Nuclear Regulatory Commission: Oversight of Security at Commercial Nuclear Power Plants Needs to Be Strengthened
Highlights
The September 11, 2001, terrorist attacks intensified the nation's focus on national preparedness and homeland security. Among possible terrorist targets are the nation's nuclear power plants--104 facilities containing radioactive fuel and waste. The Nuclear Regulatory Commission (NRC) oversees plant security through an inspection program designed to verify the plants' compliance with security requirements. As part of that program, NRC conducted annual security inspections of plants and force-on-force exercises to test plant security against a simulated terrorist attack. GAO was asked to review (1) the effectiveness of NRC's security inspection program and (2) legal challenges affecting power plant security. Currently, NRC is reevaluating its inspection program. We did not assess the adequacy of security at the individual plants; rather, our focus was on NRC's oversight and regulation of plant security.
Recommendations
Recommendations for Executive Action
Agency Affected | Recommendation | Status |
---|---|---|
Nuclear Regulatory Commission | To strengthen NRC's security inspection program, the NRC Commissioners should ensure that NRC's revised security inspection program and force-on-force exercise program are restored promptly and require that NRC regional inspectors conduct follow-up visits to verify that corrective actions have been taken when security violations, including non-cited violations, have been identified. |
NRC has reinstated revised inspection and force-on-force exercise programs. If significant problems are identified, NRC inspection staff do not leave the site until compensatory actions are taken. Although NRC inspectors do not later follow up on all security violations to determine if they have been corrected, they are selecting a sample of corrective actions for verification.
|
Nuclear Regulatory Commission | To strengthen NRC's security inspection program, the NRC Commissioners should ensure that NRC routinely collects, analyzes, and disseminates information on security problems, solutions, and lessons learned and shares this information with all NRC regions and licensees. |
NRC now gathers information on security problems, solutions, and lessons learned and shares such information through various means. NRC initially experienced technology shortcomings and security concerns related to developing a computer-based system. However, according to NRC, it has addressed these concerns and plans no further action in response to the recommendation.
|
Nuclear Regulatory Commission | To strengthen NRC's security inspection program, the NRC Commissioners should make force-on-force exercises a required activity and strengthen them by conducting the exercises more frequently at each plant. |
NRC has made force-on-force exercises a required activity and has substantially increased their frequency from once every 8 years to once every 3 years at each nuclear power site. The energy bill recently signed by the President also requires NRC to conduct force-on-force exercises every 3 years at each site.
|
Nuclear Regulatory Commission | To strengthen NRC's security inspection program, the NRC Commissioners should make force-on-force exercises a required activity and strengthen them by using laser equipment to ensure accurate accounts of shots fired. |
In August 2004, the NRC Commissioners approved the use of Multiple Integrated Laser Engagement Equipment (MILES) or other exercise simulated equipment found acceptable by NRC. The NRC staff subsequently incorporated the use of this equipment into its Inspection Procedure dated November 10, 2004. In November 2004, the staff began conducting evaluated force-on-force exercises as a triennial requirement using MILES equipment in according with the inspection procedure. The equipment has been used in all exercises since.
|
Nuclear Regulatory Commission | To strengthen NRC's security inspection program, the NRC Commissioners should make force-on-force exercises a required activity and strengthen them by requiring the exercises to make use of the full terrorist capabilities stated in the design basis threat, including the use of an adversary force that has been trained in terrorist tactics. |
After incorporating the revised design basis threat and the use of a composite adversary force (CAF) in its inspection procedure dated November 10, 2004, NRC staff began conducting evaluated force-on-force exercises fully using the revised design basis threat and the CAF in accordance with the inspection procedure. The CAF, which is trained in terrorist tactics, is provided by the industry but meets NRC standards and operates under NRC supervision. NRC continues to assess the performance of the CAF in each exercise and states that it will require improvements, if appropriate, up to and including developing an NRC contracted adversary force.
|
Nuclear Regulatory Commission | To strengthen NRC's security inspection program, the NRC Commissioners should make force-on-force exercises a required activity and strengthen them by continuing the practice, begun in 2000, of prohibiting licensees from temporarily increasing the number of guards defending the plant and enhancing plant defenses for force-on-force exercises, or requiring that any temporary security enhancements be officially incorporated into the licensees' security plans. |
With the reinstatement of the force-on-force exercise program, NRC is continuing its practice of prohibiting licensees from temporarily enhancing plant security solely for force-on-force exercises by increasing the number of security officers defending the plant during the exercises. Currently, the number of security officers defending the plant during an exercise is limited to the number the plant commits to in its NRC-approved security plan.
|
Nuclear Regulatory Commission | To strengthen NRC's security inspection program, the NRC Commissioners should make force-on-force exercises a required activity and strengthen them by enforcing NRC's requirement that force-on-force exercise reports be issued within 30 to 45 days after the end of the exercise to ensure prompt correction of the problems noted. |
NRC's inspection procedure for its new force-on-force exercise program requires the inspection team to prepare reports on the findings within 30 to 45 days after the exercise is completed. For the first nine force-on-force exercises conducted under the reinstated program, seven reports were essentially issued on time: four were issued in 45 days or less and three were only 1, 2, or 4 days after the 45 days. The other two reports were 15 and 44 days late.
|