would define the "what is needed" aspect, and the licensee or proponent would determine and propose the means or the "how" to achieve the objective(s), providing technical evidence to support its proposal(s).

There was recognition that prescriptive regulation is necessary in certain areas such as screening and searching for weapons, explosives and nuclear material; authority, fitness certifications, and training and jurisdiction of nuclear security officer personnel; and security clearance requirements, such as criminal record, intelligence indices and credit checks. Where prescriptive regulation is necessary, it should be very clear and well worded. The regulations should be written so they are able to adapt and apply to new threats (e.g., use of drones).

Additional guidance or information specific to small modular reactors in remote locations related to detection, delay and response options would be helpful. The CNSC could consider unique features of small modular reactors – such as underground placement of an integrated reactor, a limited number of above-ground access points, inherent passive "safety features", and robust safety barriers to protect against external threats, such as aircraft crash – all of which enhance both safety and security.

It was suggested that CNSC staff develop regulations that follow IAEA recommendations in areas such as risk management, graded approach and defence in depth when establishing the principles or objectives of performance-based regulation within the NSR.

It was stated that the regulations should provide for alternative approaches to that of an onsite security response force. The amended NSR should provide the option to propose an alternative approach based on fully engineered security and safety features in conjunction with an offsite response force, which provide a proven methodology to counter any design-basis threat (DBT).

3.3 Replace the list of facilities in Schedule 2 with a definition

Currently, the NSR define high-security sites as 'a nuclear power plant or a nuclear facility where Category I or II nuclear material is processed, used or stored." Sections 7.4 to 38 of the NSR include requirements specific to high-security sites. The NSR also include a list of facilities in Schedule 2 that includes nuclear fuel facilities and nuclear substance processing facilities. Part 2 of the NSR includes requirements specific to the security of nuclear facilities listed in Schedule 2.

To reduce the need to make regular administrative changes to Schedule 2 of the NSR, the schedule could be removed and replaced with a new "medium-security site" definition. The new definition of a medium security site would include all of the facilities currently listed in Schedule 2. Additionally, a definition would add certainty for potential licence applicants as to whether certain regulatory requirements would apply to the facility they wish to have licensed by the CNSC.

Feedback received from Schedule 2 licensees, transporters of nuclear material, and SLOWPOKE reactor licensees

There is general support for this proposal provided that the definition of a "medium-security site" is very clear, so that licensees as well as future applicants would know what requirements in the NSR would apply to them. It was suggested to base the definition on the nuclear material or substances at the facility.

The sabotage threats or risks that may apply to the different types of facilities that are currently listed in Schedule 2 may be very different. This is an important consideration when coming up with an appropriate definition for a medium-security site.

Some SLOWPOKE operators were concerned that their inclusion in the definition of a medium-security site would impact the public’s or academic community’s perception of them, as they consider themselves "low-risk" facilities from a security perspective.

There was also a concern expressed by SLOWPOKE operators that in having to implement additional security requirements, such as facility-access security clearances, cyber-security and security awareness training that currently don’t apply to them, would increase their regulatory burden and financial costs. It was suggested to define SLOWPOKE reactors as low-security sites as opposed to medium-security sites.

3.4 Potential new requirements for certain facilities, including SLOWPOKE reactors

The previous section discussed a potential new definition for a medium-security site. The definition for a medium-security site could be expanded to include all non-power research reactors that use, process or store Category III nuclear material, as defined in Schedule 1 of the NSR, including SLOWPOKE reactors. These types of facilities could be included within the definition of medium-security site to align with IAEA recommendations.

If SLOWPOKE facilities are included in the definition of a medium-security site, the following existing requirements of the NSR would apply to them:

  • subsections 42(1) and 42(2): Access control of nuclear facilities
  • subsection 44(1): Revocation of facility-access security clearance
  • paragraph 45(a): Entry of land vehicles
  • section 48: Supervisory Awareness Program

Additionally, if these facilities are included in the definition of medium-security sites, the following new or expanded requirements being considered as part of this review could also apply to them:

  • cyber-security requirements (discussed in section 3.5)
  • protection of nuclear security information (discussed in section 3.6)
  • nuclear security culture requirements (discussed in section 3.7)
  • nuclear security plan requirements (discussed in section 3.8)
  • facility-access security clearance (FASC) requirements (discussed in section 3.9)
  • nuclear security officer requirements (discussed in section 3.10)

Feedback received from Schedule 2 licensees, transporters of nuclear material, and SLOWPOKE reactor licensees

There were concerns expressed with the proposal for the requirement of a FASC for those persons requiring unescorted access to a SLOWPOKE reactor. This proposal could impact some researchers, particularly those who are non-Canadian citizens (foreign nationals) seeking unescorted access to a SLOWPOKE reactor. Depending on their citizenship or country of origin, it is very challenging and sometimes impossible to get a law enforcement record check (LERC), previously called a criminal records name check (CRNC), in support of a facility-access security clearance (FASC).

3.5 Cyber-security requirements

Cyber attacks are among the fastest-growing threats to Canada’s critical infrastructure, including nuclear facilities. As a result of recommendations from the IAEA, amendments could be implemented in this area. For example, Nuclear Security Series No. 20, Objective and essential elements of a State’s Nuclear Security Regime, indicates that one of the essential elements of a nuclear security regime is "routinely performing assurance activities to identify and address issues and factors that may affect the capacity to provide adequate nuclear security, including cyber security, at all times" [1]. Additionally, the IPPAS mission report states that "in principle, the coverage and scope of CSA N290.7-14 addresses requirements for robust computer security in nuclear installations. However, the IPPAS team believes it may not necessarily be comprehensive enough to deliver the standards of assurance which accord with evolving regulatory expectations. Accordingly, [the report indicates that the] CNSC should perform a systematic review of the document and decide (potentially on the basis of the 'cyber' DBT and within their own regulatory framework), which modifications or extensions are appropriate." [2]

The development and implementation of a cyber-security framework in response to credible cyber threats is consistent with IAEA recommendations and guidance in Nuclear Security Series No. 17. The CNSC has already addressed cyber-security requirements within regulatory documents. Specifically, REGDOC 2.5.2, Design of Reactor Facilities: Nuclear Power Plants requires all nuclear power plants in Canada to implement and maintain a cyber-security program. This was the result of a CNSC regulatory action in 2008.

