Testimony of
Danielle Brian, Executive Director
Project On Government Oversight (POGO)
on
Inadequate Security at Nuclear Power Plants
before the
Senate Environment and Public Works Committee
Wednesday June 5, 2002
Mr. Chairman and Members of the Committee,
POGO first began investigating security at nuclear facilities over sixteen
months ago. We are an investigative organization that works with insiders in
order to improve public policy. We have neither a pro- nor an anti-nuclear
agenda. We began investigating the Department of Energy=s (DOE) nuclear weapons facilities because
more than a dozen insiders B current and former DOE and contractor security officials, contractors
with military experience who test and evaluate the security at these
facilities, and members of various guard forces B came to us with grave concerns regarding inadequate security
pre-September 11.
Just prior to September 11, we completed our
report AU.S.
Nuclear Weapons Complex: Security at Risk,@ concluding that our nation=s ten nuclear weapons facilities, which house nearly one thousand tons
of weapons-grade plutonium and highly-enriched uranium, regularly fail to
protect this material from mock terrorist attacks. Once security became a
national priority, we briefed these alarming findings with the National
Security Council, the Office of Homeland Security, the Pentagon Nuclear Command
and Control staff, the staff of the Scowcroft End-to-End Review, the Office of
Management and Budget, numerous Congressional Committees and Members, and at
Rep. Chris Shays= request, the General Accounting Office.
Because of this work, guards from commercial
nuclear power plants across the country began contacting POGO with similar
concerns about inadequate security at the plants where they work. In April,
POGO accompanied a group of nuclear power plant security guards to brief a
dozen Congressional offices and Committee staff about their first hand
concerns. We then began working with current and former Nuclear Regulatory
Commission (NRC) security officials and contractors with military capabilities
who test and evaluate security at commercial reactors. These people echo the
same concerns about ongoing inadequate security at commercial nuclear power
plants.
My testimony is based on the information and
documents gathered from these insiders.
Again, I believe it is important to emphasize that our sources of
information are not Aanti-nuclear.@ In
fact, most of them have worked in the nuclear energy field for most of their
adult lives. We applaud the sponsors of Senate Bills 1586 and 1746, the ANuclear Security Act,@ for several important provisions contained
in these bills.
The Design Basis Threat
Nuclear facilities are required to protect
against a specified level of threat (known as the Design Basis Threat or DBT)
from outside attackers and inside conspirators using a specific set of weapons. NRC=s current DBT is wholly inadequate and must be made more realistic.
According to published sources including U.S. News and World Report, the
NRC=s DBT requires protection against only three
outside attackers with the help of one passive insider. This is absurd given
the 19 terrorists involved in the highly coordinated, technologically advanced
September 11 attack.
Rumors are that DOE will increase its DBT to
approximately ten outside attackers and significantly upgrade the weaponry and
tools that adversaries can be expected to use in an attack. However, although
some in NRC have also recommended an increase to its DBT, there seems to be
resistance within the senior ranks of the NRC to committing to making these
improvements. There appears to be no justification for the NRC to have a less
robust DBT for nuclear power plants than DOE has for nuclear weapons
facilities. A successful attack on either a nuclear power plant or weapons
facility would cause unfathomable damage to surrounding populations. We believe
that the provisions in the ANuclear Security Act@ for a new and significantly upgraded DBT are absolutely essential.
In addition to the inadequate number of
attackers to be protected against, the current DBT does not require protection
against some of the most dangerous weapons that are available on the open
market today, such as 50 caliber API sniper rounds that can penetrate hardened
guard posts and vehicles, nor do they use simulated chemical or biological
agents that would require the guard force to be trained with gas masks.
Furthermore, performance tests do not employ diversionary tactics that are
likely to be used during an attack, such as remote controlled explosives. POGO
agrees with the Nuclear Security Act=s provisions that the new DBT include enhanced requirements for more
realistic weapons, explosives, tools, and tactics, as well as more outside
attackers and active inside collaborators.
Poor Performance
Though the DBT is severely inadequate
compared to what we now recognize as the threat, half the nuclear power plants
cannot even protect against this current standard of three outside attackers.
David Orrik, the head of the Operational Safeguards Response Evaluation (OSRE)
program, testified before the House Commerce Committee on April 11, that in 46
percent of the force-on-force security tests:
Athe expert NRC team identified a significant
weakness B significant being defined as the adversary
team simulating sabotaging a target set, which would lead to core damage and in
many cases, to a probable radioactive release. It is important to note that,
even with adequate time for the plants to prepare and make themselves ready for
the OSRE, that 46% still had a weakness in armed response.@
Let me caution the Committee B these tests are seriously dumbed down to
favor the guard forces. The utilities are informed of an upcoming test six to
ten months in advance giving them plenty of time to prepare, the guards are
usually aware of the attack scenarios, the mock terrorists are allowed to be
made up of the utilities= own management staff, and the weapons used in the tests are not nearly
as dangerous as those that can easily be found on the open market.
