oversight

Nuclear Regulatory Commission: Oversight of Security at Commercial Nuclear Power Plants Needs to Be Strengthened

Published by the Government Accountability Office on 2003-09-04.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

                 United States General Accounting Office

GAO              Report to Congressional Requesters




September 2003
                 NUCLEAR
                 REGULATORY
                 COMMISSION
                 Oversight of Security
                 at Commercial
                 Nuclear Power Plants
                 Needs to Be
                 Strengthened




GAO-03-752
                 a
                                                September 2003


                                                NUCLEAR REGULATORY COMMISSION

 Highlights of GAO-03-752, a report to
                                                Oversight of Security at Commercial
 congressional requesters
                                                Nuclear Power Plants Needs to Be
                                                Strengthened


The September 11, 2001, terrorist               NRC has taken numerous actions to respond to the heightened risk of
attacks intensified the nation’s                terrorist attack, including interacting with the Department of Homeland
focus on national preparedness and              Security and issuing orders designed to increase security and improve plant
homeland security. Among                        defensive barriers. However, three aspects of its security inspection
possible terrorist targets are the              program reduced NRC’s effectiveness in overseeing security at commercial
nation’s nuclear power plants—104
                                                nuclear power plants.
facilities containing radioactive
fuel and waste. The Nuclear
Regulatory Commission (NRC)                     First, NRC inspectors often used a process that minimized the significance
oversees plant security through an              of security problems found in annual inspections by classifying them as
inspection program designed to                  “non-cited violations” if the problem had not been identified frequently in the
verify the plants’ compliance with              past or if the problem had no direct, immediate, adverse consequences at the
security requirements. As part of               time it was identified. Non-cited violations do not require a written response
that program, NRC conducted                     from the licensee and do not require NRC inspectors to verify that the
annual security inspections of                  problem has been corrected. For example, guards at one plant failed to
plants and force-on-force exercises             physically search several individuals for metal objects after a walk-through
to test plant security against a                detector and a hand-held scanner detected metal objects in their clothing.
simulated terrorist attack. GAO                 The unchecked individuals were then allowed unescorted access throughout
was asked to review (1) the
effectiveness of NRC’s security
                                                the plant’s protected area. By making extensive use of non-cited violations
inspection program and (2) legal                for serious problems, NRC may overstate the level of security at a power
challenges affecting power plant                plant and reduce the likelihood that needed improvements are made.
security. Currently, NRC is
reevaluating its inspection                     Second, NRC does not have a routine, centralized process for collecting,
program. We did not assess the                  analyzing, and disseminating security inspections to identify problems that
adequacy of security at the                     may be common to plants or to provide lessons learned in resolving security
individual plants; rather, our focus            problems. Such a mechanism may help plants improve their security.
was on NRC’s oversight and
regulation of plant security.                   Third, although NRC’s force-on-force exercises can demonstrate how well a
                                                nuclear plant might defend against a real-life threat, several weaknesses in
                                                how NRC conducted these exercises limited their usefulness. Weaknesses
GAO is making recommendations                   included using (1) more personnel to defend the plant during these exercises
to strengthen NRC’s oversight at                than during a normal day, (2) attacking forces that are not trained in terrorist
commercial nuclear power plants                 tactics, and (3) unrealistic weapons (rubber guns) that do not simulate
by promptly restoring annual                    actual gunfire. Furthermore, NRC has made only limited use of some
security inspections and revising               available improvements that would make force-on-force exercises more
force-on-force exercises. NRC                   realistic and provide a more useful learning experience.
disagreed with many of GAO’s
findings, but did not comment on                Even if NRC strengthens its inspection program, commercial nuclear power
GAO’s recommendations. GAO
                                                plants face legal challenges in ensuring plant security. First, federal law
continues to believe its findings are
appropriate and the                             generally prohibits guards at these plants from using automatic weapons,
recommendations need to be acted                although terrorists are likely to have them. As a result, guards at commercial
upon.                                           nuclear power plants could be at a disadvantage in firepower, if attacked.
                                                Second, state laws vary regarding the permissible use of deadly force and the
www.gao.gov/cgi-bin/getrpt?GAO-03-752.          authority to arrest and detain intruders, and guards are unsure about the
To view the full product, including the scope
                                                extent of their authorities and may hesitate or fail to act if the plant is
and methodology, click on the link above.       attacked.
For more information, contact Jim Wells at
(202) 512-3841 or wellsj@gao.gov.
Contents



Letter                                                                                                                  1
                             Results in Brief                                                                           2
                             Background                                                                                 4
                             Three Aspects of NRC’s Security Inspection Program Inhibit
                               Effective Oversight                                                                      9
                             Federal Law Limits the Type of Weapons That Guards Can Use, and
                               State Laws Vary on Guards’ Authority to Deal with Intruders                          20
                             Conclusions                                                                            22
                             Recommendations for Executive Action                                                   24
                             Agency Comments and Our Evaluation                                                     24


Appendixes
              Appendix I:    Scope And Methodology                                                                  28
             Appendix II:    U.S. Commercial Nuclear Power Plants That Are Licensed to
                             Operate                                                                                30
             Appendix III:   Comments from the Nuclear Regulatory Commission                                        33
             Appendix IV:    GAO Contacts and Staff Acknowledgments                                                 35
                             GAO Contacts                                                                           35
                             Staff Acknowledgments                                                                  35


Figures                      Figure 1: Commercial Nuclear Power Plants in the United States                          5
                             Figure 2: Security Enhancements Made before OSRE Exercises                             16




                             Abbreviations

                             DOE          Department of Energy
                             NRC          Nuclear Regulatory Commission
                             OSRE         Operational Safeguards Response Evaluation


                              This is a work of the U.S. government and is not subject to copyright protection in the
                              United States. It may be reproduced and distributed in its entirety without further
                              permission from GAO. However, because this work may contain copyrighted images or
                              other material, permission from the copyright holder may be necessary if you wish to
                              reproduce this material separately.




                             Page i                  GAO-03-752 Nuclear Regulatory Commission: Oversight of Security
A
United States General Accounting Office
Washington, D.C. 20548



                                    September 4, 2003                                                                   Leter




                                    The Honorable John D. Dingell
                                    Ranking Minority Member
                                    Committee on Energy and Commerce
                                    House of Representatives

                                    The Honorable Edward J. Markey
                                    House of Representatives

                                    The September 11, 2001, terrorist attacks on the World Trade Center and
                                    the Pentagon intensified the nation’s focus on national preparedness and
                                    homeland security. Among possible terrorist targets are the nation’s
                                    commercial nuclear power plants—104 facilities containing radioactive
                                    fuel and waste operating in 32 states. The Nuclear Regulatory Commission
                                    (NRC) licenses commercial nuclear power plants and requires the licensee,
                                    among other things, to protect the plants against a potential terrorist threat.
                                    The design basis threat—which NRC develops for these facilities—
                                    delineates the maximum number of terrorists that NRC expects plants to
                                    defend against, the extent of their training, and the weapons and tactics
                                    they could use.

                                    To ensure that commercial nuclear power plants can be protected against
                                    the design basis threat and meet other security requirements, NRC requires
                                    each licensee to have an NRC-reviewed and -approved security plan before
                                    NRC allows the plant to operate. After the plant begins operations, NRC
                                    oversees plant security through an inspection program designed to verify
                                    that the plant continues to meet security requirements. As part of the
                                    security inspection program, NRC conducts annual security inspections of
                                    plants and conducts force-on-force exercises. During the security
                                    inspections, NRC reviews (1) the list of those who have access to the plant,
                                    (2) the plant’s response to an unusual security event, (3) any changes to the
                                    security plan, and (4) samples of the plant’s own assessment of its security.
                                    Since 1991, the inspection program has also included periodic force-on-
                                    force exercises, which are designed to simulate an attack on the plant that
                                    is based on the design basis threat. NRC also conducts nonrecurring
                                    inspection activities, such as special inspections to ensure that post-
                                    September 11, 2001, security enhancements have been implemented at
                                    each plant.

                                    In 2001, NRC curtailed its annual security inspections and force-on-force
                                    exercises to redesign them for heightened security threats. Until the annual



                                    Page 1                GAO-03-752 Nuclear Regulatory Commission: Oversight of Security
                   security inspections are resumed sometime in 2004, NRC inspectors have
                   been verifying that post-September 11, 2001, security improvements have
                   been implemented at each plant and conducting special inspections if a
                   serious problem is identified by the licensee in its quarterly self-
                   assessment. In terms of force-on-force exercises, NRC is currently testing
                   and evaluating these exercises under a pilot program that has resulted in
                   five exercises being conducted since January 2003.