A new requirement for cyber-security protection could be added to the NSR for both high-security sites and facilities that would fall under the new definition of medium-security sites. Under the new requirement, those facilities would have to have a cyber-security program for cyber-based systems or devices that would operate critical safety, security and safeguards systems. It would include identifying credible cyber threats and taking appropriate steps to counter those threats.

These requirements would aim to ensure that this threat is addressed. The new requirements would use a risk-based approach that is consistent with the DBT, and the site-specific threat and risk assessment (TRA).

Feedback received from Schedule 2 licensees, transporters of nuclear material, and SLOWPOKE reactor licensees

Participants suggested that a nuclear power plant and a SLOWPOKE reactor should have different cyber-security requirements, which should be based on threat and risk. Depending on requirements this may pose a greater regulatory burden for smaller operators. Licensees recognize the growing concern with cyber threats. Operators need support and guidance from the CNSC in this area so that expectations are clearly communicated and operators have an opportunity to better understand both risk and potential impacts to their facility or operations.

For SLOWPOKE reactors, it was suggested that the CNSC discuss potential cyber threats and risks with operators so that they have a better understanding of what type of cyber-security framework or program is required and why. Many SLOWPOKE reactors use operating platforms that may not be vulnerable to cyber-based attacks. Some licensees with smaller, lower risk facilities expressed concerns about having to implement a cyber-security program that may require significant cost.

Feedback received from high-security site licensees and small modular reactor vendors and designers

Some workshop participants were surprised that this proposal is being considered when amending the NSR, given that CSA N290.7-14, Cyber security for nuclear power plants and small reactor facilities, is now a requirement for some high-security site licensees. Some licensees did not support the addition of new requirements in this topical area because they felt that there were likely to be too prescriptive.

Other licensees agreed to accept the concept as long as the regulator provides adequate guidance that does not conflict with existing compliance activities.

Some licensees stated that the CNSC should update the DBTA requirements in the NSR to explicitly include cyber security. Prescriptive requirements or information related to cyber security should be referenced in regulatory documents or CSA standards. Cyber security is already part of the TRA at some sites, and there is already a cyber-security program in place to meet the CSA standard (N290.7-14, Cyber security for nuclear power plants and small reactor facilities).

3.6 Protection of nuclear security information

A new requirement for high-security sites, as well as for all facilities that would fall under the medium-security site definition, could be added in order to protect critical and sensitive nuclear security information. Licensees currently use different approaches to protecting information. The types of nuclear security information that operators must protect could be clarified. The aim of this requirement would be to ensure that this type of information is classified appropriately and handled in a way that protects against unauthorized disclosure. The new requirement would apply to electronic media used for processing, storing and transmitting nuclear security information.

The protection of sensitive, prescribed and classified information is essential to protecting national security as well as to ensuring the safe and secure operation of nuclear facilities. There is considerable risk and potential that nuclear security information will be disclosed to unauthorized parties if sensitive information is not protected against evolving threats (e.g., cyber attacks). Requirements for defining critical and sensitive nuclear security information, as well as new requirements for the classification and protection of this type of information, could be introduced.

The new requirement will ensure that Canada is meeting one of the IAEA’s nuclear security fundamental principles in the CPPNM. Specifically, Fundamental Principle L: Confidentiality affirms that "the state should establish requirements for protecting the confidentiality of information, the unauthorized disclosure of which could compromise the physical protection of nuclear material and nuclear facilities" [3].

Feedback received from Schedule 2 licensees, transporters of nuclear material, and SLOWPOKE reactor licensees

Participants suggested basing the protection of nuclear security information on a graded approach and on the consequences of unauthorized disclosure to a third party. It was advised to keep requirements at a high level and to base them on performance, to avoid being prescriptive but provide technical guidance.

Operators stated that this does not seem difficult to achieve, but that the challenge lies with the labelling/nomenclature of nuclear security information. Different licensees may use different terms to identify similar types of nuclear security information.

In the case of sabotage, it is not clear what type of security-related information would require protection. For example would this include safety analysis reports having to be protected or restricted? Participants noted that licensees would need to know what is considered to be nuclear security-related information and what requirements are being proposed to protect this information.

Feedback received from high-security site licensees

Participants agreed that there is a need to ensure that confidential, critical and/or sensitive nuclear security information is adequately protected from disclosure or compromise. There is a gap in that, at present, there are no technical requirements or guidance that would assist licensees in protecting this type of information.

Licensees have already developed "in-house" information classification systems or approaches for the protection of information so these systems would have to be considered should a regulatory document be drafted to support this area. Licensees requested to be consulted if a supporting regulatory document is developed. They suggested establishing a broad definition for nuclear security type information to avoid creating a separate classification system.

Any amendments to the NSR for the protection of information have to consider the evolving cyber threat, electronic transfer of information and protection against these types of "new" threats.

The personnel at some high-security sites are of the view that they already have acceptable procedures in place for managing and protecting sensitive information, including electronic media. As a result, some participants have expressed that the regulations should be flexible enough to allow for compliance with the proposed requirement for managing and protecting sensitive information if its intent is already being met through their existing procedures.

Some participants indicated that it could be a challenge to achieve consistency if a strictly performance based approach is taken while amending the regulations. Specifically, some prescriptiveness may be required when defining higher level regulatory requirements for managing and protecting sensitive information.

Feedback received from small modular reactor vendors and designers

It was agreed that the protection of nuclear security information is important. Modernization on how nuclear security type information is stored and transmitted is required to be considered when revising the NSR. The majority of information is now electronic and stored on a variety of cyber media (e.g. usb drives) so this has to be considered. It was suggested to ensure that the NSR allow for the reciprocity or acceptance of site access security clearances between licensees, provided all required vetting is carried out following an acceptable process by accredited agencies and personnel.

A consideration was brought forward that designers of small modular reactors may require access to the DBT. It is also essential to develop a regulatory document to facilitate the identification, handling, transmitting and storage of nuclear security sensitive information. This should include sensitive, protected, prescribed and confidential types of information so that information is defined and protected in a consistent manner regardless of licensee or site.

