<DOC> [108th Congress House Hearings] [From the U.S. Government Printing Office via GPO Access] [DOCID: f:98358.wais] HOMELAND SECURITY: MONITORING NUCLEAR POWER PLANT SECURITY ======================================================================= HEARING before the SUBCOMMITTEE ON NATIONAL SECURITY, EMERGING THREATS AND INTERNATIONAL RELATIONS of the COMMITTEE ON GOVERNMENT REFORM HOUSE OF REPRESENTATIVES ONE HUNDRED EIGHTH CONGRESS SECOND SESSION __________ SEPTEMBER 14, 2004 __________ Serial No. 108-265 __________ Printed for the use of the Committee on Government Reform Available via the World Wide Web: http://www.gpo.gov/congress/house http://www.house.gov/reform ______ U.S. GOVERNMENT PRINTING OFFICE 98-358 WASHINGTON : 2005 _____________________________________________________________________________ For Sale by the Superintendent of Documents, U.S. Government Printing Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; (202) 512ÿ091800 Fax: (202) 512ÿ092250 Mail: Stop SSOP, Washington, DC 20402ÿ090001 COMMITTEE ON GOVERNMENT REFORM TOM DAVIS, Virginia, Chairman DAN BURTON, Indiana HENRY A. WAXMAN, California CHRISTOPHER SHAYS, Connecticut TOM LANTOS, California ILEANA ROS-LEHTINEN, Florida MAJOR R. OWENS, New York JOHN M. McHUGH, New York EDOLPHUS TOWNS, New York JOHN L. MICA, Florida PAUL E. KANJORSKI, Pennsylvania MARK E. SOUDER, Indiana CAROLYN B. MALONEY, New York STEVEN C. LaTOURETTE, Ohio ELIJAH E. CUMMINGS, Maryland DOUG OSE, California DENNIS J. KUCINICH, Ohio RON LEWIS, Kentucky DANNY K. DAVIS, Illinois TODD RUSSELL PLATTS, Pennsylvania JOHN F. TIERNEY, Massachusetts CHRIS CANNON, Utah WM. LACY CLAY, Missouri ADAM H. PUTNAM, Florida DIANE E. WATSON, California EDWARD L. SCHROCK, Virginia STEPHEN F. LYNCH, Massachusetts JOHN J. DUNCAN, Jr., Tennessee CHRIS VAN HOLLEN, Maryland NATHAN DEAL, Georgia LINDA T. SANCHEZ, California CANDICE S. MILLER, Michigan C.A. ``DUTCH'' RUPPERSBERGER, TIM MURPHY, Pennsylvania Maryland MICHAEL R. TURNER, Ohio ELEANOR HOLMES NORTON, District of JOHN R. CARTER, Texas Columbia MARSHA BLACKBURN, Tennessee JIM COOPER, Tennessee PATRICK J. TIBERI, Ohio BETTY McCOLLUM, Minnesota KATHERINE HARRIS, Florida ------ ------ ------ BERNARD SANDERS, Vermont (Independent) Melissa Wojciak, Staff Director David Marin, Deputy Staff Director/Communications Director Rob Borden, Parliamentarian Teresa Austin, Chief Clerk Phil Barnett, Minority Chief of Staff/Chief Counsel Subcommittee on National Security, Emerging Threats and International Relations CHRISTOPHER SHAYS, Connecticut, Chairman MICHAEL R. TURNER, Ohio DAN BURTON, Indiana DENNIS J. KUCINICH, Ohio STEVEN C. LaTOURETTE, Ohio TOM LANTOS, California RON LEWIS, Kentucky BERNARD SANDERS, Vermont TODD RUSSELL PLATTS, Pennsylvania STEPHEN F. LYNCH, Massachusetts ADAM H. PUTNAM, Florida CAROLYN B. MALONEY, New York EDWARD L. SCHROCK, Virginia LINDA T. SANCHEZ, California JOHN J. DUNCAN, Jr., Tennessee C.A. ``DUTCH'' RUPPERSBERGER, TIM MURPHY, Pennsylvania Maryland KATHERINE HARRIS, Florida JOHN F. TIERNEY, Massachusetts DIANE E. WATSON, California Ex Officio TOM DAVIS, Virginia HENRY A. WAXMAN, California Lawrence J. Halloran, Staff Director and Counsel J. Vincent Chase, Chief Investigator Robert A. Briggs, Clerk Andrew Su, Minority Professional Staff Member C O N T E N T S ---------- Page Hearing held on September 14, 2004............................... 1 Statement of: Matthiessen, Alex, Director, Hudson Riverkeeper, Garrison, NY; David Lochbaum, Union of Concerned Scientists, Washington, DC; and Marvin Fertel, vice president and chief nuclear officer, Nuclear Energy Institute, Washington, DC.. 115 Reyes, Luis, Executive Director of Operations, Nuclear Regulatory Commission, accompanied by Roy P. Zimmerman, Director, Office of Nuclear Security and Incidence Response, Nuclear Regulatory Commission.................... 32 Wells, Jim, Director, Natural Resources and Environment, Government Accountability Office, accompanied by Raymond H. Smith, Jr. Assistant Director; and Kenneth E. Lightner, Jr., Senior Analyst........................................ 73 Letters, statements, etc., submitted for the record by: Fertel, Marvin, vice president and chief nuclear officer, Nuclear Energy Institute, Washington, DC, prepared statement of............................................... 149 Kucinich, Hon. Dennis J., a Representative in Congress from the State of Ohio: Letter dated August 18, 2004............................. 30 Letter dated August 19, 2004............................. 22 Prepared statement of.................................... 4 Lochbaum, David, Union of Concerned Scientists, Washington, DC, prepared statement of.................................. 141 Maloney, Hon. Carolyn B., a Representative in Congress from the State of New York, prepared statement of............... 13 Matthiessen, Alex, Director, Hudson Riverkeeper, Garrison, NY, prepared statement of.................................. 119 Reyes, Luis, Executive Director of Operations, Nuclear Regulatory Commission, prepared statement of............... 35 Shays, Hon. Christopher, a Representative in Congress from the State of Connecticut, prepared statement of............ 19 Wells, Jim, Director, Natural Resources and Environment, Government Accountability Office, prepared statement of.... 77 Zimmerman, Roy P., Director, Office of Nuclear Security and Incidence Response, Nuclear Regulatory Commission: Information concerning force-on-force exercises.......... 110 Information concerning licensee employees................ 108 HOMELAND SECURITY: MONITORING NUCLEAR POWER PLANT SECURITY ---------- TUESDAY, SEPTEMBER 14, 2004 House of Representatives, Subcommittee on National Security, Emerging Threats and International Relations, Committee on Government Reform, Washington, DC. The subcommittee met, pursuant to notice, at 10:05 a.m., in room 2247, Rayburn House Office Building, Hon. Christopher Shays (chairman of the subcommittee) presiding. Present: Representatives Shays, Platts, Duncan, Kucinich, Sanders, Maloney, Ruppersberger, Tierney, and Watson. Staff present: Lawrence Halloran, staff director and counsel; J. Vincent Chase, chief investigator; Robert A. Briggs, clerk; Andrew Su, minority professional staff member; and Jean Gosa, minority assistant clerk. Mr. Shays. A quorum being present, the Subcommittee on National Security, Emerging Threats and International Relations entitled Homeland Security: Monitoring Nuclear Power Plant Security is called to order. I have a statement. I am going to catch my breath, and I am going to ask the ranking member to start, and then I will make my opening statement. Mr. Kucinich. I want to thank the chairman, as always, for his diligence in matters of security in calling these hearings and indicate my appreciation for the attention that you pay to these matters. Good morning to the Chair and members of the subcommittee and to our witnesses here today. I welcome this opportunity to discuss nuclear security in open session. As both Congress and the public have been stymied for far too long and getting truthful answers to many questions we have about nuclear safety and security. Three years ago, two incidents shook the faith of the American people in our security. The first, of course, was the tragic attack on our country by terrorists on September 11. The other less-known incident was the hidden problem going on at the Davis-Besse nuclear reactor in Ohio. These are the facts. In February 2001 the Nuclear Regulatory Commission began investigating an aging mechanism that often caused cracking in reactors. As a result of these findings in late 2001, the NRC determined that the Davis-Besse plant was at risk and should shut down by December 31, 2001. FirstEnergy, the plant owner, resisted the order, claiming it should stay open without incident until March 2002. FirstEnergy argued that a shutdown would cause an unnecessary financial burden. Rather than following its own safety procedures and shutting down Davis-Besse, the NRC relented and allowed the plant to operate until February 2002. After the Davis-Besse plant had been shut down, workers repairing one of five cracked control rod nozzles discovered extensive damage to the reactor vessel head. The workers found a large corroded hole the size of a football in the reactor vessel head next to one of the nozzles. The GAO concluded in a scathing report on May 2004 that the risk estimate used by the NRC to decide whether the plant needed to be shut down was flawed. The NRC severely underestimated the risk Davis-Besse posed, even exceeding risk levels generally considered acceptable by the Agency. The GAO report shows that the NRC was ill-equipped, ill-informed, and far too slow to react. The NRC's reaction to Davis-Besse was inadequate, irresponsible and left the public at great risk. The NRC later reported that the plant might have been as close as 60 days to bursting its rust, damaged lid. Fortunately, the health of tens of thousands of Ohio residents was not harmed, but this was a disaster waiting to happen. Let's talk about security. So, Mr. Chairman, it's very difficult for me to sit here today and to listen without objectivity as the NRC and the nuclear industry lobbyists tell us how much has been spent, how much security has improved in the last 3 years. The facts and independent experts tell us differently. For example, we know that one security firm, Wackenhut, provides nearly half of the guard forces at our Nation's nuclear sites. Yet, as was documented by the Department of Energy's Inspector General, the report in January of this year questions surround Wackenhut's competency and objectivity to fulfill this crucial mission. The DOE Inspector General found that in simulation attack drills, Wackenhut attackers told the Wackenhut guard defenders the buildings that were being attacked, the targets at those buildings and whether a diversionary tactic would be used. The IG also noted an industry-funded study found that as many as 50 percent of the guard forces in a New York plant did not meet physical fitness requirements, guards reported for duty drunk, worked 70 to 80 hours per week and were allowed to repeat weapons qualifying tests until they passed them. In spite of this poor record, and obvious conflict of interest, the commercial industry still decided to hire Wackenhut to provide the attack teams in force-on-force drills at NRC commercial sites. This could be called a case of the fox guarding the hen house and anyone with a shred of common sense--it's a poor decision. It undermined public trust and raises serious questions on who is making the decisions at the NRC. Understandably, the NRC has decided that the less it says the better. It has polled public security information from its Web site. It has restricted public access by public interest groups to information by requiring none disclosure forms or thorough reclassification, even if the information was previously unclassified. Mr. Chairman, I would like to submit two documents for the record. The first is a letter from Public Citizen to the NRC dated August 19th; and the second is a Freedom of Information Act request submitted by a coalition of public interest groups dated August 18th. Both documents question the rational behind the NRC's announcement in August 2004 that ``certain security information formally included in the reactor oversight process will no longer be publicly available and will no longer be updated in the NRC's Web site.'' The same information, including performance indicators and physical inspection information, was available on the NRC Web site after September 11. It was temporarily pulled from the Web site for review and returned to it after it was deemed to have no value to potential terrorists. What has changed to make this information unacceptable for public review? Since the NRC won't hold public hearings, it's up to this subcommittee to find out. Mr. Chairman, we all know that these nuclear plants are decades old and they are decaying. Yet despite the billions of dollars spent to upgrade security at these nuclear plants, the NRC clearly has a long ways to go before it can restore public trust in its position. I have to wonder if an incident such as if this happened at Davis-Besse in Ohio happened today, whether the NRC would tell us about it. The NRC should work to allay public fears about public safety not to foster them. I really look forward to hearing your testimony. Thank you. [The prepared statement of Hon. Dennis J. Kucinich follows:] [GRAPHIC] [TIFF OMITTED] T8358.001 [GRAPHIC] [TIFF OMITTED] T8358.002 [GRAPHIC] [TIFF OMITTED] T8358.003 [GRAPHIC] [TIFF OMITTED] T8358.004 [GRAPHIC] [TIFF OMITTED] T8358.005 [GRAPHIC] [TIFF OMITTED] T8358.006 Mr. Shays. Thank you, gentlemen. At this time the Chair would recognize Mr. Turner. Mr. Turner. Thank you, Mr. Chairman. Mr. Chairman, I want to thank you for your leadership in reviewing the issues of our terrorist attack preparedness, both at our nuclear weapons facilities and our power plants; in your efforts in reviewing our terrorist attack preparedness both of in our nuclear weapons facilities and our power plants; and your efforts in reviewing terrorist attack preparedness of making America's families safer. The security of nuclear facilities--both weapons facilities and power plants, is an issue this committee has examined through several hearings. In dealing with the security of nuclear weapons facilities, the subcommittee has learned that DOE needs to update its designed basis threat to meet the current security situation, including upgrading equipment, training and its security force. Our nuclear power plants, though they don't contain weapons, are just as important to protect. They are designed and built to withstand many natural disasters. But we must make sure as a Nation that we do all we can to protect these energy sources from foreseeable attack. In earlier hearings, we found that DOE has not developed as strong a relationship with DOD in regard to the sharing of resources and information. I look forward from hearing from our witnesses today concerning issues of coordinations of their efforts with DOD and other Federal agencies, and whether they are taking all available steps and precautions to ensure that the proper equipment is available to secure these nuclear power plants. Thank you, Mr. Chairman. Mr. Shays. I thank the gentleman. The Chair would recognize Carolyn Maloney. Mrs. Maloney. Thank you. Well, first of all, Chairman Shays, I want like to thank you for your consistent oversight on terrorism and ways to make our country safer. I think you have really done an outstanding job. I thank you on behalf of my constituents. I would like to welcome all of our witnesses, particularly Mr. Alex Matthiessen, director of the Hudson Riverkeeper from the State of New York. The purpose of this hearing is to discuss how adequate are the security measures recommended by the Nuclear Regulatory Commission to protect power plants from terrorist attacks. We know that since September 11, there have been some positive steps, but 3 years later, many still have serious and well- founded concerns about the safety of our nuclear power plants. Required preparations for attacks are specified in the classified design basis threat, the DBT. And a new DBT for nuclear plants is set to be implemented by the end of next month by updating requirements are welcomed. There are several concerns about the thoroughness and implementation of the DBT. One of the greatest concerns is that these new security requirements do not include an analysis on the impact of an attack similar to the one on the World Trade Center. The NRC has announced that this review is underway, but no analysis has been completed. This is 3 years later, and I want to know why. I absolutely do not understand why it has not been done when we know that after the September 11 attacks and after the 9/11 Commission reported, that on the list of initial targets proposed by al Qaeda leaders, included planes attacking and flying into nuclear power plants. Khalid Shaikh Mohammed recommended that, and that's spelled out in the 9/11 Commission report. I would like to hear from our witnesses on the status this analysis. It's a very serious threat to our country. Not only does this plan not include the threat of an aviation attack. The GAO found that it will take several more years before the NRC will have assurances that the plants are protected against the terrorist threats--included in the new DBT--and they will not have detailed knowledge about security at individual facilities to insure that these plants provide the protections included in the DBT. My understanding, based on the submitted testimony of the GAO, that this is caused because the NRC's review of the new security plans has been rushed largely superficial and because the NRC reviewers are not visiting the plants to obtain details about the plants and view how they work with the plants facilities. Additionally, I am told it will take up to 3 years for the NRC to test implementation of all the new plans through the force-on-force exercises. And I would like to hear more from the witnesses on these shortcomings. Regarding the force-on-force exercises, I am interested to hear from the NRC and the Nuclear Energy Institute on the implementation of these exercises. Earlier this year NEI chose Wackenhut security to provide the attack teams in the force-on-force drills at NRC commercial sites. And we just heard from Mr. Kucinich, an outline of many of the problems there. They did provide security at Indian Point No. 2 nuclear power plant, which is less than 35 miles from the district that I represent. The utility Interenergy, that had recently acquired the plant, hired a consultant to conduct a probe of security at the facility and found Wackenhut lacking dramatically. I have a list of problems they had. Only 19 percent of the security officers stated that they could adequately defend the plant. And I would like to place all of them in the record. But they have not improved from there, and Interenergy subsequently terminated Wackenhut's contract as a result of their findings. I would like to put the findings in the record to save time---- Additionally, Wackenhut provides security for close to half of all of the nuclear power plants now. And by allowing them to provide the attack teams on a company with a troubling record will be basically having Wackenhut police themselves--and I refer again to the testimony of Mr. Kucinich--where they were telling them where they were going to attack and etc. So I think that this is worse than the so-called fox guarding the hen house that Mr. Kucinich referenced. It is not an apparent conflict of interest, but a blatant conflict of interest. And they definitely should not be the ones doing the attack. Finally, the testimony submitted by GAO states, and it was very, very troubling, ``the NRC does not plan to make improvement to their inspection program that GAO previously recommended and still believes is absolutely necessary. So first of all, I want to know why they are not going to make the improvements that GAO recommended. For example, NRC is not following up to verify that all violations of security requirements are corrected.'' And I would like an explanation from the NRC on this important question, and why they do not plan to follow some of the recommendations that the GAO believes is so necessary. So I thank the chairman for this oversight hearing. It's important and I yield back the balance of my time. [The prepared statement of Hon. Carolyn B. Maloney follows:] [GRAPHIC] [TIFF OMITTED] T8358.007 [GRAPHIC] [TIFF OMITTED] T8358.008 Mr. Shays. I thank the gentlelady. At this time the Chair would recognize John Duncan from Tennessee. Mr. Duncan. Thank you, Mr. Chairman. I remember a few days after the original and horrible events of September 11, I was eating dinner and meeting with several Members of the House. And Congressman Callahan, who at that point was a senior member of the Appropriations