Nuclear Security: Action May Be Needed to Reassess the Security  
of NRC-Licensed Research Reactors (31-JAN-08, GAO-08-403).	 
                                                                 
There are 37 research reactors in the United States, mostly	 
located on college campuses. Of these, 33 reactors are licensed  
and regulated by the Nuclear Regulatory Commission (NRC). Four	 
are operated by the Department of Energy (DOE) and are located at
three national laboratories. Although less powerful than	 
commercial nuclear power reactors, research reactors may still be
attractive targets for terrorists. As requested, GAO examined the
(1) basis on which DOE and NRC established the security and	 
emergency response requirements for DOE and NRC-licensed research
reactors and (2) progress that the National Nuclear Security	 
Administration (NNSA) has made in converting U.S. research	 
reactors that use highly enriched uranium (HEU) to low enriched  
uranium (LEU) fuel. This report summarizes the findings of GAO's 
classified report on the security of research reactors		 
(GAO-08-156C).							 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-08-403 					        
    ACCNO:   A80340						        
  TITLE:     Nuclear Security: Action May Be Needed to Reassess the   
Security of NRC-Licensed Research Reactors			 
     DATE:   01/31/2008 
  SUBJECT:   Emergency response 				 
	     Emergency response plans				 
	     Emergency response procedures			 
	     Energy conversion					 
	     Hazardous materials emergency response		 
	     Licenses						 
	     Nuclear facilities 				 
	     Nuclear facility security				 
	     Nuclear materials					 
	     Nuclear reactors					 
	     Physical security					 
	     Radioactive materials				 
	     Regulatory agencies				 
	     Research programs					 
	     Risk assessment					 
	     Risk management					 
	     Security regulations				 
	     Security threats					 
	     Strategic planning 				 
	     Terrorism						 
	     Terrorists 					 
	     Uranium						 
	     Policies and procedures				 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-08-403

   

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as part 
of a longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to [email protected]. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

Report to the Ranking Member, Subcommittee on National Security and 
Foreign Affairs, Committee on Oversight and Government Reform, House of 
Representatives: 

United States Government Accountability Office: 

GAO: 

January 2008: 

Nuclear Security: 

Action May Be Needed to Reassess the Security of NRC-Licensed Research 
Reactors: 

Nuclear Security: 

GAO-08-403: 

GAO Highlights: 

Highlights of GAO-08-403, a report to the Ranking Member, Subcommittee 
on National Security and Foreign Affairs, Committee on Oversight and 
Government Reform, House of Representatives. 

Why GAO Did This Study: 

There are 37 research reactors in the United States, mostly located on 
college campuses. Of these, 33 reactors are licensed and regulated by 
the Nuclear Regulatory Commission (NRC). Four are operated by the 
Department of Energy (DOE) and are located at three national 
laboratories. Although less powerful than commercial nuclear power 
reactors, research reactors may still be attractive targets for 
terrorists. As requested, GAO examined the (1) basis on which DOE and 
NRC established the security and emergency response requirements for 
DOE and NRC-licensed research reactors and (2) progress that the 
National Nuclear Security Administration (NNSA) has made in converting 
U.S. research reactors that use highly enriched uranium (HEU) to low 
enriched uranium (LEU) fuel. 

This report summarizes the findings of GAOï¿½s classified report on the 
security of research reactors (GAO-08-156C). 

What GAO Found: 

DOE developed the security and emergency response requirements for its 
research reactors using its Design Basis Threatï¿½a process that 
establishes a baseline threat for which minimum security measures 
should be developed. These research reactors benefit from the greater 
security required for the national laboratories where they are located, 
which store weapons-usable nuclear materials. DOE also has concluded 
that the consequences of an attack at some of its research reactors 
could be severe, causing radioactivity to be dispersed over many square 
miles and requiring the evacuation of nearby areas. As a result, all 
facilities where DOE reactors are located have extensive plans and 
procedures for responding to security incidents. 

NRC based its security and emergency response requirements largely on 
the regulations it had in place before September 2001. NRC decided that 
the security assessment it conducted between 2003 and 2006 showed that 
these requirements were sufficient. While it was conducting this 
assessment, NRC worked with licensees to improve security when 
weaknesses were detected. However, GAO found that NRCï¿½s assessment 
contains questionable assumptions that create uncertainty about whether 
the assessment reflects the full range of security risks and potential 
consequences of attacks on research reactors. For example, Sandia 
National Laboratories (SNL)ï¿½a contractor NRC used to assist in 
performing its assessmentï¿½ found that some NRC-licensed research 
reactors may not be prepared for certain types of attacks. However, NRC 
disagreed with SNLï¿½s finding. In 2006, NRC concluded that the 
consequences of attacks would result in minimal radiological exposure 
to the public. In addition, NRC assumed that terrorists would use 
certain tactics in attacking a reactor but did not fully consider 
alternative attack scenarios that could be more damaging. Finally, NRC 
assumed that a small part of a reactor could be damaged in an attack, 
resulting in the release of only a small amount of radioactivity. 
However, according to experts at Idaho National Laboratories and the 
Department of Homeland Security, it is possible that a larger part of a 
reactor could be damaged, which could result in the release of larger 
amounts of radioactivity. 

NNSA has made progress in changing from HEU to LEU fuel in U.S. 
research reactors but may face difficulty in converting some of the 
remaining research reactors. Since 1978, NNSA has converted eight 
currently operating U.S. research reactors, including two in 2006. In 
addition, NNSA plans to convert 10 more U.S. research reactors by 
September 2014ï¿½five of which are scheduled for conversion by 2009. 
However, NNSA faces difficulties in converting the remaining five 
reactors because these reactors cannot operate with the currently 
available LEU fuel. NNSA is now developing a new LEU fuel that will 
allow the remaining five reactors to operate. However, according to 
NNSA, developing this fuel has been problematic, as early efforts 
experienced failures during testing. NNSA officials acknowledged that 
further setbacks are likely to delay plans to convert these research 
reactors. 

What GAO Recommends: 

GAO recommends that NRC reassess the consequences of terrorist attacks 
on NRC-licensed research reactors using assumptions that better reflect 
a fuller range of expert opinion on reactor security. 

NNSA and DOE generally agreed with the report. NRC disagreed with the 
report in several areas. GAO continues to believe that given the 
uncertainty associated with NRCï¿½s security assessment, it is important 
that NRC reassess the consequences of a terrorist attack on research 
reactors. 

To view the full product, including the scope and methodology, click on 
[hyperlink, http://www.GAO-08-403]. For more information, contact Gene 
Aloise at (202) 512-3841 or [email protected]. 

[End of section] 

Contents: 

Letter: 

Results in Brief: 

Background: 

DOE Used Its DBT to Develop Security and Emergency Response 
Requirements for Its Reactors, Which Also Benefit from National 
Laboratories' Enhanced Security: 

Security and Emergency Response Requirements for NRC-Licensed Research 
Reactors Are Based on Questionable Assumptions, Meaning That Reactors 
May Not Be Adequately Protected: 

Despite Recent Security Improvements, NRC's Security and Emergency 
Response Requirements May Not Sufficiently Address the Potential 
Consequences of an Attack: 

NNSA Has Made Progress in Converting U.S. Research Reactors from HEU to 
LEU Fuel, but It Faces Challenges in Converting Some Remaining Research 
Reactors: 

Conclusions: 

Recommendations for Executive Action: 

Agency Comments and Our Evaluation: 

Appendix I: Comments from the Nuclear Regulatory Commission: 

GAO Comments: 

Appendix II: GAO Contact and Staff Acknowledgments: 

Tables: 

Table 1: Location, Fuel Type, and Power Level of Operating U.S. 
Research Reactors: 

Table 2: U.S. Research Reactors Using HEU Fuel That NNSA Plans to 
Covert to Currently Available LEU Fuel by 2009: 

Table 3: Anticipated Conversion Dates for Five U.S. Research Reactors 
Using HEU Fuel That Cannot Convert with Currently Available LEU Fuel: 

Figures: 

Figure 1: Inside of a Research Reactor: 

Figure 2: Research Reactor Building Surrounded by Jersey Barriers: 

Abbreviations: 

CFR: Code of Federal Regulations: 

DBT: Design Basis Threat: 

DHS: Department of Homeland Security: 

DOE: Department of Energy: 

HEU: highly enriched uranium: 

INL: Idaho National Laboratory: 

kW: kilowatt: 

LANL: Los Alamos National Laboratory: 

LEU: low-enriched uranium: 

MW: megawatt: 

NNSA: National Nuclear Security Administration: 

NRC: Nuclear Regulatory Commission: 

ORNL: Oak Ridge National Laboratory: 

RERTR: Reduced Enrichment for Research and Test: 

Reactors: 

SNL: Sandia National Laboratories: 

SWAT: Special Weapons and Tactics: 

United States Government Accountability Office: 

Washington, DC 20548: 

January 31, 2008: 

The Honorable Christopher Shays: 
Ranking Member: 
Subcommittee on National Security and Foreign Affairs: 
Committee on Oversight and Government Reform: 
House of Representatives: 

Dear Mr. Shays: 

Nuclear research reactors located throughout the United States play an 
important role in education, medicine, industry, national security, and 
basic scientific research. Currently, 37 research reactors operate in 
the United States. Of these reactors, 33 are licensed and regulated by 
the Nuclear Regulatory Commission (NRC) and 4 are operated by the 
Department of Energy (DOE). The DOE research reactors are located at 
three national laboratories: Oak Ridge National Laboratory (ORNL), 
Sandia National Laboratories (SNL), and Idaho National Laboratory 
(INL). Research reactors are less powerful than commercial nuclear 
power reactors, ranging in size from less than 1 megawatt (MW) to 250 
MW, compared with the 3,000 MW found for a typical commercial nuclear 
power reactor. 

Although research reactors are less powerful than commercial nuclear 
power reactors, they may nevertheless be targets for terrorists 
determined to steal reactor fuel for use in a nuclear weapon or 
radiological dispersal device (dirty bomb) or to sabotage a reactor in 
order to disperse radioactive material into the atmosphere over 
neighboring communities. For example, unlike commercial nuclear power 
reactors, several research reactors use highly enriched uranium (HEU) 
fuel instead of low-enriched uranium (LEU) fuel, which make them a 
target because HEU is a key component in the construction of some 
nuclear weapons.[Footnote 1] Furthermore, most NRC-licensed research 
reactors are located on university campuses; and while they have 
security systems in place, they are also accessible to students for 
educational purposes. 

Through a series of orders, manuals, and directives, DOE has 
established security requirements for all of its facilities, including 
those that maintain nuclear materials. The key component of the 
security requirements is the Design Basis Threat (DBT) document. The 
DBT identifies the size and capability of terrorist forces and the 
potential consequences of terrorist attacks. From this document, DOE 
developed the security objectives and policies and the security 
measures necessary to protect nuclear weapons, nuclear weapons 
components, special nuclear material, national laboratories, and other 
critical DOE assets against the attacking force described in the DBT. 

While NRC maintains a DBT for the commercial power reactors it 
licenses, it does not have a DBT for NRC-licensed research reactors. 
However, NRC has assessed threat scenarios to NRC-licensed research 
reactors and has identified as potential threats the theft of fuel for 
use in a nuclear weapon, dirty bomb, radiological exposure device, and 
sabotage to disperse radioactive material. In addressing these threats, 
NRC must ensure that its security requirements are consistent with 
section 104(c) of the Atomic Energy Act of 1954. Section 104(c) directs 
NRC to impose only "such minimum amount of regulation" of a research 
reactor licensee as NRC finds will permit it to fulfill its obligations 
to promote the common defense and security and protect public health 
and safety of the public, and will permit the conduct of widespread and 
diverse research and development. Security requirements for NRC- 
licensed research reactors are based on a graded approach; that is, 
research reactors possessing larger quantities of nuclear material or 
using material potentially more attractive to adversaries are generally 
required to have more security measures in place. 

Both DOE and NRC require reactor operators or licensees to develop and 
implement emergency response plans to prepare for accidents and 
possible terrorist attacks. Among other things, these plans are to 
address the coordination of activities by emergency first responders, 
including police, fire, medical, and hazardous materials personnel. 
These plans may also include guidelines for when and how areas near a 
research reactor should be evacuated. 

