1
1 UNITED STATES OF AMERICA
2 NUCLEAR REGULATORY COMMISSION
3 OFFICE OF THE SECRETARY
4 ***
5 BRIEFING ON SAFEGUARDS PERFORMANCE ASSESSMENT
6 ***
7 PUBLIC MEETING
8
9 Nuclear Regulatory Commission
10 Commission Meeting Room
11 11555 Rockville Pike
12 Rockville, MD
13
14 Wednesday, May 5, 1999
15
16 The Commission met, pursuant to notice, at 10:10
17 a.m., the Honorable Shirley Jackson, Chairman of the
18 Commission, presiding.
19
20 COMMISSIONERS PRESENT:
21 SHIRLEY JACKSON, Chairman
22 GRETA DICUS, Commissioner
23 NILS DIAZ, Commissioner
24 EDWARD MCGAFFIGAN, Commissioner
25 JEFFREY MERRIFIELD, Commissioner
2
1 STAFF AND PRESENTERS SEATED AT THE COMMISSION TABLE:
2 PANEL 1
3 WILLIAM TRAVERS, EDO
4 SAM COLLINS, NRR
5 WILLIAM KANE, NRR
6 RICHARD ROSANO, NRR
7 DAVID ORRIK, NRR
8
9 PANEL 2
10 RALPH BEEDLE, NEI
11 JOHN R. McGAHA, ENTERGY
12 WILLIAM A. JOSIGER, NYPA
13 PAUL LEVENTHAL, NCI
14 ELDON V.C. GREENBERG, NCI
15
16
17
18
19
20
21
22
23
24
25
3
1 P R O C E E D I N G S
2 [10:10 a.m.]
3 CHAIRMAN JACKSON: Good morning.
4 On behalf of the Commission, I would like to
5 welcome all of you to this briefing on the NRC safeguards
6 and performance assessment program.
7 I would like to remind all participants at the
8 outset that this is a public meeting, and given that our
9 topic today involves security and safeguards issue, we
10 should be careful not to discuss -- not to discuss or to
11 disclose information that is considered sensitive or
12 classified.
13 Let me repeat. This is a public meeting, and
14 given that our topic today involves security and safeguards
15 issues, we should be careful not to discuss or to disclose
16 information that is considered sensitive or classified,
17 including references to specific details of the design basis
18 threat or vulnerabilities at any particular facility.
19 As you may know, NRC regulations require nuclear
20 reactor licensees to establish a physical protection system
21 and a security organization to protect against the design
22 basis threat of radiological sabotage.
23 Licensees also are required to establish physical
24 security plans to ensure that specific physical protection
25 capabilities are met.
4
1 NRC security inspections at power reactors are
2 designed to evaluate licensee compliance with plan
3 commitments and to assess the capabilities of licensee
4 security programs.
5 For the past seven years, the NRC staff also has
6 conducted operational safeguards response evaluations, known
7 as OSREs, an acronym, as a supplemental performance
8 evaluation of licensee response capabilities.
9 In the fall of 1998, a series of events brought
10 the OSRE program into the spotlight, including, first, the
11 cancellation of the program by NRC management; second,
12 differing professional views submitted by various members of
13 the NRC staff; third, subsequent reinstatement of the
14 program at my direction; and fourth, the formation of the
15 Safeguards Performance Assessment task for to review the
16 OSRE program and to develop recommendations for improvement.
17 In recent months, the OSRE program has undergone a
18 great deal of scrutiny by the task force, by the Commission,
19 and by external stakeholders, including members of the
20 Congress.
21 This scrutiny, I believe, has been beneficial in
22 all respects and should result in a much improved program.
23 The Commission currently is considering recommendations by
24 the NRC task force for improvements in assessing safeguards
25 performance.
5
1 Today, the Commission will be briefed by two
2 panels on this topic of safeguards performance assessment.
3 The first panel will be comprised of those at the
4 table, the NRC EDO, Dr. Bill Travers, and several
5 contributors from our Office of Nuclear Reactor Regulation,
6 Mr. Bill Kane, who's associate director of inspections and
7 programs, Mr. Dick Rosano, who's chief of the reactor
8 safeguards section, and Mr. David Orrik, a security
9 specialist in the reactor safeguards section.
10 The second panel will include various individuals
11 from NEI, led by Mr. Ralph Beedle. It will also include Mr.
12 Paul Leventhal, I believe is here, from -- who's president
13 of the Nuclear Control Institute, and is there a Mr. John
14 McGaha, who is executive vice president and chief operating
15 officer of Entergy Operations, Inc.
16 I'm told there may be others, and if so, they can
17 identify themselves when they come to the table.
18 Let me thank each of you for your participation in
19 this meeting at the outset, and without further
20 introduction, unless my colleagues have additional comments,
21 let me invite panel one.
22 Yes.
23 COMMISSIONER MERRIFIELD: I was just going to ask
24 -- I was just wondering whether it was your intention to
25 have -- we've got two presentations, one by sort of the
6
1 staff and then a separate one by Mr. Orrik. Does it make
2 sense to wait until both have had an opportunity to speak
3 and then ask questions?
4 CHAIRMAN JACKSON: I think if there are clarifying
5 questions after the staff presentation, you know, one should
6 ask those questions.
7 Again, we'll try to let them get as far as they
8 can, but I think if there are clarifying questions that
9 people feel they want to ask, we should ask. I think we've
10 allotted enough time to allow for that, but we'll try to
11 have a structured presentation and let you go through, and
12 then -- recognizing that if -- there may be questions after
13 the second panel that may relate to what we've heard from
14 the NRC staff.
15 And so, Dr. Travers, why don't you begin?
16 MR. TRAVERS: Thank you, Chairman, and good
17 morning.
18 As you've indicated, we are here in this first
19 part of the meeting as the staff to discuss with you the
20 status of the safeguards performance assessment program with
21 a particular focus on the operational safeguards response
22 evaluation, or OSRE program.
23 I think you've already introduced the staff
24 members.
25 I would just point out just one additional piece
7
1 of information for people who might be interested.
2 The details of the Safeguards Performance
3 Assessment task force are contained in SECY 99-024, and with
4 that, I'd just like to turn the meeting over to Bill Kane,
5 who's going to begin the presentation.
6 MR. KANE: Good morning.
7 CHAIRMAN JACKSON: Good morning.
8 MR. KANE: The centerpiece of our discussion today
9 will be the recommendations of the Safeguards Performance
10 Assessment task force.
11 We'll try to compare the recommendations going
12 forward with the past OSREs and also the ones that we are
13 currently conducting and will be conducting until April of
14 next year.
15 I would point out that these remaining 10, at this
16 point, OSREs -- we do expect to pilot many of the things
17 that we can from the new process, the new recommendations,
18 and to attempt to learn from each of these going forward
19 some of the lessons that we can then adjust and apply to
20 subsequent OSREs.
21 So, at this point, I would like to turn it over to
22 Richard Rosano, who is chief of our safeguards section.
23 MR. ROSANO: Good morning.
24 CHAIRMAN JACKSON: Good morning.
25 MR. ROSANO: We have a number of slides that have
8
1 to do with background, and in the interests of time, I will
2 cover them only briefly, unless you have questions about
3 them.
4 The first slide is on the chronology of the
5 operational safeguards response evaluation program, and it
6 tracks the history from 1992, when it was formed, through
7 some recent events, going through last year, when there was
8 a planned elimination of the program and its reinstatement.
9 Again, I don't plan to spend very much time on
10 that, unless you have questions on it.
11 The next slide refers to 10 plants remaining in
12 the first cycle.
13 As Mr. Kane pointed out, when the OSRE was
14 reinstated last fall, there were 11 plants remaining. We
15 had made some changes for the modified program and restarted
16 it as of last week. There was an OSRE conducted at Watts
17 Bar last week, and so, the 11 is now down to 10.
18 This is the proposed schedule. It may be subject
19 to some changes, obviously, but this is what we're expecting
20 at this point.
21 Unless we have any questions on the schedule, I'd
22 like to go on to the recommendations.
23 The next two slides, the recommendations,
24 safeguards performance --
25 CHAIRMAN JACKSON: Are you going to talk to us
9
1 about any kind of general conclusions that come out of the
2 Watts Bar OSRE?
3 MR. ROSANO: I would be happy to do that. In
4 fact, this might be the best time.
5 There were some changes implemented in the
6 program, and now that I've said it's the best time, I'm
7 going to have to talk about this later, because some of the
8 changes are reflected in later slides.
9 CHAIRMAN JACKSON: Why don't you circle back?
10 MR. ROSANO: You want to circle back to Watts Bar
11 later on? That's fine.
12 Okay.
13 The recommendations of the task force set as its
14 goal to study the lessons learned from the OSRE program to
15 make recommendations as to the alternative means of testing
16 the response capability in the future.
17 CHAIRMAN JACKSON: It's not focused.
18 MR. ROSANO: I hope you meant the slide, Madam
19 Chairman.
20 CHAIRMAN JACKSON: Beg your pardon?
21 MR. ROSANO: I hope you meant the slide and not my
22 comments.
23 [Laughter.]
24 CHAIRMAN JACKSON: Well, let me think about that.
25 MR. ROSANO: Okay. Well, I'll wait while he
10
1 focuses it, but I'm going to continue.
2 Our goal was to learn something from the past but
3 to keep in place our performance assessment program and look
4 for new ways to do in the future, so that we can instill new
5 realism in the scenarios as well as to ensure that we
6 maintain a higher level of capability of the licensees'
7 response over time.
8 On the next slide, as to the exact
9 recommendations, the SECY paper outlines four
10 recommendations by the staff.
11 SECY paper 99-024, which were the recommendations
12 of the Safeguards Performance Assessment task force,
13 suggested that there would be a regulation required that
14 would require periodic drills and exercises of the
15 licensees, the specifics on that I'll get into on the next
16 slide, but that the drills and exercises would be designed
17 to test the licensee's response capability but also train
18 them through regular testing to maintain a higher level of
19 response capability through time rather than the more
20 infrequent tests that they were subject to under OSRE.
21 The OSRE cycle, because of time involved, was an
22 eight-year cycle, and so, plants only got a visit about
23 every eight years. The drills and exercises are designed to
24 occur quarterly, small scale, and biennially on the large
25 scale.
11
1 This regulation would also require that the
2 licensees upgrade security when vulnerabilities are
3 identified in these tests and that it wouldn't leave it
4 simply as testing but that they'd be required under
5 regulation to make some improvements, to upgrade.
6 The second recommendation is that guidance be
7 given to the industry. The guidance would reach into areas
8 like designing the target sets, which are the sets of
9 equipment thought to be necessary to defeat before a
10 successful sabotage event could occur.
11 So, they would receive guidance on designing
12 target sets. They would receive guidance on designing their
13 tactical response capability, and the guidance would also
14 include how to run the drills, how to run the exercises. It
15 would go into the details that the regulation couldn't reach
16 in terms of how to conduct these exercises, and also, the
17 periodicity of the exercise would be in the regulation
18 itself, though.
19 The third recommendation of the task force was
20 that there be an inspection procedure, either a revised --
21 the revision of an existing procedure or a new procedure,
22 and quite frankly, it would likely be a new procedure, to
23 guide the inspectors in overseeing and observing, inspecting
24 these exercises, and the inspection procedure would be
25 geared to both the quarterly drills and the biennial
12
1 exercises, although it's as yet undecided what level of
2 involvement the NRC would have in quarterly drills.
3 That's a matter of resources, a matter of the
4 performance of the licensee. All of this would be key to
5 the baseline inspection program, and so, our involvement in
6 quarterly drills might be less necessary where licensees
7 appear to maintain a high level of performance.
8 The fourth recommendation has to do with training
9 of NRC regional inspectors.
10 The OSRE team and its contractors bring to bear a
11 lot of expertise that is unique and it is specialized
12 experience. The inspectors are well trained in physical
13 security. Not necessarily all of them are well trained in
14 tactical response.
15 Clearly, we would have to raise the level of
16 training for these inspectors as they become more involved
17 in an oversight function for drills and exercises.
18 In the next slide, we begin to examine the former
19 program and the staff's recommendations for the new program.
20 There have been some questions about the adequacy of the new
21 recommendations versus the old program, and so, this was set
22 out to try to demonstrate how we expect the new program to
23 cover all of the aspects of the old program and add some
24 more.
25 You'll notice there are four columns. In the
13
1 first -- well, actually the second column, it's current OSRE
2 has run from 1992 to 1998. We are currently functioning in
3 the third column, is the modified OSRE. This is modified to
4 include several improvements.
5 One of the things in the modified program is that
6 licensees will no longer be allowed to run their drills with
7 more than -- more guards than they are committed to in their
8 security plan.
9 There have -- to clarify that, licensees often
10 have what's called a running force -- that is, a number of
11 guards that -- in excess of their commitments, and many
12 licensees have committed to themselves that they will always
13 carry that guard force, for a variety of reasons, including
14 to back up for sick call-ins or whatever, just to have more
15 guards on force, and the OSREs have been conducted allowing
16 them to use this running force.
17 That is not, however, what they're committed to in
18 their security plan, and so, under the modified program --
19 and by that, I mean the licensees that are necessary to
20 complete the first cycle, that being 11 more -- they -- all
21 the licensees will be required to stick to what they've
22 committed to in their plan.
23 Using hypothetical figures, if they commit to five
24 immediate responders and five back-up responders, they are
25 tested now so that they may only use the five immediate
14
1 responders, and if they commit to five back-up responders,
2 when the drill begins, there is a radio contact made with
3 those back-up responders to find out where they're placed.
4 They may be randomly placed based on other duties
5 or other assignments at that time, and as the drill begins,
6 they would be, in a sense, locked in at that place, so that
7 the drill could run as if they're reporting from the
8 cafeteria or the coffee shop or wherever they happen to have
9 drifted during that period, and they'll be tested
10 accordingly.
11 They won't be allowed to be poised ready to
12 respond.
13 We are also in the modified program piloting some
14 important new concepts that will become part of the
15 recommendations for the future, the most important of which
16 is the incorporation of operational solutions to the
17 judgement of the success of the licensee.
18 Operational solutions have been considered in the
19 past an OSRE, and there have been -- it's certainly been a
20 big part of the development of target sets, because a target
21 set can only be defined based on what ops can or cannot do.
22 However, in the future, what we're going to be
23 doing -- in this modified program, what we're going to be
24 doing is testing how these operational concepts inter-link
25 with the security response, and so, for the next 10 -- and
15
1 we began this last week with Watts Bar -- we will be
2 requiring licensees to participate with ops individuals to
3 play in the table-top drills and the exercises to describe
4 what they would be doing during the running of the drill,
5 what actions would they be taking and what are the likely
6 effects on the plan if they take those actions.
7 The fourth column -- and I know I dwelled quite
8 long on the third column, but the fourth column would be
9 what the staff recommends for the future, and it
10 incorporates things that we've learned from the past as well
11 as some of the piloted concepts in the modified program and
12 then some.
13 I'm going to get ahead and step through the 10
14 points now and would be happy to take questions at the time
15 I bring up each of the issues, because they are somewhat
16 specific, as you like.
17 The first one is on frequency of tests. As I
18 mentioned before, the OSRE cycle was an eight-year cycle.
19 We believe that we could achieve more by having more
20 frequent tests at the sites, and our goal with the
21 recommendation was to achieve that.
22 In the modified OSRE, we're simply going to
23 complete the first cycle, but the SPA task force recommends
24 that there be quarterly drills, drills being defined as
25 single-shift exercises, relatively simple, perhaps not with
16
1 a lot of NRC involvement.
2 Regional inspectors may attend on occasion to see
3 how they're performing.
4 The results of these quarterly drills will become
5 part of the performance indicator program and feed into the
6 risk-informed baseline inspection program.
7 We also recommend biennial exercises of a larger
8 scaler involving more than a single shift, single scenarios,
9 and those would be more frequently looked at by NRC
10 inspectors and headquarters individuals, as necessary.
11 In item number two --
12 MR. COLLINS: Excuse me, Dick.
13 MR. ROSANO: Yes, sir.
14 MR. COLLINS: Philosophically, this is a part of
15 shifting -- I'm going to call it a burden, but really, it's
16 an obligation with an up-front clarification of what is
17 required as far as expectations, with some clarity in the
18 requirements, and shifting that role from a response to the
19 NRC periodically once every eight years with an OSRE to
20 ingraining it into the processes that licensees would
21 utilize to surveil any process or program that they may have
22 that meets a regulatory requirement, very similar to the way
23 that we handle other attributes of defense-in-depth, if you
24 will.
25 MR. ROSANO: Okay.
17
1 Item number two has to do with the size of the NRC
2 team at exercises. Currently, the OSRE team has one or two
3 regional inspectors, three headquarters individuals, and
4 three contractors who attend, and during the modified
5 program, we intend to continue that.
6 In the SPA task force recommendations, we believe
7 that we can get more visits, perhaps, out of that same
8 number of people, and in fact, increasing the number of
9 visits without increasing resources is one of the goals of
10 the task force, and by doing so, what we would recommend is
11 that these -- the attendants at biennial exercises be by,
12 again, one or two regional inspectors, likely no more than
13 one often, and one to two headquarters staffers and one to
14 two contractors.
15 COMMISSIONER MERRIFIELD: Madam Chairman?
16 CHAIRMAN JACKSON: Please.
17 COMMISSIONER MERRIFIELD: I had a question about
18 resource requirements, because we're going from a cycle
19 where we visit the plants once every eight years to, in
20 essence, as a result of the exercises, visiting them once
21 every two years, and I'm wondering what the -- if you've
22 done an analysis of the resource implications, and I'll just
23 layer on top of that, we're also going to have resource
24 implications as it relates to all of the training we're
25 going to have to do of our resident inspectors to be
18
1 available to do the quarterly drills.
2 CHAIRMAN JACKSON: Are they resident or
3 region-based?
4 MR. ROSANO: Region-based, likely.
5 COMMISSIONER MERRIFIELD: I'm sorry. Thank you
6 for the clarification.