Committee, estimated that we would spend--he said over $1\1/2\ trillion over the next 5 years on security measures. I thought then that his estimate was extremely high. No one challenged him on it. But I know that just a couple of months ago, Federal Express--just one company--said they spent an extra $200 million on security that they wouldn't have spent. After the last hearing on this subject, I sent letters to five Department of Energy laboratories and BWXTY 12 just to ask them how much their security measures had increased. I got back these responses. And a 40 percent increase in security spending on Oak Ridge National Laboratory, a 51 percent increase at the Savannah River National Laboratory, 50 percent increases at Argon and a separate 50 percent increase at BWXTY-12. In addition, we checked with the Tennessee Valley Authority, and their security spending has gone up by 60 percent since September 11, and that doesn't count $30 million extra that they spent after some Nuclear Regulatory Commission ordered some special measures after April 2003. Security is very, very important, and I don't know if Congressman Callahan was way off on his $1\1/2\ trillion, but there are always companies, there are all kinds of security companies now that have gotten into this market and are doing everything they can to sensationalize and scandalize these matters and exaggerate the problem so that they can make more money. And I am not saying not do anything with regard to security. But if you stop to think about it, if we do--if Congressman Callahan was anywhere close to being right--that's $1 trillion or $1\1/2\ trillion that we are not spending on schools, medical research, highways to cut down on the deaths on our Nation's highways, or many, many other good things, whether you might like libraries, national parks or whatever. And I think back to former Governor Gilmore of Virginia, who was the chairman of the Commission on Terrorism that the President appointed. After his Commission studied the issue of terrorism, he sent this in a cover letter with their reporting, and Governor Gilmore said there will never be 100 percent guarantee of security for our people, the economy and our society. We must resist the urge to seek total security. It is not achievable and drains our attention from those things that can be accomplished. I just think that we have to make sure that we take serious steps about security, but we also have to make sure that we don't give terrorists undeserved victories by going totally ridiculously overboard on this and that we don't do it simply because there's some companies out here that want to make some more money. So, with that, I think it's good to keep holding these hearings to make sure that we do have a reasonable and rational response to some of these problems. Thank you, Mr. Chairman. Mr. Shays. I thank the gentleman. At this time the Chair would recognize Mr. Ruppersberger from Maryland. Mr. Ruppersberger. First, Chairman Shays, I agree with Mrs. Maloney that you have done an excellent job as leader this committee and brings a lot of problems as it relates to national security to the attention of this committee. I just hope that as a body of Congress we can hope implement some of the issues that we have learned in these hearings. The issue of security with respect to nuclear plants, we know that it's very, very important. Our intelligence shows that al Qaeda clearly has made our nuclear plants a target and that was also confirmed in the 9/11 Commission. Now, one of my areas of concern is, first, the issue of privatization and how we manage privatization. I don't have an issue with privatization. It works sometimes. Other times, it is not necessary when we deal with government. If you are going to privatize, whether it's Wackenhut's name has been mentioned today or anyone else. If we are going to pay to have someone other than government deal with the issue, we want efficiency and we want accountability. It seems to me that part of the NRC's responsibility is to hold all privatization, such as Wackenhut, accountable for performance. You read in here that people are coming to work intoxicated or they are not prepared or they don't have the physical standards, that concerns me. That's our fault too as the government or NRC because we have not held them liable. Now, one of my concerns is the issue of consistency in national policies and the regulation of nuclear power plants. This seems to be some conflict between the NRC regulatory abilities versus the privatized operations of the nuclear and commercial entities themselves. The security standards have already been changed, for example. We have a new design-based threat. DBT formula, which should be a good thing. The required force-on-force exercises have been increased to once every 3 years instead of every 8 years. That's a good thing. The NRC has also issued more orders regarding augmenting barricades, security forces, patrols and restrict plant access. The Nuclear Energy Institute has claimed an increase of $16 million per site toward security. Despite these changes, however, the reality of lapses in the security provided by and controlled through private industry remains. And I believe it will take real partnerships to resolve many of the critical changes we face in protecting nuclear sites. We must work toward resolving this situation without putting undue cost pressure upon the industry itself. I believe we as the government need to do better and working with the nuclear industry regarding threats and intelligence information. We need a true working partnership that provides a more thorough examination of how information is classified by NRC. We must not compromise secure security for public disclosure, but there must remain a balance for the industry to help keep industries secure these nuclear sites. Thank you. Mr. Shays. I thank the gentleman. At this time, Ambassador Watson, you have the floor. Ms. Watson. I just want to emphasize our role, Mr. Chairman, as the overseers, and I think that oversight has been lagging in the last session. I thank you for bringing to our attention this subject matter, but we are failing in our responsibility if we don't call in our witnesses, raise the right questions, and be sure they are performing in a responsible way. So thank you so very much. I think that our national security depends on the protection of our nuclear power plants, and what I have heard thus far in other hearings, tells us we have a lot to be worried about. So I hope that we will get new information in this hearing that will be helpful. Thank you, Mr. Chairman. Mr. Shays. I thank the gentlelady and appreciate her comments as well as all of the other Members. I would like to put my statement on the record as well and say that 3 years ago, the vulnerability of high-value structures to low-tech attack was seared in our national memory. Images of the collapsing Twin Towers and a smoldering hole in the Pentagon forced an assessment of safeguards and vulnerabilities at other critical facilities, including nuclear power plants. That assessment prompted some immediate steps by the Nuclear Regulatory Commission, the NRC, to strengthen security at the Nation's 65 reactor sites. Last year, we heard testimony from the NRC, the Government Accountability Office, GAO and others describing post-September 11 efforts to update security policies and practices to meet a dynamic new threat environment. But much of that testimony raised as many questions as were answered about the rigor of the NRC regulatory process, the realism of emergency response planning, the willingness of reactor operators to meet new security mandates and the pace of needed change. So we asked the GAO to monitor implementation of nuclear counterterrorism enhancements, including some recommended in earlier GAO reviews. Their initial findings depict a lengthy process that risk becoming more theoretical than actual. A new protection standard--or design basis threat--was not issued until April 2003. A rushed review of facility plans implementing the DBT could be completed next month. But that has been formulaic, wholly paper exercise. The NRC will not have complete, site-specific data, from force-on-force exercises to validate upgraded security plants for 3 more years. Even then, there may be no reasonable assurance plants are adequately protected. Suddenly--I think I am even one of them--the new DBT understates the true level of risk, meaning that security plants will have to be modified and tested again. Despite persistent efforts by reactor operators and regulators to minimize the risks of containment breach or spent fuel sabotage, surrounding communities and those further down wind, take little comfort from a cosy indulgent regulatory process that looks and acts very much like business as usual. Findings of security violations, illicit promises of, correction, but little NRC followup. Emergency response plans may not be current. Lessons learned are not shared. And a proposal to hire an attacking force from the same company used to protect several plants raises legitimate concerns about the integrity of future mandatory force-on-force exercises. There is no question nuclear power plants remain of abiding interest to terrorists. However, real questions remain. How and when the seriousness of that threat will be fully reflected in the substance and speed of critical countermeasures. As we continue to pursue these questions, the subcommittee sincerely appreciates the experience and expertise brought to the discussion by all our witnesses. We look forward to their testimony. Taking care of some general business, I ask unanimous consent that all members of the subcommittee be permitted to place an opening statement in the record and that the record remain open for 3 days for that purpose. Without objection, so ordered. I ask further unanimous consent that all witnesses be permitted to include their written statements in the record and without objection, so ordered. [The prepared statement of Hon. Christopher Shays follows:] [GRAPHIC] [TIFF OMITTED] T8358.009 [GRAPHIC] [TIFF OMITTED] T8358.010 Mr. Kucinich. Mr. Chairman. Mr. Shays. Yes. Mr. Kucinich. These are the letters I would ask to be entered into the record. Mr. Shays. This is from the Union of Concerned Scientists without objection dated August 19th. We will add that to the record. [The information referred to follows:] [GRAPHIC] [TIFF OMITTED] T8358.011 [GRAPHIC] [TIFF OMITTED] T8358.012 [GRAPHIC] [TIFF OMITTED] T8358.013 [GRAPHIC] [TIFF OMITTED] T8358.014 [GRAPHIC] [TIFF OMITTED] T8358.015 [GRAPHIC] [TIFF OMITTED] T8358.016 [GRAPHIC] [TIFF OMITTED] T8358.017 Mr. Kucinich. There is a letter right behind the it. Mr. Shays. There is a letter right behind it. Let's get that one. Mr. Shays. And then a letter from Public Citizen dated August 18th. Both will be put in the record and without objection so ordered. [The information referred to follows:] [GRAPHIC] [TIFF OMITTED] T8358.018 [GRAPHIC] [TIFF OMITTED] T8358.019 Mr. Shays. We have and we are grateful to have our first panel, Mr. Luis Reyes, executive director of operations of the Nuclear Regulatory Commission and Mr. Roy P. Zimmerman, director, Office of Nuclear Security and Incidence Response, Nuclear Regulatory Commission. What we are going to do is we are going to have them make their statements. We will go through a 5-minute round of questioning. We are then going to have the GAO make their statement, ask them questions and then do a second round to our first panel separately afterwards. We appreciate our first panel being willing to do it. It's to everyone's advantage to have that kind of dialog, and that makes me feel good that you recognize that and I appreciate it. So with that, we would ask you to stand and swear you in as we swear all our witnesses. [Witnesses sworn.] Mr. Shays. Note for the record our witnesses are responding in the affirmative. Is there anyone I should have asked in your staff that may need to respond? If so, it may make sense for me to swear them in. Mr. Reyes. No, Roy and myself are the ones doing the testimony. Mr. Shays. OK. That's fine. That's great. With that, Mr. Reyes, you have the floor and am happy to have with your statement. STATEMENTS OF LUIS REYES, EXECUTIVE DIRECTOR OF OPERATIONS, NUCLEAR REGULATORY COMMISSION, ACCOMPANIED BY ROY P. ZIMMERMAN, DIRECTOR, OFFICE OF NUCLEAR SECURITY AND INCIDENCE RESPONSE, NUCLEAR REGULATORY COMMISSION Mr. Reyes. Thank you. Mr. Chairman, members of the subcommittee, it is indeed a pleasure to appear before you today to discuss some of the efforts by the Nuclear Regulatory Commission. Mr. Shays. I am going to have you move that mic a little more in direct line with you. Mr. Reyes. OK. Is that any better? Mr. Shays. Yes. Just turn it this way. Thank you. Mr. Reyes. To the efforts by the Nuclear Regulatory Commission and its licensees with respect to security at nuclear power plants. The NRC has greatly enhanced requirements of licensees at nuclear power plants and conducted vulnerability assessments and identified mitigation strategies in order to improve security and evaluate potential threats. Nuclear power plants have maintained a strong safety and security measures and were designed to withstand catastrophic events including fire, flood, earthquakes and tornados. Security at nuclear facilities across the country has long been the subject of NRC regulatory oversight, dating back to the 1970's. And nuclear power plants have been required to implement security problems that are capable of defending against violent assault by well-armed, well-trained adversaries. Nuclear power facilities have likely been among the best protected commercial facilities in the Nation prior to September 11, 2001 and remain so today. However, the September 11th terrorist attacks on the United States brought to light a new and more immediate threat to our country. To cope with these changes in the threat environment, the NRC undertook a reassessment of its safeguards and security programs to identify from actions, and long-term enhancements that will raise the level of security at the nuclear facilities across the country. Since the terrorist attacks, the NRC has ordered as licensee to take specific actions to security at their facilities and to amend the protection of the nuclear materials they possess. We believe that this comprehensive act also effectively addressed major congressional concerns about the adequacy of security in the new threat environment. We recognize though that security would be further enhanced in the five legislative proposals that the Commission has submitted to Congress which are appended to our testimony are promptly enacted. My full statement submitted for the record provides a summary of the numerous post-September 11 actions and enhancement to raise the level of security at nuclear facilities. This includes a series of orders through all nuclear power licensees beginning in February 2002 to formally incorporate specific compensatory measures into the search safeguards and security programs. This enhancement of security included increased security patrols, augmented security forces, additional security posts, increased vehicle span of distances and improved coordination with law enforcement. In the months since those orders were issued, there has been coordination with the regulated industry and representatives of the Federal, State and local government agencies that would be called upon to support the licensees response to a potential terrorist attack. Also, following the September 11, 2001 attacks, the NRC began a reassessment of the design basis threat [DBT]. As a result, the threat characteristic set forth in NRC regulations were supplemented by orders issued to power reactors and to certain field cycle facilities. The NRC's currently reviewing licensee revised security plants for nuclear power plants and certain nuclear fuel facilities. Nearly 2,000 plants in all, and expects that all the plants will be reviewed, revised as appropriate and approved, and with few exceptions implemented by October 29, 2004 deadline imposed by the Commission's April 29, 2003 orders. Additionally, the NRC has completed an extensive set of vulnerability assessments and identified mitigation strategies for NRC license activities involving radioactive materials and nuclear facilities. These efforts have continued to affirm the robustness of the effectiveness of these facilities, the effectiveness of redundant systems and defense of design principles and the value of effective programs for operator training and emergency preparedness. We have continued to improve our security performance evaluation program, that is our force-on-force evaluations. In February 2004 the NRC began a transition force-on-force program incorporating lessons learned during the pilot. The transition program uses the characteristics of the DBT as enhanced as supplemented by our orders to prepare for resumption of the full security performance assessment program in November 2004. In conclusion, my full statement also includes prescriptions of NRC's revised base line inspection program, the status of security plan reviews, emergency preparedness and sharing of information with our stakeholders. I appreciate the opportunity to appear before you today. And I look forward to answering any questions you may have. [The prepared statement of Mr. Reyes follows:] [GRAPHIC] [TIFF OMITTED] T8358.139 [GRAPHIC] [TIFF OMITTED] T8358.140 [GRAPHIC] [TIFF OMITTED] T8358.141 [GRAPHIC] [TIFF OMITTED] T8358.142 [GRAPHIC] [TIFF OMITTED] T8358.143 [GRAPHIC] [TIFF OMITTED] T8358.144 [GRAPHIC] [TIFF OMITTED] T8358.145 [GRAPHIC] [TIFF OMITTED] T8358.146 [GRAPHIC] [TIFF OMITTED] T8358.147 [GRAPHIC] [TIFF OMITTED] T8358.148 [GRAPHIC] [TIFF OMITTED] T8358.149 [GRAPHIC] [TIFF OMITTED] T8358.150 [GRAPHIC] [TIFF OMITTED] T8358.151 [GRAPHIC] [TIFF OMITTED] T8358.152 [GRAPHIC] [TIFF OMITTED] T8358.153 [GRAPHIC] [TIFF OMITTED] T8358.154 [GRAPHIC] [TIFF OMITTED] T8358.155 [GRAPHIC] [TIFF OMITTED] T8358.156 [GRAPHIC] [TIFF OMITTED] T8358.157 [GRAPHIC] [TIFF OMITTED] T8358.158 [GRAPHIC] [TIFF OMITTED] T8358.159 [GRAPHIC] [TIFF OMITTED] T8358.160 [GRAPHIC] [TIFF OMITTED] T8358.161 Mr. Shays. You may go to the next witness. Mr. Turner [presiding]. I'm sorry. Mr. Zimmerman. Mr. Zimmerman. I have no opening statement. Thank you. Mr. Turner. We will go to a 5-minute round of questions from the members of the committee. I know many of the members of the committee are going to have questions concerning the design basis threat, their concern of its insufficiency. The concern of force-on-force exercises and their lack of reliable training and effectiveness, also issues concerning equipment and training. But I am very interested in the relationship between DOD and the protection of our nuclear power plants. In some of the information that we have indicates that power plants are not required as part of their design basis threat to take into consideration attacks by a foreign power or even perhaps the type of terrorist organizations that we see with al Qaeda, with the airborne threat. Could you talk a little bit about the NRC's coordination with the DOD and how and where that occurs? Both in the level of communication, exercises, onsite equipment and response? Mr. Reyes. OK. Prior to September 11th, the NRC has always had intelligence analysts. Subsequent to September 11th those intelligence analysts--even though they are NRC employees--are collocated with the intelligence agencies. So we have changed not only the analysis of intelligence information the way we did it before, but now we have collocated with the intelligence community. And what that has provided is a more direct feedback for us--but we now provide the intelligence community, information we didn't provide it before. We have required our licensees to report to us activities that may observe around their facilities that may have some bearing on the national intelligence information. Now, in terms of the design basis