                   You asked us to review (1) the effectiveness of NRC’s inspection program
                   to oversee security at commercial nuclear power plants and (2) legal
                   challenges currently affecting physical security at the power plants. We did
                   not assess the adequacy of security at the nation’s nuclear power plants.
                   Rather, our focus was on NRC’s oversight and regulation of plant security.
                   In conducting our review, we analyzed NRC’s inspection program from
                   January 2000 through September 2001 and the force-on-force exercise
                   program from January 1991 through September 2001. We also reviewed
                   NRC’s initiatives to enhance power plant security after September 11, 2001,
                   as well as its efforts to ensure that the power plants implemented those
                   initiatives. We met with NRC, the Department of Energy (DOE), and power
                   plant representatives and obtained NRC advisories, orders, regulations,
                   and inspections reports. To determine how NRC tests the power plants’
                   security, we reviewed reports for 80 force-on-force exercises that NRC
                   conducted through September 2001. We designed and completed a data
                   collection instrument in order to organize specific elements that we
                   extracted from these reports. We also held discussions with DOE officials
                   to determine how they conduct force-on-force exercises at DOE’s nuclear
                   facilities and if there are any “promising practices” that might be applied to
                   NRC’s program. Finally, we obtained NRC’s and industry officials’ views on
                   laws that could affect a licensee’s ability to adequately secure commercial
                   nuclear power plants. Appendix I contains a more detailed discussion of
                   our scope and methodology.



Results in Brief   Since September 11, 2001, NRC has taken numerous actions to increase
                   security at commercial nuclear power plants. However, three aspects of
                   NRC’s security inspection program have reduced its effectiveness in
                   overseeing security at commercial nuclear power plants. First, during
                   annual inspections, NRC inspectors often classified security problems as
                   “non-cited violations” if the problem had not been identified frequently in
                   the past or if the problem had no direct, immediate, adverse consequences
                   at the time that it was identified. This classification tends to minimize the
                   seriousness of the problems. Non-cited violations do not require a written



                   Page 2               GAO-03-752 Nuclear Regulatory Commission: Oversight of Security
response from the licensee and do not require NRC inspectors to verify that
each problem has been corrected. For example, guards at one plant failed
to physically search several individuals for metal objects after a walk-
through detector and a hand-held scanner detected metal objects in their
clothing. The unchecked individuals were then allowed unescorted access
throughout the plant’s protected area. Although this incident appears
serious, NRC issued a non-cited violation for it and rated the plant’s
security as meeting security objectives. Through its extensive use of non-
cited violations, rather than reporting the problems as more serious cited
violations, NRC may have overstated the level of security at power plants.

Second, NRC does not have a centralized process for routinely collecting,
analyzing, and disseminating security inspections to identify problems that
may be common to plants or to provide lessons learned in resolving a
security problem. Third, although force-on-force exercises could
demonstrate how well a nuclear plant might defend against a real-life
threat, several weaknesses in how NRC conducted past exercises limited
their usefulness. Specifically, (1) NRC conducted these exercises at each
nuclear power plant once every 8 years; (2) the licensees used plant
defenses during the exercises that were enhanced beyond those used
during normal operations; (3) the attacking forces were not trained in
terrorist tactics; (4) participants used unrealistic weapons (e.g., rubber
guns instead of laser equipment, which would better simulate weapon fire);
(5) exercises did not test the full extent of the design basis threat; and (6)
exercise reports were often late. As a result, the exercises did not provide
information on a power plant’s ability to defend against the maximum
design basis threat and permanent correction of problems may have been
delayed. Furthermore, NRC has made only limited use of some available
administrative and technological improvements that would make force-on-
force exercises more realistic and provide a more useful learning
experience.

Commercial nuclear power plants face legal challenges in ensuring
physical plant security. First, federal law generally prohibits private
citizens—including guards at these plants—from using automatic weapons,
although terrorists are likely to have them. As a result, guards at
commercial nuclear power plants could be at a disadvantage in firepower if
attacked. Second, state laws vary regarding the permissible use of deadly
force and the authority to arrest and detain intruders. According to NRC’s
force-on-force reports and NRC officials, plant guards are unsure about
when and if they can use deadly force, and guards are unclear about what
authority they have to arrest and detain intruders. As a result, guards may



Page 3               GAO-03-752 Nuclear Regulatory Commission: Oversight of Security
             hesitate or fail to take action if a plant comes under attack. NRC has
             recognized the impact of these federal and state laws on security and has
             sought federal legislation to address these legal challenges.

             We are making recommendations to the NRC Commissioners to restore
             and strengthen NRC’s oversight of security at commercial nuclear power
             plants—specifically, NRC’s annual inspection program and force-on-force
             exercises. In reviewing a draft of this report, NRC did not comment on our
             conclusions and recommendations. NRC did comment that our report
             failed to reflect changes made to the program since September 11, 2001,
             and that the issues addressed in the report were relatively minor and were
             appropriately addressed. While we agree that NRC has taken many actions
             since September 11, we note that most of these actions related to
             enhancing security at the plants and did not relate to NRC’s oversight
             efforts. In fact, since September 11, NRC has suspended the two major
             elements of its oversight program, baseline inspections and force-on-force
             exercises. We believe that the issues cited in this report, such as improperly
             screening individuals entering the plant, are not minor, and that promptly
             restoring the annual security inspections and force-on-force exercises will
             improve NRC’s oversight responsibilities.



Background   NRC is an independent agency established by the Energy Reorganization
             Act of 1974 to regulate civilian use of nuclear materials. NRC is headed by a
             five-member commission. The President designates one commission
             member to serve as Chairman and official spokesperson. The commission
             as a whole formulates policies and regulations governing nuclear reactor
             and materials safety, issues orders to licensees, and adjudicates legal
             matters brought before it. Security for commercial nuclear power plants is
             primarily the responsibility of NRC’s Office of Nuclear Security and
             Incident Response. This office develops overall agency policy and provides
             management direction for evaluating and assessing technical issues
             involving security at nuclear facilities, and it is NRC’s safeguards and
             security interface with the Department of Homeland Security, the
             intelligence and law enforcement communities, DOE, and other agencies.1
             The office also develops and directs the NRC program for response to
             incidents, and it is NRC’s incident response interface with the Federal
             Emergency Management Agency and other federal agencies. NRC

             1
              DOE operates facilities that contain radioactive material used in its nuclear weapons
             program.




             Page 4                   GAO-03-752 Nuclear Regulatory Commission: Oversight of Security
                                          implements its programs through four regional offices. Figure 1 shows the
                                          location of commercial nuclear power plants operating in the United
                                          States. (See app. II for a list of the commercial nuclear power plants, their
                                          locations, and the NRC regions that are responsible for them.)



Figure 1: Commercial Nuclear Power Plants in the United States




                                          Commercial nuclear power plants are also subject to federal and state laws
                                          that control certain matters related to security functions, such as the
                                          possession and use of automatic weapons by security guards and the use of
                                          deadly force.




                                          Page 5                 GAO-03-752 Nuclear Regulatory Commission: Oversight of Security
NRC Security Regulation   NRC begins regulating security at a commercial nuclear power plant when
and Oversight             the plant is constructed. Before granting an operating license, NRC must
                          approve a security plan for the plant. Since 1977, NRC has required the
                          plants to have a security plan that is designed to protect against a design
                          basis threat for radiological sabotage.2 Details of the design basis threat are
                          considered “safeguards information” and are restricted from public
                          dissemination.3 The design basis threat characterizes the elements of a
                          postulated attack, including the number of attackers, their training, and the
                          weapons and tactics they are capable of using. The design basis threat,
                          revised twice since it was first issued in 1977, requires the plants to protect
                          against “a determined violent external assault by stealth, or deceptive
                          actions” or “an internal threat of an insider, including an employee in any
                          position.” Under the 1977 design basis threat, plants had to

                          • add barriers to vital equipment and work zones and develop
                            identification and search procedures for anyone entering restricted
                            areas;

                          • upgrade alarm systems and internal communication networks and
                            control keys, locks, and combinations; and

                          • maintain a minimum number of guards, armed with semiautomatic
                            weapons, that had to be on duty at all times (unless NRC granted an
                            exemption that allowed fewer guards).

                          In 1993, in response to the first terrorist attack on the World Trade Center
                          in New York City and to a vehicle intrusion at the Three Mile Island nuclear
                          power plant in Pennsylvania, NRC revised the design basis threat for
                          radiological sabotage to include the possible use of a vehicle bomb. This
                          action required the installation of vehicle barriers at the power plants. On
                          April 29, 2003, NRC issued a revised design basis threat that the
                          commission believes is the “largest reasonable threat against which a
                          regulated private guard force should be expected to defend under existing
                          law.” NRC has given the power plants 18 months to comply with the new
                          design basis threat.



                          2
                           Radiological sabotage against a nuclear power plant is a deliberate act that could directly
                          or indirectly endanger the public health and safety by exposure to radiation.
                          3
                          Safeguards information is unclassified sensitive information.




                          Page 6                    GAO-03-752 Nuclear Regulatory Commission: Oversight of Security
                             NRC’s inspection program is an important element in its oversight effort to
                             ensure that commercial nuclear power plants comply with security
                             requirements. Security inspectors from the agency’s four regional offices
                             conduct annual inspections at each plant. These inspections are designed
                             to check that the power plants’ security programs meet NRC requirements
                             in the areas of access authorization, access control, and response to
                             contingency events. The inspections also involve reviewing changes to the
                             plant’s security plan and random samples of the plant’s own assessment of
                             its security. NRC suspended its inspection program in September 2001 to
                             focus its resources on the implementation of security enhancements. NRC
                             is currently revising the security inspection program.