Despite their clear artificiality and
imperfections that favor the guard forces, force-on-force performance tests are
still the best test of the performance of a guard force in protecting key
targets at a nuclear facility. This is the key issue that cannot be forgotten B can the guard force protect the
integrity of the reactor and the spent fuel pools from a suicidal
terrorist attack? The statistics say no. How much worse would those statistics
be if the DBT accurately represented the very real and sophisticated threat we
know we are now facing?
The mindset of both the utilities and the NRC
is far too compliance-oriented B rather than performance tested. Our security guards are regularly told
that security upgrades are unnecessary because the utility is already in Acompliance@ with NRC regulations. In other
words, if a checklist of requirements for detection, delay, and response is met
B to include such items as a double-fence,
alarms, a certain number of guards B the facility is deemed secure. However, performance tests repeatedly
reveal that despite this Acompliance@ with
requirements, physical security and the guard forces cannot stop terrorists
from causing catastrophic damage to the reactor. This institutionalized
bureaucratic complacency may be the biggest impediment to adequate security.
A post-September 11 example of this
phenomenon is that armed guards are now required to accompany all visiting
trucks coming onto the site. We are told, there is often no extra guard
available, and therefore, a guard is required to leave his post uncovered to
accompany the truck. In these cases, the facility may be in compliance with this new requirement, yet
guards are concerned that there is a hole in their defensive posture.
Spent Fuel Pools are Security=s Poor Stepchild
The NRC has never tested a power plant guard force=s ability to protect spent fuel pools B possibly the prime target of a terrorist
attack. In October of 2000 the NRC started to recognize the problem of spent
fuel fires in a study of the effects of accidents. However, in 100 pages of
analysis, they never considered sabotage by terrorists. The NRC needs to create a target/assets list
prioritized by importance.
Several spent fuel pools at nuclear power
plants across the country are only 50 yards from the double fence line. In a
terrorist attack, the initial strike would likely be extraordinarily violent,
fast, and with a significant level of human carnage. According to Sandia
National Lab=s ABarrier Technology Handbook,@ it is estimated that a terrorist could penetrate the fence line and
breach a door or side of a secured building in less than 60 seconds. We
encourage the NRC to immediately recognize spent fuel pools as a primary
terrorist target.
We have been advised by military Special
Forces sources of specific and obvious vulnerabilities at most nuclear power
plants that I would be happy to discuss with Senators or staff. I am
uncomfortable, however, outlining them in public testimony.
To explain in general terms, a certain type
of explosive, which a terrorist could
carry on his back, would allow him to blow a sizeable hole in the
reinforced concrete bottom or wall of the spent fuel pool. At nuclear plants that have boiling water
reactors (BWR) B about one-third of the existing
reactors are BWRs B things could be even worse.
These reactors have the spent fuel pools above ground. In these cases, a
certain kind of explosive could even be launched from outside the fence line
into the side of the pool. According to an unclassified study by
Brookhaven National Lab, under certain conditions, the pool would start
draining immediately, which could result in the immediate release of
high-levels of radiation, quickly turning into an uncontrolled radioactive
fire, and the plant could do nothing effective about it.
The Nuclear Security Act does require a plan
to increase security of these spent fuel pools. In the meantime, we would encourage the addition of barriers and
delay mechanisms to supplement security until the spent fuel is placed in dry
casks underground.
Inadequate Training and Weaponry
Guards from several of the power plants have
registered complaints with POGO about inadequate training as well. For example,
one facility hired a new class of guards after September 11. The vast majority of the new recruits had
never fired a gun before. During their training, they were limited to firing 96
rounds with their handgun, and far fewer with their shotguns. Two guards quit
after two months on the job believing they couldn=t protect the plant in the case of a terrorist attack. They told POGO,
and other guards have admitted to NRC inspectors, that their training is so
inadequate, in the face of a real
terrorist attack, many guards would use their guns simply to protect themselves
while they escaped from the plant. Other guards with decades of experience
protecting nuclear power plants bemoaned the lack of training outside the
classroom, as well as the lack of modern tactical training. For example, their
firearms training requires only that they be capable of standing and hitting a
stationary target 25 yards away B they have no training shooting on the run at a moving target.
Additionally, the guard forces at nuclear
power plants are severely out-gunned. Even the NRC=s DBT assumes that attackers will be armed
with automatic weapons and explosives, yet many guard forces around the country
are equipped only with shotguns and revolvers. We understand that the NRC is
working with the Committee on legislative language to address this discrepancy.
Security Tests: More Often and More Robust
NRC=s virtually defunct Operational Safeguards Response Evaluation (OSRE)
program conducts force-on-force tests using mock attackers only once every
eight years at each plant. According to the nuclear power plant security guards
and NRC inspectors we have interviewed, this eight-year hiatus creates a woeful
lack of focus on security between tests. According to the guards with whom we
have been working, because the tests are announced so far in advance, the
utility management has time to quickly invest in security training consultants
to improve their posture and chances of success. The guards advise us that
after OSRE force-on-force tests, th security posture regularly returns to a
bare minimum.
POGO agrees with the Nuclear Security Act=s provision to require that such tests occur
no less than every two years to ensure that heightened standards remain in
effect. POGO additionally recommends that the utility only be given 24- to
36-hour notice and that the utility be required to freeze in place the guard
force to be tested at the moment of notification, rather than being allowed to
call in the youngest or most capable guards.
