Although the September 11, 2001, attacks are becoming a distant memory, it would be a big mistake to forget that the danger to the United States from both international and domestic terrorists remains very real today. Unfortunately, U.S. nuclear power plant owners are experiencing collective denial about their facilities’ vulnerability to sabotage attacks that could cause widespread radiological contamination.
The U.S. nuclear industry, now struggling to compete with low natural gas prices, seems to think that robust security is a luxury it can no longer afford. Accordingly, the Nuclear Energy Institute (NEI), the industry’s leading trade association, has been heavily pressuring the Nuclear Regulatory Commission (NRC) to ease up on inspecting and enforcing critical security regulations in order to cut costs.
Force-on-force security inspections
The Union of Concerned Scientists has written in the past about the importance of “force-on-force” security inspections (where plant security guards defend against mock attackers) and NEI’s attempts to weaken them. NEI has called for abolishing the NRC’s force-on-force testing program and replacing it with exercises conducted by the plant owners themselves. Even former NRC Commissioner William Ostendorff, who otherwise was sympathetic to NEI’s position, did not support this proposal.
Short of ending the inspections outright, NEI would have the NRC make changes to its force-on-force program in ways that, in our assessment, would undermine its effectiveness in evaluating the adequacy of security at nuclear plants.
It is true that good nuclear security is expensive. Maintaining a full complement of security officers round the clock—that is, five shifts of a few dozen guards each—costs millions of dollars annually.
Such a guard force is necessary to protect nuclear plants from a “design basis threat” (DBT) attack, the nominal threat defined by the NRC. In 2007, the NRC revised its public definition of the DBT to be “a determined violent external assault, attack by stealth, or deceptive actions, including diversionary actions, by an adversary force” that can act in multiple teams and is composed of “well-trained (including military training and skills) and dedicated individuals, willing to kill or be killed” and assisted by “knowledgeable” insiders acting in an active and/or passive capacity. The NRC provides more specifics, such as the actual number of attackers in the adversary force, in guidance documents that are not publicly available.
The number of armed security officers needed to defend against a violent assault depends largely on the number of attackers. Generally, the more attackers there are, the more defenders are required. After the 9/11 al Qaeda attacks, which involved nearly 20 attackers in four coordinated teams, the NRC reportedly increased the number of attackers in the DBT. This contributed to an increased security cost for plant owners.
Industry arguments
Industry representatives, not wanting to see nuclear plant security costs go up any further, point to assessments of a changing terrorist landscape. They argue that al Qaeda is greatly diminished, and the Islamic State (IS) poses a far greater threat to the United States through its ability to inspire “lone wolves” to spontaneously engage in terrorist acts without formal direction or financing from the organization. Consequently, they say that there is little danger now of coordinated attacks on such hardened targets as government facilities or nuclear power plants, which would require resources beyond the reach of most lone wolves. Instead, lone wolves will go after soft targets like dance clubs or shopping malls. See, for example, former NRC Commissioner Jeffrey Merrifield’s remarks at a recent NRC briefing. While Merrifield was careful not to explicitly call for reducing nuclear plant security, he complained that the NRC’s policies are leading to an effective “ratcheting” up of security requirements not warranted by changes in the threat environment.
NEI also argues that the NRC’s force-on-force inspections have resulted in de facto increases in security requirements and are unfair because over time the NRC mock adversary teams have introduced new tactics, techniques and procedures (TTPs) into their attacks that are so sophisticated they are unrealistic and exceed the capabilities of the DBT adversary. However, an NRC task force looked into this question in detail and concluded that such TTPs were both consistent with the DBT and with the capabilities of real-world terrorists. In our view, creative use of TTPs that nuclear plant security forces may not have seen before is not only appropriate but essential for preserving an element of surprise in exercises that, unlike real terrorist attacks, the NRC now announces two years in advance. The use of such TTPs are also within the bounds of the “well-trained” adversary specified by the DBT.
Maintaining security
While there is no doubt that soft-target attacks by individuals pose a real threat, it would be irresponsible for the nuclear industry to let its guard down now. It is not an either/or proposition. It is a fallacy to conclude that because soft-target attacks are on the rise, that ISIS or other foreign or domestic groups have stopped planning attacks that may be more difficult to pull off but could harm far greater numbers of people. Over time, these groups’ determination and resources surely will continue to grow and their capabilities will continue to evolve. Nuclear plant security forces must stay ahead of any potential adversary or they may end up dangerously unprepared for the next attack. An adaptive and flexible response is what the NRC’s force-on-force inspection program now measures and that is why the program must continue in its current form.
Instead of lobbying the NRC to weaken security requirements to protect the industry from low natural gas prices, the industry should devote its efforts to better protecting their plants against terrorism.