                             NRC also conducted force-on-force exercises under the security inspection
                             program. These force-on-force exercises, which were referred to as
                             Operational Safeguards Response Evaluation (OSRE) exercises, were
                             designed to test the adequacy of a plant’s capability to respond to a
                             simulated attack. NRC began conducting these exercises in 1991 but
                             suspended them after September 11, 2001. NRC intends to restructure the
                             program. It has recently begun a series of pilot force-on-force exercises
                             that are designed to provide a more rigorous test of security at the plants
                             and to provide information for designing a new force-on-force exercise
                             program. No date has been set for completing the pilot program or for
                             initiating a new, formal force-on-force program.



NRC Actions to Enhance       In order to respond to the heightened risk of terrorist attack, NRC has had
Security at Commercial       extensive interactions with the Department of Homeland Security and the
                             Homeland Security Council on security at commercial nuclear power
Nuclear Power Plants since
                             plants. NRC also has issued advisories and orders that were designed to
September 11, 2001           increase the size and improve the proficiency of plant security forces,
                             restrict access to the plants, and increase and improve plant defensive
                             barriers. On October 6, 2001, NRC issued a major advisory, stating that the
                             licensees should consider taking immediate action to increase the number
                             of security guards and to be cautious of temporary employees. NRC
                             conducted a three-phase security inspection, checking the licensees to see
                             if they had complied with these advisories. Each licensee’s resident
                             inspector4 conducted phase one, which was a quick overview of the
                             licensee’s security program using a headquarters-prepared survey. During

                             4
                              NRC resident inspectors are stationed at each commercial nuclear power plant facility. The
                             resident inspectors are not security specialists, focusing primarily on plant safety.




                             Page 7                   GAO-03-752 Nuclear Regulatory Commission: Oversight of Security
phase two, NRC’s regional security inspectors conducted a more thorough
survey of each plant’s security. During phase three, which concluded in
January 2002, NRC’s regional security inspectors reviewed each licensee’s
security program to determine if the licensee had complied with the
additional measures suggested in the October 6, 2001, advisory.

NRC used the results from the three-phase security inspection in
developing its February 25, 2002, order requiring licensees to implement
additional security mechanisms.5 Many of the order’s requirements were
actions suggested in previous advisories. The licensees had until August 31,
2002, to implement these security requirements. In December 2002, NRC
completed a checklist to provide assurance that the licensees had complied
with the order. In addition, NRC developed a security inspection procedure
to validate and verify licensee compliance with all aspects of the order.
NRC estimates that this procedure will be completed by December 2003.
On August 14, 2003, NRC stated that 75 percent of the power plants had
been inspected for compliance with the order.

NRC also took action on an item that had been a security concern for a
number of years—the use of temporary clearances for temporary workers.
Commercial nuclear power plants use hundreds of temporary employees
for maintenance—most frequently during the period when the plant is shut
down for refueling. In the past, NRC found instances in which personnel
who failed to report criminal records had temporary clearances that
allowed them unescorted access to vital areas. 6 In its October 6, 2001,
advisory, NRC suggested that licensees limit temporary clearances for
temporary workers. On February 25, 2002, NRC issued an order that limited
the use and duration of temporary clearances, and, on January 7, 2003, NRC
issued an order to eliminate the use of these clearances.7 NRC now requires
a criminal history review and a background investigation to be completed
before allowing temporary workers to have unescorted access to the power
plants.



5
NRC Order EA-02-026.
6
 The vital area, within the protected area, contains the plant equipment, systems, devices, or
material whose failure, destruction, or release could endanger the public health and safety
by exposure to radiation. This area is protected by guard stations, reinforced gates,
surveillance cameras, and locked doors.
7
NRC Order EA-02-261.




Page 8                    GAO-03-752 Nuclear Regulatory Commission: Oversight of Security
                               On April 29, 2003, in addition to issuing a new design basis threat, NRC
                               issued two orders that are designed to ensure that excessive work hours do
                               not challenge the ability of security forces in performing their duties and to
                               enhance the training and qualification program for security forces.



Three Aspects of NRC’s         NRC’s security inspection program may not be fully effective because of
                               weakness in three areas. First, during the annual inspections conducted
Security Inspection            from 1999 until September 2001, NRC’s regional security specialists used a
Program Inhibit                process to categorize the seriousness of security problems that, in some
                               cases, minimized their significance. As a result, NRC did not track these
Effective Oversight            problems to ensure that they had been permanently corrected and may
                               have overstated the level of security at power plants. Second, NRC does not
                               routinely collect and disseminate information from security inspections to
                               NRC headquarters, other NRC regions, or other power plants.
                               Dissemination of this information may help other plants to correct similar
                               problems or prevent them from occurring. Third, NRC has made limited
                               use of some available administrative and technological improvements that
                               would make force-on-force exercises more realistic and provide a more
                               useful learning experience.



NRC’s Inspection Practices     NRC ensures that commercial nuclear power plants maintain security by
Minimize the Significance of   monitoring the performance and procedures of the licensees that operate
                               them. NRC’s inspection program is the agency’s only means to verify that
Some Security Problems
                               these plants comply with their own NRC-approved security plans and with
                               other NRC security requirements.

                               NRC suspended its annual security inspection program after September 11,
                               2001, and currently is revising the program. NRC does not expect a new
                               security inspection program to be implemented until some time in 2004.
                               Although NRC has temporarily suspended its annual security inspections, it
                               continues to check a plant’s self-assessments and conduct an inspection if
                               the licensee identifies a serious problem.

                               Under the previous security inspection program, initiated in 1999 and
                               suspended in 2001, NRC used a “risk informed” performance-based system
                               (the Reactor Oversight Process) that was intended to focus both NRC’s and
                               the licensees’ resources on important safety matters. In an attempt to focus
                               NRC attention on plants with the most serious problems, and to reduce
                               regulatory burdens on the nuclear industry, the Reactor Oversight Process



                               Page 9               GAO-03-752 Nuclear Regulatory Commission: Oversight of Security
relied heavily on performance assessment data generated by the licensees
and submitted quarterly to NRC. In the security area, these licensee self-
assessments provided NRC with data on (1) the operation of security
equipment (such as intrusion detectors and closed-circuit television
cameras), (2) the effectiveness of the personnel screening program
(including criminal history and background checks), and (3) the
effectiveness of the employee fitness-for-duty program (including tests for
substance abuse and behavioral observations). Under guidelines for these
self-assessments, licensees are required to report only the most serious
problems. NRC inspectors followed a multistep process to monitor
security, including verifying the licensees’ self-assessments and conducting
their own annual inspection. NRC inspectors did not verify all aspects of
the licensees’ self-assessments. Instead, the inspectors made random
checks of the quarterly self-assessments during their annual security
inspection of the plant.

During the inspections, the inspectors reviewed the following aspects of
security at each plant:

• Access authorization and fitness for duty (performed annually).
  Inspectors interviewed supervisors and their staffs about procedures for
  recognizing drug use, possession, and sale; indications of alcohol use
  and aberrant behavior; and records of testing for suspicious behavior.
  These procedures were designed to ensure that the licensee conducts
  adequate personnel screening and enforces fitness-for-duty
  requirements—functions considered critical to protect against an
  insider threat of radiological sabotage.

• Access control (performed annually). Inspectors observed guards at
  entry points during peak hours, checked screening equipment, read
  event reports and logs, checked access procedures for the plant’s vital
  area, and surveyed data in the security computers. For example,
  inspectors observed searches of personnel, packages, and vehicles for
  contraband (i.e., firearms, explosives, or drugs) before entry into the
  protected area and ensured that the guards granted only authorized
  persons unescorted access to the protected and the vital areas of the
  plant.




Page 10              GAO-03-752 Nuclear Regulatory Commission: Oversight of Security
• Response to contingency events (performed triennially).8 Inspectors
  tested the licensee’s physical security by testing the intrusion detection
  system.

• Random checks of changes to security plans (performed biennially).
  Under NRC regulations, licensees can change their security plans
  without informing NRC if they believe that the change does not decrease
  the effectiveness of the plan. Inspectors reviewed security plan changes
  and could have physically examined a change if an issue arose.

If NRC inspectors detected a security problem in these areas, they
determined the problem’s safety significance and whether it violated the
plant’s security plan or other NRC requirements. If a violation occurred,
and the inspectors determined that the problem was “more than minor,”
they used a “significance determination process” to relate the violation to
overall plant security. According to NRC officials, the significance
determination process is also being revised. Under the process previously
used, the inspectors assigned a violation one of the following four ratings:
very low significance, low to moderate significance, substantial
significance, and high significance. For violations more serious than very
low significance, the licensee was required to prepare a written response,
stating the actions it would take to correct the problem. However,
violations judged to be of very low significance—usually categorized as
non-cited violations—were routinely recorded; entered into the plant’s
corrective action plan; and, from NRC’s perspective, closed. Violations
were judged to be of low significance and categorized as a non-cited
violation if the problem had not been identified more than twice in the past
year or if the problem had no direct, immediate, adverse consequences at
the time it was identified. In addition, for non-cited violations, NRC did not
require a written response from the licensee and did not routinely follow up
to ensure that a permanent remedy had been implemented unless the non-
cited violation was randomly selected for review of the licensee’s
corrective action program.

