Nuclear Security: DOE and NRC Have Different Security
Requirements for Protecting Weapons-Grade Material from Terrorist
Attacks (11-SEP-07, GAO-07-1197R).
In terrorists' hands, weapons-grade nuclear material--known as
Category I special nuclear material when in specified forms and
quantities--can be used to construct an improvised nuclear device
capable of producing a nuclear explosion. Responsibility for the
security of Category I special nuclear material is divided
between the Department of Energy (DOE) and the Nuclear Regulatory
Commission (NRC). Specifically, DOE and the National Nuclear
Security Administration (NNSA), a separately organized agency
within DOE, are responsible for overseeing physical security at
government-owned and contractor-operated sites with Category I
special nuclear material. NRC, which is responsible for licensing
and overseeing commercially owned facilities with nuclear
materials, such as nuclear power plants, is responsible for
regulating physical security at those licensees that store and
process Category I special nuclear material under contract,
primarily for DOE. Because of the risks associated with Category
I special nuclear material, both DOE and NRC recognize that
effective security programs are essential. The key component in
both DOE's and NRC's security programs is each agency's design
basis threat (DBT)--classified documents that identify the
potential size and capabilities of terrorist threats to special
nuclear material. To counter the threat contained in their
respective DBTs, both DOE sites and NRC licensees use physical
security systems, such as alarms, fences, and other barriers;
trained and armed security forces; and operational security
procedures, such as a "two-person" rule that prevents unobserved
access to special nuclear material. In addition, to ensure DBT
requirements are being met and to detect potential security
vulnerabilities, DOE and NRC employ a variety of other measures,
including inspection programs; reviews; and force-on-force
performance tests, in which the site's security forces undergo
simulated attacks by a group of mock terrorists. Over the past
several years, we have raised concerns about certain aspects of
security at DOE sites and at NRC-regulated commercial nuclear
power plants. In this context, you asked us to determine (1)
whether DOE's and NRC's requirements for protecting Category I
special nuclear material from terrorist threats differ from one
another; (2) the reasons for any differences between these
requirements; and (3) if, as a result, there are differences
between how NRC-licensed facilities that store and process
Category I special nuclear material and how DOE facilities that
store and process Category I special nuclear material are
defended against a terrorist attack.
-------------------------Indexing Terms-------------------------
REPORTNUM: GAO-07-1197R
ACCNO: A76151
TITLE: Nuclear Security: DOE and NRC Have Different Security
Requirements for Protecting Weapons-Grade Material from Terrorist
Attacks
DATE: 09/11/2007
SUBJECT: Independent regulatory commissions
Nuclear facilities
Nuclear facility security
Nuclear materials
Physical security
Security threats
Terrorism
Security regulations
Security standards
******************************************************************
** This file contains an ASCII representation of the text of a **
** GAO Product. **
** **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced. Tables are included, but **
** may not resemble those in the printed version. **
** **
** Please see the PDF (Portable Document Format) file, when **
** available, for a complete electronic file of the printed **
** document's contents. **
** **
******************************************************************
GAO-07-1197R
* [1]PDF6-Ordering Information.pdf
* [2]Order by Mail or Phone
September 11, 2007
The Honorable Christopher Shays
Ranking Member, Subcommittee on National Security
and Foreign Affairs
Committee on Oversight and Government Reform
House of Representatives
Subject: Nuclear Security: DOE and NRC Have Different Security
Requirements for Protecting Weapons-Grade Material from Terrorist Attacks
Dear Mr. Shays:
In terrorists' hands, weapons-grade nuclear material--known as Category I
special nuclear material when in specified forms and quantities--can be
used to construct an improvised nuclear device capable of producing a
nuclear explosion. Responsibility for the security of Category I special
nuclear material is divided between the Department of Energy (DOE) and the
Nuclear Regulatory Commission (NRC). Specifically, DOE and the National
Nuclear Security Administration (NNSA), a separately organized agency
within DOE, are responsible for overseeing physical security at
government-owned and contractor-operated sites with Category I special
nuclear material. NRC, which is responsible for licensing and overseeing
commercially owned facilities with nuclear materials, such as nuclear
power plants, is responsible for regulating physical security at those
licensees that store and process Category I special nuclear material under
contract, primarily for DOE.