threat, we have worked very closely with DOE and DOD in terms of the intelligence to determine our design basis threat. As somebody stated, we do not have in the NRC regulatory oversight weapons plans that have nuclear weapons or plants that have nuclear weapons components. So our design basis threat takes that into account and we feel is similar to DOE facilities that are similar to ours. So we think that the design basis threat is similar now. Now, I couldn't bring all of the pictures because security information. It's limited to the public. But some of the pictures here provide some of the features that the plants have. They compare to similar facilities with DOE and DOD. What you don't see here today is technology to detect intrusion and some of the programs that they have the facilities to make sure that the individuals that have access to the facility have security clearance---- Mr. Turner. I am going to interrupt you. Because we have a limited time period for the answers. I appreciate your giving us information concerning intelligence gathering and information with respect to detection. Mr. Reyes. OK. Mr. Turner. But obviously my question and my interest concerns the ability to actually defend these facilities. Intelligence is only an element that gives you an understanding of what you are defending against or when defense is necessary. And detection certainly is way too late. So if you could please describe with respect to the Department of Defense, NORTHCOM, where are you drawing the line between the facilities responsibilities, the DOD's responsibilities and how are those actually being coordinated in a meaningful way that actually transcends into defense. Mr. Reyes. Let me have Mr. Zimmerman give you the details of our interface with NORTHCOM. Mr. Zimmerman. Thank you let me provide you with some of the specifics. With regard to NORAD, we have interactions with NORAD on a daily basis. We provide them information associated with the status of our facilities. They know which facilities are operating, which ones are shut down, which facilities may be with selected equipment out of service. We have run exercises with NORAD, where we have Amalgam Virgo or Amalgam Amigo are examples, for example, of actual interactions we have had with them on the phone, as well as with licensees. There is also, have been calls that NORAD has had directly with our licensees, but we have set up a protocol that happens very quickly. If there's an anomalous situation in the air that involves NORAD, NRC and the licensee on a three-way phone call--and we have been practicing that with our licensees--we have been involved in many exercises with the Federal Government and DOD primarily in the lead. We have been involved with the TOPOFF exercises that have occurred. We are involved with TOPOFF planning for next year. We have been involved in Forward Challenge, we have been involved with UDO 4. We are actively involved in and are interacting both with NORTHCOM with regard to their ability to respond with quick response forces. They have been out to the sites. We have taken them onsite tours. And they have had an opportunity to walk the facilities share their thoughts with us. So we view that we have a very strong relationship with NORAD, with NORTHCOM and we plan on making it stronger through an effort we call integrated response planning. And that deals with recognizing that the design basis threat we view as what is reasonable for private guard force, where the Federal Government needs to come in promptly. DOD is an active player in that effort of integrated response. Mr. Turner. Mr. Kucinich. Mr. Kucinich. Thank you very much, Mr. Turner. Mr. Zimmerman, one of the things the NRC points to on their Web page is a way that increased security is extending the perimeter of their facilities. Despite this, there have been two incursions into nuclear facilities in the last 2 months. One occurred at Beaver Valley in Pennsylvania and the other occurred at Pilgrim. If NRC had indeed extended the perimeter, ostensibly to catch terrorists before they get on the site, how were these individuals able to get out into plant sites? Mr. Zimmerman. I think context is very important in this regard. Without talking to the specific details--I am not sure I recall the specific details--the area that we are talking about at these facilities is what is called the owner- controlled area. This is the area of property that is owned by the licensee, but in many cases is far removed from where the protected area where the vital equipment is located. At some plants, it's miles away from where the actual facility equipment is located. What we have done subsequent to September 11 is require that licensees conduct surveillance out in their owner-controlled area to be able to identify the possibility of surveillance taking place on their site or as well as any plant, preplanning for an attack. We also called for licensees to mix up those patrols so they don't always roll around at 4, you know, hour on the hour. They mix it up to try to keep any potential surveillance, you know, at bay. We get daily reports that are made from the licensees into my office that address the many instances where individual sightseers are taking pictures of the sites, where the film is confiscated, explain to the individuals the sensitive nature of the equipment that they are trying to take pictures of. There are close working relationships with the local law enforcement and the FBI to run license plates to look for any information in the background of these individuals. It's a very aggressive program--and addressing one of the other concerns that was raised earlier, we share this information across the industry so that if there is some information that somebody sped away quickly from a particular location, that information is put on a protected Web server so all sites have access to it and can be on the lookout for a similar vehicle. Mr. Kucinich. I have a number of questions here, Mr. Chairman, that will probably require--you are going to have a second round of questioning? I know my time isn't up. Mr. Shays [presiding]. I would be happy to yield to my colleague some of my time. We would like to go just a 5-minute round with this, and then they are going to come back after GAO has testified. Mr. Kucinich. Well, before---- Mr. Shays. Why don't we go through this. Why don't we---- Mr. Kucinich. My 5 minutes hasn't expired. Mr. Shays. OK. Mr. Kucinich. I want to, as a personal matter ask you a question. Mr. Zimmerman. Surely. Mr. Kucinich. What do you think about the failure of your own agency to provide information to the public about a hole in the head of a reactor vessel. Is that a security matter that you have any concern with, or is that somebody else's job? Mr. Zimmerman. To be candid, it is not in the realm of responsibilities that I have. I think better justice could be done to answering your questions in a different setting, perhaps with different individuals that are closer. Mr. Kucinich. You really don't know anything about that, is that what you are saying? Mr. Zimmerman. No, I am not saying that at all. Mr. Kucinich. Do you know anything about it at all? Mr. Zimmerman. Yes. Mr. Kucinich. What are you aware about it? Mr. Zimmerman. I am aware of the fact that there was degradation in the vessel head that was late in being identified, through a non-destructive examination. I am aware of the fact that the NRC followed the degradation closely and had identified a period of time that it was felt that it was reasonable for that facility to continue to operate based on the information that was available to them. Mr. Kucinich. Mr. Chairman, I just want to point something out. And I don't think this is tangential. We have a witness in front of us whose job deals with nuclear security. I would submit that there is a lack of communication within the NRC on issues of security that he just made a statement that defies belief of anyone who claims that they followed this. So I am just going to take his initial statement that he is really not responsible for this. And the gentleman is showing a lack of comprehensive understanding of what the NRC's failings were on this--and I am not going to attribute that to his problem--I am going to attribute it to the responsibilities of the people who had the first obligation to let the public know--should have also let him know, since he is dealing with nuclear security. So I think one of the things the committee has already been able to determine here is that you don't have the kind of communication within the NRC that would protect the public interest with respect to security lapses of a mechanical kind, physical kind, inside. So the security problems can come outside, but they can also come inside. Thank you, Mr. Chairman. Mr. Turner [presiding]. Mrs. Maloney. Mrs. Maloney. What have you done to protect our plants from the possibility of a plane flying in? Mr. Reyes. Yes, we have---- Mrs. Maloney. We have read in the 9/11 Commission said that was one of their plots. So how are we protecting ourselves from that? Mr. Reyes. The NRC has done a vulnerability assessment. That includes a wide variety of aircraft. It includes smaller aircraft, all the way to a large commercial aircraft loaded with fuel--an analysis of a limited number of plants that are typical in the design of the power plants in the United States. What that analysis has shown is there is a very low probability that the crash of such a large aircraft into the facility would cause both damage to the core and a significant radiation release that will impact the health of the public. And the reason being is that prior to September 11th, these plants have severe accident procedures--they were procedures that were mitigated or strategies that were to cope with events that could not be foreseen by the design. Our analysis has identified that more had to be done--and in fact the mitigative strategies have been enhanced to cope with such an attack. Now that will be the back end once the attack occurs. At the front end, I think Mr. Zimmerman talked about our relationship with NORTHCOM and NORAD and the exercises and direct communication from NORAD to the control room in the power plant to advise them if there is a pending attack. Mrs. Maloney. Do we have any planes in the air that would shoot down another plane coming? I mean, we never anticipated that a plane would knock down the Towers. So the main thing is to prevent it from coming in in the first place. So what do we have? Are you working with the--you understand the security to basically shoot down a plane if it ever got into the area? Mr. Reyes. Yes, our work has been with NORAD who had the responsibility to intercede the aircraft. Mrs. Maloney. Now, in the prepared testimony of the GAO, they say that the NRC does not plan to make improvement to the inspection program that the GAO previously recommended and still believes that it is not necessary. For example NRC is not following up to verify that all the violations of security requirements have been corrected. Can you explain that? That's a direct quote from the GAO report that they are very disturbed that you are not correcting the items that they pointed out to you. Why not? Mr. Reyes. The GAO report relates to our followup of the corrective action--the NRC both on the safety and security site. And we don't think distinguish them--they work together-- puts their effort on the violations of biggest or higher significance. Now, what we do is we put--confirm all the corrective actions for violations of higher level, and for low level violations we do it in a sample basis. Now that doesn't mean we don't know what was done. What it means is for security specialists to confirm whether that minor violation or violation of low risk was not corrected. But we have an NRC office in every power plant. We have inspectors there, and we are aware of the corrective action on small, low-risk violations. But we follow all significant violations with subject matter experts, whether security or safety. On the lower level, we do a sampling process. It's a matter of resources. Mrs. Maloney. So, then, you are not following up to verify that the violations of security requirements have been corrected for ``smaller violations?'' Mr. Reyes. On a sampling basis we do. Mrs. Maloney. But you are just correcting the larger violations. Can you give me an example of a smaller violation that you are not correcting? Mr. Reyes. Well, they corrected it. We just don't confirm specifically that it is corrected. I will have Mr. Zimmerman maybe give an example of a minor violation. Mr. Zimmerman. A minor violation could be an isolated case where an individual had a lapse and didn't record information within a certain period on a tour or potentially may not have logged it at all. We would view that as a violation. By understanding a licensee's program, they have a corrective action program that they are required to have. Their quality assurance organization will pursue that, determine whether it is an isolated case. We also during our review--if we see something that indicates it is potentially larger and has programmatic aspects to it--we would continue to follow that trail. But if we see that as an isolated case, the corrective action would be taken by the licensee. And then as Mr. Reyes said, we do come back for the lower significance items and do a sampling check to see if we have confidence in the thoroughness of the review of the utility. Mrs. Maloney. My time is up. Thank you. Mr. Turner. Mr. Platts. Mr. Platts. Thank you, Mr. Chairman. I appreciate your testimony here today. And I question our focus, I know, is about protecting our facilities from the terrorist threats. And I would like to at least put on your radar an issue that kind of relates that if there is an attack and our response and attentions come to my attention in my local community, I would go right up against the Susquehanna River where Three Mile Island is--and certainly as a high school student, remember 1979 very well--living a few miles from the plant. The issue that has been raised to me is if there would be an attack how we would respond to the attack, specifically for children in day care, preschools, nursery schools, and believed by some of my constituents that NRC's oversight, along with FEMA, is not insuring that our NRC regulations are being fully complied by facilities regarding those preschool child care centers, and the State plans that are in place. My understanding of NRC is your responsibility is really to improve the State plans for evacuation if there is an attack or if there is an incident of whatever kind that requires an evacuation that NRC looks to the State and approves the State plans? Mr. Reyes. FEMA, the Federal Emergency Management Agency does that. But if I could address briefly your concern. If there is an attack at a nuclear power plant--regardless of whether it is ground, waterborne or air--right away, there is a declaration of high level emergency. What that does is automatically gives the local government, the counties and the State, mobilizing their emergency plan. And the typical arrangement--and I don't know the one in Pennsylvania specifically--the typical arrangement is that when that is declared, the local government already has prearranged decisionmaking on evacuating children, senior citizens. So the fact that the facility was attacked without any consequences-- yet in terms of release of radiation and all of that--because you declare a high level emergency, you are already as a precautionary measure, very conservative, rolling and the offsite government agencies are already moving. Mr. Platts. The concern is that--and then that process, for it to work, those plants need to be thorough and that the FEMA reviews the plans. Mr. Reyes. Right. Mr. Platts. Based on their finding and you issue a license that yes they have a plan in place. Mr. Reyes. Correct. Mr. Platts. Is that perhaps with some facilities in Pennsylvania and perhaps elsewhere around the country that those plans are not as thoroughly guarding these preschool age children even though the regs require them to, to accomplish those children as well. Mr. Reyes. Yes, it is FEMA that has to do the assessment. And they monitor the exercises and the plant and the fact that it gets performed adequately. I just couldn't---- Mr. Platts. So NRC basically takes the decision of FEMA and just ratifies that decision that FEMA says, yes, they are in compliance, their State plan, their local plan, therefore the license is issued? Mr. Reyes. Yes, it's called reasonable assurance. FEMA sends out a report, and a certification that they have reasonable assurance that the offsite emergency preparedness actions, the plans and the actions that they will take by observing the execution of the plan and the exercises, etc. is adequate. And we take that certification of reasonable assurance and accept it. Mr. Platts. Thank you. Thank you, Mr. Chairman. Mr. Turner. Ms. Watson. Ms. Watson. According to the GAO, NRC is not taking advantage of opportunities to improve the effectiveness of force-on-force exercises and security oversight in general by implementing the recommendations. And I did hear you mention, you have gone so far with a lack of resources. I would like to elaborate on that and tell us how is nuclear power plant inspection information shared with the NRC regional offices and nuclear power plants. So you can answer collectively. The other concern that I have is that several months ago, we heard about traditional procedures and traditional ways of calculating how an attack would take place on our nuclear plants. I had problems with traditional. Because I think whatever enemy out there we are facing is being very creative. And if we have a traditional procedure or formula that we use on the ground, what about that comes from the air or over water? So you might want to address that as well. Mr. Reyes. OK. I would be glad to do that. Let me talk first about the information sharing. All the findings, all the violations, whether they are high or low or of significance, regarding security, are reviewed by a panel which is composed of a representative from all of our four regional offices and our headquarters offices. And that's to make sure that in fact they are properly being categorized in terms of their significance and therefore which ones we need to do followup corrective action in detail and which ones we do a sampling process. That information is shared because there's representatives from each one of the regional office and the program office. So those individuals share that within their own group. Then we also have very frequent meetings with the industry--it's called a security working group--where we share all the issues that we have identified with them, and the security working group from the industry then shares that with their counterparts. We also have prepared a protected Web page that has those kindS of information. Not only do we share that with the licensees, but it gets shared with local governments and other interested parties that do have the appropriate clearance to have that information. So we do have a very aggressive way to share the information. Now, we haven't adopted every recommendation that GAO has submitted. We haven't dismissed them; we are considering them, but we feel there is a very aggressive way that this information is being shared. Ms. Watson. When you said lack of resources, would you elaborate, please? Mr. Reyes. We feel we have adequate resources, but what you want to do is you want to put your resources where the more significance is. So Mr. Zimmerman provided you an example of where a patrol officer had an oversight to log in as they conducted the patrol around the facility, and they have to log in exactly where they were and where they are not going. That would be a relatively low violation of our requirements, and we necessarily wouldn't put the resources there. If we were to find a more significant