• Scientific Integrity
• Clean Vehicles
• Clean Energy
• Nuclear Power
  • Nuclear Power 101
    • Who's Responsible for Nuclear Power Safety?
    • Preventing Nuclear Accidents
    • Handling Nuclear Waste
    • Keeping Nuclear Plants Secure
  • Nuclear Power and Our Energy Choices
    • Nuclear Power and Global Warming
    • Nuclear Power Costs
  • Nuclear Power Technology
  • Successes
  • What You Can Do
• Nuclear Weapons & Global Security
• Food and Agriculture

Keeping Nuclear Plants Secure

The 2011 accident at Fukushima was a wake-up call reminding the world of the vulnerability of nuclear power plants to natural disasters such as earthquakes and floods.

However, nature is not the only potential threat to nuclear facilities. They are also inviting targets for sabotage and terrorist attacks. A successful attack on a nuclear plant could have devastating consequences, killing, sickening or displacing large numbers of residents in the area surrounding the plant, and causing extensive long-term environmental damage.

Protecting nuclear facilities against sabotage is part of the mission of the Nuclear Regulatory Commission (NRC). The NRC makes security rules that all plants must comply with as a condition of their license, covering issues such as security access zones, the kinds of threats plant security systems must be prepared to meet, the size and makeup of security staffing, and how often security systems must be tested.

The events of 9/11/2001 threw the issue of nuclear security into the spotlight, and in the years that followed, UCS experts pointed out serious flaws in NRC security regulations and their enforcement, some of which remain unaddressed. U.S. nuclear plants are still not as secure as they can and should be.

Defining the Threat

The adequacy of a security system depends on what we think we are protecting against. If we have underestimated the threat, we may overestimate our readiness to meet it. The NRC has sometimes used unrealistically modest assumptions about potential attackers.

The design basis threat (DBT) is the official definition of the security threats power plant management is required to protect against. (The government is responsible for protecting against threats that go beyond the DBT.) After 9/11, UCS criticized the DBT for nuclear plants on these grounds, among others:

• It ignored the possibility of air- and water-based attacks;
• It did not address the possibility of large attacking groups using multiple entry points, or of an attack involving multiple insiders;
• It concentrated on threats to the reactor core, failing to address the vulnerability of spent fuel storage facilities.

Some of these issues have been addressed in recent years, but serious shortcomings remain. For example, UCS’s post-Fukushima safety and security recommendations, released in 2011, noted that the NRC had finally revised its rules to address the threat of aircraft attacks—but at the same time had rejected proposed changes to protect against water- and land-based attacks.

Force-on-Force Testing

To ensure that security systems will work in the event of an actual attack, plants periodically conduct force-on-force (FOF) exercises to simulate an attack and evaluate its likelihood of success.

In the 1990s, the NRC’s testing program revealed serious security weaknesses at nearly half of the nuclear plants tested. This program was revised after 9/11, but according to the 2011 UCS recommendations, plants are still failing FOF tests more than 10 percent of the time, even with advance notice.

There is also concern about the testing standard used. UCS recommends using a “margin-to-failure” assessment, in which barely adequate performance is distinguished from strong performance, rather than the current pass/fail system in which a plant passes the test unless the simulated attack is a complete success.

Finally, FOF testing is currently required only for operating reactors, leaving questions about the adequacy of protection against attacks on reactors that have shut down, but still contain radioactive materials that could harm the public if damaged.

Transparency and Public Trust

After 9/11, public access to information about nuclear power security policy was tightened considerably. Where once the NRC had sought public input into its decisions on questions like the DBT, it now made those decisions behind closed doors with industry representatives.

While some tightening of access to information was understandable in the aftermath of a major terrorist attack, the NRC has a responsibility to seek and respond to public input on issues of nuclear security, in which the public has an obvious interest.

What the NRC Needs to Do

The UCS post-Fukushima recommendations for the NRC included several items specifically addressing security issues.

The NRC should:

• Revise its assumptions about terrorists' capabilities to ensure nuclear plants are adequately protected against credible threats, and these assumptions should be reviewed by U.S. intelligence agencies.
• Modify the way it judges force-on-force security exercises by assessing a plant's "margin to failure," rather than whether the plant merely passes or fails.
• Establish a program for licensing private security guards that would require successful completion of a federally supervised training course and periodic recertification.
• Require new reactor designs to be more secure against land- and water-based terrorist attacks.
• Require reactor owners to improve the security of existing dry cask storage facilities.

Related Articles in Nuclear Power

• UCS Nuclear Power Safety & Security Recommendations
• Impacts of a Terrorist Attack at Indian Point Nuclear Power Plant (2004)
• Nuclear Reactor Access Zones
• Spent Reactor Fuel Security