Key Issues
Nuclear Power Plant Security
<< Previous
NRC Sets Basis for Nuclear Plant Security
The NRC’s security regulations are designed to ensure the industry’s security force can protect against a range of threats, including cyberattacks. The presumed goal of such an attack would be the release of radioactive material from the plant.
The threat against which the industry must defend—known as the “design basis threat”—is characterized as a suicidal, well-trained paramilitary force, armed with automatic weapons and explosives and intent on forcing its way into a nuclear power plant to commit radiological sabotage. Such a force may have the assistance of an “insider,” who could pass along information and help the attackers.
The NRC’s “design basis threat” provides a foundation for developing defensive response strategies that cover a variety of situations. The NRC determines the design basis threat using technical studies and information received from intelligence experts and federal law enforcement agencies. It is reviewed by the agency once a year.
Since 2001, the NRC has twice raised the threat level against which nuclear plants must provide protection. In doing so, the NRC has assumed an increased number of possible attackers and weapons capabilities.
Congress also responded to public concern over nuclear plant security by including in the Energy Policy Act of 2005 several provisions that increase security requirements or capabilities. As part of the bill, the NRC was directed to officially increase the scope of the design basis threat. It also requires plants to fingerprint and conduct background checks of their employees.
The bill also allowed the NRC to authorize security officers to carry certain advanced weaponry. In addition, the bill increased federal penalties for sabotage and for bringing unauthorized weapons on to a nuclear power plant site.
Many industry security elements are considered “safeguards” information, which means they are controlled on a “need-to-know” basis. Clearly, plant protection capabilities and response strategy should be controlled and protected from public disclosure to avoid compromises that might benefit a potential adversary.
NRC Sets Basis for Nuclear Plant Security
The NRC’s security regulations are designed to ensure the industry’s security force can protect against a range of threats, including cyberattacks. The presumed goal of such an attack would be the release of radioactive material from the plant.
The threat against which the industry must defend—known as the “design basis threat”—is characterized as a suicidal, well-trained paramilitary force, armed with automatic weapons and explosives and intent on forcing its way into a nuclear power plant to commit radiological sabotage. Such a force may have the assistance of an “insider,” who could pass along information and help the attackers.
The NRC’s “design basis threat” provides a foundation for developing defensive response strategies that cover a variety of situations. The NRC determines the design basis threat using technical studies and information received from intelligence experts and federal law enforcement agencies. It is reviewed by the agency once a year.
Since 2001, the NRC has twice raised the threat level against which nuclear plants must provide protection. In doing so, the NRC has assumed an increased number of possible attackers and weapons capabilities.
Congress also responded to public concern over nuclear plant security by including in the Energy Policy Act of 2005 several provisions that increase security requirements or capabilities. As part of the bill, the NRC was directed to officially increase the scope of the design basis threat. It also requires plants to fingerprint and conduct background checks of their employees.
The bill also allowed the NRC to authorize security officers to carry certain advanced weaponry. In addition, the bill increased federal penalties for sabotage and for bringing unauthorized weapons on to a nuclear power plant site.
Many industry security elements are considered “safeguards” information, which means they are controlled on a “need-to-know” basis. Clearly, plant protection capabilities and response strategy should be controlled and protected from public disclosure to avoid compromises that might benefit a potential adversary.
