Nuclear Security
Action May Be Needed to Reassess the Security of NRC-Licensed Research Reactors
Gao ID: GAO-08-403 January 31, 2008
There are 37 research reactors in the United States, mostly located on college campuses. Of these, 33 reactors are licensed and regulated by the Nuclear Regulatory Commission (NRC). Four are operated by the Department of Energy (DOE) and are located at three national laboratories. Although less powerful than commercial nuclear power reactors, research reactors may still be attractive targets for terrorists. As requested, GAO examined the (1) basis on which DOE and NRC established the security and emergency response requirements for DOE and NRC-licensed research reactors and (2) progress that the National Nuclear Security Administration (NNSA) has made in converting U.S. research reactors that use highly enriched uranium (HEU) to low enriched uranium (LEU) fuel. This report summarizes the findings of GAO's classified report on the security of research reactors (GAO-08-156C).
DOE developed the security and emergency response requirements for its research reactors using its Design Basis Threat--a process that establishes a baseline threat for which minimum security measures should be developed. These research reactors benefit from the greater security required for the national laboratories where they are located, which store weapons-usable nuclear materials. DOE also has concluded that the consequences of an attack at some of its research reactors could be severe, causing radioactivity to be dispersed over many square miles and requiring the evacuation of nearby areas. As a result, all facilities where DOE reactors are located have extensive plans and procedures for responding to security incidents. NRC based its security and emergency response requirements largely on the regulations it had in place before September 2001. NRC decided that the security assessment it conducted between 2003 and 2006 showed that these requirements were sufficient. While it was conducting this assessment, NRC worked with licensees to improve security when weaknesses were detected. However, GAO found that NRC's assessment contains questionable assumptions that create uncertainty about whether the assessment reflects the full range of security risks and potential consequences of attacks on research reactors. For example, Sandia National Laboratories (SNL)--a contractor NRC used to assist in performing its assessment-- found that some NRC-licensed research reactors may not be prepared for certain types of attacks. However, NRC disagreed with SNL's finding. In 2006, NRC concluded that the consequences of attacks would result in minimal radiological exposure to the public. In addition, NRC assumed that terrorists would use certain tactics in attacking a reactor but did not fully consider alternative attack scenarios that could be more damaging. Finally, NRC assumed that a small part of a reactor could be damaged in an attack, resulting in the release of only a small amount of radioactivity. However, according to experts at Idaho National Laboratories and the Department of Homeland Security, it is possible that a larger part of a reactor could be damaged, which could result in the release of larger amounts of radioactivity. NNSA has made progress in changing from HEU to LEU fuel in U.S. research reactors but may face difficulty in converting some of the remaining research reactors. Since 1978, NNSA has converted eight currently operating U.S. research reactors, including two in 2006. In addition, NNSA plans to convert 10 more U.S. research reactors by September 2014--five of which are scheduled for conversion by 2009. However, NNSA faces difficulties in converting the remaining five reactors because these reactors cannot operate with the currently available LEU fuel. NNSA is now developing a new LEU fuel that will allow the remaining five reactors to operate. However, according to NNSA, developing this fuel has been problematic, as early efforts experienced failures during testing. NNSA officials acknowledged that further setbacks are likely to delay plans to convert these research reactors.
Recommendations
Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.
Director:
Team:
Phone:
GAO-08-403, Nuclear Security: Action May Be Needed to Reassess the Security of NRC-Licensed Research Reactors
This is the accessible text file for GAO report number GAO-08-403
entitled 'Nuclear Security: Action May Be Needed to Reassess the
Security of NRC-Licensed Research Reactors' which was released on
February 12, 2008.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as part
of a longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
Report to the Ranking Member, Subcommittee on National Security and
Foreign Affairs, Committee on Oversight and Government Reform, House of
Representatives:
United States Government Accountability Office:
GAO:
January 2008:
Nuclear Security:
Action May Be Needed to Reassess the Security of NRC-Licensed Research
Reactors:
Nuclear Security:
GAO-08-403:
GAO Highlights:
Highlights of GAO-08-403, a report to the Ranking Member, Subcommittee
on National Security and Foreign Affairs, Committee on Oversight and
Government Reform, House of Representatives.
Why GAO Did This Study:
There are 37 research reactors in the United States, mostly located on
college campuses. Of these, 33 reactors are licensed and regulated by
the Nuclear Regulatory Commission (NRC). Four are operated by the
Department of Energy (DOE) and are located at three national
laboratories. Although less powerful than commercial nuclear power
reactors, research reactors may still be attractive targets for
terrorists. As requested, GAO examined the (1) basis on which DOE and
NRC established the security and emergency response requirements for
DOE and NRC-licensed research reactors and (2) progress that the
National Nuclear Security Administration (NNSA) has made in converting
U.S. research reactors that use highly enriched uranium (HEU) to low
enriched uranium (LEU) fuel.
This report summarizes the findings of GAO‘s classified report on the
security of research reactors (GAO-08-156C).
What GAO Found:
DOE developed the security and emergency response requirements for its
research reactors using its Design Basis Threat”a process that
establishes a baseline threat for which minimum security measures
should be developed. These research reactors benefit from the greater
security required for the national laboratories where they are located,
which store weapons-usable nuclear materials. DOE also has concluded
that the consequences of an attack at some of its research reactors
could be severe, causing radioactivity to be dispersed over many square
miles and requiring the evacuation of nearby areas. As a result, all
facilities where DOE reactors are located have extensive plans and
procedures for responding to security incidents.
NRC based its security and emergency response requirements largely on
the regulations it had in place before September 2001. NRC decided that
the security assessment it conducted between 2003 and 2006 showed that
these requirements were sufficient. While it was conducting this
assessment, NRC worked with licensees to improve security when
weaknesses were detected. However, GAO found that NRC‘s assessment
contains questionable assumptions that create uncertainty about whether
the assessment reflects the full range of security risks and potential
consequences of attacks on research reactors. For example, Sandia
National Laboratories (SNL)”a contractor NRC used to assist in
performing its assessment” found that some NRC-licensed research
reactors may not be prepared for certain types of attacks. However, NRC
disagreed with SNL‘s finding. In 2006, NRC concluded that the
consequences of attacks would result in minimal radiological exposure
to the public. In addition, NRC assumed that terrorists would use
certain tactics in attacking a reactor but did not fully consider
alternative attack scenarios that could be more damaging. Finally, NRC
assumed that a small part of a reactor could be damaged in an attack,
resulting in the release of only a small amount of radioactivity.
However, according to experts at Idaho National Laboratories and the
Department of Homeland Security, it is possible that a larger part of a
reactor could be damaged, which could result in the release of larger
amounts of radioactivity.
NNSA has made progress in changing from HEU to LEU fuel in U.S.
research reactors but may face difficulty in converting some of the
remaining research reactors. Since 1978, NNSA has converted eight
currently operating U.S. research reactors, including two in 2006. In
addition, NNSA plans to convert 10 more U.S. research reactors by
September 2014”five of which are scheduled for conversion by 2009.
However, NNSA faces difficulties in converting the remaining five
reactors because these reactors cannot operate with the currently
available LEU fuel. NNSA is now developing a new LEU fuel that will
allow the remaining five reactors to operate. However, according to
NNSA, developing this fuel has been problematic, as early efforts
experienced failures during testing. NNSA officials acknowledged that
further setbacks are likely to delay plans to convert these research
reactors.
What GAO Recommends:
GAO recommends that NRC reassess the consequences of terrorist attacks
on NRC-licensed research reactors using assumptions that better reflect
a fuller range of expert opinion on reactor security.
NNSA and DOE generally agreed with the report. NRC disagreed with the
report in several areas. GAO continues to believe that given the
uncertainty associated with NRC‘s security assessment, it is important
that NRC reassess the consequences of a terrorist attack on research
reactors.
To view the full product, including the scope and methodology, click on
[hyperlink, http://www.GAO-08-403]. For more information, contact Gene
Aloise at (202) 512-3841 or aloisee@gao.gov.
[End of section]
Contents:
Letter:
Results in Brief:
Background:
DOE Used Its DBT to Develop Security and Emergency Response
Requirements for Its Reactors, Which Also Benefit from National
Laboratories' Enhanced Security:
Security and Emergency Response Requirements for NRC-Licensed Research
Reactors Are Based on Questionable Assumptions, Meaning That Reactors
May Not Be Adequately Protected:
Despite Recent Security Improvements, NRC's Security and Emergency
Response Requirements May Not Sufficiently Address the Potential
Consequences of an Attack:
NNSA Has Made Progress in Converting U.S. Research Reactors from HEU to
LEU Fuel, but It Faces Challenges in Converting Some Remaining Research
Reactors:
Conclusions:
Recommendations for Executive Action:
Agency Comments and Our Evaluation:
Appendix I: Comments from the Nuclear Regulatory Commission:
GAO Comments:
Appendix II: GAO Contact and Staff Acknowledgments:
Tables:
Table 1: Location, Fuel Type, and Power Level of Operating U.S.
Research Reactors:
Table 2: U.S. Research Reactors Using HEU Fuel That NNSA Plans to
Covert to Currently Available LEU Fuel by 2009:
Table 3: Anticipated Conversion Dates for Five U.S. Research Reactors
Using HEU Fuel That Cannot Convert with Currently Available LEU Fuel:
Figures:
Figure 1: Inside of a Research Reactor:
Figure 2: Research Reactor Building Surrounded by Jersey Barriers:
Abbreviations:
CFR: Code of Federal Regulations:
DBT: Design Basis Threat:
DHS: Department of Homeland Security:
DOE: Department of Energy:
HEU: highly enriched uranium:
INL: Idaho National Laboratory:
kW: kilowatt:
LANL: Los Alamos National Laboratory:
LEU: low-enriched uranium:
MW: megawatt:
NNSA: National Nuclear Security Administration:
NRC: Nuclear Regulatory Commission:
ORNL: Oak Ridge National Laboratory:
RERTR: Reduced Enrichment for Research and Test:
Reactors:
SNL: Sandia National Laboratories:
SWAT: Special Weapons and Tactics:
United States Government Accountability Office:
Washington, DC 20548:
January 31, 2008:
The Honorable Christopher Shays:
Ranking Member:
Subcommittee on National Security and Foreign Affairs:
Committee on Oversight and Government Reform:
House of Representatives:
Dear Mr. Shays:
Nuclear research reactors located throughout the United States play an
important role in education, medicine, industry, national security, and
basic scientific research. Currently, 37 research reactors operate in
the United States. Of these reactors, 33 are licensed and regulated by
the Nuclear Regulatory Commission (NRC) and 4 are operated by the
Department of Energy (DOE). The DOE research reactors are located at
three national laboratories: Oak Ridge National Laboratory (ORNL),
Sandia National Laboratories (SNL), and Idaho National Laboratory
(INL). Research reactors are less powerful than commercial nuclear
power reactors, ranging in size from less than 1 megawatt (MW) to 250
MW, compared with the 3,000 MW found for a typical commercial nuclear
power reactor.
Although research reactors are less powerful than commercial nuclear
power reactors, they may nevertheless be targets for terrorists
determined to steal reactor fuel for use in a nuclear weapon or
radiological dispersal device (dirty bomb) or to sabotage a reactor in
order to disperse radioactive material into the atmosphere over
neighboring communities. For example, unlike commercial nuclear power
reactors, several research reactors use highly enriched uranium (HEU)
fuel instead of low-enriched uranium (LEU) fuel, which make them a
target because HEU is a key component in the construction of some
nuclear weapons.[Footnote 1] Furthermore, most NRC-licensed research
reactors are located on university campuses; and while they have
security systems in place, they are also accessible to students for
educational purposes.
Through a series of orders, manuals, and directives, DOE has
established security requirements for all of its facilities, including
those that maintain nuclear materials. The key component of the
security requirements is the Design Basis Threat (DBT) document. The
DBT identifies the size and capability of terrorist forces and the
potential consequences of terrorist attacks. From this document, DOE
developed the security objectives and policies and the security
measures necessary to protect nuclear weapons, nuclear weapons
components, special nuclear material, national laboratories, and other
critical DOE assets against the attacking force described in the DBT.