There was a suggestion to look at how the United Kingdom addresses the protection of information, especially at the beginning of the facility design process. Also consider the issue of e-storage of protected information from the cyber security perspective when reviewing this area. This is also linked to the requisite security clearance to access sensitive, prescribed or classified information. Facility-access security clearances provided by other agencies (Public Services and Procurement Canada) for vendors/designers should be recognized within the NSR.

3.7 Nuclear security culture

The IAEA in Nuclear Security Series No. 20 defines nuclear security culture as "the assembly of characteristics, attitudes and behaviours of individuals, organizations and institutions which serve as a means to support, enhance, and sustain nuclear security" [4].

Currently all licensees have an obligation under subsection 12(1)(j) of the General Nuclear Safety and Control Regulations to "instruct the workers on the physical security program at the site of the licensed activity and on their obligations under that program". These types of programs are directly related to an effective security culture.

A new requirement to implement a nuclear security culture program could be introduced for high-security sites and facilities that would fall under the new medium-security site definition. Security awareness is directly related to security culture, as it is a crucial component of reinforcing the belief that a credible threat exists. An integral part of the nuclear security program would be to educate workers at nuclear facilities about their responsibilities in relation to nuclear security.

Addressing this new requirement would ensure that Canada is meeting one of the IAEA’s nuclear security fundamental principles, set out in the CPPNM – specifically, Fundamental Principle F: Security culture. Fundamental Principle F states that "all organisations involved in implementing physical protection should give due priority to the security culture, to its development and maintenance necessary to ensure its effective implementation in the entire organisation" [3]. In addition, the IAEA has recommended in Nuclear Security Series No. 13 that licensees, regulators and states establish an effective nuclear security culture. The goal of nuclear security culture is to provide greater assurance that nuclear security activities will maintain and improve the following: preventing, detecting, delaying and responding to theft, sabotage, unauthorized access, illegal transfer, or other malicious acts involving nuclear or other radioactive material in use, storage or transport. Further, the IAEA’s IPPAS mission report suggested that a document be produced that serves as "an opportunity to explicitly refer to nuclear security culture and its importance. Useful guidance can be found in IAEA Nuclear Security Series No. 7" [5].

Feedback received from Schedule 2 licensees, transporters of nuclear material, and SLOWPOKE reactor licensees

Participants recognized that there is a need to comply with the IAEA Convention on the Physical Protection of Nuclear Material and its amendment with respect to nuclear security culture as well as a need to create a top-down safety culture.

Participants noted that safety culture already exists in the nuclear industry and predates security culture. They felt that the fundamental issue with nuclear security culture is that it should be the outcome of many programs, training and enforcement efforts. This is an additional program that licensees will have to implement, resulting in additional regulatory burden, resources and workload to meet requirements. Some participants suggested that security culture should be linked to the management system.

Many licensees have established safety culture programs. Creating a new separate program for security culture may increase workload and be too challenging for some licensees. Some think that safety and security culture is already integrated and is part of the safety training. Some similarities were noted, as was the need to identify equivalence criteria; for example, if a licensee can provide both safety and security awareness training. It was asked to make sure that the expectations of compliance in the area of nuclear security culture are clear and flexible.

Feedback received from high-security site licensees

Licensees indicated that they understand the importance of nuclear security culture. Most expressed no concern with having a high-level requirement about nuclear security culture in regulations. There are already programs in place that promote a security culture at the corporate level within organizations. Some of these programs could be adapted.

It was stated that it will be challenging to regulate security culture, but that nuclear security culture and security awareness can be monitored. The focus should be on nurturing (promoting) nuclear security culture as an objective.

Some workshop participants suggested integrating nuclear security culture within safety culture, as suggested in draft CNSC regulatory document REGDOC-2.1.2, Safety Culture, as it is part of the site's overall corporate culture that embraces both safety and security. There are benefits to integrating safety and security culture.

There was general consensus that an overall corporate culture should include and embrace both safety and security culture.

It was also suggested that nuclear security culture could be part of the nuclear security plan. It was suggested to consider establishing a high-level requirement in the NSR for nuclear security culture in general, but not specific to a program. Nuclear security culture program requirements or guidance could be captured in a regulatory document.

Some participants noted that it would be challenging to implement a nuclear security culture program if the requirement is added to regulations. They also expressed the view that security culture could be monitored in a number of ways, including metrics or indicators drawn from security awareness surveys, security incident reporting etc.

It is important to note that an application for a licence requires that the proponent describe its management system for the activity, including the measures it intends to take to promote a safety culture. CNSC staff continue to develop REGDOC-2.1.2, Safety Culture. Within that document is an approach for an inclusive and integrated culture that addresses nuclear security culture within safety culture. There remains general consensus that a good safety and security culture is important, and that it must be fostered throughout the organizations, led from the top, and continuously monitored and enhanced. There was no consensus that a regulation was required to support this issue, but rather that it is a policy-driven issue. The developing, fostering and maintaining of a nuclear security culture is identified by the IAEA as necessary for sustaining an effective nuclear security regime.

Feedback received from small modular reactor vendors and designers

There were varying opinions on this subject, with comments ranging as follows: Safety and security culture are directly related, but should be kept separate as safety culture is well known and mature while security culture is relatively new. Security culture may look very different depending on the site. Safety and security cultures should be mutually supportive. Security culture framework should be a high-level requirement in the NSR with details articulated in a regulatory document. Safety and security cultures should be integrated. Most operators already have a safety culture program.

There is a concern with security culture being attached to the safety culture framework without fully understanding what security culture means and what the CNSC expects.

Other participants were of the view that security and safety cultures should be integrated, and some thought that security could be a subset of a safety culture program. There may be a language and definition challenge between security and safety terminology.

There is an understanding that the Government of Canada ratification of the amendment to the Convention of the Physical Protection of Nuclear Material reinforces the obligation to consider and address nuclear security culture.

The CNSC should consider or research what other industries/agencies have done such as the airline industry and Public Health Agency of Canada (National Microbiology Laboratory – Winnipeg), which have implemented both a safety and security culture.

