Weak Federal Regulations for Nuclear Security
NRC regulations require nuclear reactor operators to protect against no more than a single insider and/or three external attackers, acting as a single team, wielding no more than hand-held automatic weapons.
To deal with the limited threat that the NRC does recognize – called the “design basis threat” (DBT) – the agency requires a nuclear power plant to be guarded by a total of five individuals. Post-September 11th, it is incomprehensible that security mandates for targets capable of producing tens or hundreds of thousands of casualties and hundreds of billions of dollars of damage call for a mere five guards.
The events of September 11th demonstrated the inadequacy of the agency’s quarter-century-old security rules. There were 19 terrorists on the four planes, with additional participants likely in the conspiracy – numbers far in excess of the three external attackers the NRC envisages. They acted as four coordinated teams, but the NRC rule requires the nuclear industry to guard against only a single team. They used jumbo jets filled with jet fuel as their weapons, far more lethal than the hand-carried automatic weapons and explosives contemplated in the regulation. They were very sophisticated, with months of big jet flight training, and willing to die – a level of motivation and capability far beyond that upon which the NRC rules are predicated.
None of the details of the agency’s DBT is secret. With a single exception discussed below, they can all be found in the Code of Federal Regulations, available in most libraries and on the Internet. Any potential adversary can immediately learn that the required security arrangements that protect these high-value targets are inadequate.
A key tool for assessing the adequacy of nuclear plant security is the NRC’s Operational Safeguards Response Evaluation (OSRE) program. OSRE consists of “force-on-force” exercises or mock attacks in which the plant security force must prevent a small number of mock intruders, assisted by a single “passive” insider, from causing “significant core damage” (meltdown) by destroying a “target set.” Over the past decade, nuclear watchdog groups have argued before the NRC – unsuccessfully – that plant operators should be prepared to defend against at least 20 terrorists comprising several small teams attacking from different directions. As of the September 11th attacks, we now know that number to be realistic.
The results of OSRE have been consistently dismal and appear to be worsening. About 50% of plants nationwide failed during the first round (1993-2000). Seven of eleven plants tested have failed since 2000, and another two exhibited significant vulnerabilities. Most plants that have failed OSREs complied with all NRC security regulations. Furthermore, plant operators were informed up to several months in advance of the scheduled mock attack.
#NRC regulations assume that only a single insider will attempt sabotage. September 11th demonstrated that terrorists may devote the time and effort necessary to place more than one individual working at a nuclear reactor site.
The NRC does not use force-on-force tests to demonstrate security compliance at reactors that have permanently shut down and non-power reactors.
The NRC does not use force-on-force tests to demonstrate security compliance for spent fuel storage at operating reactors and reactors that have permanently shut down.
The NRC does not use force-on-force tests to demonstrate security compliance for operating reactors during outages when dozens of temporary workers, with minimal background checks, are allowed onsite.
For the past decade, the NRC force-on-force tests have revealed serious security problems at approximately half of the operating plant sites. The majority of plant sites have only been tested once. There is little assurance that sites failing an OSRE several years ago have adequate security today.
Existing security regulations require nuclear reactors to be protected from sabotage by an insider, either acting alone or in conjunction with a small band of outsiders. The NRC limits the role of the insider during its force-on-force tests to a passive function (i.e., providing the mock intruders with information). In reality, the insider could actively aid in the sabotage attack by swapping switches and disabling emergency systems. In addition, the defense-in-depth approach to safety is reduced during outages to sometimes only a single layer, making nuclear reactors more vulnerable to sabotage.
-
In January 2007 the Nuclear Regulatory Commission (NRC) granted Entergy’s request for an extension to install a backup power system for its emergency sirens, as mandated by Senator Hillary Clinton’s amendment to the Energy Policy Act of 2005.
Originally, installation of backup power was to have been completed by January 30, 2007, but the deadline was pushed to April 15, 2007. Entergy cited problems with a radio tower, testing of the system and training of the workers as reasons for the delay.
On August 2, 2006 all 156 emergency notification sirens for the Indian Point nuclear power plant went down for about 6 ½ hours because of computer problems. Had there been an emergency at Indian Point during this period, first responders using bullhorns would have had to drive through neighborhoods within the 10-mile Emergency Planning Zone (EPZ) in Westchester, Rockland, Putnam, and Orange Counties to tell residents to turn on their radios and television for more information.
