Thank you for inviting me to speak again this year. I'm coming to you fresh from a pretty frustrating few months trying to communicate security concerns to the Nuclear Regulatory Commission (NRC). Perhaps by incorporating them into this speech, I can get a response without having to go through the hopeless NRC's concerns process. So here are the security concerns that the Project On Government Oversight (POGO) has been trying to raise. First I want to address the dumbed-down Design Basis Threat (DBT) .
Dumbed-Down Design Basis Threat (DBT)
It has been widely reported in the press that prior to 9/11, nuclear power plants were required to have defenses designed to protect against only a ridiculously small attacking force - three terrorists. In contrast, the intelligence community generally advises that terrorists would attack a target with a squad-sized force. For reference, a typical squad in the Army Special Forces is 12 soldiers and in the Navy SEALs, it is 14. In other words, the NRC would need to dramatically increase its old DBT, perhaps at least quadruple it. As a benchmark, the EPA has set a public DBT for municipal water supplies to defend against six terrorists.
Having interviewed a number of people who have reviewed the NRC's new DBT, we do not believe that it is even close to reaching the 12 to 14 level that is appropriate. Representatives of other federal agencies, including the Department of Defense, have told POGO that the NRC's new DBT remains inadequate.
Here's the fundamental problem: The NRC argues that the new DBT "is an adequate and reasonable standard for a private security force to protect against." This rationale is backwards, and ignores the most fundamental question: What is the credible threat against the facilities? The size of the DBT must be based on that threat. Furthermore, NRC's justification for its inadequate DBT rings hollow. The Department of Energy (DOE) also relies on a private security force, yet at some facilities, DOE claims to protect its facilities against twice as many terrorists as the NRC does.
It must be recognized that NRC Headquarters security staff is becoming more professional, and I respect Roy Zimmerman and Glenn Tracy's efforts to improve security at the facilities. MILES equipment is finally being used and JCATS computer simulations are being designed. However, after the recent Indian Point force-on-force test we continue to have concerns about unnecessary artificialities. The NRC should:
- Not allow so much advanced notice and training for the force-on-force -- two weeks is sufficient;
- Make the window of attack much less obvious, leaving the participants uncertain about what time during the shift the test will take place;
- Conduct most of the tests when it is dark;
- Use adversary teams trained to think like terrorists; they could be drawn from the military or the NRC could develop its own adversary team; They would be skilled in surprise attacks, violence of action, and the use of active insiders; and
- Include the use of more lethal weapons that are known to be used by terrorists as well as other commonly used diversionary devices.
Security Allegations System is Broken
There is a communication breakdown in the nuclear family. The allegations system is ostensibly designed to provide a structure for bringing concerns -- and I am focusing on security concerns -- to the attention of the Commission for investigation and possible action. Unfortunately, it doesn't happen that way. Instead people on the inside - pro-nuclear and security-conscious insiders - bring serious concerns forward to the NRC and get an unexpected response. Instead of a phone call that says, "Hey can I come talk to you about this?" Or reassurance that the NRC is grateful to have the opportunity to improve security, they receive letters saying, A: "We have checked with the utility, and your concerns have no merit." or B: "The NRC has received the [the licensee's] response, and found it to be acceptable." This is not a system to improve security: This is a system to process paperwork and maintain the illusion that the NRC wants to hear from concerned insiders.
Let me give you a couple of examples. A security officer at one licensee had a number of concerns about the bullet-resistant enclosures (BREs), or quasi-guard towers, such as placement, visibility problems and survivability. In one comical case, rather than being elevated, a BRE was actually located on the ground where the gun-port was only one foot off the ground. All the security officer could see was ankles. He had more than a little bit of trouble distinguishing between good-guy ankles and bad-guy ankles. After banging his head against the wall at his own utility, he brought this, along with his concerns about the other BREs, to the NRC. He was uncomfortable with going into any detail about survivability in writing when he contacted the NRC because he thought the details might be safeguarded. He assumed he would be interviewed by an NRC investigator. He was wrong. He was never contacted by anyone. Instead, in came the written response: "NRC has received [the licensee's] response, and found it to be acceptable." To put this response into perspective, security officers at a number of plants refer to BREs as "iron coffins" because of their vulnerability in a real attack. In fact, DOE has abandoned all of its state-of-the-art hardened guard towers for this reason.