3.8 Nuclear security plan

A requirement could be introduced for high-security sites and sites that would fall under the new definition of medium-security site to consolidate all essential security-related information in one document, called a nuclear security plan (NSP).

The current version of the NSR contains several references to documents required in support of a licence application or renewal, including the following:

  • site plan
  • proposed plan and procedures
  • descriptions of protected, inner, unobstructed, vital and inner areas
  • threat and risk assessment
  • security organizational structure
  • descriptions of security equipment, systems and procedures

This has resulted in a variety of documents, such as site security reports, facility security reports, site security procedures and site security plans. The NSP will continue to have the same review and update requirements.

This change could simplify the way that nuclear security-related information is documented. As well, this would be consistent with the IAEA Nuclear Security Glossary definition of a nuclear security plan.

Feedback received from Schedule 2 licensees, transporters of nuclear material, and SLOWPOKE reactor licensees

There was general agreement on the proposal to standardize the different terms or names of documents being used to describe the nuclear security plans, measures, procedures, equipment and systems in place at various nuclear sites or facilities as a nuclear security plan.

Feedback received from high-security site licensees

There was general consensus for the proposal to having all nuclear security-related information consolidated into one document called a nuclear security plan. High-level requirements for the NSP would be set out in the amended NSR and the supporting technical details or guidance set out in a regulatory document.

Licensees would like to have input on the process as to how and when they would be required to update the NSP and the required frequency or circumstances necessary to have to submit an update or revised NSP to the CNSC.

Feedback received from small modular reactor vendors and designers

There was general support for consolidation of all security-related information into one document called a nuclear security plan. This will require some guidance to assist licensees in this area. Clear expectations and guidance will be required.

3.9 Facility-access security clearance (FASC), site access security clearance (SASC) and Personnel Security Standard

Facility-access security clearance (FASC) is a clearance granted by licensees giving a person access to a facility listed in Schedule 2 of the NSR. Section 42(2) of the NSR provides the information that a licensee must assess in order to grant a FASC, including a LERC.

Similarly, a site access security clearance (SASC) is a clearance granting a person unescorted access to the protected area of a high-security site. Section 17(2) of the NSR provides the information that must be verified by a licensee in order to obtain a SASC. The SASC is based on the security assessment referred to in the Personnel Security Standard or on an equivalent security assessment, and is valid for five years.

The references in the NSR from the Personnel Security Standard to the new Standard on Security Screening could be updated, since the Personnel Security Standard has been rescinded and replaced. The Standard on Security Screening came into effect on October 20, 2014 and will be enforced as of October 31, 2017.

The new standard includes:

  • financial background checks
  • changes to LERC where a law enforcement records name check includes digital fingerprinting
  • additional requirements for certain clearance levels, such as enhanced clearances

The requirement for a FASC for sites that fall under the proposed definition of a medium-security site could be expanded. This would mean that such facilities, including SLOWPOKE reactors, would have to require a FASC based on a security assessment (trustworthiness verification) for SASCs referred to in the updated standard, including a LERC. This requirement could apply to those facilities to minimize the insider threat and align with IAEA recommendations for nuclear security.

Since the NSR already allow licensees to propose an equivalent security screening standard, alternatives that would meet the objective of FASC and LERC requirements could be considered. One potential alternative would be a valid NEXUS card. A NEXUS card is issued for a five-year term by the Canada Border Services Agency to speed up border crossings between the United States and Canada. In order to be issued this card, applicants must meet comprehensive background and security check requirements, including a LERC. Therefore, the CNSC could consider NEXUS an acceptable equivalent security screening standard, should licensees wish to use it.

Feedback received from Schedule 2 licensees, transporters of nuclear material, and SLOWPOKE reactor licensees

Licensees recognize that the change to the criminal record name check (CRNC) being done via digital fingerprint scanning rather than the current paper-based system is coming in the near future and that it will provide for a more robust check.

Licensees requested support from the regulator when trying to enforce the requirement for a facility-access security clearance, particularly in the case or revocation or suspension of a FASC due to adverse information (e.g. serious criminal conviction) being found during the security clearance vetting or renewal process.

Licensees have requested assurance that if someone is applying for or in possession of a FASC and is identified through a valid vetting process to be a security risk that the licensee has the requisite authority to deny, suspend or revoke said FASC.

On occasion, FASC denials, suspensions or revocations have been challenged in labour dispute tribunals. Licensees requested clarification of the ramifications when a provincial arbitrator’s decision may conflict with a licensee’s authority in denying, suspending or revoking a FASC due to concerns regarding security risk to a nuclear facility, operations or staff.

Some licensees support the concept of FASC equivalency to that of a valid Nexus, Free and Security Trade or Possession and Acquisition Licence card.

There were some concerns expressed about whether the new digital fingerprinting scanning process would be higher cost than the previous paper based system. It was suggested that the CNSC coordinate additional outreach on digital fingerprint scanning in support of a FASC as there are inconsistent and inaccurate messages circulating as to how digital fingerprints are captured, transmitted, verified, protected and destroyed both during and after vetting.

Feedback received from high-security site licensees

Licensees were updated on the changes to Government of Canada’s Security Screening Standard that will impact SASC screening requirements for CRNC. The licensees requested/expressed the following:

  • that the CNSC work with the RCMP to identify the timeline to phase over to digital fingerprinting checks and pass this information onto the licensees in writing
  • that many of their jurisdictional police services have not been advised that digital fingerprinting will replace the current paper based system that uses services by the Canadian Police Information Centre
  • that the CNSC work with licensees to reach a consensus on an acceptable process to identify how credit checks will be implemented as part of the security screening process including who they will apply to
  • whether these changes will mean increased costs for licensees that have to adhere to them
  • licensees requested the CNSC to provide them with written notice well in advance of the above changes (the notice should include the new screening requirements, the legal and regulatory basis, their implementation date and who they will apply to)

Licensees were of the view that labour relations are a significant consideration to be taken into account with these changes. Licensees have requested that the CNSC assist in providing the legislative or regulatory basis for these changes to promote better understanding of the need within the nuclear industry.

Some concerns were expressed around potential longer turnaround times for vetting of security clearance applicants or renewals with the above changes as well as increased costs.

