FOR IMMEDIATE RELEASE:       July 29, 2003

For more information contact:

Lisa Rainwater van Suntum (212) 544-0045   

Kyle Rabin (845) 424-4149 x 239                                                            

As the Indian Point Security Drill Gets Underway TODAY, the Public is Left Questioning:

“WHO WILL PROTECT INDIAN POINT AGAINST A 9/11-TYPE TERRORIST ATTACK?”

A deficiency in the NRC’s regulations for the physical protection of commercial nuclear plants has resulted in a serious gap in the current level of protection at the Indian Point nuclear power plant

As the Indian Point security drill gets underway today, the public is left questioning: “WHO WILL PROTECT INDIAN POINT AGAINST A 9/11-TYPE TERRORIST ATTACK?”

Even after Entergy has revised their Indian Point nuclear plant security plans and procedures to take into account the new Design Basis Threat (DBT) standard by the October 2004 deadline set by the Nuclear Regulatory Commission (NRC), they will not be in a position to repel attacks by adversaries with capabilities comparable to those of the September 11^th terrorists. The DBT – which defines the size and capability of potential attackers that nuclear power plant owners, like Entergy, must protect against falls far short of the threat we face today.  Furthermore, it is calibrated to the capabilities of private forces and the pocketbooks of plant owners, rather than to the size and type of threat we now live with.

“A deficiency in the NRC’s regulations for the physical protection of Indian Point and other nuclear plants has resulted in a serious gap in the current level of protection,” said Lisa Rainwater van Suntum, PhD, project coordinator for the Indian Point Safe Energy Coalition. “By law the U.S. military is charged with protecting Indian Point and other nuclear power plants from attacks by ‘enemies of the United States,’ but has no jurisdiction to protect or repel an attack by terrorists. Entergy’s overworked and underpaid security force is left to protect the plant from terrorist attacks. Thus, U.S. regulations are silent as to who is responsible for the range of threats in between these extremes.”

“Considering that ‘the potential for 9/11 type attacks on nuclear power plants is high,’ as stated in a July 2002 National Research Council report, the U.S. Nuclear Regulatory Commission should require that plant security be able to prevent an attack comparable to that on September 11^th, which involved an airborne assault carried out by a group of 19 terrorists attacking in several different teams,” said van Suntum.  “One of these planes flew over Indian Point on its way to the World Trade Center. Today's disclosure that more suicide hijacks may occur later this summer underscores Indian Point’s vulnerability.”

NRC regulations[i] do not require nuclear plant licensees from having to protect their facilities from a military attack by a foreign power, but rather a sub-national terrorist group.  The “enemy of the United States” provision, 10 CFR §50.13, exempts licensees, like Entergy, from providing “design features or other measures for … protection against the effects of attacks and destructive acts, including sabotage, directed against the facility by an enemy of the United States, whether a foreign government or other person.” The original motivation for this provision was to allow the NRC to license the Turkey Point nuclear plant in South Florida without requiring the plant to provide protection against a Cuban missile attack.  While this rule is somewhat ambiguous as written, it is clear it was meant to apply to military attacks launched by foreign powers utilizing the resources available to a nation.

The NRC has remained defiant in the face of widespread calls following the 9/11 attacks to significantly enhance security requirements at Indian Point and other nuclear power plants. The NRC has refused to consider implementing measures to protect nuclear plants from 9/11-type airborne assaults, claiming that it is the responsibility of the Federal government, and not nuclear plant owners, to protect against “enemies of the United States.” And, the NRC has opposed Congressional proposals to federalize nuclear plant security forces to standardize pay, benefits and training.

While the NRC licensees are responsible for protecting nuclear plants from sub-national groups, and the military is responsible for protecting them from attacks by the armed forces of enemies of the United States, the regulations are silent as to who is responsible for the range of threats in between these extremes.  As a result, it is not immediately obvious where al Qaeda and other terrorist organizations fall in this classification. 

“Currently, in the absence of specific intelligence information leading to an elevation of the threat level, private security forces are going to be the only ones in a position to defend nuclear plants at all times,” said van Suntum. “This gap in security leaves Indian Point dangerously vulnerable.  Yet without an entity that has the authority to develop an adequate standard of protection for this plant, there is little hope that this security gap will be closed any time soon.”

Industry Invokes the “Enemy of the United States” Clause

Resolving this issue has been one of the NRC’s primary preoccupations in its 20-month-long effort to update the DBT following the September 11 attacks.  The characteristics of the September 11 attacking force --- 19 members organized into four independent teams and utilizing commercial jets as weapons --- far exceeded the 10 CFR §73.1 DBT both quantitatively and qualitatively.  However, NRC staff attempts to obtain Commission approval for a significant upgrading of the DBT after September 11 languished as a result of nuclear industry pressure to block costly new regulations and a raging debate concerning the extent to which the NRC could strengthen the DBT without running into “enemy of the United States” limitations.[ii]  In January 2003, the NRC finally released a draft of proposed additional adversary characteristics for comment by the nuclear industry, other government agencies and other “stakeholders” cleared for access to safeguards information. 

