Within hours of the September 11 terrorist attacks, the Prairie Island nuclear power plant, along with the nation's 102 other nuclear facilities, went to the highest state of alert. Public access was suspended and, at the recommendation of the Nuclear Regulatory Commission (NRC), the federal agency charged with overseeing the industry, employees were subjected to security screening. With the possible exception of bank vaults, America's nuclear power plants quickly became the most inaccessible properties on Earth. In Washington D.C., meanwhile, NRC officials wasted no time in assuring the public of the safety of nuclear facilities from terrorist attack, including the sort of kamikaze bombings that destroyed the World Trade Center.
In a statement issued on the day of the attacks, Mike Wadley, a senior vice president with Nuclear Management Company, which operates the reactors at Prairie Island and Monticello along with four other nuclear facilities in the Upper Midwest, sounded a similar note of confidence. "We're set up every day to prevent and deter incursion at the nuclear plants," Wadley said. To some critics, however, the statements were cold comfort; even before the terrorist attacks, anti-nuclear watchdog groups were complaining that a new "self-assessment" program, for which Prairie Island was scheduled to be a model, could erode the nuclear industry's ability to defend itself.
Even staunch opponents of nuclear power concede that the country's reactors are, in security parlance, among the most "hardened" targets in the world. The four-foot-thick concrete containment structures are designed to withstand hurricane-force winds, and the reactor vessel itself is protected by another six inches of steel. Yet, after the flurry of initial assurance, industry and government spokespeople began to acknowledge some vulnerability. Two weeks after the attacks, an NRC spokesman admitted that plants were not designed to withstand a strike from a fuel-laden commercial airliner.
According to Doug Walters, a project manager with the industry trade group, the Nuclear Energy Institute, a meticulously orchestrated assault has never been the focus of security planning. "Our existing security is not equipped to deal with that type of attack," he says, referring to the September 11 strikes. "Obviously, we're looking at what actions you could take, certain things you could do if attack was imminent. In a scenario where you knew ahead of time that a plane was incoming, you could shut off all the lights."
Doubts about nuclear security are compounded by the fact that no one knows what the effect of an attack on a reactor or an adjacent spent-fuel containment area--which often hold many Chernobyls' worth of radioactive material--might be. In the eyes of many nuclear-industry critics, even the specter is horrifying to contemplate. According to Dan Hirsch, president of the Los Angeles-based nuclear watchdog group the Committee to Bridge the Gap, an incident of radiological terrorism has the potential to dwarf the attacks in New York and Washington. "There would be fewer [immediate] casualties," Hirsch says. "But it could result in 10,000 to 100,000 latent cancer deaths, and render an area the size of a state uninhabitable for generations."
And, Hirsch contends, the nuclear industry may be increasingly unprepared to deal with a major terrorist threat. "Security is based on regulations that haven't been altered in 25 years," he says. "That's troubling, because we've seen attacks on an order of magnitude more sophisticated than what they're required to defend against."
At particular issue for Hirsch and many other critics is a decade-old NRC program, called Operational Safeguards Response Evaluation (OSRE), which tests plants' ability to repel terrorist attack. The centerpiece of the OSRE program is the "force-on-force" exercise, mock terrorist raids directed by a former navy SEAL named David Orrik. Though the modus operandi of these drills is classified, observers who have reviewed inspection records agree that they are designed to simulate a small-scale terrorist incursion. In general, a team of around three NRC inspectors armed with lasers and beanbags in lieu of automatic weapons and grenades attempts to evade plant security, reach the reactor core, and breach the reactor's containment.
Although plants are given as much as six months' notice before OSRE inspections--a courtesy actual terrorists would be unlikely to extend--the industry has repeatedly failed the tests. In a 1998 letter leaked to the Los Angeles Times, Orrik asserted that his team had found and exploited "significant" weaknesses at nearly half the plants tested--and, in at least one case, had penetrated far enough to simulate causing a core meltdown. According to David Lochbaum, a former nuclear engineer now with the Union of Concerned Scientists, in one instance plant security guards shot each other during the exercise; the mock saboteurs simply stepped over their bodies.
