In response to a Government Accountability Office (GAO) sting operation which identified certain regulatory weaknesses, the Nuclear Regulatory Commission (NRC) is considering revisions to applicable security and accountability regulations. If adopted, these revisions could significantly affect a user's ability to efficiently use and transfer certain radioactive sources and increase the cost of doing so.
- In 2007 and again in 2014, investigators were able to circumvent NRC procedures to enter into contracts to obtain dangerous amounts of radioactive material.
- In response, the NRC is considering whether it should revise its regulations and processes related to the security and accountability.
- NRC and Agreement State licensees should consider implications of such revisions now and adjust engagement in the NRC's process accordingly.
The Regulation of Radioactive Material & the GAO's Covert Vulnerability Test
Radioactive material is commonly used in the energy and petrochemicals industries. For example, devices containing radioactive material in sealed sources are used to measure fluid flow and density, to determine the volume of liquid in tanks, and to detect flaws in metal and welds between components. The use, storage and transfer of radioactive material are often managed by companies' health, safety and environment personnel.
Radioactive material can be dangerous to human health. Accordingly, the NRC and states that have authority to regulate radioactive materials ("Agreement States") have developed regulations that require appropriate security and accountability. (See the rules located at 10 CFR Parts 20, 32, and 37.) Control of radioactive sealed sources in the United States has historically focused on ensuring that such sources were appropriately licensed, used and stored. Since the September 2001 terrorist attacks, concerns have grown that terrorists could obtain radioactive material and use it to make a dirty bomb. In 2003 and again in 2005, the NRC and Agreement States issued orders to protect radioactive material from theft, diversion or other unauthorized access.1
Despite the efforts of the International Atomic Energy Agency (IAEA), NRC and Agreement States, weaknesses in the regulatory structures have persisted. In 2007, GAO investigators obtained a radioactive material license from the NRC after applying for it in the name of a fictitious company. The investigators then altered that license and entered into contracts with radioactive material suppliers to purchase a dangerous quantity of radioactive material. As a result of this investigation, the NRC took certain steps to strengthen their licensing processes, but ultimately did not implement the GAO's recommendations.
In 2014, the GAO began a second covert vulnerability test to assess the effectiveness of the NRC's enhanced processes. The GAO established fictitious businesses in three states--two Agreement States and one Non-Agreement State. The GAO then applied for a license to possess a radioactive source in each state.
In two of the three states, the regulator did not issue the requested radioactive material. In Texas, however, the regulator issued the license. (The Texas Rules are located in the Texas Administrative Code at 25 TAC Chapter 289.) Having obtained the license, the fictitious business entered into a contract with a radioactive material vendor to purchase the licensed source. The investigator then altered the paper license and contacted a second vendor that agreed to provide a second source. Had the GAO's fictitious business ultimately taken possession of the two sources, they would have been able to acquire a more dangerous quantity of radioactive material than would otherwise have been permissible.
The GAO's separate investigations identified and underscored regulatory weaknesses related to the security and accountability of certain radioactive sources.
For more information regarding the regulation of radioactive material, the GAO's investigations, and potential ramifications in Texas, please see Pillsbury's November 2016 Client Alert, "Texas Sting Operation Increases Focus on Radioactive Material Pre-Licensing Activities."
The NRC's Re-evaluation of Source Security and Accountability
On January 9, 2017, the NRC provided notice that it was considering whether it should revise regulations and/or processes related to the security and accountability of Category 3 and high-activity Category 4 sources (See 82 Fed. Reg. 2399 (Jan. 9, 2017).) Under the IAEA classification, Category 3 and Category 4 sources are the next-to-least harmful and least harmful, respectively (Category 1 having the greatest risk), and are commonly used in the oil and gas and petrochemical industries.
As a first step in this process, the NRC is requesting licensee comment on a series of questions designed to help the NRC understand the practical effects of those potential revisions to the regulations from licensees' perspectives. Comments are due to the NRC by March 10, 2017. Among other issues, the NRC's questions request licensee comment on the practical effect of:
Requiring that every entity that possesses a Category 3 source with greater than a specified activity become a specific licensee of either the NRC or an Agreement State. Such a requirement would have far-reaching effects, and could require entities which had previously possessed Category 3 sources under a general license to become specific licensees, and to take all actions and bear all regulatory burden associated with being specific licensees (e.g., employ a Radiation Safety Officer, develop and implement a radiation safety program, provide additional training to personnel, etc.).
Requiring that the physical security requirements for Category 1 and 2 sources be expanded to also apply to Category 3 sources. Such a requirement would require many entities to significantly invest in security infrastructure (e.g., security enclosures, monitors, signage, etc.), to fingerprint personnel, and to establish programs to determine personnel trustworthiness and reliability, among other activities.
Requiring that licensees enter all Category 3 sources into the NRC's National Source Tracking System (NSTS) and track the transfers of those sources using that system. Such a requirement would significantly increase the administrative burden of transferring Category 3 sources.
Requiring that transferors of Category 3 sources verify the validity of the recipient's license only via the NRC's License Verification System (LVS) or via hard copy submissions. Such a requirement has the potential to affect the speed with which a company can transfer Category 3 sources, and could significantly impact its business operations.
In addition, the NRC is conducting a regulatory impact analysis of the benefits and costs of proposed changes to regulated entities. (The complete notice is available here.)
The NRC staff will develop recommendations related to the security and accountability of Category 3 and high-activity Category 4 sources and provide the recommendations to the Commission in August 2017.
Potential Impact on Licensees
While some licensees might face only marginal additional burden, others could face a much more significant impact, including the need to maintain specific licenses in each jurisdiction in which they operate, the need to hire additional personnel, and the need to invest in additional security infrastructure. Although the NRC is only beginning to consider which, if any revisions to its regulations and processes are appropriate, licensees and those who might be required to become licensees, should, in the near term, consider the potential implications and costs of increased security and accountability requirements on their activities. Such consideration will inform the urgency with which licensees might choose to become involved in the NRC's activities.