Nuclear Security: DOE and NRC Have Different Security		 
Requirements for Protecting Weapons-Grade Material from Terrorist
Attacks (11-SEP-07, GAO-07-1197R).				 
                                                                 
In terrorists' hands, weapons-grade nuclear material--known as	 
Category I special nuclear material when in specified forms and  
quantities--can be used to construct an improvised nuclear device
capable of producing a nuclear explosion. Responsibility for the 
security of Category I special nuclear material is divided	 
between the Department of Energy (DOE) and the Nuclear Regulatory
Commission (NRC). Specifically, DOE and the National Nuclear	 
Security Administration (NNSA), a separately organized agency	 
within DOE, are responsible for overseeing physical security at  
government-owned and contractor-operated sites with Category I	 
special nuclear material. NRC, which is responsible for licensing
and overseeing commercially owned facilities with nuclear	 
materials, such as nuclear power plants, is responsible for	 
regulating physical security at those licensees that store and	 
process Category I special nuclear material under contract,	 
primarily for DOE. Because of the risks associated with Category 
I special nuclear material, both DOE and NRC recognize that	 
effective security programs are essential. The key component in  
both DOE's and NRC's security programs is each agency's design	 
basis threat (DBT)--classified documents that identify the	 
potential size and capabilities of terrorist threats to special  
nuclear material. To counter the threat contained in their	 
respective DBTs, both DOE sites and NRC licensees use physical	 
security systems, such as alarms, fences, and other barriers;	 
trained and armed security forces; and operational security	 
procedures, such as a "two-person" rule that prevents unobserved 
access to special nuclear material. In addition, to ensure DBT	 
requirements are being met and to detect potential security	 
vulnerabilities, DOE and NRC employ a variety of other measures, 
including inspection programs; reviews; and force-on-force	 
performance tests, in which the site's security forces undergo	 
simulated attacks by a group of mock terrorists. Over the past	 
several years, we have raised concerns about certain aspects of  
security at DOE sites and at NRC-regulated commercial nuclear	 
power plants. In this context, you asked us to determine (1)	 
whether DOE's and NRC's requirements for protecting Category I	 
special nuclear material from terrorist threats differ from one  
another; (2) the reasons for any differences between these	 
requirements; and (3) if, as a result, there are differences	 
between how NRC-licensed facilities that store and process	 
Category I special nuclear material and how DOE facilities that  
store and process Category I special nuclear material are	 
defended against a terrorist attack.				 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-07-1197R					        
    ACCNO:   A76151						        
  TITLE:     Nuclear Security: DOE and NRC Have Different Security    
Requirements for Protecting Weapons-Grade Material from Terrorist
Attacks 							 
     DATE:   09/11/2007 
  SUBJECT:   Independent regulatory commissions 		 
	     Nuclear facilities 				 
	     Nuclear facility security				 
	     Nuclear materials					 
	     Physical security					 
	     Security threats					 
	     Terrorism						 
	     Security regulations				 
	     Security standards 				 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-07-1197R

   

     * [1]PDF6-Ordering Information.pdf

          * [2]Order by Mail or Phone

September 11, 2007

The Honorable Christopher Shays
Ranking Member, Subcommittee on National Security
and Foreign Affairs
Committee on Oversight and Government Reform
House of Representatives

Subject: Nuclear Security: DOE and NRC Have Different Security
Requirements for Protecting Weapons-Grade Material from Terrorist Attacks

Dear Mr. Shays:

In terrorists' hands, weapons-grade nuclear material--known as Category I
special nuclear material when in specified forms and quantities--can be
used to construct an improvised nuclear device capable of producing a
nuclear explosion. Responsibility for the security of Category I special
nuclear material is divided between the Department of Energy (DOE) and the
Nuclear Regulatory Commission (NRC). Specifically, DOE and the National
Nuclear Security Administration (NNSA), a separately organized agency
within DOE, are responsible for overseeing physical security at
government-owned and contractor-operated sites with Category I special
nuclear material. NRC, which is responsible for licensing and overseeing
commercially owned facilities with nuclear materials, such as nuclear
power plants, is responsible for regulating physical security at those
licensees that store and process Category I special nuclear material under
contract, primarily for DOE.