problem regarding training of the officers or the weapons not being in good working order or something like that, we will put very detailed followup on the more significance, because they do have the more significant potential to affect security. So there's a matter of grading where our resources go to; they go to the most significant findings. Ms. Watson. I am really troubled by the fact that we are fighting an enemy of unknown proportion. It could be an American--I will always remember Oklahoma--or it could be someone who has merged into our society. They have a very different mindset than we do. And I'm wondering if there is any activity going on that tries to get into that mindset, because I think the September 11 attack was planned a decade in advance. And certainly we know by the training, the time it took to train those who flew the planes--and they went in and said we don't want to learn how to take off or land; that should have rung a bell. And they paid in cash. But apparently they were more interested in getting that money than in picking up the clues. And I am finding out there have been clues along the way and we haven't done a good job in connecting the dots. So I am wondering if we have a think tank that might be looking at the creative ways that people, you know, watching us in an open society might do us great harm through our nuclear plants. Pand, finally, how does this fit into homeland security? How does the NRC, what role do you play in terms of homeland security? Mr. Reyes. OK. Let me talk about--the concerns you had about the potential adversaries and the modes and the planning all goes into the intelligence community. What we do is we take that information, and, for example, when we consider the design basis threat and when we do our exercises, we assume that all that information in terms of what we call coordinated attacks-- and we assume they are coming from the ground, from the air, from the water, and that they have an insider that they have. So all that is considered in both the design basis threat and the exercises we actually conduct. So also, we don't go out there to try to do intelligence work. We are the beneficiaries. And by having our intelligence analyst physically present in that community, we get that information and we factor that into our activities. Now, let me have Mr. Zimmerman explain to you how we work with DHS, because we are an active participant in that effort. Mr. Zimmerman. One of the things that we do with the Department of Homeland Security is we try to maximize our time that we spend in their operation. And I will explain that. There may not be a particular issue that is necessarily in our sector, but we will try to send people to their operations center, even if there is an issue that they are pursuing that is unrelated to the nuclear sector, just so that we can get comfortable, get a chance to meet people, understand what their protocols are. And we basically have a relatively large number of people that we are sending down there and getting badged ahead of time, so that if the bell does ring in our sector, we have working relationships established. And if we are in a reactive situation, we know where our desk is, we know what our responsibilities are. And when we do our exercises now, we have requested of DHS, and they have been very supportive, to try a continuous improvement to make our exercises more realistic, where we want them to play in our exercises now that they have been stood up. So we want to send people to them, understand what issues they would have in this emergency situation during this drill, and raise those issues directly to us in real time in the exercises so that we can practice and learn how we can improve our overall response to the Federal Government. Ms. Watson. I will just finish up with this. I think intelligence has failed to provide all of us with the information that we need to prevent--not respond to an emergency, to prevent. And I would hope that the NRC would definitely be looking at strategies, procedures, to prevent a nuclear kind of emergency, because once there is a nuclear attack we are done. Mr. Zimmerman. May I respond? Mr. Turner. Actually, we need to move on. Mr. Tierney. Mr. Tierney. Thank you, Mr. Chairman. You rely on private companies for the securities of the individual plants. Right? Mr. Zimmerman. That's correct. Mr. Tierney. All right. So we have 65 plant sites, 103 nuclear reactors in 31 States. Mr. Zimmerman. Correct. Mr. Tierney. And you sort of delegate that responsibility to private companies, and then rely on their report to you as to whether or not they are complying with the various standards that you set. Mr. Reyes. No. We have direct observation of their activities. Mr. Tierney. About once every 3 years, right? Mr. Reyes. No, no. That's incorrect. Mr. Tierney. OK. Mr. Reyes. See, the inspection program--and I think this is--the GAO auditors are in the process of doing that effort, and they haven't been able to visit the facilities. So we have a security inspection program that looks at everything, from training to performance of the detection system, implementation of the program for access to individuals, communications. The portion as far as exercise is on top of all that I just told you, and that is the final task on the dynamics. That's where we actually simulate adversaries, and they actually come in and jump over the fence and actually have access to--and we simulate the attack. But that's only the culmination of a large number of inspection hours by a lot of subject matter experts in security that come in unannounced at all times of the day or night to check each one of the elements. Mr. Tierney. Let me interrupt if we can because are limited in time here. So you are saying that your agency determines the standards for training, and then you go down and you observe and make sure that training is in fact occurring and being met and that people are passing those criteria. Mr. Reyes. That's correct. Mr. Tierney. And that's no matter what the turnover there. Mr. Reyes. Correct. Mr. Tierney. And then you are telling me that you are also keeping an eye on how much overtime is involved, how many hours these people are working on each shift on a regular basis? Mr. Reyes. We have requirements for that. We review the records and we interview individuals. Mr. Tierney. Did you want to add something? Mr. Reyes. What he was going to tell you is our inspection program has increased by a factor of five. Mr. Zimmerman. Since 2000. The amount of hours that we spend onsite--this is separate from force on force--is we have gone up fivefold in the amount of inspection hours that we are currently spending onsite. The design basis threat that we issued in April 2003 is quite similar to the interim compensatory measures that we put in place in February 2002. Our inspectors have already gone out and verified that probably 80 percent of what is in the revised 2002 DBT is already in place. Mr. Tierney. Are you subcontracting any of this evaluation work? Mr. Reyes. No. Mr. Zimmerman. It's being done through our regional offices. Mr. Tierney. And when you do the force on force, are you subcontracting any of that attack force work out? Mr. Reyes. No. The NRC reviews the training for the adversaries, the NRC decides on the scenario, and the NRC is there in large numbers to observe the force on force. And we are the ones who determine whether the performance is acceptable or not. See, this is a big difference between DOE and NRC. DOE operates and regulates itself. We have a private licensee, but we are the ones who do the oversight and we are the ones who determine the adequacy. Mr. Tierney. But it is not your personnel that are actually doing the force on force. You hire somebody to do that, then oversee them? Mr. Reyes. The adversaries are not NRC employees. The people monitoring them and doing the independent assessment are. Mr. Zimmerman. We hire contractors that are experts in this area. They are joined at the hip with the adversary team; they are in the field with the adversary team as they are trying to make their approach on the facility. They are involved in the preparation aspect indicating, based on what we have been able to determine, this is how I would attack the facility, so this is how you will attack. The decision on how the attack is made is made by the NRC contractor, not by the contractor that's going to carry out the actual attack. But our contractors will go with them. Mr. Tierney. So we no longer have Wackenhut watching Wackenhut. Mr. Reyes. It never has been. We don't know the misunderstanding, but it never has been. Mr. Zimmerman. We do the full assessment. Wackenhut will pull the trigger, but we will have somebody there to make sure that person is taking the appropriate action of what he or she has been instructed to do based on us laying out what the scenario will be, and then being with them in the field while they carry it out. Mr. Tierney. We can maybe revisit that again later. Tell me, if you would, about spent fuel storage security and why we should feel comfortable with the way things are going there. Mr. Reyes. There is two kinds of storage of spent fuel. One is what we call the pools or the wet pool. And those are inside all the protected area of the facility, and all the security features that you have for the reactor, you basically have for the wet pools. The dry cast storage could be either inside the protected area or could be sitting by itself within a protected area. And that also has security features to it. The dry cast storage is more robust in terms of attacks and all that. So we feel very secure that it is--the security is adequate. Mr. Tierney. Thank you. Mr. Turner. Mr. Sanders. Mr. Sanders. Thank you very much, Mr. Chairman. As you know, gentlemen--and thank you very much for being with us. As you know, we have a nuclear power plant in Vernon, right at the southern edge of Vermont and right near the Massachusetts border. Recently there was a scare, as you know, when two spent fuel rods appeared to be missing, and they were relocated sometime later. But that raised anxiety in an area where anxiety is already fairly high. Let me just ask you just a couple of questions. It seems to me--and I don't want to disappoint any of my colleagues or you--that the truth of the matter is there is not an enormous amount of faith in the U.S. Government; that people do not believe everything that you say or I say or anyone else says. And when it comes to nuclear power and the potential danger, clearly people are very, very concerned as to whether or not the U.S. Government is in fact protecting them. As I understand it, earlier in August the NRC announced that a substantial amount of site-specific security information would be taken off of its Web site. Now, I can understand that we do not want to tell al Qaeda all of the methods that we have to defend nuclear power plants. But the bottom line is that when people, at least in the past, could critique, could say it is not enough, now they have virtually nothing. So if I'm living in Vernon, Vermont or Brodova, Vermont, how do I know that the kind of security--I don't need to know every detail, people understand that. But what kind of reassurance do people have that security is appropriate when they now go to the Web site and they get far less information than they used to? And as I understand it, you took that information off kind of privately, without a lot of public discussion as to whether that was a good idea. Mr. Reyes. Prior to September 11th and today, our strategic plan has safety security and openness as one of the goals. And we have learned since September 11th, through our feedback with the intelligence community, that there are people out there that want to do us harm. And information that we openly share with everybody as one of our strategic goals could be harm to the Nation. So what we had to do is, we had to do some soul- searching and find out what information should we pull out of the public. And we took out information that could assist somebody in doing us harm. What we are going to do is--the remaining of the information regarding the safety of the facility, all that information is still there. What we are going to do is we are going to summarize that security information we have and present it in a summary fashion without giving details that somebody can harm us. Mr. Sanders. We don't have a lot of time. And I think everybody understands that we do not want to give enemies information. But on the other hand, I would ask you to keep in mind, given the fact that people do not necessarily have a lot of confidence, that they do want to know that they are being protected. They want the opportunity to critique when they feel that security is not appropriate. And I fear very much that is not the situation. Now, I understand that there was several FOIA requests made before this policy went into effect; in other words, regarding the nature of security. What does the NRC plan to do with those FOIA requests? Mr. Reyes. Well, we are going to have to process them under the new guidelines, because regardless of how you put the information in the public, the details, we now know our intelligence colleagues are telling us do not put detailed information out that can assist people to do us harm. Mr. Sanders. Let me go to another area. And forgive me, we just have to move fast because there's not a lot of time. I'm picking up at a point that Mr. Tierney raised a moment ago; and that is, NRC, as I understand it, has repeatedly stated that they believe release of radioactive fuel as a result of a terrorist attack on a spent fuel pool is unlikely. NRC officials have made that point over and over again, and they said that as recently as last week. So what I want to know is why you think that way? Are you taking additional steps to fortify the many spent fuel pools around the country, rather than simply dismissing the prospect of a breach of security there? Mr. Reyes. We have done analysis of airplane crashes into the spent fuel pools. Now, it's been a limited number of details in terms of which ones we have done that, and those are the conclusions you stated. We are now moving forward to doing further studies to make sure that we have done a thorough review in any one of the layouts. The configuration of the pools are different in different plants, and so we are now continuing the analysis to make sure that the results we have are representative of the total population. Mr. Sanders. Am I correct in remembering, though, that there are some knowledgeable people who disagree with some of the conclusions that you have reached about the safety of those facilities in terms of a plane attack? Mr. Reyes. There's always people who disagree. Mr. Sanders. I'm not talking about fringy people; but I'm talking about intelligent people. Mr. Reyes. Yeah, there's always intelligent people that disagree with us. Mr. Sanders. All right. What about the potential of an air attack? I understand that there is no longer a no-fly zone in effect over our Nation's nuclear reactors. And my question is, why you think that is good policy? And why does the NRC think it's such an insubstantial threat, especially in light of the fact that al Qaeda clearly considered nuclear reactors an attractive target? Mr. Reyes. After September 11th, we met with the FAA and we tried to get their insights and their determination on what should be the airspace around nuclear power plants determined to be. The FAA determination was that for nuclear power plants and other critical infrastructure, that it was not advisable in their mind to put no-fly zones. What they did determine was for nuclear power plants to put what they call a notice to airmen, which basically is a notice that goes to all pilots about limiting their flying around these facilities. But we are just following, after the meeting with the FAA, what they determined to be the most wise. Mr. Sanders. But do you think that makes sense? On the surface it doesn't make a lot of sense to me, given what we saw about September 11 and the use of airplanes as missiles. Mr. Reyes. The rationale of the FAA was that there's other critical infrastructure, just like nuclear power plants. And if they were to put no-fly zones over all these facilities and the infrastructure, you basically stop commerce because you have so many no-fly zones across the national--chemical plants, pesticides. Mr. Sanders. Frankly, a nuclear power plant is different than many other infrastructures and facilities. We don't think we should have universal no-fly zones, but I would suggest that maybe we may want to do a little bit of thinking about that one. Mr. Reyes. And we met with the FAA and we tried to convey that. Mr. Sanders. I mean, you met with the FAA. You are the experts on nuclear dangers; they are not. They have other interests as well. And we need to rely on somebody to protect us. Mr. Turner. Mr. Sanders, we need to move on. Mr. Sanders. Thank you. Mr. Turner. Chairman Shays. Mr. Shays. I thank you. We are going to have a second opportunity to question these witnesses. We do thank them, because that's a better way for them to make their arguments and for us to understand the challenges. The bottom line, it's been 3 years since September 11th, and 2 years of it was the intelligence community giving us a postulated threat. You have worked the last year on a design basis threat, and now that's coming into place. And what's concerning me is there appears to be 3 years before you really test at every facility, and so it's going to be like 6 years from September 11th. I want to ask, are you aware of the memo, which was classified, from the Deputy Secretary of Energy to DOE facilities strengthening the DBT and ordering safeguards beyond those called for by the initial post-September 11 standard? Mr. Reyes. We work closely with DOE, and we know exactly what their DBT is and where the directions are heading. We are required by the Commission to brief them every 6 months on the intelligence, and so they can reassess the DBT. We are scheduled to do that November 16th of this year. At that time, we will brief them not only with the intelligence information we have, but with all the DOE--DBT changes that they are considering or perhaps they have implemented by the time we meet with the Commission. Mr. Shays. When we met with DOE officials and we toured certain facilities, they came back to us and said that they were going to strengthen their design basis threat. We have the postulated threat up here, we have the Department of Energy with their DBT here, and we see you lower down on the design basis threat, that you don't have as strong a standard as what we see happening for the DOE facilities. That's my reading of it. And I would like to know, do you anticipate strengthening your design basis threat based on---- Mr. Reyes. We will share that information with the Commission. It's a policy decision by the commissioners whether to increase or not increase the DBT. And, but we have a process to do that, and November 16th is our next presentation to the Commission to consider that. Mr. Shays. One of the biggest criticisms that GAO has is that they say the NRC's review of the plants, which are not available to the general public for security reasons, has primarily been a paper review and is not detailed enough for NRC to determine if the plans would protect the facility against the threat presented in the DBT. How do you respond to that? Mr. Reyes. The security plans are--they have, but at a pretty high level. And what you see here, what you have at the station, then, is what we call implementing procedures, the strategies of how those individuals will respond to an attack, where are they located, how will the firing lines, etc., is an implementing procedure. And the reason you want to have it that way is, let's assume that the legislative proposal that we highlighted to you gets approved and we now can give them better weapons. Then the strategy at