Skip to main content

Nuclear Power Plants: Efforts Made to Upgrade Security, but the Nuclear Regulatory Commission's Design Basis Threat Process Should Be Improved

GAO-06-388 Published: Mar 14, 2006. Publicly Released: Apr 04, 2006.
Jump To:
Skip to Highlights

Highlights

The nation's commercial nuclear power plants are potential targets for terrorists seeking to cause the release of radioactive material. The Nuclear Regulatory Commission (NRC), an independent agency headed by five commissioners, is responsible for regulating and overseeing security at the plants. In April 2003, in response to the terrorist attacks of September 11, 2001, NRC revised the design basis threat (DBT), which describes the threat that plants must be prepared to defend against in terms of the number of attackers and their training, weapons, and tactics. NRC has also restructured its program for testing security at the plants through force-on-force inspections, which consist of mock terrorist attacks. GAO was asked to review (1) the process NRC used to revise the DBT for nuclear power plants, (2) the actions nuclear power plants have taken to enhance security in response to the revised DBT, and (3) NRC's progress in strengthening the conduct of force-on-force inspections at the plants.

Recommendations

Recommendations for Executive Action

Agency Affected Recommendation Status
Nuclear Regulatory Commission To improve the process by which NRC makes future revisions to the DBT for nuclear power plants, the NRC commissioners should assign responsibility for obtaining feedback from the nuclear industry and other stakeholders on proposed changes to the DBT to an office within NRC other than the Threat Assessment Section, so that the threat assessment staff is able to assess the terrorist threat to nuclear power plants without creating the potential for or appearance of industry influencing their analysis. The commissioners, in turn, could consider both the staff's analysis of the terrorist threat and industry feedback to make the final determination as to whether and how to revise the DBT.
Closed – Implemented
NRC has decided that its Threat Assessment Section (now the Intelligence Liaison and Threat Assessment Branch or ILTAB) will not be responsible for obtaining feedback from stakeholders, including the nuclear industry, regarding a proposed design basis threat (DBT) revision until after ILTAB has provided an initial assessment to senior management. Feedback from stakeholders on proposed DBT revisions will be initially evaluated by another branch within NRC's Office of Nuclear Security and Incident Response. Responsibility for accepting stakeholder feedback has been transferred to other branches on an issue-specific basis.
Nuclear Regulatory Commission To improve the process by which NRC makes future revisions to the DBT for nuclear power plants, the NRC commissioners should develop explicit criteria to guide the commissioners in their deliberations to approve changes to the DBT. These criteria should include setting out the specific factors and how they will be weighed in deciding what characteristics of an attack on a nuclear power plant would constitute an enemy of the United States, or otherwise would not be reasonable for a private security force to defend against.
Closed – Implemented
On March 19, 2007, NRC published its final rule on the Design Basis Threat (10 CFR Part 73) in the Federal Register. The new rule revised the current regulation by, for example, including (1) cyber attacks, (2) waterborne vehicle bomb assaults, and (3)adversaries who are willing to kill or be killed and are knowledgeable about specific target selection as an explicit element of the Design Basis Threat. The rule also clarified that the enemy of the state rule (10 CFR Part 50.13), which was promulgated in 1967 in response to concerns about Cuba, was directed at attacks that typically could only be carried out by foreign military organizations.
Nuclear Regulatory Commission The NRC commissioners should continue to evaluate and implement measures to further strengthen the force-on-force inspection program. For example, NRC may be able to identify and reduce artificialities associated with the inspections to better test how nuclear power plants would respond to an actual terrorist attack.
Closed – Implemented
NRC agreed with this recommendation and has continued to evaluate and implement measures to improve the force-on-force inspection program. For example, in the summer 2006, it issued the "Controller Responsibilities Guideline" to provide sites and controllers with a comprehensive set of instructions to define more clearly command and control, rules of engagement, and controller training requirements. NRC also continues to liaison with its counterparts in the Departments of Defense and Energy to observe force-on-force exercises and share best practices. Furthermore, NRC has endorsed the integration of Joint Conflict and Tactical Simulation (JCATS) technology to add realism to tabletop exercises that are part of the force-on-force exercises and has an ongoing effort to expand the use of laser weapons in the exercises.

Full Report

GAO Contacts

Office of Public Affairs

Topics

Emergency preparednessHomeland securityIndependent regulatory commissionsInspectionNuclear facility securityNuclear powerplant safetyNuclear powerplantsSecurity threatsStrategic planningCounterterrorism