7 MR. ROSANO: Yes.
8 COMMISSIONER MERRIFIELD: But nonetheless, there
9 will be additional training requirements for them, as well.
10 MR. ROSANO: Yes. We have given that some
11 thought, and I will begin by saying that the arrangement of
12 resources as they're shown in item number two would double
13 the number of visits that we can make, and so, instead of an
14 eight-year cycle, we could reduce it to a four-year cycle.
15 That's the first cut.
16 The second cut on this issue is that, if we use
17 the baseline inspection program and use input from the
18 quarterly drills and performance indicators in this area, we
19 will be able to decide which licensees need more frequent
20 oversight by the NRC during this process and which need
21 perhaps less, and it could be that we could achieve visits
22 at the right frequency, depending on the performance of the
23 licensee, without increasing resources.
24 MR. COLLINS: And I think it's fair to say that
25 we'd look at the rest of the program, as well, to see if
19
1 other adjustments needed to be made.
2 MR. ROSANO: Okay. And Dr. Travers just pointed
3 out -- I don't mean to suggest that we would attend every
4 biennial exercise, and even with my first math, it would
5 double the resources. What I mean to say is we won't to go
6 to everyone, and if we do, it may be that NRC -- or I'm
7 sorry -- regional inspectors go to every one but that a full
8 force, including headquarters and contractors, will go when
9 it's selected, that that licensee has either performed at
10 the level that indicates the need for it or that we
11 determine some larger cycle to make sure that every plant
12 gets the full force, but those are the kinds of
13 considerations.
14 COMMISSIONER MERRIFIELD: Okay. Now I understand,
15 because you have here -- in number one, you refer to
16 biennial exercises by NRC inspectors. That wasn't clear to
17 me.
18 MR. ROSANO: I'm sorry. That is meant that -- we
19 would expect the regions to send someone to all the biennial
20 exercises, but it might not have attendance by the full OSRE
21 team.
22 COMMISSIONER MERRIFIELD: Okay.
23 MR. COLLINS: Again, the intent is not to have the
24 NRC to be the cornerstone or the hinge-pin for these
25 programs to be successful, for us to be in more of an
20
1 oversight role, and that oversight role is graded based on
2 performance and periocity rather than a commitment for
3 everyone.
4 COMMISSIONER MERRIFIELD: But it would still be
5 the expectation we would double the number of visits we'd be
6 able to make.
7 MR. ROSANO: If we changed the resource allocation
8 the way I've suggested here, we could double the visits
9 immediately.
10 COMMISSIONER MERRIFIELD: Okay. Thank you.
11 MR. ROSANO: Item number three refers to target
12 sets, and a cornerstone of the performance assessment
13 process is target sets -- that is, to determine the sets of
14 equipment that, taken as a set, would have to be defeated
15 before a Part 100 release would be realized, and it used to
16 be in the past that the requirement was that they protect
17 all vital equipment, and it was determined over time that
18 that's not necessary, that, in fact, certain pieces of vital
19 equipment could be defeated without reaching a state of
20 emergency at the site.
21 So, these target sets began to be developed
22 site-specifically. These target sets undergo a lot of
23 scrutiny by the NRC in our office, as well as by the site,
24 because the sites are expected to develop their own target
25 sets in order to figure out what their response strategy
21
1 would be.
2 In the OSRE program over time, the target sets
3 were defined by the licensee and coordinated with the NRC
4 team. That is still the way we're doing business.
5 We expect that, by the end of the first cycle,
6 though, a lot of the target sets, essentially all of the
7 target sets would have been defined, and that there may be
8 some changes over time, but the amount of effort necessary
9 to deal with target sets after the first full cycle will
10 reduce considerably and that, in the future, the -- another
11 item is that, in the future, the target sets will be
12 oriented to Part 100 release limits rather than core damage,
13 which has been the goal so far, because we want to take the
14 next step.
15 More than core damage, there has to be evidence of
16 Part 100 release. That will be the design of the target
17 set.
18 The last item is we would incorporate operational
19 solutions, but again, that is part of taking the next step
20 into Part 100 and not simply achieving core damage.
21 Do you have any questions there?
22 Item number four is, thankfully, shorter. The
23 number of target sets during each test -- it has been four,
24 it's continuing to be four, but again, we've changed that
25 slightly for the new program, because the quarterly drills
22
1 will be smaller scale, and the biennial exercises will be
2 larger, and we just intend to have more target sets worked
3 into the drills in biennial exercises.
4 Number five is the make-up of the mock adversary
5 force. I want to make it clear that we do not attack the
6 plants. We rely on licensees to staff a mock adversary
7 force. That has been true, it is true, and unless we're
8 given other direction, that will continue to be true.
9 MR. COLLINS: Dick, just to be clear, though,
10 there is some demonstration, potentially, that takes place
11 with use of the contractors.
12 MR. ROSANO: The contractors work with the
13 licensees through the table-top drills, and the contractors,
14 who have excellent talents in this area, deal with the
15 licensee security organization to define how the attack
16 ought to take place, but the actual carrying out of the
17 attack is done by the licensee or, in some cases, for
18 example, Watts Bar, they brought in an adversary force from
19 another plant.
20 In fact, there was an interesting combative
21 camaraderie going there. So, it was interesting to observe
22 that.
23 Commissioner Dicus had the benefit of being there.
24 I'm sure she would have some comments on it.
25 Item number six, the make-up of the guard force
23
1 during the test -- this is what I mentioned earlier, and I
2 went, perhaps, into too great detail earlier, but it's
3 restated here.
4 Tests have been carried out with more guards and
5 committed to in the security plan because it reflected the
6 running level, the running force at the site.
7 In the modified OSRE and in the SPA task force
8 recommendations, we're going to stick to the security plan.
9 It's whatever they commit to and it's how they commit to it.
10 So, for example, if they have back-up guards,
11 they're only allowed to be located somewhere that they might
12 be in wandering around the plant. They're not allowed to be
13 poised and ready to respond.
14 COMMISSIONER MERRIFIELD: Madam Chairman?
15 CHAIRMAN JACKSON: Please.
16 COMMISSIONER MERRIFIELD: Do you anticipate any
17 modification of licensees' existing makeup of those? Do you
18 expect them to add additional responders as a result of this
19 change in the OSRE testing?
20 MR. ROSANO: I've heard some licensees say that
21 they will want to.
22 I've heard other licensees say they will have to,
23 that licensees -- in fact, one comment I received in the
24 meeting with NEI a couple of months ago was that they've
25 used these guards and they've committed to themselves that
24
1 they would have these guards there.
2 They hadn't put that in the plan, but now that
3 they know it's the rules of engagement, they're going to put
4 it in the plan, and it doesn't seem to bother them, because
5 they're already paying the guards anyway.
6 MR. ORRIK: I'd like to add to that, in all of the
7 57 OSREs, 58 OSREs that we've had so far, typically the
8 response -- or the guard force on duty at any time is a much
9 larger number than the number of responders that they commit
10 to.
11 It is also larger than the number of responders
12 that they actually use.
13 So, I have known of no site that has had to
14 actually increase the number of officers they have on duty
15 at any one time, although they have gone, as we've noted, to
16 a larger response force than they have committed to, but I
17 know of no plant that has actually had to add forces before
18 the OSRE.
19 MR. COLLINS: That's a different issue, I think.
20 Let me try to clarify the issue for you, if I can.
21 The intent of the pilots is to answer just that
22 question. Watts Bar, perhaps, was the first plant wherein
23 the manning requirements of the security, training, and
24 contingency plans were adhered to in response to the
25 modified OSRE.
25
1 As we go through the rest of the pilots, we'll
2 learn more, on a site-by-site basis, which is, I think,
3 contingent on the target set robustness, the equipment
4 that's at the plant, the number of people that's committed
5 to individually their training. There's a lot of variables
6 in this formula.
7 The intent of the pilot is to provide a process by
8 which, after the modified OSRE is complete, there is an
9 evaluation period. That evaluation allows for an assessment
10 of the results of the OSRE against the requirements of the
11 security plan, the equipment, and an operational component.
12 Those three evaluations will result in a
13 reconciliation of the performance of the OSRE, which may end
14 up with the guard force number being modified. It's a
15 double-edged sword, could be up or down.
16 Commitment to additional security equipment which
17 is necessary to pass or is not necessary to pass and
18 therefore can be removed or a confirmation that the
19 operational safeguards, which is redundancy, diversity of
20 engineered safeguards, as well as operator response, is
21 adequate or additional commitments need to be adhered to
22 there.
23 So, that's a long answer, but it will come out of
24 the pilots and it will be a reconciliation of performance.
25 It may be either way. It may up. In some cases, it may be
26
1 down.
2 COMMISSIONER MERRIFIELD: I think when we went
3 through the earlier effort before the chairman required the
4 OSRE program to be continued, there was, I think, some
5 confusion about the activities being undertaken by licensees
6 relating to their guard force.
7 We talk about the number of responders and how
8 that may be modified in these exercises. Mr. Orrik brought
9 up the issue of the -- and to repeat again, to your
10 knowledge, no licensee has reduced the number of total
11 security guards at a plant as a result -- after an OSRE? Is
12 that what you said?
13 MR. ORRIK: No, sir. Actually, some licensees
14 have reduced the number of responders.
15 COMMISSIONER MERRIFIELD: No, total number of
16 security guards employed at the facility.
17 MR. ORRIK: No, sir, I would not know that. I
18 would believe that would be a logical outcome of reducing
19 the number of responders, but I tend to doubt that. I don't
20 know that answer.
21 CHAIRMAN JACKSON: Is the confusion due to the
22 fact that -- each plant has a security force. Within that
23 security force are the responders.
24 COMMISSIONER MERRIFIELD: Individuals who are
25 designated as people who would respond if they were
27
1 attacked.
2 CHAIRMAN JACKSON: That's right.
3 MR. COLLINS: That is correct.
4 CHAIRMAN JACKSON: And that's the number that one
5 is talking about going up or down on and not the overall
6 envelope of the number of security personnel that they have.
7 MR. KANE: And I believe Mr. Orrik's response was
8 that adding additional responders did not increase the
9 overall size of the security force.
10 COMMISSIONER MERRIFIELD: I'm sorry. That is
11 correct.
12 MR. COLLINS: It can be moved but still not
13 increase the total number.
14 COMMISSIONER DICUS: For an exercise or drill,
15 right? Or in general?
16 CHAIRMAN JACKSON: Well, it's the number committed
17 to in their security plan.
18 MR. ROSANO: That's right.
19 COMMISSIONER DICUS: But if they increase the
20 number -- happen to increase the number of responders in
21 their security plan, that implies increasing the guard force
22 or extending into longer overtime.
23 MR. ROSANO: The guard force is made up of armed
24 responders and unarmed individuals in the security
25 organization. The security force is actually considerably
28
1 larger than just the armed responders, and they could add
2 armed responders for tactical response without increasing
3 the total size just by converting some people to the unarmed
4 status who were responsible for other duties and moving them
5 basically out from behind a desk, if you'll use police
6 terms.
7 COMMISSIONER MERRIFIELD: I just wanted to get
8 that clarification, because I think there was some
9 misunderstanding that there was widespread hiring or firing
10 of the total number of security guards at the plant as a
11 result of the OSREs, and that was not the impression you
12 intended to leave.
13 MR. ROSANO: That's not the indication that we get
14 from the sites.
15 COMMISSIONER DICUS: But it does increase cost
16 because of increased training and equipment.
17 MR. ORRIK: Yes.
18 CHAIRMAN JACKSON: And I guess the real
19 terminology should be security personnel, because some are
20 armed and some are unarmed.
21 MR. ROSANO: Yes, that's true.
22 MR. COLLINS: That's correct.
23 MR. ROSANO: Okay. If I may, item number seven,
24 the NRC role during the tests -- throughout the first eight
25 years, seven years, of the OSRE, we were evaluating the
29
1 overall adequacy of licensee performance, and that was
2 designed specifically having to do with tactical response.
3 In the modified OSRE, we want to show the nexus
4 between their performance and their commitments. This is
5 what we've been discussing. During the modified OSRE, we
6 are examining their performance but also the level of their
7 commitments and whether it's adequate to carry out the
8 function.
9 Under the SPA task force recommendations, that
10 would be carried on.
11 We want to make sure that there is a clear nexus
12 to commitments, that performance must be linked to
13 commitments, and that's what we're judging and that's what
14 we're trying to examine during these visits.
15 That has to do with the commitments in the
16 security plan as far as guard force, as well as their
17 commitments, procedural commitments in terms of tactical
18 response and how they would deal with an attack and as far
19 as what they would do in terms of equipment modifications,
20 defensive positions, and so on.
21 Number eight is the use of the operational
22 solutions to sabotage scenarios, not that this is the first
23 time we've discussed it this morning, but operational
24 solutions were considered as part of the target sets in the
25 former OSRE, but it did not -- the OSRE itself, the drill,
30
1 did not assess their actions as mitigating factors.
2 As the drill would run, the operators weren't
3 there advising what steps they would take and what actions
4 they would use to mitigate the consequences.
5 In the pilot -- in the modified OSRE, we're going
6 to pilot the program using that. We're going to get more
7 and more involvement.
8 Just a reflection of what happened last week at
9 Watt's Bar, the operations people were in the room as we ran
10 table-tops and were at least peripheral observers during the
11 drills themselves, and they did take notes, and they
12 informed us later of how they intended to participate and
13 what they would have done.
14 What I want to do is to -- what we want to do is
15 to encourage more of that and not just have them in the room
16 and peripheral observers but to actually make them part of
17 the play of the table-tops in that -- so that we can run
18 time-lines that mesh both the actions of the security force
19 and the actions of operations, and the same time-line will
20 run through both, and we would be able to examine afterwards
21 -- as Mr. Collins says, we would do an operational
22 post-analysis after the visit to examine what would have
23 been the real effect of the operator's actions and how would
24 it have changed the result of the drill, and we can only do
25 that as we get more and more involvement by operations
31
1 people.
2 As a corollary to this, the NRC will be using more
3 operational expertise and individuals to examine this.
4 There will be more work between my group and the project
5 staff.
6 The resident inspectors have been asked to attend
7 these OSRE drills because they intimately know the
8 operations of the plant. They provide a very good source of
9 feedback when we try to develop target sets and table-top
10 drills.
11 The residents -- both of the residents of Watts
12 Bar were in attendance last week and provided a valuable
13 resource as far as that goes. So, we want to try to
14 incorporate more of our own talents in, as well as having
15 the licensee raise their level of involvement in ops.
16 MR. KANE: I would just like to reinforce that
17 this is the difference in this program that -- a major
18 difference in this program, that an evaluation of the
19 operational response, together with the security response,
20 may, as Mr. Collins indicated, be the basis for reducing
21 some of the commitments that are in the current plan. We
22 understand that and --
23 CHAIRMAN JACKSON: But you're going to let it play
24 out.
25 MR. KANE: But it needs to be played out. But I
32
1 mean that is one of the benefits I see of running it this
2 way, because you can see what you need to do in both
3 directions, not simply as a --
4 MR. COLLINS: Again, we're going to confirm we
5 maintain safety in this arena and we go into the other
6 output measures, including reducing unnecessary burden.
7 CHAIRMAN JACKSON: In looking at that, you're not
8 going to have -- you know, you have to obviously, then, look
9 at whether the operator's ability to take certain actions is
10 or is not compromised in a certain scenario for that plant.
11 Is that correct?
12 MR. KANE: That's correct.
13 CHAIRMAN JACKSON: Or the likelihood of it. You
14 did not talk about the SPA task force recommendation in that
15 area.
16 MR. ROSANO: Okay.
17 COMMISSIONER McGAFFIGAN: Madam Chairman, just a
18 clarification on that last point.
19 Have you gone back and looked -- since you didn't
20 involve operator action in the past, Mr. Orrik, in his
21 comments and in his DPO, has used statistics about the
22 number of failures to demonstrate they could protect against
23 radiological sabotage.
24 In the past, you assumed, if you got some plastic
25 explosive to position X, you'd have a problem. Is there any
33
1 attempt to look backward and see whether that 53 percent is
2 an accurate number?
3 I don't want you to do everything, because that
4 would be a waste of time, but looking at a few of them and
5 see whether, if operator action had been taken into account,
6 there wouldn't have been a problem?
7 MR. ROSANO: One of the tasks that the task force
8 is taking on is to look at the reports that have been
9 generated by past OSREs and to try to develop some analysis
10 -- operational analysis. The reports are fairly descriptive
11 and do provide a lot of detail and might allow us to do
12 that.
13 There is not a plan currently to revisit the sites
14 and do it by way of that, but the task force does plan to
15 look at the sites, especially those that had some findings,
16 whether significant or less than significant, and to use
17 those as a baseline to figure out whether there are some
18 issues that were not considered during the past OSREs that
19 we could look at and infuse in a backward-looking sense.
20 The task force will do that. That will also be
21 part of the task force's report at the end of this process.
22 COMMISSIONER MERRIFIELD: Madam Chairman, I had a
23 --
24 CHAIRMAN JACKSON: Yes, please.
25 COMMISSIONER MERRIFIELD: -- further clarifying
34
1 question on that same issue.
2 Commissioner McGaffigan mentioned that the
3 53-percent demonstration that could protect against
4 radiological sabotage -- I'm quoting from Mr. Orrik's draft
5 here, and then 47 percent demonstrated significant -- and
6 that's my emphasis -- significant security weaknesses in
7 their protection capability.
8 Mr. Rosano, is that analysis? Would you agree
9 with that characterization, 47 percent significant security
10 weaknesses?
11 MR. ROSANO: I do not, and the staff does not.
12 I've looked at the reports, and I've read the reports, and
13 as the findings are characterized in the reports, I've also
14 asked some of our regional inspectors to look at the
15 reports, and my findings were that there were significant
16 vulnerabilities and far fewer -- something in the 6 to 7
17 percent range.
18 I might point out that, in any case, all of the
19 vulnerabilities have been fixed, but the characterization of
20 significant findings, I disagree with, and I find it to be
21 much lower.