We found that NRC frequently issued non-cited violations. NRC issued 72
non-cited security violations from 2000 to 2001 compared with no cited
security violations during the same period. In addition, NRC issued non-
cited violations for security problems that, while within NRC’s guidance for



8
A contingency event is any event that could impact on the security of the plant.




Page 11                  GAO-03-752 Nuclear Regulatory Commission: Oversight of Security
non-cited violations, appear to be serious and seem to justify the formality
and follow-up of a cited violation. For example:

• At one plant, an NRC inspector found a security guard sleeping on duty
  for more than half an hour. This incident was treated as a non-cited
  violation because no actual attack had occurred during that time, and
  because neither he nor any other guard at the plant had been found
  sleeping more than twice during the past year.

• At another plant, a security officer falsified logs to show that he had
  checked vital area doors and barriers when he was actually in another
  part of the plant. The officer was the only protection for this area
  because of a “security upgrade project.”

• At another plant, NRC inspectors categorized two security problems as
  non-cited violations because they had not occurred more than twice in
  the past year. In one incident, an inspector observed guards who failed
  to physically search several individuals for metal objects after a walk-
  through detector and a hand-held scanner detected metal objects in
  their clothing. The unchecked individuals were then allowed unescorted
  access throughout the plant’s protected area. Also, security was
  compromised in a vital area—where equipment that could be required
  to protect public health and safety is located—when an inspector found
  that tamper alarms on an access door had been disabled. In this case,
  the only compensatory measure implemented was to have a guard
  check the location once during each 12-hour shift.

In addition to NRC’s annual inspections, NRC will conduct an inspection if
a plant’s quarterly self-assessment identifies a serious security problem.
Between 2000 and 2002, only 4 of the 104 plants reported security problems
that required NRC to conduct a follow-up inspection. In 2000, each plant
identified that equipment for controlling access to the plant’s protected
area was often broken, requiring extra guards as compensation. None of
the 104 plants’ self-assessments identified any security problems in 2001,
2002, or the first 6 months of 2003.

Once every 3 months, NRC develops performance summaries for each of
the nuclear power plants it regulates. In the security area, NRC uses each
plant’s self-assessment performance indicators and its own annual
inspections as the basis for each plant’s quarterly rating. The performance
rating can range from “meeting security objectives” to “unacceptable.” The
ratings are displayed on NRC’s Web site, which is the public’s main link to



Page 12              GAO-03-752 Nuclear Regulatory Commission: Oversight of Security
                           NRC’s assessment of the security at each plant. However, because of NRC’s
                           extensive use of non-cited violations, the performance rating may not
                           always accurately represent the security level of the plant. For example,
                           the plant where the sleeping guard was found was rated as meeting security
                           objectives for that period. NRC also rated security as meeting objectives at
                           the plant where physical searches were not conducted for metal detected
                           by scanners.



NRC Does Not               NRC does not have a routine, centralized process for collecting, analyzing,
Systematically Collect,    and disseminating security inspections to identify problems that may be
                           common to other plants or to identify lessons learned in resolving a
Analyze, and Disseminate
                           security problem that may be helpful to plants in other regions. NRC
Information That May       headquarters only receives inspection reports when a licensee challenges
Improve Security at All    the findings from security inspections. Following the inspection, the
Plants                     regional security specialist prepares a report that is then sent to the
                           licensee for comment. If the licensee does not challenge the report’s
                           findings, the report is filed at the region. If the licensee challenges the
                           findings, a NRC headquarters security review panel meets to resolve the
                           issue. At this point, headquarters security specialists may informally retain
                           copies of the case, but, officially, headquarters returns the files to the
                           region, which replies to the licensee.

                           According to NRC headquarters officials, they do not routinely obtain
                           copies of all security inspection reports because headquarters files and
                           computer databases are insufficient to hold all inspection reports. In
                           addition, some of the reports contain safeguards information and can only
                           be transferred by mail, courier, or secure fax. Instead, headquarters only
                           has a list of reports in its computer database—not the narrative details that
                           include safeguards information. According to headquarters officials,
                           regional NRC security specialists may maintain their own information
                           about security problems and their resolution, but they have not done this
                           systematically nor have they routinely shared their findings with
                           headquarters or the other regions.



NRC’s Force-on-Force       From 1991 through 2001, NRC conducted force-on-force exercises, called
Exercises Are Limited in   OSREs, at the nation’s commercial nuclear power plants. Although these
                           exercises have provided learning experiences for the plants and may have
Their Usefulness
                           helped improve plant security, the exercises did not fully demonstrate the
                           plants’ security preparedness. The exercises were conducted infrequently,
                           against plant security that was enhanced by additional guards and/or


                           Page 13              GAO-03-752 Nuclear Regulatory Commission: Oversight of Security
                           security barriers, by simulated terrorists who were not trained to operate
                           like terrorists, and with unrealistic weapons. In addition, the exercises did
                           not test the maximum limits of the design basis threat, and inspectors often
                           filed OSRE reports late. As a result, the exercises did not provide complete
                           and accurate information on a power plant’s ability to defend against the
                           maximum limits of the design basis threat, and permanent correction of
                           problems may have been delayed. Furthermore, NRC has made only limited
                           use of some available administrative and technological improvements that
                           would make force-on-force exercises more realistic and provide a more
                           useful learning experience.

Exercises Were Conducted   NRC was not required by law, regulation, or order to conduct OSRE
Infrequently               exercises; however, NRC and the licensees believed that these exercises
                           were an appropriate mechanism to test the adequacy of the plants’ security
                           plans, and all licensees agreed to participate in these exercises. Since there
                           is no requirement, NRC started the OSRE program without guidance on
                           how frequently the exercises should be conducted at each plant. NRC
                           conducted OSRE exercises at each commercial nuclear power plant about
                           once every 8 years. Sixty-eight power plant sites have conducted one OSRE
                           exercise and 12 sites have conducted two exercises.

                           Like NRC, DOE conducts force-on-force exercises at its nuclear facilities.9
                           DOE’s regulations state that force-on-force exercises should be conducted
                           at every facility once a year. According to DOE officials, annual inspections
                           are important because DOE wants up-to-date information on security
                           preparedness at each nuclear facility; and more frequent exercises require
                           the facilities to maintain the quality of the security program because
                           another drill is always only a few months away. According to NRC officials,
                           they are planning to initiate a new force-on-force exercise program that will
                           be based on ongoing pilot force-on-force exercises. They plan to conduct
                           an exercise for each licensee every 3 years, which will require additional
                           regional security inspectors.




                           9
                            DOE’s facilities differ from the commercial nuclear power plants that NRC oversees. Both
                           of these types of facilities, however, contain radioactive material that must be protected.
                           The security that is required to protect the facilities also differs; however, we believe that
                           there are some similarities that allow for lessons learned or promising practices by one
                           agency to have application by the other.




                           Page 14                   GAO-03-752 Nuclear Regulatory Commission: Oversight of Security
Exercises Were Conducted   According to NRC officials, they provided the licensee with up to 12
Against Enhanced Plant     months’ advance notice of OSRE exercises so that it could assemble a
Defenses                   second team of security guards to protect the plant while the exercise was
                           being conducted. However, the advanced notification also allowed
                           licensees to enhance security prior to the OSRE exercises, and they were
                           not required to notify NRC of any enhancements to their security plan. As a
                           result, according to NRC officials, during the exercises, many plants
                           increased the number of guards that would respond to an attack; added
                           security barriers, such as additional fencing; and/or added defensive
                           positions that they did not previously have. According to our review of all
                           80 OSRE reports, at least 45—or 56 percent—of the exercises were
                           conducted against plant defenders who had received additional training for
                           the exercise or against enhanced plant security features, such as additional
                           guards or defensive positions or barriers. Figure 2 shows the number of
                           OSRE reports that stated that the exercises were conducted against (1)
                           guard forces that were larger than those provided for in the security plan;
                           (2) increased defensive positions or barriers; (3) guards that had received
                           additional training; and (4) guard forces that were larger than those
                           provided for in the security plan, guards that had received additional
                           training, or plants that had enhanced defensive positions or barriers.




                           Page 15              GAO-03-752 Nuclear Regulatory Commission: Oversight of Security
Figure 2: Security Enhancements Made before OSRE Exercises




Although we found 11 instances in which plants had increased the number
of security guards for the OSRE exercises, an NRC official told us that the
number was actually higher but was not reported in the OSRE reports.
According to this official, 52 of the first 55 OSREs conducted used more
guards than provided for in the plants’ security plans. For these plants, the
number of guards used exceeded the number called for in the security plan
by an average of 80 percent. According to this official, using additional
guards impaired the realism of the exercise because in the event of an
actual attack, only the number of guards specified in the security plan
would protect the plant.

