Sign up for E-Alerts
Enter your email to receive Riverkeeper E-Alerts
Despite the federal government’s shameful performance in the wake of mass emergencies, including the need for mass evacuation that hurricanes Katrina and Rita created several years ago, and despite ongoing safety problems at Indian Point, Entergy, its owner, is seeking a 20-year license extension for both reactors.
On April 26th, 2007, former Governor Eliot Spitzer formally requested that the NRC conduct an Independent Safety Assessment (ISA) at the Indian Point nuclear power plant. His call was backed by New York’s Congressional delegates including Representatives John Hall (D-NY), Maurice Hinchey (D-NY), Eliot Engel (D-NY), Nita Lowey (D-NY), and Senator Charles Schumer (D-NY) and then-Senator Hillary Clinton (D-NY), who introduced legislation in February 2007 that would require an in-depth review of Indian Point’s vital safety and mechanical systems, spent fuel pools, and radiological emergency evacuation plans.
NRC regulations require nuclear reactor operators to protect against no more than a single insider and/or three external attackers, acting as a single team, wielding no more than hand-held automatic weapons.
To deal with the limited threat that the NRC does recognize – called the “design basis threat” (DBT) – the agency requires a nuclear power plant to be guarded by a total of five individuals. Post-September 11th, it is incomprehensible that security mandates for targets capable of producing tens or hundreds of thousands of casualties and hundreds of billions of dollars of damage call for a mere five guards.
The events of September 11th demonstrated the inadequacy of the agency’s quarter-century-old security rules. There were 19 terrorists on the four planes, with additional participants likely in the conspiracy – numbers far in excess of the three external attackers the NRC envisages. They acted as four coordinated teams, but the NRC rule requires the nuclear industry to guard against only a single team. They used jumbo jets filled with jet fuel as their weapons, far more lethal than the hand-carried automatic weapons and explosives contemplated in the regulation. They were very sophisticated, with months of big jet flight training, and willing to die – a level of motivation and capability far beyond that upon which the NRC rules are predicated.
None of the details of the agency’s DBT is secret. With a single exception discussed below, they can all be found in the Code of Federal Regulations, available in most libraries and on the Internet. Any potential adversary can immediately learn that the required security arrangements that protect these high-value targets are inadequate.
A key tool for assessing the adequacy of nuclear plant security is the NRC’s Operational Safeguards Response Evaluation (OSRE) program. OSRE consists of “force-on-force” exercises or mock attacks in which the plant security force must prevent a small number of mock intruders, assisted by a single “passive” insider, from causing “significant core damage” (meltdown) by destroying a “target set.” Over the past decade, nuclear watchdog groups have argued before the NRC – unsuccessfully – that plant operators should be prepared to defend against at least 20 terrorists comprising several small teams attacking from different directions. As of the September 11th attacks, we now know that number to be realistic.
The results of OSRE have been consistently dismal and appear to be worsening. About 50% of plants nationwide failed during the first round (1993-2000). Seven of eleven plants tested have failed since 2000, and another two exhibited significant vulnerabilities. Most plants that have failed OSREs complied with all NRC security regulations. Furthermore, plant operators were informed up to several months in advance of the scheduled mock attack.
NRC regulations assume that only a single insider will attempt sabotage. September 11th demonstrated that terrorists may devote the time and effort necessary to place more than one individual working at a nuclear reactor site.
The NRC does not use force-on-force tests to demonstrate security compliance at reactors that have permanently shut down and non-power reactors.
The NRC does not use force-on-force tests to demonstrate security compliance for spent fuel storage at operating reactors and reactors that have permanently shut down.
The NRC does not use force-on-force tests to demonstrate security compliance for operating reactors during outages when dozens of temporary workers, with minimal background checks, are allowed onsite.
For the past decade, the NRC force-on-force tests have revealed serious security problems at approximately half of the operating plant sites. The majority of plant sites have only been tested once. There is little assurance that sites failing an OSRE several years ago have adequate security today.
Existing security regulations require nuclear reactors to be protected from sabotage by an insider, either acting alone or in conjunction with a small band of outsiders. The NRC limits the role of the insider during its force-on-force tests to a passive function (i.e., providing the mock intruders with information). In reality, the insider could actively aid in the sabotage attack by swapping switches and disabling emergency systems.
In addition, the defense-in-depth approach to safety is reduced during outages to sometimes only a single layer, making nuclear reactors more vulnerable to sabotage.
In January 2003, upon the release of the Witt Report, the four Emergency Planning Zone counties refused to submit their Annual Certification Letters, a checklist indicating that emergency procedures are in place and able to protect the public. The State Emergency Management Office (SEMO), honoring New York’s long-held “home-rule” tradition, refused to cooperate with the Federal Emergency Management Office (FEMA). In 2004, 2005, and 2006 Westchester, Rockland, and Orange Counties again refused to submit their ACLs. Much to the dismay of local, state, and federal elected officials, the Federal Emergency Management Agency (FEMA) and the U.S. Department of Homeland Security (DHS) signed off on the evacuation plans in July 2003 – disregarding concerns held by local emergency planners and first responders.