Nation & World 9/17/01
A nuclear nightmare
They look tough, but some plants are easy marks for terrorists
BY DOUGLAS PASTERNAK
He called it Project Worst Nightmare. And in the twisted mind of Donald Beauregard, commander of the 77th Regiment Militia in St. Petersburg, Fla., it surely was. Beauregard's plan was simpledisable the electric power grid feeding the nearby Crystal River nuclear power plant with explosives stolen from a National Guard armory. That would shut down the plant, blacking out St. Petersburg. This was no idle fantasy. When the cops finally caught up with him, Beauregard and his "strike team" had a 20-mm cannon, a .50-caliber machine gun, and a few pipe bombs primed to blow.
Beauregard might have succeeded if an informant hadn't tipped the police. He was prosecuted and clapped off to prison last year. But the FBI took Beauregard's plan seriously enough to incorporate it into a test it ran last May against the Palo Verde nuclear generating station in Arizona.And here lies the rub. In the past decade, nearly half the nation's 103 power plants have failed mock terrorist attacks against them. The plants that failed, in other words, would not have stopped the Donald Beauregards of the world.
In the parlance of counterterrorism, nuclear power plants are among the world's most "hardened" targets. Barbed wire, surveillance cameras, motion sensors, armed response teamsall are designed to make the plants impenetrable to even the most determined saboteur. But interviews with current and former Nuclear Regula- tory Commission inspectors, security experts, and plant guards paint a very different picture. Often, security measures at nuclear plants don't work as they should or don't work at all. A re- view of recent incidents by U.S. News reveals numerous breakdowns in plant security, from criminals being granted access to sensitive areas to inadequate security that places vital equipment within easy reach of an attacker who never even enters the plant's perimeter.
Security experts say a terrorist is far more likely to attack a so-called soft target such as a government buildingthan a nuclear power plant. Indeed, argues Lynnette Hendricks of the Nuclear Energy Institute, the nuclear power trade group: "We believe the plants are overly defended at a level that is not at all commensurate with the risk." But in light of attacks against fortified targets such as U.S. embassies, threats against nuclear plants are now considered very real. And concerns about security are likely to mount as the Bush administration calls for greater use of nuclear power. Last year, for instance, Japanese police arrested a man with seven pipe bombs who was planning to blow up a uranium processing plant. Last September, Ukrainian police arrested a group planning to sabotage the Chernobyl reactor. And in the United States, officials list at least 30 threats against nuclear plants since 1978. Most have been hoaxes, but in the mid-1980s, for instance, three of four power lines leading to the Palo Verde plant were sabotaged. And in 1989 four members of Earth First!, a radical environmental group, were charged with conspiring to disable three nuclear power plants in the Southwest.
Rating risks. Despite the threats and the documented security flaws, the nuclear industry has convinced the Nuclear Regulatory Commissionthe federal agency that oversees nuclear power plantsthat security at these sites would function better with less federal oversight. So starting this fall, the NRC will launch a pilot program allowing the power companies to design their own security exercisesa function formerly performed by federal terrorism experts. The industry says the new program will cost the plants less, yet allow for more frequent tests. But opponents, including many within the NRC, say the industry's track record has hardly earned it the right to looser regulation. In the past year alone, NRC inspectors have discovered alarms and video surveillance cameras that don't work, guards who can't operate their weapons, and guns that don't shoot. "I am very skeptical about the nuclear industry's ability to regulate itself," says Rep. Edward J. Markey, a vocal critic of nuclear security.
High on critics' lists of concerns is the failure rate in the NRC-run mock terrorist assaultsattacks that, if real, could have released radiation more lethal than the 1986 Chernobyl accident that resulted in an estimated 32,000 deaths. These exercises, called Operational Safeguards Response Evaluations, or OSREs, have been run by an outspoken former U.S. Navy SEAL captain named David Orrick. In a typical exercise, a team of three "terrorists" armed with small weapons and basic knowledge of how a plant works attempts to penetrate the facility. They evade or disable security equipment and destroy a set of targets in an effort to damage the plant's nuclear core, causing a radioactive release. In some cases, the mock terrorists make it all the way to the sensitive control roomeven though they give plant operators ample advance notice of when they intend to strike.
Proponents of the NRC's mock attacks say they teach valuable lessons. In 1999, the Waterford 3 Nuclear Plant in Taft, La., failed a preliminary mock attack, but the plant's managers said that the exercise did not reflect the plant's true capability. So Orrick's team returned last year to conduct a more rigorous exercise against the plant. "We [the NRC team] just ate them alive," says one NRC inspector. The Waterford 3 site then hired more guards, improved training, and fortified physical barriers. They finally passed an NRC exercise last January. And in May, security guards easily apprehended a man with a history of mental illness who scaled a 10-foot, barbed-wire fence surrounding the site.