Plants that used increased numbers of guards, increased training, or
increased defensive positions or barriers fared better in the OSREs than
those that used the plant defenses specified in the security plan. According
to the OSRE reports, of the 45 plants that increased plant defenses beyond



Page 16              GAO-03-752 Nuclear Regulatory Commission: Oversight of Security
                               the level specified in the security plan, 10 (or 22 percent) failed to defeat
                               the attackers in one or more of the exercises conducted during the OSRE.
                               However, of the 35 plants that used only the security levels specified in the
                               security plan, 19 (or 54 percent) failed to defeat the attackers in one or
                               more exercises conducted during the OSRE.

                               The increased training and preparation for the OSRE exercises provided an
                               opportunity for the licensee to examine its security program and upgrade
                               the program in areas found lacking. However, according to an NRC official,
                               the licensee could decrease security to previous levels after the exercise.
                               Consequently, the exercise only provided an evaluation of the “ramped up”
                               security and provided little information on the plant’s normal day-to-day
                               security. According to this official, NRC could not hold a licensee
                               accountable for ramping down after the OSRE exercise because the
                               enhanced training and additional barriers were not part of the licensee’s
                               security plan, and NRC can only hold the licensee accountable for its
                               security plan. NRC has not required that security enhancements
                               implemented to prepare for OSRE exercises be included as part of the
                               plants’ security plans. However, as of November 2000, NRC no longer
                               allowed the licensee to increase the number of guards or add defensive
                               positions or security barriers for OSRE exercises. Between November 2000
                               and the suspension of the program in September 2001, only eight OSREs
                               were conducted.

                               DOE—which also provides its facilities with advanced notice of a
                               scheduled force-on-force exercise (up to 1 year) and allows the facility to
                               upgrade its security for the exercise—requires that any enhancements to
                               security that are implemented for the exercise become integrated into the
                               facility’s security plan. DOE inspectors conduct follow-up visits to verify
                               that the enhancements have been maintained.

Adversary Forces Were Not      Licensees used off-duty guards, guards from other licensees, and
Trained in Terrorist Tactics   management personnel as the simulated adversary force for OSRE
                               exercises, but these forces may not have accurately simulated the dangers
                               of an attack. The guards on the adversary force had training only in
                               defending the plant, not in terrorist and offensive tactics or in the use of
                               weapons that a terrorist might have. Furthermore, plant managers
                               participating in the drill had little or no training or experience, even in
                               defensive tactics. Finally, some members of the adversary force could have
                               a vested interest in having the licensee’s guard force successfully defeat
                               them in attempting simulated radiological sabotage, thereby demonstrating
                               an adequate security program.



                               Page 17              GAO-03-752 Nuclear Regulatory Commission: Oversight of Security
                             In contrast, DOE uses a trained, simulated composite adversary force in all
                             of its force-on-force exercises. This force includes guards from all
                             departmental facilities.10 Team members are trained in offensive tactics
                             and, according to DOE officials, have an “adversary” mind-set, which
                             allows them to think and act like terrorists.

                             According to NRC officials, as part of the pilot program, they are assessing
                             the characteristics, training, and selection of the adversary force. They said
                             that they also have reviewed DOE’s composite adversary team methods,
                             attended DOE’s adversary training school, and are assessing the DOE
                             program’s relevance to NRC activities.

Exercises Used Unrealistic   Adversary and plant defensive forces generally used rubber weapons
Weapons                      during OSRE exercises. Although under some circumstances, such as very
                             confined spaces, rubber weapons would be the most practical, in general,
                             rubber weapons do not simulate actual gunfire or provide real-time
                             experience. Licensee employees (controller judges) had to determine
                             whether a guard or adversary member’s weapon hit its intended target. This
                             led to unrealistic exercises. For example, in one OSRE exercise, the
                             controller judges reported that they could not determine when weapons
                             were “fired” or if a person was hit.

                             DOE usually uses Multiple Integrated Laser Equipment to simulate weapon
                             fire and provide real-time experiences. Multiple Integrated Laser
                             Equipment consists of weapons-mounted laser transmitters and laser
                             sensors on the guard forces and adversary team members. When a laser
                             gun is fired and hits a target, an alarm registers the hit, thereby allowing the
                             participants to simulate weapon fire and participate in real-time exchanges.

                             A few NRC OSRE exercises used Multiple Integrated Laser Equipment.
                             According to one OSRE report, the use of laser guns provided realistic
                             scenarios and simulated the stress of an actual engagement. Consequently,
                             the exercise showed results that “significantly helped in evaluating the
                             effectiveness of both the defensive strategy and the officers executing the
                             strategies.” NRC officials said that they are conducting a $1.4 million
                             assessment of the use of Multiple Integrated Laser Equipment.




                             10
                              DOE, Office of Independent Oversight and Performance Assurance, Inside Oversight,
                             Special Edition, June 2002, 1-2.




                             Page 18                GAO-03-752 Nuclear Regulatory Commission: Oversight of Security
Exercises Did Not Test the    NRC never tested several aspects of the design basis threat in the OSRE
Full Extent of the Design     exercises. As a result, NRC could not determine the plants’ capability to
                              defend against the maximum credible terrorist attack. According to the
Basis Threat                  NRC official who was in charge of the OSRE program, NRC did not use and
                              test certain adversary capabilities because the exercises would have been
                              too rigorous, would have resulted in too many exercises in which the
                              adversaries achieved their objectives, and thus may have resulted in the
                              elimination of the OSRE program. The second round of OSRE exercises,
                              begun in 2000, was originally planned to include all of the adversary
                              capabilities. However, from the beginning of the second round of OSREs to
                              the suspension of the program in September 2001, none of the OSREs
                              included all adversary capabilities.

                              DOE tests the full adversary capabilities of the design basis threat and
                              often goes beyond those capabilities. DOE officials believe it is important
                              to test the licensee’s security against all of the adversary capabilities so that
                              DOE can determine how secure the facility is and what improvements are
                              needed.

Operational Safeguards        NRC had a program goal of issuing OSRE reports 30 to 45 days after the
Response Evaluation Reports   end of the exercise, but 46 of 76 reports (60 percent) were not issued within
Were Not Timely               the required time.11 Delays in releasing a report to the licensee may have
                              affected the timeliness of permanent corrective actions and diminished the
                              effectiveness of feedback on the exercise. On average, NRC issued OSRE
                              reports to the licensees 98 days after the end of the exercises. The OSRE
                              reports addressed any problems that needed to be corrected and specified
                              how long the licensee had to correct the problem. NRC communicated the
                              results of the exercise to the licensee at a closeout meeting. If a concern
                              was severe and made the licensee vulnerable to security breaches, the
                              licensee was required to provide temporary protection to address that
                              concern until it implemented a permanent correction. However, the OSRE
                              reports have specified an average of 51 days to permanently correct a
                              concern after the report was issued. As a result, nearly 5 months elapsed
                              between when the exercise was completed and when the report was issued
                              and a permanent correction was required.




                              11
                                Four of the 80 reports did not contain the information that was necessary to determine the
                              time required to issue the report.




                              Page 19                  GAO-03-752 Nuclear Regulatory Commission: Oversight of Security
Federal Law Limits the   Commercial nuclear power plants face challenges in securing their plants
                         against intruders because federal and state laws limit security guards’
Type of Weapons That     ability to defend these plants. Federal law generally prohibits private
Guards Can Use, and      ownership of automatic weapons, and there is no exemption in the law for
                         security guards at commercial nuclear power plants.12 As a result, no
State Laws Vary on       nuclear power plants use automatic weapons in their defense. However,
Guards’ Authority to     terrorists attacking a nuclear power plant could be armed with automatic
Deal with Intruders      weapons or other advanced weapons. NRC officials believe that a terrorist
                         attacking a nuclear power plant could obtain and use any weapon that can
                         be purchased on the black market, while guards generally have to rely on
                         semiautomatic pistols, rifles, or shotguns. As a result, guards at nuclear
                         power plants could be at a great disadvantage in terms of firepower, if
                         attacked.

                         According to NRC officials, the use of fully automatic weapons would
                         provide an important option to plants as they make security decisions
                         about a number of factors, such as the number of plant guards, the
                         positioning of guards at the facilities, and the quality and capabilities of
                         surveillance equipment. According to these officials, plants will have more
                         options in developing the appropriate combination of security elements if
                         guards have the authority to carry automatic weapons. NRC recognizes,
                         however, that some plant sites face special conditions under which fully
                         automatic weapons might not be beneficial or practicable.




                         12
                          Automatic weapons manufactured before 1986, prior to the Firearms Owners’ Protection
                         Act (18 U.S.C. 921 et. seq.) are regulated by the National Firearms Act (26 U.S.C. 5801 et.
                         seq.), which allows civilian ownership provided certain requirements are met. States may
                         further restrict ownership of automatic weapons.