Because of the risks associated with Category I special nuclear material,
both DOE and NRC recognize that effective security programs are essential.
The key component in both DOE's and NRC's security programs is each
agency's design basis threat (DBT)--classified documents that identify the
potential size and capabilities of terrorist threats to special nuclear
material. To counter the threat contained in their respective DBTs, both
DOE sites and NRC licensees use physical security systems, such as alarms,
fences, and other barriers; trained and armed security forces; and
operational security procedures, such as a "two-person" rule that prevents
unobserved access to special nuclear material. In addition, to ensure DBT
requirements are being met and to detect potential security
vulnerabilities, DOE and NRC employ a variety of other measures, including
inspection programs; reviews; and force-on-force performance tests, in
which the site's security forces undergo simulated attacks by a group of
mock terrorists.
Over the past several years, we have raised concerns about certain aspects
of security at DOE sites and at NRC-regulated commercial nuclear power
plants. For example, we reported that DOE had taken some action in
response to the terrorist attacks of September 11, 2001, but that it
needed to improve the management of its security program.^1 In addition,
we found that DOE needed to fully implement security improvements
initiated in response to its DBT, such as the consolidation of special
nuclear material and the development of a better-trained and -organized
security force, in order to ensure that its sites were adequately prepared
to defend themselves.^2
Regarding NRC, in September 2003, we reported that NRC's oversight of
security at commercial nuclear power plants needed to be strengthened.^3
In March 2006, we reported that commercial nuclear power plants had
upgraded security against terrorist attacks, and NRC had improved its
force-on-force inspections at these plants. However, we found that NRC's
DBT process, as it is applied to commercial nuclear power plants, should
be improved to remove the appearance that changes to the DBT were based on
what the nuclear industry considered feasible to defend against rather
than on an assessment of the terrorist threat itself.^4 While NRC has a
more rigorous DBT for its licensees that store and process Category I
special nuclear material than it does for the commercial nuclear power
plants that it licenses and regulates, NRC uses a similar DBT development
process for both sets of licensees.
In this context, you asked us to determine (1) whether DOE's and NRC's
requirements for protecting Category I special nuclear material from
terrorist threats differ from one another; (2) the reasons for any
differences between these requirements; and (3) if, as a result, there are
differences between how NRC-licensed facilities that store and process
Category I special nuclear material and how DOE facilities that store and
process Category I special nuclear material are defended against a
terrorist attack. In February 2007, we reported to you on the results of
our work in a classified report.^5 Subsequently, you asked us to provide
you with an unclassified summary of our report. This report provides the
unclassified summary. We conducted our work for this report between May
2007 and September 2007 in accordance with generally accepted government
auditing standards.
^1GAO, Nuclear Security: NNSA Needs to Better Manage Its Safeguards and
Security Program, GAO-03-471 (Washington, D.C.: May 30, 2003).
^2GAO, Nuclear Security: DOE Needs to Resolve Significant Issues Before It
Fully Meets the New Design Basis Threat, GAO-04-623 (Washington, D.C.:
Apr. 27, 2004); and Nuclear Security: DOE's Office of the Under Secretary
for Energy, Science, and the Environment Needs to Take Prompt, Coordinated
Action to Meet the New Design Basis Threat, GAO-05-611 (Washington, D.C.:
July 15, 2005).
^3GAO, Nuclear Regulatory Commission: Oversight of Security at Commercial
Nuclear Power Plants Needs to Be Strengthened, GAO-03-752 (Washington,
D.C.: Sept. 4, 2003).
^4GAO, Nuclear Power Plants: Efforts Made to Upgrade Security, but the
Nuclear Regulatory Commission's Design Basis Threat Process Should Be
Improved, GAO-06-388 (Washington, D.C.: Mar. 14, 2006).
^5GAO, (U) Nuclear Security: DOE and NRC Security Requirements for Special
Nuclear Material, GAO-07-41C (Washington, D. C.: Feb. 16, 2007).