Still, critics charge that even the NRC's mock terrorist attacks do not reflect today's real-world scenarios. "There is nothing about protecting against a helicopter assault or a missile taking out one of our positions," says one plant security guard. Last September, for instance, an anti-nuclear demonstrator landed a motorized parafoil on the roof of a nuclear reactor in Bern, Switzerland, before being apprehended by security guards.
While nuclear plant operators design much of their security to prevent attacks from the outside, the record suggests that the greater danger lies within. "If somebody got a job as a janitor and got access to the plant, that's the real threat," says Erik Pakieser, former nuclear security officer at the Prairie Island nuclear generating plant in Minnesota. For instance, at the same time Donald Beauregard was cooking up his Project Worst Nightmare, a maintenance technician at the Crystal River site discovered that someone had intentional- ly disabled one of the plant's |emergency diesel generators. Some nuclear security experts also believe that sabotage should not have been ruled out so quickly as a possible cause of the 1979 accident at the Three Mile Island nuclear plant. Scientists at the Los Alamos National Laboratory found striking similarities between the incident and a computer-generated sabotage scenario they had run several months earlier.
Two decades later, critics remain troubled by the sorts of individuals who can gain access to a nuclear plant. In the early 1990s, a carpenter named Carl Drega got jobs at three nuclear power plants in the Northeast despite an arrest record and a job reference that described him as "volatile." Two months after Drega left the third plant, in 1997, he shot four people to death, including two state troopers, a judge, and a newspaper editor. An NRC investigation of the incident found that none of the three plants had violated their regulations by hiring him.
Easy access. Another insider, a computer programmer who once worked in the control room at the Maine Yankee nuclear power plant, goes to trial next year for murdering seven of his coworkers at a small Massachusetts technology company. Plant coworkers said the programmer, Michael McDermott, slept in a coffin and told a colleague he was sometimes so angry he felt like killing someone. In 1998, a worker at the Turkey Point nuclear plant in Florida had free access to critical areas of the plant for more than a month before officials learned of his 14 arrests. And at the Calvert Cliffs plant in Maryland, officials took eight months to learn that a worker was an illegal Mexican immigrant with fake identification papers and an arrest record. "Charles Manson could get access to a nuclear power plant," says former nuclear security officer Richard Kester.
But some experts worry that attackers can succeed even without getting inside. Classified reports from Sandia National Laboratories show that a well-placed truck bomb would not even have to enter a site's property to destroy vital equipment, leading to a possible release of radiation. In addition, experts say, the water-intake systems at some plants are particularly vulnerable to sabotage by either cutting off the water supply by clogging the intake valve or introducing volatile chemicals into the reactor's cooling system.
An even more accessible target may be spent nuclear material piling up at these plants. Large cooling pools inside reactor containment buildings were designed to store this fuel, but several years ago the pools began to fill up. Now, at many plants, the highly radioactive fuel is stored in cooling pools outside the containment building. "A lot of the spent nuclear fuel casks can be hit with a shoulder-fired missile by someone standing outside the fence," says Dave Lochbaum, nuclear safety engineer at the Union of Concerned Scientists. Yet at plants that are being decommissioned, the nuclear fuel is even less closely guarded. The Maine Yankee plant, which has stored 700 tons of spent fuel in outside cooling pools, has removed all of its vehi- cle barriers and received the NRC's permission to eliminate its armed guard force once the fuel is placed into dry casks.
The chairman of the NRC, Richard Meserve, says that no matter who runs the security drills, the plants remain among the world's most heavily guarded sites. And he says that the NRC mock attacks are expensive for both the commission to run and the plants to prepare for. "The reason we are making a big deal about this," says the Nuclear Energy Institute's Hendricks, is that the corrective actions resulting from these exercises " can have a tremendous impact" on a plant owner. "It can cost a million dollars to make these upgrades [of plant security]," she says. In any case, says Meserve, the new self-assessment pro- gram is only a trial: If it doesn't work, he says, it will be scrapped.
But the chorus of nuclear industry critics continues to grow. "The overall focus [at these sites] is not to protect the public but to get the NRC's blessing and ensure profits," says one nuclear security officer. Starting next week, the Waterford 3 plant, which had boosted security to pass the NRC's terrorist exercise, will begin to reduce its training programs and its guard force. "As soon as the NRC leaves," says one guard, "they downgrade security."