the time may change. Mr. Shays. Well, now that we don't have the assault weapon ban, are you now able to get--no, I'm serious. Are you prohibited from giving them assault weapons? Mr. Reyes. Under State law--see, this, under the State law they cannot have automatic weapons. Mr. Shays. Under every State or in some States, or in every State? Mr. Zimmerman. Some States have changed. Mr. Reyes. Recently. Very recently. Mr. Shays. See, the logic of the assault weapon ban is that we want the law enforcement folks and the security people to have every advantage possible. We don't want the bad folks to have weapons that our people don't have. Mr. Reyes. We agree. Mr. Shays. I mean, the government's got it screwed up here. Mr. Zimmerman. The legislation that we proposed would allow the security officers to use automatic weapons. Right now they are using semi-automatic weapons. Mr. Shays. I want you to use whatever the hell you need to do the job. You know, our job in government is to make sure it's never a fair fight. We want our military people to always have the best. Mr. Zimmerman. I couldn't agree with you more. Mr. Tierney. Would the gentleman yield on that for 1 second? The problem is these are not military people and these aren't public forces on that. The question I would have is, who is doing the background check on these individuals? Who are they? How well trained are they? And how confident can we be that they can be entrusted with this kind of weaponry and are going to do the job that we might normally expect of our own forces? Mr. Zimmerman. The background checks on the security officers is extremely aggressive. They are viewed to be in what's called a ``critical group'' because of recognizing that if they were the insider, what damage they would be able to cause. So there is a significant background check and behavioral observation that takes place. The vast majority of these individuals are prior military or law enforcement. But the answer to your question, there is a very significant and appropriate background check being done. Mr. Tierney. By the NRC? Mr. Zimmerman. Well, no. We work through the FBI. We pass the information to various agencies that have a variety of data bases that you are aware of, and those names are provided to those data bases. We are a passthrough. Mr. Reyes. Similar to a clearance, the fingerprinting and review will be done by the FBI. It's not the licensee if that's what you're asking. Mr. Shays. Let me claim my time again. But I do think the gentleman is right on target. My biggest fear is the person who does have the weapon on the inside. I think one individual like that could practically accomplish whatever task they want. And so I think that is a key factor the gentleman has identified. The bottom line is you are going to be looking at whether to revise your new design basis threat. How long would that take, though, if you then decided to do that? Mr. Reyes. Once we present that to the Commission, typically within a few weeks they make a decision one way or the other. So then if they were to make a change, we will have to implement it through orders or some mechanism like that. Mr. Shays. So how long would that take before it actually were met in the field. Mr. Reyes. It depends on the size of the increase. If you are talking about the number of adversaries---- Mr. Shays. Just give me a sense. Are we talking a year more? Mr. Reyes. That should be in months we can issue the orders, and then the implementation will take a little bit longer, depending on the magnitude. Mr. Shays. A little bit longer means what? A year? Mr. Reyes. My guess would be a year. Mr. Shays. No, no. See, that isn't a little bit longer. I don't feel like there is an intensity level at NRC, I honestly don't. But we will get to that later. I think we need to get to the next. Ms. Watson. Is this just a followup, or can it wait when they come back to us? Mr. Turner. This panel is going to be returning after panel two. Will you be able to stay for---- Ms. Watson. Yeah. It was just pertinent to---- Mr. Shays. I would be happy to. Ms. Watson. I was just going to say what is really bothering me at this moment is that I represent a State that has a very porous border, and there are people coming across the Mexican border into the United States that are going to be able to buy automatic assault weapons in their corner sporting goods store because the ban has evaporated. And I understand that there is a constant movement across our border, our southern border into the United States, where these people can go in with fictitious names and somebody else's ID and pick up one of these assault weapons. This will impact on you greatly, and so I just throw that out. Mr. Turner. Perhaps when they return that's an issue they can address at that time, if that's OK. Ms. Watson. That's fine. So just keep that in mind, my concern. Mr. Turner. What I understand is that panel one is going to remain while panel two testifies, and then return to us for additional questions after we have heard the testimony of Mr. Jim Wells. So we will excuse you at this point, with the understanding that you are going to be remaining. Mr. Shays. And we thank you for that. That will be helpful. Mr. Turner. And then we will call forward panel two, which is Mr. Jim Wells, Director, National Resources and Environment Government Accountability Office, who will be accompanied by Mr. Raymond H. Smith, Jr., Assistant Director, and Mr. Kenneth E. Lightner, Jr., Senior Analyst. Gentlemen, we do swear in our witnesses for the hearing. If you would please stand and raise your right arm. [Witnesses sworn.] Mr. Turner. Please note for the record that the witnesses responded in the affirmative. Mr. Turner. We welcome you, Mr. Wells, and look forward to your testimony. STATEMENT OF JIM WELLS, DIRECTOR, NATURAL RESOURCES AND ENVIRONMENT, GOVERNMENT ACCOUNTABILITY OFFICE, ACCOMPANIED BY RAYMOND H. SMITH, JR. ASSISTANT DIRECTOR; AND KENNETH E. LIGHTNER, JR., SENIOR ANALYST Mr. Wells. Thank you, Mr. Chairman. We are pleased to be here today to discuss NRC's efforts to improve security at the Nation's 104 commercial nuclear power plants. Today, it's 3 years after the Twin Towers and Pentagon attacks, and we are discussing what NRC has done, where they are, and what's left to do. To NRC's credit they responded immediately, advising the plants to go to the highest levels of security, and they issued about 60 advisories and orders. As an auditor, I am going to stop here and let them take credit for what they've done. They have, in fact, done a lot of things, and there is no doubt that security has been enhanced. But what we get paid to do as auditors is to bring forth concerns, and that's what I will do today. While we applaud these efforts, the question is today: Has it been enough? It will take several more years for NRC to make an independent determination that each plant has taken responsibile, reasonable, and appropriate steps to provide protection. The first step that NRC chose was to create new security plans to implement their new DBT. While the original plan was envisioned to take 2 years, the commissioners decided to use an industry-developed template with yes-and-no answers to speed up the process. And, Mr. Tierney, they did hire contractors to help review the plans, and they wanted to get it done in 6 months. Now, we have some concerns about how the NRC is doing this first step. Not that this first step is wrong, it's just the process they chose to use. First, NRC's review has been rushed, and is largely a paper review, in our opinion. NRC reviewers are generally not visiting the plants to obtain details. However, we have learned that they are recently beginning to visit some of the plants and ask some questions relating to their plans. We understand they may have visited about approximately 4 or 5 of the 65 facilities and the 100 plants that are under consideration. The plans themselves, and we have reviewed 12 of those plans, do not detail defensive positions at the site, how the defenders would be deployed to respond to that attack, or how long the deployment would take. In addition, NRC is not requesting the documents and the studies supporting the plan; so, in our opinion, as a result, NRC today as they are reviewing these plans, even though when they are approved they still will not have a lot of detailed knowledge about the actual security at the individual facilities prior to the approval of those plans. Second, as it clearly has already been pointed out, it will take up to 3 years for the NRC to test these plans through force-on-force exercises at each facility. Moreover, NRC is considering action that could potentially compromise the integrity of these exercises. And I refer, as members of the subcommittee have already raised, the consideration of using a private company, Wackenhut, that is a company that the nuclear industry has selected, a company that clearly has had problems in the past at Oak Ridge--and, I might add, that NRC was doing oversight when these problems did happen--and a company that provides guards for about half the facilities to be tested. We understand Wackenhut is currently under contract with about 50 percent of the nuclear facilities. This relationship with the industry also raises questions about the force's independence. And that's just a question that needs to continue to be asked in terms of due diligence by the NRC in terms of assuring that whatever contractor is used, that there is independence. We note that the NRC's DBT is similar to DOE, as you have stated, Mr. Chairman and Mr. Shays. As you know, in April 2004, DOE officials told this subcommittee that they would have to rethink its threat assessment that they were using. DOE, we understand, completed that review last Tuesday and substantially increased their DBT. If the NRC, when they consult with their commissioners, decides to revisit or revise the DBT, NRC will clearly need more time. How much time I think is a good question, that's already been asked of the NRC. Also, funding the cost of any additional protection that may be required could also be a fairly significant issue for the industry. NRC has already clearly publicly stated that the current DBT that they are being required to defend against is the largest reasonable threat against which a regulated private guard force should be expected to defend under existing law. Also, potential vulnerabilities of additional assaults are on the horizon and currently are being addressed outside of the existing DBT. Any change in any of these approaches could place additional requirements on the plants. And I speak here about the airborne nature over the nuclear power plants. In conclusion, can the public be assured that NRC's efforts will protect the plants against attack? Our answer to you today is not yet. It will still be some time before NRC can provide the public with full assurances that what has been done is enough. Some of these enhancements are still being put in place, and they remain to be tested. Ms. Maloney and Congresswoman Watson, you have raised questions about NRC not agreeing to do some of our recommendations. Yes, we still disagree. Maybe it's an issue of substantial versus minor. We've found, others have found, sleeping guards, guards that have falsified records; access has been granted to individuals in highly secured areas that had no business being there. We are not sure that's minor. While NRC may initially disagree with some of the things that we raise about trying to improve, it's questions like this raised by this subcommittee that may help the NRC in terms of seeing the light and moving forward and making some substantial improvements. We have a lot more audit work to do, Mr. Chairman. You have asked us to do a lot of things, including an assessment of the DBT and a lot of concern about the vulnerabilities, and is the current DBT actually going to do anything to help protect the actual vulnerabilities that exist. So we still owe you a report a year from now or early next year, if we can finish it, on how NRC defines the threat faced by the nuclear power plants. We believe, based on what we have seen today--understanding that we are still preliminarily still doing our audit, we have not completed our work, and, in fairness to the NRC, have not given them an opportunity to comment or react to what we have seen today--that it's important that NRC act quickly and take a strong leadership role in establishing a worthy adversary team for these upcoming exercises. I can't overemphasize how important these exercises are to test what's being put in place. These improvements are expensive, and we want to make sure that they are actually doing what they are intended to do and can in fact defend the plants. Perhaps NRC needs to consider establishing priorities for the facilities to be tested. Quite frankly, we have seen a common general approach that they take. They tend to look at plants in general, generically. But clearly when you come to vulnerabilities and you come to assessment of threats, you need to look much more closely and individually at plants and perhaps prioritize where you put your attention first. They need to carefully analyze test results if they detect any shortcomings in the facility's security, and, perhaps most importantly, be willing to require additional security improvements as warranted or as discovered. Mr. Chairman, this testimony, or the statement, provides our preliminary reviews. We'll be happy to respond to any questions you may have. Thank you. Mr. Turner. Thank you, Mr. Wells. [The prepared statement of Mr. Wells follows:] [GRAPHIC] [TIFF OMITTED] T8358.020 [GRAPHIC] [TIFF OMITTED] T8358.021 [GRAPHIC] [TIFF OMITTED] T8358.022 [GRAPHIC] [TIFF OMITTED] T8358.023 [GRAPHIC] [TIFF OMITTED] T8358.024 [GRAPHIC] [TIFF OMITTED] T8358.025 [GRAPHIC] [TIFF OMITTED] T8358.026 [GRAPHIC] [TIFF OMITTED] T8358.027 [GRAPHIC] [TIFF OMITTED] T8358.028 [GRAPHIC] [TIFF OMITTED] T8358.029 [GRAPHIC] [TIFF OMITTED] T8358.030 [GRAPHIC] [TIFF OMITTED] T8358.031 [GRAPHIC] [TIFF OMITTED] T8358.032 [GRAPHIC] [TIFF OMITTED] T8358.033 [GRAPHIC] [TIFF OMITTED] T8358.034 [GRAPHIC] [TIFF OMITTED] T8358.035 [GRAPHIC] [TIFF OMITTED] T8358.036 [GRAPHIC] [TIFF OMITTED] T8358.037 [GRAPHIC] [TIFF OMITTED] T8358.038 Mr. Turner. One of the statements in your written testimony, it says NRC has already stated that the current design basis threat is the largest reasonable threat against which a regulated private guard force should be expected to defend under existing law. Now, we have been looking at, in addition to power plants, nuclear weapons facilities, and it has seemed to me that perhaps we are going about this backward. The design basis threats are being defined as a result of the resources that are available rather than the actual threat that exists. The statement that you have here in your testimony seems to indicate that the design basis threat is not a full evaluation of what the actual attack method or threat could be to a nuclear power plant, but is instead a review of what resources they have and what maximum capability that they would have to respond. Could you speak about that for a moment? Mr. Wells. Yes, sir. NRC in their own words have characterized their responsibility as a regulator which presents challenges, and they have used the word ``balance.'' They have a lot of concern for balance in terms of what should be required, what can be regulated. And they also have a responsibility to maintain a viable industry to deliver electricity to this country. Clearly, that involves choices and decisions. Our observation, having conducted several audits and continuing with our work, is that the NRC, as a regulator, has placed a lot of faith in what the licensees tell them. They also have to provide some trust level to the licensee. We have seen examples in doing our Davis-Besse work where that may not have been as valid as they should have been. So I think the question being asked today and the question that continually needs to be asked: What do you expect of the regulator? Mr. Turner. The paragraph that I'm referring to goes on to say that, also, certain potential vulnerabilities such as airborne assaults are currently being addressed outside of the DBT. Now, what it has seemed to me in reviewing the materials, that there is certainly--the responsibility for it is assigned outside of the design basis threat, but I'm not confident that it's currently being really addressed. Do you see any efforts that, outside the design basis threat, that there is coordination, that there is sufficient effort to actually respond to the threats that are beyond the box that they are currently dealing with with the design basis threat of the private guard force? Mr. Wells. Congressman Turner, NRC has given us access to the design basis threat. We are well aware of what the design basis threat, what is contained in the design basis threat. We are dealing with safeguarded security information that prevents me from actually discussing in terms of what is actually in the plan or not in the plan. We have asked them what they are doing in terms of considering airspace over the nuclear power plants. They have responded to us that they have contracted for, paid for, and have the results of a fairly significant study that they have done. They indicate it's classified. I cannot get into that today. Mr. Turner. I'm not asking about any information for you to disclose. I'm asking about the issue of coordination. It seems to me that the initial statement that we have in your written testimony is the design basis threat is a box that is based upon a private guard force and that they are not necessarily going beyond that. Then the next statement in the testimony is that with respect to airborne assaults and certainly, I would think, other issues that go outside of that box and what the private guard force would be able to do, which would require coordination with the DOD, we have also discussed NORTHCOM and NORAD. Do you see any evidence that coordination is effectively occurring, or is it just, as you relate, to other reviews, just a paper coordination going on? Mr. Wells. Let me respond that, as I said earlier, we are still conducting our work, we are still asking questions. I don't have a conclusion or a reaction for you. Factually, we are aware--as NRC stated this morning, they are talking to the FAA. We are aware that the nuclear industry themselves is on public record saying that is a defense that they don't believe is their responsibility, that is a national responsibility. So we will continue looking at and assessing the requirements that are in the DBT or not in the DBT. That is something we haven't done yet. Mr. Turner. One real quick followup question. In the testimony that we heard before, it was dismissed as to whether or not aircraft attacking these facilities are of any danger. That doesn't seem reasonable to me. What is your opinion of that? Mr. Wells. We had several words in our statement that was sent to the NRC for classification purposes, and those sentences and words were removed from the statement because of the security concern. They do have information on the study that they have conducted. Mr. Turner. It is an area that you are concerned with then also? Mr. Wells. Absolutely. We will continue our assessment of the vulnerability versus the design basis threat that's being put up against it. Mr. Turner. Thank you, Mr. Wells. Mr. Kucinich. Mr. Shays. Would the gentleman yield for a second? Mr. Kucinich. Sure. Mr. Shays. This is the statement you were going to give today? Mr. Wells. That's correct. Mr. Shays. Were there a lot of things taken out of your statement? Mr. Wells. No, there was not. There was a few word adjustments. We sent the entire statement, from my opening statement to the end of my statement, for classification review because we have a public obligation---- Mr. Shays. I think that makes sense. That's not the issue. I just was curious if there was just one area. Mr. Wells. The