Russia took the unthinkable step of shelling a nuclear power plant in Ukraine this week, sparking a blaze that firefighters couldn’t put out immediately because bullets were raining down on them.

The list of potential disasters was long. What if fire cut power to the cooling systems, which keeps the reactor cores from meltdown? What if inexperienced or nefarious people seized control of its operations and initiated catastrophe? Ukrainian President Volodymyr Zelensky accused Russia of waging “nuclear terror” and warned that an explosion at the six-reactor plant could mean the “end of Europe.”

While it’s exceedingly unlikely that a similar scenario could ever unfold in the U.S., it casts new light on the security of America’s own fleet of nuclear plants, which some experts have criticized for years.

“Don’t be unduly concerned,” said Edwin Lyman, director of nuclear power safety for the Union of Concerned Scientists. “Be duly concerned.”

In Ukraine, the fire turned out to be in a training building and was extinguished on Friday with no release of radioactive material, according to the International Atomic Energy Agency. But the plant — Europe’s largest, providing a quarter of Ukraine’s electricity — is now under Russian control, causing great consternation the world over.

The Department of Homeland Security issued an advisory to critical infrastructure operators in the U.S. last week, asking them to be on the alert for potential cyberattacks. The Nuclear Regulatory Commission “amplified” that advisory with its licensees, officials said.

Highest security: At working reactors

In the United States, the NRC is tasked with ensuring the safety of America’s commercial nuclear fleet, the power plants owned and operated by utilities. That includes everything from ensuring that reactors operate safely to ensuring the physical security of the plants themselves.

Operating reactors, which are splitting atoms and creating electricity, must defend themselves against would-be attackers in regular “force-on-force” drills, in addition to other requirements. Operators conduct annual exercises, and every three years, the NRC supplies its own cast of would-be attackers and conducts its own drills.

“Conducting FOF inspections and implementing the security inspection program are two signature regulatory activities that the NRC performs to ensure the secure and safe use of radioactive and nuclear materials by the commercial nuclear power industry,” the NRC said in its most recent annual report to Congress.

“FOF inspections include both tabletop drills and performance-based FOF inspection exercises. These FOF inspection exercises simulate combat between a mock adversary force and a licensee’s security force. … The mock adversary force attempts to reach and simulate damage to significant components of safety-related systems (referred to as “target sets”) that protect the reactor’s core or the spent fuel. … The licensee’s security force, in turn, attempts to interdict the mock adversary force.”

The program was upended by the pandemic, but, all told, the NRC did 162 security inspections in 2020 — including virtual inspections — and had 65 “findings,” according to the report. That means issues of some concern were uncovered.

NRC

The overwhelming majority of them were minor — “About 91 percent of the findings were assessed as very low safety significance,” the NRC said — but 9% were more serious.

“The areas with the most inspection findings … are cyber security, access control and access authorization,” the NRC said in its report.

Congress gets more detail on precisely what those findings were. The public does not, to avoid providing terrorists a road map to potential vulnerabilities.

Lesser requirements: Plants like San Onofre

Security requirements for decommissioning reactors like the San Onofre Nuclear Generating Station are quite different.

Since these plants aren’t actively splitting atoms, they have no hot cores to defend and thus present a smaller risk. They’re essentially temporary storage sites for spent fuel, so force-on-force exercises are no longer required by the NRC.

Dry storage of used fuel rods at the San Onofre Nuclear Generating Station in Camp Pendleton, CA, on Thursday, December 16, 2021. (Photo by Jeff Gritchen, Orange County Register/SCNG)

Instead, operators must have plans to protect their radioactive material from diversion or sabotage approved by the NRC — but their security forces are not required to engage would-be attackers. That job would fall to local law enforcement.

At San Onofre, however, operator Southern California Edison goes beyond NRC requirements, officials said.

Security towers are perched above the concrete pad where decades worth of spent fuel waits for a permanent home, and even though Edison’s security force doesn’t have to “interdict and neutralize threats,” Edison said it is prepared to do just that.

“SONGS maintains an armed and specially trained on-site response force and maintains a Law Enforcement Response Plan that details law enforcement response actions by off-site agencies, equipment, communication protocols, chain of command, and response timelines,”  Edison said in a 2020 white paper on security.