22 MR. ORRIK: May I define the -- the
23 characterization of significant was under the guidelines
24 that we were provided that, if an adversary force
25 realistically reached and sabotaged, simulating sabotaging a
35
1 critical target set, that was the criterion, and by that, we
2 had something like, in 27 plants, something like 40 total
3 times that occurred.
4 We did not look at operational impact. That was
5 not my charter. We looked at the security impact only, and
6 if the target set was reached, destroyed, that was it.
7 Now, some of the target sets -- and I can't go
8 further -- would inevitably have gone to a Part 100 release.
9 Some very likely would not have given operational,
10 mitigation, and prevention measures.
11 But as we indicated to the Commissioner, we did
12 not go back and look at that. It was not within our
13 charter.
14 Now, things change.
15 MR. COLLINS: Again, I certainly don't want to
16 speak for anyone on the staff.
17 We're evolving -- we're using terms that are
18 historical to characterize findings in a program to give it
19 significance that I believe the majority of the staff has
20 moved beyond, acknowledging that there are some shortcomings
21 in the way that we have conducted these exercises in the
22 past, on both sides.
23 I mean they didn't demonstrate some parts of the
24 capability; they didn't take credit for other parts of plant
25 systems and components.
36
1 The numbers are debateable. I'm not sure it's
2 appropriate to use these numbers as an indicator of where we
3 were as much as use them as an example of that program at
4 that point in time, and we're moving forward now to have
5 more realistic insights.
6 COMMISSIONER MERRIFIELD: The reason I point that
7 out, however, is from a public perception standpoint, the
8 use of a number of 47 percent having significant security
9 weaknesses leaves the public with an impression of a great
10 degree of seriousness, and so I want to -- Mr. Rosano,
11 you're saying, at least in your belief, taking an
12 independent analysis from staff's standpoint, that while Mr.
13 Orrik is using the definition that was required to be used,
14 that that 47-percent significant weaknesses isn't an
15 accurate reflection of the true seriousness?
16 MR. ROSANO: That is my conclusion and the
17 conclusion of some of the regional inspectors who helped me
18 with this review.
19 It was said in one of the public statements that
20 was signed out back in November, and that was, that the
21 figure, 47 percent, is perhaps misleading, because it
22 doesn't take into account factors like operational solutions
23 that were not considered in the old program and engineered
24 safety systems that were part of target analysis but not
25 part of the post analysis, and so, it's not a -- my opinion
37
1 is it does not have to do with Mr. Orrik's work, but it has
2 to do with the clarity of what we're saying to the public
3 and the fact that there are certain things in there that --
4 about those figures that are misleading, because it doesn't
5 account for other factors that we are currently engaged in
6 dealing with.
7 CHAIRMAN JACKSON: How are you all going to
8 integrate these pieces, the operator actions, the engineered
9 safety system? I don't get a sense of kind of a systematic
10 walk-through that's like the kind of accident sequence
11 precursor or, you know, core damage sequence that one runs
12 through if one is postulating accidents.
13 MR. KANE: I think the process would be one in
14 which we would continue to run the exercises as they have
15 been run, as we've described the recent exercises. You get
16 a measure of the security response.
17 You also have to run a post exercise table-top,
18 understanding the time-lines that exist with the security
19 response, also understand the time-lines that exist with an
20 operational response.
21 Understanding those two, then you can understand
22 the significance of the target sets, were they necessarily
23 the right ones? If they were breached in any way, did it
24 affect the outcome?
25 So, that's the process we would use to arrive at
38
1 an overall answer, one, measuring security performance, and
2 then, two, integrating the operational response to measure
3 overall performance of the exercise.
4 So, that would be, as I would envision it, as
5 we're planning to do a post-exercise table-top.
6 CHAIRMAN JACKSON: How do you fold engineered
7 safety systems into that?
8 MR. KANE: Well, being able to understand -- and
9 that's part of the operational response, be able to use
10 other systems that are available to mitigate the
11 consequences of whatever's taking place in front of them.
12 The operators are trained to respond to symptoms.
13 CHAIRMAN JACKSON: So, you're folding in a PRA
14 analysis?
15 MR. COLLINS: You're folding in in a couple of
16 arenas. One is in the target set, acknowledgement of
17 risk-informing the target set for the plant, and then -- I'm
18 not sure we've quite thought through the PRA in the back
19 end.
20 Bill, maybe you're advanced than I am, but if we
21 are, we can elaborate on that.
22 MR. KANE: Not at this point. I think that would
23 be principally used in understanding the target sets, also
24 understanding what equipment was available to be used to
25 mitigate the event.
39
1 CHAIRMAN JACKSON: Well, but in point of face, if
2 you really do a complete PRA analysis, it actually has in
3 it, you know, likely operator actions. It has in it, you
4 know, sequences or -- you know, accident sequences that can
5 go one way or another depending upon whether certain
6 equipment is compromised or not.
7 It starts out a certain way, depending upon the
8 initiating event, if some pipe is broken or whatever it is,
9 and it strikes me -- I don't understand how you can, you
10 know, fold in engineered safety systems unless you have some
11 ability to overlay that kind of analysis, whether it's post
12 or pre.
13 I mean you could do it in the post-sense of, you
14 know, what were the attack points and, you know, what did
15 you see happening, and then that actually informs your
16 accident sequence analysis, and so -- because you can't do
17 it in an ad hoc way, and so, I would just kind of admonish
18 you in that way, that you really need to take advantage of
19 the fact, if you're going to do this, that you do know how
20 to discuss, you know, what happens if in, you know, a
21 structured way.
22 I mean PRA is not just useful because of some
23 probabilities that you come out with but because of the
24 logic of thinking through what can actually happen if, and
25 so, it strikes me that -- I mean you need to get started,
40
1 but it strikes me that, if you're really going to have
2 something that works, that says this offsets this, you
3 really have to do it in a more sophisticated way --
4 MR. KANE: You're point's well taken.
5 CHAIRMAN JACKSON: -- than has been done
6 heretofore.
7 COMMISSIONER McGAFFIGAN: Madam Chairman?
8 CHAIRMAN JACKSON: Please.
9 COMMISSIONER McGAFFIGAN: I'm not trying to
10 complicated everybody's life, but --
11 CHAIRMAN JACKSON: I just did.
12 COMMISSIONER McGAFFIGAN: You did. Maybe I will,
13 too. But an obvious way to involve the operators would be
14 to stick operators, an operating crew in the simulator and
15 pretend the simulator is running the plant and have whatever
16 communication exists between the guard force and the
17 operations room, and you would know how that crew, at least,
18 would handle the specific emergency that's happening, but
19 that may be expensive.
20 Has any thought been given to just having the
21 simulator manned?
22 MR. KANE: Yes, we have given thought to that, and
23 at least in the OSREs that are -- that we're conducting here
24 between now and April, we certainly -- if somebody wanted to
25 do that, we could certainly evaluate it, but I think, at
41
1 this point, I think we want to understand through
2 post-exercise table-tops.
3 As I said, we're going to use these future OSREs
4 to learn, and perhaps, if someone wants to do that,
5 volunteers to do that, we would certainly be prepared to
6 accommodate it in our inspections, but I think we'd want to
7 -- we want to move slowly toward that.
8 CHAIRMAN JACKSON: Well, let me just reinforce,
9 because it isn't totally disconnected, and I'm not
10 necessarily pushing the use of the simulator, but you know,
11 if something -- X happens at a certain point in the plant,
12 then one could ask, you know, is that a kind of an initiator
13 that flips you over into some potential accident sequence?
14 If Y happens in a plant, does that affect, you
15 know, some mitigation capability, and there are
16 methodologies that we're using and that licensees are using
17 to be able to do this kind of structured analysis, and to
18 me, in order to have a system that makes sense, you really
19 have to fold the two together.
20 MR. COLLINS: I think it's inevitable, Chairman,
21 as you have discussed, that these exercises, should they
22 mature and have Commission support, will go in the direction
23 similarly to emergency preparedness exercises, which have
24 the attributes that you have mentioned and gain a type of
25 sophistication which involves the simulator, integrated
42
1 views, use of PRA for mitigating events. We just -- we have
2 to get to that point.
3 CHAIRMAN JACKSON: Okay.
4 COMMISSIONER McGAFFIGAN: Can I ask just a general
5 question about procedures at plants?
6 As I understand these exercises, they are, you
7 know, short, bloody, and violent, at least -- not much blood
8 gets spilled yet, but they would -- mock blood.
9 MR. COLLINS: They're rated R.
10 COMMISSIONER McGAFFIGAN: Maybe even X for the
11 gore.
12 But the -- is the standard operating procedure at
13 a plant -- it's never occurred -- mortal shells are going
14 off, small arms fire is being heard around the plant. Do
15 they scream it at that point? Is that in the standard
16 operating procedure at plants, to take that precaution if
17 they know they're under attack, there's a verified attack?
18 MR. COLLINS: That varies. I think perhaps that's
19 a good question for the licensees to answer. My experience
20 -- my direct experience would be as a result of the Three
21 Mile Island intrusion and the IIT that was conducted after
22 that.
23 GPU at that time chose to maintain the plant at
24 steady-state power.
25 They felt, given the potential location of the
43
1 intruder, the ability to affect the plant in those locations
2 could be detected by variables, process variables that could
3 be monitored in the control room, and we reviewed that as a
4 part of the IIT, and we determined that that was the
5 appropriate action under those circumstances, since a plant
6 could be shut down but it could be shut down in a more
7 controlled manner with people out into the plant, and they
8 did not want people out into the plant.
9 COMMISSIONER McGAFFIGAN: My question was, if one
10 of these simulated attacks is underway, with bullets flying
11 and God knows what else going off, at that point -- that
12 wasn't Three Mile Island. Three Mile Island was a guy
13 driving into the -- onto the island, which I guess might
14 have had a bomb on the truck or whatever, but my
15 understanding of these exercises is that you know you're
16 under attack, and so, if bullets are flying -- I'll ask the
17 next panel.
18 COMMISSIONER MERRIFIELD: Chairman, we need to be
19 very careful about the language we use here, and I'm not
20 going to admonish anyone, but -- because that's the
21 Chairman's purview.
22 [Laughter.]
23 COMMISSIONER MERRIFIELD: There was no bomb at
24 Three Mile Island.
25 COMMISSIONER McGAFFIGAN: I agree.
44
1 COMMISSIONER MERRIFIELD: Right. Just so that no
2 one in the audience is left with the idea --
3 CHAIRMAN JACKSON: This is a simulation.
4 COMMISSIONER McGAFFIGAN: It was a truck.
5 COMMISSIONER MERRIFIELD: Right. I don't know if
6 we want to get into that level of detail.
7 CHAIRMAN JACKSON: I don't think so.
8 COMMISSIONER MERRIFIELD: But there was no --
9 COMMISSIONER McGAFFIGAN: Right. I agree.
10 COMMISSIONER MERRIFIELD: Can you assure us that
11 there wasn't?
12 MR. KANE: Yes, I can confirm that there wasn't.
13 i was also involved with the front end of that, and it
14 wasn't really known until there was a sweep of the area just
15 who and how many people were involved. The decision was, as
16 I understand it, at the time, was that they had -- were
17 satisfied that all their vital areas were protected, and
18 that was the decision.
19 There was good communication between -- and that's
20 one of the things that has to happen. There has to be very
21 good communication between security and the control room.
22 In fact, it took place there, and that's another thing that
23 we test when we do these exercises, to make sure that the
24 communications are sound, so that operations, when it makes
25 a decision whether to scram the plant or not, understands
45
1 what's going on outside the control room. So, that's a very
2 important aspect.
3 MR. ROSANO: Okay.
4 Item number nine -- and I know, Chairman, you
5 asked that I had not completed task force recommendations on
6 eight, but I think we just discussed it. Is it enough?
7 Okay.
8 Number nine, then, the baseline inspection --
9 risk-informed baseline inspection program -- obviously, that
10 hasn't been part of the old OSRE and is now coming into
11 form, but -- because the program itself didn't exist, but
12 the SPA task force recommendations would be that the drills
13 and exercises to be conducted under the proposed new rule
14 will provide performance indicators, and they will be used
15 in informing the baseline inspection program.
16 They will be tied together and certainly be part
17 of that.
18 Item number 10 has to do with findings. The
19 results of OSREs before did not deal specifically with
20 compliance, they dealt with performance, and there were no
21 enforcement actions taken in former OSREs.
22 Under the guidance from the Office of the General
23 Counsel, in the new program, however, we will consider
24 whether actions are necessary by licensees to upgrade their
25 security based on findings of an OSRE, including
46
1 vulnerabilities, and this will be more formal in the new --
2 in the task force recommendations, that the findings would
3 be handled consistent with the new reactor oversight process
4 and the licensees will be required to take actions to
5 upgrade security.
6 CHAIRMAN JACKSON: So, does this mean there could
7 be enforcement or there could not be enforcement?
8 MR. ROSANO: Enforcement in terms of orders, if
9 orders are necessary, to require upgrades and that notices
10 of violation would still be issued if there was a compliance
11 issue involving what their commitments are.
12 CHAIRMAN JACKSON: So, it's a structured approach.
13 COMMISSIONER McGAFFIGAN: Madam Chairman, could
14 you explain, given what Mr. Orrik talks about, these
15 significant security weaknesses, why there was no
16 enforcement?
17 As I understand it from reading his DPO, it comes
18 down to whether 73.55(a) is enforceable in and of itself or
19 just (b) through (h) or whatever the other sections are, but
20 we -- as I understand it, under the current rule, it has
21 been our position that we're into this identifying
22 weaknesses and vulnerabilities which they then -- the
23 licensees correct, and to the public, there would be a
24 disconnect here.
25 MR. ROSANO: Going into this, I would like to say
47
1 that the licensees have corrected the vulnerabilities, even
2 though there haven't been enforcement actions taken, but to
3 answer your question, there -- for several years, for a
4 number of years, the staff acted on guidance from the Office
5 of General Counsel that, when a licensee submits a security
6 plan for approval, that security plan is submitted to comply
7 with sections (b) through (h) of 73.55, and when that plan
8 is approved, it -- basically, it follows a statement in
9 73.55(a) that says that the Commission may approve measures
10 other than those specified in this rule if they demonstrate
11 that they have the same high assurance that the overall
12 level of system performance provides protection against
13 sabotage, and so, the interpretation has been since the
14 early '80s that, when a licensee has an approved security
15 plan -- that is, that it was approved by the NRC -- then we,
16 in effect, said that you are doing all that we would expect
17 you to do to protect against the design basis threat, and if
18 a licensee complies with that security plan, then there is
19 not a compliance issue, and when the OSRE goes out to test
20 performances, to test it against the underpinnings of 73.55,
21 that is the design basis threat, and so, we have not taken
22 enforcement action in the past because it was not a
23 compliance issue.
24 MS. CYR: It's not a compliance issue with respect
25 to compliance with the security plan.
48
1 MR. ROSANO: Right.
2 MS. CYR: There's still the underlying performance
3 objective of 73.55(a). That's still in there, basically,
4 and that's really what the OSRE was testing against, but the
5 focus from an enforcement stand would have been on the plan,
6 not really on compliance with the overall performance
7 objective.
8 I mean our view is you can, you have been able to,
9 you could have been able to, you are able now to take action
10 to ensure conformance with the performance objective, but
11 the enforcement focus in the past has been on the plan, that
12 if they -- if the staff had approved a plan that met (b)
13 through (h), either following (b) through (h) or some
14 equivalent level of protection with respect to those
15 requirements, that that meant that the plant itself had been
16 approved, and I think this is what the staff has talked
17 about before.
18 We've not always gone back and, in a sense,
19 reconfirmed the connection between the plan and the overall
20 performance objective.
21 CHAIRMAN JACKSON: Right. It says, to achieve
22 this general performance objective, the on-site physical
23 protection system and security organization must include but
24 not necessarily be limited to the capabilities to meet the
25 specific requirements contained in paragraph (b) through (h)
49
1 of this section, and so, the -- and so on and so on.
2 Okay. Why don't you go on?
3 MR. COLLINS: Again, Chairman, you know, we're
4 looking at those words carefully as a result of the
5 longer-range plans to be sure that they're clear, and they
6 put the onus and the obligation for the linkage between
7 demonstration and the commitment in the plan in the right
8 place, and we believe that's in the licensee's purview,
9 similar to other programs, and then there's a demonstration
10 and we monitor that.
11 CHAIRMAN JACKSON: That's performance-based.
12 MR. COLLINS: Right.
13 CHAIRMAN JACKSON: Uh-huh.
14 MR. ROSANO: Okay.
15 The last slide is something of a summary of what
16 we've been discussing, and you notice it refers to the
17 modified program for the last 11 OSREs. There are only 10
18 remaining, but we're using this modified program for all of
19 the 11, including last week's visit to Watts Bar.
20 We're going to continue to establish target sets,
21 and in fact, I might point out that, by the end of the first
22 full cycle of OSRE, we will have target sets in the book, so
23 to speak, on all of the sites, a useful resource for future
24 conduct of performance assessment in any case.
25 We're going to run exercises in accordance with
50
1 the security plan plus new commitments. The licensees may
2 commit -- may change their commitments, raising the number
3 of responders or perhaps by, after an operational analysis,
4 lowering them, but the new program will be run according to
5 the new commitments.
6 We'll assess for security performance --
7 CHAIRMAN JACKSON: I guess the real thing is it's
8 according to the commitments that exist.
9 MR. ROSANO: That's true, yes, ma'am.
10 CHAIRMAN JACKSON: Whether they have been additive
11 or whether it's what's existed heretofore if there has been
12 no change.
13 MR. ROSANO: We will hold them to the security
14 plan, whatever it is at the time we arrive at the site.
15 Assess the security performance and conduct an
16 on-site preliminary exist and summarize the findings --
17 without going into painful detail, there will be some
18 findings that will suggest vulnerabilities that need to be
19 looked at more carefully afterwards by the licensee and by
20 the NRC, which leads to the next point, that we're going to
21 do a post-exercise analysis.
