>>> The Project on Government Oversight is a kindred spirit of The Memory Hole. POGO works to expose official secrets, misconduct, and problems. One of their main areas of focus is nuclear power, which hasn't won them many friends at the Nuclear Regulatory Commission (NRC). I was recently dismayed to see the following notice on POGO's site:

NRC Silencing POGO
The NRC has directed POGO to remove from the web our letter regarding inadequate security testing at Indian Point nuclear power plant. The NRC claims our letter includes sensitive information. POGO disputes this, but has temporarily agreed to take down the letter while appealing their decision.

Below you will find that letter, preceded by the press release that accompanied it.

Among the major problems identified (see full text of letter below):

-- The number of attackers in the test was “barely above the much-ridiculed” three attackers required under pre-9/11 security rules, adding “the intelligence community generally believes that terrorists would attack a target with a squad-sized force, which in the Army is 12 and the Navy is 14”;

-- The simulation did not incorporate the possible use by terrorists of commonly available weaponry including .50 caliber rifles with armor-piercing incendiary rounds, or rocket-propelled grenades;

-- All three force-on-force tests took place in broad daylight although intelligence experts agree that an attack would likely take place in the dark. In two drills "mock terrorists crossed open fields in broad daylight in order to reach the protected area, making it that much easier for them to be observed by the security officers"; and

-- Mock terrorists were security officers from another plant who had no training in terrorist tactics.

In commenting on the POGO letter, Senator Charles Schumer is quoted in a New York Times article today (see http://www.nytimes.com/2003/09/16/nyregion/16NUKE.html) saying “Any test that doesn't rely on the elements of surprise is completely suspect, and I wish they'd do another one.” Senator Schumer also said “I agree with the thrust of the letter” and “They should check the worst-case scenario, not the best-case scenario."

In the article, NRC officials claim the role of security officers is to hold off attackers until outside responders arrive. The POGO letter points out, however, that “[T]ests have shown that an attack is generally won or lost in between three and eight minutes, and SWAT response times are proven to be between one and two hours.”

In August, the Nuclear Regulatory Commission assured members of Congress that the plant had a “strong defensive strategy and capability” based upon the completed force-on-force tests.

POGO executive director Danielle Brian commented, “This dumbed-down test cannot offer any assurances of adequate security.”

Documents leaked to POGO earlier this year had shown that Indian Point plant owners crammed for this test (see http://www.pogo.org/p/environment/ea-030406-nuclear.html). POGO’s investigations have found that with months of advance notice from the Nuclear Regulatory Commission, nuclear plants often game the testing system, hiring security consultants and additional guards in the months leading up to the force-on-force tests. Once the tests are completed, security consultants are let go and the guard force reduced until the next test.

Indian Point is located within 35 miles of New York City -- the largest population within proximity of a nuclear power plant in the U.S.

POGO investigates, exposes, and seeks to remedy systemic abuses of power, mismanagement, and subservience by the federal government to powerful special interests. Founded in 1981, POGO is a politically-independent, nonprofit watchdog that strives to promote a government that is accountable to the citizenry.

September 11, 2003

Chairman Niles J. Diaz

Nuclear Regulatory Commission

11555 Rockville Pike

Rockville, MD 20852

Via facsimile: (301) 415-1757

Dear Chairman Diaz,

According to your August 4, 2003 letter to Senator Charles Schumer and other New York politicians, “. . . the pilot force on force exercise at Indian Point indicates that the licensee has a strong defensive strategy and capability.” However, the way the force-on-force (FOF) tests were conducted should not in any way reassure you about the ability of the Indian Point security force to defend that facility against a credible terrorist attack.

What is so disappointing about your misleading assurances is that your Nuclear Regulatory Commission (NRC) Headquarters security staff is becoming more professional and should already be aware of the issues we raise below. The fact that there were limited improvements in the conduct of the force-on-force – particularly that MILES equipment (used by the military and the Department of Energy for over 20 years) was finally used – does not answer the key question: Can the security force at Indian Point defend the facility?

POGO has interviewed more than 150 security officers at more than half the nuclear power plants across the United States, and produced a report, “Nuclear Power Plant Security: Voices from Inside the Fences.” After the Indian Point force-on-force, we interviewed participants and observers and a number of serious concerns were raised by these interviews, such as:

Dumbed-Down Design Basis Threat (DBT) – The NRC used an inadequate and unrealistically low number of attackers (believed to be about [ ])[1], which is barely above the much-ridiculed earlier NRC DBT of three attackers. Keep in mind, the NRC argues that this DBT is the largest threat against which a private security force can be expected to defend. This rationale is backwards. The NRC made policy (under terrific pressure from the nuclear industry and its friends in Congress) based on what is reasonable to ask of a private force. Instead, they should first determine the credible threat against the facilities, and then size the DBT based on that threat. NRC Commissioner McGaffigan has acknowledged publicly that other federal agencies argued the NRC’s new DBT is inadequate. In fact, the intelligence community generally believes that terrorists would attack a target with a squad-sized force, which in the Army is 12 and the Navy is 14.

