Mr. TURNER. Mr. Lochbaum. Mr. LOCHBAUM. Good afternoon. On behalf of the Union of Concerned Scientists, it is my pleasure to appear before this subcommittee. My name is David Lochbaum. I have been UCS's nuclear safety engineer for the past 6 years. UCS has worked on nuclear plant safety issues for nearly 30 years. Nuclear plant security has been one of my top three focus areas since 1999. Our attention was drawn to this topic after the NRC discontinued its security tests in July 1998. The security tests featured simulated attacks by mock intruders, sometime just a single person, against the facilities. The NRC began testing security in 1991. Approximately half of the tests conducted through July 1998 revealed serious problems. Public outcry forced the NRC to reinstate the testing later in 1998. From reinstatement through September 2001, when the NRC once again discontinued the tests, approximately half of the tests revealed serious problems. While identified and fixed security problems are better than unidentified and uncorrected problems, we would prefer a declining failure rate, indicating that the nuclear industry was taking security seriously and not waiting for the NRC to point out its shortfalls. On September 10, 2001, the NRC planned to test security at 14 nuclear plants in the upcoming year. All tests were canceled after September 11. The NRC is just now reinstating a modified testing program at four plant sites. Since September 11, the NRC has issued a series of orders requiring security upgrades. For example, access control requirements have been tightened. The NRC now wants to background checks to be completed before workers roam freely inside nuclear power plants. That didn't use to be the case. The NRC plans two other orders. One proposed order covers security guard working hours. Nuclear plant owners responded to the security orders differently. Some orders-some owners hired more guards. Others owners added few guards and just worked their existing guards longer hours. The Project on Government Oversight reported last September that some security guards are routinely working six 12-hour shifts in a row. When the NRC sampled security guard working hours last fall after that report, they found guards at seven plants working excessive hours. The proposed order will protect against human performance problems caused by fatigue by limiting the number of working hours. The NRC's other proposed order deals with training standards for security personnel. The proposed order will reportedly require security guards to demonstrate proficiency with their weapons more frequently and under more realistic conditions. These orders are essentially links in the security chain. Some orders strengthened existing links. Others added links to the chain. But any chain is only as strong as its weakest link. The testing program remains the best measure of that weakest link. The test looked for weak links and challenged them. The only thing worse than finding a weak link is not finding it. NRC-administered security tests, conducted at least once every 3 years, provide Americans with their greatest protection against nuclear plant terrorism. Until all nuclear plants have been tested, no one can claim that the terrorism threat is being adequately managed. Until then, we merely have good intentions. The NRC not only stopped security testing after September 11, it also stopped meeting with public stakeholders on security matters. UCS and other public stakeholders fully accept that September 11 forced rethinking of the information that can be openly discussed. But as today's hearing clearly demonstrates, there can be responsible public discussions of nuclear plant security issues. The NRC refuses to accept this reality. UCS has proposed a series of ways for the NRC to reengage with public stakeholders in the post-September 11 world. The NRC's repeated refusals to interface with UCS and other public stakeholders is particularly troubling because the NRC does interface with other public stakeholders like the American Nuclear Society. It is abundantly clear that the NRC is hiding behind lame excuses only to avoid meeting with public stakeholders who might express criticisms, like our group. This is unfair and unacceptable. UCS would greatly appreciate it if this subcommittee would encourage, induce or otherwise force the NRC to reengage public stakeholders on security matters. The NRC's dismissal of contentions about security or about terrorism and sabotage from its licensing proceedings is based in part on its promises to upgrade security. The net effect of the agency's actions are to exclude the public from intervening on security issues in specific licensing cases and also to exclude the public from participating in generic safety discussions. As a minimum, the NRC must listen to security concerns from all interested public stakeholders so that the agency has the benefit of broad perspectives while they are making policy decisions. On behalf of UCS, I wish to thank the subcommittee for conducting this hearing on nuclear plant security and for considering our views on the matter. Thank you. Mr. TURNER. Thank you. [The prepared statement of Mr. Lochbaum follows:] Union of Concerned Scientists Citizens and Scientists for Environmental Solutions Testimony before the Subcommittee on National Security, On behalf of the Union of Concerned Scientists (UCS), it is my pleasure to appear before this Subcommittee. At this time, no one can say with any certainty that nuclear plant security is adequate, or inadequate, for the simple reason that the Nuclear Regulatory Commission (NRC) stopped testing security after 09/11. In the decade prior to 09/11, nearly half of the NRC's security tests