area involved the airborne attack issue. Mr. Shays. OK. Thank you. Mr. Turner. Mr. Kucinich. Mr. Kucinich. Thank you. Mr. Wells, as Secretary of Energy, Secretary Abraham recently announced the formation of an elite specialized military-type team that would be used to test security at DOE facilities. Do you believe the NRC should follow suit and turn this function from what you have described as sleeping intoxicated guards into a government function? Mr. Wells. Unfortunately, I haven't done the audit work to support a conclusion to give you a straight answer. I know that's something that this chairman has asked us to continue to do and report on the end of this year, and we are continuing. Mr. Kucinich. Well, you have done the audit work on one part of the equation. Mr. Wells. Yes, we have, but not on the design basis threat. But clearly we are aware that there are different types of facilities. There is nuclear material. We are aware that the DOE has different classifications of types of material and different guard force versus private guard force. There are different issues between the agencies that could account for some differences between what's required. We just don't know how valid that fact is until we actually have a chance to look at it. Mr. Kucinich. I want to go over some territory here. You stated in your testimony that the October 2004 deadline for implementing the DBT is on schedule, but that this is based only on a paper review, and that the NRC cannot determine if the plans would actually protect the facility against the threat presented in the DBT. Mr. Wells. That's correct, sir. Mr. Kucinich. Is that correct? Mr. Wells. That's correct. We know that they are 85 percent complete with approving those or looking at those plants. But even when they are 100 percent approved, we still take our position that they only got what they got. Mr. Kucinich. Well, so then should the NRC be more involved in the oversight over the DBT implementation process? Mr. Wells. Absolutely. They have acknowledged to us that this is a first step, and they have step two and step three and step four. We just know it's going to take additional time before they can reach that assurance to the public that everything that has been put in place will work. Mr. Kucinich. And what kind of improvements has GAO recommended to be implemented in the NRC inspection program, and, why if they have, has the NRC resisted in making those changes? Mr. Lightner. There are two open points from our report from last September that NRC has not taken action on. I believe they have been discussed earlier. But the one has to do with followup on security violations that were noted. Particularly we're concerned with something called noncited violations which are followed up by NRC only as part of a sampling process. And as stated earlier, I believe our difference with them is over what is significant and what isn't. NRC cites these as noncited violations primarily because they have occurred less than two times in the prior year. I believe our concern is that even if they occur once, and they are significant, such as falsifying records related to guards' checkpoints or a sleeping guard, that they are significant and should be followed up on in every case to make sure that this doesn't happen in the future. Mr. Kucinich. So you then challenge the underlying assumption which the NRC has about what's significant? Mr. Wells. That's correct. Mr. Kucinich. And let's go a little bit deeper into this. Are you saying that their assumptions contain within them potential threats to the security of nuclear power plants? Mr. Wells. Noncited violations, if a guard is sleeping or unauthorized individuals are allowed access in secured areas, falls directly in security. I don't know how else to say that. Mr. Kucinich. So is that a yes? Mr. Wells. It certainly raises concern. Yes. Mr. Kucinich. Thank you. Mr. Turner. Ms. Watson. Ms. Watson. I'm going to quote from some information in your report, and you can tell me if it's accurate or not. And it says, for example, the plans do not detail defensive positions at this site, how the defenders would deploy to respond to an attack, or how long the deployment would take. In addition, NRC is not requesting and the facilities are generally not submitting for review the documents and studies supporting the draft security plans. Can you comment on that? Mr. Wells. The best way to comment would be to describe a plan; a plan is approximately 150 pages long for a single plant; 80 to 85 percent of the information is a template in which the licensee responds and checks a box yes or no. An example is the requirement that lighting be sufficient so that guards can see someone at night? The licensee would respond, yes, we have lighting. I know I'm oversimplifying this a little bit, but I'm giving you the implication of the template nature of the plan that's developed. Basically, what the licensee is doing is certifying to or committing to the NRC that, when they get out there to look, with all the details, they will find that the licensee is committing that they will have something in place that will meet all the template requirements that NRC is imposing. That's the nature of the plan that we've looked at. It does not describe where the guard tower is, the location of the guard tower. It does not describe that. It just says we have guard towers. Ms. Watson. Yeah, but they might be in New York City, you know. I'm not comfortable with where we are now, and I definitely am not comfortable with my constituents' security. And within the State we do have nuclear power plants. Are you, as an agency that goes in and accounts for resources and so on, satisfied that we are where we need to be at this time, this point in time? Mr. Wells. In regard to the Nuclear Regulatory Commission? Ms. Watson. Yes. Mr. Wells. We have issued two reports. We are going on our third report. And in each of those reports we have surfaced concerns and made recommendations that we suggest could improve government operations and regulatory issues with the NRC. So we are doing what we can to raise these issues and to recommend fixes. Ms. Watson. But are you satisfied with where the NRC is? This is September 2004. Are you satisfied, September 2004, that we are where we should be? Mr. Wells. NRC needs to be given a lot of credit. They have done a lot of things as quickly as they possibly can under their requirements. I have to be careful in answering that personally, I would always like things to be done faster. And I agree with the chairman to say that 14 months to design the DBT, allowing another year to put it in place, seems like an awful long time. But we are dealing with a regulatory agency that has public concerns; they are facing lawsuits about whether they do rulemaking, whether they do orders. I understand the challenge they have. Personally, I would hope that the intensity level, as the chairman referred to, perhaps could be moved forward. I encourage the NRC to ask the DOE why they were able to do a revision to their DBT so quickly. And in lessons learned, if there is something DOE did that the NRC could use, I would suggest that they pay attention and try that. Ms. Watson. And let me just say that I heard the word ``resources,'' but I didn't hear the elaboration. Are they lacking the resources to work in a more speedy fashion? Mr. Wells. Clearly, the NRC has gotten a mandate and a mission to be a regulatory agency that is a commission that's funded by the industry. So there has always been this fine line between, we have an obligation to require our regulators to regulate an industry and how to go about doing that. There has always been resource constraints and issues involved with the NRC in terms of how much resources they have to effectively get the job one. And it's a very tough balance that they face. Ms. Watson. See, that kind of gives us a hint as to what we as policymakers, hello, who have the oversight, should be doing. And we, working with industries, nongovernmental, you know, ought to realize that they are not going to move unless they have the resources necessary. So thank you for your statement. And I will yield back the balance of my time. Mr. Turner. Mr. Chairman. Mr. Shays. Thank you. I think you are being very fair to the NRC. I mean, you said they responded quickly and decisively to the September 11, 2001 terrorist attacks, and multiple steps to enhance security at commercial and nuclear plants. It gives, to me, more credibility when you point out some of what they aren't doing. I do think there is some value in looking at parallels between what DOE is doing. What I'm getting a feeling of--and I would love you to explain this concept of orders versus rulemaking. The Secretary of Energy can basically say, damn it, just do it. And, you know, admittedly bureaucracies take a while, but doesn't the NRC have the capability to say let's do it? No more 2 years, no more whatever, just get the job done and do it quickly. Do they not have that capability? Mr. Wells. Mr. Chairman, I'm not a lawyer, but I believe that they do have wide discretion in orders that they can issue, advisories that they can issue. There is a line between what's voluntary implementation by the industry and what's required of the industry. However, I do know that they are facing several lawsuits challenging the right to issue just-do- it orders. Mr. Shays. By these companies? Mr. Wells. By public interest groups. Mr. Shays. Well, by public interest groups that are unhappy that they are not moving quickly. Are the companies taking challenges to the---- Mr. Wells. I'm not sure who the---- Mr. Shays. Well, I mean, with all due respect, I mean, I might be one of those people going after the NRC as well if they are not moving quickly. I mean, we are really talking 6 years from September 11th to when the design basis threat is going to be shown at least in one experience at each plant. So your basic point to us is that this is pretty much a paper review today. Do you stand by that? Mr. Wells. I do. Step one has been a paper review. Mr. Shays. I mean, there isn't any real-life stuff going on to make sure it's happening yet. Mr. Wells. We have been recently made aware that they visited four or five places to ask some questions about what was actually in the document. Mr. Shays. Well, we have 65 places they could visit, and they have gone to four or five places? Mr. Wells. That's correct. Mr. Shays. So, I mean, we are not even talking about the efforts to break the integrity of the plant and those exercises; we are just talking the NRC just going there and checking it out firsthand. Mr. Wells. That's correct. Mr. Shays [presiding]. OK. So they are going to rely on the force-on-force, but they haven't started that yet. Now, what I think is pretty stunning is your statement on page 13, where you talk about instances of security guards sleeping on duty and security officers falsifying logs to show that it's been checked--had checked vital areas and barriers when he was actually in a part of the plant, for example--were treated as non-cited violations. The whole issue of non-cited violations that was raised by my colleague, who gets to decide whether they are noncited violations? Mr. Wells. The NRC. Mr. Shays. Now, what would be the logic for making them noncited? Tell me the logic. What would be their argument? Mr. Lightner. In a NRC letter responding to our last report, they wrote to us, ``the use of noncited violation contributes to an environment that fosters licensee's self- identification and correction of problems, an important organizational behavior that NRC encourages.'' It's our understanding that this is the philosophy that they have and that they want the licensee to identify and correct the problems that---- Mr. Shays. So you think if they make them cited, they won't do it? They won't share it? I'm missing the logic. Mr. Lightner. I believe it's a difference in philosophy between maybe NRC and the GAO. Mr. Shays. Well, we'll have them explain the philosophy. Mr. Lightner. Based on these statements and their response to our report, I believe they believe that it's the responsibility of the licensee--they would like the licensee to find as many problems as they can and correct them. And we wouldn't disagree that's a good thing for them to be the people onsite to find and correct them. Mr. Shays. So what I'm reading in that is if they cite them, they will be less inclined to share them and disclose them? Mr. Lightner. No, I don't think so. I think they just want them to be aware of the problems and correct them. Our view is that's fine, except we believe a regulator should be aware of what the problems are and be right on top of the correction and followup on those to make sure they do the job. Mr. Shays. So we basically have a grade; it's either cited or non-cited. It's either a pass/fail? I don't mean pass/fail, I mean, a cited violation evidently is significant. Mr. Wells. It is significant, and they would do followup and they would verify in fact that it's been corrected. If it's a noncited violation, they would trust and have faith that the contractor has said I fixed it, and then the NRC would not necessarily do a followup to verify. They may do some sampling a year so later to see if it was. Mr. Shays. Is that because the commercial enterprise was the one to find the---- Mr. Wells. It could go either way. The NRC could find it or the licensee could find it, and it could both be noncited. Part of it has to do with NRC's regulatory philosophy that they are to provide oversight, not necessarily to be there on a day-in/ day-out basis critiquing the operation of the nuclear power plant. There is a reliance on the operators to do a good job and fix things as they find them. Mr. Shays. Right. Are they prevented if it's a noncited violation from verifying that it's been fixed? Mr. Wells. They are not prevented. If it happened to fall in their sample and they went out and looked and found that it was not corrected, I assume that there would be consequences to the licensee for not fixing it, or to the licensee who might have said, yeah, we did fix it, but they didn't. Mr. Shays. Well, it seems to me, as you said, this classification tends to minimize the seriousness of the problem, which it certainly does. Non-cited violations do not require a written response from the licensee and do not require NRC inspectors to verify that the problem has been corrected. Mr. Wells. That's correct. Mr. Shays. But it's really two parts. They don't even have to do a written response. Mr. Wells. No. That's correct. Mr. Shays. I find that very surprising. I mean, really surprising. The NRC used non-cited violations extensively for serious problems, thereby allowing the licensee to correct the problem on their own without NRC verification of the correction. So your point to us, which I think is serious, is that these are serious violations there also. And you stand by that? Mr. Wells. I do. Mr. Shays. Consequently, NRC may not be fully aware of the quality of security at a site, and the lack of followup and verification reduces assurances that needed improvements have been made. I just would totally accept that as logical. Let me just ask you, could someone find out how much time I have for the vote? Just check the TV. That tells me that licensees are commercial enterprises,correct? And I have nothing against commercial enterprise. I happen to believe in it. That's one reason I am a Republican. Mr. Wells. That's correct. Mr. Shays. But what I don't quite understand--am I to infer that they, in a sense, compete, that they view themselves as competitors and not sharing information? I mean, lessons learned is what I deeply care about. Are they sharing information with their competitors about screw-ups they have done in their own plants? Mr. Wells. That would be an excellent question to ask the industry folks that are on the third panel. We at GAO haven't done any specific work to look at sharing of information, but there is a lot of proprietary information out there. No question about it. Mr. Shays. OK. Well, I believe you have done a helpful job. I sense that you are using your words in a measured way, which makes me think that we need to pay more attention to them than we may be. Is there anything you want to put on the record? Is there anything that we should have asked that we didn't that you wish we had asked? Mr. Wells. I think the continuing oversight by the Congress of the Nuclear Regulatory Agency is something that is important. They have a very important responsibility that's greatly increased since September 11, 2001, and I think the public deserves a lot more openness about where we are and what's happening. And I understand the security needs, but I also, you know, am sensitive to even as auditors going into an agency, a regulatory agency like the NRC, that sometimes I don't feel like we are getting as much cooperation in terms of trying to improve government operations as opposed to only trying to minimize how they answer our questions. Mr. Shays. Yes. Mr. Wells. So I would hope that we and the future Commissioners of the NRC can work something out from an operating procedure because we are in this together to try to find out a better way to regulate a commercial nuclear industry that doesn't share a lot of concern about what may happen in the future from terrorist attacks. So we are there to help, and I am looking forward to that improved operation and working relationship. Mr. Shays. Well, I think that you have earned that right to expect that. Thank you. Mr. Wells. Thanks, Mr. Chairman. Mr. Shays. That is a very measured report. I appreciate that. I guess I am the chairman now for a second. I would just say to our first panel, you will be the first that we will call back as soon as we get back from voting. You really have about 20 minutes, if anybody wants to go downstairs and get something to eat. I think that it will probably have three more votes. I don't think we will keep you here that long. So I thank you all very much. We stand in recess. [Recess.] Mr. Shays. We are back to order. Both witnesses have been sworn in, and we sincerely appreciate you all waiting. We do have some questions we would like to ask you based on the GAO's report. I would say to you that in my judgment, when you get into these issues of nuclear security and so on, you can really make things pretty sensationalized because the consequences can be quite significant. I view the GAO as someone who took no cheap shots, just came out with some concerns. I would like you to address them. I need to have you explain to me, if you would, Mr. Reyes, why we are not seeing cited complaints and a written response to them as discussed in the report by the GAO. Mr. Reyes. The NRC requirements on violations, whether they are safety or security, is a graded approach. Mr. Shays. Are what? I'm sorry. Mr. Reyes. Graded approach. In other words, for more significant violations, the licensee is required to provide an original response if appropriate. For the noncited violations, which are the violations of lesser significance, we do not require them to send us a document. What we do require them is to put in their corrective action program. They have a program that is required by their quality assurance program to note any deviation or any violation of any requirement and to track the corrective action into full implementation. Now, for significant violations, we do follow with NRC inspectors to confirm that all of those actions were taken and that they are effective. For the minor significant violations-- we call them noncited violations--we do it on a sampling process. Now, that doesn't mean that we don't know what's being done. See, I think there's a misconception that for those violations that we don't do a complete detailed followup we don't know what's been done. See, at every power plant in the country, the NRC has an office and has inspectors that live in the community and work there every day and