IWS - The Information Warfare Site
News Watch Make a donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

GAO Report: Nuclear Regulatory Commission: Oversight of Security at Commercial Nuclear Power Plants Needs to Be Strengthened. GAO-03-752, September 4

26 September 2003

GAO Report Finds Weaknesses in U.S. Nuclear Plant Security

Congressional auditors recommend strengthening force-on-force exercises

A new report says that while the U.S. Nuclear Regulatory Commission (NRC) has taken numerous actions to respond to the heightened risk of terrorist attack at the nation's 104 nuclear power plants, serious weaknesses still exist in NRC's oversight of security at the civilian nuclear reactors.

A report released September 24 by the General Accounting Office (GAO) -- the investigative arm of Congress -- recommends that the NRC improve its oversight at commercial nuclear power plants by "promptly restoring annual security inspections" and strengthening so-called force-on-force exercises that demonstrate how well a nuclear plant might be defended against a real-life threat.

The GAO report detailed weaknesses in several aspects of the commission's security inspection program. For example, the report said NRC inspectors often used a process that minimized the significance of security problems found in annual inspections by classifying them as "non-cited violations" -- a type of violation that does not require NRC inspectors to later verify that a problem has been corrected.

For example, GAO found that guards at one plant failed to physically search several individuals for metal objects after a walk-through detector and a hand-held scanner detected metal objects in their clothing. The unchecked individuals were then allowed unescorted access throughout the plant's protected area.

GAO also reported several weaknesses in NRC's force-on-force exercises, including using more personnel to defend the plant during these exercises than are available on a normal day, using attacking forces that are not trained in terrorist tactics, and using unrealistic weapons -- rubber guns -- that do not simulate actual gunfire.

The report said that even if NRC strengthens its inspection program, commercial nuclear power plants face legal challenges in ensuring plant security. For example, federal law generally prohibits guards at these plants from using automatic weapons, although terrorists are likely to have them.

The entire report, entitled "Oversight of Security at Commercial Nuclear Power Plants Needs to be Strengthened," can be found at the following Web site: http://www.gao.gov/cgi-bin/getrpt?GAO-03-752

Following is the text of the report's highlights:

(begin text)

General Accounting Office
September 24, 2003

Oversight of Security at Commercial Nuclear Power Plants Needs to be Strengthened

NRC has taken numerous actions to respond to the heightened risk of terrorist attack, including interacting with the Department of Homeland Security and issuing orders designed to increase security and improve plant defensive barriers. However, three aspects of its security inspection program reduced NRC's effectiveness in overseeing security at commercial nuclear power plants.

First, NRC inspectors often used a process that minimized the significance of security problems found in annual inspections by classifying them as "non-cited violations" if the problem had not been identified frequently in the past or if the problem had no direct, immediate, adverse consequences at the time it was identified. Non-cited violations do not require a written response from the licensee and do not require NRC inspectors to verify that the problem has been corrected. For example, guards at one plant failed to physically search several individuals for metal objects after a walk-through detector and a hand-held scanner detected metal objects in their clothing. The unchecked individuals were then allowed unescorted access throughout the plant's protected area. By making extensive use of non-cited violations for serious problems, NRC may overstate the level of security at a power plant and reduce the likelihood that needed improvements are made.

Second, NRC does not have a routine, centralized process for collecting, analyzing, and disseminating security inspections to identify problems that may be common to plants or to provide lessons learned in resolving security problems. Such a mechanism may help plants improve their security.

Third, although NRC's force-on-force exercises can demonstrate how well a nuclear plant might defend against a real-life threat, several weaknesses in how NRC conducted these exercises limited their usefulness. Weaknesses included using (1) more personnel to defend the plant during these exercises than during a normal day, (2) attacking forces that are not trained in terrorist tactics, and (3) unrealistic weapons (rubber guns) that do not simulate actual gunfire. Furthermore, NRC has made only limited use of some available improvements that would make force-on-force exercises more realistic and provide a more useful learning experience.

Even if NRC strengthens its inspection program, commercial nuclear power plants face legal challenges in ensuring plant security. First, federal law generally prohibits guards at these plants from using automatic weapons, although terrorists are likely to have them. As a result, guards at commercial nuclear power plants could be at a disadvantage in firepower, if attacked. Second, state laws vary regarding the permissible use of deadly force and the authority to arrest and detain intruders, and guards are unsure about the extent of their authorities and may hesitate or fail to act if the plant is attacked.

Why GAO Did This Study

The September 11, 2001, terrorist attacks intensified the nation's focus on national preparedness and homeland security. Among possible terrorist targets are the nation's nuclear power plants—104 facilities containing radioactive fuel and waste. The Nuclear Regulatory Commission (NRC) oversees plant security through an inspection program designed to verify the plants' compliance with security requirements. As part of that program, NRC conducted annual security inspections of plants and force-on-force exercises to test plant security against a simulated terrorist attack. GAO was asked to review (1) the effectiveness of NRC's security inspection program and (2) legal challenges affecting power plant security. Currently, NRC is reevaluating its inspection program. We did not assess the adequacy of security at the individual plants; rather, our focus was on NRC's oversight and regulation of plant security.

What GAO Recommends

GAO is making recommendations to strengthen NRC's oversight at commercial nuclear power plants by promptly restoring annual security inspections and revising force-on-force exercises. NRC disagreed with many of GAO's findings, but did not comment on GAO's recommendations. GAO continues to believe its findings are appropriate and the recommendations need to be acted upon. www.gao.gov/cgi-bin/getrpt?GAO-03-752. To view the full product, including the scope and methodology, click on the link above.

(end text)