POGO Letter to NRC Chairman Niles Diaz regarding NRC efforts to silence criticism

Chairman Niles J. Diaz

Nuclear Regulatory Commission

11555 Rockville Pike

Rockville, MD 20852

Via facsimile: (301) 415-1757

Dear Chairman Diaz,

As you recall, in September I wrote to you to respond to your letter to the New York Congressional delegation and local politicians claiming that this summer’s force-on-force test at Indian Point had shown a “strong defensive strategy and capability.” The NRC responded to my letter by demanding that POGO not make the letter public, claiming that it contained homeland security sensitive and “safeguarded” material. The NRC threatened us with civil and criminal sanctions were we to continue to make public either our letter or any of the sensitive material it allegedly contained. The NRC also took the position that it had no obligation to identify the passages in the letter that it claimed were sensitive. As a result, the NRC’s initial position was that any effort by POGO to criticize the lack of security at Indian Point threatened the release of safeguards information and thus POGO did so at the risk of criminal prosecution. We believe that the agency took this position to stifle legitimate criticism of the agency by POGO.

We did not let the matter end there. POGO retained counsel and threatened legal action against the NRC for stifling POGO’s speech. Ultimately, the agency backed down and agreed to identify the portions of our September letter that were in the agency’s view problematic. We appreciate the agency’s willingness to engage POGO on this issue and believe that our discussions were helpful to all concerned. What follows is a redraft of our original letter. We look forward to your prompt response.

Our primary concern is that the way the force-on-force (FOF) tests were conducted do not give you the ability to reassure the public that the Indian Point security force has been proven capable to defend that facility against a credible terrorist attack. After a thorough review of the test of security at Indian Point, we continue to have the following concerns:

Dumbed-Down Design Basis Threat (DBT) – It has been widely reported in the press [1] that prior to 9/11, nuclear power plants were required to have defenses designed to protect against only a ridiculously small attacking force – three terrorists. In contrast, the intelligence community generally believes that terrorists would attack a target with a squad-sized force, which in the Army special forces is 12 and the Navy Seals is 14. In other words, the NRC would need to at least quadruple its old DBT.

sHaving interviewed a number of people who have reviewed the NRC’s new DBT, we do not believe that it is even close to reaching the 12 to 14 level we believe is appropriate. Representatives of other federal agencies have told POGO that the NRC’s new DBT remains inadequate.

The NRC argues that the new DBT is the largest threat against which a private security force can be expected to defend. This rationale is backwards and conflates two separate considerations – what is the size of the threat and what should the nuclear power industry be required to do to in the face of such threats. The NRC policy decision to limit the size of the DBT (under terrific pressure from the nuclear industry and its friends in Congress) was based mainly on its assessment of what is reasonable to ask of a private force. But that approach ignores the most fundamental question: what is the credible threat against the facilities? The size of the DBT must be based on that threat. Furthermore, NRC’s justification of its too-low DBT rings hollow, as the Department of Energy (DOE) also relies on a private security force, yet at some facilities, DOE claims to protect its facilities against twice as many terrorists as the NRC does.

Under Use of Readily-Available Lethal Weapons – It is well known in security circles that there are weapons that are available to terrorists that can penetrate bullet-resistant enclosures (BREs), which are quasi-guard towers. BREs are included in the defensive strategy of a number of nuclear power plants, including Indian Point. Some time ago, the Department of Energy abandoned the use of its state-of-the-art guard towers (which are far more robust than most BREs) because of their vulnerability to readily-available weapons. Indian Point officers have been aware of the controversies surrounding BREs and have brought their concerns not only to Entergy, but also to the NRC Region I, with no response at all. Several years ago, the DOE developed a classified official Adversary Capabilities List which includes weapons and explosives that are readily available to terrorist groups. The NRC should review this list and ensure its Design Basis Threat includes them. For example, .50 caliber sniper rifles (which have been available since World War I) and Armor-Piercing Incendiary rounds (which are available in gun shops for $1 per round) made the DOE guard towers so vulnerable they were abandoned. Other weapons were also of concern, including the rocket-propelled grenades which have been used frequently by near-children around the world in war-torn countries, with great success against hardened targets.