22 That's precisely why we want the site exist to be
23 a preliminary exit, so that we have more of an opportunity
24 to examine what actions might have changed the result if
25 it's been considered longer, and we will use operational
51
1 engineering components in the assessment of damage relative
2 to the potential for Part 100 release.
3 Finally, we'll conduct a final exit detailing
4 findings from post-exercise analysis.
5 The final exit is proposed to be within two to
6 four weeks after the site visit, probably perhaps two weeks
7 for sites where there don't appear to be any significant
8 findings that require post analysis and four weeks where
9 there might be more analysis necessary, and that would be to
10 give the staff as well as the licensee an opportunity to
11 spend some time examining this.
12 CHAIRMAN JACKSON: Is there clarity with respect
13 to the use of deadly force by security guards?
14 MR. ROSANO: The information notice that is on the
15 books currently was written in 1989, and I believe, at this
16 point, that that information notice is not clear, and we
17 intend to revise that information notice.
18 It will take one of two paths. We are, as you are
19 aware, engaged in an issue involving getting deadly force
20 authority for Part 50 licensees included in the legislative
21 package that's going forward.
22 If we do join that legislation for part 50
23 licensees, we would rewrite the information notice to
24 properly characterize that in accordance with the new
25 legislation.
52
1 If Part 50 licensees are not included in that
2 legislation, we would still rewrite the information notice,
3 but we would write it in a different way, and it would
4 reflect what is, in fact, the true authority and not as it
5 is currently stated in that information notice.
6 COMMISSIONER McGAFFIGAN: Could you explain what's
7 currently in the information notice?
8 MR. ROSANO: The information notice suggests that
9 the NRC interprets its regulations to mean that guards can
10 use deadly force in protection of plant, property, or other
11 systems.
12 That is not consistent with state laws to the
13 contrary, and there is currently no Federal authority on the
14 books to grant employees of Part 50 licensees to use deadly
15 force.
16 CHAIRMAN JACKSON: That's why it's in the
17 legislation.
18 MR. TRAVERS: I think it's clear they have that
19 authority as it relates to protecting themselves or people
20 at the plant, but the question becomes do they have the
21 authority in connection with protecting plant systems.
22 MR. ROSANO: The states traditionally allow the
23 use of deadly force only to protect persons, not property,
24 and so, absent interdiction so that you put yourself in the
25 path of the bullets, guards are not allowed to use deadly
53
1 force to protect the plant.
2 COMMISSIONER MERRIFIELD: In some states, that's
3 not the case.
4 COMMISSIONER McGAFFIGAN: I know it was in our
5 legislative package the last Congress.
6 MS. CYR: It has not been in our legislative
7 package with respect to Part 50 licensees, only with respect
8 to formula quantity, to make it equivalent with DOE
9 facilities. That has been our proposal.
10 COMMISSIONER McGAFFIGAN: That's been the proposal
11 in the past?
12 MS. CYR: Right.
13 COMMISSIONER McGAFFIGAN: And we didn't realize we
14 had this hole?
15 MS. CYR: No.
16 COMMISSIONER McGAFFIGAN: I was just going to ask
17 -- I mean I thought the appropriations committees have taken
18 care of this issue in the interim for the gaseous diffusion
19 plants, and I'm sure they would have done it for the Part 50
20 plants without waiting for authorization legislation if they
21 knew that this was an issue.
22 CHAIRMAN JACKSON: Mr. Orrik, would you care to
23 make a few comments?
24 MR. ORRIK: Yes.
25 CHAIRMAN JACKSON: Could you try to limit it to
54
1 about five minutes?
2 MR. ORRIK: We're here for three reasons,
3 essentially.
4 Terrorism exists. Second point, OSRE is the only
5 performance testing of the anti-terrorist capability of
6 nuclear power plants and that the industry record, even with
7 six to 10 months advanced notice of all of our evaluations
8 still had a track record of, we could say, 53 percent
9 passing, with 47 percent of the plants had -- still had
10 significant security weaknesses in their ability to protect.
11 As I mentioned, in over 40 exercises, terrorists
12 -- mock terrorists realistically reached and simulated
13 sabotaging equipment.
14 Now, we did not consider operation. That was not
15 within our purview. In fact, it was restricted. We were
16 restricted from doing that.
17 Some plants had to use -- spend an awful lot of
18 money to get ready for an OSRE. I would point out that was
19 their decision. We have never made recommendations. All we
20 did was evaluate what they had.
21 The criteria, everything we've used has been the
22 same, and we have not changed the design basis threat. The
23 truck bomb does not come within our purview. That's handled
24 differently.
25 We still have terrorists making overt attack
55
1 against the plant, and I would point out that we have never
2 used the entire design basis threat.
3 CHAIRMAN JACKSON: Why don't you not discuss any
4 details of the design basic threat.
5 MR. ORRIK: Yes, ma'am.
6 But I have come to two conclusions as a result of
7 all of this.
8 One is that, since nuclear plants are an integral
9 part of the American infrastructure and radiological
10 sabotage could cause rather drastic results, that there is a
11 need for an anti-terrorism capability, physical protection
12 capability at nuclear power plants.
13 Secondly, I think, given the increasing pressure
14 to cut costs, including security costs, and the -- as I
15 mentioned, the previous track record of the industry, that
16 there is a need for NRC presence to provide a countervailing
17 pressure against the pressures to reduce costs and make them
18 competitive, redo security. They are, after all, a
19 business.
20 I would, however, like to state something that I
21 think will please the Chairman, the Commissioners.
22 Last year, I objected to NRC staff's decision with
23 respect to NRC's role in performance assessment of nuclear
24 power plants. This year, I have seen the proposed -- SPA
25 task force proposals which you have been -- you have just
56
1 received, and I have seen the proposed baseline inspection
2 program.
3 They are reasonable and responsible. I am
4 encourage by what I see NRC now preparing to do in the
5 future.
6 I would, however, have this cautionary note. The
7 proof of the pudding is in the eating. NRC's commitment to
8 anti-terrorism capabilities will be in the approval and
9 execution of these proposals.
10 So, the ball essentially is still in NRC's court,
11 but I must say that I am very encouraged and am on-board
12 with the efforts being taken by NRC staff.
13 CHAIRMAN JACKSON: Thank you.
14 Commissioner Dicus, any further comments or
15 questions?
16 COMMISSIONER DICUS: A comment and a couple of
17 questions.
18 You made the statement that, when you go out prior
19 to an OSRE and you find vulnerabilities, you call those to
20 the attention to the licensee, but they don't have to do
21 anything about it.
22 But I would caution you, because once we point out
23 vulnerability, they tend to take that as a requirement and
24 are going to do something about, even thought it's not
25 officially transmitted as a requirement. So, I would
57
1 caution that statement.
2 I would also caution, in light of the perhaps
3 changes that you made in the OSRE and these that are going
4 to be done, the 10 remaining ones -- and probably, for most
5 of these, you may have already gone out and looked at
6 vulnerabilities, but for any that you haven't and for future
7 reference, that as we go to risk-informing this activity, if
8 that's what we wind up doing, really evaluate
9 vulnerabilities against the Part 100 release and not against
10 any other criteria, if that's what -- the criteria that
11 we're going to use. That may change the vulnerability a
12 great deal.
13 Now a couple of questions.
14 One of them has to do -- since the OSRE started,
15 what, in 1992 -- and I noticed in your comments you say
16 toward the end we bring in experts experienced in armed
17 defense who provide continuity between OSRE evaluations, but
18 for plants that had OSREs that did theirs in, say, '92 or
19 '93, '94, to the ones that are doing them now, has there
20 been creep? Have we really started requiring more?
21 MR. ORRIK: No, ma'am.
22 COMMISSIONER DICUS: So, it has been constant.
23 MR. ORRIK: Yes, ma'am.
24 COMMISSIONER DICUS: You're comfortable with that.
25 MR. ORRIK: I've been on 56 of the 58 OSREs, and
58
1 there's been no creep. We've used the same criteria, same
2 schedule of events.
3 There has been creep in one sense, in that the
4 licensees have been much more inventive in defining their --
5 building their defenses, but again, that's their doing.
6 COMMISSIONER DICUS: But maybe -- well, I'm going
7 to ask that question of the licensees, too.
8 MR. COLLINS: Commissioner Dicus, I believe
9 there's been creep.
10 COMMISSIONER DICUS: I think there has been, too.
11 MR. COLLINS: I think there's a difference.
12 Having been in two regions, being a senior resident, a
13 resident, supervising inspectors, there's a difference
14 between saying our regulations haven't changed and how
15 licensees response to our review initiatives.
16 Clearly, in these areas, licensees try to get
17 ahead of the reviews, of the OSRE reviews. They learn from
18 past OSREs. They gather the best attributes of each past
19 plant.
20 They hire consultants to provide for
21 pre-screening, pre-OSRE exercises that bring these
22 attributes to licensees as a methodology of passing an OSRE.
23 There is a area here that has to do with public
24 confidence, and again, I won't profess to speak to
25 licensees, but there is an impact of licensees not passing
59
1 an OSRE, although it may not be a regulatory impact, it's a
2 public confidence issue.
3 COMMISSIONER DICUS: Uh-huh.
4 MR. COLLINS: So, for a lot of reasons, licensees
5 go to extensive means to pass the OSRE.
6 Now, that's different than saying our requirements
7 have changed. So, there's a couple of answers to that
8 question.
9 I think the industry can speak better to that.
10 COMMISSIONER DICUS: Okay.
11 One final question.
12 In order for a licensee to exercise their security
13 plan, to meet whatever challenge there is, I'd like some
14 feedback as to whether or not any of you believe it's really
15 necessary for the licensee to interdict an intruder, or
16 would it be sufficient if the licensee is simply able to
17 detect, to deter, and then delay, particularly taking into
18 account operational responses.
19 MR. ROSANO: I believe that the detection and
20 deterrence -- I'm not sure the delay would be sufficient
21 unless the delay was long enough to provide back-up forces
22 to arrive at LLEA or to take over the situation, but I do
23 think that it would be sufficient for a licensee to
24 demonstrate that they could protect the target sets from
25 damage, and that doesn't necessarily mean terminating the
60
1 attackers, but it simply means that if a licensee could
2 demonstrate that they could fall back to positions or they
3 can ensure protection of the target sets and it wouldn't
4 matter if the attackers were still able to create industrial
5 sabotage or other damage, they would have satisfied their
6 goal.
7 CHAIRMAN JACKSON: Actually, don't you have to be
8 careful in answering her question?
9 MR. ROSANO: I was trying to be.
10 CHAIRMAN JACKSON: Well, but not careful enough.
11 MR. ROSANO: Yes, ma'am.
12 CHAIRMAN JACKSON: Because if you're going down
13 the line of looking at operator actions and operational
14 safeguards, then you have to say that you do this all in
15 analysis, and that's what they have to demonstrate.
16 You talked about the Part 100 limits, etcetera,
17 etcetera. So, if you're going to the analysis that includes
18 operator actions, engineered safeguard systems, and then an
19 ability to keep you from having an event that would exceed
20 Part 100 limits, that the real answer to her question.
21 So, you don't want to ad hoc it when you've
22 already kind of laid out a structured approach here to the
23 Commission.
24 MR. ROSANO: I agree with your answer to her
25 question, but --
61
1 [Laughter.]
2 MR. ROSANO: But I might add that I didn't think
3 that my answer was inconsistent, because we agree that, if
4 the licensee can demonstrate through engineered safeguards
5 or operational response or fall-back positions, that they
6 can protect the target sets, then they've satisfied it.
7 CHAIRMAN JACKSON: And the target sets, by
8 definition, are those that, if compromised, would lead to a
9 potential --
10 MR. ROSANO: Yes.
11 CHAIRMAN JACKSON: It could lead to releases in
12 excess of --
13 MR. ROSANO: Yes, ma'am.
14 CHAIRMAN JACKSON: -- Part 100.
15 It would be very good to kind of talk that way, to
16 be consistent.
17 MR. ROSANO: Yes, ma'am.
18 CHAIRMAN JACKSON: There may be media people or
19 whatever, members of the public -- it would be very nice to
20 just keep talking --
21 MR. ROSANO: Point well taken. And again, they're
22 all fixed. All the weaknesses have been fixed.
23 CHAIRMAN JACKSON: I'm sorry.
24 COMMISSIONER DICUS: No, that's fine. That was a
25 clarification. I was thinking you've got to add one more
62
1 statement to the answer, and I gave you -- when I asked the
2 question, would it lead to Part 100 release?
3 Anyway -- and finally, I guess, just a comment.
4 I'm still troubled by the amount of fortification that we do
5 have at our nuclear power plants as compared to what you may
6 find at a chemical or industrial facility, troublesome to
7 me.
8 CHAIRMAN JACKSON: Commissioner Diaz.
9 COMMISSIONER DIAZ: I have no questions.
10 CHAIRMAN JACKSON: Commissioner McGaffigan.
11 COMMISSIONER McGAFFIGAN: I have several, so let
12 me get at it.
13 The rule that you're talking about developing --
14 and apparently there's agreement on -- what is the
15 time-frame for developing that rule, the new rule?
16 MR. ROSANO: Our goal would be to have the new
17 rule written in -- as a proposed rule within six months
18 after getting permission from the Commission to move forward
19 on it.
20 COMMISSIONER McGAFFIGAN: Okay.
21 Are there back-fit issues, potentially, in this
22 rule?
23 MR. ROSANO: I think the back-fit issues have to
24 be considered. We would be issuing a new requirement --
25 that is, a requirement to conduct drills, and so, it's
63
1 clearly a back-fit, because it's a new requirement.
2 MR. KANE: And evaluations.
3 CHAIRMAN JACKSON: The evaluation is part of
4 developing the rule.
5 COMMISSIONER McGAFFIGAN: Will CRGR look at this
6 rule before -- we've had some issues in recent months where
7 CRGR has looked at things late -- operator licensing was an
8 example -- and had problems at the final rule stage that
9 probably should have been clear at the proposed rule stage.
10 Will part of the process of developing this rule in the next
11 six months involve CRGR review?
12 MR. KANE: Yes.
13 COMMISSIONER McGAFFIGAN: Okay.
14 Have you looked at the issue of graduated
15 responses? At the reg info conference, it was pointed out
16 that we essentially require these folks to be able to
17 instantaneously deal with the design basis threat 24 hours a
18 day, 365 days a year, and the military doesn't do that.
19 They're not -- no other industrial institution
20 does that, and I don't know quite how to -- you know, I
21 don't want to get into design basis threat, but the issue of
22 not having everybody at the highest security level all the
23 time -- how do you intend to deal with that?
24 CHAIRMAN JACKSON: TBD, right?
25 MR. KANE: TBD is the correct answer, but I think
64
1 it is a good point, and I think that's something we need to
2 examine to see if there needs to be a graded approach to our
3 response. You know, whether it can be done, I don't know,
4 but I think it needs to be explored.
5 MR. COLLINS: I think that question and
6 Commissioner Dicus' last comment on the comparison has to do
7 with the arena of the design basis threat, which is out of
8 the staff's control.
9 Commissioner McGaffigan, you're dealing
10 essentially with a probability issue.
11 COMMISSIONER McGAFFIGAN: Right.
12 MR. COLLINS: Right now, the assumption is a
13 probability of one. Therefore, thou shalt always be ready.
14 COMMISSIONER McGAFFIGAN: I'm happy to hear Mr.
15 Orrik's comment.
16 MR. ORRIK: Yes, sir.
17 In 1978, the NRC made an operating assumption,
18 which was -- that is unclassified -- was that there would be
19 no warning, advance warning, and every person that I've
20 spoken to since then, I believe, reaffirms that the
21 terrorism, almost by definition, there would be no warning,
22 and that's the basis on which we have been assuming, but of
23 course, that's within the NMSS purview.
24 MR. ROSANO: May I add that Liz Teneyck is here in
25 the room, the director of safeguards in NMSS, and I know
65
1 that she has a lot of background on it.
2 COMMISSIONER McGAFFIGAN: If I'm getting into
3 dangerous space, I'll just leave the comment. I think it's
4 out there, and I do think it's -- you know, assuming a
5 threat all the time is not what -- a significant threat, you
6 know --
7 CHAIRMAN JACKSON: Well, I think the real point is
8 that, as he said, in 1978, the Commission made a decision
9 from an operational point of view. Having discussions with
10 Liz and her people theoretically could lead the Commission
11 to make a different operational assumption, and that's
12 something that the Commission needs to look at if it wants
13 to do that.
14 COMMISSIONER McGAFFIGAN: Let me ask Mr. Orrik --
15 I take your testimony today or your briefing remarks today
16 to essentially say your DPO of February has been resolved to
17 your satisfaction, that -- you know, we had a letter -- I
18 think we just recently answered it -- from Congressman
19 Markey about it, but you raised concerns in your DPO with
20 regard to two of the recommendations and had an alternative,
21 and should I regard your remarks today to mean that you're
22 essentially -- you said you're on-board. Does that mean
23 your DPO -- maybe it isn't formally resolved, but it is
24 resolved in your mind?
25 MR. ORRIK: Yes, sir. Actually, of course, I did
66
1 put the caveat that it has to be executed.
2 COMMISSIONER McGAFFIGAN: Okay.
3 MR. ORRIK: But yes. The answer to your question
4 is yes.
5 MR. COLLINS: Commissioner McGaffigan, if I can
6 just take the liberty here, because I believe there's a
7 point that needs to be clarified based on the statement --
8 and David, you can choose to think about this if you don't
9 want to answer it at the table.
10 The message here appears to indicate that there's
11 a need for NRC direct involvement, if I read your -- NRC to
12 ensure this capability to provide countervailing pressure.
13 Our program may not require NRC direct
14 involvement. It may set the standards, codify the
15 regulations, and allow licensees on their own to conduct
16 drills and exercises and conduct their own reviews that we
17 may or may not confirm in evaluation.
18 CHAIRMAN JACKSON: But you did talk about having
19 resident inspectors at the quarterly drills. You talked
20 about, in the risk-informed baseline inspection program,
21 having regional inspections based on what you find out
22 relative to those drills, unless I misunderstood something.