POGO has correspondence between another sincerely concerned security officer and the NRC. The security officer pointed out that the security plan at his plant required a particular number of officers on duty. However, on certain weekends and holidays as many as 25% fewer officers were on duty than required by the NRC - a clear violation of the security plan. He had already raised these concerns through the licensee's internal concerns process. Again, the NRC turned the concerns over to the licensee. Because he had been so specific, the licensee admitted to the problems and promised to hire more officers. The security officer got the standard NRC response: "NRC has received [the licensee's] response, and found it to be acceptable." Three times over several years the licensee assured both the NRC and the security officer that 50 more officers would be hired. It never happened. The NRC again accepted empty promises. The security officer pointed out at the time that in 2003, the manpower level was still below 9/11 levels.
We at POGO have tried both the direct approach - quietly presenting our concerns to the NRC, as well as the frontal attack of writing a public letter to Chairman Diaz. Both approaches have had equally unsatisfactory results. For nearly two years, we quietly communicated security concerns to the NRC. Which only resulted in letters back to us saying, well, saying essentially nothing. For example, more than a year ago, we sent a very specific email to the NRC about its failure to recognize a vulnerability involving fences and storm drains. Because we couldn't specifically identify which facilities this applies to, our allegation was not investigated. I suspect that if I had specified the plants, I would have been threatened from the Office of Investigations for knowing safeguards information. Instead, they merely filled out the paperwork and, a year later, still have not addressed this vulnerability or other concerns we have brought forward.
Then, the public letter criticizing the Indian Point force-on-force only resulted in threats from the NRC's General Counsel to prosecute us criminally for revealing safeguards information.
The most significant security upgrades that occurred last year happened because one Commissioner, Commissioner McGaffigan, did the extraordinary. He left the building, (drove in the pelting rain I might add for several hours) and spoke to several dozen security officers. He listened. He prodded. And he then ordered change. It turned out that NRC Region I was already familiar with the security officers' allegations of too much overtime and not enough training. But what had they really done? NRC officials had processed the concerns through the allegations system, checked with the licensees, and dismissed the concerns because the plants were in compliance. As a result, the Commissioners never heard about the problems. Do we have to completely bypass the systems in place to affect change? We have been trying to go through the "system," but are at wits end. And I think perhaps putting Commissioner McGaffigan's direct line on our website - may be the only way to get anything done. I'm frankly a little worried that this speech is going to result in my being told that POGO's concerns are yet another allegation that has to go through the allegations process.
Unrealistic Expectations for Security Plans
Finally, we have serious questions about the adequacy of the security plans that are currently being developed by the licensees at the 65 nuclear power plant sites. These plans are due at the NRC by April 29, 2004. Credible security plans are time-consuming and difficult to prepare. For instance at DOE, security plans can take up to 12 to 18 months to prepare. They involve developing vulnerability assessments, worst-case scenarios, table top exercises, computer simulations, limited-scope force-on-forces to develop defensive tactics and verify timelines, and finally full-up force-on-forces to determine the adequacy of the security plan. It is only at that point that they are submitted to DOE for approval.
In contrast, the NRC will have 65 security plans to review and approve by October 2004 -- in only six months. This is the deadline for the new DBT to be fully implemented. Where is the talent coming from to do this job? Sandia? Sandia is already stretched thin with many of their capable people working on Russian nuclear materials. People who have recently reviewed some of the nuclear power plant security plans found them to be totally based on compliance - again. There were no vulnerability assessments, no timelines, simply "we have a fence, and we have the security officers that the regulations require."
I believe we can get to where we need to be, but we need to stop accepting the status quo and push ourselves to do better. I commend and thank the NRC for inviting me to speak, because I know they knew I was going to be critical.