Because of the risks associated with Category I special nuclear material,
both DOE and NRC recognize that effective security programs are essential.
The key component in both DOE's and NRC's security programs is each
agency's design basis threat (DBT)--classified documents that identify the
potential size and capabilities of terrorist threats to special nuclear
material. To counter the threat contained in their respective DBTs, both
DOE sites and NRC licensees use physical security systems, such as alarms,
fences, and other barriers; trained and armed security forces; and
operational security procedures, such as a "two-person" rule that prevents
unobserved access to special nuclear material. In addition, to ensure DBT
requirements are being met and to detect potential security
vulnerabilities, DOE and NRC employ a variety of other measures, including
inspection programs; reviews; and force-on-force performance tests, in
which the site's security forces undergo simulated attacks by a group of
mock terrorists.

Over the past several years, we have raised concerns about certain aspects
of security at DOE sites and at NRC-regulated commercial nuclear power
plants. For example, we reported that DOE had taken some action in
response to the terrorist attacks of September 11, 2001, but that it
needed to improve the management of its security program.^1 In addition,
we found that DOE needed to fully implement security improvements
initiated in response to its DBT, such as the consolidation of special
nuclear material and the development of a better-trained and -organized
security force, in order to ensure that its sites were adequately prepared
to defend themselves.^2

Regarding NRC, in September 2003, we reported that NRC's oversight of
security at commercial nuclear power plants needed to be strengthened.^3
In March 2006, we reported that commercial nuclear power plants had
upgraded security against terrorist attacks, and NRC had improved its
force-on-force inspections at these plants. However, we found that NRC's
DBT process, as it is applied to commercial nuclear power plants, should
be improved to remove the appearance that changes to the DBT were based on
what the nuclear industry considered feasible to defend against rather
than on an assessment of the terrorist threat itself.^4 While NRC has a
more rigorous DBT for its licensees that store and process Category I
special nuclear material than it does for the commercial nuclear power
plants that it licenses and regulates, NRC uses a similar DBT development
process for both sets of licensees.

In this context, you asked us to determine (1) whether DOE's and NRC's
requirements for protecting Category I special nuclear material from
terrorist threats differ from one another; (2) the reasons for any
differences between these requirements; and (3) if, as a result, there are
differences between how NRC-licensed facilities that store and process
Category I special nuclear material and how DOE facilities that store and
process Category I special nuclear material are defended against a
terrorist attack. In February 2007, we reported to you on the results of
our work in a classified report.^5 Subsequently, you asked us to provide
you with an unclassified summary of our report. This report provides the
unclassified summary. We conducted our work for this report between May
2007 and September 2007 in accordance with generally accepted government
auditing standards.

^1GAO, Nuclear Security: NNSA Needs to Better Manage Its Safeguards and
Security Program, GAO-03-471 (Washington, D.C.: May 30, 2003).

^2GAO, Nuclear Security: DOE Needs to Resolve Significant Issues Before It
Fully Meets the New Design Basis Threat, GAO-04-623 (Washington, D.C.:
Apr. 27, 2004); and Nuclear Security: DOE's Office of the Under Secretary
for Energy, Science, and the Environment Needs to Take Prompt, Coordinated
Action to Meet the New Design Basis Threat, GAO-05-611 (Washington, D.C.:
July 15, 2005).

^3GAO, Nuclear Regulatory Commission: Oversight of Security at Commercial
Nuclear Power Plants Needs to Be Strengthened, GAO-03-752 (Washington,
D.C.: Sept. 4, 2003).

^4GAO, Nuclear Power Plants: Efforts Made to Upgrade Security, but the
Nuclear Regulatory Commission's Design Basis Threat Process Should Be
Improved,  GAO-06-388 (Washington, D.C.: Mar. 14, 2006).

^5GAO, (U) Nuclear Security: DOE and NRC Security Requirements for Special
Nuclear Material, GAO-07-41C (Washington, D. C.: Feb. 16, 2007).