23 MR. COLLINS: That is the original approach.
24 CHAIRMAN JACKSON: Right.
25 MR. COLLINS: But based on lessons learned and on
67
1 individual licensee performance, we may not, in the future,
2 have that direct monitoring of every drill and every
3 exercise.
4 CHAIRMAN JACKSON: I understand that, but there
5 must be some periodicity that you intend to maintain.
6 MR. COLLINS: Yes.
7 CHAIRMAN JACKSON: And that could be the
8 countervailing pressure. I mean it doesn't mean that you
9 look at it one time and you don't come back for 20 years.
10 MR. COLLINS: True. Not 20 years.
11 CHAIRMAN JACKSON: Well, I mean you have to decide
12 for the proposed periodicity --
13 MR. COLLINS: What the proposed interval is,
14 that's right.
15 CHAIRMAN JACKSON: -- and the Commission has to
16 agree that it thinks that is, you know, prudent, and then
17 that is what it is.
18 MR. COLLINS: Well, I think the staff -- the staff
19 may not ask unless the Commission directs on what that exact
20 interval is as far as NRC oversight.
21 Certainly, the licensees would have to demonstrate
22 capability, but like any inspection program, the periocity
23 of the review of that capability is really a staff
24 discretion based on licensee performance, resources, and the
25 Commission reserves the right to --
68
1 CHAIRMAN JACKSON: Well, I think you need to
2 clarify how you posit it in a risk-informed baseline
3 inspection.
4 If you're talking about using performance
5 indicators and having that inform a risk-informed baseline
6 inspection program at whatever periodicity, you know, that
7 may be, then you need to be clear about that, so that you're
8 not putting the Commission in the position where it,
9 quote/unquote, is "de facto" saying, well, you look at it
10 one time and you don't look at for 20 years.
11 MR. COLLINS: I understand that point.
12 COMMISSIONER McGAFFIGAN: Presumably, there would
13 be a performance indicator for the quarterly exercise that
14 you'd develop with -- that would go into the baseline
15 inspection program that isn't there at the moment if this
16 rule change goes into effect.
17 MR. COLLINS: That's correct.
18 MR. KANE: It would be somewhat parallel to what
19 you see under emergency preparedness.
20 COMMISSIONER McGAFFIGAN: Not to totally destroy
21 your next six months, but you're going to go to CRGR during
22 this period.
23 The guidance document strikes me that -- your
24 recommendation two -- industry is going to be very
25 interested in what this guidance document looks like,
69
1 because there's going to be a lot of stuff in the guidance
2 document that is not going to be in the rule and will help
3 people understand the intent of the rule.
4 When does the guidance document catch up with the
5 proposed rule? Is it there with the proposed rule in your
6 minds, or is it catch up by the final rule, or what is the
7 current plan?
8 MR. ROSANO: My plan is that it would be available
9 with the proposed rule.
10 COMMISSIONER McGAFFIGAN: Good answer.
11 MR. ROSANO: The guidance document but not
12 necessarily the inspection procedure and the training.
13 Those would come later. But I think that the rule and the
14 reg guide, if it's a reg guide, go hand in hand.
15 COMMISSIONER McGAFFIGAN: The last couple comments
16 -- I'm just going to agree with Commissioner Dicus.
17 I mean the thing that we hear from some folks and
18 I resonate with -- our European colleagues point out to us
19 that our security requirements are far higher than theirs,
20 and they live in a pretty significant threat environment.
21 The Brits had to worry about the IRA for -- at
22 least since 1969, and the IRA had some pretty significant
23 capabilities. There's terrorism on the continent.
24 Our chemical plants -- you can kill an awful lot
25 of people by blowing up a chemical plant, oftentimes right
70
1 next to an interstate -- are very soft targets, and I think
2 Part 73 itself is a pretty good deterrent.
3 When you read the list of weaponry that you guys
4 require these guys to have at the sites, if I'm choosing
5 between, you know, various places, there's a pretty good
6 deterrent in just reading the words, hopefully fully
7 implemented in the security plans.
8 So, there's this disconnect, and certainly, we
9 need to protect these plants, but when European regulators
10 come in and say, wow, I was just at Palo Verde and I asked
11 them how many guards they had and they had 160 -- you know,
12 that's their total force or something, and it's three big
13 reactors, and they're not all on duty. That's to get a duty
14 force that's much smaller. And they say, well, you know, at
15 our typical plant, we'll have one guard at the gate or
16 something.
17 How do we -- you know, without getting into the
18 design basis threat, how do we justify the enormous
19 disparity between what we require and what the chemical
20 industry requires or what our European and Japanese
21 colleagues require?
22 MR. COLLINS: Do you want to get to that without
23 getting too close to the design basis threat?
24 MR. ROSANO: I can do it without getting close to
25 design basis threat. I'm afraid of getting close to
71
1 something that might be more dangerous.
2 My response to that would be, actually, twofold.
3 I, quite frankly -- this is my opinion. I can't
4 account for what the European power plants do, and I'm not
5 responsible for what they do. I might say that -- having
6 said that, that I don't necessarily agree that what they
7 provide in terms of security.
8 But I would also like to point out that the
9 Federal Government right now and in a lot of different
10 arenas is raising its security consciousness, is increasing
11 security, preparing more for possible terrorist attacks, and
12 I think that other areas, other industries may be coming up
13 to our level, rather than us going down to theirs.
14 COMMISSIONER McGAFFIGAN: I think that's
15 impossible.
16 MR. KANE: But it's impossible to really answer
17 your question without going into first principles and
18 comparing what you're protecting against, and then that gets
19 into something I'd rather not talk about.
20 COMMISSIONER McGAFFIGAN: Again, Mr. Orrik, if you
21 want to --
22 MR. ORRIK: Yes, sir. We've had numerous
23 countries observe the OSREs or regional assist
24 demonstrations that we conduct at United States plants, and
25 to the best of my knowledge, there are six countries now
72
1 that are copying part or all of the OSRE regional assist
2 program, including Germany, Japan, Russia, Ukraine,
3 Kosokslov -- I've forgot what the sixth was.
4 COMMISSIONER McGAFFIGAN: So, they're copying
5 parts of what we're doing now. So, it can't be all bad.
6 The final issue again goes to a point that
7 Commissioner Dicus made.
8 The notion in these plants, as we arm them, as we
9 weld doors shut in order to, you know, defeat folks and all
10 that, have additional aim points and additional equipment in
11 various places, you end up with a trade-off between security
12 and safety, and I guess it's probably for the next panel,
13 but do the security forces within the plan rule supreme, and
14 if they say a door has to be welded shut, it gets welded
15 shut, or do you guys -- are you guys confident that people
16 think about the safety implications of potentially going and
17 adding a new security bell and whistle?
18 MR. ROSANO: Not only do the licensees on their --
19 at their own level talk through -- you know, talk with ops
20 and security when changes are suggested, but we, when we go
21 to the plants, in the OSRE visits, have safety safeguards
22 interviews to get a better understanding of what is the
23 impact of security measures on employee safety in the plant,
24 and that's part of the licensee's program, it's also part of
25 our program.
73
1 COMMISSIONER McGAFFIGAN: As I understand it,
2 people are concerned about, you know, just getting to places
3 in the plant.
4 CHAIRMAN JACKSON: Well, in point of fact, that is
5 why this all-in analysis turns out to be important, because
6 if, in fact, you're looking at operator actions, engineered
7 safety systems, etcetera, etcetera, etcetera, that forces
8 you into the land of safety as well as safeguards, and
9 that's why, moving down that kind of path, because you will
10 automatically understand some of those trade-offs, and
11 that's why I was pressing the issue that that kind of
12 analysis has to be done at a sophisticated enough level to
13 allow you to be able to look at this kind of thing.
14 MR. COLLINS: Commissioner McGaffigan, I think
15 there's two aspects. We touched on them both.
16 One was the actual aspect of being able to
17 demonstrate to a plant review committee for a modification
18 that safety isn't impacted, which is one threshold.
19 There's the other impact of are we working in a
20 production facility or are we working in an armed camp, and
21 that's the intangibles, the hygiene issues, if you will,
22 that impact individuals just because of what you see and
23 where they are.
24 The previous question that was answered by Mr.
25 Orrik -- I think we have to be careful when we use foreign
74
1 countries as an example. Many countries look to the NRC to
2 set the standard, and they adopt the NRC's criteria, lacking
3 any other criteria.
4 Additionally, I believe we have to be careful when
5 we are dealing with very focused arenas where security, NRC
6 to security, licensee -- there can be a tendency there to
7 have coexisting goals, and there needs to be some outside
8 tension there that screens those initiatives in a wider
9 picture, and that's where the operations and the engineering
10 come in to provide for that balance. In the past we haven't
11 had that.
12 CHAIRMAN JACKSON: And the wider picture, also, is
13 -- has to do with a sort of stand-by degree of security out
14 on the streets, per se, in different countries, and they are
15 different, and they aren't always obvious, but they are
16 different.
17 COMMISSIONER McGAFFIGAN: I think I've run through
18 my series of questions.
19 CHAIRMAN JACKSON: Commissioner Merrifield.
20 COMMISSIONER MERRIFIELD: Thank you.
21 Two brief questions, and then I want to make a
22 couple of comments.
23 In Mr. Orrik's written comments, there's a
24 statement -- I'm directing this to Mr. Rosano -- the OSRE
25 was -- is the only NRC performance inspection and evaluation
75
1 effort of licensees' capability to protect against
2 terrorism.
3 Is that correct? Is this the only element that we
4 have?
5 MR. ROSANO: It's the only element we have for
6 testing the performance. I don't find it to be the only
7 element we have for inspecting -- that's one of the words in
8 there -- because we have an inspection program that deals
9 specifically with security plan commitments, but licensees
10 also have auditing programs, and they have their own
11 internal inspections.
12 There are actually a number of components in the
13 NRC program to look at what the licensees do in terms of
14 fulfilling their responsibilities in security. The OSRE or,
15 in a larger sense, performance assessment, is the way that
16 we look at their capabilities with respect to responding to
17 attack, but only that portion of it.
18 COMMISSIONER MERRIFIELD: All right. But it's a
19 portion of a much larger program that we have.
20 MR. ROSANO: Yes, sir.
21 COMMISSIONER MERRIFIELD: Okay.
22 Mr. Orrik, there was -- in addition to your DPO,
23 there was also a DPV that was provided to us on August 21st
24 from Mr. Thomas Dexter, Mr. Dennis Schaefer, and Mr. Bruce
25 Earnest, all of whom are physical security specialists in
76
1 Region IV.
2 Have you had an opportunity to talk to them, and
3 do they share your view and encouragement by the
4 recommendations of the task force that they are reasonable
5 and responsible?
6 MR. ORRIK: I can speak for one of them,
7 certainly, Mr. Dexter, who's participating in this task
8 force, and he's, in fact, very substantially involved in
9 running the baseline inspections, and to clarify a previous
10 comment, yes, I understand that the SPA task force
11 requirements -- or recommendations, pardon me -- and the
12 baseline inspection recommendations include a very definite
13 NRC periodicity of inspection.
14 It would be regionalized versus the way it is done
15 by headquarters now, but it does involve an NRC presence,
16 which I feel strongly is required until such time as the
17 Commission determines that the industry can do it by
18 themselves. But I think we haven't reached that time yet.
19 COMMISSIONER MERRIFIELD: That goes to one of the
20 comments I want to make, and I guess this goes to Sam. I
21 think, along the lines of the Chairman, I do believe
22 probably it would be in all of our benefit to make sure that
23 the Commission has an opportunity to closely review the
24 recommendations for periodicity.
25 The issues of terrorism and threat to these plants
77
1 is, from a public perception standpoint, an important one,
2 and I think the higher degree of Commission involvement in
3 assisting you in that regard, I think, would probably be in
4 the benefit of all of us.
5 I also want to agree with Commissioner Dicus. I
6 have visited a number of plants recently.
7 I have some concerns about whether we perhaps may
8 be going overboard, but certainly, as we continue to go
9 through the process of evaluating this program and accepting
10 the recommendations of Safeguards Performance Assessment
11 task force, I think we can continue to evaluate that and
12 move forward.
13 The last thing I'd want to say is a few
14 compliments.
15 One of them -- the Chairman -- her decision to
16 re-implement the OSRE program based on the information
17 provided in Mr. Orrik's DPU and for other reasons -- I
18 supported it at the time. I think it was the right thing to
19 do.
20 I would also compliment Mr. Orrik. I have to say,
21 although there are parts of your DPO I disagree with and, I
22 think, may lead some in the public -- I think left the
23 public with a far greater concern about where we are at the
24 NRC, I think the activities you took in the DPO and the
25 fellow staffers in their DPV to raise this issue to the
78
1 Commission was -- you know, is an important part of our
2 program.
3 I think it is important for our staff to
4 understand that we as a Commission do respond to these, and
5 I think the activities of the Safeguards Performance
6 Assessment task force have been very positive. I think all
7 the staff should be complimented for working together and
8 working through this and coming up with a program that seems
9 to have some merit.
10 We'll get some other views on the next panel, but
11 I think, you know, we shouldn't leave it -- you know, this
12 is an important part of our process. We certainly do want
13 to hear what our staff has to say, and I certainly
14 appreciate the fact that you've brought those comments
15 forward.
16 CHAIRMAN JACKSON: Thank you.
17 Okay. I think we'll hear from the next panel.
18 Thank you very much.
19 We will first hear from Mr. Beedle and the folks
20 from NEI, etcetera.
21 How have you structured your industry
22 presentation, Mr. Beedle?
23 MR. BEEDLE: I would lead off with a few remarks
24 and then turn to John McGaha, who would talk through most of
25 the issues and then make a concluding remark.
79
1 CHAIRMAN JACKSON: And how are you proposing to
2 structure your presentation, Mr. Leventhal?
3 MR. LEVENTHAL: I think I can complete our
4 testimony in about 10 to 15 minutes' time, and I'm going to
5 ask Mr. Greenberg to deal with the legal question that arose
6 with regard to --
7 CHAIRMAN JACKSON: Okay. So, you would present
8 first and then Mr. Greenberg.
9 MR. LEVENTHAL: -- with regard to 73.55(b) through
10 (h).
11 CHAIRMAN JACKSON: Okay.
12 So, Mr. Beedle.
13 MR. BEEDLE: Good morning, Chairman,
14 Commissioners.
15 With me today is John McGaha, Executive Vice
16 President with Entergy -- he's the Chief Operating Officer
17 for that organization -- Bill Josiger, who is a Vice
18 President with the New York Power Authority, Doug Gipson
19 back here is the Chief Nuclear Officer, Detroit Edison, and
20 we have a number of members of the -- NEI's security task
21 force, and I point out the attendance here today by way of
22 underscoring the importance that the industry places on this
23 subject.
24 It's one that we are certainly committed to.
25 Security of our facilities is something that is extremely
80
1 serious in our minds and one that is protecting the assets
2 of the company. So, it's not something that's undertaken
3 lightly.
4 First slide, please.
5 Our objective is certainly to promote review of
6 the security fundamentals, and I think that's what the
7 Commission has been pointing at this morning with the
8 questions to the staff.
9 We certainly agree with the need to take advantage
10 of this opportunity and time to review the program and make
11 sure that we're focused on the right thing.
12 I was encouraged to hear the staff talking about
13 Part 100 release criteria as one of the fundamental
14 requirements upon which our security forces are predicated,
15 and then certainly the design basis threat, and neither do I
16 want to get into the design basis threat at this point, and
17 again, we believe that the time is ripe to examine these
18 issues, to make sure that we're doing the right thing.
19 I can't help but believe that the dollars we spend
20 in one area detract from dollars available in other areas,
21 and security is no different than any of the other programs
22 that we have to deal with on a day-to-day basis in managing
23 the industry.
24 So, with that, I'd like to turn to Mr. John
25 McGaha, who will cover some more detailed remarks.
81
1 John?
2 MR. McGAHA: Thank you.
3 Good morning, Chairman and Commissioners.
4 CHAIRMAN JACKSON: Good morning.
5 MR. McGAHA: It's a pleasure for me to be here
6 today, mainly because, about seven years ago, I was involved
7 in another NEI initiative very similar to this.
8 In fact, I was really pleased to hear the
9 questions going around the table, because they are all the
10 same types of things we were asking seven years ago, things
11 about use of deadly force, what is the design basis threat,
12 and is that the right thing to do, what are the staffing
13 requirements, and I could go right down the list, pretty
14 much, everything that was being discussed today, we were
15 discussing back then.
16 I'd like to, before I get into my slides, just
17 make a couple of points based on the discussions I heard
18 earlier today.
19 In my opinion and, I think, in the opinion of my
20 colleagues that are here today, there has, in fact, been
21 creep in the industry. I know, at our Entergy plants, we've
22 increased the size of our security force as a result of
23 OSREs and response to the design basis threat.
24 We have also, in fact, reduced the size of the
25 force over the past few years, but that is in other areas
82
1 where we've managed to improve and streamline the way we do
2 business.
3 We are very interested in what the Commission is
4 trying to do.
5 I think this is good that we're taking another
6 look at this area, so much so that some of our people from
7 Entergy were here this week talking to the Commission staff
8 about maybe looking at the new regulatory approach, the risk
9 performance-based approach, and maybe even coming up with
10 one security plan for all of our Entergy sites that would be
11 based on the regulations and not have all these variances
12 that we seem to have evolved to over the years, mostly as a
13 result of the inspection process and responding to some of
14 these things.
15 But I'll tell you this right now. Just last week,
16 we had a security inspection at our Arkansas plant, and at
17 the exit meeting, the inspector asked us if we would commit
18 to increase the size of our security force and put that in
19 our security plan.
20 So, that just gives you one small tidbit of
21 information that shows that there is some creep taking place
22 out there as a result of the inspection process, and I'm
23 hoping this effort we're doing here will help us get our
24 arms around that.
25 I was really pleased to hear the discussion today
83
1 about the integrated approach using the engineering
2 safeguards assessment PRA integrated with operations and
3 looking at the integrated approach rather than just a pure
4 security defense mechanism to try to demonstrate that we're
5 protecting our plants.