Instead of forcing plants to revamp security, critics charge, the federal regulators simply tried to change the rules. The industry has long argued that NRC-directed testing placed an undue financial burden on plant owners and that the government-directed mock assaults did not accurately reflect a plant's ability to defend against attackers. In a U.S. News and World Report story published, ironically, the week of September 11, an industry advocate argued that nuclear plants are, in fact, "overly defended"--a position which now seems hopelessly cavalier at best.
In 1998, swayed by industry arguments, regulators tried to eliminate the OSRE program. Only after the embarrassing public disclosure of Orrik's report and an ensuing outcry from watchdogs and politicians (particularly Massachusetts Democrat Rep. Edward Markey), the NRC reinstituted the program--with the caveat that the agency's staff would review the viability of the staged assaults. (In apparent exchange for blowing the whistle on the industry's security lapses, Orrik himself was subsequently investigated for breaching security.)
In the face of continued industry opposition, OSRE still seemed fated to fade away quietly. Beginning this month, the program was scheduled to be phased out in favor of an industry-sponsored regimen of "self-assessment." Safeguards Performance Assessment (SPA), the pilot program designed to replace it--in which Prairie Island was slated to participate--would allow plants to run their own mock "force-on-force" exercises with NRC oversight. The Nuclear Energy Institute's Walters says that the self-assessment program will actually allow for more frequent testing, since federal inspectors only conduct exercises at each plant once every eight years. In addition, Walters says, the new program may provide a more nuanced analysis of plant security. "The NRC has said in the past that half the plants failed OSRE," he says. "But there's a question of what this pass/fail judgment means. With SPA, the [plant] would evaluate the results. The fundamental difference is that the [plants] are self-assessed in this program."
But critics insist that government regulators are essentially allowing the industry to police itself. "The OSRE program demonstrated that plants simply aren't up to snuff," says Bennett Ramberg, Hirsch's colleague at the Committee to Bridge the Gap and author of a 1980 book detailing the threat of nuclear sabotage. "If security has been proven inadequate, then why should the program be turned over to the industry?"
Erik Pakieser, a former security officer at Prairie Island who currently runs a Faribault-based security consulting firm, argues that nuclear security is, on the whole, very tight. (Maureen Brown, a spokesperson for Nuclear Management Company, confirms that Prairie Island has performed well in past government-directed security exercises.) However, Pakieser is also circumspect about the prospect of industry self-regulation.
"The analogy is, you're driving down the freeway and you decide the speed limit," he quips. "Then if you speed, you pull over and call the police to turn yourself in. Then they forgive you without giving you a ticket."
Pakieser, who specializes in threat-assessment, points out that because of their heavy fortification, nuclear plants are exponentially less likely to become terrorist targets than unprotected sites. Yet he worries that even with an improved track record, security programs at plants like Prairie Island may be myopically focusing on a threat from a small team of terrorists determined to breach the core.
"The security criteria is all based on what the NRC has decided is the greatest threat," he says. "The problem with that is, plants protect against that and nothing else." Contingencies like a strike on spent-fuel storage areas--which are outside the reactor's containment structure--or an act of sabotage from within may not get the attention they merit if the industry grades itself solely on its performance against mock raids.
In either case, the future of industry self-regulation may soon become a moot point. In an amendment that passed the House Energy and Commerce Committee last week, Markey proposed scuttling the program and requiring OSRE testing at least once every two years. In addition Markey's amendment, if made law, would require federal authorities to revisit security regulations to account for the possibility of an airliner attack, major car bombs, or internal sabotage.
And even industry boosters have tempered their argument that nuclear power plants are over-defended. The Nuclear Energy Institute's Walters, while asserting that the self-assessment program is still "the right thing to do," acknowledges that the landscape has changed dramatically. "With a heightened awareness of security, priorities get rearranged a little bit," he says. "We're kind of in wait-and-see mode right now."