In summary:

Historically, DOE and NRC have sought comparability in their respective
DBTs because DOE sites and NRC licensees often deal with the same types of
Category I special nuclear material. For example, in 2000, NRC imposed
additional security requirements on its licensees because, as it stated at
the time, NRC is responsible for ensuring that weapons-usable material in
the commercial sector receives protection comparable with that provided to
similar DOE material. Following the September 11, 2001, terrorist attacks,
both DOE and NRC put in place more demanding DBTs. NRC issued its most
recent DBT in 2003, and DOE issued its most recent DBT in 2005. More
importantly, even though DOE's sites and NRC's licensees store and process
similar weapons-grade nuclear material, the DBTs each agency adopted for
Category I special nuclear material are different.

Several factors have contributed to the differences between DOE's and
NRC's DBTs. First, a key document used in the development of DOE's DBT was
the Postulated Threat to U.S. Nuclear Weapon Facilities and Other Selected
Strategic Facilities (Postulated Threat). The Postulated Threat is
developed by the U.S. intelligence community, principally the Department
of Defense's Defense Intelligence Agency, and the security organizations
of several different agencies, including DOE and NRC. The most recent
Postulated Threat, issued in 2003,  identified, among other things, the
most likely threats to U.S. facilities with Category I special nuclear
material. While NRC participated in the development of the Postulated
Threat, NRC believes that the Postulated Threat does not apply to
commercial nuclear facilities such as its licensees. Second, DOE and NRC
also differ in their consideration of other intelligence information in
developing their DBTs. In this context, NRC has developed its DBT to be
within the range of what it has determined are the limitations that a
private guard force can reasonably be expected to defend against.
Specifically, NRC believes that the defense against threats not contained
in its DBT is the responsibility of the federal government, in conjunction
with state and local governments. Finally, even though they did so in the
past, since September 11, 2001, DOE and NRC have not fully cooperated in
sharing classified information on potential misuse of Category I special
nuclear material.

Reflecting the differences in their respective DBTs, we found differences
in the actions DOE sites and NRC licensees are taking to increase their
preparedness to defeat a large and sophisticated terrorist attack. For
example, currently, NRC licensees do not have the same legal authority as
DOE sites to acquire heavier weaponry, such as fully automatic weapons, or
the same legal authority to use deadly force to protect special nuclear
material. NRC is pursuing new regulations, authorized by the Energy Policy
Act of 2005, to allow its licensees to use automatic weapons, but expects
to take from 1 to 2 years to issue such regulations. At the same time, DOE
is implementing plans that, if fully realized, will further increase
security at its sites. These plans include developing and deploying
improved security technologies; consolidating special nuclear material
into fewer, better protected locations; and providing better training and
equipment for its security forces. Finally, DOE has better developed tools
for assessing security preparedness and understanding vulnerabilities,
such as computer modeling and force-on-force testing programs that
simulate terrorist attacks on facilities. However, NRC is in the process
of adopting computer modeling and implementing a new force-on-force
testing program.

A successful attack on a facility with Category I special nuclear material
could have unacceptable human, economic, and symbolic consequences.
Consequently, we believe that, regardless of location, there should not be
differences in the protection of Category I special nuclear material. To
address these differences, we made a series of recommendations in our
February 2007 report, including the following:

           o DOE and NRC should develop a common DBT for DOE sites and NRC
           licensees that store and process Category I special nuclear
           material.
           o NRC should expedite its efforts to ensure that its licensees
           have the same legal authorities to acquire heavier weaponry and
           use deadly force as DOE sites currently have to protect such
           material.
           o DOE and NRC should cooperate in establishing computer modeling
           capabilities and force-on-force performance testing programs to
           better assess security preparedness and detect vulnerabilities.

In addition, we recommended that Congress should consider amending the
Atomic Energy Act of 1954, as amended, to give NRC licensees the same
legal authority to use deadly force as DOE sites have to protect Category
I special nuclear material.

