Radioactive Waste
   Structural Issues
   Emergency Planning
   Energy Alternatives

   Take Action!




NRC Security Regulations (DBT) Inadequate 

Design Basis Threat (DBT), January 2007

The NRC requires its licensees to defend against a design basis threat (DBT), a postulated attack that has become more severe over time. The present DBT for nuclear power plants was promulgated in January 2007. Details are not publicly available.  

We know from what is published on NRC’s website [10 CFR 73.1 Purpose and scope, June 14, 2007] the plan is to defend against sabotage from the following:  

"(i) A determined violent external assault, attack by stealth, or deceptive actions, including diversionary actions, by an adversary force capable of operating in each of the following modes: A single group attacking through one entry point, multiple groups attacking through multiple entry points, a combination of one or more groups and one or more individuals attacking through multiple entry points, or individuals attacking through separate entry points, with the following attributes, assistance and equipment: 

(A) Well-trained (including military training and skills) and dedicated individuals, willing to kill or be killed, with sufficient knowledge to identify specific equipment or locations necessary for a successful attack;

(B) Active (e.g., facilitate entrance and exit, disable alarms and communications, participate in violent attack) or passive (e.g., provide information), or both, knowledgeable inside assistance;

(C) Suitable weapons, including handheld automatic weapons, equipped with silencers and having effective long range accuracy;

(D) Hand-carried equipment, including incapacitating agents and explosives for use as tools of entry or for otherwise destroying reactor, facility, transporter, or container integrity or features of the safeguards system; and

(E) Land and water vehicles, which could be used for transporting personnel and their hand-carried equipment to the proximity of vital areas; and 

(ii) An internal threat; and

(iii) A land vehicle bomb assault, which may be coordinated with an external assault; and 

(iv) A waterborne vehicle bomb assault, which may be coordinated with an external assault; and 

(v) A cyber attack."

 What’s the problem with the DBT?

 At first glance the current DBT seems impressive, however it cannot be that good in practice, given:

 (A) The equipment that NRC requires for an onsite security force. Major items of required equipment are semiautomatic rifles, shotguns, semiautomatic pistols, bullet-resistant vests, gas masks, and flares for night vision.[10 CFR 73 Appendix B – General Criteria for Security Personnel, Section V, accessed from the NRC web site ( on 14 June 2007.] Plausible attacks could overwhelm a security force equipped in this manner.

(B) Press reports state that the assumed attacking force contains no more than six persons [H. Josef Hebert, Associated Press, "NRC rejects plan for power plants to stop airliner attacks", The Boston Globe, January 30, 2007.]

 (C) The average US nuclear-plant site employs about 77 security personnel that cover multiple shifts. Thus, comparatively few guards are on duty at any given time.

[Mark Holt and Anthony Andrews, Nuclear Power Plants: Vulnerability to Terrorist Attack, Washington, DC: Congressional Research Service, 4 October 2006].

(D) The 2007 DBT rule "does not require protection against a deliberate hit by a large aircraft", and that "active protection [of nuclear power plants] against airborne threats is addressed by other federal organizations, including the military." [NRC Press Release No. 07-012, 29 January 2007.]


Union of Concerned Scientist Comments on Rulemaking

NRC Should Strengthen Reactor Security Requirements

Download: Reactor Security Rulemaking Comments

The 9/11 tragedy prompted the Nuclear Regulatory Commission (NRC) to undertake a "top to bottom" review of security requirements for nuclear power plants. As this review progressed, the NRC issued a series of orders requiring plant owners to upgrade security. The NRC ordered plant owners to implement interim measures (February 25, 2002), improve access controls (January 7, 2003), defend against an upgraded design basis threat, provide security force personnel with better training, and impose working hour limits on security force personnel to protect against impairment caused by fatigue (April 29, 2003), and defend against an updated adversary capability (March 20, 2006).

The NRC then initiated a series of rulemaking efforts to codify the various elements of its post-9/11 security requirements. On October 26, 2006, the NRC published a proposed rule in the Federal Register seeking public comments on the access control and training elements of its orders, along with some related issues.

UCS reviewed the proposed rule and submitted formal comments to the NRC. Our comments included the following:

  • The proposed rule does not comply with the requirements of the Energy Policy Act of 2005;
  • The rule should require that licensees adopt "denial of access" as the fundamental protective strategy for defense against the DBT;
  • The rule should designate a subset of "critical" security implementing procedures that are subject to Commission review and approval; 
  • The proposed rule would allow enhanced weapons to be used, but would not require an insider using an enhanced weapon against the facility to be considered;
  • The proposed rule requires protection against either core damage or spent fuel sabotage, not both;
  • The proposed rule does not close a dangerous loophole in current search requirements for law enforcement personnel and security officers; 
  • The proposed rule allows escorts to take multiple visitors with minimal background checks into protected and vital areas within nuclear power plants, but does not require that the escorts met even minimal physical and visual capabilities;
  • The proposed rule would allow a single escort to take more visitors with minimal background checks into protected areas of nuclear power plants than was specified as an external assault force in the recent design basis threat rulemaking and  would allow literally hundreds of visitors with minimal background checks to be escorted into vital areas;
  • The rule should ensure that security officers with duties other than immediate armed response are not required for protection against the DBT and are not inappropriately credited in force-on-force exercises;
  • The broad exemption of commercial nuclear power reactors using plutonium-containing "MOX fuel assemblies" from requirements for protection of Category I quantities of strategic special nuclear material from theft is technically unsupportable, irresponsible and sets a dangerous precedent.  The draft section §73.55(l) should therefore be removed;
  • The proposed rule could facilitate retaliation by plant owners against workers raising safety or security concerns;
  • The proposed rule would allow individuals known to be escaped felons or on the terrorist list to be escorted into protected and vital areas of nuclear power plants;
  • The proposed rule would require plant owners to report tampering of safety or security equipment, but does not require plant owners to train workers to recognize signs of tampering.