6 To get into my slides, one of our objectives is
7 that we'd like to see the security program clearly defined
8 based on realistic and measurable regulations, and this gets
9 into some of the discussion that occurred earlier today, are
10 we regulating to the Part 100 release, are we regulating to
11 the target sets, are we regulating to reactor damage, fuel
12 damage, or are we regulating to theft of nuclear-grade
13 material.
14 This is an area we were discussing seven years
15 ago, and I'm glad to see what we're discussing it again
16 today.
17 Our plant management needs to be able to measure
18 our performance against these requirements, and as we said
19 earlier, the requirement should be an integrated
20 defense-in-depth approach, not just reliance on security
21 measures or on a local security force demonstrating
22 interactions with intruders.
23 This means that this approach needs to include
24 some kind of risk analysis, and it has to include
25 operations, engineering, and a lot of other features that
84
1 were discussed earlier today, and the NRC oversight and
2 inspection should be to the same standards that the plant is
3 using, whether it be active NRC involvement or NRC
4 monitoring these exercises that are being discussed as part
5 of the new proposed approach.
6 In the interim, though, what we've had in the past
7 and what we still have today, I feel, I think even with this
8 SECY paper and what it recommends, if we continue with the
9 OSREs, we still have in my opinion and I think in the
10 opinion of the colleagues representing the industry, a
11 variable escalating, expert-driven requirements approach,
12 and if you go from OSRE to OSRE, the requirements end up
13 being different, and they all talked about it.
14 Yes, we go learn from what happened at the other
15 plants, and we make sure that we don't have those same
16 problems recur at our plants based on the inspection
17 results. That's just the nature of the beast.
18 Next slide.
19 CHAIRMAN JACKSON: That's based on the plants to
20 -- the program has it has been implemented to date.
21 MR. McGAHA: Yes.
22 CHAIRMAN JACKSON: Not necessarily this modified
23 approach.
24 MR. McGAHA: Even in the modified approach, I
25 think if you talk to Watts Bar, you'll -- in fact, I think
85
1 -- are those pictures we have from Watts Bar? We're going
2 to show you a couple of pictures.
3 CHAIRMAN JACKSON: That's how Watts Bar prepared
4 for it.
5 MR. McGAHA: Yes. Watts Bar prepared for it, and
6 Comanche Peak is preparing for it, and they're -- I think
7 they're the next one due for an OSRE, and the executives
8 there would agree that it is not a regulatory requirement
9 that they're trying to satisfy.
10 They're trying to satisfy the perceived
11 requirement of the OSRE examining team so that they were not
12 put in a disadvantaged position. So, it's effectively a
13 requirement.
14 CHAIRMAN JACKSON: Right. But my understanding is
15 of what the licensee would be tested to relate to existing
16 commitments, not based on what they put into place.
17 MR. McGAHA: That is correct. The test is their
18 existing commitments.
19 CHAIRMAN JACKSON: Right.
20 MR. McGAHA: But it's heavily weighted toward
21 interpretation of those equipments, and as members of your
22 staff have told you, that it's the vulnerabilities. I
23 perceive a vulnerability, and as a result of that, if I have
24 a vulnerability, I have to do something to solve it, and
25 we'll show you some pictures of what we think are solutions
86
1 to vulnerabilities.
2 CHAIRMAN JACKSON: Are you arguing that it's ad
3 hoc?
4 MR. McGAHA: Beg your pardon?
5 CHAIRMAN JACKSON: It's ad hoc in terms of the
6 discussions of vulnerabilities.
7 MR. McGAHA: Well, no. I think what happens is
8 they look at past OSREs and they find out what that utility
9 did to solve their problem, and then they replicate that at
10 their station.
11 CHAIRMAN JACKSON: Uh-huh.
12 MR. McGAHA: So, it becomes a de facto requirement
13 throughout the industry.
14 CHAIRMAN JACKSON: Well, I guess what I'm trying
15 to understand is, you know, we have an historical approach.
16 The staff has posited that there is a modified approach, and
17 then there are the specific recommendations of the task
18 force which you seem to be endorsing, coupled with, you
19 know, what the Commission itself has been discussing this
20 morning, and I'm trying to understand whether you feel that
21 this high degree of creep and ad hoc-iness is still implicit
22 in the modified approach, or is it that the licensees do
23 things and we kind of say okay?
24 MR. McGAHA: Let me get to the crux of what I
25 think our whole message is here.
87
1 We think it's premature to do even this modified
2 approach until we step back and answer some of these
3 questions that we've been trying to answer for a long time.
4 Is the design basis threat the credible thing to be
5 protecting against? Do we need to interdict rather than
6 interpose and delay and rely on other law enforcement
7 agencies to bring in additional resources?
8 These types of things, right now, are not yet
9 defined, and I'm not sure that the -- this modified
10 inspection approach is going to define those. At least the
11 way I read the letter, it doesn't really say it's going to
12 get into those kinds of things.
13 MR. BEEDLE: Well, let me add that where the staff
14 is going right now on these next 10 OSREs is, I think, an
15 evolutionary effort to try and figure out how to do the
16 OSREs better.
17 CHAIRMAN JACKSON: That's correct.
18 MR. BEEDLE: Okay. I don't think that those 10
19 plants are sufficiently familiar with that process that they
20 would be willing to not make any changes in their plant as
21 they approach the date of their OSRE.
22 CHAIRMAN JACKSON: Well, then you should tell them
23 not to do that.
24 MR. BEEDLE: Well, I can tell them that all day,
25 but they say, Ralph, your license isn't on the line.
88
1 CHAIRMAN JACKSON: Well, we'll ask Sam to tell
2 them not to do that.
3 MR. BEEDLE: Okay.
4 CHAIRMAN JACKSON: Okay. And then we will come in
5 and test based on what is there. Tell them not to do that.
6 COMMISSIONER McGAFFIGAN: The discussion about the
7 OSRE program as it's been conducted over the last 10 years
8 reminds me of Towers Turn to some degree and the notion that
9 we have individual inspectors imposing requirements.
10 Now, is that what you're saying, or you --
11 back-fitting and whatever -- or are you saying this is sort
12 of self-imposed, that the creep is just you guys trying to
13 anticipate us and you're self-imposing requirements that is
14 the sum total of the best practices of everybody's who's
15 gone before you, because if there are back-fit issues,
16 there's -- you know, I'd be interested in them, and I think
17 you guys should have been raising them, but which is it? Is
18 it self-imposed, or are we imposing back-fits through
19 inspections?
20 MR. BEEDLE: I think it's a combination of some
21 self-imposed requirements, you know, trying to make sure
22 that my program meets muster. It's over-laced with the
23 involvement of contractors that we use that -- saw it happen
24 at one plant.
25 We bring them in and we ask them what do we need
89
1 to do to be successful? You need to do this, and so, we do
2 that, and then we bring the inspection teams in and they add
3 a few vulnerabilities, and we start ratcheting, and I'll
4 tell you, the security programs have increased dramatically.
5 We're seeing plants spend millions of dollars in
6 preparing for these examinations, and when you look at that
7 kind of money being spent without a change in the
8 regulations, you've got to ask why.
9 CHAIRMAN JACKSON: Well, we know that. What I'm
10 trying to do is understand where we are trying to go on a
11 go-forward basis, okay? There's a lot of history here, and
12 there's a history that we all need to learn from.
13 The issue becomes -- we have an interim program,
14 but the issue is where do we want to be on a go-forward
15 basis, and if we could focus our discussion that way, I
16 think it would be very helpful to this Commission, because
17 we can't make up for history, okay? But what we can do is
18 deal with what we do on a go-forward basis.
19 MR. McGAHA: In that case, we can skip my next
20 slide, because I think we just covered all of that, and I
21 think we ought to show the pictures, just two examples.
22 MR. BEEDLE: Slide five.
23 MR. McGAHA: And the top picture is basically a
24 gun turret. I believe five of those were added at the
25 plant, and I believe they're manned full-time.
90
1 MR. BEEDLE: No, they're not manned full-time, but
2 they are there so that, if the -- and this is within the
3 security fence of the plant. We've got these little
4 pillboxes established, and then the one down below is a
5 gate, with a keypad that you have to punch in the right
6 combination, and then we conveniently post the combination
7 right there alongside.
8 I mean anybody looking at that has got to say does
9 this make sense?
10 Now, I understand the rationale for it, but you've
11 got to say does this make sense?
12 Our operators, our plant staff, have to punch --
13 if they want to go from point A to point B on the other side
14 of that fence, they've got to punch in this thing, and we do
15 this under the guise of 10-second delay.
16 If my plant security and safety rest on 10-second
17 delay, then there is something wrong with my design or my
18 provision for security in that plant.
19 CHAIRMAN JACKSON: Again, how long has this been
20 here?
21 MR. BEEDLE: I don't know. I think this may have
22 been put up for one of the more recent OSREs.
23 COMMISSIONER McGAFFIGAN: So, during the OSREs,
24 they take the combination down.
25 MR. BEEDLE: No, no, they leave it up.
91
1 CHAIRMAN JACKSON: I think there is an issue here
2 on a go-forward basis that has to do with what we require
3 vice what licensees do that we acquiesce to, because that's
4 really what we're talking about.
5 MR. BEEDLE: That is the crux of the issue,
6 Chairman, yes.
7 CHAIRMAN JACKSON: And that is something that I
8 think the acquiescence and what we're going to truly look at
9 can be addressed even in the interim program.
10 Now, if somebody's already built their pillboxes,
11 there's nothing that we can do about that today, okay? But
12 what we can do something about is sending a message relative
13 to beefing up beyond that which you have a committed to.
14 But then you're going to come in and examine based on what
15 that commitment is and try to move to this overall
16 integrated approach, provided the Commission approves that.
17 That's where we need to focus. I understand
18 people's neuralgia, but you know, it's like anybody who's
19 been upset or hurt about something. I can't change the
20 history. He can't change it, she can't change it, he can't
21 change it, and he can't change it.
22 The issue is where do we want to go, and what do
23 you feel from your industry point of view, okay, are
24 important things for us to consider as we go forward, and
25 that's where we can all be most helpful to each other.
92
1 MR. BEEDLE: Chairman, John's going to take us
2 there with slide number six.
3 CHAIRMAN JACKSON: Good.
4 COMMISSIONER McGAFFIGAN: Madam Chairman, if I
5 could just say one thing, and it might be slightly light,
6 but -- I may have seen too many Schwarzenegger films, but
7 I'm not sure that delays Schwarzenegger 10 seconds.
8 CHAIRMAN JACKSON: We need levity.
9 MR. McGAHA: Okay.
10 One of the areas that we need to improve on is in
11 our management oversight, and I'm talking about the industry
12 itself.
13 It's been -- I'll just tell you from my
14 experience, from being in several plants. Safeguards gets
15 into, you know, safeguards information, secretive, nobody's
16 supposed to know what the design basis threat is, and so,
17 you've got the security folks who are going to do whatever
18 they have to do to pass the exam and demonstrate that our
19 security works, and maybe we haven't gotten involved with it
20 enough.
21 CHAIRMAN JACKSON: So, specialist talking to
22 specialist.
23 MR. McGAHA: Yes.
24 COMMISSIONER McGAFFIGAN: Madam Chairman, that
25 went to my point earlier that I asked the staff about. Who
93
1 has the power in the plant to do these trade-offs? If,
2 indeed, one group is this secret fraternity with secret
3 information and a safety operator says, well, god, I guess I
4 can live with that and I'll find a way around it, as opposed
5 to really being able to challenge him and say, you know,
6 tell me what the hell that's doing for you -- you know, it's
7 buying you 10 seconds? Why is that important? Maybe some
8 of the operators have to be cleared so that they can
9 challenge and talk about.
10 CHAIRMAN JACKSON: Well, I also think there has to
11 be some discipline in our approach. I mean I heard some --
12 admittedly, but since that's what we all use -- anecdotal
13 feedback, you know, relative to even the most recent one,
14 you know, an inspector says, well, you have this
15 vulnerability over here and, you know, you have this
16 vulnerability over here.
17 Well, that's not good on two bases.
18 One, it's not good because obviously it's, you
19 know, some individual inspector, quote/unquote, potentially
20 ratcheting somebody up, but it's not good also from my point
21 of view, because it's ad hoc, and therefore, you know, I
22 don't know -- there's no overall analysis that says this is
23 going to give, you know, the greatest improvement in safety
24 for, you know, what it requires, and so, this issue of
25 moving to this post, you know, analysis that Mr. Collins and
94
1 his folks described and having some kind of coherent
2 picture, even with whatever elements of analysis we have
3 available to us today, you know, is a way to go, and that
4 you don't just kind of, in an ad hoc way, sort of point out
5 that this is what you need to do or this is okay and that's
6 not. That doesn't give me a whole lot of comfort.
7 COMMISSIONER McGAFFIGAN: There's two
8 vulnerabilities and two more pillboxes.
9 CHAIRMAN JACKSON: Well, but I'm saying that those
10 may or may not be the greatest vulnerabilities, right? And
11 so, that's kind of, you know, what's the matter with that,
12 but I think, you know, some of it has to do with some
13 management, oversight, and discipline here, and some of it,
14 you know, has to do with -- you know, as you were discussing
15 Mr. McGaha.
16 MR. McGAHA: I think we're on the right track. I
17 guess what we're saying today is that there are some things
18 that we even have to step back and ask a bigger picture,
19 that as we're doing that, such things as does a several
20 layers of defense posture make sense based on the overall
21 protection and armament and everything that we already have
22 in place?
23 Is the design basis threat the real threat? You
24 heard that we're still going on -- what did he say, a 1979
25 -- anyway there were some assumptions and decisions made
95
1 many years ago I think we as an industry need to revisit,
2 because in fact, nuclear power plants today are probably the
3 most protected -- and maybe rightly so, but they are the
4 most protected industrial facilities in the entire country.
5 CHAIRMAN JACKSON: So that you don't -- aren't
6 confused about this 1978-79 -- just for the record, it does
7 not have to do with the threat being 20 years old. It has
8 to do with an operational assumption, that whatever the
9 threat is, as it comes out of various analyses, being
10 assumed as being constantly present for purposes of
11 regulatory approach, and that was what the gentleman, I
12 believe, was talking about.
13 MR. McGAHA: I understand, and I guess all we're
14 really saying is maybe we should revisit some of those to
15 see if that's still -- if we want to continue with those
16 same assumptions today. In fact, we did talk about that
17 some back in the early '90s, when I was on this previous
18 task force.
19 So, this overhead sort of gets into detail on what
20 I was trying to say earlier about our role to provide better
21 management oversight, and we do need to do that, to put more
22 operational input, more technical, engineering, PRA, all the
23 other inputs into the decisions that are being made.
24 But the fact is people like me aren't really
25 expert on security things, so -- but we have to get better
96
1 at challenging what some of our security people are doing,
2 because they -- even though they feel it is prudent -- and
3 this gets back to Commissioner McGaffigan's question earlier
4 -- they might be doing something they think is fully prudent
5 that we should be challenging because it just doesn't make
6 good sense, and what they may be doing is reacting to
7 something another plant did, who reacted to another plant,
8 who reacted to another plant.
9 Put the next slide up.
10 This one gets into what our recommendations would
11 be, of what an effective program would be, and along those
12 lines, I think we're consistent with what the Commission is
13 doing.
14 Our thoughts is that there are fundamental changes
15 that are needed in the security arena and that -- but we
16 also feel a baseline review of the overall picture is
17 warranted, as well as just the focus on the OSRE, the
18 modified OSRE approach, and we feel that this should be done
19 before we get too far down the road with the modified OSRE
20 approach, because they're still working on some of the same
21 assumptions that we may want to, in fact, reconsider as part
22 of this.
23 So, we should step back and look at the big
24 picture, and to be effective, the program should include,
25 first, regulations with clear requirements and maybe
97
1 risk-informed measures consistent with the approach that
2 we're taking, that the NRC is taking, and the industry is
3 taking in the regulatory environment today.
4 The licensee programs should be based on these
5 requirements. In there, we should be monitored through
6 performance criteria that are measured against the
7 regulations and not by the number of security officers that
8 some plant committed and put a number in the security plan.
9 Once again, we would like to see a response
10 posture appropriate to the threat level so that there are
11 times when we may have to double our security forces on-site
12 and there are times when maybe it would be business as
13 usual, depending on available information, and then, also,
14 we'd like to see a due process or a system to deal with
15 inspection issues in a more open process with senior
16 management -- that was my comment on the previous slide --
17 to make sure that we're not thinking we're going the right
18 thing and all we're doing is ratcheting ourselves up to some
19 requirement that some other plant has committed to, and in a
20 lot of cases, that doesn't make sense.
21 CHAIRMAN JACKSON: Maybe you might want to think
22 about -- I'm not trying to tell you how to do your business,
23 but you mentioned this issues of the safeguards mantle, and
24 so, a question that arises is, to what extent has
25 management, you know, to whatever degree you think it needs
98
1 to be involved, ensured that it has the capability or
2 clearance or whatever it takes to have equal access to
3 safeguards information that people who work for you have?
4 I mean that puts you at a disadvantage. It's not
5 that everybody in the plant needs necessarily to have that
6 information, but presumably, you know, you and some key
7 people who would work for you would need to be able to have
8 that, and that puts you in the position, as the management,
9 to be able to provide that oversight that you talk about in
10 a more coherent way.
11 MR. McGAHA: I agree, and people in my job and in
12 other jobs, the safety review committees, there are certain
13 people that are cleared for safeguards, and we expect them
14 to review and approve and get involved with the site
15 security plan and that kind of thing, but those people
16 aren't really experts.
17 It's hard for them to interpret some things,
18 because they don't know what the basis is or who came up
19 with what the design basis threat is and whether or not
20 that's a credible thing, and if the security organization
21 comes in and says, look, 15 plants have put gun turrets in
22 because -- we need to do that, because if we don't, we're
23 not going to be able to address the design basis threat,
24 even if we have access to the safeguards, but it's also an
25 easy excuse for us to present, well, we don't know about the
99
1 -- you know, that's secretive stuff that only FBI and the
2 CIA and others know about, and so, it's an easy --
3 CHAIRMAN JACKSON: Well, to some extent that is
4 true.