In summary:
Historically, DOE and NRC have sought comparability in their respective
DBTs because DOE sites and NRC licensees often deal with the same types of
Category I special nuclear material. For example, in 2000, NRC imposed
additional security requirements on its licensees because, as it stated at
the time, NRC is responsible for ensuring that weapons-usable material in
the commercial sector receives protection comparable with that provided to
similar DOE material. Following the September 11, 2001, terrorist attacks,
both DOE and NRC put in place more demanding DBTs. NRC issued its most
recent DBT in 2003, and DOE issued its most recent DBT in 2005. More
importantly, even though DOE's sites and NRC's licensees store and process
similar weapons-grade nuclear material, the DBTs each agency adopted for
Category I special nuclear material are different.
Several factors have contributed to the differences between DOE's and
NRC's DBTs. First, a key document used in the development of DOE's DBT was
the Postulated Threat to U.S. Nuclear Weapon Facilities and Other Selected
Strategic Facilities (Postulated Threat). The Postulated Threat is
developed by the U.S. intelligence community, principally the Department
of Defense's Defense Intelligence Agency, and the security organizations
of several different agencies, including DOE and NRC. The most recent
Postulated Threat, issued in 2003, identified, among other things, the
most likely threats to U.S. facilities with Category I special nuclear
material. While NRC participated in the development of the Postulated
Threat, NRC believes that the Postulated Threat does not apply to
commercial nuclear facilities such as its licensees. Second, DOE and NRC
also differ in their consideration of other intelligence information in
developing their DBTs. In this context, NRC has developed its DBT to be
within the range of what it has determined are the limitations that a
private guard force can reasonably be expected to defend against.
Specifically, NRC believes that the defense against threats not contained
in its DBT is the responsibility of the federal government, in conjunction
with state and local governments. Finally, even though they did so in the
past, since September 11, 2001, DOE and NRC have not fully cooperated in
sharing classified information on potential misuse of Category I special
nuclear material.
Reflecting the differences in their respective DBTs, we found differences
in the actions DOE sites and NRC licensees are taking to increase their
preparedness to defeat a large and sophisticated terrorist attack. For
example, currently, NRC licensees do not have the same legal authority as
DOE sites to acquire heavier weaponry, such as fully automatic weapons, or
the same legal authority to use deadly force to protect special nuclear
material. NRC is pursuing new regulations, authorized by the Energy Policy
Act of 2005, to allow its licensees to use automatic weapons, but expects
to take from 1 to 2 years to issue such regulations. At the same time, DOE
is implementing plans that, if fully realized, will further increase
security at its sites. These plans include developing and deploying
improved security technologies; consolidating special nuclear material
into fewer, better protected locations; and providing better training and
equipment for its security forces. Finally, DOE has better developed tools
for assessing security preparedness and understanding vulnerabilities,
such as computer modeling and force-on-force testing programs that
simulate terrorist attacks on facilities. However, NRC is in the process
of adopting computer modeling and implementing a new force-on-force
testing program.
A successful attack on a facility with Category I special nuclear material
could have unacceptable human, economic, and symbolic consequences.
Consequently, we believe that, regardless of location, there should not be
differences in the protection of Category I special nuclear material. To
address these differences, we made a series of recommendations in our
February 2007 report, including the following:
o DOE and NRC should develop a common DBT for DOE sites and NRC
licensees that store and process Category I special nuclear
material.
o NRC should expedite its efforts to ensure that its licensees
have the same legal authorities to acquire heavier weaponry and
use deadly force as DOE sites currently have to protect such
material.
o DOE and NRC should cooperate in establishing computer modeling
capabilities and force-on-force performance testing programs to
better assess security preparedness and detect vulnerabilities.
In addition, we recommended that Congress should consider amending the
Atomic Energy Act of 1954, as amended, to give NRC licensees the same
legal authority to use deadly force as DOE sites have to protect Category
I special nuclear material.