We provided DOE and NRC with a draft of our February 2007 report for
review and comment. Overall, DOE, through NNSA, and NRC agreed with
several of our recommendations. Specifically, both NNSA and NRC agreed to
cooperate on improving force-on-force performance testing and computer
modeling. NRC also agreed that obtaining legal authority to acquire
heavier weapons and to clarify policies on the use of deadly force to
protect Category I special nuclear material could enhance security at its
licensees. NRC cited ongoing efforts in both areas. Finally, NNSA
supported having Congress amend the Atomic Energy Act to provide NRC
licensees with the legal authority to use deadly force to protect Category
I special nuclear material. However, NNSA and NRC did not support our
recommendation to develop a common DBT for facilities that store and
process Category I special nuclear material. Specifically, in its comments
on our report, NRC stated that it believes that it is more important to
set protection levels that are appropriate for the potential scenarios
that involve the malevolent use of the nuclear materials stored or handled
at a given site. NRC also stated that both agencies have recognized that
protection strategies may differ between the sites they oversee based on
the type, form, purpose and quantity of material at their sites. However,
in our evaluation of the agency's comments, we noted that all of the sites
and licensees have one important thing in common--they all possess
significant quantities of Category I special nuclear material. As such, we
believe, there should not be differences in their level of protection.

                                   - - - - -

As arranged with your office, unless you publicly announce its contents
earlier, we plan no further distribution of this report until 14 days
after the date of this report. We will then send copies to appropriate
congressional committees, the Secretary of Energy; the Administrator,
NNSA; the Chairman of the Nuclear Regulatory Commission; and the Director
of the Office of Management and Budget. We will make copies of this report
available to others upon request. This report will also be available at no
charge on GAO's Web site at [3]http://www.gao.gov .

If you or your staff have any questions about this report or need
additional information, please contact me at (202) 512-3841 or
[email protected]. Contact points for our Office of Congressional Relations
and Public Affairs may be found on the last page of this report. James
Noel, Assistant Director, and Jonathan Gill made key contributions to this
report.

Sincerely yours,

Gene Aloise
Director, Natural Resources and Environment

(360882)

This is a  work of the  U.S. government  and is not  subject to  copyright
protection in the United States.  The published product may be  reproduced
and distributed  in  its entirety  without  further permission  from  GAO.
However, because  this  work  may  contain  copyrighted  images  or  other
material, permission from  the copyright  holder may be  necessary if  you
wish to reproduce this material separately.

GAO's Mission

The Government Accountability Office, the audit, evaluation, and
investigative arm of Congress, exists to support Congress in meeting its
constitutional responsibilities and to help improve the performance and
accountability of the federal government for the American people. GAO
examines the use of public funds; evaluates federal programs and policies;
and provides analyses, recommendations, and other assistance to help
Congress make informed oversight, policy, and funding decisions. GAO's
commitment to good government is reflected in its core values of
accountability, integrity, and reliability.

Obtaining Copies of GAO Reports and Testimony

The fastest and easiest way to obtain copies of GAO documents at no cost
is through GAO's Web site ( [4]www.gao.gov ). Each weekday, GAO posts
newly released reports, testimony, and correspondence on its Web site. To
have GAO e-mail you a list of newly posted products every afternoon, go to
[5]www.gao.gov and select "E-mail Updates."

Order by Mail or Phone

The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent of
Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more
copies mailed to a single address are discounted 25 percent. Orders should
be sent to:

U.S. Government Accountability Office 441 G Street NW, Room LM Washington,
DC 20548

To order by Phone: Voice: (202) 512-6000
TDD: (202) 512-2537
Fax: (202) 512-6061

To Report Fraud, Waste, and Abuse in Federal Programs

Contact:

Web site: [6]www.gao.gov/fraudnet/fraudnet.htm
E-mail: [7][email protected]
Automated answering system: (800) 424-5454 or (202) 512-7470

Congressional Relations

Gloria Jarmon, Managing Director, [8][email protected] , (202) 512-4400 U.S.
Government Accountability Office, 441 G Street NW, Room 7125 Washington,
DC 20548

Public Affairs

Susan Becker, Acting Manager, [9][email protected] , (202) 512-4800 U.S.
Government Accountability Office, 441 G Street NW, Room 7149 Washington,
DC 20548

References

Visible links
3. http://www.gao.gov/
4. http://www.gao.gov/
5. http://www.gao.gov/
6. http://www.gao.gov/fraudnet/fraudnet.htm
7. mailto:[email protected]
8. mailto:[email protected]
9. mailto:[email protected]
*** End of document. ***