Nuclear’s Fatal Flaws: Security

For a PDF of this document, click here.

Nuclear plants currently operate at 64 sites in 31 states.  Considering the devastation that could result from a successful terrorist attack on a nuclear plant, ensuring their protection should be a priority in a post-September 11 environment.  However, the U.S. Nuclear Regulatory Commission (NRC) and nuclear industry are leaving plants vulnerable.

What Could Happen?

The 9/11 Commission noted in June 2004 that al Qaeda’s original plan for September 11 was to hijack 10 airplanes and crash two of them into nuclear plants.[1]  A successful attack would release “large quantities of radioactive materials to the environment.”[2]  A September 2004 study by Dr. Ed Lyman of the Union of Concerned Scientists, using the NRC’s own analysis method, found that a worst-case accident or attack at the Indian Point nuclear plant 35 miles north of New York City could cause up to 43,700 immediate fatalities and up to 518,000 long-term cancer deaths.  Such a release could cost up to $2.1 trillion, and would force the permanent relocation of 11.1 million people.[3]

Security Tests Still Inadequate

The best way to evaluate the adequacy of security at a nuclear plant is to subject the guard force to a realistic mock terrorist attack and see how well they are able to defend the plant.  These “force-on-force” tests are designed to ensure a plant can defend against a minimum attack scenario, in terms of the number of attackers, their tactics, and their training.

The tests have been upgraded somewhat since September 11.  Moreover, plants are still warned months in advance of when a test will take place, allowing them excessive time to prepare for the tests.  While the tests previously took place once every 8 years, they are now scheduled once every 3 years.  In contrast, the Department of Energy (DOE) conducts tests at its facilities annually.  The old test assumed there were only three attackers.  This number has been increased, but it is still far fewer than the 19 hijackers involved in the September 11 plot.  Further, it was only after Public Citizen filed a lawsuit against the NRC that they agreed to follow their normal rulemaking process in revising the force-on-force tests that allows for public input.

Utilities are also not required to defend nuclear plants against mock attacks from the air or water, even though all nuclear plants are adjacent to lakes, rivers, or oceans.  Despite the more lenient conditions of the force-on-force tests prior to September 11, between 1991 and 2001 almost half the plants tested failed to prevent the mock attackers from simulating damage that would result in significant core damage and risk of meltdown.[4]  After September 11, the tests were actually suspended and just recently resumed in November 2004.

Conflict of Interest Further Erodes Test Effectiveness

Even though the force-on-force tests are the most crucial factor in evaluating security effectiveness, their integrity has been further undermined by a conflict of interest.  Wackenhut Corp. currently holds contracts to guard 31 of the 64 commercial nuclear sites in the U.S.  However, in June 2004, the Nuclear Energy Institute (NEI), the nuclear industry’s trade association and lobbying arm, was allowed by NRC to hire Wackenhut to conduct the force-on-force exercises at all the nuclear plants in the country.  In essence, Wackenhut will be testing itself at half the sites.  If the company wants to retain its contract to guard a plant, it would not be difficult for its mock attackers to go easy on plant guards.[5]  Without a rigorous and realistic test scenario, the test itself becomes meaningless.  Wackenhut has also demonstrated poor performance guarding plants.[6]


The public plays a critical role in providing oversight of the NRC and its enforcement of security regulations.  For example, by knowing how poorly plants performed prior to September 11, we have been able to call for stronger standards, such as forcing inclusion of a truck bomb attack scenario and the creation of uniform training and qualification standards for mock adversaries.  However, in August 2004, the NRC announced that it would no longer release any information about security at nuclear plants for fear that publicly identifying major weaknesses could help terrorists.[7]

While some security-related information could be dangerous in the wrong hands, a complete information blackout is unnecessary.  The National Academy of Sciences (NAS) wrote in a report released in April 2005 that “Security restrictions on sharing of information and analyses are hindering progress in addressing potential vulnerabilities of spent fuel storage to terrorist attacks.”[8]  Three years after September 11, NRC should have no reason to fear releasing the results of security tests and inspections, because there should be no major flaws.  If there are problems, plants should shut down until they are fixed, not be allowed to hide the problem.  Their unwillingness to release any information indicates a lack of confidence. 

Irradiated Fuel Still Vulnerable

Most people think the greatest threat is from a reactor meltdown.  However, perhaps a greater vulnerability is the irradiated, or “spent,” fuel stored at the reactor site.  The irradiated fuel, often stored in a large concrete pool, contains much more radiation than the reactor itself.  The General Electric Mark I and Mark II Boiling Water Reactors (BWR) are the most vulnerable in this regard.  Nearly one in three reactors in the U.S. is of this design – 32 in all.  These reactors store their spent fuel in pools several stories above ground and outside the reactor containment structure, as opposed to on or below the ground and inside the reinforced concrete containment dome.

An NRC report issued in 2000 stated that “Mark I and Mark II secondary containments generally do not appear to have any significant structures that might reduce the likelihood of aircraft penetration,” and that a fuel pool fire could cause casualties up to 500 miles away.[9]  NAS wrote in their April 2005 report that “Spent fuel storage facilities cannot be dismissed as targets,”[10] and that additional work to understand vulnerabilities “is needed urgently.”[11]  The NRC and industry, however, continue to maintain the likelihood of such an attack is too low to worry about.

Also in April 2005, the Government Accountability Office released a report finding that “NRC needs to do more to ensure that power plants are effectively controlling spent nuclear fuel,” which could be used to construct a dirty bomb.[12]



[1] The 9/11 Commission Report: Final Report of the National Commission on Terrorist Attacks Upon the United States, p. 154; <>.

[2]“Safety and Security of Commercial Spent Nuclear Fuel Storage,” National Academy of Sciences, April 2005; p. 57.

[3]Dr. Edwin S. Lyman, “Chernobyl on the Hudson?  The Health and Economic Impacts of a Terrorist Attack at the Indian Point Nuclear Plant,” Riverkeeper, Inc., September 2004.

[4]“Nuclear Reactor Security,” Union of Concerned Scientists, <>.

[5]See comments of Dave Lochbaum, Union of Concerned Scientists, in Leading Nuke Watchdogs: New US Nuclear Security Plan May Harm, Not Help Security; <

[6]“Report of Investigation: Entergy Nuclear Northeast, Indian Point #2,” January 2002; <>.

[7]“NRC Modifies Availability of Security Information for All Nuclear Plants,” NRC News Release, August 4, 2004; <http://www.nrc. gov/reading-rm/doc-collections/news/2004/04-091.html>.

[8]NAS, p. 77.

[9]“Spent Fuel Pool Accident Risk Report,” U.S. Nuclear Regulatory Commission, October 2000; p. 3-23.

[10]NAS, p. 36.

[11]NAS, p. 58.

[12]NRC Needs to Do More to Ensure that Power Plants are Effectively Controlling Spent Nuclear Fuel, Government Accountability Office, GAO-05-339, April 2005; <>.