While NRC maintains a DBT for the commercial power reactors it
licenses, it does not have a DBT for NRC-licensed research reactors.
However, NRC has assessed threat scenarios to NRC-licensed research
reactors and has identified as potential threats the theft of fuel for
use in a nuclear weapon, dirty bomb, radiological exposure device, and
sabotage to disperse radioactive material. In addressing these threats,
NRC must ensure that its security requirements are consistent with
section 104(c) of the Atomic Energy Act of 1954. Section 104(c) directs
NRC to impose only "such minimum amount of regulation" of a research
reactor licensee as NRC finds will permit it to fulfill its obligations
to promote the common defense and security and protect public health
and safety of the public, and will permit the conduct of widespread and
diverse research and development. Security requirements for NRC-
licensed research reactors are based on a graded approach; that is,
research reactors possessing larger quantities of nuclear material or
using material potentially more attractive to adversaries are generally
required to have more security measures in place.
Both DOE and NRC require reactor operators or licensees to develop and
implement emergency response plans to prepare for accidents and
possible terrorist attacks. Among other things, these plans are to
address the coordination of activities by emergency first responders,
including police, fire, medical, and hazardous materials personnel.
These plans may also include guidelines for when and how areas near a
research reactor should be evacuated.
Following the events of September 11, 2001, NRC assessed the security
of NRC-licensed research reactors in order to determine whether
additional security measures were warranted.[Footnote 2] Unlike a DBT,
the assessment did not prescribe specific security standards. Instead,
the security assessment analyzed the effectiveness of security at
individual NRC-licensed research reactors and the potential
consequences of terrorist attacks. NRC contracted with SNL for this
assessment because, according to NRC officials, SNL has considerable
expertise in assessing the security of nuclear facilities.[Footnote 3]
To determine the types of threats that needed to be taken into account
during the security assessment, NRC and SNL used a threat assessment
developed by NRC from current intelligence information that identified
the potential threats to NRC-licensed research reactors.
Beyond these efforts to secure research reactors and plan for
emergencies, the United States has had a policy since 1978 of reducing
and, to the extent possible, replacing the use of HEU fuel in research
reactors with LEU fuel. While HEU is a key component in the
construction of nuclear weapons, LEU is poorly suited for this use.
Accordingly, replacing HEU with LEU reduces the risk that terrorists
will gain access to the material needed to construct a nuclear weapon.
To support this policy, DOE initiated the Reduced Enrichment for
Research and Test Reactors (RERTR) program, or reactor conversion
program, to develop the technology to reduce and eventually eliminate
the use of HEU in research reactors worldwide.[Footnote 4] The National
Nuclear Security Administration (NNSA), a separately organized agency
within DOE, oversees the reactor conversion program.
In response to your request concerning the security of U.S. research
reactors, we examined (1) the basis on which DOE and NRC established
the security and emergency response requirements for DOE and NRC-
licensed research reactors and (2) the progress NNSA has made in its
ongoing efforts to convert U.S. research reactors that use HEU fuel to
LEU fuel. In October 2007, we reported to you on the results of our
work in a classified report.[Footnote 5] Subsequently, you asked us to
provide you with an unclassified version of our report. This report
summarizes the results of our classified report.
To address these objectives, we reviewed relevant DOE and NRC policy,
planning, and analysis documents, including DOE's DBT and NRC's threat
assessment document. Both of these documents establish a baseline
threat for which minimum security measures should be developed. We also
reviewed inspection oversight manuals, security plans, emergency plans,
and the relevant provisions of the Code of Federal Regulations. For
both DOE and NRC-licensed research reactors, we reviewed NRC, SNL, Los
Alamos National Laboratory, and INL reports and studies to assess the
potential consequences of an attack on research reactors. In addition,
at our request--an INL reactor vulnerability expert whose expertise
includes evaluating and modeling the effects of radiological sabotage-
-analyzed the consequences of a radiological sabotage attack against a
research reactor with characteristics similar to some mid-powered NRC-
licensed reactors. Prior to performing the analysis, the INL expert and
GAO discussed and agreed on the assumptions that would be used in the
analysis. GAO's Chief Technologist reviewed the INL expert's analysis
and found it met sufficiency, competency, and relevancy standards for
GAO sources. Additionally, we interviewed a Department of Homeland
Security (DHS) expert regarding some of the key inputs used in the INL
expert's analysis. We also discussed the INL expert's analysis with INL
management, who stated that the analysis was technically accurate and
that its reactor vulnerability expert had done good work in preparing
it.
We also visited research reactor sites, including all four DOE-operated
research reactors and 10 of the 33 NRC-licensed research reactors. To
select these reactors, we used a nonprobability (or judgmental) sample
based on reactor size in terms of power and geographic location.
Accordingly, we were able to review a variety of security measures in
place for reactors of different power levels, including some of the
most powerful, and for reactors at locations with varying relative
population densities. At both DOE and NRC-licensed research reactors,
we examined security systems and interviewed officials, including
directors of reactor operations, campus security, and local police and
fire officials. A GAO special agent specializing in security systems
participated in the visits to two DOE and five NRC-licensed research
reactors. Furthermore, we interviewed officials representing DOE's
Offices of Health, Safety and Security, University Programs, Security
Policy, and Security Evaluations; the NNSA office that implements the
reactor conversion program; and several offices within NRC, including
its Research and Test Reactors Branch, Office of Nuclear Security and
Incident Response, Division of Security Policy, and Reactor Security
Branch. Finally, we interviewed INL and SNL scientists and officials,
as well as several security and reactor experts at universities and
nongovernmental organizations, who have conducted studies or are
considered experts on the potential effects of attacks on research
reactors to obtain differing perspectives about research reactor
security. We conducted the work for the classified report between May
2006 and July 2007 in accordance with generally accepted government
auditing standards and we conducted our work for the unclassified
report between October 2007 and January 2008. Those standards require
that we plan and perform the audit to obtain sufficient, appropriate
evidence to provide a reasonable basis for our findings and conclusions
based on our audit objectives. We believe that the evidence obtained
provides a reasonable basis for our findings and conclusions based on
our audit objectives.
Results in Brief:
DOE protects its four research reactors by using the security and
emergency requirements developed for its DBT and by relying on the
reactors' location at national laboratories that require heightened
security because these laboratories store weapons-usable nuclear
material or conduct nuclear weapons-related activities. DOE's DBT
requires its research reactors to be protected in a graded manner--that
is, a reactor possessing more dangerous material must be safeguarded
more securely than those that have less dangerous material. In
addition, DOE requires that all personnel with routine access to DOE
reactors have a federal security clearance. This is an important
measure to help address the so-called "insider threat"--the possibility
that someone inside a facility, such as a reactor employee, would
assist terrorists in an attack. Despite extensive security features at
DOE research reactors, we did find a security weakness. We discovered
that the Web site for one DOE research reactor contained information
about its refueling schedule. According to security experts, reactors
are more vulnerable during refueling because large doors that are
normally tightly secured must be opened to deliver fuel. After we
brought this matter to DOE's attention, DOE removed the information
from its Web site. Finally, DOE has concluded that the consequences of
an attack at some of its research reactors could be severe, causing
radiation to be dispersed over many square miles and requiring the
evacuation of nearby areas. As a result, all facilities where DOE
reactors are located have established extensive plans and procedures
for safety and security incidents. For example, DOE facilities where
research reactors are located have emergency response plans that call
for evacuating areas surrounding the facility for up to 300-square
miles in the event of a potentially hazardous radiological release.
NRC's security and emergency response requirements are largely based on
the regulations it had in place before September 11, 2001. NRC decided
to retain its requirements after conducting a security assessment
between 2003 and 2006 and determining that these requirements were
sufficient. NRC worked with individual licensees to improve security
when weaknesses were detected. However, we found that NRC's assessment
contains analyses and assumptions about reactor security and terrorist
capabilities that are questionable--creating uncertainty about whether
NRC's assessment reflects the full range of security risks and
potential consequences of an attack on a research reactor. We reached
this conclusion for three reasons. First, SNL--which NRC had contracted
with to assist in performing its security assessment--found that some
NRC-licensed research reactors may not be prepared for certain types of
terrorist attacks. For example, SNL's analysis of several reactors
found that in certain scenarios where a small group of well-trained
terrorists attacked a reactor, the terrorists could be successful.
However, NRC disagreed with SNL's finding and believed it would be far
more difficult for terrorists to successfully attack a research
reactor. In the end, NRC concluded in 2006 that the radiological
consequences of attacks would result in minimal radiological exposure
to the public. Therefore, NRC decided that it did not need to
strengthen the security requirements. Second, based on its threat
assessment, NRC assumed that terrorists would use certain weapons and
tactics in attacking a reactor but did not fully consider alternative
attack scenarios that could be more damaging if carried out
successfully. According to an SNL expert, attacking a research reactor
using an alternative approach would be a difficult and sophisticated
task that would likely require specific knowledge of reactors and
sabotage techniques. Nonetheless, this expert stated that such an
attack was possible and identified detailed information needed for such
an attack. Finally, NRC assumed that a small portion of a research
reactor could be damaged in a terrorist attack, resulting in the
release of only a small amount of radioactivity into the atmosphere.
However, according to experts at INL and DHS, it is possible that a
larger portion of a research reactor could be damaged in a terrorist
attack, which could result in the release of a larger amount of
radioactivity.
We also identified potential shortcomings with NRC's current security
and emergency response requirements and measures that may require
immediate attention. For example, at one research reactor we visited,
the reactor could be accessed and potentially damaged in an attack. In
addition, at the time of our review, NRC did not have a background
check requirement for research reactor staff who had unescorted access
to the reactor, which created a potential security weakness. However,
in response to the requirements in the Energy Policy Act of 2005, NRC
issued an order to research reactor licensees in May 2007, requiring
that all staff with unescorted access to reactors be fingerprinted and
undergo a Federal Bureau of Investigation criminal background check.
Concerning emergency response requirements, all the NRC-licensed
research reactors we visited had emergency plans for responding to
terrorist attacks and agreements with local law enforcement and other
first responders for responding to emergencies. However, NRC does not
require that these plans include evacuation plans for areas surrounding
its licensed reactors, even though most research reactors are located
on college campuses or near populated areas where the consequences of
an attack could be more severe than NRC estimates. Furthermore, NRC's
requirements for emergency response plans do not call for first
responders to reactor security alarms to be armed. At most NRC-licensed
research reactors we visited, the designated first responders would be
armed, but at a few they would not. At these reactors, unarmed campus
police--not local law enforcement agencies--are the designated first
responders when alarms are set off.
Regarding NNSA's reactor conversion program, NNSA has made progress in
converting U.S. research reactors from using HEU fuel to using LEU
fuel, but it faces challenges in converting some of the remaining
research reactors. NNSA has converted 8 currently operating U.S.
research reactors since 1978, including 2 in 2006. In addition, NNSA
plans to convert 10 more U.S. research reactors by September 2014. Of
these 10, 5 are on schedule to be converted by 2009. However, NNSA
faces challenges in converting the remaining 5 reactors because these
reactors cannot operate with the LEU fuel that is currently available.
NNSA is now developing a new LEU fuel that will allow the remaining
five reactors to operate, but according to an NNSA official, this fuel
must be developed by 2011 if NNSA is to meet its conversion schedule
goal of 2014. Development of this fuel, however, has been problematic.
Early efforts to develop the fuel experienced failures during testing,
which caused NNSA to push back anticipated completion dates. NNSA and
national laboratory officials acknowledged that the fuel development
schedule is optimistic and that further technical setbacks would likely
delay NNSA's plans to convert research reactors. Furthermore, NNSA's
cost estimate for the conversion of the remaining DOE and NRC-licensed
research reactors may be uncertain because fuel development is not yet
complete, and the projected completion dates for the reactors'
conversions hinge on the timely and successful development of the new
fuel.