revealed serious problems. Although the NRC has issued several orders intended to upgrade security, the efficacy of these measures is unknown until they are tested. The NRC must test security at all US nuclear plants as expeditiously as possible. We also believe it is important for the agency to re-admit public stakeholders into nuclear plant security policy discussions. The NRC claims that acts of terrorism and sabotage are so speculative that the issue can be excluded from licensing considerations for spent fuel storage expansion and construction of new nuclear facilities. At the same time, the NRC claims that acts of terrorism and sabotage are so real that they must exclude the public from security policy discussions. As a minimum, the NRC must receive input from public stakeholders on security policy issues. My name is David Lochbaum. After obtaining a degree in nuclear engineering from The University of Tennessee in 1979, I spent more than 17 years in the commercial nuclear power industry, most of that time at operating nuclear power plants in Georgia, Alabama, Mississippi, Kansas, New Jersey, Pennsylvania, Ohio, and Connecticut. I have been the nuclear safety engineer for UCS since October 1996. UCS, established in 1969 as a non-profit, public interest group, seeks to ensure that people have clean air, energy and transportation, as well as food that are produced in a safe and sustainable manner. UCS has worked on nuclear power plant safety issues for nearly 30 years. Nuclear plant security has been one of our top three nuclear safety topics since 1999. Our attention was first drawn to this topic after the NRC summarily discontinued its force-on-force security tests in July 1998. The tests had been conducted under the NRC's Operational Safeguards Readiness Evaluation (OSRE) program. Each OSRE featured simulated attacks by small groups of mock intruders, sometimes as small as a single person. These simulated attacks determined whether all the elements of the security program (i.e., intrusion detection devices, locked doors, armed responders, etc.) fit together as intended or if seams existed that bad guys might try to exploit. The NRC started checking security with OSRE tests in 1991. Due to resource limitations, the NRC conducted OSREs at each plant about once every eight (8) years. Approximately half of the tests conducted from between 1991 and July 1998 revealed serious security problems. Public outcry forced the NRC to reinstate the OSRE program later in 1998. From late 1998 through September 2001 when NRC once again discontinued the OSRES, approximately half of the tests revealed serious security problems. While identified and fixed security problems are better than unidentified and uncorrected security problems, the best trend would be a declining failure rate indicating that the nuclear industry was taking security seriously and not waiting for NRC to point out its shortfalls. March 10, 2003 On September 10, 2001, the NRC had plans for force-on-force security tests at fourteen (14) nuclear power plants in the upcoming year. All tests were cancelled following the tragic events of 09/11. The NRC conducted no force-on-force tests during 2002. The NRC is just now reinstating a modified OSRE program at four plant sites. The NRC indicated it might test each plant site about once every three years when the OSRE program is fully resumed. Since 09/11, the NRC issued a series of orders to nuclear plant owners requiring them to upgrade security measures. For example, access control requirements have been tightened. Prior to 09/11, newly hired workers had free and unfettered access to vital areas within nuclear power plants for up to six months while FBI background checks were performed. Sometimes the background checks came back with negative information that required revocation of the individuals' unrestricted access. For some temporary workers hired for refueling outages, the negative reports came back after the workers finished their jobs and moved on to the next assignments. The NRC now requires background checks to be completed before workers, permanent or temporary, roam freely inside a nuclear plant. This is clearly an improvement in security since 09/11. The NRC plans to issue at least two more orders. One proposed order deals with working hour limits for security force personnel. Nuclear plant owners responded to the security orders differently. Many owners hired more security personnel. Some owners added few additional personnel and instead worked their existing staff longer hours. The Project on Government Oversight (POGO) reported last September' that security guards at some nuclear plants were routinely working six 12-hour shifts in a row. When the NRC sampled security force working hours in fall 2002, they found seven (7) sites with excessive working hours by security force personnel. A security guard contacted UCS after he was fired for refusing to work a sixth 12-hour shift because he reported feeling fatigued to the point of exhaustion. The NRC recently admitted this report was not an isolated case. The proposed order intends to protect against human performance problems caused by fatigue by limiting the number of working hours. The proposed order also intends to protect security force personnel from retaliation when they self-declare being unfit for duty due to fatigue. The other order being considered by the NRC deals with training standards for security force personnel. POGO reported last fall that security guards at several nuclear plants trained with their weapons once a year and then only using stationary targets. The guards expressed concern about their proficiency, particularly if confronted with the very real likelihood of having