Unrealistic Timing and Location of Attack – It appears the NRC conducted the three FOF tests at Indian Point during the daylight at the beginning of the night shift, and began at least two of the tests in the owner-controlled area. There are several problems with this:

• The security force being tested had just come on duty and was not yet fatigued by a 12-hour shift, hours typically worked by Indian Point security officers five to six days a week.
• The security officers knew within the hour that the test was to begin, as the day shift was held over an extra hour to cover as a shadow force so that the night shift could be tested at the beginning of their shift.
• It is widely believed in the intelligence community that no one will attack during daylight, as it is to the attacker’s advantage to have the cover of darkness. Despite this, all three FOF tests occurred between 4-6 pm. Furthermore, in two of the three tests, the mock terrorists were required to cross open fields in broad daylight in order to reach the protected area, making it that much easier for them to be observed by the security officers.
• The mock terrorists attacked from only one entry point. In addition, the NRC and Entergy agreed that, if the attackers were successful in reaching the protected area fences, there would be a halt in the action and the adversaries would be brought inside of the fences (to prevent any actual damage to the fences during the exercise) – making it perfectly obvious from where the attack will be coming. POGO had previously alerted the NRC to a particular vulnerability involving the fences at most nuclear facilities and was assured that this vulnerability would be taken into account in future FOF tests. However, it was does not appear to have been taken into account during the Indian Point FOF.

Amateur Mock Terrorists – A terrorist group has advantages that cannot be replicated in even the best mock attack FOF. However, the following limitations could have been partially ameliorated by the NRC, but were not:

• No Surprise. The security force knew for months in advance that this test was going to occur, training specifically for the approved scenarios. They even knew within minutes that the test was to occur, because of all the visiting dignitaries and the fact that they had strapped on Multiple Integrated Laser Engagement System (MILES) equipment.
• No Violence of Action. During a mock FOF there is no real danger – no live ammo, no colleagues dying or being maimed or any other adverse impact that would normally create chaos and in some cases cause the protective forces to panic. As a result, security forces develop “MILES bravery.”
• Safety First. The FOF tests are not conducted at high speed because of the overriding safety concerns. Therefore, people and vehicles are not going full tilt the way they would during a real terrorist attack, giving the protective forces time to pause to make decisions – time that they wouldn’t have in a real life situation. Safety was also used as the reason for not conducting the tests at night. Sources told us that Entergy was worried participants could trip over rocks or step on snakes.
• No Trained Adversaries. The mock terrorists were security officers from another nuclear plant who had no training as adversaries. This training is critically important because it teaches the mock terrorist how to think and act offensively, as a real terrorist would, rather than defensively as a security guard would. Here again, both DOE and the military use trained adversaries to test their security forces.

The Security Forces Are On Their Own – It should be recognized that although the exercise was observed by the State Police and FBI, these law enforcement entities cannot respond to an attack with SWAT capability before it is too late. Insofar as we know, these response times have not been tested at Indian Point. But tests at other facilities have shown that an attack is generally won or lost in between three and eight minutes, while it generally takes an hour or two for SWAT teams to respond.

Poor Planning: Lives at Risk – One of the FOF tests was quickly aborted when Coast Guard personnel, who had not been previously informed that the test was to occur, threatened to use their live ammo against the mock attackers. It is unacceptably poor planning to allow this kind of lack of professionalism, putting lives at risk.

Recommendations:

The NRC should:

• Not allow so much advanced notice and training for the FOF – two weeks is sufficient;
• Make the window of attack much less obvious, therefore making it unclear to the participants at what time during the shift the test will take place;
• Administer most of the tests when it is dark;
• Use trained adversary teams from the military or develop its own trained adversary team;
• Conduct computer simulations – either Joint Tactical Simulations (JTS) or Joint Conflict Adversary Tactical Simulations (JCATS) – used by the military and Department of Energy for years. These computer programs simulate the movement of personnel through architecturally- and terrain-accurate models of the facility. This preparation helps the security forces develop the best strategies for defeating any number of possible attacks;
• Include the use of simulated rocket-propelled grenades, sniper rifles with .50 caliber armor-piercing incendiary rounds, gas, smoke and other commonly used weapons and diversionary devices if they are not currently in the DBT; and
• Address the serious communications breakdowns that occurred during the recent Indian Point FOF.

These issues are obviously very serious and need to be addressed promptly. We look forward to your response.

Sincerely,

Danielle Brian

Executive Director

cc: Roy Zimmerman

1. U.S. News & World Report, September 17 2001; Chicago Tribune, July 12, 2002; The Boston Globe, May 14, 2002; Bulletin of the Atomic Scientists, January 1, 2002; New York Times Magazine, May 26, 2002.