In our October 2007 classified report, we made recommendations to the
Chairman of NRC to reassess the consequences of terrorist attacks on
NRC-licensed research reactors using assumptions that better reflect a
fuller range of expert opinion on the security of reactors and the
capabilities of potential terrorist forces. If NRC finds that the
consequences of an attack are more severe than previously estimated, we
also recommended that the Chairman of NRC (1) ensure that the security
requirements for research reactors are commensurate with the
consequences of attacks, (2) reexamine emergency response requirements
to address whether evacuation plans should be included, and (3) require
that first responders to alarms at research reactors be armed.
We provided DOE, NNSA, and NRC with draft copies of our classified
report for their review and comment. As discussed in our classified
report, NNSA, whose comments also reflected DOE's views, generally
agreed with the report and provided minor technical comments, which we
incorporated as appropriate. NRC did not agree with the report and
criticized our report in several areas. For example, NRC stated that we
misrepresented its use of the SNL security assessment and that we
incorrectly stated that the NRC had dismissed the findings in SNL's
assessment. We believe we have accurately described NRC's position on
the work done by SNL. Specifically, NRC has reiterated its disagreement
with the SNL analysis in writing on several occasions. When NRC
provided us with copies of SNL's security assessment, it also provided
a disclaimer stating that NRC "does not support many of the assumptions
and/or information contained in these reports and—the reports cannot be
used independently to develop any conclusions regarding the security or
protective measures for the facilities contained in the reports."
Furthermore, according to a 2005 statement from an NRC Commissioner
concerning SNL's work, "because the Sandia security assessment reports
contain scenarios and assumptions that are not supported by the
Commission, the reports should not be released to anyone outside the
agency nor should they be shared with licensees or stakeholders." NRC's
specific comments and our response are discussed at the end of this
letter. (NRC comments on our classified report contained information
that was classified. However, in December 2007, NRC provided an
unclassified version of its comments to us, which we have included in
appendix I along with our response to its comments.)
Background:
Table 1 lists the 37 research reactors operating in the United States.
Of the 33 reactors that NRC licenses and regulates, 27 are located on
university campuses. In contrast, all DOE research reactors are located
in relatively isolated locations and at facilities where public access
is restricted because weapons-usable nuclear materials associated with
DOE's nuclear weapons programs are also stored on site.
Table 1: Location, Fuel Type, and Power Level of Operating U.S.
Research Reactors:
Reactors: DOE--4: Advanced Test Reactor;
Location: INL, Idaho;
Fuel type: HEU;
Power level[A]: 250 Megawatt (MW).
Reactors: DOE--4: High Flux Isotope Reactor;
Location: ORNL, Tennessee;
Fuel type: HEU;
Power level[A]: 85 MW.
Reactors: DOE--4: Annular Core Research Reactor;
Location: SNL, New Mexico;
Fuel type: HEU;
Power level[A]: 4 MW.
Reactors: DOE--4: Neutron Radiography Reactor;
Location: INL, Idaho;
Fuel type: HEU;
Power level[A]: 250 kilowatt (kW).
Reactors: NRC--33: National Institute of Standards and Technology;
Location: Gaithersburg, Maryland;
Fuel type: HEU;
Power level[A]: 20 MW.
Reactors: NRC--33: University of Missouri, Columbia;
Location: Columbia, Missouri;
Fuel type: HEU;
Power level[A]: 10 MW.
Reactors: NRC--33: Massachusetts Institute of Technology;
Location: Cambridge, Massachusetts;
Fuel type: HEU;
Power level[A]: 5 MW.
Reactors: NRC--33: University of California, Davis;
Location: Sacramento, California;
Fuel type: LEU;
Power level[A]: 2 MW.
Reactors: NRC--33: Rhode Island Nuclear Science Center;
Location: Narragansett, Rhode Island;
Fuel type: LEU;
Power level[A]: 2 MW.
Reactors: NRC--33: Armed Forces Radiobiology Research Institute;
Location: Bethesda, Maryland;
Fuel type: LEU;
Power level[A]: 1 MW.
Reactors: NRC--33: University of Massachusetts, Lowell;
Location: Lowell, Massachusetts;
Fuel type: LEU;
Power level[A]: 1 MW.
Reactors: NRC--33: North Carolina State University;
Location: Raleigh, North Carolina;
Fuel type: LEU;
Power level[A]: 1 MW.
Reactors: NRC--33: Oregon State University;
Location: Corvallis, Oregon;
Fuel type: HEU;
Power level[A]: 1 MW.
Reactors: NRC--33: Pennsylvania State University;
Location: University Park, Pennsylvania;
Fuel type: LEU;
Power level[A]: 1 MW.
Reactors: NRC--33: University of Texas;
Location: Austin, Texas;
Fuel type: LEU;
Power level[A]: 1 MW.
Reactors: NRC--33: Texas A&M University;
Location: College Station, Texas;
Fuel type: LEU;
Power level[A]: 1 MW.
Reactors: U.S. Geological Survey;
Location: Denver, Colorado;
Fuel type: LEU;
Power level[A]: 1 MW.
Reactors: NRC--33: Washington State University;
Location: Pullman, Washington;
Fuel type: HEU;
Power level[A]: 1 MW.
Reactors: NRC--33: University of Wisconsin;
Location: Madison, Wisconsin;
Fuel type: HEU;
Power level[A]: 1 MW.
Reactors: NRC--33: Ohio State University;
Location: Columbus, Ohio;
Fuel type: LEU;
Power level[A]: 500 kW.
Reactors: NRC--33: Dow Chemical Company;
Location: Midland, Michigan;
Fuel type: LEU;
Power level[A]: 300 kW.
Reactors: NRC--33: Aerotest Operations, Inc;
Location: San Ramon, California;
Fuel type: LEU;
Power level[A]: 250 kW.
Reactors: NRC--33: University of California, Irvine;
Location: Irvine, California;
Fuel type: LEU;
Power level[A]: 250 kW.
Reactors: NRC--33: Kansas State University;
Location: Manhattan, Kansas;
Fuel type: LEU;
Power level[A]: 250 kW.
Reactors: NRC--33: University of Maryland;
Location: College Park, Maryland;
Fuel type: LEU;
Power level[A]: 250 kW.
Reactors: NRC--33: Reed College;
Location: Portland, Oregon;
Fuel type: LEU;
Power level[A]: 250 kW.
Reactors: NRC--33: Missouri University of Science and Technology;
Location: Rolla, Missouri;
Fuel type: LEU;
Power level[A]: 200 kW.
Reactors: NRC--33: University of Arizona;
Location: Tucson, Arizona;
Fuel type: LEU;
Power level[A]: 100 kW.
Reactors: NRC--33: University of Florida;
Location: Gainesville, Florida;
Fuel type: LEU;
Power level[A]: 100 kW.
Reactors: NRC--33: General Electric Company;
Location: Sunol, California;
Fuel type: HEU;
Power level[A]: 100 kW.
Reactors: NRC--33: University of Utah;
Location: Salt Lake City, Utah;
Fuel type: LEU;
Power level[A]: 100 kW.
Reactors: NRC--33: Worcester Polytechnic Institute;
Location: Worcester, Massachusetts;
Fuel type: LEU;
Power level[A]: 10 kW.
Reactors: NRC--33: Purdue University;
Location: West Lafayette, Indiana;
Fuel type: HEU;
Power level[A]: 1 kW.
Reactors: NRC--33: Rennselaer Polytechnic Institute;
Location: Schenectady, New York;
Fuel type: LEU;
Power level[A]: .10 kW.
Reactors: NRC--33: Idaho State University;
Location: Pocatello, Idaho;
Fuel type: LEU;
Power level[A]: .005 kW.
Reactors: NRC--33: University of New Mexico;
Location: Albuquerque, New Mexico;
Fuel type: LEU;
Power level[A]: .005 kW.
Reactors: NRC--33: Texas A&M University;
Location: College Station, Texas;
Fuel type: LEU;
Power level[A]: .005 kW.
Source: DOE and NRC.
[A] One megawatt is 1,000 kilowatts. On average, 1 kilowatt is the
amount of power that is needed to operate a typical U.S. household for
1 hour.
[End of table]
Several factors may make research reactors a target for terrorists. For
example, most U.S. research reactors are located on university
campuses; while these research reactors have security systems in place,
none are protected with the kind of security or armed security forces
that protect nuclear power reactors. Furthermore, once inside the
reactor building, terrorists may gain access to the reactor. Figure 1
shows the inside of a research reactor. In addition, while power
reactors use LEU fuel, several research reactors still use HEU fuel in
order to produce the appropriate conditions in the reactor for
conducting a wide variety of research. HEU is attractive to terrorists
looking to construct a crude nuclear weapon. NRC's Office of Nuclear
Reactor Regulation has oversight responsibility for all NRC-licensed
research reactors. DOE's Office of Nuclear Energy, Science, and
Technology's Radiological Facilities Management program is charged with
maintaining DOE research reactors in a secure manner.
Figure 1: Inside of a Research Reactor:
This figure is a picture of the inside of a research reactor.
[See PDF for image]
Source: Photo provided by an NRC-licensed research reactor.
[End of figure]
To enforce safety, security, and emergency planning requirements, both
DOE and NRC conduct routine inspections to ensure compliance with DOE
orders, manuals, and directives and with NRC regulations. DOE's Office
of Independent Oversight and Performance Assurance--which independently
assesses the effectiveness of DOE policies and programs in safeguards
and security and emergency management for DOE facilities-
-routinely inspects DOE facilities for compliance with DOE safeguards
and security requirements. NRC-licensed research reactors are licensed
and routinely inspected by inspectors representing NRC's Research and
Test Reactor Section. The requirements for the physical protection of
NRC-licensed research reactors are set out in NRC regulations and
primarily focus on preventing the theft and diversion of fuel.[Footnote
6] In addition to the specific requirements established in the
regulations, NRC may require--depending on the individual facility and
site conditions--any additional measures it deems necessary to protect
against radiological sabotage at research reactors that it licenses to
operate above 2 MW of power.[Footnote 7] Commensurate with the security
requirements, security related inspection activity is based on a graded
approach, where security measures are based on the type and quantity of
nuclear material on site. For example, research reactors licensed to
possess more than 5 kilograms of HEU are inspected at least annually,
while reactors that are licensed to possess less than 1 kilogram of HEU
are inspected at least triennially.
NRC used its security assessment of NRC-licensed research reactors to
determine whether additional security measures were warranted. NRC's
assessment considered an analysis of security at reactors, as well as
the consequences of attacks. The security assessment also included site-
specific assessments of NRC-licensed research reactors to determine the
vulnerability of structures, security operations, and physical
protection systems, as well as access control systems at research
reactors. Using varying numbers of adversaries and capabilities, NRC
assessed threat scenarios, which included theft of fuel for use in a
nuclear weapon or dirty bomb and sabotage attacks designed to disperse
radioactive material. NRC used the number of immediate fatalities
caused by radiological release resulting from an attack at a research
reactor as its criterion to measure consequences and assessed the
adequacy of the security at NRC-licensed reactors. If NRC discovered
that there was potential to affect public health, it was to identify
countermeasures to mitigate or prevent the consequences, while
considering the cost-effectiveness of these countermeasures.
As a complement to DOE and NRC security efforts, NNSA's Reactor
Conversion Program has a goal of reducing or eliminating the use of HEU
at research reactors. To support this goal, NRC promulgated a rule in
1986 requiring all NRC-licensed research reactors to convert to LEU if
feasible and if DOE provided adequate funding. In addition, under the
2005 North American Security and Prosperity Partnership, the United
States, Mexico, and Canada agreed to convert civil HEU reactors on the
North American continent to LEU fuel, where such LEU fuel is available.