Following the events of September 11, 2001, NRC assessed the security 
of NRC-licensed research reactors in order to determine whether 
additional security measures were warranted.[Footnote 2] Unlike a DBT, 
the assessment did not prescribe specific security standards. Instead, 
the security assessment analyzed the effectiveness of security at 
individual NRC-licensed research reactors and the potential 
consequences of terrorist attacks. NRC contracted with SNL for this 
assessment because, according to NRC officials, SNL has considerable 
expertise in assessing the security of nuclear facilities.[Footnote 3] 
To determine the types of threats that needed to be taken into account 
during the security assessment, NRC and SNL used a threat assessment 
developed by NRC from current intelligence information that identified 
the potential threats to NRC-licensed research reactors. 

Beyond these efforts to secure research reactors and plan for 
emergencies, the United States has had a policy since 1978 of reducing 
and, to the extent possible, replacing the use of HEU fuel in research 
reactors with LEU fuel. While HEU is a key component in the 
construction of nuclear weapons, LEU is poorly suited for this use. 
Accordingly, replacing HEU with LEU reduces the risk that terrorists 
will gain access to the material needed to construct a nuclear weapon. 
To support this policy, DOE initiated the Reduced Enrichment for 
Research and Test Reactors (RERTR) program, or reactor conversion 
program, to develop the technology to reduce and eventually eliminate 
the use of HEU in research reactors worldwide.[Footnote 4] The National 
Nuclear Security Administration (NNSA), a separately organized agency 
within DOE, oversees the reactor conversion program. 

In response to your request concerning the security of U.S. research 
reactors, we examined (1) the basis on which DOE and NRC established 
the security and emergency response requirements for DOE and NRC- 
licensed research reactors and (2) the progress NNSA has made in its 
ongoing efforts to convert U.S. research reactors that use HEU fuel to 
LEU fuel. In October 2007, we reported to you on the results of our 
work in a classified report.[Footnote 5] Subsequently, you asked us to 
provide you with an unclassified version of our report. This report 
summarizes the results of our classified report. 

To address these objectives, we reviewed relevant DOE and NRC policy, 
planning, and analysis documents, including DOE's DBT and NRC's threat 
assessment document. Both of these documents establish a baseline 
threat for which minimum security measures should be developed. We also 
reviewed inspection oversight manuals, security plans, emergency plans, 
and the relevant provisions of the Code of Federal Regulations. For 
both DOE and NRC-licensed research reactors, we reviewed NRC, SNL, Los 
Alamos National Laboratory, and INL reports and studies to assess the 
potential consequences of an attack on research reactors. In addition, 
at our request--an INL reactor vulnerability expert whose expertise 
includes evaluating and modeling the effects of radiological sabotage-
-analyzed the consequences of a radiological sabotage attack against a 
research reactor with characteristics similar to some mid-powered NRC- 
licensed reactors. Prior to performing the analysis, the INL expert and 
GAO discussed and agreed on the assumptions that would be used in the 
analysis. GAO's Chief Technologist reviewed the INL expert's analysis 
and found it met sufficiency, competency, and relevancy standards for 
GAO sources. Additionally, we interviewed a Department of Homeland 
Security (DHS) expert regarding some of the key inputs used in the INL 
expert's analysis. We also discussed the INL expert's analysis with INL 
management, who stated that the analysis was technically accurate and 
that its reactor vulnerability expert had done good work in preparing 
it. 

We also visited research reactor sites, including all four DOE-operated 
research reactors and 10 of the 33 NRC-licensed research reactors. To 
select these reactors, we used a nonprobability (or judgmental) sample 
based on reactor size in terms of power and geographic location. 
Accordingly, we were able to review a variety of security measures in 
place for reactors of different power levels, including some of the 
most powerful, and for reactors at locations with varying relative 
population densities. At both DOE and NRC-licensed research reactors, 
we examined security systems and interviewed officials, including 
directors of reactor operations, campus security, and local police and 
fire officials. A GAO special agent specializing in security systems 
participated in the visits to two DOE and five NRC-licensed research 
reactors. Furthermore, we interviewed officials representing DOE's 
Offices of Health, Safety and Security, University Programs, Security 
Policy, and Security Evaluations; the NNSA office that implements the 
reactor conversion program; and several offices within NRC, including 
its Research and Test Reactors Branch, Office of Nuclear Security and 
Incident Response, Division of Security Policy, and Reactor Security 
Branch. Finally, we interviewed INL and SNL scientists and officials, 
as well as several security and reactor experts at universities and 
nongovernmental organizations, who have conducted studies or are 
considered experts on the potential effects of attacks on research 
reactors to obtain differing perspectives about research reactor 
security. We conducted the work for the classified report between May 
2006 and July 2007 in accordance with generally accepted government 
auditing standards and we conducted our work for the unclassified 
report between October 2007 and January 2008. Those standards require 
that we plan and perform the audit to obtain sufficient, appropriate 
evidence to provide a reasonable basis for our findings and conclusions 
based on our audit objectives. We believe that the evidence obtained 
provides a reasonable basis for our findings and conclusions based on 
our audit objectives. 

Results in Brief: 

DOE protects its four research reactors by using the security and 
emergency requirements developed for its DBT and by relying on the 
reactors' location at national laboratories that require heightened 
security because these laboratories store weapons-usable nuclear 
material or conduct nuclear weapons-related activities. DOE's DBT 
requires its research reactors to be protected in a graded manner--that 
is, a reactor possessing more dangerous material must be safeguarded 
more securely than those that have less dangerous material. In 
addition, DOE requires that all personnel with routine access to DOE 
reactors have a federal security clearance. This is an important 
measure to help address the so-called "insider threat"--the possibility 
that someone inside a facility, such as a reactor employee, would 
assist terrorists in an attack. Despite extensive security features at 
DOE research reactors, we did find a security weakness. We discovered 
that the Web site for one DOE research reactor contained information 
about its refueling schedule. According to security experts, reactors 
are more vulnerable during refueling because large doors that are 
normally tightly secured must be opened to deliver fuel. After we 
brought this matter to DOE's attention, DOE removed the information 
from its Web site. Finally, DOE has concluded that the consequences of 
an attack at some of its research reactors could be severe, causing 
radiation to be dispersed over many square miles and requiring the 
evacuation of nearby areas. As a result, all facilities where DOE 
reactors are located have established extensive plans and procedures 
for safety and security incidents. For example, DOE facilities where 
research reactors are located have emergency response plans that call 
for evacuating areas surrounding the facility for up to 300-square 
miles in the event of a potentially hazardous radiological release. 

NRC's security and emergency response requirements are largely based on 
the regulations it had in place before September 11, 2001. NRC decided 
to retain its requirements after conducting a security assessment 
between 2003 and 2006 and determining that these requirements were 
sufficient. NRC worked with individual licensees to improve security 
when weaknesses were detected. However, we found that NRC's assessment 
contains analyses and assumptions about reactor security and terrorist 
capabilities that are questionable--creating uncertainty about whether 
NRC's assessment reflects the full range of security risks and 
potential consequences of an attack on a research reactor. We reached 
this conclusion for three reasons. First, SNL--which NRC had contracted 
with to assist in performing its security assessment--found that some 
NRC-licensed research reactors may not be prepared for certain types of 
terrorist attacks. For example, SNL's analysis of several reactors 
found that in certain scenarios where a small group of well-trained 
terrorists attacked a reactor, the terrorists could be successful. 
However, NRC disagreed with SNL's finding and believed it would be far 
more difficult for terrorists to successfully attack a research 
reactor. In the end, NRC concluded in 2006 that the radiological 
consequences of attacks would result in minimal radiological exposure 
to the public. Therefore, NRC decided that it did not need to 
strengthen the security requirements. Second, based on its threat 
assessment, NRC assumed that terrorists would use certain weapons and 
tactics in attacking a reactor but did not fully consider alternative 
attack scenarios that could be more damaging if carried out 
successfully. According to an SNL expert, attacking a research reactor 
using an alternative approach would be a difficult and sophisticated 
task that would likely require specific knowledge of reactors and 
sabotage techniques. Nonetheless, this expert stated that such an 
attack was possible and identified detailed information needed for such 
an attack. Finally, NRC assumed that a small portion of a research 
reactor could be damaged in a terrorist attack, resulting in the 
release of only a small amount of radioactivity into the atmosphere. 
However, according to experts at INL and DHS, it is possible that a 
larger portion of a research reactor could be damaged in a terrorist 
attack, which could result in the release of a larger amount of 
radioactivity. 

We also identified potential shortcomings with NRC's current security 
and emergency response requirements and measures that may require 
immediate attention. For example, at one research reactor we visited, 
the reactor could be accessed and potentially damaged in an attack. In 
addition, at the time of our review, NRC did not have a background 
check requirement for research reactor staff who had unescorted access 
to the reactor, which created a potential security weakness. However, 
in response to the requirements in the Energy Policy Act of 2005, NRC 
issued an order to research reactor licensees in May 2007, requiring 
that all staff with unescorted access to reactors be fingerprinted and 
undergo a Federal Bureau of Investigation criminal background check. 
Concerning emergency response requirements, all the NRC-licensed 
research reactors we visited had emergency plans for responding to 
terrorist attacks and agreements with local law enforcement and other 
first responders for responding to emergencies. However, NRC does not 
require that these plans include evacuation plans for areas surrounding 
its licensed reactors, even though most research reactors are located 
on college campuses or near populated areas where the consequences of 
an attack could be more severe than NRC estimates. Furthermore, NRC's 
requirements for emergency response plans do not call for first 
responders to reactor security alarms to be armed. At most NRC-licensed 
research reactors we visited, the designated first responders would be 
armed, but at a few they would not. At these reactors, unarmed campus 
police--not local law enforcement agencies--are the designated first 
responders when alarms are set off. 

Regarding NNSA's reactor conversion program, NNSA has made progress in 
converting U.S. research reactors from using HEU fuel to using LEU 
fuel, but it faces challenges in converting some of the remaining 
research reactors. NNSA has converted 8 currently operating U.S. 
research reactors since 1978, including 2 in 2006. In addition, NNSA 
plans to convert 10 more U.S. research reactors by September 2014. Of 
these 10, 5 are on schedule to be converted by 2009. However, NNSA 
faces challenges in converting the remaining 5 reactors because these 
reactors cannot operate with the LEU fuel that is currently available. 
NNSA is now developing a new LEU fuel that will allow the remaining 
five reactors to operate, but according to an NNSA official, this fuel 
must be developed by 2011 if NNSA is to meet its conversion schedule 
goal of 2014. Development of this fuel, however, has been problematic. 
Early efforts to develop the fuel experienced failures during testing, 
which caused NNSA to push back anticipated completion dates. NNSA and 
national laboratory officials acknowledged that the fuel development 
schedule is optimistic and that further technical setbacks would likely 
delay NNSA's plans to convert research reactors. Furthermore, NNSA's 
cost estimate for the conversion of the remaining DOE and NRC-licensed 
research reactors may be uncertain because fuel development is not yet 
complete, and the projected completion dates for the reactors' 
conversions hinge on the timely and successful development of the new 
fuel. 

In our October 2007 classified report, we made recommendations to the 
Chairman of NRC to reassess the consequences of terrorist attacks on 
NRC-licensed research reactors using assumptions that better reflect a 
fuller range of expert opinion on the security of reactors and the 
capabilities of potential terrorist forces. If NRC finds that the 
consequences of an attack are more severe than previously estimated, we 
also recommended that the Chairman of NRC (1) ensure that the security 
requirements for research reactors are commensurate with the 
consequences of attacks, (2) reexamine emergency response requirements 
to address whether evacuation plans should be included, and (3) require 
that first responders to alarms at research reactors be armed. 