to hit a moving target under stressful conditions. The proposed order will reportedly require security guards to demonstrate proficiency with their weapons more frequently and under more realistic conditions. The orders are links in the security chain. Some orders were intended to strengthen existing links. Others added links to the chain. But any chain is only as strong as its weakest link. The force-on-force tests conducted under the OSRE program remain the best measure for that weakest link. The tests specifically look for weak links and challenge them. The only thing worse than finding a weak link is not finding it. NRC-administered force-on-force' tests conducted at least once every three years' provide Americans with their greatest protection against terrorism involving nuclear power plants. Until all nuclear plants have been tested under the revised OSRE program, no one can credibly claim that the terrorist threat is being adequately managed. Until then, we have merely good intentions. * Project on Government Oversight, “Nuclear Power Plant Security: Voices from Inside the Fences." Washington, DC, September 2002. (Available online at www.pogo.org). 2 Our recommended frequency is based on two factors: (1) the NRC has indicated in the past that it could support this frequency and (2) the rest of the NRC's reactor oversight process is based on a three-year inspection period. March 10, 2003 The tangible value of force-on-force tests is the demonstration that the weakest links in the security chain are strong enough or the identification of sub-par links so they can be fixed. The intangible value of the tests is the greater, and proper, emphasis placed on security. Many of the problems documented in the POGO report stem from security being undervalued by some plant owners. Successful performance in the force-on-force tests will force recalcitrant plant owners to remedy the pay and benefits inequities POGO reported. The NRC is issuing orders on working hour limits and training standards nearly 18 months after 09/11 due in large part to the agency's unwillingness to listen to input from public stakeholders on security policy matters. POGO's report in September 2002 and the media attention it garnered made the NRC aware of these security problems. The NRC would have known about these, and other, security problems sooner had it simply allowed input from public stakeholders. We have persistently attempted in good faith to interface with the NRC on this very important policy issue since 09/11, but have been "locked out" time and again. We recognize that the events of 09/11 forced a reconsideration of information that can be openly discussed. The record shows we supported the NRC's reconsideration from the beginning. For example, an NRC security manager left me a voice-mail message on the evening of Friday, September 28, 2001. He reported that a document provided to me by a member of his staff during a public meeting on September 5, 2001, was now considered sensitive material. He asked that it be returned. When I received his message on Monday morning, I promptly complied with his request without question. But we did not rest with merely returning a single document. Realizing that our files contained literally thousands of documents obtained legally from the NRC prior to 09/11 and that some of these documents might be reclassified, we asked the NRC to let us know when they deemed certain documents or classes of documents to be no longer publicly available.* We wanted to make sure that we were not disseminating "old" documents and information extracted from "old" documents that the NRC no longer wanted in the public arena. But the NRC elected not to provide us that guidance.' In fact, our concern about excessive public availability of some plant security information pre-dated 09/11. In May 2001, I found details about security upgrades at the Waterford nuclear plant in Louisiana on ADAMS, the NRC's online electronic library. The information provided details on the nature and location of upgrades to physical barriers (including pictures and specifications) and security guard response locations (including plant lay-out drawings showing guard initial and final positions). I immediately contacted the NRC to question the public availability of this information. Their Region IV office, responsible for the Waterford plant, looked into the matter and decided the information was suitable for public consumption. I disagreed and appealed their decision to NRC headquarters. Upon reconsideration, the NRC agreed with me and removed this security information from the public arena. Recognizing that the NRC needed time to redraw the line between that information which could be openly discussed and that information which needed to be withheld but having security concerns that we felt the agency needed to understand as they made policy decisions, UCS and the Nuclear Control 3 Letter dated October 1, 2001, from David A. Lochbaum, Nuclear Safety Engineer, Union of Concerned Scientists, to Glenn M. Tracy, Chief – Operator Licensing, Human Performance and Plant Support Branch, Nuclear Regulatory Commission, "Return of Requested Information.” Provided as Attachment 1 to this statement. * Letter dated October 11, 2001, from David Lochbaum, Nuclear Safety Engineer, Union of Concerned Scientists, to David B. Matthews, Nuclear Regulatory Commission, “UCS Policy on Information Formerly Available from the Nuclear Regulatory Commission." Provided as Attachment 2 to this statement. S Letter dated November 1, 2001, from Patricia G. Norry, Deputy Executive Director for Management Services, Nuclear Regulatory Commission, to David Lochbaum, Nuclear Safety Engineer, Union of Concerned Scientists. |