Since 2004, NNSA has overseen the fuel conversion of U.S. research
reactors. To achieve NNSA's goal, in 2005, NNSA's reactor conversion
program partnered with the DOE Office of Nuclear Energy University
Reactors Program to accelerate the conversion of U.S. research reactors
by providing funding to enable research reactors where LEU is available
to convert as rapidly as possible. INL is the technical lead for the
reactor conversion program's fuel development effort.
DOE Used Its DBT to Develop Security and Emergency Response
Requirements for Its Reactors, Which Also Benefit from National
Laboratories' Enhanced Security:
To protect its four research reactors, DOE uses the security and
emergency requirements developed from its DBT and counts on the
security afforded by the reactors' locations at certain national
laboratories that require heightened security. Furthermore, DOE has
concluded that consequences from an attack at some of its research
reactors could be severe and has therefore established extensive plans
and procedures for safety and security incidents.
DOE Research Reactors Are Protected by Requirements of the DBT and
Their Location at National Laboratories:
DOE's research reactors benefit from the greater security required for
the national laboratories where the research reactors are located. The
laboratories are engaged in nuclear weapon activities or store special
nuclear material and therefore are to meet the requirements for DOE's
2003 DBT. This DBT was developed to support DOE policies for preventing
unauthorized access, theft, or sabotage of nuclear weapons and all
special nuclear material under DOE's jurisdiction. More specifically,
following the DBT, DOE requires its research reactors to be protected
in a graded manner; that is, a reactor possessing more dangerous
nuclear material must be safeguarded more securely than those that have
less dangerous material. For example, SNL and INL--the locations of
DOE's Annular Core Research Reactor and its Neutron Radiography
Reactor, respectively--store weapons-usable nuclear materials and
therefore have robust security features and specially dedicated,
heavily armed guard forces. The other two DOE reactors--the Advanced
Test Reactor and High Flux Isotope Reactor--located at INL and ORNL,
respectively, have extensive security features, including perimeter
barbed-wire fences and armed security guards at all times. In addition,
DOE requires that all personnel with routine access to DOE reactors
have a federal security clearance. Among other things, this requirement
helps to reduce the possibility of an insider threat.
We also found that DOE is engaged in efforts to improve security at the
reactor sites. For example, at the SNL and INL sites the locations of
the Annular Core Research Reactor and Neutron Radiography Reactor,
respectively, DOE recently made several security upgrades, including
installing new surveillance systems with thermal imaging cameras; these
cameras enable surveillance of the surrounding territory for up to
several miles, regardless of light and weather conditions. Despite
extensive security features at DOE research reactors, we did find a
security weakness and some research reactor vulnerabilities.
Specifically, we discovered that the Web site for one DOE research
reactor contained information about its refueling schedule. According
to security experts, reactors are more vulnerable during refueling
because large doors that are normally tightly secured must be opened to
deliver fuel. After we brought this weakness to DOE's attention, the
department removed the information. Concerning vulnerabilities, at two
DOE research reactors, we discovered key features at the reactor
facilities that were vulnerable to attack, as DOE officials
acknowledged. In both cases, the reactor operators store large amounts
of spent reactor fuel in pools that are easily accessible to anyone
inside the reactor facility. According to national laboratory officials
at both of these facilities, this fuel is dangerous because if it is
damaged during a terrorist attack, it could cause a large radiological
release into the area surrounding the research reactor. During visits
to both facilities, the reactor operators said that an attack on their
spent fuel concerned them just as much as an attack on the actual
reactor because of the potential for release of radiological material
into the atmosphere. These operators said that the spent fuel needs to
be removed for disposal; DOE plans to remove most of this spent fuel by
2012.
DOE Has Established Extensive Plans and Procedures for Safety and
Security Incidents:
DOE has concluded that the consequences of an attack at some of its
research reactors could be severe, possibly causing radiation to be
dispersed over many square miles and requiring the evacuation of nearby
areas. As a result, all facilities where DOE reactors are located have
established extensive plans and procedures for responding to reactor
emergencies, as DOE policies require. For example, ORNL--the location
of the High Flux Isotope Reactor--has a laboratory shift superintendent
on duty at all times to classify potential events and coordinate
preplanned responses geared to the nature of the event. According to
ORNL officials, emergencies can lead to the mobilization of significant
numbers of security personnel trained to respond to emergencies at the
reactor. This mobilization could include the activation of the mutual
assistance agreement between ORNL and the neighboring Y-12 National
Security Complex to deploy Y-12's off-duty security forces to ORNL in
the event of a terrorist attack. DOE policies also require DOE research
reactor operators, with DOE and laboratory officials, to assess the
worst-case consequences of accidents or terrorist attacks at their
research reactors and develop emergency response plans that call for
evacuating areas up to 300-square miles surrounding the reactor in the
event of a potentially hazardous radiological release into the
atmosphere. Decisions to evacuate are made based on the amount of
radiation to which people could be exposed, as determined by their
proximity to the reactor and the amount of radioactivity released.
Furthermore, in worst-case scenarios, DOE reactor facility emergency
plans include multijurisdictional plans outlining the immediate
coordination of regional and federal emergency response assets.
Security and Emergency Response Requirements for NRC-Licensed Research
Reactors Are Based on Questionable Assumptions, Meaning That Reactors
May Not Be Adequately Protected:
NRC decided to largely retain the security and emergency response
regulations it had in place before September 11, 2001. NRC decided to
retain these requirements after conducting a security assessment
between 2003 and 2006 and determining that these requirements were
sufficient. However, we found that NRC's security assessment used
questionable analysis and assumptions that may not fully reflect the
consequences of a terrorist sabotage attack. According to experts at
INL and DHS, the consequences of a terrorist attack on a research
reactor could be more than what NRC estimates. Consequently, even
though a number of NRC-licensed research reactors have recently
improved security, NRC's security and emergency response requirements
may need immediate strengthening to protect against the consequences of
an attack.
NRC's Security Assessment May Not Adequately Reflect the Potential
Consequences of a Terrorist Attack on Its Licensed Research Reactors:
Between 2003 and 2006, NRC conducted a security assessment of NRC-
licensed research reactors to determine whether existing security and
emergency response requirements were sufficient to protect against an
attack. NRC first conducted a screening analysis to assess the
significance of the consequences of a sabotage attack at each of the 33
NRC-licensed research reactors and established a minimum radiological
dose that an attack would have to produce before further assessment was
warranted. Eventually, NRC concluded that the potential effects of
terrorists sabotaging these 33 reactors were minimal and that the
security and emergency response regulations for research reactor
licensees did not need strengthening.
In conducting this assessment, NRC established a minimum radiological
dosage as the criterion to determine if a full security assessment was
necessary. During its initial phase of this assessment, NRC determined
that most of the reactors would experience minimal consequences from
sabotage and therefore present a low radiological risk to public health
and safety. For the remaining reactors, NRC conducted a further
detailed security assessment. NRC concluded that the potential effects
of an attack at these reactors were also minimal and that the security
and emergency response regulations for research reactors did not need
strengthening.
NRC's security assessment also included SNL's evaluation of the
security of NRC-licensed research reactors; however, NRC disagreed with
several of SNL's findings. NRC contracted with SNL to help perform its
security assessment, and as part of this work, SNL estimated the
probabilities that terrorists could successfully carry out an attack on
NRC-licensed reactors. SNL found that some NRC-licensed research
reactors may not be prepared for certain types of terrorist attacks.
For example, SNL's analysis of several reactors found that under
certain scenarios involving a small group of well-trained terrorists,
an attack on a reactor could be successful. NRC, however, believed that
SNL's assumptions about terrorists' capabilities were excessive and
that SNL did not give enough credit to the capabilities of first
responders. Ultimately, NRC disagreed with SNL about the security of
research reactors. In its final analysis, NRC concluded that, because
the radiological consequences of an attack would be minimal, no changes
in the security and emergency response regulations for NRC-licensed
research reactors were necessary.
However, NRC's security assessment may contain important shortcomings.
As a result, NRC may not have a sound basis for determining the
adequacy of security and emergency response requirements for its
licensed research reactors. Based on our analysis and an analysis
conducted by an INL reactor vulnerability expert at our request, we
concluded that NRC's security assessment used questionable assumptions
and analyses about research reactor security and the potential
consequences of an attack on NRC-licensed research reactors.
Specifically, NRC made the following assumptions that we have reason to
question:
* NRC assumed that terrorists would use certain weapons and tactics in
attacking a reactor but did not fully consider alternative attack
scenarios which could be more damaging if carried out successfully.
According to an SNL expert, attacking a research reactor using this
alternative approach would be a difficult and sophisticated task, which
would likely require specific knowledge of reactors and sabotage
techniques. Nonetheless, this expert stated that such an attack was
possible and identified detailed information for carrying it out.
Moreover, the attack scenarios that NRC did not fully consider could
lead to more significant consequences than NRC estimates, according to
an INL reactor vulnerability expert.
* NRC assumed that only a small portion of a research reactor could be
damaged in a terrorist attack, resulting in the release of only a small
amount of radioactivity into the atmosphere. However, according to
experts at INL and DHS, it is possible that a larger portion of a
research reactor could be damaged in a terrorist attack. If this
occurred, these experts also noted that an attack could result in a
release of a larger amount of radioactivity into the atmosphere over
neighboring communities.
* NRC assumed that insiders with access to the reactor would only
participate to a limited degree. However, in similar security
assessments for DOE facilities, DOE assumes that insiders would fully
participate in an attack, and it has designed its defenses on the
assumption of full participation. Fully participating insiders could
both provide information, such as details of the facility layout and
operating schedule, as well as participate in an attack by performing
key functions, such as opening doors or disabling alarm systems. NRC
officials acknowledge that if its assessment had assumed fully
participating insiders, then the results of its assessment may have
turned out differently.
Furthermore, according to a reactor vulnerability expert at INL, the
consequences of a terrorist attack could be significant. Specifically,
this expert stated that terrorist attackers using different weapons and
tactics than NRC assumed in attack scenarios may be able to damage a
larger portion of a research reactor. In addition, at our request, this
INL reactor vulnerability expert conducted an analysis of the
consequences of a terrorist attack.[Footnote 8] This analysis confirmed
his views that an attack at a research reactor could release a large
amount of radioactivity, which would be damaging to neighboring
communities. In fact, the analysis concluded:
"It is clear that an event as described in this report could have
significant consequences. The consequences of a successful sabotage
attack in addition to the direct dose could be significant radioactive
material release and subsequent contamination of areas that have high
socio-economic impact. It is important that the risk from these
reactors be well characterized and the emergency preparedness for such
an event be included [in] the planning process."
Because most NRC-licensed research reactors are located on college
campuses or in urban areas, the release of large amounts of radiation
could affect a substantial portion of the population.
We discussed the INL reactor vulnerability expert's analysis with INL's
Deputy Associate Laboratory Director for National and Homeland Security
Directorate, who stated that the analysis was technically accurate and
that their reactor vulnerability expert had done good work in preparing
it. However, he cautioned us that the analysis represented the efforts
of only one of INL's reactor vulnerability experts. In his view, a more
comprehensive analysis of the vulnerability and the consequences of a
terrorist attack on a research reactor is warranted. Such a study
should include experts from a variety of technical areas, including
national intelligence sources, and involve more than one laboratory.
These experts would determine the most appropriate assumptions that
should be used in the analysis. For example, according to the Deputy
Associate Laboratory Director, one important part of such an analysis
would be examining the physical nature of damaging a research reactor.
This could be done through modeling and actual experiments. Once this
is determined, it would inform other aspects of a reactor vulnerability
analysis and result in a more comprehensive understanding of the
potential consequences of a terrorist attack.
We shared the results of INL's reactor vulnerability expert's analysis
with NRC, who disagreed with several of the basic assumptions and
findings concerning the consequences of an attack on a research
reactor. NRC's reasons for its disagreement, and our analysis of these
reasons, are discussed in detail in the classified version of this
report.
Despite Recent Security Improvements, NRC's Security and Emergency
Response Requirements May Not Sufficiently Address the Potential
Consequences of an Attack:
NRC maintains an active oversight program of all research reactor
licensees, which includes routine safety and security inspections.
