Maintaining Radioactive Material Security Through Rules, Not Orders

Kim Lukes
Health Physicist
Office of Nuclear Material Safety and Safeguards

The NRC’s rulemaking process can be lengthy. This ensures that members of the public and interested stakeholders have an opportunity to participate and provide feedback on new requirements as they are developed.

10cfrThere are occasions, though, when we need to move quickly. In these cases, the Commission can issue “orders” to any licensee to require them to address an issue promptly.

Following the Sept. 11 attacks, we revised our approach to security for certain radioactive materials. The NRC issued new security requirements via “orders” to certain licensees requiring added protective measures when using and transporting certain types and amounts of radioactive material. The new requirements focused on materials the International Atomic Energy Agency designates as Category 1 and 2; which are the two most safety significant quantities.

The strongest restrictions were placed on these categories of radioactive material through the NRC orders due to their type and quantity, which can pose the greatest potential risk to health if used to do harm.

The requirements included background checks to ensure that people with access to radioactive materials are trustworthy and reliable. The orders also required access controls to areas where radioactive materials are stored and security barriers to prevent theft of portable devices.

Over the longer term, the NRC developed new regulations to formalize the requirements in the security orders. The creation of Part 37 to Title 10 of the Code of Federal Regulations, published in 2013, was intended to replace the orders.  These rules ensure strong regulatory standards are maintained for the protection of certain types and quantities of radioactive material. NRC licensees were required to meet the new regulations in March 2014.

The NRC has agreements with 37 states allowing them to regulate radioactive materials. The Agreement States had to adopt compatible Part 37 security requirements, and their licensees had until March 19, 2016, to comply.

Because licensees are now in compliance with the new rules, the NRC has rescinded a series of material security orders. There is no change to security for these categories of radioactive material. These licensees have maintained the same higher level of security since we first issued the orders.

We are rescinding them because they are no longer needed. Licensees are complying with the Part 37 rules, instead of the orders. More details about the rescissions and our security requirements can be found here and in 10 CFR Part 37-Physical Protection of Category 1 and Category 2 Quantities of Radioactive Material.

Security and Nuclear Power Plants: Robust and Significant

Robert Lewis
Director of Preparedness and Response
 

Security of the nation’s commercial nuclear facilities is a critical part of the NRC’s mission. In response to recent media stories about security securityat nuclear power plants, we want to reassure you that U.S. nuclear power plants are adequately protected against potential terrorist attacks. In fact, they are among the best-protected sector of our national infrastructure.

In the decade since the 2001 terrorist attacks, the NRC, and its licensed operators, acted to enhance security at the nation’s nuclear plants. While the plants are secure, robust structures designed and built to withstand a variety of natural and man-made enemies, we ordered additional measures. For example, we strengthened requirements related to physical barriers, access controls, and intrusion detection and surveillance systems, as well as the existing well-trained and armed security officers.

Specific security measures are considered “safeguards information” (a type of unclassified, yet sensitive information) and are not made public, for obvious reasons. The NRC can, however, describe these enhancements in general terms.

Each plant’s security plan is based on a Design Basis Threat, or DBT, set by the NRC. This is the maximum threat a private-sector entity can be expected to defend against. Details of the DBT are not public, but our regulations spell out the types of threats our licensees must prepare for. These include an assault by one or more determined and capable adversary forces attacking by land or water, truck bombs, boat bombs, insider threats and cyber attacks. The NRC requires each plant to test its security force annually, and the NRC also tests the security forces at each plant every three years in a sophisticated force-on-force inspection.

Security doesn’t stop at a plant’s boundary. The NRC requires licensees to coordinate with local law enforcement and emergency responders who can assist in the unlikely event of an attack. The NRC itself continuously coordinates with other federal agencies to assess the current terrorist threat and take whatever actions might be necessary to bolster security at nuclear plants. We work with the Federal Aviation Administration, Department of Homeland Security and North American Aerospace Defense Command to guard against September 11-style air attacks.

A recent report published by the Nuclear Proliferation Prevention Project (NPPP) at the University of Texas used non-sensitive “open-source” information to assess the protections in place to counter terrorist threats to nuclear facilities in the United States, including potential threats to commercial nuclear power plants.

As an agency committed to the security of our nation’s nuclear power plants, we welcome recommendations for strengthening our oversight. However, we need to correct the record on two key points made in NPPP’s report. First, both new and existing reactors must mitigate against potential attacks using commercial aircraft; in fact our Aircraft Impact Assessment Rule requires design features for new plants to mitigate the effects of an airplane crash, and the NRC’s post-September 11 orders require existing plants to implement similar mitigating measures. Second, NRC regulations, based upon the DBT, do in fact require licensees to guard against waterborne attacks or explosives.

Force-on-Force or Was That a Gunfight at a Nuclear Power Plant?

Clay Johnson
Chief, Security Performance Evaluation Branch
 

They are dressed in camouflage, fit and well-trained, and they creep quietly toward the perimeter of a nuclear power plant under cover of darkness. Their realistic weapons reflect dully in the moonlight, but these weapons fire blank ammunition and lasers that record hits and misses.

Their goal? A particular target set within the plant which, if compromised, could impact the safety of the plant and the community that surrounds it. The target set this night? A closely guarded secret known only to the “armed intruders” and the NRC inspection team that includes active duty military members from the U.S. Special Operations Command.

The attacks will be repeated over the course of three days and nights so that different attack methods and various targets at each nuclear power plant are tested. In each scenario, the plant’s security personnel work to protect specific areas of the plant according to their facility’s individual security plan. Each plant is tested in this manner every three years.

These force-on-force inspections have been part of the NRC inspection regime since 1991, but they were significantly beefed up and the frequency increased to every three years after Sept. 11, 2001. They are designed to assess the plant’s ability to defend itself against the conditions put forth under the “design basis threat” or DBT. These inspections are in addition to the baseline security inspections performed by the NRC’s regional inspectors and the inspections done daily by the NRC’s resident inspectors. NRC security experts routinely review options for further enhancements to the program.

The details of what happens during a force-on-force inspection are not public due to the sensitive nature of security plans at the plants. If a deficiency is found during an inspection, the NRC inspectors stay on site until compensatory measures are put in place, and then the NRC reviews the plant’s long-term plan to rectify the problem, and may issue violations. These violations are only discussed in a general way with the public.

The “bad guys” are part of what is called the Composite Adversary Force and they are contracted by the nuclear industry to perform these mock attacks to NRC specifications. The plant knows the force-on-force will occur at a specific date for safety and logistical purposes and to provide time to coordinate two sets of security offices – one to participate in the inspection and one to maintain the security posture of the plant. The mock attacks are also preceded by significant planning and on-site tabletop drills conducted by the NRC inspection team.

These realistic and physically intensive exercises are but one vehicle by which the NRC ensures the country’s nuclear power plants and Category I fuel facilities are prepared and able to protect themselves. Meetings on possible additional enhancements to this inspection program will be announced in the future.