When the 9/11 terrorist attacks intensified the nation's focus on national preparedness and homeland security, the federal government realized that possible terrorist targets are the nation's nuclear power plants. The NRC oversees plant security through an inspection program designed to verify the plants' compliance with security requirements.
As part of that program, NRC conducted annual security inspections of plants and force-on-force exercises to test plant security against a simulated terrorist attack. GAO was asked to review the effectiveness of NRC's security inspection program and the legal challenges affecting power plant security. Currently, NRC is reevaluating its inspection program. The report from the GAO, "Nuclear Regulatory Commission: Oversight of Security at Commercial Nuclear Power Plants Needs to Be Strengthened (GAO-03-752)," did not assess the adequacy of security at the individual plants. The focus of the report is on NRC's oversight and regulation of plant security.
GAO found the NRC has taken numerous actions to respond to the heightened risk of terrorist attack, including interacting with the Department of Homeland Security and issuing orders designed to increase security and improve plant defensive barriers. However, three aspects of its security inspection program reduced NRC's effectiveness in overseeing security at commercial nuclear power plants:
- NRC inspectors often used a process that minimized the significance of security problems found in annual inspections by classifying them as "non-cited violations" if the problem had not been identified frequently in the past or if the problem had no direct, immediate, adverse consequences at the time it was identified. Non-cited violations do not require a written response from the licensee and do not require NRC inspectors to verify that the problem has been corrected. For example, guards at one plant failed to physically search several individuals for metal objects after a walk-through detector and a hand-held scanner detected metal objects in their clothing. The unchecked individuals were then allowed unescorted access throughout the plant's protected area. By making extensive use of non-cited violations for serious problems, NRC may overstate the level of security at a power plant and reduce the likelihood that needed improvements are made.
- NRC does not have a routine, centralized process for collecting, analyzing and disseminating security inspections to identify problems that may be common to plants or to provide lessons learned in resolving security problems. Such a mechanism may help plants improve their security.
- Although NRC's force-on-force exercises can demonstrate how well a nuclear plant might defend against a real-life threat, several weaknesses in how NRC conducted these exercises limited their usefulness. Weaknesses included using more personnel to defend the plant during these exercises than during a normal day; attacking forces that are not trained in terrorist tactics; and unrealistic weapons (rubber guns) that do not simulate actual gunfire. And, says GAO, NRC has made only limited use of some available improvements that would make force-on-force exercises more realistic and provide a more useful learning experience.
"Even if NRC strengthens its inspection program, commercial nuclear power plants face legal challenges in ensuring plant security," states the report. First, federal law generally prohibits guards at these plants from using automatic weapons, although terrorists are likely to have them. As a result, guards at commercial nuclear power plants could be at a disadvantage in firepower, if attacked. Second, state laws vary regarding the permissible use of deadly force and the authority to arrest and detain intruders, and guards are unsure about the extent of their authorities and may hesitate or fail to act if the plant is attacked.
GAO recommended the NRC promptly restore annual security inspections and revise force-on-force exercises.
The NRC disagreed with many of GAO's findings, but did not comment on GAO's recommendations.
To view the full report, go to www.gao.gov/cgi-bin/getrpt?GAO-03-752.