We provided DOE, NNSA, and NRC with draft copies of our classified 
report for their review and comment. As discussed in our classified 
report, NNSA, whose comments also reflected DOE's views, generally 
agreed with the report and provided minor technical comments, which we 
incorporated as appropriate. NRC did not agree with the report and 
criticized our report in several areas. For example, NRC stated that we 
misrepresented its use of the SNL security assessment and that we 
incorrectly stated that the NRC had dismissed the findings in SNL's 
assessment. We believe we have accurately described NRC's position on 
the work done by SNL. Specifically, NRC has reiterated its disagreement 
with the SNL analysis in writing on several occasions. When NRC 
provided us with copies of SNL's security assessment, it also provided 
a disclaimer stating that NRC "does not support many of the assumptions 
and/or information contained in these reports andï¿½the reports cannot be 
used independently to develop any conclusions regarding the security or 
protective measures for the facilities contained in the reports." 
Furthermore, according to a 2005 statement from an NRC Commissioner 
concerning SNL's work, "because the Sandia security assessment reports 
contain scenarios and assumptions that are not supported by the 
Commission, the reports should not be released to anyone outside the 
agency nor should they be shared with licensees or stakeholders." NRC's 
specific comments and our response are discussed at the end of this 
letter. (NRC comments on our classified report contained information 
that was classified. However, in December 2007, NRC provided an 
unclassified version of its comments to us, which we have included in 
appendix I along with our response to its comments.) 

Background: 

Table 1 lists the 37 research reactors operating in the United States. 
Of the 33 reactors that NRC licenses and regulates, 27 are located on 
university campuses. In contrast, all DOE research reactors are located 
in relatively isolated locations and at facilities where public access 
is restricted because weapons-usable nuclear materials associated with 
DOE's nuclear weapons programs are also stored on site. 

Table 1: Location, Fuel Type, and Power Level of Operating U.S. 
Research Reactors: 

Reactors: DOE--4: Advanced Test Reactor; 
Location: INL, Idaho; 
Fuel type: HEU; 
Power level[A]: 250 Megawatt (MW). 

Reactors: DOE--4: High Flux Isotope Reactor; 
Location: ORNL, Tennessee; 
Fuel type: HEU; 
Power level[A]: 85 MW. 

Reactors: DOE--4: Annular Core Research Reactor; 
Location: SNL, New Mexico; 
Fuel type: HEU; 
Power level[A]: 4 MW. 

Reactors: DOE--4: Neutron Radiography Reactor; 
Location: INL, Idaho; 
Fuel type: HEU; 
Power level[A]: 250 kilowatt (kW). 

Reactors: NRC--33: National Institute of Standards and Technology; 
Location: Gaithersburg, Maryland; 
Fuel type: HEU; 
Power level[A]: 20 MW. 

Reactors: NRC--33: University of Missouri, Columbia; 
Location: Columbia, Missouri; 
Fuel type: HEU; 
Power level[A]: 10 MW. 

Reactors: NRC--33: Massachusetts Institute of Technology; 
Location: Cambridge, Massachusetts; 
Fuel type: HEU; 
Power level[A]: 5 MW. 

Reactors: NRC--33: University of California, Davis; 
Location: Sacramento, California; 
Fuel type: LEU; 
Power level[A]: 2 MW. 

Reactors: NRC--33: Rhode Island Nuclear Science Center; 
Location: Narragansett, Rhode Island; 
Fuel type: LEU; 
Power level[A]: 2 MW. 

Reactors: NRC--33: Armed Forces Radiobiology Research Institute; 
Location: Bethesda, Maryland; 
Fuel type: LEU; 
Power level[A]: 1 MW. 

Reactors: NRC--33: University of Massachusetts, Lowell; 
Location: Lowell, Massachusetts; 
Fuel type: LEU; 
Power level[A]: 1 MW. 

Reactors: NRC--33: North Carolina State University; 
Location: Raleigh, North Carolina; 
Fuel type: LEU; 
Power level[A]: 1 MW. 

Reactors: NRC--33: Oregon State University; 
Location: Corvallis, Oregon; 
Fuel type: HEU; 
Power level[A]: 1 MW. 

Reactors: NRC--33: Pennsylvania State University; 
Location: University Park, Pennsylvania; 
Fuel type: LEU; 
Power level[A]: 1 MW. 

Reactors: NRC--33: University of Texas; 
Location: Austin, Texas; 
Fuel type: LEU; 
Power level[A]: 1 MW. 

Reactors: NRC--33: Texas A&M University; 
Location: College Station, Texas; 
Fuel type: LEU; 
Power level[A]: 1 MW. 

Reactors: U.S. Geological Survey; 
Location: Denver, Colorado; 
Fuel type: LEU; 
Power level[A]: 1 MW. 

Reactors: NRC--33: Washington State University; 
Location: Pullman, Washington; 
Fuel type: HEU; 
Power level[A]: 1 MW. 

Reactors: NRC--33: University of Wisconsin; 
Location: Madison, Wisconsin; 
Fuel type: HEU; 
Power level[A]: 1 MW. 

Reactors: NRC--33: Ohio State University; 
Location: Columbus, Ohio; 
Fuel type: LEU; 
Power level[A]: 500 kW. 

Reactors: NRC--33: Dow Chemical Company; 
Location: Midland, Michigan; 
Fuel type: LEU; 
Power level[A]: 300 kW. 

Reactors: NRC--33: Aerotest Operations, Inc; 
Location: San Ramon, California; 
Fuel type: LEU; 
Power level[A]: 250 kW. 

Reactors: NRC--33: University of California, Irvine; 
Location: Irvine, California; 
Fuel type: LEU; 
Power level[A]: 250 kW. 

Reactors: NRC--33: Kansas State University; 
Location: Manhattan, Kansas; 
Fuel type: LEU; 
Power level[A]: 250 kW. 

Reactors: NRC--33: University of Maryland; 
Location: College Park, Maryland; 
Fuel type: LEU; 
Power level[A]: 250 kW. 

Reactors: NRC--33: Reed College; 
Location: Portland, Oregon; 
Fuel type: LEU; 
Power level[A]: 250 kW. 

Reactors: NRC--33: Missouri University of Science and Technology; 
Location: Rolla, Missouri; 
Fuel type: LEU; 
Power level[A]: 200 kW. 

Reactors: NRC--33: University of Arizona; 
Location: Tucson, Arizona; 
Fuel type: LEU; 
Power level[A]: 100 kW. 

Reactors: NRC--33: University of Florida; 
Location: Gainesville, Florida; 
Fuel type: LEU; 
Power level[A]: 100 kW. 

Reactors: NRC--33: General Electric Company; 
Location: Sunol, California; 
Fuel type: HEU; 
Power level[A]: 100 kW. 

Reactors: NRC--33: University of Utah; 
Location: Salt Lake City, Utah; 
Fuel type: LEU; 
Power level[A]: 100 kW. 

Reactors: NRC--33: Worcester Polytechnic Institute; 
Location: Worcester, Massachusetts; 
Fuel type: LEU; 
Power level[A]: 10 kW. 

Reactors: NRC--33: Purdue University; 
Location: West Lafayette, Indiana; 
Fuel type: HEU; 
Power level[A]: 1 kW. 

Reactors: NRC--33: Rennselaer Polytechnic Institute; 
Location: Schenectady, New York; 
Fuel type: LEU; 
Power level[A]: .10 kW. 

Reactors: NRC--33: Idaho State University; 
Location: Pocatello, Idaho; 
Fuel type: LEU; 
Power level[A]: .005 kW. 

Reactors: NRC--33: University of New Mexico; 
Location: Albuquerque, New Mexico; 
Fuel type: LEU; 
Power level[A]: .005 kW. 

Reactors: NRC--33: Texas A&M University; 
Location: College Station, Texas; 
Fuel type: LEU; 
Power level[A]: .005 kW. 

Source: DOE and NRC. 

[A] One megawatt is 1,000 kilowatts. On average, 1 kilowatt is the 
amount of power that is needed to operate a typical U.S. household for 
1 hour. 

[End of table] 

Several factors may make research reactors a target for terrorists. For 
example, most U.S. research reactors are located on university 
campuses; while these research reactors have security systems in place, 
none are protected with the kind of security or armed security forces 
that protect nuclear power reactors. Furthermore, once inside the 
reactor building, terrorists may gain access to the reactor. Figure 1 
shows the inside of a research reactor. In addition, while power 
reactors use LEU fuel, several research reactors still use HEU fuel in 
order to produce the appropriate conditions in the reactor for 
conducting a wide variety of research. HEU is attractive to terrorists 
looking to construct a crude nuclear weapon. NRC's Office of Nuclear 
Reactor Regulation has oversight responsibility for all NRC-licensed 
research reactors. DOE's Office of Nuclear Energy, Science, and 
Technology's Radiological Facilities Management program is charged with 
maintaining DOE research reactors in a secure manner. 

Figure 1: Inside of a Research Reactor: 

This figure is a picture of the inside of a research reactor. 

[See PDF for image] 

Source: Photo provided by an NRC-licensed research reactor. 

[End of figure] 

To enforce safety, security, and emergency planning requirements, both 
DOE and NRC conduct routine inspections to ensure compliance with DOE 
orders, manuals, and directives and with NRC regulations. DOE's Office 
of Independent Oversight and Performance Assurance--which independently 
assesses the effectiveness of DOE policies and programs in safeguards 
and security and emergency management for DOE facilities-
-routinely inspects DOE facilities for compliance with DOE safeguards 
and security requirements. NRC-licensed research reactors are licensed 
and routinely inspected by inspectors representing NRC's Research and 
Test Reactor Section. The requirements for the physical protection of 
NRC-licensed research reactors are set out in NRC regulations and 
primarily focus on preventing the theft and diversion of fuel.[Footnote 
6] In addition to the specific requirements established in the 
regulations, NRC may require--depending on the individual facility and 
site conditions--any additional measures it deems necessary to protect 
against radiological sabotage at research reactors that it licenses to 
operate above 2 MW of power.[Footnote 7] Commensurate with the security 
requirements, security related inspection activity is based on a graded 
approach, where security measures are based on the type and quantity of 
nuclear material on site. For example, research reactors licensed to 
possess more than 5 kilograms of HEU are inspected at least annually, 
while reactors that are licensed to possess less than 1 kilogram of HEU 
are inspected at least triennially. 

NRC used its security assessment of NRC-licensed research reactors to 
determine whether additional security measures were warranted. NRC's 
assessment considered an analysis of security at reactors, as well as 
the consequences of attacks. The security assessment also included site-
specific assessments of NRC-licensed research reactors to determine the 
vulnerability of structures, security operations, and physical 
protection systems, as well as access control systems at research 
reactors. Using varying numbers of adversaries and capabilities, NRC 
assessed threat scenarios, which included theft of fuel for use in a 
nuclear weapon or dirty bomb and sabotage attacks designed to disperse 
radioactive material. NRC used the number of immediate fatalities 
caused by radiological release resulting from an attack at a research 
reactor as its criterion to measure consequences and assessed the 
adequacy of the security at NRC-licensed reactors. If NRC discovered 
that there was potential to affect public health, it was to identify 
countermeasures to mitigate or prevent the consequences, while 
considering the cost-effectiveness of these countermeasures. 

As a complement to DOE and NRC security efforts, NNSA's Reactor 
Conversion Program has a goal of reducing or eliminating the use of HEU 
at research reactors. To support this goal, NRC promulgated a rule in 
1986 requiring all NRC-licensed research reactors to convert to LEU if 
feasible and if DOE provided adequate funding. In addition, under the 
2005 North American Security and Prosperity Partnership, the United 
States, Mexico, and Canada agreed to convert civil HEU reactors on the 
North American continent to LEU fuel, where such LEU fuel is available. 
Since 2004, NNSA has overseen the fuel conversion of U.S. research 
reactors. To achieve NNSA's goal, in 2005, NNSA's reactor conversion 
program partnered with the DOE Office of Nuclear Energy University 
Reactors Program to accelerate the conversion of U.S. research reactors 
by providing funding to enable research reactors where LEU is available 
to convert as rapidly as possible. INL is the technical lead for the 
reactor conversion program's fuel development effort. 

DOE Used Its DBT to Develop Security and Emergency Response 
Requirements for Its Reactors, Which Also Benefit from National 
Laboratories' Enhanced Security: 

To protect its four research reactors, DOE uses the security and 
emergency requirements developed from its DBT and counts on the 
security afforded by the reactors' locations at certain national 
laboratories that require heightened security. Furthermore, DOE has 
concluded that consequences from an attack at some of its research 
reactors could be severe and has therefore established extensive plans 
and procedures for safety and security incidents. 

