Committee about homeland security

On behalf of the Union of Concerned Scientists (UCS), it is my pleasure to appear before this Committee about homeland security as it relates to defending nuclear power plants from terrorist attack. We believe the Nuclear Regulatory Commission (NRC) would work more effectively with States and localities if it (a) resumed security tests at nuclear power plants, (b) communicated responsibly to the public about nuclear plant security, and (c) restored public access to emergency planning information.

 

My name is David Lochbaum. After obtaining a degree in nuclear engineering from The University of Tennessee in 1979, I spent more than 17 years in private industry, most of that time at operating nuclear power plants in Georgia, Alabama, Mississippi, Kansas, New Jersey, and Pennsylvania. I have been the Nuclear Safety Engineer for UCS since October 1996. UCS, established in 1969 as a non-profit, public interest group, seeks to ensure that all people have clean air, energy and transportation, as well as food that is produced in a safe and sustainable manner. UCS has worked on nuclear plant safety issues for nearly 30 years.

 

Nuclear plant security has been one of our key issues in recent years. During my testimony on May 8, 2001, about the future of nuclear power before the Clean Air, Wetlands, Private Property, and Nuclear Safety Subcommittee of the Senate Committee on Environment and Public Works, I presented the following views:

 

Nuclear Plant Security

The NRC's handling of physical security at nuclear reactors is another example of regulatory ineffectiveness. The NRC began force-on-force tests of security preparedness at nuclear power plants in the early 1990s. These tests pit a handful of simulated intruders against a plant's physical defenses and squadrons of armed security personnel. By 1998, these tests had revealed significant security weaknesses in about 47 percent of the plants tested. The NRC quietly discontinued the testing, but the ensuing public outrage forced the agency to re-institute the tests. Since the tests have been resumed, about 47 percent of the plants continue to have significant security flaws revealed. Last year [2000], force-on-force tests at the Waterford plant in Louisiana and the Quad Cities plant in Illinois demonstrated serious security problems that warranted extensive repairs and upgrades. The owner of the Waterford spent more than $2 million fixing its inadequate security system.

 

Having been foiled in its attempt to secretly deep-six the security tests, the agency resorted to Plan B in which they will allow the plant owners to conduct the tests themselves, grade the tests themselves, and simply mail in the scores—virtually guaranteed to be high marks—to the NRC. If someone like Timothy McVeigh drove to a nuclear power plant with intentions of causing harm, the people living near that plant would better protected by security scoring 85 percent on a real test than 100 or even 110 percent on an open-book, take-home, self-scored test. The public deserves and must get that better protection than that provided by artificially inflated security test scores.

 

We thought a year ago that plant owners conducting their security tests was a bad idea. To our consternation, the NRC developed an even worse idea. On September 10, 2002, the NRC had plans for fourteen security tests at nuclear plant sites. Six of these tests would have been administered by the NRC while eight of these tests would have been run by the plant owners and audited by the NRC. Shortly after September 11, the NRC cancelled all the tests. We understand and fully appreciate that the events of September 11 forced the security staffs at NRC and nuclear power plants across the nation to initially avoid anything that might distract them. But seven months have passed and the NRC still has no firm plans to resume the tests.

 

One of the last, if not the very last, security tests conducted demonstrates why testing must be reinstated. NRC security specialists went to the Vermont Yankee nuclear plant in August 2001 for an Operational Safeguards Readiness Evaluation (OSRE). The NRC inspectors discovered potential vulnerabilities in the plant's strategies for responding to attacks. Two of the four exercises run to test the response strategies confirmed the suspected vulnerabilities. The NRC determined this finding to be significant "because response strategy weaknesses found during the conduct of the OSRE were considered generally predictable, repeatable and indicative of a broad programmatic problem." [1]

 

It is unfortunate that a "broad programmatic problem" affecting security was detected at this nuclear plant. But it would be far more unfortunate for such a "broad programmatic problem" to remain undetected at this or any other nuclear plant. The importance of detecting problems is embodied in this NRC statement to the plant's owner:

 

"Upon identification of the finding, your staff established immediate compensatory measures. These were taken to assure the security program was adequate while necessary longer term corrective actions are implemented. Before leaving the site [on August 23rd], our inspection staff determined that the security program at Vermont Yankee was sound, an important step given the current threat environment. The maintenance of the completed compensatory measures were confirmed by a NRC Security Specialist on September 27, 2001." [2]

 

The NRC does not leave a nuclear plant site after an OSRE unless adequate security has been demonstrated or appropriate compensatory measures have been put in place.

 

The NRC began testing security with OSRE or OSRE-like tests in 1991. Approximately half of the 80-plus tests conducted since then have revealed serious security problems. Given that performance has been fairly consistent over the years, it is not overly speculative to assume that approximately seven of the fourteen tests planned for fiscal year 2002 would have revealed serious security problems. But none of those tests have been run which means that no security problems have been found. More importantly, it means that no security problems have been fixed. The NRC must get back to the business of finding and fixing nuclear plant security problems.

 

In addition to the inestimable benefit of fixing security problems, the tests also provide the NRC with its best communication vehicles. State and local authorities face difficult decisions when allocating resources for protection. Those decisions would be aided by knowledge that the NRC recently tested security at nuclear plants within their jurisdictions. The tests would also help the NRC communicate with the public about nuclear plant security. As evidenced by Attachment 2, the NRC publicly releases "big picture" information following nuclear plant security tests. The "nuts and bolts" details are not publicly disseminated but are communicated clearly to the plant owner. The public is more likely to be reassured by a single test demonstrating adequate security than a thousand press releases proclaiming nuclear plants to be "hardened targets."