                         Page 20                  GAO-03-752 Nuclear Regulatory Commission: Oversight of Security
Commercial nuclear power plants also face security challenges because of
the absence of nationwide legal authority and clear guidance on when and
how guards can use deadly force in defending these plants. According to
NRC’s regulations,13 a guard should use deadly force in protecting nuclear
power reactors against sabotage when the guard has a reasonable belief
that such force is necessary for self-defense or the defense of others.
However, in general, state laws govern the use of deadly force by private
sector persons, and these laws vary from state to state. For example, under
New Hampshire statutes, guards may not use deadly force if they can safely
retreat from the encounter. 14 In contrast, Texas statutes allow guards to use
deadly force in defense of private land or property, which includes nuclear
power plants, without retreating, if such action is necessary to protect
against another’s use of unlawful force.15 In still other states, such as
Virginia and Michigan, no state statutes specifically address the issue, and
the courts decide whether deadly force was appropriate in a given
situation.

NRC officials believe that guards—concerned about their right to act—
might second-guess, hesitate, delay, or fail to act appropriately against an
attacker, thereby increasing the risk of a successful attack on the nation’s
nuclear power plants. During OSRE exercises, NRC officials presented
guards with various scenarios that could involve the use of deadly force. In
7 of the 80 OSRE reports we reviewed (about 9 percent) NRC found that
the guards did not understand or did not properly apply its guidance on the
use of deadly force.




13
     10 C.F.R. 73.55(h)(5).
14
     N.H. Rev. Stat. 627.4.
15
     TX Pen. Code, Sections 9.41-9.43.




Page 21                       GAO-03-752 Nuclear Regulatory Commission: Oversight of Security
              Finally, guards at nuclear power plants do not have nationwide legal
              authority and clear guidance on when and how to arrest and/or detain
              intruders at the nation’s plants. NRC officials believe that there is a
              question about whether federal authority can be directly granted to private
              security guards who are not deputized. State laws governing this authority
              vary. For example, in South Carolina, private security guards’ authority to
              arrest and/or detain intruders on plant property is similar to local law
              enforcement officials’ authority.16 However, in most states, these guards
              have only the arrest authority afforded every U.S. citizen.17

              To enable nuclear power plants to better defend against attacks, NRC has
              sought federal legislation that would authorize the use of deadly force to
              protect the plants. Legislation has not been enacted but is currently
              pending on arrest and detain authority.



Conclusions   NRC has taken several actions to respond to the heightened risk of attack
              following the September 11, 2001, terrorist attacks and, in April 2003,
              issued a new design basis threat that the commercial nuclear power plants
              must be prepared to defend against. However, NRC’s past methods for
              ensuring that plants are taking all of the appropriate defensive measures—
              the annual security inspections and the force-on-force exercises—had
              significant weaknesses. As a result, NRC’s oversight of these plants may not
              have provided the information necessary for NRC to ensure that the power
              plants were adequately defended.

              In particular, NRC’s past use of non-cited violations for security problems
              that appear to be serious is detrimental to ensuring the plants’ security
              because NRC did not require follow-up to ensure that a non-cited violation
              was corrected. Lack of follow-up reduces the likelihood that needed
              improvements will be made. Moreover, NRC may have overstated security
              levels when it provided a “meeting security objectives” rating to some
              plants having non-cited violations that appear to have serious security
              implications. NRC could not have known whether some non-cited

              16
                   S.C. Code Section 40-18-110.
              17
               Citizen’s arrest authority evolved from old English law. Some states have statues specifying
              and clarifying citizen’s arrest authority, and others rely on common law citizen’s arrest
              authority. Generally, under common law, a private citizen may arrest another when there is
              probable cause to believe that the other person is committing or has committed a felony in
              the citizen’s presence.




              Page 22                     GAO-03-752 Nuclear Regulatory Commission: Oversight of Security
violations, such as guards found asleep on duty or failure to physically
search for metal detected by scanners, were vulnerabilities that could have
been exploited. However, accepting such vulnerabilities post-September
11, 2001, opens the power plants to undue risk. Furthermore, NRC may be
missing opportunities to better oversee and improve security at the plants
because it does not routinely collect, analyze, and disseminate information
on security enhancements, problems, and solutions among the plants and
within the agency. Such a mechanism may help other plants to improve
their security.

Similarly, the force-on-force exercises were not realistic enough to ensure
the identification and correction of plants’ security vulnerabilities.
Untrained adversary teams, temporarily enhanced defenses, and rubber
weapons used in past force-on-force exercises simply do not compare with
simulated attack exercises using technologically advanced tools that
provide realistic, real-time experience. Furthermore, NRC was not required
to conduct these exercises and has done so infrequently, thereby making
plants even less prepared to address an attack. In addition, in the past,
exercises have not addressed the full range of the design basis threat.
Finally, delays in issuing reports on the OSRE exercises may have resulted
in delays in the permanent correction of known security problems.

NRC is in the process of revising both its security inspection program and
its force-on-force exercise program. What these programs will consist of
when they are revised is currently unknown. NRC expects its security
inspection program to be restored by 2004 and will decide the future of its
force-on-force program after completing its pilot program—at a date yet to
be determined. Revisions of these programs provide NRC with an
opportunity to use the lessons learned from the suspended programs to
strengthen them and make them more relevant to the post-September 11,
2001, environment.

Until these programs are restored, NRC is relying on plants’ self-
assessments and the force-on-force pilot program as its mechanisms to
oversee security at the nation’s nuclear power plants. The self-assessments
rely on the licensees to identify problems, which then prompts NRC to
conduct security inspections. Since the inspection program was curtailed
in 2001, the plants have not identified any serious security problems in their
self-assessments. Therefore, it is critical for NRC to revise and restore
promptly its annual security inspections and force-on-force exercises to
fulfill its oversight responsibilities.




Page 23              GAO-03-752 Nuclear Regulatory Commission: Oversight of Security
Recommendations for   To strengthen NRC’s security inspection program, we recommend that the
                      NRC Commissioners
Executive Action
                      • ensure that NRC’s revised security inspection program and force-on-
                        force exercise program are restored promptly and require that NRC
                        regional inspectors conduct follow-up visits to verify that corrective
                        actions have been taken when security violations, including non-cited
                        violations, have been identified;

                      • ensure that NRC routinely collects, analyzes, and disseminates
                        information on security problems, solutions, and lessons learned and
                        shares this information with all NRC regions and licensees; and

                      • make force-on-force exercises a required activity and strengthen them
                        by

                         • conducting the exercises more frequently at each plant;

                         • using laser equipment to ensure accurate accounts of shots fired;

                         • requiring the exercises to make use of the full terrorist capabilities
                           stated in the design basis threat, including the use of an adversary
                           force that has been trained in terrorist tactics;

                         • continuing the practice, begun in 2000, of prohibiting licensees from
                           temporarily increasing the number of guards defending the plant and
                           enhancing plant defenses for force-on-force exercises, or requiring
                           that any temporary security enhancements be officially incorporated
                           into the licensees’ security plans; and

                         • enforcing NRC’s requirement that force-on-force exercise reports be
                           issued within 30 to 45 days after the end of the exercise to ensure
                           prompt correction of the problems noted.



Agency Comments and   We provided a draft of this report to NRC for its review and comment. NRC
                      stated that our report did not provide a balanced or useful perspective of its
Our Evaluation        role in ensuring security at commercial nuclear power plants. NRC
                      believed that our report was “of a historical nature,” focusing on NRC’s
                      oversight of power plants before September 11, 2001, and that our report
                      failed to reflect the changes NRC has made to its program since September



                      Page 24              GAO-03-752 Nuclear Regulatory Commission: Oversight of Security
11. Furthermore, NRC commented that our characterization of non-cited
violations as minimizing the significance of security problems is a serious
misrepresentation. NRC said that the “anecdotal” issues noted in the draft
report were “relatively minor issues” and that it treated them appropriately.

We agree that NRC has taken numerous and appropriate actions since
September 11, 2001, and that additional security procedures have been, and
are being, put in place to increase power plant operators’ attention to
enhancing security. Our draft report had discussed many of these actions,
and we have added additional language to the report to more fully reflect
these actions. We note that most of these actions were advisories or
requirements for the licensee to enhance plant physical security and did
not relate to NRC’s oversight activities. With respect to NRC oversight of
security at the nuclear power plants, NRC has suspended the two primary
elements of its oversight program, the security inspection program and the
OSRE exercises and has not yet resumed them. NRC’s oversight actions
since September 11 have been interim in nature; it has conducted ad hoc
inspections and some force-on-force exercises as part of a pilot program.
NRC said that it plans to reinstitute the security inspection and the force-
on-force exercise programs in the future, but it does not now know what
the revised programs will consist of. As a result, we remain convinced that
it was appropriate to examine NRC’s security oversight program before
September 11. In the absence of any formal post-September 11 oversight
program, this was the only way to systematically assess the strengths and
weaknesses of NRC’s oversight. Our recommendations are directed at
strengthening the oversight programs and making NRC’s oversight more
relevant to the post-September 11 environment.