DOE Research Reactors Are Protected by Requirements of the DBT and 
Their Location at National Laboratories: 

DOE's research reactors benefit from the greater security required for 
the national laboratories where the research reactors are located. The 
laboratories are engaged in nuclear weapon activities or store special 
nuclear material and therefore are to meet the requirements for DOE's 
2003 DBT. This DBT was developed to support DOE policies for preventing 
unauthorized access, theft, or sabotage of nuclear weapons and all 
special nuclear material under DOE's jurisdiction. More specifically, 
following the DBT, DOE requires its research reactors to be protected 
in a graded manner; that is, a reactor possessing more dangerous 
nuclear material must be safeguarded more securely than those that have 
less dangerous material. For example, SNL and INL--the locations of 
DOE's Annular Core Research Reactor and its Neutron Radiography 
Reactor, respectively--store weapons-usable nuclear materials and 
therefore have robust security features and specially dedicated, 
heavily armed guard forces. The other two DOE reactors--the Advanced 
Test Reactor and High Flux Isotope Reactor--located at INL and ORNL, 
respectively, have extensive security features, including perimeter 
barbed-wire fences and armed security guards at all times. In addition, 
DOE requires that all personnel with routine access to DOE reactors 
have a federal security clearance. Among other things, this requirement 
helps to reduce the possibility of an insider threat. 

We also found that DOE is engaged in efforts to improve security at the 
reactor sites. For example, at the SNL and INL sites the locations of 
the Annular Core Research Reactor and Neutron Radiography Reactor, 
respectively, DOE recently made several security upgrades, including 
installing new surveillance systems with thermal imaging cameras; these 
cameras enable surveillance of the surrounding territory for up to 
several miles, regardless of light and weather conditions. Despite 
extensive security features at DOE research reactors, we did find a 
security weakness and some research reactor vulnerabilities. 
Specifically, we discovered that the Web site for one DOE research 
reactor contained information about its refueling schedule. According 
to security experts, reactors are more vulnerable during refueling 
because large doors that are normally tightly secured must be opened to 
deliver fuel. After we brought this weakness to DOE's attention, the 
department removed the information. Concerning vulnerabilities, at two 
DOE research reactors, we discovered key features at the reactor 
facilities that were vulnerable to attack, as DOE officials 
acknowledged. In both cases, the reactor operators store large amounts 
of spent reactor fuel in pools that are easily accessible to anyone 
inside the reactor facility. According to national laboratory officials 
at both of these facilities, this fuel is dangerous because if it is 
damaged during a terrorist attack, it could cause a large radiological 
release into the area surrounding the research reactor. During visits 
to both facilities, the reactor operators said that an attack on their 
spent fuel concerned them just as much as an attack on the actual 
reactor because of the potential for release of radiological material 
into the atmosphere. These operators said that the spent fuel needs to 
be removed for disposal; DOE plans to remove most of this spent fuel by 
2012. 

DOE Has Established Extensive Plans and Procedures for Safety and 
Security Incidents: 

DOE has concluded that the consequences of an attack at some of its 
research reactors could be severe, possibly causing radiation to be 
dispersed over many square miles and requiring the evacuation of nearby 
areas. As a result, all facilities where DOE reactors are located have 
established extensive plans and procedures for responding to reactor 
emergencies, as DOE policies require. For example, ORNL--the location 
of the High Flux Isotope Reactor--has a laboratory shift superintendent 
on duty at all times to classify potential events and coordinate 
preplanned responses geared to the nature of the event. According to 
ORNL officials, emergencies can lead to the mobilization of significant 
numbers of security personnel trained to respond to emergencies at the 
reactor. This mobilization could include the activation of the mutual 
assistance agreement between ORNL and the neighboring Y-12 National 
Security Complex to deploy Y-12's off-duty security forces to ORNL in 
the event of a terrorist attack. DOE policies also require DOE research 
reactor operators, with DOE and laboratory officials, to assess the 
worst-case consequences of accidents or terrorist attacks at their 
research reactors and develop emergency response plans that call for 
evacuating areas up to 300-square miles surrounding the reactor in the 
event of a potentially hazardous radiological release into the 
atmosphere. Decisions to evacuate are made based on the amount of 
radiation to which people could be exposed, as determined by their 
proximity to the reactor and the amount of radioactivity released. 
Furthermore, in worst-case scenarios, DOE reactor facility emergency 
plans include multijurisdictional plans outlining the immediate 
coordination of regional and federal emergency response assets. 

Security and Emergency Response Requirements for NRC-Licensed Research 
Reactors Are Based on Questionable Assumptions, Meaning That Reactors 
May Not Be Adequately Protected: 

NRC decided to largely retain the security and emergency response 
regulations it had in place before September 11, 2001. NRC decided to 
retain these requirements after conducting a security assessment 
between 2003 and 2006 and determining that these requirements were 
sufficient. However, we found that NRC's security assessment used 
questionable analysis and assumptions that may not fully reflect the 
consequences of a terrorist sabotage attack. According to experts at 
INL and DHS, the consequences of a terrorist attack on a research 
reactor could be more than what NRC estimates. Consequently, even 
though a number of NRC-licensed research reactors have recently 
improved security, NRC's security and emergency response requirements 
may need immediate strengthening to protect against the consequences of 
an attack. 

NRC's Security Assessment May Not Adequately Reflect the Potential 
Consequences of a Terrorist Attack on Its Licensed Research Reactors: 

Between 2003 and 2006, NRC conducted a security assessment of NRC- 
licensed research reactors to determine whether existing security and 
emergency response requirements were sufficient to protect against an 
attack. NRC first conducted a screening analysis to assess the 
significance of the consequences of a sabotage attack at each of the 33 
NRC-licensed research reactors and established a minimum radiological 
dose that an attack would have to produce before further assessment was 
warranted. Eventually, NRC concluded that the potential effects of 
terrorists sabotaging these 33 reactors were minimal and that the 
security and emergency response regulations for research reactor 
licensees did not need strengthening. 

In conducting this assessment, NRC established a minimum radiological 
dosage as the criterion to determine if a full security assessment was 
necessary. During its initial phase of this assessment, NRC determined 
that most of the reactors would experience minimal consequences from 
sabotage and therefore present a low radiological risk to public health 
and safety. For the remaining reactors, NRC conducted a further 
detailed security assessment. NRC concluded that the potential effects 
of an attack at these reactors were also minimal and that the security 
and emergency response regulations for research reactors did not need 
strengthening. 

NRC's security assessment also included SNL's evaluation of the 
security of NRC-licensed research reactors; however, NRC disagreed with 
several of SNL's findings. NRC contracted with SNL to help perform its 
security assessment, and as part of this work, SNL estimated the 
probabilities that terrorists could successfully carry out an attack on 
NRC-licensed reactors. SNL found that some NRC-licensed research 
reactors may not be prepared for certain types of terrorist attacks. 
For example, SNL's analysis of several reactors found that under 
certain scenarios involving a small group of well-trained terrorists, 
an attack on a reactor could be successful. NRC, however, believed that 
SNL's assumptions about terrorists' capabilities were excessive and 
that SNL did not give enough credit to the capabilities of first 
responders. Ultimately, NRC disagreed with SNL about the security of 
research reactors. In its final analysis, NRC concluded that, because 
the radiological consequences of an attack would be minimal, no changes 
in the security and emergency response regulations for NRC-licensed 
research reactors were necessary. 

However, NRC's security assessment may contain important shortcomings. 
As a result, NRC may not have a sound basis for determining the 
adequacy of security and emergency response requirements for its 
licensed research reactors. Based on our analysis and an analysis 
conducted by an INL reactor vulnerability expert at our request, we 
concluded that NRC's security assessment used questionable assumptions 
and analyses about research reactor security and the potential 
consequences of an attack on NRC-licensed research reactors. 
Specifically, NRC made the following assumptions that we have reason to 
question: 

* NRC assumed that terrorists would use certain weapons and tactics in 
attacking a reactor but did not fully consider alternative attack 
scenarios which could be more damaging if carried out successfully. 
According to an SNL expert, attacking a research reactor using this 
alternative approach would be a difficult and sophisticated task, which 
would likely require specific knowledge of reactors and sabotage 
techniques. Nonetheless, this expert stated that such an attack was 
possible and identified detailed information for carrying it out. 
Moreover, the attack scenarios that NRC did not fully consider could 
lead to more significant consequences than NRC estimates, according to 
an INL reactor vulnerability expert. 

* NRC assumed that only a small portion of a research reactor could be 
damaged in a terrorist attack, resulting in the release of only a small 
amount of radioactivity into the atmosphere. However, according to 
experts at INL and DHS, it is possible that a larger portion of a 
research reactor could be damaged in a terrorist attack. If this 
occurred, these experts also noted that an attack could result in a 
release of a larger amount of radioactivity into the atmosphere over 
neighboring communities. 

* NRC assumed that insiders with access to the reactor would only 
participate to a limited degree. However, in similar security 
assessments for DOE facilities, DOE assumes that insiders would fully 
participate in an attack, and it has designed its defenses on the 
assumption of full participation. Fully participating insiders could 
both provide information, such as details of the facility layout and 
operating schedule, as well as participate in an attack by performing 
key functions, such as opening doors or disabling alarm systems. NRC 
officials acknowledge that if its assessment had assumed fully 
participating insiders, then the results of its assessment may have 
turned out differently. 

Furthermore, according to a reactor vulnerability expert at INL, the 
consequences of a terrorist attack could be significant. Specifically, 
this expert stated that terrorist attackers using different weapons and 
tactics than NRC assumed in attack scenarios may be able to damage a 
larger portion of a research reactor. In addition, at our request, this 
INL reactor vulnerability expert conducted an analysis of the 
consequences of a terrorist attack.[Footnote 8] This analysis confirmed 
his views that an attack at a research reactor could release a large 
amount of radioactivity, which would be damaging to neighboring 
communities. In fact, the analysis concluded: 

"It is clear that an event as described in this report could have 
significant consequences. The consequences of a successful sabotage 
attack in addition to the direct dose could be significant radioactive 
material release and subsequent contamination of areas that have high 
socio-economic impact. It is important that the risk from these 
reactors be well characterized and the emergency preparedness for such 
an event be included [in] the planning process." 

Because most NRC-licensed research reactors are located on college 
campuses or in urban areas, the release of large amounts of radiation 
could affect a substantial portion of the population. 

We discussed the INL reactor vulnerability expert's analysis with INL's 
Deputy Associate Laboratory Director for National and Homeland Security 
Directorate, who stated that the analysis was technically accurate and 
that their reactor vulnerability expert had done good work in preparing 
it. However, he cautioned us that the analysis represented the efforts 
of only one of INL's reactor vulnerability experts. In his view, a more 
comprehensive analysis of the vulnerability and the consequences of a 
terrorist attack on a research reactor is warranted. Such a study 
should include experts from a variety of technical areas, including 
national intelligence sources, and involve more than one laboratory. 
These experts would determine the most appropriate assumptions that 
should be used in the analysis. For example, according to the Deputy 
Associate Laboratory Director, one important part of such an analysis 
would be examining the physical nature of damaging a research reactor. 
This could be done through modeling and actual experiments. Once this 
is determined, it would inform other aspects of a reactor vulnerability 
analysis and result in a more comprehensive understanding of the 
potential consequences of a terrorist attack. 

We shared the results of INL's reactor vulnerability expert's analysis 
with NRC, who disagreed with several of the basic assumptions and 
findings concerning the consequences of an attack on a research 
reactor. NRC's reasons for its disagreement, and our analysis of these 
reasons, are discussed in detail in the classified version of this 
report. 

Despite Recent Security Improvements, NRC's Security and Emergency 
Response Requirements May Not Sufficiently Address the Potential 
Consequences of an Attack: 

NRC maintains an active oversight program of all research reactor 
licensees, which includes routine safety and security inspections. 
Between 2001 and 2006, NRC worked with its licensees to make immediate 
security improvements to research reactors where needed. As a result of 
continuing oversight activities, when NRC found additional security 
measures were necessary to ensure public health and safety, NRC 
requested that licensees implement additional security measures. NRC 
verified improved security through inspections and issued letters 
formally binding the licensees to maintain security enhancements. 

During our visits to NRC-licensed research reactors, we found the 
following improvements to security: 

* improved access controls to key areas inside reactor facilities, 

* augmented surveillance of activities within controlled access areas, 
and: 

* improved alarm and communication systems. 