In recent years, the emergency notification sirens for Indian Point have failed numerous times. The new emergency siren system will include 150 sirens with the capacity to reach a 360-degree area, as well as a backup power source in case of a power outage.
-
The NRC has yet to upgrade its current design-basis threat level to require nuclear power plants to be able to defend against a 9/11-type terrorist attack. According to U.S. intelligence sources, U.S. nuclear power plants were originally chosen as targets during the planning of the 9/11 attacks, and they remain terrorist targets today.
The 9/11 Commission found that as recently as June 16, 2004 nuclear power plants remained top al Qaeda targets. During an interview on Meet the Press with Tim Russert (December 4, 2005), Thomas Kean, Chair of the 9-11 Commission, noted that the Department of Homeland Security (DHS) has done “something that’s totally inadequate” in making a risk assessment for U.S. nuclear power plants and chemical plants, concluding that DHS “doesn’t set the priorities out, it just sets basically vague guidelines what the priorities should be.”
Riverkeeper’s concerns have been compounded by two government reports that suggest that high-level radioactive fuel waste is not properly safeguarded. The first, released in April 2005 by the National Academy of Sciences (NAS), calls for a plant-by-plant examination of the fuel storage pools at nuclear power reactors because the material stored is a vulnerable terrorist target and that a successful strike could result in lethal radioactive emissions.
The second disturbing revelation comes from a report by the General Accountability Office (GAO), also released in April 2005. It charges that the federal government, the NRC, and nuclear power plant owners have failed to implement and enforce accountability measures for high-level radioactive waste currently stored onsite in spent fuel pools. Since 2000, three nuclear power plant operators, including Entergy, have “lost” high-level radioactive fuel rods.
In January 2006, Riverkeeper filed public comments with the Nuclear Regulatory Commission in response to the Committee to Bridge the Gap’s petition for rulemaking which calls for enhanced security regulations at our nation’s nuclear power plants. Riverkeeper requested enhanced protections to guard against air attacks and urged the construction of “Beamhenge” shields to guard sensitive reactor structures from air attacks. Moreover, Riverkeeper urged enhanced protection against waterborne attacks. For example, the present “exclusion zone” around Indian Point, as well as other regional reactors located on waterbodies, are marked by buoys or floating “no-trespassing” signs and are not impenetrable.
-
A sequence of recent earthquakes, being studied by officials at Lamont-Doherty Earth Observatory, has rekindled concern about the possible seismic threat to the Indian Point nuclear power plant, which is situated next to the Ramapo fault, 35 miles north of midtown Manhattan. An updated seismic hazard analysis is urgently needed, especially in light of the more stringent seismic criteria now employed for several other comparable nuclear facilities.
Hearings held decades ago addressed Indian Point’s design basis for withstanding an earthquake. Decades later, the seismic hazard analysis may be in need of updating and should be subjected to a thorough peer review. It is unclear whether Entergy has commissioned an up-to-date assessment of earthquake hazard for the plant based on the latest research findings.
A great deal more information on earthquakes has become available since the hazard analysis, which was performed decades ago, regarding the risk of damage to Indian Point posed by seismic activity. For example, a sequence of earthquakes that started in August 2003 is being studied by Lamont-Doherty near the New Jersey-Pennsylvania border about 75 miles southwest of Indian Point. These earthquakes are particularly pertinent to the potential for earthquakes near Indian Point because they are associated with the same fault system (the Ramapo fault) situated next to the plant site. Furthermore, new research suggests that damaging earthquakes could nucleate at a shallower depth than previously thought. While the probability of a damaging earthquake may be low, damage to the nuclear plants at Indian Point may have dire secondary consequences for the region.
If Entergy chose to immediately close Indian Point’s existing reactors and seek to replace them with new reactors, the new reactors would clearly have to meet the NRC’s new and more stringent seismic criteria (10 CFR Part 100.23 deals with geologic and seismic siting criteria). The same stringent criteria pertaining to newer reactors should also apply to older reactors, like those at Indian Point, that are seeking a 20-year license renewal. However, it is unclear whether such stringent criteria are being applied to Indian Point.
.