Between 2001 and 2006, NRC worked with its licensees to make immediate
security improvements to research reactors where needed. As a result of
continuing oversight activities, when NRC found additional security
measures were necessary to ensure public health and safety, NRC
requested that licensees implement additional security measures. NRC
verified improved security through inspections and issued letters
formally binding the licensees to maintain security enhancements.
During our visits to NRC-licensed research reactors, we found the
following improvements to security:
* improved access controls to key areas inside reactor facilities,
* augmented surveillance of activities within controlled access areas,
and:
* improved alarm and communication systems.
For example, one NRC research reactor licensee installed antitruck bomb
barriers, including concrete and steel reinforced poles and a steel
cable gate, which are not required for the category of reactor at this
particular facility. In fact, we discovered that several of NRC's
research reactor licensees have made security improvements that exceed
NRC's security requirements. Similarly, to address the potential truck
bomb threat, several other NRC research reactor licensees have placed
jersey barriers near exterior parts of reactor buildings. Figure 2
shows a research reactor building surrounded with jersey barriers. Some
NRC-licensed research reactors have added jersey barriers, installed
new steel-hardened doors, and improved camera surveillance systems.
Still another licensee installed a new alarm system that is hardwired
to the closest police station, which monitors reactor alarms at all
times.
Figure 2: Research Reactor Building Surrounded by Jersey Barriers:
This figure is a photograph of a research reactor building surrounded
by jersey barriers.
[See PDF for image]
Source: GAO.
[End of figure]
Despite such improvements, we identified potential shortcomings with
current security and emergency response requirements and measures.
These requirements and measures may require immediate attention if
NRC's assessment of the consequences of an attack on its licensed
reactors is deficient. For example:
* At two research reactors we visited, we found features of the reactor
that if damaged during an attack could make the reactor more at risk
for radiological releases.
* According to an SNL security analysis of NRC-licensed research
reactors, a number of reactors could be attacked and sabotaged by well-
trained terrorists. If an NRC-licensed research reactor were attacked,
the local police would have to assess the threat and determine the
appropriate response before the attackers have completed the tasks
needed to sabotage the reactor.
* At still another research reactor, we found an unlocked and unalarmed
access leading directly into the reactor room. In this case, the
licensee is relying on another security measure that might be overcome.
However, this measure could be compromised. In our view, it is both
sensible and inexpensive to put a lock and an alarm trigger on this
access to the reactor room, rather than depend on having one element of
the security system function flawlessly.
In response to the Energy Policy Act of 2005, NRC has begun to address
a potential security weakness we identified during our review.
Specifically, we found that NRC did not require research reactor
licensees to conduct extensive background checks on their staff with
access to reactors. However, starting in 2006, NRC began requiring
research reactor licensees to fingerprint staff with access to
sensitive security information and subject them to a criminal history
background check by the Federal Bureau of Investigation. Furthermore,
in May 2007, NRC ordered research reactor licensees to subject all
staff with unescorted access to reactors to this check.
All of the NRC-licensed research reactors that we visited have detailed
and coordinated emergency plans for responding to terrorist attacks,
including the deployment of police, Special Weapons and Tactics (SWAT),
fire, ambulance, and hazardous material personnel to the reactor
facility. In addition, most NRC-licensed research reactors licensees we
visited have agreements with local law enforcement and other first
responders for responses to emergencies. For example, the research
reactor at the Massachusetts Institute of Technology has memorandums of
understanding with the city of Cambridge Police Department, Fire
Department, Emergency Management Department, and Massachusetts General
Hospital outlining cooperation in case of emergencies. However, we
found weaknesses in two key areas of NRC emergency response plan
requirements--evacuation planning and first response:
Few Reactors Have Evacuation Planning. Evacuation planning is important
because most NRC-licensed reactors are located in highly populated
areas, with other buildings located near the reactor facility. For
example, one NRC-licensed research reactor is located within 100 yards
of a day-care facility, 300 yards of a university dormitory, and one-
half mile of a stadium that holds more than 90,000 fans on game days
during football season. NRC regulations for emergency plans require
licensees to establish plans for coping with emergencies, but NRC does
not require that these plans include evacuation plans for areas
surrounding its licensed reactors. Instead, these requirements only
require licensees to establish limited emergency planning zones, which
vary in size depending on the size of the reactor. The acceptable
emergency planning zone for reactors that NRC licenses to operate at 2
MW or less--that is, 30 of the 33 NRC-licensed research reactors--is
limited to the grounds of the reactor facility; there are no evacuation
plans for the areas surrounding the reactor. Two other NRC-licensed
research reactors--at the Massachusetts Institute of Technology and the
University of Missouri, Columbia--must establish an emergency planning
zone with possible evacuation of 100 meters surrounding the research
reactor; the 20 MW National Institute of Standards and Technology
reactor must establish an emergency planning zone of 400 meters.
Some First Responders Are Not Armed. NRC regulations on emergency
response require that licensees ensure that a watchman or off-site
response force will respond to unauthorized entrance or activity at
research reactors, but regulations do not require first responders for
emergencies at research reactors to be armed. At most NRC-licensed
reactors we visited, the designated first responders are armed. At a
few reactors, however, unarmed campus police--not local law enforcement
agencies--would be the first responders when alarms are set off. Such
plans are likely to delay an armed police response. According to SNL
security experts, the lack of a timely armed response increases the
risk that a terrorist attack will be successful.
NNSA Has Made Progress in Converting U.S. Research Reactors from HEU to
LEU Fuel, but It Faces Challenges in Converting Some Remaining Research
Reactors:
NNSA has converted 8 currently operating U.S. research reactors from
HEU to LEU fuel and has plans to convert 10 remaining reactors by 2014.
However, NNSA will confront challenges in converting 5 of these 10
remaining research reactors because they cannot be converted with fuel
that is currently available. According to NNSA and national laboratory
officials, the schedule for fuel development is optimistic and further
technical setbacks in fuel development would likely delay their
research reactor conversion plans.
NNSA Has Converted 8 Currently Operating U.S. Research Reactors and Has
Plans to Convert 10 Remaining Reactors:
Since 1978, when the reactor conversion program started, DOE has
converted a total of 8 currently operating U.S. research reactors from
HEU to LEU fuel. In 2004, we reported on the progress of the reactor
conversion program and recommended, among other things, that NNSA place
a higher priority on converting these reactors.[Footnote 9] In response
to our recommendation, in 2006, NNSA converted 2 more operating U.S.
research reactors from HEU to LEU fuel. NNSA plans to convert an
additional 10 U.S. research reactors by 2014, including 5 that can
convert with currently available fuel and 5 that cannot convert with
currently available fuel. The 2 NRC-licensed research reactors that
converted in 2006 were reactors at the University of Florida and Texas
A&M University, which were converted at a cost of about $3 million and
$7 million, respectively. These recent conversions represent the first
U.S. conversions since 2000 and are part of NNSA's expanded effort to
convert research reactors worldwide.
NNSA plans to convert the remaining 5 U.S. research reactors that can
convert with currently available fuel by September 2009 at an estimated
cost of $37 million (see table 2).
Table 2: U.S. Research Reactors Using HEU Fuel That NNSA Plans to
Covert to Currently Available LEU Fuel by 2009:
Reactor: Purdue University;
Anticipated conversion date: 2007.
Reactor: Oregon State University;
Anticipated conversion date: 2008.
Reactor: Washington State University;
Anticipated conversion date: 2008.
Reactor: University of Wisconsin;
Anticipated conversion date: 2009.
Reactor: Neutron Radiography Reactor--DOE;
Anticipated conversion date: 2009.
Source: NNSA.
[End of table]
NNSA Faces Challenges in Converting 5 of the 10 Remaining Reactors:
NNSA has set a target date of 2014 for converting the five remaining
HEU research reactors that cannot convert with currently available
fuel. NNSA is now developing a new fuel that will allow the remaining
five reactors to convert; according to an NNSA official, this new fuel
must be developed by 2011 if NNSA is to meet its 2014 conversion
schedule goal. We believe that the conversion schedule may be
optimistic because developing this fuel has been problematic. For
example, early efforts to develop the fuel experienced failures during
testing that caused NNSA to push back anticipated completion dates from
2008 to 2010, and NNSA has since delayed the completion of the fuel
until 2011. Argonne National Laboratory officials working on the fuel
development effort at that time characterized the failures during
testing as the worst they had ever experienced. According to NNSA
officials and INL fuel development scientists, more recent attempts to
develop new LEU fuel appear promising. In addition, a series of recent
successful tests of the new fuel, including fuel fabrication and
testing at the Advanced Test Reactor are indicative of the potential to
successfully develop the new LEU fuel. However, NNSA and national
laboratory officials acknowledged that the fuel development schedule is
optimistic and that further technical setback would likely delay DOE's
research reactor conversion plans. NNSA estimates that an additional
$46 million will be needed to actually convert reactors once the fuel
is available. This estimate is uncertain. If any further technical
difficulties are experienced in the process of developing the new fuel,
additional funding will be required for further fuel improvements, and
the estimated conversion date will not be met. Table 3 outlines the
schedule for converting the five research reactors that cannot convert
with currently available fuel.
Table 3: Anticipated Conversion Dates for Five U.S. Research Reactors
Using HEU Fuel That Cannot Convert with Currently Available LEU Fuel:
Reactor: University of Missouri, Columbia;
Anticipated conversion date: 2012.
Reactor: Massachusetts Institute of Technology;
Anticipated conversion date: 2012.
Reactor: National Institute of Standards and Technology;
Anticipated conversion date: 2012.
Reactor: Advanced Test Reactor--DOE;
Anticipated conversion date: 2013.
Reactor: High Flux Isotope Reactor--DOE;
Anticipated conversion date: 2014.
Source: NNSA.
[End of table]
Conclusions:
The NRC-licensed nuclear research reactors located throughout the
United States play an important role in education and basic scientific
research. However, because most of these reactors are located on
university campuses, they face unique challenges in both remaining
accessible for educational purposes and providing enough security to
protect neighboring communities from the potentially significant
impacts of a terrorist attack. Understanding the consequences of a
terrorist attack on these research reactors is critical to determining
the level of security needed to protect them. To understand the
consequences of an attack, NRC conducted a security assessment of its
licensed reactors and concluded that the consequences would be minimal-
-having almost no effect on nearby areas. However, NRC's security
assessment may underestimate the potential consequences of an attack
because it used assumptions and analyses about reactor security and
terrorist capabilities that we believe are questionable. Additionally,
NRC's conclusions are not supported by the findings of SNL, an INL
reactor vulnerability expert, and a DHS expert. SNL found that a group
of well-trained terrorists could gain access to a number of NRC-
licensed research reactors. Moreover, INL and DHS experts believe that
it is possible that a meaningful portion of a research reactor could be
damaged in an attack. Such an attack could result in a radioactive
release that is greater than NRC estimates in their assessment. Without
an analysis that better reflects the full range of expert opinion on
the security of reactors and the capabilities of potential terrorist
forces, NRC will not have fully considered the risks posed by research
reactors. NRC will also lack assurance that it has established security
and emergency response plan requirements commensurate with the risks
posed by attacks on its licensed research reactors.
Recommendations for Executive Action:
To better understand and prepare for the potential consequences of a
terrorist attack on NRC-licensed research reactors, we recommended in
our October 2007 classified report that the Chairman of NRC reassess
the consequences of terrorist attacks on NRC-licensed research reactors
using assumptions that better reflect a fuller range of outside expert
opinion on the security of reactors and the capabilities of potential
terrorist forces.
If NRC finds that the consequences of an attack on a research reactor
are more severe than previously estimated, we recommended that the
Chairman of NRC take the following three actions:
* ensure that the security requirements for research reactors are
commensurate with the consequences of attacks,
* reexamine emergency response requirements to address whether
evacuation plans should be included, and:
* require that first responders to alarms at research reactors be
armed.
