| |
Federal Tests of
Security - Inadequate & Lack Credibility
Wonder
about Pilgrim’s Security Tests?
The
following document was located on NRC's Electronic Library, Adams,
regarding the force-on-force testing conducted at Pilgrim in July 2005.
This was using the more realistic force-on-force testing regime
developed by the NRC after 09/11. The chart is the lineup of activities
during the four days of tests. Some of the increased realism is evident.
Pilgrim Exercise Week 26-29
|
Tuesday, July 26 |
|
Time |
Activity |
Attendees |
Location |
|
1030 |
Adversary Mission Preparation |
Adversary Team |
|
|
1230-1330 |
Badging |
NRC |
|
|
1330-1400 |
Introductions/in brief |
NRC,
Licensee |
|
|
1430-1530 |
Safety Walk-down |
Licensee |
|
|
1600-1700 |
Dinner |
All |
|
|
1730-1800 |
Duty
Force Safety Brief |
Duty
Force |
|
|
1830-19230 |
Exercise Force Safety Brief |
Exercise Force |
|
|
1900 |
Adversaries Movement to positions |
Adversary Teams |
OCA,PA |
|
1930 |
MILES Issuance/Movement to Positions |
Exercise Force |
|
|
2100 |
Exercise Window Opens |
All |
OCA,PA |
|
Post
Exercise |
MILES Turn-in |
Exercise Participants |
|
|
Upon
Completion |
Critique |
All |
|
We are told that after 9/11 NRC developed a more “realistic” mock attack
(force-on force) testing regime on security at nuclear reactors. We
heard nothing really about Pilgrim’s test, held July, 2005; however the
Union of Concerned Scientists forwarded the above NRC document and
others on the subject. Here’s what we learned.
One NRC document describes the lineup of activities
during the four days of tests. Some of the increased realism is evident.
For example, the schedule for July 26th shows the mock bad guys sitting
down with the good guys for dinner between 1730 and 1830. In the past,
dinner may have only been 45 minutes and that's unreal. The schedule
shows the mock bad guys moving to their initial positions at 1900 hours.
It's not clear if the good guys have to cover their eyes during this
deployment or not. At 1930 hours, the good guys move to their initial
positions. Beginning at 2100 hours, the mock bad guys can begin their
pretend assaults, not before.
Now comes some very high level of realism; the good guys sit down with
the mock bad guys before the exercise so they know what they look like
as they later try to infiltrate the plant. Then the good guys watch the
bad guys walk out to their starting positions and know roughly when they
start their attack - almost like real life but there are no commercials.
Another document summarizes the security test results.
Fairly minor stuff, like the good guys lost attention to detail and
allowed the mock bad guys to pass by unchallenged. Given that the good
guys were pre-deployed and knew a test was underway, we might understand
how they'd get distracted and miss the bad guys sauntering by. In real
life, they'd have gunned them down.
So, except for not noticing the bad guys passing by, the Pilgrim
security test went very, very well. But we will never know because the
NRC keeps the licensee's performance from the public.
____________________________________________________________________________________________________________
Evaluation of First Full-Scale Drill
Post 9/11
Indian Point was the first nuclear reactor to undergo a full force test (OSRE Drill) after 9/11. The
following is a summary of flaws discussed by Riverkeeper – www.riverkeeper.org .
Lessons learned apply broadly.
1) There is too much advance notice. Indian Point has had months to prepare for their OSRE drill, summer 2003. Entergy knew the exact date of the test. They could make sure all equipment was in top working order and that all security officers were fully trained on their response duties. In reality, the attackers are unlikely to provide early warning. Thus, intrusion equipment may be out of service for repairs and security officers may be new to the job without fully understanding their duties.
RECOMMENDATION: The right way to perform the OSRE drills is with short notice - about two or three weeks. That would provide enough time to arrange “cover” security (during the OSRE, real security officers with real guns must be present but not involved in the exercise in case a real attack were to occur) but not enough time to correct problems. When notified, plant operators should be required to “freeze in place” the security force to be tested, rather than calling in their most capable security officers. When notification occurs months in advance companies have time to hire security-training consultants and additional guards to improve their security posture and chances of success in deterring a mock attack. A nuclear industry representative acknowledged that utilities spend ‘millions of dollars’ getting ready for the tests. The security officers said that for months prior to a test, they repeatedly practice for the two or three scenarios on which they will be tested, often with the help of the consultants. The problem, according to the guards, is that they train only on the particular attacks that will be used in the test rather than on many different types of attacks. Once the tests are completed, the security consultants are let go and the guard force reduced until the next test.