interface with all of the employees at that station. So we do know, in general terms, what those that we didn't sample, the corrective actions were and what is being done. But we didn't send any specialist. We call them---- Mr. Shays. I should have known that, but you are saying you actually have someone onsite? Mr. Reyes. We have more--there are two NRC inspectors at each fuel--nuclear power plant and the field officers NRC---- Mr. Shays. I knew they were there. I didn't know they were specific onsite. Mr. Reyes [continuing]. Physically onsite on the facility. They live on the community. They have unfettered access to any part of the nuclear power plant. Mr. Shays. So they don't have any operational responsibility. They can just walk wherever the hell they want. Mr. Reyes. Exactly right. At any time of day and night. Mr. Shays. That sounds like an interesting job. Mr. Reyes. I used to be one when I earned an honest living, and I loved it. Mr. Shays. It doesn't sound like an honest living. Mr. Reyes. It was. It was protecting public health and safety. But, at the same time, you have hands on and the real activity that was going on in a facility. Mr. Shays. How do you avoid not developing such a personal relationship that you kind of close your eyes? Mr. Reyes. Very good question. We have a policy that we require them--first of all, there be two of. And the maximum time they can stay at one facility is 7 years, and we force them to rotate from one facility to another. Then we have requirements from the supervisors from the regional offices to visit them at least quarterly to make sure there is--we call them objectivity reviews to make sure that in fact they are not being either unfair one way or the other. You can go either way. Mr. Shays. OK. It is a strange terminology to call it minor significant violation, which is what you said. It sounds like you have three gradations here. But if it's significant, why is it minor? And if it is minor, why is it significant? Mr. Reyes. Maybe the terms are confusing. What we do, this panel that we referred to earlier, which is representative from all of the field offices and the headquarters program office, has guidelines in terms of the significance of the violation, and we--one of the categories, the lowest category, is called noncited violations, and I believe that's the one that GAO was referring to. Mr. Shays. Right. Mr. Reyes. That we don't specifically follow through by sending inspectors to check every one of them. We do it in a sample approach. Mr. Shays. Is someone who is falsifying papers, is that a significant violation? Mr. Reyes. I am going to have to defer---- Mr. Shays. Yes, talk to me a little bit about how you decide what is a cite, what isn't---- Mr. Zimmerman. Good question. Mr. Shays [continuing]. And who decides. Mr. Reyes. We decide. Mr. Zimmerman. It comes back to the panel that we talked about. Mr. Reyes. NRC panel. Mr. Zimmerman. NRC panel made up of representatives from each region and from our headquarters in Rockville. And what we look at, is it an isolated case or does it permeate the organization? Mr. Shays. Right. Mr. Zimmerman. That's one of those factors that can help determine the significance of the item. How long has this been going on? Is this the first time it's been done? Or through our investigations--we have investigators. When we have a concern that potentially could be problematic in nature, we could use our investigators to come out and get additional information. But the length of duration, what could have happened with the fact that this record of this door was not checked. If the door is alarmed and this was a belt and suspenders and the individual didn't check the door, but there is no reason to suspect the door all of a sudden isn't working properly, does it work well afterward and before? And you check it afterwards, and it is still working, and it doesn't have a history of problems, a reasonable person could likely say that door probably would have worked, the belt and suspenders weren't there, but the door was still secure, as was the vital--those types of dialogs back and forth weighing the significance of this item is what this panel does. A comment I didn't make in our earlier session of this is there was dialog that you had with GAO. Well, maybe this is a difference of opinion between what is a minor violation---- Mr. Shays. Right. Mr. Zimmerman [continuing]. And what significance is. One of the things we are planning on looking at, because we have a review going on of what we call our significance determination process, which really is the hierarchy document, and we are piloting that activity right now. And it's possible--I don't know what the results will be, but it's possible that we may change some of our thoughts with regard to where that break point is between something being minor and something being more significant. That's an activity that we started in the July timeframe. Mr. Shays. Let me yield such time as he may consume--not yield, let me give him the floor. Mr. Tierney. Thank you, Mr. Chairman. I would almost like to ask you a broad question. I would say that to the end I am still a little concerned with your force-on-force aspect and the finding that Wackenhut had knowledge that stand-by personnel had been used in test performances in the past. It seems that people were sort of trailing other people just to get the idea of where they might go and some of the information that would have been held inside and was not. Tell me why we shouldn't be concerned about that? Mr. Reyes. Let me give you the three major points; and then, if you need more details, I know Mr. Zimmerman has a lot of details. But I think you need to remember, and I made that point earlier, DOE operates and regulates itself. In the case of the nuclear industry, commercial nuclear industry, we are the ones who do the oversight for those facilities. So when you bring the adversaries to do the force on force in this case you are talking about--is employees of this Wackenhut corporation. We, the NRC, review that in fact those individuals did the right thing. So we are the ones who are accepting their credentials and are they ready to do the test. We, the NRC, determine what the venue is that will be. And we are there in large numbers in the preparation and conduct of the test, and--as it is the NRC who decides whether the performance was acceptable or not. Mr. Tierney. But still, apparently, someone still got the heads-up of how it was going to be done, what the attack would look like and be prepared for it. Mr. Reyes. But that is the Department of Energy example from the IG findings, and we are aware of those IG findings, and we have already trained our inspectors to look for those kinds of issues. Mr. Zimmerman. I think in the earlier session we talked about what we do every 3 years, where we will be with the adversary---- Mr. Tierney. Check that. Mr. Zimmerman. I will get back to you. Check the miles front and afterwards and all the things we do, the sensitivity we have toward it. Then we have the annual exercise that the licensee does, and I believe that we plan on observing those, but I want to make that distinction between those two different types. The understanding that I have been given is at Y-12 it was not the DOE standard force on force where this occurred. It wasn't like our 3-year exercise. It was the off-year activity being done by the site, so that it had less oversight, less controls. It doesn't make it right, doesn't make it right. But I wanted to clarify for you that if in your mind you are looking at it and saying that equates to the NRC's 3-year force on force, I am trying to clarify that is not the---- [The information referred to follows:] [GRAPHIC] [TIFF OMITTED] T8358.039 Mr. Tierney. I understand that. That we don't do those for every 3 years leads me to believe we ought to be concerned less about the annual periodic checks, that those don't occur either. I am real concerned about these private enterprises policing themselves even if they aren't monitored by the NRC. It is like the fox watching the chicken coop here. I have a real problem with them doing the training and them deciding what the hours are going to be and them deciding what the force on force is going to be, even if they have your supervision---- Mr. Zimmerman. They don't decide. Mr. Tierney [continuing]. Your decisionmaking. There are examples of that information getting out and not being done right, and it is troublesome. Mr. Zimmerman. I understand the perception. They are not deciding anything. They are not deciding what path they are going to take. This is scripted by the NRC saying this is the path that you are going to take. The people doing it are our contractors. Mr. Tierney. That's every 3 years. Mr. Zimmerman. Every 3 years. Mr. Tierney. The annual ones--which I would imagine are just as important--that is not the case. Mr. Zimmerman. And the benefit of having a contract organization such as Wackenhut organization in place is that if I am one of the individuals who was selected to be on the composite adversary force I am going to learn an awful lot. Now I am going to take it back to my site and enhance the performance of those annual exercises, and I am going to bring back best practices associated with where I have been. Mr. Tierney. I am not sure I buy that, Mr. Zimmerman. But, you know, I hear what you are saying, and I respect your opinion on that. But I am not sure I buy it. Mr. Zimmerman. Let me add one in closure---- Mr. Tierney. Sure. Mr. Zimmerman [continuing]. That will make you feel a little bit better. If it turns out the NRC is not satisfied with the performance of this group, we are going to do it ourselves. The Commission has told us that. Mr. Tierney. But that is every 3 years. Mr. Reyes. He means the whole concept. The Commission is trying this approach right now. He is talking about the whole concept of Wackenhut supplying the adversaries. The Commission hasn't ruled out that we will have this--that this is the only way to go. We are doing this. The Commission can change their mind and say, no, we are going to do it differently. Mr. Zimmerman. The first use of this composite adversary force is occurring this week. This week is the first time it will be used in force on force. It will be on strength. If it doesn't meet our standards, then they will hear about it and the industry will hear about it. If there is the need for course corrections, they will be made. Mr. Tierney. I have serious concerns on that. I would be interested if you would report to this committee what you find after that goes on and give us some detail on that. Mr. Zimmerman. I will do that. [The information referred to follows:] [GRAPHIC] [TIFF OMITTED] T8358.040 Mr. Tierney. I would greatly appreciate that. That is one of the overriding concerns that I have, is that we are really not in charge of every aspect of who is in there providing security. I don't want to use up too much of the time here. Mr. Shays. I would just have a question--the gentleman yields the question. Mr. Tierney. Now you have heard other people testifying here this morning. What do you think are the serious concerns that they raised and what is your response to those most serious concerns? Mr. Reyes. GAO audits are not complete, and they haven't visited the facilities. We are concerned that you are giving the impression that all they do is a paper review. We tried to bring some pictures. Mr. Tierney. Correct me if I am wrong. You haven't visited all the facilities either? Mr. Shays. I have to show you the pictures. The pictures to me were confusing. Mr. Reyes. OK. We cannot show you---- Mr. Shays. I don't understand why I should be impressed with someone who has a gun and a helmet on. Why would I feel good about this? Mr. Reyes. The physical barrier? Mr. Shays. Yes. Mr. Reyes. See the physical barrier, the pop-up barrier? Mr. Shays. Yes. Mr. Reyes. When GAO says that all that is going on is paper--we are trying to say there are physical changes at these facilities in the field. Now we couldn't bring pictures of everything. Mr. Shays. OK. Tell me this---- Mr. Tierney. I think the concern was that you determined that those physical things were through a paper review in all but about four to six instances. Mr. Shays. And, again, if the gentleman would yield just for a second. So this is the barrier. Mr. Zimmerman. A barrier. Mr. Reyes. Yes. A pop-up barrier. Mr. Zimmerman. It rolls down and pops up. Mr. Shays. All right. I am not impressed. Mr. Reyes. But that is not a paper issue. I mean, there are physical barriers there. Mr. Shays. What does this tell me? Mr. Reyes. You say that--bullet resistance. Mr. Zimmerman. Up. There you go. Mr. Reyes. That is a strategic point to show the adversary--I can't go into details but made out of bulletproof---- Mr. Shays. It is totally bulletproof. Mr. Reyes. Yes, sir. Mr. Shays. That is helpful. I didn't know that. Now this one. Mr. Zimmerman. Same thing. Mr. Reyes. Same thing. That is another strategic point. And we can't tell you how many officers. Mr. Shays. What brings down something like this? It would have to be a grenade launch or a rocket? Mr. Reyes. You would have to have a sizable weapon. Mr. Shay. OK. Mr. Reyes. So our only point was trying to make that there are physical changes there. We couldn't bring you all the pictures. We really invite the committee or any of the staff on the committee to go and visit. Because in this forum we can't go into the details. But it's more than paper. We were surprised that they are characterizing it as that. Mr. Shays. Is the gentleman also going to get into the issue, I hope? Mr. Tierney. Just jump in. Mr. Shays. No, I just wonder if you were going to pursue your questioning on the quality of the people. Mr. Tierney. I don't know if you are going to bring that up or not. I am concerned and interested--I don't know whether I am the only one concerned about the quality of the people that are actually in there as security personnel. You know, the background check. Who is going the background check? How in depth it is. Who does their training? Who observes the performance on the job? Who determines whether or not they are properly proficient in weapons? Who determines that they are showing up on time, doctoring records, doing all those things? Mr. Reyes. The background checks are all done by the Feds. In other words, the FBI processes the fingerprints. Mr. Tierney. So anytime Wackenhut or anybody else wants to hire somebody they have to check them through the FBI? Mr. Reyes. Yes, sir. Yes, sir. The psychological test is done by a contractor to the facility, but it's a doctor with his own credentials to go through that. Now we are the ultimate who reviews that. Our inspection is called access controls. Contrary to what you heard here from GAO, we conduct those all the time and they are being conducted as we speak. So we are there where the rubber meets the road doing those inspections. Mr. Zimmerman. Background checks are more rigorous and more frequent than it is for other individuals that have vital area access because of the fact that these individuals are armed. Mr. Reyes. Yes, the armed individuals receive a more thorough review. Mr. Tierney. Do you have any of the concerns raised by the Department of Energy or the GAO? Mr. Reyes. The recommendations, you mean? Mr. Tierney. Yes. Mr. Reyes. We take them seriously. We have endorsed some of them. We have implemented some of them. Others we are still considering. We just haven't gotten to them and haven't ruled them out. Mr. Tierney. Thank you. Mr. Shays. Thank you. I would just like to ask, and do this real quick because I want to get to the next panel, but I think you have been very responsive. I don't get a sense there are consequences if bad things happen. So make me feel good about consequences. First off, anyone who was inebriate, drunk, they are fired, right? Mr. Reyes. Yes, sir. Mr. Shays. OK. And then there is the question as to how that would have happened. So you don't want a written explanation from--why wouldn't there be at least a written explanation? Mr. Reyes. There is an aside. We know that the individual was fired. Typically, it was by the supervisor observation program. The supervisors of these individuals are trained to observe behavior. So the way it is found out is typically we have a report that a supervisor requests it for cause, testing of an individual. We know an individual is no longer aware, and we are aware of the corrective actions we are taking over all of the facility. We may not send an inspector just to review that in detail. Our inspectors onsite are aware that this individual is not coming back, and they are in discussion with the other security guards, and that's why we have the inspector at the plant who has access to all 1,000 employees. They know and they ask, do you know what happened, and make sure that word gets out that is not tolerated. We do have indirect means to confirming it. I think there is a misnomer on---- Mr. Shays. Wait. If you have people onsite, it seems to me you are able to check it the next day. That's why I am beginning to think, if you have people onsite, they are aware of the citations, correct? Mr. Reyes. Yes. Mr. Shays. Don't they write you a note and say this has been corrected? Mr. Reyes. If we go and follow it, they do. But we have a very prescribed inspection program that includes safety and security. And we want them to go in the control room and we want them to check the safety pumps. It is just a matter of make sure you are putting your resources where the highest safety and significance matter is. Mr. Shays. I would think that the people onsite would be asked to verify any citation, every criticism in the plant. I would think that's what they need to do. And I would think they need to write a report on everyone. I mean, it just seems like a no-brainer. They are there. Mr. Reyes. They are busy. And they write a report. And the most significant ones, they are aware of the other ones. Mr. Shays. How difficult is it to followup on a complaint and check it out? They could do it in an hour or two, couldn't they? Mr. Reyes. Well, it typically takes more than that. Mr. Shays. Better they do it than no one do it. Mr. Reyes. But we do it, sir, on a sample basis. We do. Mr. Shays. I am going to have that explained to me later. I am impressed you have people onsite. I am not impressed that they are not following up on cited complaints or noncited complaints. Anything else you want to put on the record that you would like to--yes. Mr. Zimmerman. I just want to make a comment--I guess maybe two comments, maybe one on legislation. But the comment I want to make is that I got the sense from reviewing the hearing from last year and from sitting here today that a number of the members of the committee have a concern that we don't worry enough, that we are complacent, why aren't we laying awake at night? And I want to tell you that we are laying awake at night, that we are very concerned, that this agency is about continuous improvement and that we are constantly looking and working very long hours in an effort to get out in front of those that mean to do us harm. So there's a very--I am very proud of the staff at the NRC, and we are very much focused, again, on trying to search for continuous improvement, and we are not lackadaisical. We are--I am not saying that we are, but, again---- Mr. Shays. I think you have judged us fairly well in terms of our concern. I have a feeling that the way we set up DOE, we have those who promote and those who are looking to be the inspectors and to do security. And I feel for some reason we still don't have that separation with NRC. I don't know why we don't. Mr. Zimmerman. That's why I am raising it. I am trying to, in words at least, say it--and then through everything that we have tried to do in our explanation. Because we are not sure that our issues have stuck. Mr. Shays. I think you are going to have a hard time convincing us in that