A Brief Assessment of Regulatory Requirements/Expectations on Consequence-Based Security and Security-By-Design Approaches in Select Regulatory Jurisdictions

This paper provides a high-level assessment and comparisons on risk/consequence-based security and security-by-design regulatory approaches that currently exist or are under development within the regulatory frameworks of the CNSC, US NRC and UK ONR, with focus on applications for advanced reactors. The risk/consequence-based approach to nuclear security facilitates a much-needed graded approach to the design as well as operations in NPPs and in particular for advanced reactors and SMRs. The designs can thus be developed through a security-by-design approach and the physical and cyber protections would be commensurate with the risk/consequence of an adversarial attack. Consequence-based security-by-design and physical/cyber protection approaches in nuclear security space would thus be effective in protecting against unacceptable radiological consequences, very much in a similar manner and aligned with the approach to nuclear safety, supporting and better integrating the safety and the security cases for nuclear facilities and especially advanced reactors and SMRs. Security regulatory requirements that are overly prescriptive or vague/unclear with respect to consequence-based and security-by-design approach, are likely to significantly affect the economic case for the development and prospect of new build projects, especially for advanced reactors and SMRs, in any regulatory jurisdiction. Keywords: Security, security-by-design, consequence-based, graded approach, advanced reactors