The 2011 accident at Fukushima was a wake-up call reminding the world of the vulnerability of nuclear power plants to natural disasters such as earthquakes and floods.
However, nature is not the only potential threat to nuclear facilities. They are also inviting targets for sabotage and terrorist attacks. A successful attack on a nuclear plant could have devastating consequences, killing, sickening or displacing large numbers of residents in the area surrounding the plant, and causing extensive long-term environmental damage.
Protecting nuclear facilities against sabotage is part of the mission of the Nuclear Regulatory Commission (NRC). The NRC makes security rules that all plants must follow, covering issues such as security access zones, the kinds of threats plant security systems must be prepared to meet, the size and capabilities of security staffing, and how often security systems must be tested.
The events of 9/11/2001 threw the issue of nuclear security into the spotlight. Even before 9/11, UCS experts had pointed out serious flaws in NRC security regulations and their enforcement. Despite the changes that the NRC has put into place after 9/11, some of these concerns remain unaddressed. U.S. nuclear plants are still not as secure as they can and should be.
Defining the threat
The adequacy of a security system depends on what we think we are protecting against. If we have underestimated the threat, we may overestimate our readiness to meet it. The NRC has sometimes used unrealistically modest assumptions about potential attackers.
The design basis threat (DBT) is the official definition of the security threats power plant management is required to protect against. (It is unclear who is responsible for protecting against threats that go beyond the DBT.) After 9/11, UCS criticized the DBT for nuclear plants on these grounds, among others:
It ignored the possibility of air- and water-based attacks; It did not address the possibility of large attacking groups using multiple entry points, or of an attack involving multiple insiders; It concentrated on threats to the reactor core, failing to address the vulnerability of spent fuel storage facilities. Some of these issues have been addressed in recent years, but serious shortcomings remain. For example, UCS’s post-Fukushima safety and security recommendations, released in 2011, noted that the NRC had finally revised its rules to address the threat of aircraft attacks for new reactor designs—but at the same time had rejected proposed design changes to protect against water- and land-based attacks.
Force-on-force testingTo ensure that security systems will work in the event of an actual attack, the NRC periodically conducts force-on-force (FOF) inspections: exercises to simulate an attack and evaluate its likelihood of success. These tests cannot fully simulate actual attacks; for example, plant owners must receive some advance warning. Nevertheless, they are useful for assessing the effectiveness of plant security forces.
In the 1990s, the NRC’s testing program revealed serious security weaknesses at nearly half of the nuclear plants tested. This program was revised after 9/11, but, on average, more than 5 percent of plants are failing FOF tests..
There is also concern about the testing standard used. In March 2012 UCS recommended that the NRC move forward with its plan to adopt a “margin-to-failure” assessment, which could distinguish barely adequate performance from strong performance, rather than a pass/fail system in which a plant passes the test unless the simulated attack is a complete success.
In July 2012, the NRC adopted the new process. However, as a result of industry pressure, the standards were watered down, so that poor FOF test results could be discounted if a plant was doing well in other security areas.
Finally, FOF testing is currently required only for operating reactors, leaving questions about the adequacy of protection against attacks on reactors that have shut down, but still contain radioactive materials that could harm the public if damaged.
Transparency and public trustAfter 9/11, public access to information about nuclear power security policy was tightened considerably. Where once the NRC had, to a limited extent, sought public input into its decisions on questions like the DBT, it subsequently made those decisions entirely behind closed doors with industry representatives.
While some tightening of access to information was understandable in the aftermath of a major terrorist attack, the NRC has a responsibility to seek and respond to public input on issues of nuclear security, in which the public has an obvious interest.
What the NRC needs to do
The UCS post-Fukushima recommendations for the NRC included several items specifically addressing security issues.
The NRC should:
- Revise its assumptions about terrorists' capabilities to ensure nuclear plants are adequately protected against credible threats, and these assumptions should be reviewed by U.S. intelligence agencies.
- Modify the way it judges force-on-force security exercises by strengthening the assessment of a plant's "margin to failure."
- Establish a program for licensing private security guards that would require successful completion of a federally supervised training course and periodic recertification.
- Require new reactor designs to be more secure against land- and water-based terrorist attacks.
- Require reactor owners to improve the security of existing dry cask storage facilities.