Licensees understand the drivers for these changes but also want a clear communication strategy in association with the CNSC to ensure those impacted understand why these changes are being made including the positive impact they will have on the security of high-security nuclear sites.

Feedback received from small modular reactor vendors and designers

There was consensus with the proposal for the requirements for a security clearance being defined in regulation and to include essential items such as digital fingerprinting, indices checks, term of clearance, etc. It was suggested that some of the detailed technical requirements related to security clearance programs, such as background investigations, assessment of adverse information etc., be contained in regulatory documents.

The issue of some small modular reactor vendors, designers, etc. being from other countries (foreign nationals) was identified as a concern since there may be challenges in obtaining security clearance for them, depending on what country they are from. In addition, it may pose challenges to industries that support the small modular reactor industry, as some of these support industries or agencies are not located in Canada.

It is essential that this proposal and review consider how both national and foreign small modular reactor vendors and designers are able to be security-cleared to access security-related information (e.g., DBTA, TRA) when designing a reactor. Access by designers to essential security-related information in the early stages of the design process is the only way that "security by design" can be applied effectively.

3.10 Nuclear security officer and security staff duties

Several changes to NSR with respect to nuclear security officer (NSO) duties at certain nuclear facilities could be made. Currently, only high-security sites are required to have nuclear security officers. The duties of these officers are set out in section 30 of the NSR, and the equipment provided to them is listed in section 31 of the NSR. Other facilities do not have specific requirements for security staff, though many employ or contract security staff with responsibilities similar to those of NSOs.

The requirements with respect to NSO duties could be updated. The update would reflect the current duties and operational environment for all NSOs at nuclear facilities. Section 30 of the NSR could be updated to outline all of the higher-level duties associated with all NSOs.

Based on feedback received from various stakeholders, a new requirement for medium-security facilities could be introduced. Security officers at those sites would have new requirements similar to sections 30 and 31 of the NSR.

The requirement for security officers at medium-security sites to screen people for nuclear substances or radioactive material when they are exiting areas where substances or material are used, stored or processed could be revised. The requirement could be added to the NSO’s duties.

Currently, the NSR do not include requirements for security staff at all non-power research reactor facilities that use, process, or store Category III nuclear material, as defined in Schedule 1 of the NSR, including SLOWPOKE reactor facilities. These sites could benefit from having basic equipment be prescribed by regulation to ensure that site security personnel have the equipment necessary to adequately respond to security incidents at these facilities.

Feedback received from Schedule 2 licensees, transporters of nuclear material, and SLOWPOKE reactor licensees

Licensees attending the workshop advised that they saw no need for additional regulations, as the above areas are being addressed effectively.

Licensees indicated that they foresee no need to introduce specific duties, responsibilities or authorities for security officers working at Schedule 2 or medium-security sites, as there is too much variability in those sites’ operations.

Participants suggested that it would be helpful to have some guidance on risk assessment and baseline training for security officers. They suggested placing this guidance in a document as opposed to making it a regulatory requirement.

Licensees indicated that they foresee no need to have security officers at a SLOWPOKE reactor area or facility because of the lower security risk associated with operating a SLOWPOKE reactor.

Feedback received from high-security site licensees

There was broad support and consensus that NSO duties for both armed and unarmed NSO personnel should be updated in the amended NSR. Licensees also requested that this area be reviewed to include necessary legal authorities, such as peace officer status that would extend to the entire licensed site including protected and controlled areas.

Licensees brought forward the concern with legal authorities for NSOs to carry out their essential duties being impacted by what jurisdiction (e.g., province) they are located in. The criteria for peace officer designation being granted to NSOs vary from province to province. A federal peace officer appointment or designation process specific to high-security nuclear sites would be welcomed and is viewed as long overdue.

The review of NSO duties should link into the previous areas of protection of workers and visitors as well as controlled area definition and requisite NSO authority. Licensees need a balance between the regulator’s expectations/requirements and the necessary legal authority to achieve them.

Feedback received from small modular reactor vendors and designers

There was agreement on this area needing to be updated to reflect current practices and realities for high-security sites as well as those for small modular reactor sites. This should include for example the types of NSO duties at small modular reactor sites that may have a minimal onsite security staff complement, as well as offsite support operations related to alarm monitoring, intrusion detection or assessment.

For larger scale small modular reactors, NSO duties and authorities will have to be clearly defined in regulation. There is a need to update duties and authorities for both protected and controlled areas, from the small modular reactor perspective.

3.11 Nuclear material accountancy and control (NMAC) – Effective interface between safeguards, safety and security

New requirements could be introduced as a result of IAEA recommendations in Nuclear Security Series No. 13 and a recommendation from the IPPAS mission report. Specifically, the mission report recommended that "the CNSC should consider reviewing the criteria and performance requirements for an NMAC system for nuclear security purposes to detect an attempt of unauthorized removal (both abrupt and protracted theft), to improve measures against the insider threat" [6].

A new requirement on medium-security and high-security sites could also be added. It would require those sites to assess and manage the security interface with safety and NMAC activities in such a way as to ensure that they do not adversely affect each other and that, to the degree possible, they are mutually supportive.

Feedback received from high-security site licensees

Licensees agree that there must be effective interfaces in place between safeguards, safety and nuclear security and that they have the appropriate mechanisms in place to support these interfaces. They also feel that this is supported through a robust safety and security culture. There may be a need to having safeguards more fully integrated into nuclear security.

Licensees were not convinced that a regulatory requirement is necessary to have an effective interface in place. If a regulatory requirement is deemed necessary, then it should not be too prescriptive.

Feedback received from small modular reactor vendors and designers

Workshop participants agreed that there must be effective interfaces between safeguards, safety and nuclear security, and that they would implement the appropriate mechanisms to support these interfaces. Participants were also of the view that this interface is supported through a robust safeguards and security framework. There may be a need to having have safeguards more fully integrated into nuclear security.

Some workshop participants did not think that a regulatory requirement is necessary for an effective interface. If a regulatory requirement is necessary, then it should not be too prescriptive.

There was also a view that more guidance in this area that would be focused on the small modular reactor differences from that of larger nuclear power plants as well as challenges given their different characteristics (e.g. remote location, smaller scale etc.) would be helpful to prospective applicants.