For example, one NRC research reactor licensee installed antitruck bomb 
barriers, including concrete and steel reinforced poles and a steel 
cable gate, which are not required for the category of reactor at this 
particular facility. In fact, we discovered that several of NRC's 
research reactor licensees have made security improvements that exceed 
NRC's security requirements. Similarly, to address the potential truck 
bomb threat, several other NRC research reactor licensees have placed 
jersey barriers near exterior parts of reactor buildings. Figure 2 
shows a research reactor building surrounded with jersey barriers. Some 
NRC-licensed research reactors have added jersey barriers, installed 
new steel-hardened doors, and improved camera surveillance systems. 
Still another licensee installed a new alarm system that is hardwired 
to the closest police station, which monitors reactor alarms at all 
times. 

Figure 2: Research Reactor Building Surrounded by Jersey Barriers: 

This figure is a photograph of a research reactor building surrounded 
by jersey barriers. 

[See PDF for image] 

Source: GAO. 

[End of figure] 

Despite such improvements, we identified potential shortcomings with 
current security and emergency response requirements and measures. 
These requirements and measures may require immediate attention if 
NRC's assessment of the consequences of an attack on its licensed 
reactors is deficient. For example: 

* At two research reactors we visited, we found features of the reactor 
that if damaged during an attack could make the reactor more at risk 
for radiological releases. 

* According to an SNL security analysis of NRC-licensed research 
reactors, a number of reactors could be attacked and sabotaged by well- 
trained terrorists. If an NRC-licensed research reactor were attacked, 
the local police would have to assess the threat and determine the 
appropriate response before the attackers have completed the tasks 
needed to sabotage the reactor. 

* At still another research reactor, we found an unlocked and unalarmed 
access leading directly into the reactor room. In this case, the 
licensee is relying on another security measure that might be overcome. 
However, this measure could be compromised. In our view, it is both 
sensible and inexpensive to put a lock and an alarm trigger on this 
access to the reactor room, rather than depend on having one element of 
the security system function flawlessly. 

In response to the Energy Policy Act of 2005, NRC has begun to address 
a potential security weakness we identified during our review. 
Specifically, we found that NRC did not require research reactor 
licensees to conduct extensive background checks on their staff with 
access to reactors. However, starting in 2006, NRC began requiring 
research reactor licensees to fingerprint staff with access to 
sensitive security information and subject them to a criminal history 
background check by the Federal Bureau of Investigation. Furthermore, 
in May 2007, NRC ordered research reactor licensees to subject all 
staff with unescorted access to reactors to this check. 

All of the NRC-licensed research reactors that we visited have detailed 
and coordinated emergency plans for responding to terrorist attacks, 
including the deployment of police, Special Weapons and Tactics (SWAT), 
fire, ambulance, and hazardous material personnel to the reactor 
facility. In addition, most NRC-licensed research reactors licensees we 
visited have agreements with local law enforcement and other first 
responders for responses to emergencies. For example, the research 
reactor at the Massachusetts Institute of Technology has memorandums of 
understanding with the city of Cambridge Police Department, Fire 
Department, Emergency Management Department, and Massachusetts General 
Hospital outlining cooperation in case of emergencies. However, we 
found weaknesses in two key areas of NRC emergency response plan 
requirements--evacuation planning and first response: 

Few Reactors Have Evacuation Planning. Evacuation planning is important 
because most NRC-licensed reactors are located in highly populated 
areas, with other buildings located near the reactor facility. For 
example, one NRC-licensed research reactor is located within 100 yards 
of a day-care facility, 300 yards of a university dormitory, and one- 
half mile of a stadium that holds more than 90,000 fans on game days 
during football season. NRC regulations for emergency plans require 
licensees to establish plans for coping with emergencies, but NRC does 
not require that these plans include evacuation plans for areas 
surrounding its licensed reactors. Instead, these requirements only 
require licensees to establish limited emergency planning zones, which 
vary in size depending on the size of the reactor. The acceptable 
emergency planning zone for reactors that NRC licenses to operate at 2 
MW or less--that is, 30 of the 33 NRC-licensed research reactors--is 
limited to the grounds of the reactor facility; there are no evacuation 
plans for the areas surrounding the reactor. Two other NRC-licensed 
research reactors--at the Massachusetts Institute of Technology and the 
University of Missouri, Columbia--must establish an emergency planning 
zone with possible evacuation of 100 meters surrounding the research 
reactor; the 20 MW National Institute of Standards and Technology 
reactor must establish an emergency planning zone of 400 meters. 

Some First Responders Are Not Armed. NRC regulations on emergency 
response require that licensees ensure that a watchman or off-site 
response force will respond to unauthorized entrance or activity at 
research reactors, but regulations do not require first responders for 
emergencies at research reactors to be armed. At most NRC-licensed 
reactors we visited, the designated first responders are armed. At a 
few reactors, however, unarmed campus police--not local law enforcement 
agencies--would be the first responders when alarms are set off. Such 
plans are likely to delay an armed police response. According to SNL 
security experts, the lack of a timely armed response increases the 
risk that a terrorist attack will be successful. 

NNSA Has Made Progress in Converting U.S. Research Reactors from HEU to 
LEU Fuel, but It Faces Challenges in Converting Some Remaining Research 
Reactors: 

NNSA has converted 8 currently operating U.S. research reactors from 
HEU to LEU fuel and has plans to convert 10 remaining reactors by 2014. 
However, NNSA will confront challenges in converting 5 of these 10 
remaining research reactors because they cannot be converted with fuel 
that is currently available. According to NNSA and national laboratory 
officials, the schedule for fuel development is optimistic and further 
technical setbacks in fuel development would likely delay their 
research reactor conversion plans. 

NNSA Has Converted 8 Currently Operating U.S. Research Reactors and Has 
Plans to Convert 10 Remaining Reactors: 

Since 1978, when the reactor conversion program started, DOE has 
converted a total of 8 currently operating U.S. research reactors from 
HEU to LEU fuel. In 2004, we reported on the progress of the reactor 
conversion program and recommended, among other things, that NNSA place 
a higher priority on converting these reactors.[Footnote 9] In response 
to our recommendation, in 2006, NNSA converted 2 more operating U.S. 
research reactors from HEU to LEU fuel. NNSA plans to convert an 
additional 10 U.S. research reactors by 2014, including 5 that can 
convert with currently available fuel and 5 that cannot convert with 
currently available fuel. The 2 NRC-licensed research reactors that 
converted in 2006 were reactors at the University of Florida and Texas 
A&M University, which were converted at a cost of about $3 million and 
$7 million, respectively. These recent conversions represent the first 
U.S. conversions since 2000 and are part of NNSA's expanded effort to 
convert research reactors worldwide. 

NNSA plans to convert the remaining 5 U.S. research reactors that can 
convert with currently available fuel by September 2009 at an estimated 
cost of $37 million (see table 2). 

Table 2: U.S. Research Reactors Using HEU Fuel That NNSA Plans to 
Covert to Currently Available LEU Fuel by 2009: 

Reactor: Purdue University; 
Anticipated conversion date: 2007. 

Reactor: Oregon State University; 
Anticipated conversion date: 2008. 

Reactor: Washington State University; 
Anticipated conversion date: 2008. 

Reactor: University of Wisconsin; 
Anticipated conversion date: 2009. 

Reactor: Neutron Radiography Reactor--DOE; 
Anticipated conversion date: 2009. 

Source: NNSA. 

[End of table] 

NNSA Faces Challenges in Converting 5 of the 10 Remaining Reactors: 

NNSA has set a target date of 2014 for converting the five remaining 
HEU research reactors that cannot convert with currently available 
fuel. NNSA is now developing a new fuel that will allow the remaining 
five reactors to convert; according to an NNSA official, this new fuel 
must be developed by 2011 if NNSA is to meet its 2014 conversion 
schedule goal. We believe that the conversion schedule may be 
optimistic because developing this fuel has been problematic. For 
example, early efforts to develop the fuel experienced failures during 
testing that caused NNSA to push back anticipated completion dates from 
2008 to 2010, and NNSA has since delayed the completion of the fuel 
until 2011. Argonne National Laboratory officials working on the fuel 
development effort at that time characterized the failures during 
testing as the worst they had ever experienced. According to NNSA 
officials and INL fuel development scientists, more recent attempts to 
develop new LEU fuel appear promising. In addition, a series of recent 
successful tests of the new fuel, including fuel fabrication and 
testing at the Advanced Test Reactor are indicative of the potential to 
successfully develop the new LEU fuel. However, NNSA and national 
laboratory officials acknowledged that the fuel development schedule is 
optimistic and that further technical setback would likely delay DOE's 
research reactor conversion plans. NNSA estimates that an additional 
$46 million will be needed to actually convert reactors once the fuel 
is available. This estimate is uncertain. If any further technical 
difficulties are experienced in the process of developing the new fuel, 
additional funding will be required for further fuel improvements, and 
the estimated conversion date will not be met. Table 3 outlines the 
schedule for converting the five research reactors that cannot convert 
with currently available fuel. 

Table 3: Anticipated Conversion Dates for Five U.S. Research Reactors 
Using HEU Fuel That Cannot Convert with Currently Available LEU Fuel: 

Reactor: University of Missouri, Columbia; 
Anticipated conversion date: 2012. 

Reactor: Massachusetts Institute of Technology; 
Anticipated conversion date: 2012. 

Reactor: National Institute of Standards and Technology; 
Anticipated conversion date: 2012. 

Reactor: Advanced Test Reactor--DOE; 
Anticipated conversion date: 2013. 

Reactor: High Flux Isotope Reactor--DOE; 
Anticipated conversion date: 2014. 

Source: NNSA. 

[End of table] 

Conclusions: 

The NRC-licensed nuclear research reactors located throughout the 
United States play an important role in education and basic scientific 
research. However, because most of these reactors are located on 
university campuses, they face unique challenges in both remaining 
accessible for educational purposes and providing enough security to 
protect neighboring communities from the potentially significant 
impacts of a terrorist attack. Understanding the consequences of a 
terrorist attack on these research reactors is critical to determining 
the level of security needed to protect them. To understand the 
consequences of an attack, NRC conducted a security assessment of its 
licensed reactors and concluded that the consequences would be minimal-
-having almost no effect on nearby areas. However, NRC's security 
assessment may underestimate the potential consequences of an attack 
because it used assumptions and analyses about reactor security and 
terrorist capabilities that we believe are questionable. Additionally, 
NRC's conclusions are not supported by the findings of SNL, an INL 
reactor vulnerability expert, and a DHS expert. SNL found that a group 
of well-trained terrorists could gain access to a number of NRC- 
licensed research reactors. Moreover, INL and DHS experts believe that 
it is possible that a meaningful portion of a research reactor could be 
damaged in an attack. Such an attack could result in a radioactive 
release that is greater than NRC estimates in their assessment. Without 
an analysis that better reflects the full range of expert opinion on 
the security of reactors and the capabilities of potential terrorist 
forces, NRC will not have fully considered the risks posed by research 
reactors. NRC will also lack assurance that it has established security 
and emergency response plan requirements commensurate with the risks 
posed by attacks on its licensed research reactors. 

Recommendations for Executive Action: 

To better understand and prepare for the potential consequences of a 
terrorist attack on NRC-licensed research reactors, we recommended in 
our October 2007 classified report that the Chairman of NRC reassess 
the consequences of terrorist attacks on NRC-licensed research reactors 
using assumptions that better reflect a fuller range of outside expert 
opinion on the security of reactors and the capabilities of potential 
terrorist forces. 

If NRC finds that the consequences of an attack on a research reactor 
are more severe than previously estimated, we recommended that the 
Chairman of NRC take the following three actions: 

* ensure that the security requirements for research reactors are 
commensurate with the consequences of attacks, 

* reexamine emergency response requirements to address whether 
evacuation plans should be included, and: 

* require that first responders to alarms at research reactors be 
armed. 

Agency Comments and Our Evaluation: 

We provided DOE, NNSA, and NRC with draft copies of our classified 
report for their review and comment. As discussed in our classified 
report, NNSA, whose comments also reflected DOE's views, generally 
agreed with the report and provided minor technical comments, which we 
incorporated as appropriate in this unclassified report as well. NRC 
did not agree with the report and stated that the report provides an 
unbalanced assessment of its effort to enhance security at research 
reactors since September 11, 2001. NRC summarized its views in a 
separate unclassified letter which we have included in appendix I, 
along with our comments. 