In that regard, while the NRC comments reference numerous efforts and
enhancements, we note that, with one exception, these actions were
designed to enhance power plant security and not to improve or enhance
NRC’s oversight program, which is the subject of this report. The one
exception is NRC’s force-on-force evaluation program, a major element in
NRC’s oversight program. In its comments, NRC stated that we failed to
adequately reflect NRC’s enhanced force-on-force evaluation program,
including the increased frequency and greater degree of realism of the
exercises. We disagree. NRC has not yet instituted a new force-on-force
program, and our report reflects NRC’s current force-on-force efforts. NRC
suspended its old OSRE program after September 11, 2001, and is currently
conducting pilot force-on-force exercises, which we describe in this report.
NRC has not determined when a permanent program will be instituted or




Page 25              GAO-03-752 Nuclear Regulatory Commission: Oversight of Security
what it will consist of when it is reinstituted. NRC plans to use the results
of the pilot exercises to help formulate a new, permanent program.

We also disagree that the “anecdotal” issues cited in the draft report were
“relatively minor issues” and do not believe that the continued extensive
use of non-cited violations will achieve the best oversight. Sleeping guards,
unauthorized access to protected areas, disabled alarms in the vital area,
and failure to inspect visitors who set off alarms on metal detectors are all
serious security problems that warrant NRC attention and oversight. NRC’s
belief that it should rely on the licensees to self-identify and correct these
types of problems is troubling. Instead of discounting problems that are, on
their face, quite worrisome, NRC should aggressively determine the root
cause of the problems, formulate corrective actions, and follow up to
ensure that the approved corrective actions have been implemented and
that the implemented actions have corrected the problems. The use of non-
cited violations delegates these activities and responsibilities to the
licensees. NRC believes that such delegation is appropriate and that the use
of non-cited violations contributes to an environment in which the licensee
self-identifies and corrects problems, a behavior that NRC said it
encourages. However, in the cases we cited, the delegation of responsibility
for identifying and correcting security problems was not effective because
all were security problems that the licensee failed to identify, but instead
were found by NRC security inspectors.

Finally, NRC stated that its process requires it to review a sampling of the
licensees’ corrective actions to ensure that the licensees are implementing
the corrective actions. NRC failed to note, however, that the requirement
cited is part of the baseline security inspection program that was
suspended after September 11, 2001, and that has not been reinstated. In
addition, when NRC was conducting baseline security inspections, the
program required corrective action checks only every 2 years, and the
sample selected for checks included all corrective actions—safety and
emergency preparedness, as well as security. As a result, NRC had no
assurance that any security corrective actions would be selected for follow-
up. Licensees should be involved in identifying and correcting problems.
However, we believe that by delegating these functions to the licensee,
NRC is abandoning its oversight responsibilities and, as a result, cannot
guarantee that problems are identified and corrected.

NRC did not comment on our recommendations for reinstituting and
improving its baseline inspection and force-on-force exercise programs.
Nevertheless, we hope that NRC decides to implement our



Page 26              GAO-03-752 Nuclear Regulatory Commission: Oversight of Security
recommendations as it fulfills its 31 U.S.C. 720 requirement to submit a
written statement of the actions taken on our recommendations. This
statement is to be submitted to the Senate Committee on Governmental
Affairs and the House Committee on Government Reform not later than 60
days after the date of this report’s release, and to the Senate and House
Committees on Appropriations with the agency’s first request for
appropriations made more than 60 days after that same date.

In addition to its overall comments and observations (see app. III), NRC
provided a number of technical comments and clarifications, which we
incorporated in this report as appropriate.


As arranged with your offices, unless you publicly announce its contents
earlier, we plan no further distribution of this report until 30 days after the
date of this letter. At that time, we will send copies of the report to
interested congressional committees, the Chairman of the Nuclear
Regulatory Commission, and the Director of the Office of Management and
Budget. We will make copies available to others on request. In addition, this
report will be available at no charge on the GAO Web site at
http://www.gao.gov.

If you or your staff have any questions about this report, please call me at
(202) 512-3841 or contact me at Wellsj@gao.gov. Key contributors to this
report are listed in appendix IV.




Jim Wells
Director, Natural Resources and Environment




Page 27               GAO-03-752 Nuclear Regulatory Commission: Oversight of Security
Appendix I

Scope And Methodology                                                                          AA
                                                                                                ppp
                                                                                                  ep
                                                                                                   ned
                                                                                                     n
                                                                                                     x
                                                                                                     id
                                                                                                      e
                                                                                                      x
                                                                                                      Iis




             Our objectives were to review (1) the effectiveness of the Nuclear
             Regulatory Commission’s (NRC) inspection program to oversee security at
             commercial nuclear power plants and (2) legal challenges currently
             affecting physical security at the power plants.

             To meet these objectives, we visited NRC’s Headquarters in Rockville,
             Maryland, and Region I in King of Prussia, Pennsylvania; obtained NRC
             advisories, orders, regulations, Operational Safeguards Response
             Evaluation (OSRE) reports, and annual security inspection reports; and
             interviewed officials who were knowledgeable about NRC’s physical
             security requirements for nuclear power plants. We also visited the
             Limerick, Oyster Creek, and Calvert Cliffs power plants; obtained licensee
             documents and requirements regarding their security procedures; and
             interviewed licensee officials who were knowledgeable about the facilities’
             security plans, procedures, and NRC’s nuclear power plant physical
             security regulations. During our visits, we observed the security measures
             that were put in place to reflect NRC’s advisories and orders since the
             terrorist attacks of September 11, 2001.

             To determine the extent of NRC’s oversight of nuclear power plant security,
             we held discussions with NRC Region I security inspectors and officials in
             NRC’s Office of Nuclear Security and Incident Response, Office of General
             Counsel, and Office of the Executive Director for Operations. We also held
             discussions with licensee officials at the Limerick, Oyster Creek, and
             Calvert Cliffs power plants on their security procedures and mechanisms
             and on their interaction with NRC security inspectors. In addition, we
             collected information on nuclear security from all NRC regional security
             offices.

             To determine how NRC assesses the quality of daily security procedures
             and mechanisms against the licensees’ security plans, we obtained and
             reviewed all 49 NRC inspection reports that contained a finding that was
             judged to be of moderate significance or higher. We also had discussions
             with officials in NRC’s Office of Nuclear Security and Incident Response
             regarding the methods for conducting and reporting annual inspections and
             in NRC’s Office of Enforcement regarding how security violations are
             administered.

             To determine how NRC tests licensees against the design basis threat, we
             interviewed NRC officials to understand both the process for OSRE
             exercises and report writing and the follow-up procedures for any concerns
             found during an OSRE exercise. We also examined all OSRE reports from



             Page 28             GAO-03-752 Nuclear Regulatory Commission: Oversight of Security
Appendix I
Scope And Methodology




each NRC licensee. We designed a data collection instrument in order to
organize specific elements that were extracted from 80 OSRE reports. Two
GAO analysts followed procedures to ensure the completeness of all data
collection instrument entries. The data collection instrument data were
entered into a spreadsheet file for analysis. To detect potential coding and
keying errors, the accuracy of the data entered into the spreadsheet file
was verified. We also held discussions with Department of Energy officials
to (1) determine how they conduct force-on-force exercises at the
department’s nuclear facilities and (2) determine if there are any promising
practices that might be applied to NRC’s OSRE program.

To determine NRC’s views on federal and state laws and on NRC
institutional policies (i.e., regarding the use of automatic weapons, the
authority to use deadly force, and the authority to arrest and detain) that
could impact a licensee’s ability to adequately secure commercial nuclear
power plants, we discussed these issues with officials from NRC’s Office of
Nuclear Security and Incident Response and Office of General Counsel.
Additionally, we discussed these same issues with industry officials who
were specifically knowledgeable about these areas. We examined existing
federal and state laws, and we also examined federal and state bills that
have been proposed or are pending legislative passage.