5 MR. McGAHA: All I'm saying is we need to take our
6 own excuses away and get -- and we, too, need to get more
7 involved and proactive and intrusive on some of this stuff.
8 MR. BEEDLE: Our task force, Chairman, is going to
9 make an effort to try and highlight this as an issue and see
10 what we can do about trying to educate and make people
11 understand the significance of it. I mean it's something
12 that they really need to pay attention to.
13 CHAIRMAN JACKSON: Well, if we take an integrated
14 approach, that allows you to take an integrated approach.
15 MR. BEEDLE: I think that's the real reason we're
16 able to do this and put focus on it, is because the agency's
17 put focus on it.
18 As John indicated, there have been efforts in the
19 past to try and change some of the security programs, and
20 they had relatively little success, because the agency
21 wasn't ready to make any changes.
22 COMMISSIONER McGAFFIGAN: Madam Chairman, I've
23 kept burdening this rule-making process --
24 CHAIRMAN JACKSON: And there you go again.
25 COMMISSIONER McGAFFIGAN: -- and here I go again,
100
1 right.
2 One thing that's been successful -- and I just
3 would ask these folks -- I think in Part 70 and maybe less
4 so in Part 35, because there wasn't as much interaction in
5 the pre-proposed rule stage, but as we head towards this
6 proposed rule, would it benefit you all if we did stuff like
7 we have done on Part 70, have frequent meetings, put it on
8 the web page, whatever they're coming up with, and interact
9 with the public as well as the industry, so that people see
10 what -- where we might be headed? Would that facilitate the
11 process, you know, once the rule is out there for formal
12 comment?
13 MR. BEEDLE: I think it would do a great deal to
14 remove some of the mystery associated with the security
15 program. I mean it would get it out into the open where we
16 could talk about it, and I'm not suggesting that we talk
17 about the design basis threat or the safeguards information
18 but just how the program --
19 COMMISSIONER McGAFFIGAN: The documents that are
20 eventually going to be made public, the rule, the reg guide
21 going with the rule, etcetera, if that were relatively open
22 earlier, it might be better.
23 MR. McGAHA: I would sense and feel that, if we
24 could figure out maybe something similar, a similar path in
25 this area, as we're doing with the rest of the regulatory
101
1 process, where we're, I think, truly reinventing, to some
2 extent, the way we do business for the better, I think the
3 same approach needs to be done here, with pilots or whatever
4 and industry input and, once again, management getting more
5 interactive and intrusive into the reasonableness of the
6 decisions that are made.
7 I think the last slide, we sort of touched on most
8 of this already, but this relates to where we think we
9 should go, and these are the four attributes that we feel
10 describe what we were just talking about, that this process
11 needs to include something to ensure that we clearly are
12 understanding the risk, and Chairman Jackson, I think you've
13 touched on that from about three or four different angles
14 already today.
15 We need to evaluate what is a realistic threat.
16 At times, maybe the threat goes up. At times, maybe the
17 threat goes down.
18 We need to employ the full capability, and I think
19 I heard that discussed about four or five times today, not
20 just -- like you said, Chairman Jackson, we need to overlay
21 the engineering and the safeguards and the contingencies and
22 all these things on top of how easy is it to get to and
23 damage a target set.
24 And last but not least, we need an appropriate
25 response posture based on the situation. I would challenge
102
1 the need to have people sitting around posted in the plant
2 with weapons loaded and cocked, assuming that someone's
3 going to attack the plant at any second.
4 I think there might be times when we need to be
5 that ready, but the general sense I based on history is
6 that's sort of the direction that the industry was headed,
7 and we haven't done very well there.
8 I mean I'll admit that plants have staffed up and
9 energized themselves and done some things to get ready for
10 OSREs, especially in the early days, and after the OSRE was
11 over, they backed off on some of those things.
12 CHAIRMAN JACKSON: Would you argue in your view
13 that the top three bullets drive the fourth one?
14 MR. BEEDLE: Yes.
15 CHAIRMAN JACKSON: Okay. So, that's the bottom
16 line.
17 MR. BEEDLE: Yes.
18 CHAIRMAN JACKSON: Okay.
19 MR. BEEDLE: Chairman, that concludes our remarks.
20 I would just like to underscore one thing, that the security
21 of our facility is not the responsibility of the security
22 department at the facility. It's the responsibility of the
23 entire plant, and we need to get it back into that -- on
24 that basis.
25 CHAIRMAN JACKSON: Okay.
103
1 Commissioner Merrifield, you have a comment?
2 COMMISSIONER MERRIFIELD: Yes. I guess there's
3 sort of two comments.
4 I agree with the notion -- some of the attributes
5 you talk about here, clearly understanding the risk,
6 evaluating realistic threats, and employing full capability.
7 I think that's the right direction to go. I think we need
8 to -- we as an agency need to clearly articulate what we
9 require, test on those requirements, and make you live by
10 those requirements.
11 But I think the important caveat to keep in mind
12 is, as we deal with many other things with risk around here,
13 it's not a one-way street. We may very well do a risk
14 analysis and determine that, in some areas, we need to think
15 about having you have more capabilities.
16 Now, I've been to a number of plants. I've seen
17 some things that lead me to believe that we're overdoing it
18 in some areas, but we may very well find down the road that
19 there are areas where we need to bolster your performance
20 that will require additional use of financial resources.
21 The second comment I would make is, you know, I
22 hear about these consultants you've brought in to give you
23 analysis of what they think you need to do in order to pass
24 our exam, and it reminds me of when I was trying to pass the
25 bar exam and become a lawyer, and I had all kinds of people
104
1 come after me -- well, you really need to take this review
2 course and you need to have these review materials, because
3 otherwise you're not going to pass that bar exam, and like
4 anything else, you know, all us good capitalist consumers
5 have to be careful about the things that people try to foist
6 on us, and that's not all our fault.
7 I mean some of it may be, but I think there's a
8 self-interest, perhaps, of some of your consultants in
9 selling you probably very expensive services and
10 demonstrating the need for them to be there.
11 So, I do want to make that comment to
12 counterbalance.
13 MR. BEEDLE: So, we should get rid of all of our
14 consultants. Well, maybe some of them.
15 COMMISSIONER McGAFFIGAN: They should all take law
16 exam prep courses.
17 CHAIRMAN JACKSON: Commissioner Dicus?
18 COMMISSIONER DICUS: One of the things that was
19 brought up in the first panel is the potential or
20 possibility, say, in the biennial exercises, of using the
21 simulator. Do you have any comments about that,
22 particularly if we really go to the criteria, what we're
23 really trying to accomplish is not to have a Part 100
24 release?
25 MR. McGAHA: I really hadn't thought much about
105
1 that. I think that's one of the things that we as an
2 industry need to look at.
3 On the one hand, there's probably -- I can
4 probably sit here and come up with some pros and cons. As
5 was mentioned earlier, we do use the simulator and emergency
6 preparedness exercises, and we found it beneficial there.
7 As I recall, part of the emergency preparedness exercise
8 also includes a security threat.
9 So, who knows? Maybe we can think of a way to
10 combine emergency preparedness and security together.
11 MR. JOSIGER: I think we have to evaluate that and
12 think it through, because there's many ways that we could
13 incorporate the operational aspect into the mitigation of
14 the various scenarios. Using the simulator is one.
15 Table-tops are another.
16 Review of the design basis, the defense-in-depth
17 philosophy that the plants are constructed and operated to
18 -- all that has to be integrated into the functional
19 inspection of security.
20 CHAIRMAN JACKSON: Commissioner Diaz?
21 COMMISSIONER DIAZ: I have no comments.
22 CHAIRMAN JACKSON: Commissioner McGaffigan?
23 COMMISSIONER McGAFFIGAN: No further questions.
24 CHAIRMAN JACKSON: Commissioner Merrifield.
25 Let's hear from Mr. Leventhal, please.
106
1 MR. LEVENTHAL: Thank you, Madam Chairman, and to
2 you and members of the Commission, I --
3 CHAIRMAN JACKSON: Let me make one comment.
4 If any of you had -- I think, Mr. Rosano, you went
5 around and --
6 MR. ROSANO: Yes, ma'am.
7 CHAIRMAN JACKSON: -- traded -- there was an
8 original version of Mr. Leventhal's testimony, that if you
9 have the one that you picked up when you came in, we would
10 ask you to exchange it with Mr. Rosano.
11 Please go on.
12 MR. LEVENTHAL: We do appreciate the opportunity
13 to testify before the Commission and your willingness to
14 hear a public interest view on the issues that are before
15 you today.
16 My name is Paul Leventhal, and I'm president of
17 the Nuclear Control Institute. We're a non-profit research
18 and advocacy center concerned with problems of nuclear
19 proliferation and the threat of nuclear terrorism.
20 With me today is our counsel, Eldon Greenberg, a
21 partner in the Washington, D.C., law office of Garvey,
22 Schubert & Barer.
23 Mr. Greenberg will address the legal question that
24 I made reference to in response to your question on
25 73.55(b)-(h) at the conclusion of my testimony.
107
1 I would appreciate the opportunity to begin by
2 establishing some context for the concerns that I have about
3 much of what I've heard today, and so, there is something of
4 a philosophical bent to this, and I hope you'll indulge me,
5 because there is a point to it.
6 Before founding NCI in 1981, I worked on the staff
7 of the U.S. Senate and was responsible for preparing the
8 investigations and the legislation that resulted in
9 enactment of the Energy Reorganization Act of 1974 and the
10 Nuclear Non-proliferation Act of 1978.
11 I was co-director with Jim Asselstine, who later
12 became a commissioner here, of the bi-partisan Senate
13 special investigation of the Three Mile Island nuclear
14 accident, and I helped prepare the lessons learned
15 legislation that was enacted as a consequence of this
16 investigation.
17 For the past 25 years, I've been concerned with
18 various ways -- I've been concerned in various ways with
19 prevention of the misuse and abuse of civilian nuclear
20 energy programs, including prevention of radiological
21 sabotage.
22 I'm particularly interested in the Commission's
23 present engagement in the staff's OSRE program.
24 We are highly supportive of the OSRE program. We
25 think it's actually done a pretty good job, and I think one
108
1 thing that has been absent in the discussion today, at least
2 to my hearing, are what the problems are that need to be
3 fixed.
4 We have a good sense of what the problems are in
5 terms of security performance at the plants that OSRE has
6 run exercises at and the need to improve that performance
7 and keep it improved, but I do not see any problems that
8 require a major reorganization of OSRE, perhaps some
9 upgrading of regulations so that there is enforcement power
10 in terms of grading these exercises and getting improved
11 results.
12 I would say that, given the dire consequences that
13 would result from a successful attack, the consequences that
14 the OSRE exercises are designed to try to prevent -- that
15 is, to successful repel an adversary whose objective is
16 radiological sabotage, the destruction of a plant's vital
17 systems to cause a core meltdown and breach of containment
18 -- given those dire consequences that could result from a
19 successful attack, I cannot think of anything more important
20 for the NRC staff to do and for the Commission to make sure
21 that the staff does well.
22 Among the lessons learned from the TMI accident
23 was that, when a severe accident occurs, the uncertainty
24 among operators and supervisors in the control room can run
25 very high, can contribute to the severity of the accident,
109
1 and that uncertainty itself should be considered a condition
2 of the plant in weighing whether an evacuation of the
3 surrounding population is called for.
4 That was the core finding of the Senate
5 investigation, as I recall it.
6 The lessons learned legislation enacted as part of
7 the NRC Authorization Act of 1980 included a requirement
8 that newly-constructed plants must be denied operating
9 licenses if the Commission cannot determine that the
10 surrounding area can be successfully evacuated.
11 As a consequence, the Shoreham plant was shut down
12 before reaching full power after Federally-supervised local
13 drills demonstrated that Long Island could not be
14 successfully evacuated.
15 The Seabrook plant in New Hampshire came close to
16 suffering a similar fate but was eventually granted an
17 operating license.
18 Now, I review this bit of history to illustrate
19 the overriding importance of protecting a reactor's vital
20 systems so that evacuation is never required.
21 None of the plants operating today were really
22 constructed with evacuation in mind. Emergency planning was
23 an afterthought, considered not before issuance of the
24 construction permit but just prior to granting of the
25 operating license -- that is, after the plant is built.
110
1 The 10-mile inhalation zones and the 50-mile
2 ingestion zones established by the Commission post-TMI will
3 have little meaning to the residents of New York City or
4 Chicago, for example, if one of the plants operating nearby
5 is successfully hit and a radioactive plume is heading their
6 way.
7 There will be a spontaneous desire to evacuate,
8 and it will not be pretty, to say the least.
9 TMI was a close call. A total meltdown was
10 averted after a newly-arrived shift supervisor, Brian
11 Mehler, who, for my money, is the unsung hero of Three Mile
12 Island, figured out two hours into the accident that the
13 pressure-operated relief valve was stuck open and draining
14 coolant from the core.
15 As it turned out, about half the fuel melted as a
16 result of the stuck valve and the confusion that this
17 caused.
18 How likely that a total melt could be averted if
19 the precipitating event were not a mechanical failure, as in
20 the case of TMI, but rather, the failure of security guards
21 to prevent terrorists with explosives from successfully
22 penetrating the protected area of a plant or the failure to
23 prevent a truck bomb the size of the one used against the
24 Federal building in Oklahoma City or the Marine barracks in
25 Dhahran, Saudi Arabia, from being detonated at or near the
111
1 protected area fence.
2 Now, we could, of course, debate what the actual
3 consequences of a successful attack would be, and of course,
4 we have done that today, but I ask, why bother engaging in
5 such a debate?
6 Why not simply give NRC staff the resources and
7 impose the necessary requirements on industry to make it
8 extremely unlikely that such an attack could ever succeed?
9 That, in my view, is the essential question before the
10 Commission today.
11 The public expects that kind of protection.
12 That's what public perception's all about. The public
13 expects that kind of protection and would surely demand it
14 if the current deficiencies became widely known.
15 If there were a successful attack, the human
16 suffering and the property loss that would ensue would
17 almost certainly bring about the downfall of the nuclear
18 industry, something that members of the Commission who
19 regard the industry's survival as a sacred trust should
20 ponder hard.
21 Now, the basic position of the Nuclear Control
22 Institute is, one, current security regulations at nuclear
23 power plants are inadequate to protect against radiological
24 sabotage; two, the design basis threat, 10 CFR 73.1, against
25 which plants are protected, does not correspond to current
112
1 real world dangers and is not even fully applied with regard
2 to the insider threat -- I'll return to the insider threat
3 in a moment; three, the Commission cannot rely on advanced
4 warning to provide the necessary lead time to bolster
5 defenses against an armed assault or vehicle bomb attack.
6 I was interested to hear the discussion today of
7 General Gossick's 1978 -- April 10, 1978, memorandum to the
8 Commission, approved by the Commission at that time, which
9 exhibited wisdom that is as true today as it was then. I'll
10 quote two passages from it.
11 "Operating assumption: A prudent, viable
12 safeguard system should not rely for its effectiveness on
13 the accuracy and timely availability of intelligence
14 information concerning the plans, characteristics, and
15 intentions of a hostile adversary with regard to theft,
16 diversion of SNM, or sabotage of a nuclear facility."
17 I would say that pretty much characterizes the
18 situation with regard to the Oklahoma City bomb, total
19 surprise.
20 "Degree of conservatism: This operating
21 assumption accommodates the conservative perception that,
22 given the manifestation of a significant threat to the
23 nuclear industry, there is a possibility that the U.S.
24 intelligence community would not be able to collect and
25 report that information to the NRC in a sufficiently
113
1 accurate and timely manner so that appropriate safeguards
2 actions might be taken to thwart the threat."
3 I would say that characterizes the situation with
4 the World Trade Center. There was some information, it was
5 not properly processed, the threat was not dealt with before
6 the explosion took place.
7 Now, since 1985, our organization, in
8 collaboration with another organization, the Committee to
9 Bridge the Gap in Los Angeles, has pressed the Commission to
10 upgrade its regulations regarding the design basis threat.
11 The current DBT contemplates several external
12 attackers, in collaboration with one insider, approaching
13 the plant as a single team and employing no more than
14 hand-held weapons and explosives.
15 The design basis threat for the truck bomb rule
16 promulgated in 1994, after both the attack on the World
17 Trade Center and the intrusion at Three Mile Island, which,
18 admittedly, Commissioner Merrifield, did not include a bomb,
19 but for four hours, they didn't know whether it included a
20 bomb, and I would question whether the operator acted
21 prudently with that degree of uncertainty in not scramming
22 the plant.
23 The point, however, is that, with regard to the
24 truck bomb rule promulgated in 1994, we have reason to
25 believe that it is insufficient to protect against the
114
1 larger terrorist bombs used since the time the rule was
2 promulgated in response to the World Trade Center explosion.
3 We have interacted with the Commission a number of
4 times on this, and basically, we have not gotten what we
5 would regard as a definitive response as to whether a bomb
6 as large as the Oklahoma City bomb or the Dhahran bomb could
7 be adequately protected against based on present set-back
8 distances and barriers, and there are other problems, but I
9 agreed with -- when I inquired whether I could raise this
10 issue, not to elaborate on it to the extent of neglecting
11 the subject of the meeting today.
12 Now, the subject of the meeting today is this set
13 of recommendations by the SPA task force, and we did not
14 have the document in hand when we prepared this testimony
15 that was discussed today. So, I had some generalized
16 comments on it to the effect that -- and I think that what
17 I'd like to do at this point is summarize my statement so I
18 allow some time for Mr. Greenberg to deal with the legal
19 question and maybe address some of the specific points that
20 were made today.