“SONGS conducts a review of this plan annually and provides training for local law enforcement personnel to help ensure understanding of response actions and any associated hazards. SONGS also conducts drills and exercises and anticipates the FBI will participate in those drills and exercises, while local law enforcement agencies will vary with respect to their frequency and level of participation.”

San Onofre employs a “volumetric intrusion detection system” that triggers an alarm when something as small as a raccoon approaches the waste storage area. “This system is used in conjunction with automated video surveillance that generates immediate video playback to indicate the cause of the alarm, whether an animal or a human. This integrated system goes above and beyond NRC requirements for observational capability,” the white paper said.

National Academies of Sciences, 2006. Safety and Security of Commercial Spent Nuclear Fuel Storage: Public Report. Available at https://www.nap.edu/catalog/11263/safety-andsecurity-of-commercial-spent-nuclear-fuel-storage-public.

To ward off sabotage, there’s “insider mitigation” for workers who access the waste storage area, including background checks and rechecks at least every five years; psychological assessments every three years for “critical group members” such as security personnel and every five years for others; and “continuous behavior observation,” it said.

The waste storage area itself is physically protected by a vehicle barrier system to protect against vehicle-borne explosives, Edison said. The design, construction and placement of this system “was determined by an engineering analysis that is based on Design Basis Threat characteristics, including vehicle size, weight, speed and explosive payloads, along with other factors such as (storage system) design, approach routes and terrain features,” according to the white paper.

Skeptics

Some fear those official “design basis threats” don’t go far enough to anticipate all that might happen.

After years of prodding, Edison considered a handful of doomsday scenarios at a San Onofre public meeting in 2020. What calamity would befall Southern California if terrorists launched rocket-propelled grenades at San Onofre’s spent fuel storage systems? Would there be an explosion — releasing dangerous radioactive clouds — if aging canisters filled with nuclear waste cracked, then water seeped inside? What of sabotage? Security? Fire?

The Holtec Hi-STORM waste storage system at San Onofre was designed to withstand impact from a jetliner, and experts concluded that, while not impossible, breaches that would destroy protective concrete, bust open stainless steel canisters and release dangerous amounts of radiation were highly unlikely.

Impact analyses and tests of concrete overpacks of spent nuclear fuel storagecasks. Nuclear Engineering and Technology 46(1), 73-80. Available athttps://www.sciencedirect.com/science/article/pii/S1738573315300929.

That aggravated some critics, who complained that officials refused to address threats like short-range missiles launched from the sea, which might be easy for terrorists to acquire.

Lyman, the nuclear expert from the Union of Concerned Scientists, was at that meeting. There are types of attacks that could cause greater releases of radioactivity than has been assumed, he said. The NRC started rulemaking to address this; the effort was put on ice; and, under the Biden administration, it’s on the table again. Lyman believes that’s good.

But Edison has asked the NRC to reduce the size of the “controlled boundary area” around the fuel storage area at San Onofre, a nod to the reality that people heading to San Onofre Beach come close to the facility.

“It highlights the vulnerability of that site,” Lyman said.

The NRC is considering Edison’s request, officials said, but Lyman doesn’t much like it. He also doesn’t like that security forces aren’t required to engage attackers at sites like San Onofre. He doesn’t like it that they aren’t required to do force-on-force drills.

“Is it wise? No, I don’t think so,” he said. “There should be ways to assess the security of the site.”

The Union of Concerned Scientists has a five-point action plan for regulators. The NRC should revise its assumptions about terrorists’ capabilities to ensure nuclear plants are adequately protected against credible threats, and these assumptions should be reviewed by U.S. intelligence agencies; it should modify the way it judges force-on-force security exercises by strengthening the assessment of a plant’s “margin to failure”; establish a program for licensing private security guards that would require successful completion of a federally supervised training course and periodic recertification; require new reactor designs to be more secure against land- and water-based terrorist attacks; and require reactor owners to improve the security of existing dry cask storage facilities.

The NRC remains confident that its systems work.

“Sites employ defense-in-depth strategies to protect against terrorism and radiological sabotage, including well-trained security forces, robust physical barriers, intrusion detection systems, surveillance systems, and plant access controls,” it told Congress in its annual report.

All U.S. nuclear power plants, “under a normally high level of NRC regulatory oversight,” are operating safely, the NRC said in a statement this week.

Related Articles