Agency Comments and Our Evaluation:
We provided DOE, NNSA, and NRC with draft copies of our classified
report for their review and comment. As discussed in our classified
report, NNSA, whose comments also reflected DOE's views, generally
agreed with the report and provided minor technical comments, which we
incorporated as appropriate in this unclassified report as well. NRC
did not agree with the report and stated that the report provides an
unbalanced assessment of its effort to enhance security at research
reactors since September 11, 2001. NRC summarized its views in a
separate unclassified letter which we have included in appendix I,
along with our comments.
NRC criticized our report in four areas. First, NRC stated that the
draft report misrepresented the effort it has made following September
11, 2001, to assess and enhance the security of research reactors; it
also asserted that we compared security requirements for NRC-licensed
research reactors with DOE operated reactors and that the comparison is
incomplete and inaccurate. Second, NRC stated that we misrepresented
its use of the SNL security assessment and that we incorrectly stated
that NRC had dismissed the findings in SNL's assessment. Third, NRC
asserted that our report misrepresented or excluded key facts. Finally,
NRC believes that our assumptions concerning terrorist attack scenarios
lack a sound technical basis.
First, we disagree with NRC's assertion that our report misrepresents
the Commission's efforts since September 11, 2001, to assess and
enhance the security of research reactors. We accurately describe NRC's
active oversight actions, including routine inspections for safety and
security. Furthermore, we give NRC credit for working with research
reactor licensees to make, and to verify, many security improvements
that NRC identified as necessary. We also discuss the many security
features and improvements at NRC-licensed research reactors that we
visited and note that several of the licensees have made security
improvements that exceed NRC's security requirements. Furthermore,
contrary to NRC's comments, our report does not compare security
requirements for NRC-licensed and DOE operated research reactors or
actual security conditions at the reactors. Rather, our report
discusses our findings on security requirements and their
implementation at NRC-licensed and DOE operated research reactors.
Second, we disagree with NRC's assertion that our report misrepresents
NRC's use of the SNL security assessment and that NRC dismissed SNL's
security assessment. Our report did not state that NRC "dismissed" the
security assessment; instead, it accurately states that NRC "disagreed"
with SNL about the security of research reactors. Furthermore, NRC
itself has reiterated this disagreement with the SNL analysis in
writing on several occasions. Specifically, when NRC provided us with
copies of SNL's security assessment, it also provided a disclaimer
stating that NRC "does not support many of the assumptions and/or
information contained in these reports and—the reports cannot be used
independently to develop any conclusions regarding the security or
protective measures for the facilities contained in the reports." In
addition, a 2005 statement by an NRC Commissioner concerning SNL's work
further supports our point that NRC disagreed with the SNL analysis.
This Commissioner states, "because the Sandia security assessment
reports contain scenarios and assumptions that are not supported by the
Commission, the reports should not be released to anyone outside the
agency nor should they be shared with licensees or stakeholders."
Continuing, this Commissioner states that SNL's security reports "if
taken out of context, could prove to be an enormous burden on NRC and
our licensees and could result in a tremendous amount of time spent
explaining why we think the Sandia analyses are deeply flawed."
Third, we disagree with NRC's assertion that our report misrepresents
or excludes key facts. In particular, NRC states that INL and SNL
refute our characterization of key facts gathered from INL, federal
agencies, and SNL to support our recommendations. With regard to INL,
we did receive a letter from INL in June 2007 requesting that we not
include or refer in any fashion to any INL technical judgments
contained in the INL report. Later that month, we spoke with INL
management about the reason for this request. As we state in our
report, according to INL's Deputy Associate Laboratory Director for
National and Homeland Security Directorate,[Footnote 10] INL believes
that a more comprehensive analysis of the vulnerability and
consequences of attacks on research reactors is warranted. Nonetheless,
this official stated that the INL analysis was technically accurate and
INL's vulnerability expert had done good work in preparing it. As a
result of this discussion, we deleted from the report much of the
specific details of this analysis, such as the specific estimates of
radiological consequences, and instead provided only a short summary of
the key findings of the analysis. Our report includes a statement from
the INL analysis stating that a terrorist attack could produce
"significant consequences" and have "high socio-economic impact"
because INL officials emphasized this point during communications with
us after we received INL's June 2007 letter. Furthermore, in its
comments, NRC states that INL requested that we exclude from our report
references to information we obtained from verbal communications with
INL experts. INL never asked us to exclude discussions we had during
our visit to INL and subsequent discussions with INL officials. INL
would have no basis to make such a request because representatives of
INL management arranged our meetings with INL experts to gather the
information and data needed to complete our work.
With respect to SNL, in neither of two sets of written comments did SNL
dispute our primary conclusion regarding its work for NRC--that some
NRC-licensed research reactors may not be prepared for certain types of
terrorist attacks--nor did SNL disagree with our main report
recommendation. We received initial comments from SNL in July 2007 on
an early version of our classified draft report. At that time, we
revised our draft to acknowledge one of SNL's key points--namely, that
damaging a research reactor is a difficult and sophisticated task.
However, we did not include further details of these initial comments
because they were inconsistent with the information SNL had provided
during extensive discussions over 2 days in November 2006. For example,
in its July 2007 written comments, SNL provided information that
demonstrated why this task is so difficult. However, during discussions
with SNL's expert, he noted that damaging a reactor was possible and
provided us with very detailed steps of how to do so. These steps
addressed many of the very limitations discussed in the July 2007
comments from SNL. Furthermore, a key finding of our report is that NRC
disagreed with the SNL finding that some NRC-licensed research reactors
may not be prepared for certain types of terrorist attacks. In its July
2007 comments, SNL did not address our characterization of the work it
did for NRC. Finally, in subsequent comments provided in September 2007
as part of DOE's technical comments, SNL expanded upon its earlier
comments regarding the difficulty of sabotaging a research reactor
which we had already acknowledged in the report. In discussing this
point, SNL stated that further study was needed on the extent to which
terrorists could damage a research reactor. Regardless of the details
of the work performed by INL and SNL, which we believe raise key
concerns, one thing remains clear: there is need for further study to
better understand the risks and consequences of an attack on a research
reactor by well trained terrorists.
Finally, NRC asserted that our assumptions regarding terrorist attack
scenarios lack a sound technical basis. We disagree. Specifically, we
note the following:
* The findings in our report do not rely on assumptions but, instead,
are based on the evidence we collected from experts at NRC, DOE, INL,
SNL, DHS, and other sources. This evidence demonstrates that there is
uncertainty about some aspects of NRC's security assessment. However,
NRC's comments suggest that no such uncertainty exists, even though in
some cases NRC used assumptions in its security assessment that it had
difficulty defending. For example, NRC officials did not fully consider
an alternative attack scenario that could be more damaging if carried
out successfully because, according to NRC officials, the supervisor of
the staff doing the assessment was an engineer who instructed the staff
that such scenarios were unlikely, if not impossible. During
discussions on this point, an NRC official acknowledged that if the
alternative attack scenario had been fully assessed, NRC's security
assessment might have demonstrated more significant consequences.
* NRC states that we incorrectly assumed that terrorists could use
certain tactics in attacking research reactors since there is a lack of
intelligence information that terrorists have demonstrated these
capabilities. We disagree. The events of September 11, 2001, and the
threats faced by our armed forces in Iraq demonstrate that terrorists
are capable of innovating how they conduct attacks. Consequently, we
believe that, in conducting its security assessment, NRC should have
considered a fuller range of threats, including both the threats that
have occurred and the possibility of emerging threats.
* NRC also disagreed with our characterization of (1) what portion of a
reactor could be damaged in a terrorist attack and (2) the extent of
the radiation released from such an attack. However, experts at INL and
DHS provided our evidence on these points. As previously discussed,
according to an INL vulnerability expert, a well-executed terrorist
attack could damage a significant portion of a research reactor and
release a larger amount of radioactivity into the neighboring
communities than NRC estimates. On this point, INL's Deputy Associate
Laboratory Director for National and Homeland Security Directorate told
us that additional analysis and study is warranted in order to gain a
more comprehensive understanding of both how much of a reactor could be
damaged in an attack and what the resulting radiological consequences
would be.
As agreed with your office, unless you publicly release the contents of
this report earlier, we plan no further distribution until 30 days from
the report date. At that time, we will then send copies of this report
to the appropriate congressional committees; the Secretary of Energy;
the Administrator of NNSA; the Chairman of NRC; and the Director,
Office of Management and Budget. We will also make copies available to
others upon request. In addition, this report will be available at no
charge on the GAO Web site at [hyperlink, http://www.gao.gov].
If you or your staff have any questions about this report, please
contact me at (202) 512-3841 or aloisee@gao.gov. Contact points for our
Offices of Congressional Relations and Public Affairs may be found on
the last page of this report. GAO staff who made major contributions to
this report are listed in appendix II.
Sincerely yours,
Signed by:
Gene Aloise:
Director, Natural Resources and Environment:
[End of section]
Appendix I: Comments from the Nuclear Regulatory Commission:
Note: GAO comments supplementing those in the report text appear at the
End Of This Appendix.
United States:
Nuclear Regulatory Commission:
Washington, D.C. 20555.0001:
December 17, 2007:
Mr. Gene Aloise, Director:
Natural Resources and Environment:
U.S. Government Accountability Office:
441 G Street, NW:
Washington, D.C. 20548:
Dear Mr. Aloise:
On behalf of the U.S. Nuclear Regulatory Commission (NRC), I am
providing an unclassified version of the NRC's comments on the U.S.
Government Accountability Office's (GAO's) classified draft report
about the security of research and test reactors. A detailed and
classified version of these comments was provided by letter dated
September 4, 2007. We ask that this unclassified version of our
comments be included, in its entirety, in the unclassified public
version of GAO's final report.
The NRC is pleased to be afforded this opportunity to comment on this
draft report. Unfortunately, we found that this report provides an
unbalanced assessment of the efforts of the NRC and Research and Test
Reactor (RTR) licensees to enhance security after September 11, 2001.
Additionally, this report lacks sound technical bases and credible
intelligence information in support of GAO's recommendations and the
NRC strongly encourages GAO to make substantial changes to the report.
Safe and secure RTRs are a part of campus landscapes around the
country, providing education and training to the next generation of
scientists and engineers. Currently, there are 32 operating NRC-
licensed RTRs in the United States. These RTRs support a wide variety
of scientific programs including biology, chemistry, physics, and
medicine. A number of scientific and medical advancements can be
attributed to RTRs, including improved cancer treatment therapies that
have increased survival rates, and evidence that resulted in the now
widely accepted asteroid impact theory on the extinction of the
dinosaurs.[Footnote 11] For perspective, the majority of NRC-licensed
RTRs are less than 1 Megawatt-thermal (MWt), and range in size from 5
Watts – about the size of a standard nightlight in a child's bedroom –
up to 20 MWt. In comparison, the typical operating nuclear power plant
in the United States is rated to 3000 MWt and can power over 1 million
homes.
GAO Misrepresents NRC Actions to Enhance Security:
GAO's report misrepresents the considerable efforts made by the NRC
following September 11, 2001, to assess and enhance the security of
RTRs. Security measures for RTRs are based on a "graded" approach that
is derived from the requirements of Section 104.c. of the Atomic Energy
Act of 1954, as amended, which directs the NRC to impose the minimum
amount of regulation necessary to protect the public health and safety
and the common defense and security. In general, RTRs that possess
larger quantities of nuclear material or material that is potentially
more attractive to adversaries have enhanced security measures in
place. In the remaining months of 2001, after September 11th, the NRC
issued advisories with recommended security precautions based on on-
site evaluations. From 2002 to 2004, the NRC established additional
security measures at RTRs in a prioritized manner. During this time
RTRs implemented compensatory measures, which included site-specific
background investigations of personnel with access to the reactors. All
RTR licensees have committed to incorporate these additional security
measures into their security plans or procedures. The NRC ensures that
the compensatory measures remain in place through our regulatory
processes, which include Confirmatory Action Letters and on-site
inspections. Additionally, background checks of all individuals with
unescorted access to the NRC-licensed RTRs found no issues.