21 I want to raise the insider threat, because I find
22 the discussion today about the possibility of operator
23 intervention somehow mitigating the consequences of an
24 accident and thereby implicitly making the security
25 protection of the plant relatively less important -- at
115
1 least that's what I gather the message to be, but as I
2 understand it, based on the discussions that took place
3 between NEI representatives and NRC staff, the full design
4 basis threat is not applied in the OSRE exercises.
5 The insider is assumed to be only passive, not
6 active. He provides the attackers information. He in no
7 way participates in the attack. He in no way tries to
8 neutralize the guard force inside the plant. He in no way
9 tries to interfere with control room operations. He is
10 passive.
11 The design basis threat says that he is active as
12 well as passive, and I question -- seriously question how
13 you can reasonably expect to do exercises that presumably
14 mimic real-world attack-type situations, particular when
15 you're going to begin applying Part 100 release standards to
16 this whole process and apply some sort of probabilistic risk
17 assessment, as well, as far as I can gather from the
18 discussion today, if you assume that there is an insider but
19 he's just passive, then clearly you are not making a
20 real-world assumption as to what might actually happen in
21 the event of a concerted attack on a plant, and I question
22 -- this is my one principle criticism of OSRE.
23 I gather from the discussions that I observed that
24 this is sort of an unwritten staff guidance to OSRE not to
25 press the active insider as a player in a mock attack.
116
1 I would ask the Commission to consider that,
2 especially in the context of what you are now about to
3 engage in, this integrated approach, risk-informed
4 assessment.
5 I don't see how you can apply risk assessment to
6 human behavior when it comes to trying to anticipate what a
7 determined group, for whatever reason, might attempt to do
8 to bring down a nuclear power plant.
9 You have to assume that the attack could come as
10 suddenly as the attack on the Oklahoma City Federal
11 building, and the capabilities of the plant must be
12 sufficient to repeal such an attack, because the
13 consequences of a successful attack are unthinkable,
14 absolutely unthinkable.
15 Evacuation must never happen, particularly in a
16 major population center, a major city, because it's
17 unfeasible, and of course, in terms of the potential loss of
18 life and loss of property will be such, as I indicated
19 before, that it could well bring the nuclear industry down.
20 There will not be much tolerance if a nuclear
21 plant has proven to be vulnerable because of an exercise --
22 and I do regard this as an exercise -- where industry's
23 complaints about the cost, about the inconvenience, about
24 the embarrassment of highly professional physical protection
25 exercises, what this brings to bear on them, as if that
117
1 somehow is more important than the public health and safety
2 and the common defense and security of the United States,
3 and I think the Commission seriously has to weigh that
4 question.
5 I mean all this is happening on your watch, and if
6 the result of this is to give industry more and more
7 discretion to run its own drills, to keep NRC out as much as
8 possible, because I think that's where it's really heading,
9 if that's where it's heading, my concern is that you will
10 not be satisfied with the end result, and our simple
11 solution is beef up OSRE, give it the regulatory authority
12 it needs so that fines and other enforcement actions can be
13 taken, if needed, and Mr. Greenberg, in a moment, will
14 discuss whether you really need a new regulation or whether
15 you just interpret present regulations differently, and I
16 would say that that would be the more useful approach.
17 CHAIRMAN JACKSON: I think Commissioner McGaffigan
18 had a question for you.
19 COMMISSIONER McGAFFIGAN: The question really goes
20 to the -- you know, there's a lot of absolutism in your
21 comments today, and you know, I take an analytical approach
22 to almost everything, so you know, the sort of questions we
23 asked earlier, I'll ask you.
24 I can posit a design basis threat that, you know,
25 a rogue company of special operations forces or battalion
118
1 or, you know, the entire U.S. special operations command
2 going haywire and deciding -- even if I posit that big a
3 threat, why do they go after nuclear plants as opposed to
4 all the other soft targets where they can do even more
5 damage, and why do you not bring the same absolutism to the
6 chemical industry or to various other various soft targets
7 that are available in the United States?
8 There's a tremendous deterrent. I mean this is --
9 whatever else you say, this is the safest private sector set
10 of institutions in the country from the point of view of
11 being able to repeal terrorist attacks.
12 MR. LEVENTHAL: I would add to that statement the
13 phrase "thus far."
14 I would respond by quoting what the FBI apparently
15 briefed security staff on, which was that there is no such
16 thing as an unlikely target and that any perception of
17 softness might well be exploited, and therefore, if what the
18 public perception is is a ratcheting down of physical
19 protection standards in order to accommodate the complaints
20 of industry over the cost and the inconvenience and the
21 embarrassment, the perception may be that nuclear plants are
22 becoming soft targets.
23 I think security can be improved. There are
24 obviously limitations.
25 COMMISSIONER McGAFFIGAN: But how much is enough?
119
1 I mean where do you draw the line?
2 You're saying the design basis threat isn't high
3 enough in one place -- I mean should I assume that there's a
4 company of rogue special operations forces fully armed to
5 the teeth with whatever weapons they can bring in, with
6 whatever helicopters, etcetera, they have available to
7 themselves?
8 Where do I draw the line? I can defeat anything
9 if you give me enough fire power.
10 MR. LEVENTHAL: Given General Gossick's operating
11 assumption, there are limits as to what you can expect from
12 intelligence, but surely the CAT program, for example,
13 should not have been terminated, if indeed it has been
14 terminated, the program in cooperation with FBI and DOE
15 based at Livermore, which presumably was designed to process
16 information as quickly as possible for the NRC.
17 I think, sure, there are probably upper limits
18 beyond which you could not protect the plant, and I won't
19 get into the scariest of scenarios, which are the nuclear
20 scenarios, but the point is that, even though other
21 industries may be less protected -- that may well be so.
22 Nuclear is different. First of all, there is a
23 certain panache in the minds of terrorists and radical
24 groups, perhaps, in doing something nuclear, and the
25 potential consequences are uniquely insidious.
120
1 If there were a radioactive plume heading for a
2 major city or population center, it would just be terrible,
3 and it's something that, therefore, the Commission should
4 use every resource available to it to prevent.
5 I'm not saying, of course, it can be 100-percent
6 prevented, but I'm saying you can make it extremely unlikely
7 or as unlikely as humanly possible, and the sense that I get
8 of the discussions thus far, the two meetings between NEI
9 and NRC staff that I monitored and the discussion today, is
10 that you're sort of on a slippery slope toward giving
11 industry more discretion and NRC less of a role, to put it
12 in kind of plain language, and I don't think that's in the
13 public interest.
14 CHAIRMAN JACKSON: Can you speak to the SPA task
15 force recommendations?
16 MR. LEVENTHAL: Well, yes, I can, and I do in my
17 statement.
18 The first two show promise. The first two, which
19 speak to the modifications of regulations and the
20 preparation of regulatory guide to develop target sets,
21 protective strategies, and an exercise regimen -- that's all
22 to the good, I would think, because that doesn't exist
23 today, and it could strengthen OSRE in doing its job.
24 But the second two are a clear indication -- the
25 second two being this notion of training NRC regional
121
1 inspectors to -- first of all, identifying their role and
2 observing tactical response exercises and to train them for
3 new responsibilities -- this suggests that what the ultimate
4 objective is here is to eliminate the outside consultants,
5 and by the way, these outside consultants, which their very
6 existence and identification is so sensitive that it's
7 classified, they obviously know their stuff, they're
8 charging the Commission all of about $90,000 a year, which
9 is not prohibitive, it's a bargain for what you're getting,
10 and it is not like prepping -- Commissioner Merrifield, I
11 think the analogy about prepping for the bar exam and
12 prepping for an OSRE exercise doesn't really hold, because I
13 mean you might fail the bar exam and have to take it over
14 again if you get the wrong advice, but presumably these are
15 experts in black hat exercises, in Green Beret tactics.
16 These are the guys who you wouldn't want to have
17 against you and you definitely want to have with you, and I
18 think the kind of review and expert advice they give on
19 correcting inadequacies is invaluable, and nothing should be
20 done to in any way diminish their role.
21 Again, if I could just ask Mr. Greenberg to deal
22 with the final point having to do with a situation where the
23 physical protection plan is just fine but the licensee
24 happens to fail to protect against a design basis threat,
25 how do you enforce that kind of a situation?
122
1 COMMISSIONER MERRIFIELD: Chairman, if I may,
2 before you do that, I just wanted to get a clarification.
3 In response to Commissioner McGaffigan's comments, you
4 mentioned something about soft targets, and I was wondering
5 if you could -- I missed that, if you could go over that
6 again.
7 MR. LEVENTHAL: Yes. It was one of the different
8 professional view papers. They apparently cited a FBI
9 briefing for security staff. I don't have that paper before
10 me, but it was the one that accompanied Captain Orrik's
11 paper back in August, I believe.
12 COMMISSIONER MERRIFIELD: You were quoting the
13 paper, then.
14 MR. LEVENTHAL: Yes. It was characterized in that
15 paper as a briefing in which the FBI said that there is no
16 such thing as au unlikely target and doing nothing that
17 might project the appearance of a hard target becoming a
18 softer target, because if a hard target becomes a softer
19 target, it is more vulnerable to attack and more likely to
20 be attacked.
21 COMMISSIONER MERRIFIELD: I have some other
22 comments, but I'll withhold those till the end.
23 MR. LEVENTHAL: Mr. Greenberg.
24 MR. GREENBERG: Thank you.
25 Madam Chairman and members of the Commission,
123
1 you've been very patient over a long morning.
2 COMMISSIONER MERRIFIELD: Well, this is important
3 stuff.
4 MR. GREENBERG: Contrary to what is usually
5 expected of lawyers, I'll try to be brief nonetheless.
6 CHAIRMAN JACKSON: That's all right. We've got
7 our own.
8 COMMISSIONER MERRIFIELD: And they put up with me,
9 too.
10 MR. GREENBERG: There was a certain amount of
11 discussion this morning about regulatory requirements and
12 enforceability, and I think it was made clear by the staff
13 presentation that, at least insofar as OSRE has been run in
14 the period from 1992 to 1998, the Commission did not
15 consider that a licensee which was otherwise in compliance
16 with 10 CFR 73.55(b) through (h) could be subject to an
17 enforcement action if it failed to demonstrate successfully
18 its capability to defend against the design basis threat.
19 The report of the ad hoc review panel at various points
20 refers to the fact that findings of security weaknesses are,
21 quote, beyond enforceable requirements.
22 As we read the rules, that kind of judgement is
23 not necessary. We believe that the regulations as they now
24 exist can properly be read as requiring licensees to be able
25 actually to defend against the design basis threat, and we
124
1 set out in our written statement the arguments in support of
2 that position, and I won't go over them in depth this
3 morning.
4 It does seem to me that the staff indicated that
5 it does not necessarily interpret the regulations
6 differently than we do insofar as the modified OSRE program
7 from 1999 to 2000 will be one in which the NRC may issue
8 enforceable orders to upgrade security and will not be
9 relying solely upon voluntary actions that might be taken by
10 the licensee in response to OSRE findings.
11 Even so, to the extent that there is any ambiguity
12 in the current regulations, we would favor removing that
13 ambiguity through rule-making to make it clear that
14 compliance, for example, with 73.55(b) through (h)
15 requirements is not a safe haven and that, in fact, the
16 licensee must be able to demonstrate an ability to meet the
17 design requirement to protect against the design basis
18 threat.
19 Mr. Leventhal mentioned in his prepared testimony
20 that the institute supports recommendation number one of the
21 SPA.
22 That recommendation, as stated this morning, would
23 be to modify the rules, quote, "to require licensees to
24 maintain the effectiveness of their contingency plans and to
25 upgrade their security plan commitments whenever these
125
1 exercises reveal weaknesses in their ability to protect
2 against the design basis threat."
3 We think that's a salutary change, we think it's
4 appropriate, and we think it's one that should be made by
5 the Commission when it considers these issues in the
6 upcoming rule-making.
7 Thank you.
8 CHAIRMAN JACKSON: Thank you.
9 Mr. Leventhal, any further comments?
10 MR. LEVENTHAL: That concludes my remarks, and
11 we'd both be happy to respond to any questions.
12 CHAIRMAN JACKSON: Okay.
13 Commissioner Dicus.
14 COMMISSIONER DICUS: I don't have any further
15 questions.
16 CHAIRMAN JACKSON: Commissioner Diaz.
17 COMMISSIONER DIAZ: No further questions.
18 CHAIRMAN JACKSON: Commissioner McGaffigan.
19 COMMISSIONER McGAFFIGAN: I think I had my
20 questions earlier.
21 CHAIRMAN JACKSON: Commissioner Merrifield.
22 COMMISSIONER MERRIFIELD: Yes, a couple of things
23 I would comment on.
24 Mr. Leventhal, you've got some relatively detailed
25 testimony here which I find quite interesting and
126
1 informative. It's not my point to make this, but it would
2 have been helpful for me to get this in advance so that I
3 could have had a chance to go through it and ask --
4 MR. LEVENTHAL: I apologize for that.
5 COMMISSIONER MERRIFIELD: -- some more detailed
6 and penetrating questions. It makes it very difficult for
7 me not to be able to prepare adequately given what I think
8 is probably some very good testimony.
9 Regarding your comment on my comment on bar review
10 exams, the point that I was simply trying to make with the
11 industry is -- you know, it may be very appropriate
12 activities that they were doing.
13 There is a lot of grumbling among some licensees
14 that these are in response to things that we're forcing on
15 them, and I just wanted them to be aware that it may be --
16 their consultants may be encouraging them to purchase things
17 that aren't necessary to meet our requirements.
18 Finally, there is a statement that you have in
19 your printed statement I do want to touch on. On the second
20 page, on the last full paragraph, you state, "Members of the
21 Commission who regard the industry's survival as a sacred
22 trust should ponder hard."
23 I'm speaking only for myself. When I swore in as
24 a Commissioner of the Nuclear Regulatory Commission, it was
25 in mind with keeping -- making sure that the health and
127
1 safety of the American people were protected.
2 It was not in my mind that I was swearing in to
3 protect the industry's survival as part of my sacred trust.
4 So, at least for my purposes, I will tell you that is not at
5 all my intention of being a U.S. NRC Commissioner.
6 COMMISSIONER McGAFFIGAN: I second that, and I'm
7 sure there will be a third, fourth, and fifth.
8 MR. LEVENTHAL: Let me say, as a drafter of the
9 Energy Reorganization Act, that was intended -- and I do
10 have this in my testimony elsewhere -- it was intended to
11 essentially fission the AEC into separate promotional and
12 regulatory agencies.
13 Members of the Commission could well be supportive
14 of the nuclear industry in the sense that the feeling is
15 that it's an important and vital industry and it represents
16 an important part of the infrastructure, as Captain Orrik
17 said before, but as an independent regulatory body, you do
18 have to make the tough judgements that sometimes the
19 industry must pay for things that it doesn't want to pay for
20 and that, while this particular industry has difficulties in
21 a more competitive marketplace today, in the context of
22 deregulation, as I indicated before, it is -- nuclear is
23 different, because if something goes wrong, the consequences
24 are grave, and again, Commissioner McGaffigan, not to in any
25 way contest your point that the chemical industry is
128
1 probably a softer target and the consequences could be
2 horrible -- I surely agree with that, but nuclear is
3 different in the sense that the consequences could be
4 long-lasting and result in a -- if not permanent, a
5 long-term evacuation and with very difficult cleanup, I'm
6 sure you're all aware of that, and therefore, that extra
7 measure of conservatism is essential, and I think where
8 there should be no compromise is that these plants are
9 protected against what the experts say is a credible
10 real-world threat, and at the end of my testimony, I
11 suggested that you do revisit the design basis threat to
12 look at whether it does reflect what the experts say is the
13 current threat out there.
14 I mean the design basis threat probably should be
15 revisited on a periodic basis, because the threat does
16 change, and unfortunately, the threat is getting worse and
17 worse.
18 So, I would hope the Commission would take that
19 recommendation seriously. We surely stand ready to interact
20 with you, and we do appreciate this opportunity to be heard,
21 and Commissioner Merrifield, if, after reading the
22 testimony, you want to discuss it further, I'd be happy to.
23 CHAIRMAN JACKSON: Well, I will make three
24 comments.
25 One, you know, I've said in testimony I think that
129
1 the nuclear power industry is an important part of our
2 energy mix, but I probably am the member of the Commission
3 that that nuclear industry likes the least, because you
4 know, I have been willing to make tough calls, etcetera,
5 etcetera.
6 Your comment about soft targets is something that,
7 you know, has played in the back of my mind, or perception
8 of it, and I think it's one that, in a threat environment,
9 one has to keep in mind.
10 And third, I have, in fact, been pushing the staff
11 on the interpretation we've made of 73.55(a) relative to
12 this focus on items (b) through (h) as opposed to the rest
13 of what's in that regulation, but sometimes clarification or
14 further hardening of the clarification is a useful exercise,
15 and I think that one shouldn't misunderstand the integrated
16 approach in terms of the ability to help one understand
17 where all of the vulnerabilities are, including things like
18 what happens if operators are incapacitated because of an
19 insider or blowing up the control room or whatever it is,
20 and that's why one has to do that kind of integrated
21 analysis.
22 But let me just close by thanking each of the
23 panelists today for sharing their insights and concerns
24 regarding the OSRE program and the NRC recommendations
25 overall for the program for safeguards performance
130
1 assessment.
2 As I stated at the outset of the meeting, I
3 believe that the additional scrutiny that we have been
4 giving this program will, in fact, result in a more
5 effective regulatory oversight, a program that is
6 defensible, is consistent, and coherent with clear
7 performance objectives and ultimately providing, you know, a
8 better regulatory approach to all of our stakeholders, and
9 the Commission is evaluating and will continue to evaluate
10 the NRC staff proposals.
11 We will weigh the thoughtful input we've received
12 today from all parties, and we will monitor and assess the
13 results of the program as it evolves.
14 I do not believe we're going to stop the modified
15 OSRE program but we're going to learn from it and try to
16 move along, and I thank all of you for your attention.
17 Unless my colleagues have any comments, we're
18 adjourned.
19 [Whereupon, at 1:02 p.m., the briefing was
20 concluded.]
21
22
23
24
25