2) The OSRE drills set a low bar to hurdle by using a low passing grade. The OSRE drill typically features four force-on-force exercises. Each exercise features the mock intruders attempting to destroy every piece of equipment on a “target set” and the armed security officers trying to prevent it. The plant security defense team has to win at least three of the four exercises for the plant to get a bad grade. In real life, there would be no second chances.
RECOMMENDATION: Good security should be scoring 100 rather than 75 on the OSRE drill.
3) The OSRE drills are almost always performed with the plant at full power during evening or midnight shifts, i.e. during a time when the number of workers at the plant is minimal. The armed responders, knowing that an OSRE drill is in progress, can literally shoot at anything that moves and be assured it’s an attacker. In reality, the armed responders would have to spend a few seconds distinguishing between friend and foe. Having no “innocent” workers around makes it easier for the defenders and harder for the attackers. In addition, the OSRE drills are never run during outages. During outages, the equipment to be protected is different and the containment barriers may already be breached (opened for refueling).
RECOMMENDATION: OSRE drills should be performed during outages and security officers must be trained and tested to differentiate between plant workers and attackers.
4) The OSRE drills limit the insider role to that of a passive participant. The security regulations have long specified that the attackers can be aided by one insider acting in either a passive or active role. The OSRE drills to date and as planned have limited the insider role to that of a passive participant. In other words, the insider provides information to the attackers so they can plan their assault. But the insider does not take an active role (i.e., creating a distraction, damaging target set equipment or security equipment, etc.)
RECOMMENDATION: OSRE drill should involve an active participant.
5) The OSRE drills to date and as planned have only involved attackers originating from one direction as one team. The September 11th attack and subsequent attacks abroad in Saudi Arabia and Casablanca have involved multiple team and attacked from multiple directions. A successful terrorist attack on a reactor or spent fuel pool could result in tens of thousands of casualties.
RECOMMENDATION: OSRE drills should assess the ability of plant security to defend against teams of 4 or 5 attackers originating from multiple directions.
6) The OSRE drills to date and as planned only require plant security to defend against a small number of attackers. The attacks of September 11th on U.S. soil and more recent attacks abroad involved 19 or more terrorist attackers.
RECOMMENDATION: At a minimum, the OSRE drills should assess the ability of plant security to defend against twenty or more attackers, in teams of 4 or 5, and attacking from multiple directions.
7) The OSRE drills do not assess plant security’s ability to defend against an attack on the spent fuel pool. More than 300 OSRE exercises have been conducted since 1991. A grand total of zero (0) of these exercises has been run with the spent fuel as the target.
RECOMMENDATION: OSRE drills should include the spent fuel storage pool as the target of at least one exercise during the OSRE drills.
8) NRC, after intensive consultation with the nuclear industry, did not seek public input while revamping the OSRE exercises.
RECOMMENDATION: The NRC should receive input from representatives of public interest groups on security policy issues.
9) A plant owner which performs poorly on an OSRE drill is not subject to enforcement actions.
RECOMMENDATION: A plant owner that performs poorly during an OSRE drill should be subject to an enforcement action. If a plant owner repeatedly performs poorly, the NRC should order the closure of the plant, until the plant owner improves its performance during the OSRE drill.
10) No independent observers, those without a vested interest, are present to monitor and evaluate the drills.
RECOMMENDATION: The NRC should allow independent observers, i.e. congressional staff with security clearance, to observe and evaluate the OSRE drills to ensure that the drills are not staged and provide an accurate assessment of plant defenses.
___________________________________________________________________________________________________________________________
NRC Keeps
Licensee's Performance On Security Tests From Public
NRC MODIFIES SECURITY REGULATIONS – AVAILABILITY SECURITY INFORMATION,
INCLUDING LICENSEE’S PERFORMANCE ON TESTS, RESTRICTED TO PUBLIC (08/04)
From: Public
Citizen's Critical Mass Energy and Environment Program
Yesterday, the
U.S. Nuclear Regulatory Commission (NRC) announced that
it would no longer be making publicly available the results of
physical
security assessments or enforcement actions associated with such
tests.
This change indicates a serious failure of the nuclear power
industry to
adequately guard its vulnerable facilities, and a failure of the NRC
to
force more adequate security measures commensurate with today’s
threat
environment.
That the NRC is unwilling to continue releasing the results of such
assessments can mean only one thing: they are concerned there may be
significant failures. Nearly three years after September 11, there
should be no reason to hide the results of these tests and
inspections.
The NRC expressed concern in a phone call with Public Citizen
yesterday
that releasing the results of security inspections, if
vulnerabilities
were found, would raise a red flag for terrorists and others seeking
to
infiltrate nuclear power plants. The results of the security
inspections were previously published quarterly here:
http://www.nrc.gov/NRR/OVERSIGHT/ASSESS/index.html.
Certainly, some security information is best kept behind locked
doors.