Furthermore, the NRC requested and received, in the Energy Policy Act
of 2005, the authority to require Federal Bureau of Investigations
(FBI) identification and criminal history records checks, based on
fingerprints, of any person with access to Safeguards Information or
unescorted access to RTRs. In September 2006 and April 2007,
respectively, the NRC implemented this authority through Orders to all
RTRs.
(See Comment 1):
GAO's report misrepresents NRC's use of Sandia National Laboratories'
(SNL) security assessments. GAO asserted that the NRC dismissed SNL's
reports because we did not agree with its results. That is untrue. As
we previously discussed with GAO's staff, the NRC's research and test
reactor technical staff carefully reviewed SNL's reports and determined
that, while some of its assumptions and methodologies were
unrealistically conservative, the reports were useful. In fact, the
NRC's experts used input from SNL's reports in the development of a
comprehensive decision-making framework which applied a risk-informed
methodology in the evaluation of potential security enhancements. In
2006, after applying this framework to RTRs, the NRC determined that
additional security enhancements were unnecessary due to the minimal
risk these facilities pose to public health and safety. The NRC staff
repeatedly cautioned GAO that SNL's modeling and assumptions used in
the reports had limitations and that SNL's results alone did not
provide a risk-informed basis for making regulatory decisions. GAO's
report does not reflect NRC's caution and instead presents elements of
the SNL reports out of their proper context.
(See Comment 2):
GAO's comparison of security requirements for NRC-licensed and DOE-
operated RTRs provides an incomplete and inaccurate representation of
their safety and security. It should be noted that of the Department of
Energy's (DOE) four RTRs, two are significantly larger than any NRC-
licensed RTR. Furthermore, DOE's security requirements are based on the
weapons- grade nuclear material handled and stored elsewhere on the
site and not the RTRs themselves. Requirements such as Federal security
clearances and protection against Design Basis Threats, while
reasonable for a DOE facility where access is restricted due to the
presence of significant quantities of highly classified and controlled
strategic nuclear material, are inappropriate for a low-power, NRC-
licensed RTR.
(See Comment 3):
Experts Question Key Facts in GAO's Report
The NRC has determined that GAO's report misrepresents or excludes key
facts. GAO's recommendations appear to be based predominantly on a pre-
decisional sample document[Footnote 12] demonstrating Idaho National
Laboratory's (INL) capabilities and on opinions from Federal agencies
and other labs, such as SNL. However, the NRC is aware that both INL
and SNL provided written comments to GAO prior to the completion of the
draft report refuting GAO's characterization of some of their work and
key facts in the report.
(See Comment 4):
After reviewing GAO's Statement of Facts, INL provided written comments
regarding GAO's representation of work INL performed for GAO. INL's
June 13, 2007, letter[Footnote 13] to GAO's lead reviewer clearly
stated that, "INL formally requests that the GAO not include or refer
to in any fashion any INL technical judgments contained in the INL pre-
decisional sample document." INL further explained that the document
was prepared as a demonstration of the lab's capabilities and had not
been reviewed either externally or internally by experts. Furthermore,
INL stated that the report had not been reviewed for the, "reality of
the scenarios and the engineering credibility of the attack systems and
the example reactor conditions with recognized authorities." Since GAO
issued its draft report for comment, NRC has confirmed INL's position
on verbal communications, which GAO refers to in its draft report. "In
line with INL's position of the proposal we provided to GAO, that it
not be included or referred to in their report, our position is the
same for verbal information exchanged with the GAO. Those conversations
were conducted in order to define information to scope our proposal to
GAO, not to provide technical information or facts."[Footnote 14]
Therefore, INL finds that inclusion and reference to the sample pre-
decisional INL report in GAO's report detracts from its technical
credibility, and INL indicates that its pre-decisional, sample document
and associated verbal communications are not to be included or referred
to in GAO's report.
Similarly, SNL, after reviewing GAO's Statement of Facts, provided
written comments regarding GAO's characterization of SNL experts. SNL's
comments to GAO fundamentally challenged the information used by GAO to
claim that the NRC had not appropriately considered terrorist
capabilities. SNL noted that GAO's Statement of Facts contained no
mention of Sandia's views regarding the viability or practicality of
the assumed terrorist scenarios. SNL further stated in its comments
that despite providing GAO with a subject matter expert who refuted
GAO's assumptions, GAO failed to acknowledge key scientific facts that
challenged the basis for using the GAO-identified terrorist
capabilities. Despite SNL's comments to the contrary, GAO's report
represents these presumed terrorist capabilities as credible threats
and a basis to challenge NRC's security requirements for RTRs.
Not only did GAO misrepresent the experts cited in its report, it also
failed to acknowledge those experts' formal dissenting views. A
fundamental principle of good decision-making is the consideration and
inclusion of all relevant facts and information, even those that
contradict one's conclusions. The NRC does not understand how GAO can
exclude formal comments from national laboratories that it claims are
experts and still conclude that it's characterization of RTR security
is credible and balanced. INL's written comments are provided as
Enclosure 1, to this letter.
GAO's Assumptions Lack a Sound Technical Basis:
GAO's report assumes that a highly unlikely combination of events could
damage an RTR and release radioactivity to the environment. GAO does
not provide credible intelligence information or supporting technical
bases for their postulated terrorist scenarios. Despite many meetings
between the NRC and GAO staff where the NRC pointed out the significant
limitations, challenges, and realisms that would make the scenarios
highly unlikely, GAO's report continues to characterize them as
credible without providing any supporting technical basis or analysis.
(See Comment 5):
GAO's report assumes that terrorists could employ highly sophisticated
methods and skills to cause significant damage to an RTR. GAO's report
however, provides no supporting intelligence information that
terrorists have demonstrated this capability, The NRC maintains an
expert and dedicated team of threat assessment specialists with over
150 years of combined experience working in the intelligence community.
This team applied NRC's rigorous threat assessment process, which GAO
commended as logical and well-defined,"[Footnote 5] in determining
credible terrorist capabilities. The NRC continually reviews
intelligence information and when appropriate revises its assessment of
credible terrorist capabilities.
In addition to the lack of credible intelligence information, GAO did
not provide a sound technical basis to demonstrate that an RTR could be
damaged as GAO assumes. As stated previously, GAO's own experts, SNL,
challenged GAO's assumptions regarding the viability or practicality of
GAO's postulated methods to damage an RTR. SNL provided a series of
detailed scientific facts that support the view that GAO's postulation
is highly unlikely. Further questioning the technical bases of GAO's
scenario, Los Alamos National Laboratory (LANL) conducted a classified
engineering and safety analysis, published as a classified report in
1990, that specifically analyzed methods similar to those postulated by
GAO. LANL's analysis concluded that RTRs are resistant to the
postulated attack due to their design and materials of construction.
Additionally, LANL's classified analysis determined that the
accomplishment of such scenarios would encounter significant
challenges. During the course of NRC's security assessments performed
since September 11, 2001, we found that law enforcement response
provides a high degree of confidence that responders would successfully
thwart the attack scenarios assumed by GAO. Additionally, the
scientific work of LANL found that even if an adversary were successful
in overcoming these restraints, the upper limit on the radioactivity
released would be far less than the assumptions made by GAO. The
conclusions reached in 1990 remain valid in the post-9111 environment
because the scientific principles they are based on have not changed.
(See Comment 4):
(See Comment 6):
GAO's evaluation and assumptions ignore the physical realities of RTR
design and construction and the likely effects of the postulated
scenarios on the terrorists that would prevent an attack from being
successful in damaging an RTR. NRC and SNL staff reviewed GAO's
scenarios and concluded that considerable resources and time would be
necessary, if it would be possible at all. LANL's classified
engineering and safety analysis reached the same conclusions as the
NRC staff, which has over 220 combined years of experience regulating,
operating, and managing RTRs.
GAO also assumed that upon damaging an RTR, a large, direct release of
radiation would occur. NRC and LANL analyses have already shown that
the probability of causing sufficient damage to an RTR such that a
large release would occur is extremely low. In addition, the design and
construction features present real world barriers to the release of
radioactivity to the environment. These features were conveniently
ignored in the GAO evaluation. Although questioned in the report, GAO
does not provide any supporting technical basis to challenge the
adequacy of the existing RTR emergency plans.
The NRC believes that the inaccuracies, misrepresentation, and
unsupported assumptions discussed above undermine the credibility of
the evidence presented in the draft report, which thus does not support
a sound technical basis for its conclusions and recommendations. The
NRC strongly encourages GAO to make substantial changes to the report
in order to enhance its accuracy and thereby provide a convincing and
fair presentation of the physical security of NRC-licensed RTRs.
Again, thank you for the opportunity to comment on this report. Should
you have any questions about these comments, please contact Ms. Melinda
Malloy, at (301) 415-1785, of my staff.
Sincerely,
Signed by:
Luis A. Reyes:
Executive Director for Operations:
Enclosure:
INL Response Regarding GAO Use of INL Evaluation of Research Reactors:
[End of section]
Idaho National Laboratory:
P.O. Box 1625:
2525 North Fremont Ave.:
Idaho Falls, Idaho 83415:
208-526-0111:
[hyperlink, http://www.lni.gov]:
June 13, 2007:
CCN 210055:
Mr. Peter E. Ruedel:
Government Accounting Office:
441 G Street NW:
Washington, DC 200548:
Subject:
1NL Response Regarding GAO Use of INL Evaluation of Research Reactors
References:
1. Draft GAO Report - (OUOISGI) Draft, Statement of Facts DOE and NRC
Research Reactors:
2. INL Pre-Decisional, Sample Document (OUO), Evaluation of a Pseudo
TRIGA reactor for Radiological Sabotage, Bradley J. Schrader, Ph.D.,
PE, CHP, April 2007.
Dear Mr. Ruedel:
In response to the request, June 7, 2007 from the Government Accounting
Office (GAO) to provide review comments related to the draft GAO report
(reference I), the INL formally requests that the GAO not include or
refer to in any fashion any INL technical judgments contained in the
INL pre-decisional sample document (reference 2).
(See Comment 4):
The referenced INL document was prepared as a sample document
demonstrating the INL's capability; it was not intended to be a formal
deliverable in response to a Work-for-Others agreement with the GAO. As
you know, no such work-for-others agreement ever existed. Further and
more importantly, the reference 2 document has not been peer-reviewed
pursuant to the normal INL technical report review processes. For this
type of document, the INL typically would have this report reviewed by
internal and external experts, prior to release as a formal report
Specifically for this document, the INL would have established the
reality of the scenarios and the engineering credibility of the attack
systems and the example reactor conditions with recognized authorities.
Neither this peer review or the referenced research methodologies were
performed. Again, the reference 2 document was provided to GAO as
nothing more than a sample of the INL's research capabilities.
Because this referenced document has not undergone the standard peer
review processes, the INL would not use this document as the basis for
gut action; and we suggest that any use by GAO of the contents of this
pre-decisional document or references to its contents will detract from
the technical credibility of the GAO report.
If you need additional information regarding resolution of this
request, the INL point of contact is Mr. Lynn Goldman (208-526-0010),
Deputy Associate Laboratory Director, National and Homeland Security
Directorate.
Sincerely,
Signed by:
David J. Hill, Deputy Laboratory Director Science & Technology:
SDH:rlo:
cc: R. L. Green, DOE-ID, MS 1170:
J. J. Grossenbacher, INL, MS 3695:
W. D. Lewis, DOE-ID, MS 1240:
V. C. Pearson, DOE-ID, MS 1170:
K. R. Tuuri, DOE-ID, MS 1170:
[End of section]
The following are GAO comments on the Nuclear Regulatory Commission's
(NRC) letter dated December 17, 2007.
GAO Comments:
We disagree. We accurately describe NRC's oversight actions taken since
September 2001, including its process of performing routine inspections
for safety and security. Furthermore, we give NRC credit for working
with research reactor licensees to make, and to verify, many security
improvements that NRC identified as necessary. We also discuss the many
security features and improvements at NRC-licensed research reactors
that we visited including security improvements that exceed NRC's
security requirements.