3.12 Nuclear Material Accountancy and Control (NMAC) – Reporting of discrepancies and protection from cyber attack

New requirements for high-security sites with respect to NMAC could be introduced. Any discrepancy in nuclear material would have to be promptly reported to site security, and NMAC systems would need to be protected from cyber attack.

The requirement to promptly report to site security any discrepancy in nuclear material is being considered in order to ensure that effective NMAC frameworks are in place for nuclear materials. For example, domestic security concerns would include a situation in which material was not promptly reported because of theft over a prolonged period or diversion by an insider. It is based on domestic nuclear security concerns as well as IAEA recommendations in Nuclear Security Series No. 13: Nuclear Security Recommendations on Physical Protection of Nuclear Material and Nuclear Facilities, section 3.26. According to section 3.26, "the operator should ensure control of, and be able to account for, all nuclear material at a nuclear facility at all times. The operator should report any confirmed accounting discrepancy in a timely manner as stipulated by the competent authority" [7].

The requirement for protecting NMAC systems from cyber attack would meet the IAEA Nuclear Series No. 13 recommendations, which state that "computer based systems used for physical protection, nuclear safety, and nuclear material accountancy and control should be protected against compromise (e.g., cyber attack, manipulation or falsification) consistent with the threat assessment or design basis threat" [8].

Feedback received from high-security site licensees

Licensees support effective NMAC. They are not aware of any gaps in this area and feel that there is no need for prescriptiveness, but rather an objective or outcome.

The requirement for effective NMAC is already captured in RD-336, Accounting and Reporting of Nuclear Material.

Feedback received from small modular reactor vendors and designers

Nuclear material accounting and control requires an effective interface between security, safeguards and the nuclear material accounting area. The electronic sharing of this type of information must be considered. Workshop participants view effective NMAC as a reasonable requirement.

There were no concerns with the way ahead proposed in ensuring accountability for nuclear materials, prompt reporting of discrepancies and cyber security for NMAC. No impacts were brought forward by either potential licensees or vendors for solid fuelled small modular reactors. The view was expressed that an effective interface between security and safety is necessary to support this proposal.

The concern was brought forward that this area may be a challenge with liquid fuelled small modular reactors. It was requested that the CNSC identify the authorities or agencies that this type of information has to be provided to. Cyber security of this type of information is also an important consideration that must be considered as the NSR amendment process moves forward.

3.13 Protection of workers and visitors

Licensees of high-security sites and facilities that fall under the new definition of a medium-security site could be required to establish and maintain effective intervention and response plans and procedures to protect workers and visitors in the event of a security incident. This would ensure that licensees are prepared for a situation where a serious security incident put workers or visitors at risk.

Feedback received from high-security site licensees

Licensees agree that this area must be reviewed. Some licensees view the protection of workers and visitors as a key issue that needs to be addressed immediately. There is a concern if security intervention is needed outside the protected area, given the perceived legal authority gap for NSOs in the controlled areas.

Other licensees feel that the DBT already identifies the need to protect workers and visitors, and that security measures are already in place at some sites to respond to these types of incidents or scenarios.

There was a prevalent view expressed that there is a need to ensure that when the NSR are amended that the necessary legal authority is provided to onsite security personnel at high-security sites. This is not only to ensure that personnel are able to respond to incidents involving theft and sabotage of nuclear material and/or facilities, but also to incidents involving workplace violence and other criminal activity that may take place onsite where there is a significant and real or immediate threat to persons. This should include specifying the areas within or at a nuclear facility where these legal authorities would apply. Licensees expressed the view that NSOs must be afforded the appropriate liability protection in such situations.

In these types of situations, offsite police response would also be immediately initiated. However, NSOs have had to deal with various situations that require an immediate response to minimize the risk to site personnel, operation or visitors. This is a real concern in not only the protected area, but also in other areas, including the controlled areas and perimeter access points where there is a lot of activity (screening of visitors and contractors) that supports the site operation.

The view was also expressed that some guidance would be required as to the scope or type of protection that would be expected to be provided.

Feedback received from small modular reactor vendors and designers

This proposed requirement could be part of the NSP. This requirement may not be necessary for remote operations with minimal onsite staff complement and infrequent visitors. A risk-informed approach should apply. It could require offsite (police) response depending on type of threat or incident.

There was consensus that with facilities that have an onsite nuclear security presence that a clear legal basis and authority is necessary to protect workers and visitors. The NSR should focus on DBT type events.

With remote locations this presents a challenge particularly in cases of minimum onsite staffing complements and the potential for offsite control room locations.

3.14 Controlled area

Based on feedback previously received from licensees, a new definition for the controlled area of a high-security site could be added. Currently, the NSR include a definition for certain areas of a nuclear site. Specifically, the NSR include requirements with respect to the protected areas. However, the NSR do not include other strategic areas within the facility property. These areas include the area surrounding a nuclear power plant that is owned by the operator. The definition for a controlled area could include all owner-controlled areas surrounding the nuclear facility that are strategically important to ensuring effective nuclear security for that site. In addition, new requirements for high-security sites would be added to the NSR that clarify the legal authority that NSOs have in respect to controlled areas.

The requirement could ensure defense-in-depth security strategies for high-security sites. This is in keeping with the Convention on the Physical Protection of Nuclear Material’s (CPPNM) Fundamental Principle I: Defence in Depth, which reads as follows: "The State’s requirements for physical protection should reflect a concept of several layers and methods of protection (structural or other technical, personnel and organizational) that have to be overcome or circumvented by an adversary in order to achieve his objectives" [3].

Feedback received from high-security site licensees

There is strong support within the licensee community to define a controlled area from the security perspective and to provide for the necessary legal authority for NSOs to carry out their required functions in this area, including access control, screening of visitors/vehicles, patrol, response and interdiction duties.

Licensees expressed the view that this area is directly related to protection of workers and visitors. There was also a strong view that peace officer designation for NSOs working in these areas should be put in place from the federal perspective, as not all licensees have the option of obtaining provincial peace officer status.

The term "controlled area" is already being used at some sites for radiation protection purposes.

