Commercial and research nuclear facilities across the U.S. are inadequately protected against the threat of terrorism, according to the results of new study released this week by the Nuclear Proliferation Prevention Project (NPPP) at the University of Texas at Austin’s LBJ School of Public Affairs. The two biggest terror threats facing these facilities, according to the report, are the theft of bomb grade nuclear materials and sabotage attacks aimed at causing a nuclear reactor meltdown.
The study, entitled "Protecting U.S. Nuclear Facilities from Terrorist Attack: Re-assessing the Current 'Design Basis Threat' Approach," found not one of the 104 commercial nuclear reactors in the U.S. is protected against a "maximum credible terrorist attack," such as 9/11. In fact, nuclear facilities are not required to protect themselves against airplane attacks, assaults by large teams of terrorists or even high-power sniper rifles.
Some other items of concern highlighted in the report include:
- Though some power plants are accessible by sea, they are not required to protect themselves against ship-borne attacks. These reactors include Diablo Canyon in Calif., St. Lucie in Fla., Brunswick in N.C., Surry in Va., Indian Point in N.Y., Millstone in Conn., Pilgrim in Mass., and the South Texas Project.
- Three civilian research reactors fueled by bomb-grade uranium are vulnerable to theft and are not defended against a "posited terrorist threat." These reactors include the University of Missouri in Columbia, the Massachusetts Institute of Technology in Cambridge, and the National Institute of Standards and Technology in the Washington, D.C./Baltimore suburb of Gaithersburg.
According to report co-author Professor Alan J. Kuperman, Ph.D., the coordinator of the NPPP, the study came about after the Pentagon approached UT seeking to find out whether some of their nuclear facilities were under-protected or overprotected. Kuperman said the NPPP’s role was to assess the government’s reliance on the Design Basis Threat (DBT), which is used to establish requirements for protecting U.S. nuclear facilities. The report compares the DBT approach within and across three agencies – the Pentagon, the U.S. Department of Energy and the U.S. Nuclear Regulatory Commission.
"The Design Basis Threat varies not only between the agencies, but between facilities within each agency," Kuperman said in a press conference on Thursday.
Additionally, Kuperman said that the report also assessed proposed alternatives to the DBT approach and not only examined the theoretical benefits of these methods, but the obstacles to implementing them. The problem with the DBT, according to Kuperman, is that the DBT is not defined as the maximum credible terrorist attack, but rather the attack that operators are required to protect against.
"The Design Basis Threat, as currently implemented, leaves U.S. nuclear facilities, especially NRC-licensed reactors, but not only those facilities, vulnerable to credible terrorist threats of theft of bomb grade material and sabotage that could cause a massive meltdown and release of radiation," he explained. "The second thing we find is that the alternatives to the Design Basis Threat approach have their own shortcomings – theoretical and practical – that make them inferior to the Design Basis Threat approach."
In addition to the aforementioned vulnerabilities facing NRC-licensed nuclear facilities, Kuperman said that they were also found to be susceptible to insider threats. He said the NRC’s rational for having this low level of protection is due to what is known as the "enemy of the state" doctrine, which is that a utility’s security shortcomings will be made up for by the U.S. government.
"The problem is the U.S. government doesn’t provide that level of backup protection," said Kuperman. "For example, terrorists could induce a meltdown in a matter of minutes and the SWAT team would arrive about an hour and half later."
Even some nuclear sites operated by the federal government were found to be unprotected because officials mistakenly believe that these sites are not valued by terrorists or that the consequences of an attack on them would not be catastrophic. However, the report argues that it is impossible to know which "high-value" targets are preferred by terrorists or which could result in the greatest consequences.
The NPPP is recommending that the government require a sufficient level of protection at all potentially "high-consequence" nuclear targets across the country. Essentially, Kuperman said that the DBT should be the same for all U.S. nuclear facilities – public or private – that pose catastrophic risk. Kuperman was quick to point out, however, that they are not advocating for the elimination of DBT approach. "Our prescription is don’t replace the Design Basis Threat approach – fix it," he said.
Kuperman said they concede the fact that it may be unaffordable or impractical for utilities to provide the level of protection against a maximum credible terror threat, so they are also suggesting that the NRC "subdivide" the threat into things that should be protected against by the utility and credible threats that the U.S. government should be required to protect against. The report found that since 2001, the U.S. nuclear industry has spent more than $2 billion on security enhancements to their physical protection systems.
Despite the vulnerabilities that still exist, Kuperman said the NRC has made some strides since 9/11. Prior to the attacks on the Twin Towers, Kuperman said the NRC’s DBT only took into account attacks by a maximum of three terrorists at one time, but since then, he said the number of attackers has been increased to five or six.
"Without question, that is a mandate to improve security. The question is, is it adequate to the challenge and it’s hard for us to understand any sort of rationale for saying, ‘you only need to protect against five or six' when we know that more than 10 years ago, terrorists were already contemplating and executing attacks that coordinated multiple teams totaling 19 attackers and intending to use 20 attackers," he said. "We absolutely agree there have been upgrades, we commend the upgrades, but our concern is that they’re not enough. And if the NRC says, 'we can’t go anymore than that because we would bankrupt the utilities,' then the first thing is you have to question whether the utilities can’t do anymore at all. To the extent the utilities can’t do much more, then it is the responsibility of the U.S. government to come in and fill that gap and the problem is that’s not occurring."
Click here for more information or to download the full report.