UCS's full comments, including supporting information for each of these summary comments, can be viewed/downloaded by clicking on the link at the top of the page. 


  Security in The News

Court rejects N.J. nuke plant terrorist concerns

Brattleboro Reformer  By BOB AUDETTE, Reformer Staff

Wednesday, April 1

BRATTLEBORO -- The Nuclear Regulatory Commission was right in rejecting a challenge to the way it evaluates the dangers of a terrorist attack on a nuclear power plant, according to the 3rd Circuit Court of Appeals in Philadelphia.

On Tuesday, the court ruled against the New Jersey Department of Environmental Protection and its contention that the NRC should have examined the potential environmental impacts of a hypothetical terrorist attack on the plant during the relicensing process of Oyster Creek nuclear generating station.

The New Jersey DEP contended that the NRC should have considered the effects of a terrorist attack during the relicensing review. But the NRC responded that it had already addressed those effects in its generic environmental impact statement related to Oyster Creek.

The New Jersey DEP asked the court to order the NRC to conduct a site-specific analysis, rather than relying on its generic review.

The Massachusetts Attorney General has filed a similar complaint in the 2nd Circuit Court of Appeals in the relicensing of Pilgrim nuclear power station in Plymouth, Mass., and the Vermont Yankee nuclear power plant in Vernon. It is asking the court to order the NRC to change the way it evaluates the dangers of sabotage and terrorism at nuclear power plants.

Both Pilgrim and Yankee are owned by Entergy, which is asking the NRC to extend both plants' licenses from 2012 to 2032.

The Massachusetts AG had no comment on the 3rd Circuit Court's decision.

According to the GEIS, the risk of sabotage to nuclear power plants is small, wrote the court, and the NRC has already prepared for such a disaster.

"If such events were to occur, the (NRC) would expect that resultant core damage and radiological releases would be no worse than those expected from (a reactor accident)."

The NRC contended that security issues are not addressed during relicensing proceedings because they do not relate to the aging of a nuclear power plant. The NRC also contended that the National Environmental Protection Act "imposes no legal duty on the NRC to consider intentional malevolent acts ... "

Such a review would be redundant because the NRC has "undertaken extensive efforts to enhance security at nuclear facilities."

"The NRC has done so on an ongoing basis rather than in the context of a license renewal review," said Neil Sheehan, spokesman for the NRC.

In addition, contended the NRC, it is the responsibility of law enforcement agencies and the Federal Aviation Administration to prevent malevolent acts.

The NRC also asserted it would be improper to discuss classified security measures during the relicensing procedure, which is intended to be open and transparent to the public.

The court agreed with the NRC.

The New Jersey DEP has the option of appealing the 3rd Circuit ruling to the U.S. Supreme Court.

Bob Audette can be reached at, or 802-254-2311, ext. 273.


New security rules OK'd for nuclear power plants

By H. JOSEF HEBERT – 17 hours ago  Dec 17, 2008

WASHINGTON (AP) — The Nuclear Regulatory Commission on Wednesday approved new security rules for nuclear power plants, including measures aimed at better protecting against potential cyberattacks.

For years in the making, the rules update requirements first imposed in emergency orders after the Sept. 11 attacks. But watchdog groups have criticized the agency for not going far enough.

They say the rules do not call on plant operators to help protect against a potential attack from a large aircraft that might be flown into a reactor or a used fuel storage pool. The groups also say security forces still are not required to be strong enough to counter potential coordinated ground attacks by a dozen or more well-armed terrorists.

The NRC has maintained that protection against an attack by a large aircraft must be a joint responsibility among government agencies, the military and plant operators and is beyond the responsibility of a reactor owner. The new rules require a reactor operator to have in hand "strategies and response procedures to address an aircraft threat," the NRC said in a statement.

In addition to stronger measures to protect against cyberattacks that could disable a plant, the rules call for new training and qualification requirements for security officials and says operators must develop new ways to respond in case part of a plant is lost due to an explosion or fire.

Many details of the security measures remain classified for security reasons.

The agency rejected a demand by Three Mile Island Alert, a Harrisburg, Pa., nuclear watchdog group, that power plants be required to post armed guards at every entrance to a controlled area.

Entrance guards provide a "visual deterrence" and a way to observe suspicious activity, the group said. While the NRC did not reject such use of armed guards outright, it said it was giving plant operators "flexibility to determine if such personnel postings are necessary."



See: Nuclear Regulatory Commission: for announcement and link to rule

For background see: Union of Concerned Scientists at

Project Government Accountability at




4.   Speech by POGO's Executive Director Danielle Brian to the Nuclear Regulatory Commission's 2004 Regulatory Information Conference. March 11, 2004;

5.   (§50.13, “Attacks and destructive acts by enemies of the United States and defense activities,” of Title 10 of the Code of Federal Regulations, September 26, 1967.)

6.   Nuclear Power Plant Security: Voices from Inside the Fences, September 12,2003  Project on Government Oversight (POGO),; Nuclear Power Plant Guards Continue to Raise Concerns, September 30, 2002, Project on Government Oversight (POGO),


More about Security