NRC criticized our report in four areas. First, NRC stated that the 
draft report misrepresented the effort it has made following September 
11, 2001, to assess and enhance the security of research reactors; it 
also asserted that we compared security requirements for NRC-licensed 
research reactors with DOE operated reactors and that the comparison is 
incomplete and inaccurate. Second, NRC stated that we misrepresented 
its use of the SNL security assessment and that we incorrectly stated 
that NRC had dismissed the findings in SNL's assessment. Third, NRC 
asserted that our report misrepresented or excluded key facts. Finally, 
NRC believes that our assumptions concerning terrorist attack scenarios 
lack a sound technical basis. 

First, we disagree with NRC's assertion that our report misrepresents 
the Commission's efforts since September 11, 2001, to assess and 
enhance the security of research reactors. We accurately describe NRC's 
active oversight actions, including routine inspections for safety and 
security. Furthermore, we give NRC credit for working with research 
reactor licensees to make, and to verify, many security improvements 
that NRC identified as necessary. We also discuss the many security 
features and improvements at NRC-licensed research reactors that we 
visited and note that several of the licensees have made security 
improvements that exceed NRC's security requirements. Furthermore, 
contrary to NRC's comments, our report does not compare security 
requirements for NRC-licensed and DOE operated research reactors or 
actual security conditions at the reactors. Rather, our report 
discusses our findings on security requirements and their 
implementation at NRC-licensed and DOE operated research reactors. 

Second, we disagree with NRC's assertion that our report misrepresents 
NRC's use of the SNL security assessment and that NRC dismissed SNL's 
security assessment. Our report did not state that NRC "dismissed" the 
security assessment; instead, it accurately states that NRC "disagreed" 
with SNL about the security of research reactors. Furthermore, NRC 
itself has reiterated this disagreement with the SNL analysis in 
writing on several occasions. Specifically, when NRC provided us with 
copies of SNL's security assessment, it also provided a disclaimer 
stating that NRC "does not support many of the assumptions and/or 
information contained in these reports andï¿½the reports cannot be used 
independently to develop any conclusions regarding the security or 
protective measures for the facilities contained in the reports." In 
addition, a 2005 statement by an NRC Commissioner concerning SNL's work 
further supports our point that NRC disagreed with the SNL analysis. 
This Commissioner states, "because the Sandia security assessment 
reports contain scenarios and assumptions that are not supported by the 
Commission, the reports should not be released to anyone outside the 
agency nor should they be shared with licensees or stakeholders." 
Continuing, this Commissioner states that SNL's security reports "if 
taken out of context, could prove to be an enormous burden on NRC and 
our licensees and could result in a tremendous amount of time spent 
explaining why we think the Sandia analyses are deeply flawed." 

Third, we disagree with NRC's assertion that our report misrepresents 
or excludes key facts. In particular, NRC states that INL and SNL 
refute our characterization of key facts gathered from INL, federal 
agencies, and SNL to support our recommendations. With regard to INL, 
we did receive a letter from INL in June 2007 requesting that we not 
include or refer in any fashion to any INL technical judgments 
contained in the INL report. Later that month, we spoke with INL 
management about the reason for this request. As we state in our 
report, according to INL's Deputy Associate Laboratory Director for 
National and Homeland Security Directorate,[Footnote 10] INL believes 
that a more comprehensive analysis of the vulnerability and 
consequences of attacks on research reactors is warranted. Nonetheless, 
this official stated that the INL analysis was technically accurate and 
INL's vulnerability expert had done good work in preparing it. As a 
result of this discussion, we deleted from the report much of the 
specific details of this analysis, such as the specific estimates of 
radiological consequences, and instead provided only a short summary of 
the key findings of the analysis. Our report includes a statement from 
the INL analysis stating that a terrorist attack could produce 
"significant consequences" and have "high socio-economic impact" 
because INL officials emphasized this point during communications with 
us after we received INL's June 2007 letter. Furthermore, in its 
comments, NRC states that INL requested that we exclude from our report 
references to information we obtained from verbal communications with 
INL experts. INL never asked us to exclude discussions we had during 
our visit to INL and subsequent discussions with INL officials. INL 
would have no basis to make such a request because representatives of 
INL management arranged our meetings with INL experts to gather the 
information and data needed to complete our work. 

With respect to SNL, in neither of two sets of written comments did SNL 
dispute our primary conclusion regarding its work for NRC--that some 
NRC-licensed research reactors may not be prepared for certain types of 
terrorist attacks--nor did SNL disagree with our main report 
recommendation. We received initial comments from SNL in July 2007 on 
an early version of our classified draft report. At that time, we 
revised our draft to acknowledge one of SNL's key points--namely, that 
damaging a research reactor is a difficult and sophisticated task. 
However, we did not include further details of these initial comments 
because they were inconsistent with the information SNL had provided 
during extensive discussions over 2 days in November 2006. For example, 
in its July 2007 written comments, SNL provided information that 
demonstrated why this task is so difficult. However, during discussions 
with SNL's expert, he noted that damaging a reactor was possible and 
provided us with very detailed steps of how to do so. These steps 
addressed many of the very limitations discussed in the July 2007 
comments from SNL. Furthermore, a key finding of our report is that NRC 
disagreed with the SNL finding that some NRC-licensed research reactors 
may not be prepared for certain types of terrorist attacks. In its July 
2007 comments, SNL did not address our characterization of the work it 
did for NRC. Finally, in subsequent comments provided in September 2007 
as part of DOE's technical comments, SNL expanded upon its earlier 
comments regarding the difficulty of sabotaging a research reactor 
which we had already acknowledged in the report. In discussing this 
point, SNL stated that further study was needed on the extent to which 
terrorists could damage a research reactor. Regardless of the details 
of the work performed by INL and SNL, which we believe raise key 
concerns, one thing remains clear: there is need for further study to 
better understand the risks and consequences of an attack on a research 
reactor by well trained terrorists. 

Finally, NRC asserted that our assumptions regarding terrorist attack 
scenarios lack a sound technical basis. We disagree. Specifically, we 
note the following: 

* The findings in our report do not rely on assumptions but, instead, 
are based on the evidence we collected from experts at NRC, DOE, INL, 
SNL, DHS, and other sources. This evidence demonstrates that there is 
uncertainty about some aspects of NRC's security assessment. However, 
NRC's comments suggest that no such uncertainty exists, even though in 
some cases NRC used assumptions in its security assessment that it had 
difficulty defending. For example, NRC officials did not fully consider 
an alternative attack scenario that could be more damaging if carried 
out successfully because, according to NRC officials, the supervisor of 
the staff doing the assessment was an engineer who instructed the staff 
that such scenarios were unlikely, if not impossible. During 
discussions on this point, an NRC official acknowledged that if the 
alternative attack scenario had been fully assessed, NRC's security 
assessment might have demonstrated more significant consequences. 

* NRC states that we incorrectly assumed that terrorists could use 
certain tactics in attacking research reactors since there is a lack of 
intelligence information that terrorists have demonstrated these 
capabilities. We disagree. The events of September 11, 2001, and the 
threats faced by our armed forces in Iraq demonstrate that terrorists 
are capable of innovating how they conduct attacks. Consequently, we 
believe that, in conducting its security assessment, NRC should have 
considered a fuller range of threats, including both the threats that 
have occurred and the possibility of emerging threats. 

* NRC also disagreed with our characterization of (1) what portion of a 
reactor could be damaged in a terrorist attack and (2) the extent of 
the radiation released from such an attack. However, experts at INL and 
DHS provided our evidence on these points. As previously discussed, 
according to an INL vulnerability expert, a well-executed terrorist 
attack could damage a significant portion of a research reactor and 
release a larger amount of radioactivity into the neighboring 
communities than NRC estimates. On this point, INL's Deputy Associate 
Laboratory Director for National and Homeland Security Directorate told 
us that additional analysis and study is warranted in order to gain a 
more comprehensive understanding of both how much of a reactor could be 
damaged in an attack and what the resulting radiological consequences 
would be. 

As agreed with your office, unless you publicly release the contents of 
this report earlier, we plan no further distribution until 30 days from 
the report date. At that time, we will then send copies of this report 
to the appropriate congressional committees; the Secretary of Energy; 
the Administrator of NNSA; the Chairman of NRC; and the Director, 
Office of Management and Budget. We will also make copies available to 
others upon request. In addition, this report will be available at no 
charge on the GAO Web site at [hyperlink, http://www.gao.gov]. 

If you or your staff have any questions about this report, please 
contact me at (202) 512-3841 or [email protected]. Contact points for our 
Offices of Congressional Relations and Public Affairs may be found on 
the last page of this report. GAO staff who made major contributions to 
this report are listed in appendix II. 

Sincerely yours, 

Signed by: 

Gene Aloise: 

Director, Natural Resources and Environment: 

[End of section] 

Appendix I: Comments from the Nuclear Regulatory Commission: 

Note: GAO comments supplementing those in the report text appear at the 
End Of This Appendix. 

United States: 
Nuclear Regulatory Commission: 
Washington, D.C. 20555.0001: 

December 17, 2007: 

Mr. Gene Aloise, Director: 
Natural Resources and Environment: 
U.S. Government Accountability Office: 
441 G Street, NW: 
Washington, D.C. 20548: 

Dear Mr. Aloise: 

On behalf of the U.S. Nuclear Regulatory Commission (NRC), I am 
providing an unclassified version of the NRC's comments on the U.S. 
Government Accountability Office's (GAO's) classified draft report 
about the security of research and test reactors. A detailed and 
classified version of these comments was provided by letter dated 
September 4, 2007. We ask that this unclassified version of our 
comments be included, in its entirety, in the unclassified public 
version of GAO's final report. 

The NRC is pleased to be afforded this opportunity to comment on this 
draft report. Unfortunately, we found that this report provides an 
unbalanced assessment of the efforts of the NRC and Research and Test 
Reactor (RTR) licensees to enhance security after September 11, 2001. 
Additionally, this report lacks sound technical bases and credible 
intelligence information in support of GAO's recommendations and the 
NRC strongly encourages GAO to make substantial changes to the report. 

Safe and secure RTRs are a part of campus landscapes around the 
country, providing education and training to the next generation of 
scientists and engineers. Currently, there are 32 operating NRC-
licensed RTRs in the United States. These RTRs support a wide variety 
of scientific programs including biology, chemistry, physics, and 
medicine. A number of scientific and medical advancements can be 
attributed to RTRs, including improved cancer treatment therapies that 
have increased survival rates, and evidence that resulted in the now 
widely accepted asteroid impact theory on the extinction of the 
dinosaurs.[Footnote 11] For perspective, the majority of NRC-licensed 
RTRs are less than 1 Megawatt-thermal (MWt), and range in size from 5 
Watts ï¿½ about the size of a standard nightlight in a child's bedroom ï¿½ 
up to 20 MWt. In comparison, the typical operating nuclear power plant 
in the United States is rated to 3000 MWt and can power over 1 million 
homes. 

GAO Misrepresents NRC Actions to Enhance Security: 

GAO's report misrepresents the considerable efforts made by the NRC 
following September 11, 2001, to assess and enhance the security of 
RTRs. Security measures for RTRs are based on a "graded" approach that 
is derived from the requirements of Section 104.c. of the Atomic Energy 
Act of 1954, as amended, which directs the NRC to impose the minimum 
amount of regulation necessary to protect the public health and safety 
and the common defense and security. In general, RTRs that possess 
larger quantities of nuclear material or material that is potentially 
more attractive to adversaries have enhanced security measures in 
place. In the remaining months of 2001, after September 11th, the NRC 
issued advisories with recommended security precautions based on on-
site evaluations. From 2002 to 2004, the NRC established additional 
security measures at RTRs in a prioritized manner. During this time 
RTRs implemented compensatory measures, which included site-specific 
background investigations of personnel with access to the reactors. All 
RTR licensees have committed to incorporate these additional security 
measures into their security plans or procedures. The NRC ensures that 
the compensatory measures remain in place through our regulatory 
processes, which include Confirmatory Action Letters and on-site 
inspections. Additionally, background checks of all individuals with 
unescorted access to the NRC-licensed RTRs found no issues. 
Furthermore, the NRC requested and received, in the Energy Policy Act 
of 2005, the authority to require Federal Bureau of Investigations 
(FBI) identification and criminal history records checks, based on 
fingerprints, of any person with access to Safeguards Information or 
unescorted access to RTRs. In September 2006 and April 2007, 
respectively, the NRC implemented this authority through Orders to all 
RTRs. 