Our report does not misrepresent NRC's use of Sandia National
Laboratories' (SNL) security assessment and did not state that NRC
"dismissed" the security assessment. Instead, our report accurately
states that NRC "disagreed" with SNL about the security of research
reactors. On this point, NRC has reiterated its disagreement with the
SNL analysis in writing several times. Specifically, when NRC provided
us with copies of SNL's security assessment, it also provided a
disclaimer stating that NRC "does not support many of the assumptions
and/or information contained in these reports and—the reports cannot be
used independently to develop any conclusions regarding the security or
protective measures for the facilities contained in the reports."
Furthermore, a 2005 statement from an NRC Commissioner concerning SNL's
work further supports our point that NRC disagreed with the SNL
analysis. According to this Commissioner, "because the Sandia security
assessment reports contain scenarios and assumptions that are not
supported by the Commission, the reports should not be released to
anyone outside the agency nor should they be shared with licensees or
stakeholders." He further states that SNL's security reports "if taken
out of context, could prove to be an enormous burden on NRC and our
licensees and could result in a tremendous amount of time spent
explaining why we think the Sandia analyses are deeply flawed."
3. Contrary to NRC's comments, our report does not compare security
requirements for NRC-licensed and Department of Energy (DOE) operated
research reactors or actual security conditions at the reactors. In
fact, we reported on DOE and NRC security issues in separate sections
of the report. We did, however, compare one assumption regarding how
each agency considered the role of insiders who may provide assistance
to an attacking force. In our view, this was an important comparison to
make because, in its assessment, NRC assumed that insiders with access
to the reactor would only participate to a limited degree in an attack
on a reactor. However, in similar security assessments for DOE
facilities, DOE assumed that insiders would fully participate in an
attack, and it has designed its defenses on the assumption of full
participation. In discussing this point with NRC officials, they
acknowledged that if NRC's assessment had assumed fully participating
insiders, then the results of its assessment may have turned out
differently.
4. Our report did not misrepresent or exclude key facts provided to us
by Idaho National Laboratory (INL) and SNL. With regard to INL, we did
receive a letter from INL in June 2007 requesting that we not include
or refer in any fashion to any INL technical judgments contained in the
INL report, and we subsequently spoke with INL management about the
reason for this request. As our report states, according to INL's
Deputy Associate Laboratory Director for National and Homeland Security
Directorate,[Footnote 11] INL believes that a more comprehensive
analysis of the vulnerability and consequences of attacks on research
reactors is warranted. Nonetheless, this official stated that the INL
analysis was technically accurate and INL's vulnerability expert had
done good work in preparing it. As a result of this discussion, we
deleted from the report many of the specific details of this analysis,
such as the specific estimates of radiological consequences, and
instead provided only a short summary of the key findings in the
analysis. As we pointed out in our report, the INL analysis stated that
a terrorist attack could produce "significant consequences" and have
"high socio-economic impact." We retained this statement because INL
officials emphasized this point during communications with us after we
received INL's June 2007 letter. Furthermore, although NRC states that
INL asked us to exclude references to information we obtained from
verbal communications with INL experts, INL never made such a request
to us. INL would have no basis to make such a request because
representatives of INL management arranged our meetings with INL
experts to gather the information and data needed to complete our work.
With respect to SNL, in neither of two sets of written comments did SNL
dispute our primary conclusion regarding its work for NRC--that some
NRC-licensed research reactors may not be prepared for certain types of
terrorist attacks--nor did SNL disagree with our main report
recommendation. We received initial comments from SNL in July 2007 on
an early version of our classified draft report and revised our draft
to acknowledge one of SNL's key points--namely, that damaging a
research reactor is a difficult and sophisticated task. However, we did
not include further details of the SNL comments because they were
inconsistent with the information we received during extensive
discussions with SNL experts during 2 days in November 2006. For
example, in its July 2007 written comments, SNL provided information
that demonstrated why this task is so difficult. However, during
discussions with SNL's expert, he noted that damaging a reactor was
possible and provided us with very detailed steps of how to do so.
These steps addressed many of the very limitations discussed in the
July 2007 comments from SNL. Furthermore, as we also reported, NRC
disagreed with the SNL finding that some NRC-licensed research reactors
may not be prepared for certain types of terrorist attacks. In its July
2007 comments, SNL did not address our characterization of the work it
did for NRC. Finally, in subsequent comments provided in September 2007
as part of DOE's technical comments, SNL provided more detailed
information on the difficultly of sabotaging a research reactor. Our
report includes SNL's view that attacking a research reactor would be a
difficult task that would likely require specific knowledge of reactors
and sabotage techniques. Nonetheless, SNL's comments also acknowledge
the need for further study on the extent to which terrorists could
damage a research reactor. Regardless of the details of the work
performed by INL and SNL, which we believe raise key concerns, one
thing remains clear: there is need for further study to better
understand the risks and consequences of an attack on a research
reactor by well trained terrorists.
5. We disagree with NRC's assertion that our assumptions regarding
terrorist attack scenarios lack a sound technical basis. Specifically,
we note the following:
* The findings in our report do not rely on assumptions but instead are
based on the evidence we collected from experts at NRC, DOE, INL, SNL,
DHS, and other sources. This evidence demonstrates uncertainty about
some aspects of NRC's security assessment. In contrast, NRC's comments
suggest that no such uncertainty exists, even though in some cases NRC
used assumptions in its security assessment that it had difficulty
defending. For example, NRC officials did not fully consider an
alternative attack scenario that could be more damaging if carried out
successfully because, according to NRC officials, the supervisor of the
staff doing the assessment instructed the staff that such scenarios
were unlikely, if not impossible. An NRC official acknowledged that if
the alternative attack scenario had been fully assessed, NRC's security
assessment might have demonstrated more significant consequences.
* We disagree with NRC's statement that we incorrectly assumed that
terrorists could use certain tactics in attacking research reactors,
since there is a lack of intelligence information that terrorists have
demonstrated these capabilities. NRC's security assessment did not
address certain tactics that were raised as a concern in its own
intelligence documents. Furthermore, as the events of September 11,
2001, and the threats faced by our armed forces in Iraq have shown,
terrorists are capable of innovating how they conduct attacks.
Consequently, we believe that, in conducting its security assessment,
NRC should have considered a fuller range of threats, including both
the threats that have occurred and the possibility of emerging threats.
* We stand by the evidence provided by INL and DHS experts regarding
the portion of a reactor that could be damaged in a terrorist attack
and the extent of the radiation that could be released from such an
attack. As previously discussed, according to an INL vulnerability
expert, a well-executed terrorist attack could damage a significant
portion of a research reactor and lead to the release of a larger
amount of radioactivity into the neighboring communities than NRC
estimates. On this point, INL's Deputy Associate Laboratory Director
for National and Homeland Security Directorate told us that more
analysis and study is warranted to gain a more comprehensive
understanding of both how much of a reactor could be damaged in an
attack and what the resulting radiological consequences would be.
6. This comment refers to a classified report Los Alamos National
Laboratory (LANL) issued in 1989. That report discussed the potential
and limitations to a certain type of terrorist attack on research
reactors that is discussed more fully in our classified report. The
scenario addressed in the LANL report was similar to the type of attack
identified in the INL analysis. (The LANL report was discussed in our
classified report. Because the LANL report is classified, we are not
including the details of the LANL report in this report.) However, we
note that the LANL report was completed more than 15 years ago at a
time when the United States faced different and less severe potential
threats. In our view, the LANL study, when combined with the views of
INL and DHS experts, demonstrates that there is some uncertainty within
the community of reactor experts on the consequences of certain types
of attacks on research reactors. This uncertainty provides the basis
for our recommendation that NRC reconsider its security assessment.
[End of section]
Appendix II: GAO Contact and Staff Acknowledgments:
GAO Contact:
Gene Aloise, (202) 512-3841 or aloisee@gao.gov:
Staff Acknowledgments:
In addition to the contact named above, John Delicath, Doreen S.
Feldman, Eugene Gray, Keith Rhodes, Ray Rodriguez, Peter Ruedel,
Rebecca Shea, Carol Herrnstadt Shulman, Ned Woodward, and Franklyn Yao
made key contributions to this report.
[End of section]
Footnotes:
[1] HEU is uranium enriched in the isotope uranium-235 to 20 percent or
greater. LEU is uranium that is enriched to less than 20 percent in the
isotope uranium-235.
[2] NRC, Security Assessment of NRC-Licensed Research and Test Reactor,
NRC, (April 2006). In this report, we refer to this assessment as the
NRC security assessment. This assessment is controlled as Safeguards
Information (SGI) by NRC.
[3] Other agencies, such as the Department of Homeland Security and
DOE, have relied on SNL for their expertise on security issues as well.
[4] In this report, we refer to the RERTR program as the reactor
conversion program.
[5] GAO, Research Reactor Security, GAO-08-156C (Washington DC.: Oct.
12, 2007).
[6] 10 C.F.R. part 73.
[7] 10 C.F.R. § 73.60(f).
[8] INL, Evaluation of a Psuedo TRIGA Reactor for Radiological
Sabotage, INL/EXT-07-12348 (April 2007).
[9] GAO, Nuclear Nonproliferation: DOE Needs to Take Action to Further
Reduce the Use of Weapons-Usable Uranium in Civilian Research Reactors,
GAO-04-807 (Washington, D.C.: July 30, 2004).
[10] INL's June 2007 letter to GAO asked us to contact this INL
official--the Deputy Associate Laboratory Director, National Homeland
Security Directorate--if we needed any additional information regarding
INL's request.
[11] National Research Council. (1988). University Research Reactors in
the United States ” Their Role and Value. Washington, D.C.: National
Academy Press.
[12] Schrader, Bradley J. Ph.D., PE, CHP. (April 2007): "Evaluation of
a Pseudo TRIGA reactor for Radiological Sabotage." (This document is
OUO).
[13] Letter from Hill, David J. INL Deputy Laboratory Director, Science
and Technology, to Ruedel, Peter, GAO: "INL Response Regarding GAO Use
of INL Evaluation of Research Reactors," 13 June 2007.
[14] Email from Landon, Chad J., INL, to Mendonca, Marvin, NRC: "Re:
Info." August 15, 2007.
[15] Government Accountability Office. (March 2006). Nuclear Power
Plants: Efforts Made to Upgrade Security, but the Nuclear Regulatory
Commission's Design Basis Threat Process Should Be Improved.
(Publication No. GAO-06-388).
GAO's Mission:
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people.
GAO examines the use of public funds; evaluates federal programs and
policies; and provides analyses, recommendations, and other assistance
to help Congress make informed oversight, policy, and funding
decisions. GAO's commitment to good government is reflected in its core
values of accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each
weekday, GAO posts newly released reports, testimony, and
correspondence on its Web site. To have GAO e-mail you a list of newly
posted products every afternoon, go to [hyperlink, http://www.gao.gov]
and select "Subscribe to Updates."
Order by Mail or Phone:
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or
more copies mailed to a single address are discounted 25 percent.
Orders should be sent to:
U.S. Government Accountability Office:
441 G Street NW, Room LM:
Washington, D.C. 20548:
To order by Phone:
Voice: (202) 512-6000:
TDD: (202) 512-2537:
Fax: (202) 512-6061:
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]:
E-mail: fraudnet@gao.gov:
Automated answering system: (800) 424-5454 or (202) 512-7470:
Congressional Relations:
Ralph Dawn, Managing Director, dawnr@gao.gov:
(202) 512-4400:
U.S. Government Accountability Office:
441 G Street NW, Room 7125:
Washington, D.C. 20548:
Public Affairs:
Chuck Young, Managing Director, youngc1@gao.gov:
(202) 512-4800:
U.S. Government Accountability Office:
441 G Street NW, Room 7149:
Washington, D.C. 20548: