Melissa Ralph
Technical Advisor
Division of Security Operations
Demonstrating an intense focus, stealth, and military-style tactics, a team moves in concert to destroy a specific target. The team plans and executes each action with deliberate purpose. Who are they? What are they after? This could easily be mistaken for any civilian war-game.
But this is no game. This is an important part of the inspection program for one of the nation’s most critical assets — commercial nuclear power plants.
These mock attacks, called force-on-force exercises, are one time when the so-called “bad guys” are part of the plan. Known as the national “Composite Adversary Force,” or CAF, they are usually security professionals from other nuclear plants across the country. CAF members complete a rigorous selection process and training to prepare them for this two-year assignment.
At each site, the CAF attempts to gain access to and destroy its target — equipment that if compromised could impact the safety of the plant and the surrounding community. The “attackers” normally use various routes, methods of entry and tactics to challenge the ability of the plant’s security force to protect the facility. Security forces must be able to defend the site against a standard set of characteristics called the “design basis threat,” or DBT. Specific details of the DBT are not disclosed, for obvious reasons, but the DBT’s scope is laid out in the NRC’s regulations.
The simulated attacks occur over two days and nights, but the full inspection lasts two weeks. During the first week, NRC inspectors have unrestricted access to the site. The inspectors take multiple tours and review the site’s protective strategy and security plan. The inspection team works with the CAF to develop mission plans for a second trip to the site, called the exercise week.
During the exercise week, the CAF performs two mock assaults on the site. The full inspection concludes with a management critique after the last exercise. Senior management at the site participate in these critiques to use lessons from the exercises to help improve the overall security program. Any vulnerabilities identified are addressed before the NRC inspectors leave.
The NRC has been conducting force-on-force exercises since 1991, but they were significantly modified after the Sept. 11, 2001, attacks. The NRC conducts a force-on-force inspection at each nuclear power plant every three years. The NRC inspection teams are drawn from a diverse group. A core team of NRC headquarters staff is augmented by NRC regional and resident inspectors and active duty military members from the U.S. Special Operations Command.
You may not have heard much about the specific details or results of the force-on-force program due to its security-sensitive nature. Simply put, the NRC doesn’t want the real bad guys to obtain information about the security strategies and plans at the plants.
The force-on-force inspection is part of the baseline inspection process, which the NRC uses to provide an overall assessment of safety and security for each plant. While the specific details of security inspection findings or violations are not made public, overall site performance under the reactor oversight process is made available through the NRC’s website.
The NRC will continue to explore ways to enhance the force-on-force program and will announce future meetings on possible enhancements as they occur. More information on force-on-force inspections is available in the NRC’s backgrounder. General information on nuclear power plant security requirements is also on the NRC’s website.
U.S. NRC Blog 
Our useless bloated Congress is really to blame for our country’s problems and this is certainly a very big one. After 9/11 a critical recommendation was ignored by our Congress. There are 79 Congressional oversight committees that have responsibilities for countering anti- terrorism threats. A post-9/11 recommendation was to reduce that number to only four. Congress only cut the number from 83 to 79!
Excellent points Jim. The NRC has set a security standard for nuclear plants that should indeed be matched by similar security upgrades for other US critical infrastructures. However it will take another successful terrorist attack with many casualties for that to happen. Our federal government is unfortunately only a tombstone regulator.
Leonard obviously has never worked in the industry. The members of the CAF are by no means ex special forces. The drills are slow and unrealistic and in truth I doubt they can be more realistic. I have written security plans at two utilities and have taken part in force on force drills. A determined adversary will get through and cause damage
I can tell Leonard has never been in the industry. I have been in these drills. They move slow as molasses and the people participating in CAF are nowhere near the quality you will see in the Rangers or SEALs. I have actually helped write, implement and revise these plans. The CAF is limited in scope and a determined adversary will ALWAYS I repeat ALWAYS get and screw the plant up.
Please note that the NRC neither manufactures nor licences nuclear weapons.
Moderator
Nuclear power could be very dangerous for mankind in future…..so please stops manufacturing of nuclear bombs
With a successful attack on a dam you get double trouble. Not only do you cause massive human casualties & property damage immediately but you also destroy a nuclear plant or two. For example, there are two nuclear plants on the Missouri River downstream from several old earthen dams. If terrorists attack the dam that is farthest upstream its failure will cause flood waters that will overtop and cause the failure of all dams downstream. The Army Corps of Engineers has said that this would cause the worst man-made disaster in US history. Of course these vulnerable dams are virtually unsecured and would even fail during an earthquake. So it is true that protecting nuclear plants themselves is dumb if you do not protect upstream dams as well. It is reassuring to know that these dams do have a big sign protecting them which is quite visible even from the air. It says words to the effect that these dams are off-limit targets in the event of war!
I agree with comment from Leonard that you would have a better chance getting a bar of gold out of Fort Knox, then getting access to a vital area at an NNP. I hope it would take into consideration for all better things
So, you are advocating that the NRC pick some civilians, then grant them access to safeguards information so they can evaluate the if the security forces are adequate. That is in itself a violation of nuclear security.
Did you read the article? The CAF is composed of NRC personnel, security forces for other sites and just some plain old ordinary military guys. You know, like US Army Rangers, US Navy Seals and others, you know guys with little or no experience breaching fortresses and taking out the bad guys. I think they call them Special Forces!
Seriously, you would have a better chance getting a bar of gold out of Fort Knox, then getting access to a vital area at an NNP.
Due to the sensitive nature of how the plants are protected, no one without a safeguards clearance and a need to know will ever be told. My guess, your not on the list.
Question for NRC,
How many other sites in the US are required to repel a force of dedicated, skilled attackers, the way nuclear plants are? I’m talking about dams, chemical plants, refineries, LNG terminals, other industrial facilities, large/tall buildings, and any place where large crowds gather (e.g., stadiums). For ALL the things I listed above, a successful attack would result in a LARGER number of casualties than even a complete, worst-case meltdown.
Unless the US is willing to put a similar security force (able to repel a large force of skilled, dedicated attackers) in ALL such places (e.g., all schools and all tall buildings), then requiring them for nuclear plants only is arbitrary and indefensible. This policy is just one more example of the double standard that nuclear power is held to, which results mainly from the deep prejudice that the public holds against it, and all nuclear-related risks.
A whole lot cheaper and easier plan would be to simply attack a large high school with machine guns (security in almost all such places with large numbers of people being essentially negligible). Casualties in the thousands. That compared to few if any deaths even from a worst-case meltdown.
BTW, anthrax takes a long time to kill a person, and does not disable anyone. Such an attack would have no impact on the situation.
We addressed the subject of drones in this blog post: https://public-blog.nrc-gateway.gov/2015/04/23/droning-on-over-nuclear-power-plants/
Moderator
Mod: What is the NRC doing to address drones?
Scenario: Men setup a large sling shot and fling 10 long chains at the wiring feeding the primary substation. Station blackout, now relying on DG’s. Men then fly in a 5 drones loaded with anthrax and release into the control room OA intake and into the reactor building…..Total cost about $5000. Total Impact, priceless sacrifice zone.
Would the NRC and the company operating the plant force 20 key employees to effectively sacrifice their lives to supervise shutdown, or would they evacuate and rely on “hormesis” to enhance the community.
RE: DBT’s & CAF’s
I urge the NRC to allow “outsiders” to give input into what scenarios are considered (but not published them) so that each of these CAF “attacks” are different and not just repeated at all NPP’s. I understand the goal is the training of NPP security personal, but wonder if the actual result is that in reality that every NPP passes.
The NRC would be smart to grade each NPP’s security team and then retest all those NPP security teams that score in the lowest 25% far more often until they are no longer scoring so low. Because the Utility is paying for these training/inspections, they should be motivated to insure that their security teams score high so that they do not have to repeat these trainings more than every three years.
NPP Security is serious business so it makes sense to also include some “surprise” inspections that occur with the shortest possible notice to the NPP Security Teams so that these inspections cannot be “gamed”.