(See Comment 1): 

GAO's report misrepresents NRC's use of Sandia National Laboratories' 
(SNL) security assessments. GAO asserted that the NRC dismissed SNL's 
reports because we did not agree with its results. That is untrue. As 
we previously discussed with GAO's staff, the NRC's research and test 
reactor technical staff carefully reviewed SNL's reports and determined 
that, while some of its assumptions and methodologies were 
unrealistically conservative, the reports were useful. In fact, the 
NRC's experts used input from SNL's reports in the development of a 
comprehensive decision-making framework which applied a risk-informed 
methodology in the evaluation of potential security enhancements. In 
2006, after applying this framework to RTRs, the NRC determined that 
additional security enhancements were unnecessary due to the minimal 
risk these facilities pose to public health and safety. The NRC staff 
repeatedly cautioned GAO that SNL's modeling and assumptions used in 
the reports had limitations and that SNL's results alone did not 
provide a risk-informed basis for making regulatory decisions. GAO's 
report does not reflect NRC's caution and instead presents elements of 
the SNL reports out of their proper context. 

(See Comment 2): 

GAO's comparison of security requirements for NRC-licensed and DOE-
operated RTRs provides an incomplete and inaccurate representation of 
their safety and security. It should be noted that of the Department of 
Energy's (DOE) four RTRs, two are significantly larger than any NRC-
licensed RTR. Furthermore, DOE's security requirements are based on the 
weapons- grade nuclear material handled and stored elsewhere on the 
site and not the RTRs themselves. Requirements such as Federal security 
clearances and protection against Design Basis Threats, while 
reasonable for a DOE facility where access is restricted due to the 
presence of significant quantities of highly classified and controlled 
strategic nuclear material, are inappropriate for a low-power, NRC-
licensed RTR. 

(See Comment 3): 

Experts Question Key Facts in GAO's Report 

The NRC has determined that GAO's report misrepresents or excludes key 
facts. GAO's recommendations appear to be based predominantly on a pre-
decisional sample document[Footnote 12] demonstrating Idaho National 
Laboratory's (INL) capabilities and on opinions from Federal agencies 
and other labs, such as SNL. However, the NRC is aware that both INL 
and SNL provided written comments to GAO prior to the completion of the 
draft report refuting GAO's characterization of some of their work and 
key facts in the report. 

(See Comment 4): 

After reviewing GAO's Statement of Facts, INL provided written comments 
regarding GAO's representation of work INL performed for GAO. INL's 
June 13, 2007, letter[Footnote 13] to GAO's lead reviewer clearly 
stated that, "INL formally requests that the GAO not include or refer 
to in any fashion any INL technical judgments contained in the INL pre-
decisional sample document." INL further explained that the document 
was prepared as a demonstration of the lab's capabilities and had not 
been reviewed either externally or internally by experts. Furthermore, 
INL stated that the report had not been reviewed for the, "reality of 
the scenarios and the engineering credibility of the attack systems and 
the example reactor conditions with recognized authorities." Since GAO 
issued its draft report for comment, NRC has confirmed INL's position 
on verbal communications, which GAO refers to in its draft report. "In 
line with INL's position of the proposal we provided to GAO, that it 
not be included or referred to in their report, our position is the 
same for verbal information exchanged with the GAO. Those conversations 
were conducted in order to define information to scope our proposal to 
GAO, not to provide technical information or facts."[Footnote 14] 
Therefore, INL finds that inclusion and reference to the sample pre- 
decisional INL report in GAO's report detracts from its technical 
credibility, and INL indicates that its pre-decisional, sample document 
and associated verbal communications are not to be included or referred 
to in GAO's report. 

Similarly, SNL, after reviewing GAO's Statement of Facts, provided 
written comments regarding GAO's characterization of SNL experts. SNL's 
comments to GAO fundamentally challenged the information used by GAO to 
claim that the NRC had not appropriately considered terrorist 
capabilities. SNL noted that GAO's Statement of Facts contained no 
mention of Sandia's views regarding the viability or practicality of 
the assumed terrorist scenarios. SNL further stated in its comments 
that despite providing GAO with a subject matter expert who refuted 
GAO's assumptions, GAO failed to acknowledge key scientific facts that 
challenged the basis for using the GAO-identified terrorist 
capabilities. Despite SNL's comments to the contrary, GAO's report 
represents these presumed terrorist capabilities as credible threats 
and a basis to challenge NRC's security requirements for RTRs. 

Not only did GAO misrepresent the experts cited in its report, it also 
failed to acknowledge those experts' formal dissenting views. A 
fundamental principle of good decision-making is the consideration and 
inclusion of all relevant facts and information, even those that 
contradict one's conclusions. The NRC does not understand how GAO can 
exclude formal comments from national laboratories that it claims are 
experts and still conclude that it's characterization of RTR security 
is credible and balanced. INL's written comments are provided as 
Enclosure 1, to this letter. 

GAO's Assumptions Lack a Sound Technical Basis: 

GAO's report assumes that a highly unlikely combination of events could 
damage an RTR and release radioactivity to the environment. GAO does 
not provide credible intelligence information or supporting technical 
bases for their postulated terrorist scenarios. Despite many meetings 
between the NRC and GAO staff where the NRC pointed out the significant 
limitations, challenges, and realisms that would make the scenarios 

highly unlikely, GAO's report continues to characterize them as 
credible without providing any supporting technical basis or analysis. 

(See Comment 5): 

GAO's report assumes that terrorists could employ highly sophisticated 
methods and skills to cause significant damage to an RTR. GAO's report 
however, provides no supporting intelligence information that 
terrorists have demonstrated this capability, The NRC maintains an 
expert and dedicated team of threat assessment specialists with over 
150 years of combined experience working in the intelligence community. 
This team applied NRC's rigorous threat assessment process, which GAO 
commended as logical and well-defined,"[Footnote 5] in determining 
credible terrorist capabilities. The NRC continually reviews 
intelligence information and when appropriate revises its assessment of 
credible terrorist capabilities. 

In addition to the lack of credible intelligence information, GAO did 
not provide a sound technical basis to demonstrate that an RTR could be 
damaged as GAO assumes. As stated previously, GAO's own experts, SNL, 
challenged GAO's assumptions regarding the viability or practicality of 
GAO's postulated methods to damage an RTR. SNL provided a series of 
detailed scientific facts that support the view that GAO's postulation 
is highly unlikely. Further questioning the technical bases of GAO's 
scenario, Los Alamos National Laboratory (LANL) conducted a classified 
engineering and safety analysis, published as a classified report in 
1990, that specifically analyzed methods similar to those postulated by 
GAO. LANL's analysis concluded that RTRs are resistant to the 
postulated attack due to their design and materials of construction. 
Additionally, LANL's classified analysis determined that the 
accomplishment of such scenarios would encounter significant 
challenges. During the course of NRC's security assessments performed 
since September 11, 2001, we found that law enforcement response 
provides a high degree of confidence that responders would successfully 
thwart the attack scenarios assumed by GAO. Additionally, the 
scientific work of LANL found that even if an adversary were successful 
in overcoming these restraints, the upper limit on the radioactivity 
released would be far less than the assumptions made by GAO. The 
conclusions reached in 1990 remain valid in the post-9111 environment 
because the scientific principles they are based on have not changed. 

(See Comment 4): 

(See Comment 6): 

GAO's evaluation and assumptions ignore the physical realities of RTR 
design and construction and the likely effects of the postulated 
scenarios on the terrorists that would prevent an attack from being 
successful in damaging an RTR. NRC and SNL staff reviewed GAO's 
scenarios and concluded that considerable resources and time would be 
necessary, if it would be possible at all. LANL's classified 
engineering and safety analysis reached the same conclusions as the 
NRC staff, which has over 220 combined years of experience regulating, 
operating, and managing RTRs. 

GAO also assumed that upon damaging an RTR, a large, direct release of 
radiation would occur. NRC and LANL analyses have already shown that 
the probability of causing sufficient damage to an RTR such that a 
large release would occur is extremely low. In addition, the design and 
construction features present real world barriers to the release of 
radioactivity to the environment. These features were conveniently 
ignored in the GAO evaluation. Although questioned in the report, GAO 
does not provide any supporting technical basis to challenge the 
adequacy of the existing RTR emergency plans. 

The NRC believes that the inaccuracies, misrepresentation, and 
unsupported assumptions discussed above undermine the credibility of 
the evidence presented in the draft report, which thus does not support 
a sound technical basis for its conclusions and recommendations. The 
NRC strongly encourages GAO to make substantial changes to the report 
in order to enhance its accuracy and thereby provide a convincing and 
fair presentation of the physical security of NRC-licensed RTRs. 

Again, thank you for the opportunity to comment on this report. Should 
you have any questions about these comments, please contact Ms. Melinda 
Malloy, at (301) 415-1785, of my staff. 

Sincerely, 

Signed by: 

Luis A. Reyes: 
Executive Director for Operations: 

Enclosure:
INL Response Regarding GAO Use of INL Evaluation of Research Reactors:  

[End of section] 
 
Idaho National Laboratory: 
P.O. Box 1625: 
2525 North Fremont Ave.: 
Idaho Falls, Idaho 83415: 
208-526-0111: 
[hyperlink, http://www.lni.gov]: 

June 13, 2007: 

CCN 210055: 

Mr. Peter E. Ruedel: 
Government Accounting Office: 
441 G Street NW: 
Washington, DC 200548: 

Subject: 

1NL Response Regarding GAO Use of INL Evaluation of Research Reactors 
References: 

1. Draft GAO Report - (OUOISGI) Draft, Statement of Facts DOE and NRC 
Research Reactors: 

2. INL Pre-Decisional, Sample Document (OUO), Evaluation of a Pseudo 
TRIGA reactor for Radiological Sabotage, Bradley J. Schrader, Ph.D., 
PE, CHP, April 2007. 

Dear Mr. Ruedel: 

In response to the request, June 7, 2007 from the Government Accounting 
Office (GAO) to provide review comments related to the draft GAO report 
(reference I), the INL formally requests that the GAO not include or 
refer to in any fashion any INL technical judgments contained in the 
INL pre-decisional sample document (reference 2). 

(See Comment 4): 

The referenced INL document was prepared as a sample document 
demonstrating the INL's capability; it was not intended to be a formal 
deliverable in response to a Work-for-Others agreement with the GAO. As 
you know, no such work-for-others agreement ever existed. Further and 
more importantly, the reference 2 document has not been peer-reviewed 
pursuant to the normal INL technical report review processes. For this 
type of document, the INL typically would have this report reviewed by 
internal and external experts, prior to release as a formal report 
Specifically for this document, the INL would have established the 
reality of the scenarios and the engineering credibility of the attack 
systems and the example reactor conditions with recognized authorities. 
Neither this peer review or the referenced research methodologies were 
performed. Again, the reference 2 document was provided to GAO as 
nothing more than a sample of the INL's research capabilities. 

Because this referenced document has not undergone the standard peer 
review processes, the INL would not use this document as the basis for 
gut action; and we suggest that any use by GAO of the contents of this 
pre-decisional document or references to its contents will detract from 
the technical credibility of the GAO report.

If you need additional information regarding resolution of this 
request, the INL point of contact is Mr. Lynn Goldman (208-526-0010), 
Deputy Associate Laboratory Director, National and Homeland Security 
Directorate. 

Sincerely, 

Signed by: 
David J. Hill, Deputy Laboratory Director Science & Technology: 

SDH:rlo: 

cc: R. L. Green, DOE-ID, MS 1170: 
J. J. Grossenbacher, INL, MS 3695: 
W. D. Lewis, DOE-ID, MS 1240: 
V. C. Pearson, DOE-ID, MS 1170: 
K. R. Tuuri, DOE-ID, MS 1170: 

[End of section] 

The following are GAO comments on the Nuclear Regulatory Commission's 
(NRC) letter dated December 17, 2007. 