In response, one utility executive argued that al Qaeda is clearly an “enemy of the United States” because President Bush declared that the September 11 attacks were “acts of war,” and implied that the NRC’s proposed revision to the DBT violated 10 CFR §50.13 because its underlying justification was the September 11 attacks.[iii]  The industry as a whole, through its chief lobbying organization, the Nuclear Energy Institute (NEI), also invoked the “enemy of the United States” provision to oppose specific adversary characteristics, an argument NEI first used long before September 11.  Stephen Floyd, a vice president of NEI, said in written testimony to Congress in March 2003 that “the adversaries [in the draft DBT] are credited with weaponries and capabilities that even law enforcement forces cannot protect against ... the proposed changes would require the nuclear industry to defeat a highly sophisticated attack force that reasonably would be characterized as an attack by an enemy of the United States.”[iv] 

Other Federal Agencies Found the NRC’s New DBT Inadequate

In contrast to the industry position, nearly all other federal agencies that reviewed the NRC’s draft DBT --- agencies with access to intelligence information about the character of the actual threat faced by nuclear power plants --- apparently believed that the proposal was inadequate.  According to NRC Commissioner Edward McGaffigan, Jr.,

“…every other federal agency that reviewed the staff’s proposed DBT, other than the FBI, felt there could be additional attributes in the DBT, but all of them declined to help us on where the line should be drawn between the primary responsibility of a regulated private sector guard force and the primary responsibility of government … the agencies instead answered what the overall threat might be, and in my personal view covered their bets so that they could never be accused of underestimating terrorists …”[v]

The NRC Unveils New DBT

At the end of April 2003, nearly 20 months after the September 11 attacks, the NRC finally issued orders superseding the regulatory DBT specified in 10 CFR §73.1.  According to the NRC, “the [new] DBT represents the largest reasonable threat against which a regulated private guard force should be expected to defend under existing law.”[vi]  Since the revised DBT is not publicly available, there is no way for the public to know how the various criticisms of the draft DBT were reconciled in the finished product.  However, there are some clues regarding the severity of the DBT in comparison with the September 11 threat. 

In a speech by NRC Commissioner McGaffigan shortly before the new DBT was issued, he said that “the ‘enemy of the State’ regulation … was not meant to be construed as widely as the industry attempts to do today.”[vii]  Although this statement implies that the NRC did not wholly endorse the industry position, NEI’s change in tone after the final DBT was issued was noticeable.  In May 2003, Lynnette Hendricks of NEI said that “what [NRC] put out is fairly reasonable.”[viii]  Later in the same speech, Commissioner McGaffigan said that the new DBT was not “Ed Markey’s DBT,” a reference to legislation proposed by Rep. Edward Markey (D-MA) that would have upgraded the DBT to a level commensurate with the September 11 threat --- that is, one that considers at least 20 attackers, multiple coordinated teams, several insiders and aircraft attack. 

Therefore, even after nuclear plants have revised their security plans and procedures to take into account the new DBT by the NRC’s October 2004 deadline, they will not be in a position to repel attacks by adversaries with capabilities commensurate with those of the 9/11 terrorists, but only those adversaries that the industry thinks it can protect against without having to spend a lot of money. 

With the NRC’s new limits on the obligations of private security forces in place, the government, and ultimately US taxpayers, are left saddled with the responsibility for addressing the remaining security shortfalls at nuclear plants.  This responsibility has largely fallen on the shoulders of state and local law enforcement agencies, already overburdened with other homeland security duties and not necessarily equipped and trained to deal with the threats that nuclear plant security forces are unwilling or unable to handle themselves. 

If the armed forces cannot legally provide routine protection against beyond-design-basis threats in the absence of war, the government will need to develop another mechanism to provide such protection.  Various Congressional proposals have been floated since September 11 to address this problem, but none have become law.  One proposal called for federalizing nuclear plant security forces (modeled after the federalization of airport security screeners after September 11).  This could result in greater consistency from site to site, as well as standardized and improved training, pay and benefits for private security officers.  A federalized guard force would also be able to provide greater flexibility to adjust its strength rapidly to changes in the threat level.

THE POWERLESS DEPARTMENT OF HOMELAND SECURITY

Since the Department of Homeland Security (DHS) lacks the authority to issue legally binding orders to the NRC, among other agencies, and to enforce them through inspections and punitive actions, the agencies’ “infrastructure protection” function has been relegated to an advisory role that the NRC is free to ignore. Failing to provide DHS with this authority was not an inadvertent omission.  Earlier House and Senate versions of the Homeland Security Act gave DHS the responsibility for “taking or seeking to effect necessary measures to protect the key resources and critical infrastructures in the United States,” a provision that was watered down in the final version. 

AN ATTACK ON INDIAN POINT COULD HAVE DEVASTATING REPERCUSSIONS

The shock with which Americans reacted to the September 11 attacks was a clear indication of the extent to which the United States had underestimated the severity of the terrorist threat to its critical infrastructure.  The scale, the sophistication and the coordination of the al Qaeda assault shattered many long-held assumptions about the motivations and maximum credible capabilities of terrorists within the United States, calling into question the adequacy of physical protection and counterterrorism programs based upon these assumptions. Yet as horrific as the attacks on the World Trade Center and Pentagon were, an attack on the Indian Point nuclear power plant, situated just 22 miles from NY City, would have the potential to affect areas considerably beyond the attack site, causing significantly greater numbers of casualties and more severe economic and environmental impacts. 

Indian Point Safe Energy Coalition (IPSEC). IPSEC is a coalition of fifty-eight civic, environmental, health and public policy organizations that formed in response to a flood of citizen concerns about the safety of Indian Point nuclear power plants after the terrorist attacks on 9.11.01.  Our goal is to ensure the safety and security of our neighborhoods by bringing about the immediate closure of Indian Point and its safe and orderly decommissioning.   For a list of member organizations, visit: www.IPSECinfo.org.     

###

The following research is based upon a paper entitled “NUCLEAR PLANT PROTECTION AND THE HOMELAND SECURITY MANDATE,” authored by EDWARD S. LYMAN, who is the Senior Scientist for the Global Security Program at Union of Concerned Scientists. Mr. Lyman can be reached at 202-223-6133.