We provided DOE and NRC with a draft of our February 2007 report for
review and comment. Overall, DOE, through NNSA, and NRC agreed with
several of our recommendations. Specifically, both NNSA and NRC agreed to
cooperate on improving force-on-force performance testing and computer
modeling. NRC also agreed that obtaining legal authority to acquire
heavier weapons and to clarify policies on the use of deadly force to
protect Category I special nuclear material could enhance security at its
licensees. NRC cited ongoing efforts in both areas. Finally, NNSA
supported having Congress amend the Atomic Energy Act to provide NRC
licensees with the legal authority to use deadly force to protect Category
I special nuclear material. However, NNSA and NRC did not support our
recommendation to develop a common DBT for facilities that store and
process Category I special nuclear material. Specifically, in its comments
on our report, NRC stated that it believes that it is more important to
set protection levels that are appropriate for the potential scenarios
that involve the malevolent use of the nuclear materials stored or handled
at a given site. NRC also stated that both agencies have recognized that
protection strategies may differ between the sites they oversee based on
the type, form, purpose and quantity of material at their sites. However,
in our evaluation of the agency's comments, we noted that all of the sites
and licensees have one important thing in common--they all possess
significant quantities of Category I special nuclear material. As such, we
believe, there should not be differences in their level of protection.
- - - - -
As arranged with your office, unless you publicly announce its contents
earlier, we plan no further distribution of this report until 14 days
after the date of this report. We will then send copies to appropriate
congressional committees, the Secretary of Energy; the Administrator,
NNSA; the Chairman of the Nuclear Regulatory Commission; and the Director
of the Office of Management and Budget. We will make copies of this report
available to others upon request. This report will also be available at no
charge on GAO's Web site at [3]http://www.gao.gov .
If you or your staff have any questions about this report or need
additional information, please contact me at (202) 512-3841 or
[email protected]. Contact points for our Office of Congressional Relations
and Public Affairs may be found on the last page of this report. James
Noel, Assistant Director, and Jonathan Gill made key contributions to this
report.
Sincerely yours,
Gene Aloise
Director, Natural Resources and Environment
(360882)
This is a work of the U.S. government and is not subject to copyright
protection in the United States. The published product may be reproduced
and distributed in its entirety without further permission from GAO.
However, because this work may contain copyrighted images or other
material, permission from the copyright holder may be necessary if you
wish to reproduce this material separately.
GAO's Mission
The Government Accountability Office, the audit, evaluation, and
investigative arm of Congress, exists to support Congress in meeting its
constitutional responsibilities and to help improve the performance and
accountability of the federal government for the American people. GAO
examines the use of public funds; evaluates federal programs and policies;
and provides analyses, recommendations, and other assistance to help
Congress make informed oversight, policy, and funding decisions. GAO's
commitment to good government is reflected in its core values of
accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony
The fastest and easiest way to obtain copies of GAO documents at no cost
is through GAO's Web site ( [4]www.gao.gov ). Each weekday, GAO posts
newly released reports, testimony, and correspondence on its Web site. To
have GAO e-mail you a list of newly posted products every afternoon, go to
[5]www.gao.gov and select "E-mail Updates."
Order by Mail or Phone
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent of
Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more
copies mailed to a single address are discounted 25 percent. Orders should
be sent to:
U.S. Government Accountability Office 441 G Street NW, Room LM Washington,
DC 20548
To order by Phone: Voice: (202) 512-6000
TDD: (202) 512-2537
Fax: (202) 512-6061
To Report Fraud, Waste, and Abuse in Federal Programs
Contact:
Web site: [6]www.gao.gov/fraudnet/fraudnet.htm
E-mail: [7][email protected]
Automated answering system: (800) 424-5454 or (202) 512-7470
Congressional Relations
Gloria Jarmon, Managing Director, [8][email protected] , (202) 512-4400 U.S.
Government Accountability Office, 441 G Street NW, Room 7125 Washington,
DC 20548
Public Affairs
Susan Becker, Acting Manager, [9][email protected] , (202) 512-4800 U.S.
Government Accountability Office, 441 G Street NW, Room 7149 Washington,
DC 20548
References
Visible links
3. http://www.gao.gov/
4. http://www.gao.gov/
5. http://www.gao.gov/
6. http://www.gao.gov/fraudnet/fraudnet.htm
7. mailto:[email protected]
8. mailto:[email protected]
9. mailto:[email protected]
*** End of document. ***