Feedback received from small modular reactor vendors and designers

This is an area that must be addressed particularly for larger small modular reactor sites. It is essential for existing high-security sites to have the controlled area definition and for requisite authorities for NSOs to be established. The current NSR is not clear on the extent of NSO power or legal authorities outside the protected area.

There should be consideration given to how such a definition would be applied to a smaller, more remote small modular reactor site with minimal onsite staff complement; for example, a remote small modular rector site located underground with minimal above-ground facilities, geographical (site) footprint or operations.

There is a need for a regulation that gives NSOs the legal authority and legal basis to operate in and protect the controlled area. Consider adding the following definition to amended NSR: "Controlled area" means the area between the protected area and the perimeter boundary fence (or boundary) that surrounds the entire site of the facility, or facilities, where the licensee carries on licensed activities.

3.15 Security monitoring room

Currently, a security monitoring room is defined in the NSR as "a security monitoring room referred to in section 15 of the NSR". Section 15 of the NSR contains the requirements with respect to the security monitoring room.

The definition of and the requirements associated with the definition for security monitoring room could be amended to clearly define the function of a security monitoring room. The requirements for the security monitoring room could also be amended by moving the technical details and guidance into a regulatory document to add flexibility.

For example, the requirements in paragraph 15(2)(c), subparagraphs (i), (ii), and (iii), related to communications in the security monitoring room would be moved into the appropriate regulatory document.

Feedback received from high-security site licensees

There was general support for adding a new definition for the security monitoring room when the NSR are amended. Licensees asked if the amended NSR would contain new requirements for the security monitoring room, as changes can result in significant financial commitments.

Licensees also support moving security monitoring room technical requirements in the current version of the NSR to a regulatory document, as part of any future NSR amendment process. Licensees requested that when drafting new NSR text to ensure clarity of the language that describes security monitoring room requirements both in the NSR and in any associated regulatory documents.

Feedback received from small modular reactor vendors and designers

As previously discussed some workshop participants identified that there is confusion about the acronym SMR, since it is used for both a security monitoring room and a small modular reactor. There was a suggestion to adopt the IAEA terminology or definition for central alarm station (CAS) and use it to replace the term "security monitoring room" throughout the NSR. The current definition of a CAS in the IAEA Nuclear Security Series describes the major functions of existing security monitoring room’s at high-security nuclear sites in Canada.

There was agreement on articulating security monitoring room technical requirements in a regulatory document. There was also a request to provide for flexibility in the amended NSR to be able to use a graded risk-based approach for security monitoring room requirements. It would be helpful to build in flexibility to allow for the use of advanced proven security technology. Also consider the human factors implications for offsite remote monitoring facilities.

It was requested that the regulations enable or provide for the "security by design" approach for the security monitoring room, including whether it can be located onsite or offsite. The security monitoring room location should be based on a TRA.

The regulations should allow for the use of a graded approach for research-type reactors. The CNSC should consider allowing a single security monitoring room to monitor more than one small modular reactor site. It was suggested that the regulations require controls to be in place to prevent the introduction of cyber threats (e.g., malware) into security monitoring rooms’ critical systems.

3.16 Definition of potential adversary

The definition of "potential adversary" could be expanded to address other areas such as the unauthorized removal or sabotage of critical cyber assets at nuclear facilities, including assets essential to the operation of security, safeguards, safety and emergency preparedness systems. Subsequently, since the updated definition will impact the definition of DBT, high-security sites would be required to consider a broad range of threat characteristics in the CNSC’s DBTA.

Feedback received from high-security site licensees

There was general support for reviewing the definition of "potential adversary" to ensure it includes threat factors relevant to the Canadian nuclear industry. The current focus of the potential adversary is on theft and sabotage of nuclear material and/or nuclear facilities. As is the case now this review has to be similar to the DBTA process where licensees have an opportunity for consultation and feedback.

Feedback received from small modular reactor vendors and designers

There was consensus that the definition needs to be sufficiently broad to ensure that all aspects are covered. This should be captured as part of the DBTA process. This area should be linked to the requirement for onsite security exercises. It should also consider characteristics unique to small modular reactors, including remote site location and offsite support functions.

3.17 Suggestions for amendments

The CNSC provided an opportunity for additional suggestions for potential amendments that could be considered by the CNSC as it updates the NSR.

Summary of feedback received from Schedule 2 licensees, transporters of nuclear material, and SLOWPOKE reactor licensees

In amending the NSR, some workshop participants requested that the CNSC provide flexibility by allowing licensees to propose an approach for screening explosives, weapons, etc. of vehicles entering a nuclear facility.

Feedback received from high-security site licensees

Participants offered the following suggestions during the workshop for CNSC’s consideration:

  • Ensure that licensees are consulted as new security regulatory documents in support of the amended NSR are being drafted.
  • When reviewing requirements for NSO personnel ensure that consideration is given to the fact that that there are both armed and unarmed NSOs onsite and that they may have different duties, training and equipment requirements.
  • Waste management facilities – list requirements in a separate module within the amended NSR.
  • SLOWPOKE reactor facilities – list requirements in a separate module within the amended NSR.
  • Review the frequency for the TRA submission by high-security sites. Reference subsection 7.5 (1) of the NSR.
  • Extend the term for a SASC from 5 years to 10 years. Reference subsection 17 (1.2) of the NSR.
  • Review requirements in subsections 27.1 (1) and (2) to ensure they include other emergency services such as fire and medical and clarify if required.
  • Review section 31 of the NSR that is specific to NSO equipment to determine if it is necessary to list any or all equipment within the NSR or move them into a regulatory document.
  • Extend the frequency for a major security exercise with offsite response force participation from 2 years to 3 years. Reference subsection 36 (2) of the NSR.
  • Address inconsistencies with any of the existing text within the NSR that will be part of the amended NSR including references other regulations.
  • When the regulations are updated some participants suggested avoiding references to "programs" language. They would prefer precise wording where possible.
  • The footnotes contained in the Schedule 1 listing for Category I, II and III nuclear material need clarification. They do not take into account security measures such as defence in depth. They should be based on a graded approach. A flexible approach is required for nuclear material storage sites.