 

The NRC needs to do a better job of communicating to the public about nuclear plant security. The agency has remained virtually silent on an issue troubling many Americans. We are not advocating that the NRC divulge explicit details about nuclear plant security. Rather, we believe the NRC should follow the model of the recent Olympic Games in Salt Lake City. To reassure people planning to attend the games, there was extensive media coverage beforehand about security preparations. Reporters accompanied security details patrolling empty pavilions with bomb-sniffing dogs and prowled with surveillance teams using infra-red detection equipment. This approach provided enough security information to reassure an anxious public without giving too much information to anyone seeking to disrupt the games. It was a pro-active, responsible way to balance the public's right-to-know with the security specialist's concept of need-to-know.

 

The NRC should emulate the success of the Olympic Games model by responsibly releasing information on nuclear plant security. For example, there were numerous media accounts shortly after September 11 about citizens and local officials driving past unlocked and unmanned security gates onto the grounds of nuclear power plants in Illinois, Pennsylvania, and Maine. The public was understandably apprehensive after reading these articles. The NRC chose not to allay the public's concerns by pointing out that nuclear plants are ringed by two of gates — outer gates for convenience and inner gates for security — and the inner security gates at the facilities were always manned and locked. The NRC's information vacuum may have forced Governors of several states to dispatch National Guardsmen to augment perimeter security at nuclear plant sites. The National Guard deployment did not hurt nuclear plant security. But it represented an undue burden on states' resources if responsible public communications on the part of the NRC had assuaged the public's concerns.

 

Our final example of information withheld by the agency that the public has both a right-to-know and a need-to-know involves emergency planning. The Three Mile Island nuclear accident in 1979 reinforced the importance of emergency planning. All operating nuclear power plants in the United States have emergency plans. The fidelity of these plans with corresponding plans on the federal, state and local levels is tested at least once every two years by both NRC and the Federal Emergency Management Agency (FEMA). The plans vary from community to community depending on the resources and decisions of state and local authorities. School children within the 10-mile emergency planning zone (EPZ) around some nuclear plants will be evacuated to schools outside the EPZ in event of an accident. School children within the EPZ for other nuclear plants will be evacuated to response centers.

 

Prior to September 11, the emergency plans were readily available on the NRC's website. Parents could access the emergency plans for their specific community and see what protective measures would be taken for their children if an accident happened during the school day. Emergency plans were included in the information pulled from the public arena following September 11. Several parents in New York, New Hampshire, and Massachusetts called me this past January complaining that no one would tell them how their children would be protected following a successful terrorist attack on the nuclear plant in their backyards. I called Mrs. Patricia Norry, the NRC's Deputy Executive Director for Management Services. Mrs. Norry explained that the public did not need access to emergency plans for their communities because it was sufficient that federal, state, and local authorities could access the plans if needed. This attitude is the 21st century equivalent of Marie Antoinette's "Let them eat cake" rejoinder. It does little to enhance public confidence in the NRC or reassure people that they are being adequately protected.

 

The NRC must restore the public's access to emergency planning information. If details within the emergency plans are so explicit that terrorists contemplating attacks against nuclear plants would learn too much, the NRC should provide the public with basic information on what to do when the emergency sirens wail. Lack of responsible NRC communication now could severely impede state and local officials in event of a nuclear plant accident by flooding them with calls from concerned parents seeking the whereabouts of their children and clogging roadways with caravans of parents trying to locate their children.

 

The NRC, state and local authorities have vital roles protecting public health and safety. These roles became more visible following after September 11 as public concern over potential targets grew. Unfortunately, the NRC's inactions fanned the flames of fear when responsible actions may have suppressed them. They could have continued security tests to provide tangible evidence of adequate preparedness. Instead, they cancelled the fourteen tests that were scheduled. They could have pro-actively communicated with the public about nuclear plant security. Instead they opted to "duck and cover." They could have pointed to the emergency plans developed to protect the public in event of a nuclear plant accident. Instead, they chose to hide the emergency plans. Consequently, state and local authorities had to shoulder more of the burden because of the NRC's absence.

 

Any damage to the public psyche has already been done. The NRC must begin the healing process by resuming security tests at nuclear power plants, communicating responsibly with the public about nuclear plant security matters, and by providing the public with the information it needs regarding emergency plans. All of these measures could be accomplished within the NRC's existing FY2002 and FY2003 budgets.

 

To help the NRC progress along this path, the Congress could expand the scope of a report currently submitted to it each month by the agency. These monthly reports were initiated in the Fiscal Year (FY) 1999 Energy and Water Development Appropriations Act, Senate Report 105-206. The FY 2002 Energy and Water Development Appropriations Act, House Report 107-258, directed the NRC to continue the reports. These reports provide the status on a range of NRC activities and could easily be expanded to include security tests performed at nuclear power plants, communications to the public on nuclear plant security matters, and availability of emergency planning information.

 

On behalf of UCS, I wish to thank the Committee for conducting this hearing on nuclear plant security and for considering our views on the matter.


[1] Letter dated March 25, 2002, from Hubert J. Miller, Regional Administrator, Nuclear Regulatory Commission, to Michael A. Balduzzi, Senior Vice President and Chief Nuclear Officer, Vermont Yankee Nuclear Power Corporation, "Final Significance Determination for a Yellow Findings at the Vermont Yankee Generating Station (NRC Inspection Report 50-271/01-010)." (Attachment 1 to this testimony)

[2] Letter dated November 28, 2001, from Wayne D. Lanning, Director - Division of Reactor Safety, Nuclear Regulatory Commission, to Michael A. Balduzzi, Senior Vice President and Chief Nuclear Officer, Vermont Yankee Nuclear Power Corporation, "Vermont Yankee Generating Station - NRC Inspection Report 50-271/01-010." (Attachment 2 to this testimony)