Page 29                 GAO-03-752 Nuclear Regulatory Commission: Oversight of Security
Appendix II

U.S. Commercial Nuclear Power Plants That
Are Licensed to Operate                                                                                         Appendx
                                                                                                                      Ii




Power plant                             City                                 State                   NRC region
Arkansas Nuclear 1                      Russellville                         AR                                4
Arkansas Nuclear 2                      Russellville                         AR                                4
Beaver Valley 1                         McCandless                           PA                                1
Beaver Valley 2                         McCandless                           PA                                1
Braidwood 1                             Joilet                               IL                                3
Braidwood 2                             Joilet                               IL                                3
Browns Ferry 1                          Decatur                              AL                                2
Browns Ferry 2                          Decatur                              AL                                2
Browns Ferry 3                          Decatur                              AL                                2
Brunswick 1                             Southport                            NC                                2
Brunswick 2                             Southport                            NC                                2
Bryon 1                                 Rockford                             IL                                3
Bryon 2                                 Rockford                             IL                                3
Callaway                                Fulton                               MO                                4
Calvert Cliffs 1                        Annapolis                            MD                                1
Calvert Cliffs 2                        Annapolis                            MD                                1
Catawba 1                               Rock Hill                            SC                                2
Catawba 2                               Rock Hill                            SC                                2
Clinton                                 Clinton                              IL                                3
Columbia Generating Station             Richland                             WA                                4
Comanche Peak 1                         Glen Rose                            TX                                4
Comanche Peak 2                         Glen Rose                            TX                                4
Cooper                                  Nebraska City                        NE                                4
Crystal River 3                         Crystal River                        FL                                2
D C Cook 1                              Benton Harbor                        MI                                3
D C Cook 2                              Benton Harbor                        MI                                3
Davis-Besse                             Toledo                               OH                                3
Diablo Canyon 1                         San Luis Obispo                      CA                                4
Diablo Canyon 2                         San Luis Obispo                      CA                                4
Dresden 2                               Morris                               IL                                3
Dresden 3                               Morris                               IL                                3
Duane Arnold                            Cedar Rapids                         IA                                3
Edwin I. Hatch 1                        Baxley                               GA                                2
Edwin I. Hatch 2                        Baxley                               GA                                2
Fermi 2                                 Toledo                               MI                                3




                              Page 30             GAO-03-752 Nuclear Regulatory Commission: Oversight of Security
                                 Appendix II
                                 U.S. Commercial Nuclear Power Plants That
                                 Are Licensed to Operate




(Continued From Previous Page)
Power plant                                     City                                 State                   NRC region
Fort Calhoun                                    Omaha                                NE                                4
Ginna                                           Rochester                            NY                                1
Grand Gulf 1                                    Vicksburg                            MS                                4
H.B. Robinson 2                                 Florence                             SC                                2
Hope Creek 1                                    Lower Alloways Creek                 NJ                                1
Indian Point 2                                  New York                             NY                                1
Indian Point 3                                  New York                             NY                                1
James A. FitzPatrick                            Oswego                               NY                                1
Joseph M. Farley 1                              Dothan                               AL                                2
Joseph M. Farley 2                              Dothan                               AL                                2
Kewaunee                                        Green Bay                            WI                                3
La Salle 1                                      Ottawa                               IL                                3
La Salle 2                                      Ottawa                               IL                                3
Limerick 1                                      Philadelphia                         PA                                1
Limerick 2                                      Philadelphia                         PA                                1
McGuire 1                                       Charlotte                            NC                                2
McGuire 2                                       Charlotte                            NC                                2
Millstone 2                                     New London                           CT                                1
Millstone 3                                     New London                           CT                                1
Monticello                                      Minneapolis                          MN                                3
Nine Mile Point 1                               Oswego                               NY                                1
Nine Mile Point 2                               Oswego                               NY                                1
North Anna 1                                    Richmond                             VA                                2
North Anna 2                                    Richmond                             VA                                2
Oconee 1                                        Greenville                           SC                                2
Oconee 2                                        Greenville                           SC                                2
Oconee 3                                        Greenville                           SC                                2
Oyster Creek                                    Toms River                           NJ                                1
Palisades                                       South Haven                          MI                                3
Palo Verde 1                                    Phoenix                              AZ                                4
Palo Verde 2                                    Phoenix                              AZ                                4
Palo Verde 3                                    Phoenix                              AZ                                4
Peach Bottom 2                                  Lancaster                            PA                                1
Peach Bottom 3                                  Lancaster                            PA                                1
Perry 1                                         Painesville                          OH                                3
Pilgrim 1                                       Plymouth                             MA                                1
Point Beach 1                                   Manitowoc                            WI                                3




                                 Page 31                  GAO-03-752 Nuclear Regulatory Commission: Oversight of Security
                                 Appendix II
                                 U.S. Commercial Nuclear Power Plants That
                                 Are Licensed to Operate




(Continued From Previous Page)
Power plant                                     City                                  State                   NRC region
Point Beach 2                                   Manitowoc                             WI                                3
Prairie Island 1                                Minneapolis                           MN                                3
Prairie Island 2                                Minneapolis                           MN                                3
Quad Cities 1                                   Moline                                IL                                3
Quad Cities 2                                   Moline                                IL                                3
River Bend 1                                    Baton Rouge                           LA                                4
Salem 1                                         Lower Alloways Creek                  NJ                                1
Salem 2                                         Lower Alloways Creek                  NJ                                1
San Onofre 2                                    San Clemente                          CA                                4
San Onofre 3                                    San Clemente                          CA                                4
Seabrook 1                                      Portsmouth                            NH                                1
Seqouyah 1                                      Chattanooga                           TN                                2
Seqouyah 2                                      Chattanooga                           TN                                2
Shearon Harris 1                                Raleigh                               NC                                2
South Texas Project 1                           Bay City                              TX                                4
South Texas Project 2                           Bay City                              TX                                4
St. Lucie 1                                     Ft. Pierce                            FL                                2
St. Lucie 2                                     Ft. Pierce                            FL                                2
Summer                                          Columbia                              SC                                2
Surry 1                                         Newport News                          VA                                2
Surry 2                                         Newport News                          VA                                2
Susquehanna 1                                   Berwick                               PA                                1
Susquehanna 2                                   Berwick                               PA                                1
Three Mile Island 1                             Harrisburg                            PA                                1
Turkey Point 3                                  Miami                                 FL                                2
Turkey Point 4                                  Miami                                 FL                                2
Vermont Yankee                                  Battleboro                            VT                                1
Vogtle 1                                        Augusta                               GA                                2
Vogtle 2                                        Augusta                               GA                                2
Waterford 3                                     New Orleans                           LA                                4
Watts Bar 1                                     Spring City                           TN                                2
Wolf Creek 1                                    Burlington                            KS                                4
Source: NRC.




                                 Page 32                   GAO-03-752 Nuclear Regulatory Commission: Oversight of Security
Appendix III

Comments from the Nuclear Regulatory
Commission                                                                             Appendx
                                                                                             iI




               Page 33   GAO-03-752 Nuclear Regulatory Commission: Oversight of Security
Appendix III
Comments from the Nuclear Regulatory
Commission




Page 34                GAO-03-752 Nuclear Regulatory Commission: Oversight of Security
Appendix IV

GAO Contacts and Staff Acknowledgments                                                              Appendx
                                                                                                          iIV




GAO Contacts      Andrea Wamstad Brown (202) 512-3319
                  Kenneth E. Lightner, Jr (202) 512-3471



Staff             In addition to those named above, Jill Ann Roth Edelson, Kevin L. Jackson,
                  William Lanouette, J. Addison Ricks, Carol Herrnstadt Shulman, and
Acknowledgments   Barbara R. Timmerman made key contributions to this report.




(360201)          Page 35             GAO-03-752 Nuclear Regulatory Commission: Oversight of Security
GAO’s Mission            The General Accounting Office, the audit, evaluation and investigative arm of
                         Congress, exists to support Congress in meeting its constitutional responsibilities
                         and to help improve the performance and accountability of the federal government
                         for the American people. GAO examines the use of public funds; evaluates federal
                         programs and policies; and provides analyses, recommendations, and other
                         assistance to help Congress make informed oversight, policy, and funding
                         decisions. GAO’s commitment to good government is reflected in its core values of
                         accountability, integrity, and reliability.


Obtaining Copies of      The fastest and easiest way to obtain copies of GAO documents at no cost is
                         through the Internet. GAO’s Web site (www.gao.gov) contains abstracts and full-
GAO Reports and          text files of current reports and testimony and an expanding archive of older
                         products. The Web site features a search engine to help you locate documents
Testimony                using key words and phrases. You can print these documents in their entirety,
                         including charts and other graphics.
                         Each day, GAO issues a list of newly released reports, testimony, and
                         correspondence. GAO posts this list, known as “Today’s Reports,” on its Web site
                         daily. The list contains links to the full-text document files. To have GAO e-mail this
                         list to you every afternoon, go to www.gao.gov and select “Subscribe to
                         e-mail alerts” under the “Order GAO Products” heading.


Order by Mail or Phone   The first copy of each printed report is free. Additional copies are $2 each. A check
                         or money order should be made out to the Superintendent of Documents. GAO
                         also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single
                         address are discounted 25 percent. Orders should be sent to:
                         U.S. General Accounting Office
                         441 G Street NW, Room LM
                         Washington, D.C. 20548
                         To order by Phone:     Voice: (202) 512-6000
                                                TDD: (202) 512-2537
                                                Fax: (202) 512-6061


To Report Fraud,         Contact:
                         Web site: www.gao.gov/fraudnet/fraudnet.htm
Waste, and Abuse in      E-mail: fraudnet@gao.gov
Federal Programs         Automated answering system: (800) 424-5454 or (202) 512-7470



Public Affairs           Jeff Nelligan, Managing Director, NelliganJ@gao.gov (202) 512-4800
                         U.S. General Accounting Office, 441 G Street NW, Room 7149
                         Washington, D.C. 20548
United States                  Presorted Standard
General Accounting Office      Postage & Fees Paid
Washington, D.C. 20548-0001           GAO
                                 Permit No. GI00
Official Business
Penalty for Private Use $300
Address Service Requested