GAO Comments: 

We disagree. We accurately describe NRC's oversight actions taken since 
September 2001, including its process of performing routine inspections 
for safety and security. Furthermore, we give NRC credit for working 
with research reactor licensees to make, and to verify, many security 
improvements that NRC identified as necessary. We also discuss the many 
security features and improvements at NRC-licensed research reactors 
that we visited including security improvements that exceed NRC's 
security requirements. 

Our report does not misrepresent NRC's use of Sandia National 
Laboratories' (SNL) security assessment and did not state that NRC 
"dismissed" the security assessment. Instead, our report accurately 
states that NRC "disagreed" with SNL about the security of research 
reactors. On this point, NRC has reiterated its disagreement with the 
SNL analysis in writing several times. Specifically, when NRC provided 
us with copies of SNL's security assessment, it also provided a 
disclaimer stating that NRC "does not support many of the assumptions 
and/or information contained in these reports andï¿½the reports cannot be 
used independently to develop any conclusions regarding the security or 
protective measures for the facilities contained in the reports." 
Furthermore, a 2005 statement from an NRC Commissioner concerning SNL's 
work further supports our point that NRC disagreed with the SNL 
analysis. According to this Commissioner, "because the Sandia security 
assessment reports contain scenarios and assumptions that are not 
supported by the Commission, the reports should not be released to 
anyone outside the agency nor should they be shared with licensees or 
stakeholders." He further states that SNL's security reports "if taken 
out of context, could prove to be an enormous burden on NRC and our 
licensees and could result in a tremendous amount of time spent 
explaining why we think the Sandia analyses are deeply flawed." 

3. Contrary to NRC's comments, our report does not compare security 
requirements for NRC-licensed and Department of Energy (DOE) operated 
research reactors or actual security conditions at the reactors. In 
fact, we reported on DOE and NRC security issues in separate sections 
of the report. We did, however, compare one assumption regarding how 
each agency considered the role of insiders who may provide assistance 
to an attacking force. In our view, this was an important comparison to 
make because, in its assessment, NRC assumed that insiders with access 
to the reactor would only participate to a limited degree in an attack 
on a reactor. However, in similar security assessments for DOE 
facilities, DOE assumed that insiders would fully participate in an 
attack, and it has designed its defenses on the assumption of full 
participation. In discussing this point with NRC officials, they 
acknowledged that if NRC's assessment had assumed fully participating 
insiders, then the results of its assessment may have turned out 
differently. 

4. Our report did not misrepresent or exclude key facts provided to us 
by Idaho National Laboratory (INL) and SNL. With regard to INL, we did 
receive a letter from INL in June 2007 requesting that we not include 
or refer in any fashion to any INL technical judgments contained in the 
INL report, and we subsequently spoke with INL management about the 
reason for this request. As our report states, according to INL's 
Deputy Associate Laboratory Director for National and Homeland Security 
Directorate,[Footnote 11] INL believes that a more comprehensive 
analysis of the vulnerability and consequences of attacks on research 
reactors is warranted. Nonetheless, this official stated that the INL 
analysis was technically accurate and INL's vulnerability expert had 
done good work in preparing it. As a result of this discussion, we 
deleted from the report many of the specific details of this analysis, 
such as the specific estimates of radiological consequences, and 
instead provided only a short summary of the key findings in the 
analysis. As we pointed out in our report, the INL analysis stated that 
a terrorist attack could produce "significant consequences" and have 
"high socio-economic impact." We retained this statement because INL 
officials emphasized this point during communications with us after we 
received INL's June 2007 letter. Furthermore, although NRC states that 
INL asked us to exclude references to information we obtained from 
verbal communications with INL experts, INL never made such a request 
to us. INL would have no basis to make such a request because 
representatives of INL management arranged our meetings with INL 
experts to gather the information and data needed to complete our work. 

With respect to SNL, in neither of two sets of written comments did SNL 
dispute our primary conclusion regarding its work for NRC--that some 
NRC-licensed research reactors may not be prepared for certain types of 
terrorist attacks--nor did SNL disagree with our main report 
recommendation. We received initial comments from SNL in July 2007 on 
an early version of our classified draft report and revised our draft 
to acknowledge one of SNL's key points--namely, that damaging a 
research reactor is a difficult and sophisticated task. However, we did 
not include further details of the SNL comments because they were 
inconsistent with the information we received during extensive 
discussions with SNL experts during 2 days in November 2006. For 
example, in its July 2007 written comments, SNL provided information 
that demonstrated why this task is so difficult. However, during 
discussions with SNL's expert, he noted that damaging a reactor was 
possible and provided us with very detailed steps of how to do so. 
These steps addressed many of the very limitations discussed in the 
July 2007 comments from SNL. Furthermore, as we also reported, NRC 
disagreed with the SNL finding that some NRC-licensed research reactors 
may not be prepared for certain types of terrorist attacks. In its July 
2007 comments, SNL did not address our characterization of the work it 
did for NRC. Finally, in subsequent comments provided in September 2007 
as part of DOE's technical comments, SNL provided more detailed 
information on the difficultly of sabotaging a research reactor. Our 
report includes SNL's view that attacking a research reactor would be a 
difficult task that would likely require specific knowledge of reactors 
and sabotage techniques. Nonetheless, SNL's comments also acknowledge 
the need for further study on the extent to which terrorists could 
damage a research reactor. Regardless of the details of the work 
performed by INL and SNL, which we believe raise key concerns, one 
thing remains clear: there is need for further study to better 
understand the risks and consequences of an attack on a research 
reactor by well trained terrorists. 

5. We disagree with NRC's assertion that our assumptions regarding 
terrorist attack scenarios lack a sound technical basis. Specifically, 
we note the following: 

* The findings in our report do not rely on assumptions but instead are 
based on the evidence we collected from experts at NRC, DOE, INL, SNL, 
DHS, and other sources. This evidence demonstrates uncertainty about 
some aspects of NRC's security assessment. In contrast, NRC's comments 
suggest that no such uncertainty exists, even though in some cases NRC 
used assumptions in its security assessment that it had difficulty 
defending. For example, NRC officials did not fully consider an 
alternative attack scenario that could be more damaging if carried out 
successfully because, according to NRC officials, the supervisor of the 
staff doing the assessment instructed the staff that such scenarios 
were unlikely, if not impossible. An NRC official acknowledged that if 
the alternative attack scenario had been fully assessed, NRC's security 
assessment might have demonstrated more significant consequences. 

* We disagree with NRC's statement that we incorrectly assumed that 
terrorists could use certain tactics in attacking research reactors, 
since there is a lack of intelligence information that terrorists have 
demonstrated these capabilities. NRC's security assessment did not 
address certain tactics that were raised as a concern in its own 
intelligence documents. Furthermore, as the events of September 11, 
2001, and the threats faced by our armed forces in Iraq have shown, 
terrorists are capable of innovating how they conduct attacks. 
Consequently, we believe that, in conducting its security assessment, 
NRC should have considered a fuller range of threats, including both 
the threats that have occurred and the possibility of emerging threats. 

* We stand by the evidence provided by INL and DHS experts regarding 
the portion of a reactor that could be damaged in a terrorist attack 
and the extent of the radiation that could be released from such an 
attack. As previously discussed, according to an INL vulnerability 
expert, a well-executed terrorist attack could damage a significant 
portion of a research reactor and lead to the release of a larger 
amount of radioactivity into the neighboring communities than NRC 
estimates. On this point, INL's Deputy Associate Laboratory Director 
for National and Homeland Security Directorate told us that more 
analysis and study is warranted to gain a more comprehensive 
understanding of both how much of a reactor could be damaged in an 
attack and what the resulting radiological consequences would be. 

6. This comment refers to a classified report Los Alamos National 
Laboratory (LANL) issued in 1989. That report discussed the potential 
and limitations to a certain type of terrorist attack on research 
reactors that is discussed more fully in our classified report. The 
scenario addressed in the LANL report was similar to the type of attack 
identified in the INL analysis. (The LANL report was discussed in our 
classified report. Because the LANL report is classified, we are not 
including the details of the LANL report in this report.) However, we 
note that the LANL report was completed more than 15 years ago at a 
time when the United States faced different and less severe potential 
threats. In our view, the LANL study, when combined with the views of 
INL and DHS experts, demonstrates that there is some uncertainty within 
the community of reactor experts on the consequences of certain types 
of attacks on research reactors. This uncertainty provides the basis 
for our recommendation that NRC reconsider its security assessment. 

[End of section] 

Appendix II: GAO Contact and Staff Acknowledgments: 

GAO Contact: 

Gene Aloise, (202) 512-3841 or [email protected]: 

Staff Acknowledgments: 

In addition to the contact named above, John Delicath, Doreen S. 
Feldman, Eugene Gray, Keith Rhodes, Ray Rodriguez, Peter Ruedel, 
Rebecca Shea, Carol Herrnstadt Shulman, Ned Woodward, and Franklyn Yao 
made key contributions to this report. 

[End of section] 

Footnotes: 

[1] HEU is uranium enriched in the isotope uranium-235 to 20 percent or 
greater. LEU is uranium that is enriched to less than 20 percent in the 
isotope uranium-235. 

[2] NRC, Security Assessment of NRC-Licensed Research and Test Reactor, 
NRC, (April 2006). In this report, we refer to this assessment as the 
NRC security assessment. This assessment is controlled as Safeguards 
Information (SGI) by NRC. 

[3] Other agencies, such as the Department of Homeland Security and 
DOE, have relied on SNL for their expertise on security issues as well. 

[4] In this report, we refer to the RERTR program as the reactor 
conversion program. 

[5] GAO, Research Reactor Security, GAO-08-156C (Washington DC.: Oct. 
12, 2007). 

[6] 10 C.F.R. part 73. 

[7] 10 C.F.R. ï¿½ 73.60(f). 

[8] INL, Evaluation of a Psuedo TRIGA Reactor for Radiological 
Sabotage, INL/EXT-07-12348 (April 2007). 

[9] GAO, Nuclear Nonproliferation: DOE Needs to Take Action to Further 
Reduce the Use of Weapons-Usable Uranium in Civilian Research Reactors, 
GAO-04-807 (Washington, D.C.: July 30, 2004). 

[10] INL's June 2007 letter to GAO asked us to contact this INL 
official--the Deputy Associate Laboratory Director, National Homeland 
Security Directorate--if we needed any additional information regarding 
INL's request. 

[11] National Research Council. (1988). University Research Reactors in 
the United States ï¿½ Their Role and Value. Washington, D.C.: National 
Academy Press. 

[12] Schrader, Bradley J. Ph.D., PE, CHP. (April 2007): "Evaluation of 
a Pseudo TRIGA reactor for Radiological Sabotage." (This document is 
OUO). 

[13] Letter from Hill, David J. INL Deputy Laboratory Director, Science 
and Technology, to Ruedel, Peter, GAO: "INL Response Regarding GAO Use 
of INL Evaluation of Research Reactors," 13 June 2007. 

[14] Email from Landon, Chad J., INL, to Mendonca, Marvin, NRC: "Re: 
Info." August 15, 2007. 

[15] Government Accountability Office. (March 2006). Nuclear Power 
Plants: Efforts Made to Upgrade Security, but the Nuclear Regulatory 
Commission's Design Basis Threat Process Should Be Improved. 
(Publication No. GAO-06-388). 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability.  

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each 
weekday, GAO posts newly released reports, testimony, and 
correspondence on its Web site. To have GAO e-mail you a list of newly 
posted products every afternoon, go to [hyperlink, http://www.gao.gov] 
and select "Subscribe to Updates."  

Order by Mail or Phone: 

The first copy of each printed report is free. Additional copies are $2 
each. A check or money order should be made out to the Superintendent 
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 
more copies mailed to a single address are discounted 25 percent. 
Orders should be sent to:  

U.S. Government Accountability Office: 
441 G Street NW, Room LM: 
Washington, D.C. 20548:  

To order by Phone: 
Voice: (202) 512-6000: 
TDD: (202) 512-2537: 
Fax: (202) 512-6061:  

To Report Fraud, Waste, and Abuse in Federal Programs:  

Contact:  

Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: 
E-mail: [email protected]: 
Automated answering system: (800) 424-5454 or (202) 512-7470:  

Congressional Relations:  

Ralph Dawn, Managing Director, [email protected]: 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, D.C. 20548:  

Public Affairs: 

Chuck Young, Managing Director, [email protected]: 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, D.C. 20548: 

*** End of document. ***