Currently, the mock terrorists and the attack
scenarios to be tested are chosen by the utilities. The mock terrorists can be county or state police, the utility=s own training staff, or even their own
utility management staff B the very people who have a
stake in ensuring success. With all due respect to these people, and as genuine
as they may be in trying to test the physical security of the facility, none of
them are trained to have the mindset or skills of highly trained terrorists.
POGO recommends the use of military Special Forces units that are already
trained to act as the adversarial team in force-on-force tests.
According to the guards, they know within an
hour or two when a test will take place and what part of the plant the mock
terrorists will attack. They tell us that contrary to the full-page ads in the
Washington Post and other newspapers, they do not normally wear flack jackets
or their communications gear, nor do they carry their semi-automatic weapons.
Sometimes, the guards are more than a football field=s distance away from their weapons and flack
jackets. However, when the mock attack is about to take place, the guards are
magically wearing their flack jackets and communications gear and have their
weapons in hand. Even more troubling is the fact that, at one-third of nuclear
power plants, the guards only have access to shotguns, and they are locked up
at a central location. In case of a real attack, the guards would have to go to
that location, unlock the cabinet, get their shotguns and protective gear, and
return to their post. By that time, the terrorists would have achieved their
goals and caused catastrophic damage. Ongoing, limited-scope performance tests
should regularly be testing the timelines for terrorist access to critical
components.
If the facility fails a performance test, the
Nuclear Security Act requires re-testing every six months until it passes. We
would recommend, immediately calling in a well-armed and trained National Guard
unit as compensatory action to supplement security until the facility passes a
new OSRE test.
We have learned from anti-terrorism experts
that the worst enemy of any guard force is the daily grind of nothing
happening. Guards are only human. A simple way to combat this problem is to add
unannounced checks by the NRC to security testing. Fast food chains and the Postal Service frequently use a Amystery shopper@ to use a false ID or exploit some other weakness. Because the guards
know a Amystery shopper@ may be in their midst at any time, they remain more alert. This would
be a very low cost tool that would significantly supplement security.
Federalization
We recognize that federalizing the security
force is a contentious issue. POGO
believes that the same goals can be accomplished through far more vigorous
federal oversight, along with upgraded training, compensation, and authority
granted to security forces.
Currently, security guards who are risking
their lives are among the lowest compensated employees at many plants. Pay scales and first responder benefits for
security forces, including life and disability insurance, should be commensurate
with those accorded to local police and fire departments. We cannot expect our
security guards to give their all when we do not fairly provide for them in the
event that they are injured while performing this dangerous and important job.
Also, people working at nuclear power plants, including NRC and utility
employees as well as contractor and subcontractor employees, should be given
whistleblower protections. In the current climate of fear and whistleblower
retaliation, it has been our experience that people have been deterred from
coming forward with important information that could help fix security
problems. The Paul Revere Act, introduced in the House, and soon to be
introduced in the Senate, would strengthen
whistleblower rights and extend them to federal contractor employees.
We applaud the introduction of Senate Bill
1586 that recognizes that security forces do not have enough authority to carry
out their mission. Currently, guards are prohibited from using deadly force
unless an intruder wields a gun, or they feel their life or the life of someone
else is in danger, in accordance with state law. In other words, if an attacker jumps over the fence with a
backpack and runs towards the reactor building or spent fuel pool, the guard
can only attempt to chase down the attacker.
We have been told of an instance when an NRC inspector observed a guard
follow a mock terrorist during a force-on-force drill as he destroyed critical
target sets in the reactor complex.
When asked why he wasn=t doing anything to stop him, the guard explained that he didn=t have the authority to shoot an intruder who
was only destroying property. The NRC has been trying to resolve this conflict
for years. This legislation must remedy this obvious failure.
Local law enforcement and first responders
should also be given clearance to receive safeguard information so they can
better coordinate emergency response plans. Currently, local law enforcement
and first responders, in many cases, do not have adequate familiarity with the
layout of critical areas of the plant that is necessary to respond to an
emergency.
If there is any expanded role for the federal
government, it should be providing independent oversight, rather than
management of security. Robust and credible federal oversight is absolutely key
to adequate security at both the nuclear power plants and nuclear weapons
facilities. POGO has already recommended taking the security oversight function
out of DOE, and we strongly recommend the same for NRC. NRC has historically
been altogether too compliant with industry=s wishes. For example, recently agreeing to industry=s demands to replace OSRE with industry
self-assessments of security was totally irresponsible. History has shown that
the critical job of security oversight cannot be adequately performed from
within these agencies. Therefore we suggest that a small independent Office of
Nuclear Security be created, perhaps housed in the Office of Homeland Security,
or perhaps as an independent agency reporting to the Congress and President.
Its purpose would be to provide oversight over and test the security of both
government and commercial nuclear facilities.
We would be happy to assist you and your
staff as you work to refine these pieces of legislation, as well as making some
of our inside sources available to you so that you can learn from their
first-hand experiences.