But this blanket directive includes anything and everything, and
will
inevitably restrict the release of potentially embarrassing, but not
necessarily dangerous, information. Communities around nuclear
plants
have an inherent right to know what is going on next door. The NRC
had
no details today on whether plans existed to release aggregate data
on
the status of nuclear security nationwide that did not mention
specific
nuclear plants’ vulnerabilities, though other sources indicated that
a
classified report would be prepared for Congress not until 2006,
with a
declassified version released after that.
One major aspect of nuclear plant security, force-on-force tests,
was
suspended in the aftermath of September 11 in order to be redesigned
–
a necessary step, considering the Government Accountability Office
reported in September 2003 that such tests were “limited in their
usefulness” due to practices such as hiring more guards than usual
to
defend plants during tests, and that NRC had generally demonstrated
lax
oversight. The redesigned tests are set to fully resume in
November.
However, the new tests are not without flaws. For example, the
private
security company Wackenhut was recently hired to act as “mock
terrorist cells” in a staged attack test on plants. But Wackenhut
is
also simultaneously under contract to guard nearly half the plants
in
the U.S.
This conflict of interest provides no incentive to seriously
challenge the guards.
Security is one part of the Reactor Oversight Process. Removing
this
part from public scrutiny is an erosion of a supposed transparency.
Security concerns should be acknowledged and resolved, rather than
shielded from the ultimate stakeholder in this process: the public.
To read the NRC's press release on the subject, click here:
http://www.nrc.gov/reading-rm/doc-collections/news/2004/04-091.html.
_______________________________________________________________________________
Federal Tests
Lack Credibility
Nuclear Power Plant Lobby
Shapes
Nuclear Reactor Security Tests
Wachenhut,
the foreign –owned company that provides security for many reactors will also test reactor's security. August 2004: The
federal government is allowing the nuclear industry's leading lobby to
develop the teams of mock terrorist attackers who evaluate security at
nuclear power plants, according to a letter released by the
Project On Government Oversight (POGO). "This is more than a case of the
proverbial fox guarding the henhouse. It is not an apparent conflict of
interest -- but a blatant conflict of interest," said
POGO's letter from Executive Director, Danielle Brian, to the Nuclear
Regulatory Commission (NRC).
The lobby, called the Nuclear Energy Institute (NEI), in turn hired the
company with the biggest financial stake in finding no problems at the
plants, to provide the specialized teams. That company is Wackenhut
Corporation which is the nation's largest nuclear security plant
provider, with contracts to protect roughly half of the plants.
Wackenhut has a strong incentive to discourage the mock terrorists it
hires from mounting a realistic security test. Earlier this year, the
Department of Energy's Inspector General found that Wackenhut managers
had been cheating on such force-on-force exercises for two decades at
the Y-12 nuclear facility in Oak Ridge, TN.
According to
POGO's conversations with NRC officials, the agency claims it cannot
afford to pay for the security testing so has turned to the nuclear
industry organization NEI to fund the tests. NEI has aggressively
lobbied against legislation aimed at improving security at the power
plants and ran a series of misleading advertisements claiming the plants
were well-protected post-9/11.
Wackenhut is a subsidiary of a Danish-British conglomerate. As Brian
notes, the Congress has barred foreign firms from operating security at
U.S. airports. Full text of the letter follows bellow. An inside story
appeared in the Wall Street Journal today on the topic.
For a full
analysis, visit the Project on Government Oversight's website
http://www.pogo.org/p/homeland/ha-040801-nukepower.html
________________________________________________________________________________________________________________
Congressman Markey
Contacts NRC
Rep. Markey sent a letter,
August 23, 2004 in response to reports that the NEI hired
Wackenhut Corporation to act as a mock terrorist force in force-on-force
(FOF) tests at nuclear reactors. The NRC response, which Rep. Markey
released October 12, 2004:
- Confirmed
that the Wackenhut mock terrorist force would be used in future FOF
tests, and that NRC staff rejected options that would have used NRC
or other federal agency personnel to conduct the tests.
- Maintained
that a conflict of interest would be avoided through the use of
several "commitments" made by the NEI to the NRC on
September 10, 2004,
such as the promise to have the head of the mock terrorist team
report directly to Wackenhut's CEO, and a promise not to have a
member of the mock terrorist team participate in an exercise at the
facility at his or her home site. These commitments were made only
after the NRC approved the FOF program and after Rep. Markey sent
his letter objecting to these practices. However, these commitments are unenforceable since NRC has no binding authority
over either Wackenhut or NEI.
- Failed to
provide the documentation surrounding the NRC decision requested by
Rep. Markey (but stated this documentation would be provided later)
More
about Security
PilgrimWatch.org
| 