Security Rules Must Be More Stringent

By Scott Portzline


The good news is that Three Mile Island has improved its protection 

from commando assaults and truck bomb attacks. The bad news is that there 

still exist weaknesses. 


Last December the Nuclear Regulatory Commission 

(NRC) voted against TMI Alert’s petition for rulemaking which would 

require guards to be posted at plant entrances.  


The NRC has been reluctant to accept certain security recommendations 

from other federal agencies. For instance, the type of weapons and the

attributes of hypothetical attackers has been reduced from original plans

due to industry pressure. 


TMI Alert believes that until the NRC adopts a directive style of regulating security,

some deficiencies will go uncorrected. The current performance-based style gives

licensees too much wiggle room, whereby, on paper, security plans become overly

optimistic and allow certain scenarios to be brushed under the rug. The NRC has 

repeatedly stated that it does not want to be overly-prescriptive. 


The security upgrades at TMI close some of the gaps of which TMI Alert 

has been critical for years. We have lobbied for these changes despite the 

claims by the licensee that security was always at a very high level.  


  TMI Security Upgrades: 

  Guard towers 

  Additional rows of razor wire 

  Additional guards 

•  Better weapons 

•  More guard patrols 

•  Greater setback distances  


Remarkably, the NRC has admitted to aircraft vulnerabilities and has created a 

plan of action to mitigate damages. Included in the plan are:  

  shelter nearby for certain employees  

certain lights extinguished to prevent or reduce visual 


  maximized makeup water source inventories 

  isolation of appropriate plant areas and systems 

  ceasing of fuel-handling operations and equipment testing 

  starting of appropriate electrical generation equipment and 

  charging of fire-service piping headers.


Cyber security is the new frontier of security risks and represents a crucial 

need requiring immediate attention. Many nuclear plants have connected 

their plant networks to corporate networks making them vulnerable to cyber 

intrusions. An IBM security expert tested vulnerabilities at one plant and 

said, “It turned out to be one of the easiest penetration tests I'd ever done."  


The NRC has created a new “Computer Security Office.” But, the NRC 

ignored a suggested rule from TMI Alert which would require licensees to 

report any computer abnormalities within 30 minutes. This would help the 

industry halt any rapidly developing cyber attacks at multiple plants. 


TMI Alert has informed the NRC that it needs intervention from an outside 

agency to correct the perennial “sleeping guard problem.” Inattentive guards

have been an ongoing problem caused by excessive hours of labor, difficult working

conditions, and normal aspects of human behavior.  The NRC has been unable to 

correct the problem because it continues to handle it as a "training issue."