Under Use of Readily-Available Lethal Weapons – Unbelievably, the NRC still doesn’t allow mock adversaries to use basic, readily-available weapons during force-on-force tests. For example, .50 caliber sniper rifles (which have been available since World War I) and Armor-Piercing Incendiary rounds (which are available in gun shops for $1 per round) were still not simulated in the Indian Point FOF. The General Accounting Office report on the availability of both the rifle and ammo is cited in the POGO report. The NRC also didn’t use rocket-propelled grenades (RPG-7s), seen being used frequently by near-children around the world in war-torn countries, including Iraq, with great success against hardened targets. It is unthinkable that an adversary would not use these weapons. The significance is that these weapons would easily penetrate and destroy the bullet-resistant enclosures (BREs) heavily relied on by the Indian Point security forces as quasi-guard towers. Indian Point officers have been aware of this vulnerability and have brought their concerns not only to Entergy, but also to the NRC Region I, with no credible response. Several years ago, the DOE developed a classified official Adversary Capabilities List which includes weapons and explosives that are readily available to terrorist groups. The NRC should review this list and upgrade its Design Basis Threat accordingly.

Unrealistic Timing and Location of Attack – It appears the NRC conducted the three FOF tests at Indian Point during the daylight at the beginning of the night shift, and began at least two of the tests in the owner-controlled area. There are several problems with this:

• The security force being tested had just come on duty and was not yet fatigued by a 12-hour shift, hours typically worked by Indian Point security officers five to six days a week.

• The security officers knew within the hour that the test was to begin, as the day shift was held over an extra hour to cover as a shadow force so that the night shift could be tested at the beginning of their shift.

• It is widely believed in the intelligence community that no one will attack during daylight, as it is to the attacker’s advantage to have the cover of darkness. Despite this, all three FOF tests occurred between 4-6 pm. Furthermore, in two of the three tests, the mock terrorists crossed open fields in broad daylight in order to reach the protected area, making it that much easier for them to be observed by the security officers.

• The mock terrorists attacked from only one entry point. In addition, the NRC and Entergy agreed that, if the attackers were successful in reaching the protected area fences, there would be a halt in the action and the adversaries would be brought inside of the fences (to prevent any actual damage to the fences during the exercise) – making it perfectly obvious from where the attack will be coming. POGO had previously alerted the NRC to a particular vulnerability involving the fences at most nuclear facitlities and was assured that this vulnerability would be taken into account in future FOF tests. However, it was not taken into account during the Indian Point FOF.

Amateur Mock Terrorists – A terrorist group has advantages that can not be replicated in even the best mock attack FOF. However, the following limitations could have been partially ameliorated by the NRC, but were not:

• No Surprise. The security force knew for months in advance that this test was going to occur, training specifically for the approved scenarios. They even knew within minutes that the test was to occur, because of all the visiting dignitaries and the fact that they were strapping on MILES equipment.

• No Violence of Action. During a mock FOF there is no real danger –– no live ammo, no colleagues dying or being maimed around them that would normally create chaos and cause the protective forces to panic. As a result, security forces develop “MILES bravery.”

• Safety First. The FOF tests are not conducted at high speed because of the overriding safety concerns. Therefore, people and vehicles are not going full tilt the way they would during a real terrorist attack, giving the protective forces time to pause to make decisions – time that they wouldn’t have in a real life situation. Safety was also used as the reason for not conducting the tests at night. Sources told us that Entergy was worried participants could trip over rocks or step on snakes.

• No Trained Adversaries. The mock terrorists were security officers from another nuclear plant and have no training as adversaries. This training is critically important because it teaches the mock terrorist how to think and act offensively, as a real terrorist would, rather than defensively as a security guard would. Here again, both DOE and the military use trained adversaries to test their security forces.

The Security Forces Are On Their Own – It should be recognized that although the exercise was observed by the State Police and FBI, these law enforcement entities can not respond to an attack with SWAT capability before it is too late. Tests have shown that an attack is generally won or lost in between three and eight minutes, and SWAT response times are proven to be between one and two hours.

Poor Planning: Lives at Risk – One of the FOF tests was quickly aborted when Coast Guard personnel, who had not been previously informed that the test was to occur, threatened to use their live ammo against the mock attackers. It is unacceptably poor planning to allow this kind of unprofessionalism, putting lives at risk.

Recommendations:

The NRC should:

• Not allow so much advanced notice and training for the FOF – two weeks is sufficient;

• Make the window of attack much less obvious, therefore making it unclear to the participants at what time during the shift the test will take place;

• Administer most of the tests when it is dark;

• Use trained adversary teams from the military or develop its own trained adversary team;

• Conduct computer simulations – either Joint Tactical Simulations (JTS) or Joint Conflict Adversary Tactical Simulations (JCATS) – used by the military and Department of Energy for years. These computer programs simulate the movement of personnel through architecturally- and terrain-accurate models of the facility. This preparation helps the security forces develop the best strategies for defeating any number of possible attacks;

• Include the use of simulated rocket-propelled grenades, sniper rifles with .50 caliber armor-piercing incendiary rounds, gas, smoke and other commonly used weapons and diversionary devices; and

• Address the serious communications breakdowns that occurred during the recent Indian Point FOF.

These issues are obviously very serious and need to be addressed promptly. We look forward to your response.

Sincerely,

Danielle Brian

Executive Director

1 Redacted at the request of the NRC.

front page | newest additions | index + search
about | contact | donate