Feedback received from small modular reactor vendors and designers

Participants offered the following suggestions during the workshop for CNSC’s consideration:

  • Could the amended NSR allow for the option of an offsite response force if the applicant can provide proven "security by design" features that would counter a DBT such as engineered barriers, underground locating of critical operational components, passive safety barriers etc.?
  • Can the amended NSR provide for a way to share prescribed or classified information electronically?
  • Will small modular reactors be required to conduct security exercises every two years similar to the requirement for commercial nuclear power plants?
  • Will the amended NSR be able to accommodate offshore locations for small modular reactors such as an anchored marine vessel or barge?
  • Will the amended NSR contain a definition for various sizes, power ratings, locations and types of small modular reactors?
  • Will "security by design" be offered as a high-level performance-based option or objective at the front end of the amended NSR?
  • Will the amended NSR allow for the option of wireless technologies?
  • Direct visual surveillance – can it also be carried out by non-human or technical means?
  • Offer the option of replacing NSO functions with proven technology.
  • Expand the options of an offsite response force to include Canadian Armed Forces units such as the Canadian Rangers who already have a presence in remote northern Canada.
  • The frequency of the TRA should be commensurate with the risk and the speed at which the threat is evolving and its potential impact on the type of facility. The security policy of the Government of Canada should be referenced and followed to prevent duplications or contradictions. This is a concern with some small modular reactor vendors and suppliers, as they have to follow the Industrial Security Manual of Public Works Government Services Canada.
  • There may be unique considerations for the transport of reactor cores for small modular reactor applications. For example a core that has already been subject to low-power testing and as a result is irradiated.

4. Next Steps

The next steps to amending the Nuclear Security Regulations will be as follows:

  • Consider all the feedback that the CNSC has received on the Nuclear Security Regulations as the CNSC determines a regulatory approach
  • Publish proposed amendments for public consultation in the Canada Gazette, Part I

Appendix A: Workshop participants

Table 1, 2 and 3 provide a list of organizations and number of participants who attended each workshop.

Table 1: October 12, 2016 participants

Organization Number of Participants
Cameco Corporation 2
LFI Laurentide 1
McMaster University 1
Nordion Inc. 1
Royal Military College of Canada 1
RSB Logistic 1
SRB Technologies (Canada) Inc. 1
TAM International Inc. 1
University of Alberta 1

Table 2: October 13, 2016 participants

Organization Number of Participants
Atomic Energy of Canada Limited 1
Bruce Power 3
Canadian Nuclear Laboratories 3
Chalk River Laboratories 1
Hydro-Québec 4
New Brunswick Power Corporation 2
Ontario Power Generation 3

Table 3: January 31, 2017 participants

Organization Number of Participants
Amec Foster Wheeler 2
ARC Nuclear 1
Atomic Energy of Canada Limited 1
Bruce Power 2
Canadian Nuclear Laboratories 2
Canadian Standards Association (CSA) Group 1
Candesco Division of Kinectrics 1
Candu Energy Inc. 2
Department of National Defence 1
Dunedin Energy Systems Ltd. 1
Government of Ontario, Ministry of Energy 1
Hatch Ltd. 2
JSC Rusatom Energy International 1
LeadCold Reactors 1
Moltex Energy 2
Natural Resources Canada 2
New Brunswick Power Corporation 2
Ontario Power Generation 3
SNC-Lavalin Nuclear Inc. 1
Terrestrial Energy Inc. 1
X-energy LLC 1

Appendix B: List of acronyms

CAS
central alarm station
CNSC
Canadian Nuclear Safety Commission
CPPNM
Convention on the Physical Protection of Nuclear Material
CRNC
criminal records name check
CSA
Canadian Standards Association Group
DBT
design-basis threat
DBTA
design-basis threat analysis
FASC
facility-access security clearance
IAEA
International Atomic Energy Agency
IPPAS
International Physical Protection Advisory Service
LERC
law enforcement records check
NMAC
nuclear material accountancy and control
NSO
nuclear security officer
NSR
Nuclear Security Regulations
NSP
nuclear security plan
SASC
Site Access Security Clearance
TRA
threat and risk assessment

Appendix C: References

  • [1] International Atomic Energy Agency (IAEA), IAEA Nuclear Security Series No. 20, Objective and Essential Elements of a State’s Nuclear Security Regime, Vienna, Austria, p. 10, 2013.
  • [2] International Atomic Energy Agency (IAEA), International Physical Protection Advisory Service (IPAAS), Mission Report: Canada, p. 97, 2015.
  • [3] International Atomic Energy Agency (IAEA), Amendment to the Convention on the Physical Protection of Nuclear Material, INFCIRC/274/Rev.1/Mod.1, Vienna, Austria, p. 6, 2016.
  • [4] International Atomic Energy Agency (IAEA), Amendment to the Convention on the Physical Protection of Nuclear Material, INFCIRC/274/Rev.1/Mod.1, Vienna, Austria, p. 5, 2016.
  • [5] International Atomic Energy Agency (IAEA), IAEA Nuclear Security Series No. 20, Objective and Essential Elements of a State’s Nuclear Security Regime, Vienna, Austria, p. 12, 2013.
  • [6] International Atomic Energy Agency (IAEA), International Physical Protection Advisory Service (IPAAS), Mission Report: Canada, p. 109, 2015.
  • [7] International Atomic Energy Agency (IAEA), International Physical Protection Advisory Service (IPAAS), Mission Report: Canada, p. 20, 2015.
  • [8] International Atomic Energy Agency (IAEA), IAEA Nuclear Security Series No. 13, Nuclear Security Recommendations on Physical Protection of Nuclear Material and Nuclear Facilities, INFCIRC/225/Revision 5, Vienna, Austria, p. 11, 2011.
  • [9] International Atomic Energy Agency (IAEA), IAEA Nuclear Security Series No. 13, Nuclear Security Recommendations on Physical Protection of Nuclear Material and Nuclear Facilities, INFCIRC/225/Revision 5, Vienna, Austria, p. 21, 2011.

Footnote

Footnote 1

On October 12, 2016, the CNSC and Natural Resources Canada cohosted a separate half-day session with licensees who operate high-security sites to discuss specific issues with respect to nuclear security officers. This was part of a separate initiative, and comments from that session are not part of this report.

Return to footnote1referrer