area. By setting up a separate organization, there will be some natural tensions that I don't think exist within the NRC, and so I think you are going to have some real skepticism on our part about that. And so I understand that you have divided responsibilities. That's the challenge. Mr. Reyes. I just want to thank the committee for inviting us here. We are looking forward to coming back and keeping you updated on the action we are taking. We do want to ask your support on the legislative request that we have in front of Congress. It is of the most importance, that those laws are passed so we can protect our nuclear power plants better. Thank you very much. Mr. Shays. Hold on 1 second. OK. I want to put it on the record. I would like you to just ask this question or make this point and have you react to it. Mr. Halloran. This is the point that I think you made before, in terms of the zeal of the regulatory effort. DOE is an operator of sites, NRC is a regulator, so you are necessarily one step removed from turning the knobs and---- Mr. Reyes. We are. Mr. Halloran [continuing]. And putting up the fences. So that dictates some different operational structures and ways to get things done, doesn't necessarily demand a lesser intensity level, but I think it does require a different approach. Mr. Shays. See, I think he gave a better answer than you did. He made a better defense of your case, I think. I wanted to put it on the record. I am making an assumption. I made a parallel in which I am being challenged, and that is that the parallel isn't the same--that you are a regular. I guess, I also view you as promoters of the industry. I do feel that way. So, at any rate---- Anything else to put on the record? Mr. Reyes. No. We want to reinforce the legislative request that we have then. We really need those legislative enhancements. Thank you very much. Mr. Shays. Don't be offended I said he did a better job. He is a really bright guy. Mr. Reyes. No, we are not. Mr. Shays. Thank you for waiting, and I appreciate your willingness to fit into our needs. Thank you very much. Mr. Reyes. Thank you. Mr. Shays. I will call on our last panel--thank you for being here. Mr. Alex Matthiessen, director, Hudson Riverkeeper, Garrison, NY; Mr. David Lochbaum, the Union of Concerned Scientists, based in Washington, DC; and Mr. Marvin Fertel, vice president and chief nuclear officer at Nuclear Energy Institute. With that, if you would--thank you for standing. [Witnesses sworn.] Mr. Shays. I would note for the record our witnesses responded in the affirmative. Mr. Fertel, you were a dead giveaway in the audience because any time the Commission made a comment that you liked you smiled broadly, and I thought--you would not be a good poker player, sir. Mr. Fertel. I am just too straight. Mr. Shays. OK. Well, that's a good answer. All right. Mr. Matthiessen, we will start with you; and we will just go right down the line. Thank you very much. Mr. Matthiessen. Terrific. Mr. Shays. Nice to have you all here. STATEMENTS OF ALEX MATTHIESSEN, DIRECTOR, HUDSON RIVERKEEPER, GARRISON, NY; DAVID LOCHBAUM, UNION OF CONCERNED SCIENTISTS, WASHINGTON, DC; AND MARVIN FERTEL, VICE PRESIDENT AND CHIEF NUCLEAR OFFICER, NUCLEAR ENERGY INSTITUTE, WASHINGTON, DC Mr. Matthiessen. Thank you for having me, Chairman Shays, members of the subcommittee. Thank you for the opportunity to once again testify on safety and security at Indian Point; and thank you, Congressman Shays, for your leadership to date on this issue. I also want to say I was very encouraged by the line of questioning, questions that we heard from members of the subcommittee today. Riverkeeper is not and has never been an anti-nuclear organization. Our campaign aims only to minimize the risks associated with the Indian Point nuclear facility and by necessity aid in the reform of those Federal and State agencies and policies governing the plant. Three years after September 11, Indian Point still is unprepared to repel an attack from the air, land or water or a combination thereof. While improvements have been made at the margins, there remain gaping holes in Indian Point security. On the ground, current guards tell us that in some areas security at the plant is worse than it was before September 11, 2001. The spent fuel pools remain largely unprotected. Mr. Shays. Let me just say something to you. When you make a comment like that, this is a comment that you are saying under oath. So this is not casual comments, correct? Mr. Matthiessen. No. OK. This is based on conversations that I have had with a current security guard at the plant, and he is relaying, in turn, comments that he has gotten from other guards. Many of the best-trained and most-experienced guards have been fired or have quit. This is according to the guard's report that we have heard only a week and a half or 2 weeks ago--morale is low, and guards say they feel no obligation to stay on their posts in event of an attack. A chilled environment exists at the plant, and Entergy management is apparently still telling security personnel to alter incident reports. There are no specific defenses against an aerial attack at Indian Point--no no-fly zone, no combat patrols, no anti- aircraft missiles, nothing. From the water, there is no physical barrier to prevent a tanker or a speedboat loaded with explosives from plowing into the cooling water intakes. With regard to the NRC's force-on-force security drills, they are a joke--but not a funny one. The NRC drills are designed to allow nuclear systems to game the system. Everyone knows that if real conditions were used and no limits put on well-trained mock attackers, the plans would fail nearly every time. Again, I have details reported by POGO and other groups as well as the guards themselves. A head-in-the-sand mindset has a fever grip on the NRC and FEMA, which has refused to accept the new threat level and revamp organizations accordingly. The NRC and FEMA are captive to the industry they regulate, and the Department of Homeland Security has failed to assert itself. As a result, these agencies have little credibility with the American people, which in turn undermines public safety. Allow me to identify just three of many problems plaguing the NRC: First, the NRC resists the need to consider terrorism in administrative proceedings, and yet they routinely invoke terrorism to justify a new wave of policies designed to thwart the public's right and need to scrutinize the industry. Second, the NRC's new design base threat level is set too low. David Lochbaum will cover this in detail, but allow me to add that there remains a considerable gap between the level of defense plant operators are expected to provide and what the U.S. military is prepared to deploy. Finally, the NRC continues to enact policies that allow it and the nuclear industry to operate in increasing secrecy and with reduced transparency and public participation. I assure you--and I know you know this--that the less the public is able to see the more dangerous this industry will become. Now moving into recommendations. The best way to truly minimize the public health and safety risks at Indian Point is to close the plant and secure the onsite spent fuel. However, so long as Indian Point is still operating, there are numerous ways to better protect the plant. I will highlight those three or four measures that I think are the most urgent and readily achievable. First, we must secure the plant against aerial or waterborne attacks, which we can do with relatively inexpensive passive technologies. Installing a Beamhenge system, a line of steel beams set vertically in deep concrete foundations connected by a web of high-strength cables, wires and netting, would effectively shield the facility's vital components and structures. Beamhenge is essentially the nuclear grade equivalent of the fences erected around golf driving ranges. Dunlop barriers, inflated cylinders of rubber-coated textile linked together or anchored to a mooring buoy, should be installed in the Hudson River in front of Indian Point to help protect the plant's cooling water structures. Already in place at several Navy bases, Dunlop barriers are used to thwart small boat terrorist attacks. Second, we must establish a temporary no-fly zone over Indian Point, combined with combat air patrols, at least until the passive defense systems are in place. Third, Congress must direct the NRC to deal more aggressively with the highly vulnerable spent fuel stored at nuclear reactor sites. The best way to do that is to install hardened onsite storage systems, or HOSS, which is designed to contain isolated radiation and repel terrorist attacks. Finally, Congress must direct the NRC and FEMA to revamp their policies and regulations governing nuclear plant security and emergency preparedness. I have a whole laundry list of specifics there, but I will wait until the Q&A--if I have the opportunity to list those--in the interest of time. In general, though, I think it would be good for Congress to consider appointing a task force made up of governmental and nongovernmental stakeholders to do a top-to-bottom review of the NRC and FEMA's oversight of this industry. In conclusion, little has changed since September 11 regarding the level of security at Indian Point. Federal agencies remain in a state of denial regarding the security threat facing nuclear facilities. Congress needs to ask the NRC and the industry--and I am paraphrasing the gentleman who was from the NRC who was here just a minute ago--if you are so concerned and laying awake at night, why aren't you concerned about deploying the most obvious and inexpensive security measures at our most vulnerable and high-risk nuclear plants? Whether they admit it or not, I believe the answer is quite simple. The industry and the NRC don't want to draw public attention to the intrinsic danger of nuclear power and the naked vulnerability of these facilities to terrorist attack, especially at a time when the industry is hoping to build a whole new generation of nuclear energy plants. The Federal Government's current approach to nuclear plant security and emergency preparedness is leading us down a path that could--God forbid--result in a far more terrifying attack than what we experienced that horrible day 3 years ago. We have received the warning signs regarding the possibility of and our vulnerability to a terrorist attack on a U.S. nuclear power plant, much as the government had received warnings about the September 11 attacks. Let's not give a future 9/11 Commission the opportunity to say we knew a nuclear attack on a power plant was possible and we did too little to stop it or to minimize the impacts. Thank you very much for giving me the opportunity to share my views today. Mr. Shays. Thank you, Mr. Matthiessen. [The prepared statement of Mr. Matthiessen follows:] [GRAPHIC] [TIFF OMITTED] T8358.041 [GRAPHIC] [TIFF OMITTED] T8358.042 [GRAPHIC] [TIFF OMITTED] T8358.043 [GRAPHIC] [TIFF OMITTED] T8358.044 [GRAPHIC] [TIFF OMITTED] T8358.045 [GRAPHIC] [TIFF OMITTED] T8358.046 [GRAPHIC] [TIFF OMITTED] T8358.047 [GRAPHIC] [TIFF OMITTED] T8358.048 [GRAPHIC] [TIFF OMITTED] T8358.049 [GRAPHIC] [TIFF OMITTED] T8358.050 [GRAPHIC] [TIFF OMITTED] T8358.051 [GRAPHIC] [TIFF OMITTED] T8358.052 [GRAPHIC] [TIFF OMITTED] T8358.053 [GRAPHIC] [TIFF OMITTED] T8358.054 [GRAPHIC] [TIFF OMITTED] T8358.055 [GRAPHIC] [TIFF OMITTED] T8358.056 [GRAPHIC] [TIFF OMITTED] T8358.057 [GRAPHIC] [TIFF OMITTED] T8358.058 [GRAPHIC] [TIFF OMITTED] T8358.059 Mr. Shays. Mr. Lochbaum. Mr. Lochbaum. Thank you Mr. Chairman. I appreciate this opportunity to present our views on nuclear power plant security. Today's open hearing demonstrates that nuclear plant security issues can be responsibly discussed in public, a fact lost upon the Nuclear Regulatory Commission. The NRC essentially closed its doors to the public on this important topic since September 11. That's unacceptable, and we urge the Congress to compel the NRC to follow its lead by including the public in policy discussions. Mr. Shays. That's a very interesting point. It has never occurred to me that it's being used. The irony is it is being used as an excuse not to have the dialog when we need the dialog even more. Mr. Lochbaum. But it is also forcing groups like ours to go to other avenues since they have closed our doors, and the media and other outlets are the way we find our voice since they have closed our voice. They would probably prefer that they had those comments in house than seeing them in headlines. Mr. Shays. Good point. Mr. Lochbaum. A successful attack on a nuclear power plant would be one of the worst disasters in American history. That this threat is real is revealed by two simple facts. First, the nuclear industry urged this Congress to renew Price-Anderson Federal liability protection for nuclear power plants. If an attack could not cause catastrophic harm, owners could get private insurance coverage. Second, the nuclear industry claims to have spent more than $1 billion upgrading security since September 11. No one has enough money to spend on pseudo threats. After September 11, the industry issued orders requiring plants to take steps to make facilities less vulnerable to attack. The NRC also revamped its oversight process. The steps we liked most among them are frequency of NRC-evaluated force-on- force security test was increased to once every 3 years from once every 8 years, the number of design basis threat adversaries was increased, and many of the unrealistic limitations on their weapons and tactics were lessened or removed. Minimum standards have been established for training and qualifications of security force personnel, and working hour limits for security force personnel were mandated by the NRC. Despite these steps taken, nuclear power plants remain vulnerable to attack by land, sea and by air. The American public cannot honestly be assured that all reasonable measures to protect them have been taken until the following 10 steps are taken: The two-person rule and/or expanded in-plant use of security monitoring cameras needs to be done to better control vital access to areas. The evaluation process for proposed procedure revisions and hardware modifications must formally verify whether protection against sabotage is affected by the planned changes. The NRC must not allow the same company to provide both the attackers and the defenders in force-on-force security tests. The NRC must increase its design basis threat level to a realistic level comparable to that established by the DOE after September 11. The NRC must either require background checks for nuclear plant workers with access to sensitive plant information or to prevent these workers from accessing that information. The NRC must require water barriers around intake structures at nuclear power plants. The NRC must require protection against aircraft hazards similar to the process it used to protect the plants against fire hazards. The Federal Government's ability to withstand or respond an attack designed above the design basis threat level must be periodically demonstrated. The NRC must require adequate protection for spent fuel by requiring owners to transfer fuel discharged from the reactor more than 5 years ago into dry casks which are emplaced within earth berms and other protective devices. And last--or, actually, first--the NRC must reengage the public in security policy discussions. I would like to highlight two of those recommendations. The others are detailed further in my written testimony. Right now, spent fuel at nuclear power plants is not as safe or as secure as it should be. Many plants have five to eight times as much spent fuel as fuel in the reactor. There are fewer barriers that attackers must penetrate in order to successfully damage spent fuel. And, correspondingly, there are fewer barriers protecting the public from the radioactivity released from damaged fuel. At most plants, the spent fuel pools are filled to overflowing. Spent fuel is then loaded into dry casks and placed out on open air lots out back. In fact, the current scheme of spent fuel storage could hardly be made less safe or less secure. By maintaining the spent fuel pools at or near full capacity, the risk is kept as high as it possibly can get. Transferring spent fuel into dry casks merely adds the additional risk of spent fuel out in the backyard. The responsible thing to do would be to minimize the inventory in spent pool fuels by transferring fuel discharged from the reactor more than 5 years ago into dry casks, which are then placed in earthen walls or other protective devices. The risk reduction by emptying the spent pool would more than offset the increased risk from dry cask storage resulting in overall tangible reduction in the risk profile at each plant site. The second recommendation I will highlight involves access to sensitive information. As this subcommittee has discussed, the NRC's imposed restrictions as recently as August 4th on the public's access to information after September 11. But there is a huge loophole. The access authorization upgrades mandated by the NRC after September 11 only apply to nuclear plant workers who get unrestricted access. There are literally thousands of nuclear plant workers with ready access to sensitive plant information that do not get unescorted access and therefore are not subject to background checks. Our enemies can get those jobs and obtain blueprint calculations, risk assessment hazards and analysis and upcoming equipment outage schedules useful in planning an attack. The NRC has to plug this loophole. It makes little sense to restrict public access to information while allowing the equivalent of uncontrolled drive-through service at the plants themselves. Before I close, I would like to take a moment to defend the NRC from the chairman's concerns about the 6-year security upgrade schedule. That's actually the NRC's express lane. You should see their pace at resolving safety issues. By comparison, 6 years is the blink of an eye. Mr. Chairman, I sincerely thank you for holding this open hearing and for listening to the public perspectives on this important issue. Mr. Shays. Thank you. [The prepared statement of Mr. Lochbaum follows:] [GRAPHIC] [TIFF OMITTED] T8358.060 [GRAPHIC] [TIFF OMITTED] T8358.061 [GRAPHIC] [TIFF OMITTED] T8358.062 [GRAPHIC] [TIFF OMITTED] T8358.063 [GRAPHIC] [TIFF OMITTED] T8358.064 [GRAPHIC] [TIFF OMITTED] T8358.065 Mr. Shays. Mr. Fertel. Mr. Fertel. Thank you, Chairman Shays. Given the importance of security at our nuclear plants today, I generally speak with the chief officers that operate those plants weekly, and I find I am getting to know a lot of the security managers personally. During the past 3 years, the industry has carried out unprecedented, unequalled efforts to review and improve our security; and I think during the discussion today the term business as usual, the lack of intensity and not exchanging lessons learned was used. I can only say that it's anything but business as usual. It's pretty intense, and we are exchanging lessons learned almost weekly. So I think there is a lot going on that I wish maybe we could share more with Dave and his colleagues. I would like to start by emphasizing the importance of nuclear power to our Nation. Our Nation's 103 reactors safely and cleanly produce enough electricity to power one in every five homes and businesses in the United States. Many regions are heavily dependent on nuclear energy. For example, in the chairman's State of Connecticut, electricity from nuclear provides 50 percent of the power in that State; and these plants also provide an additional benefit of stabilizing the electricity grid. I would like to emphasize three major points today regarding the security of our nuclear power plants: First, nuclear power plants were the most secure industrial facilities in the United States before September 11th and against terrorist attacks, and they are even more secure today. Second, power plants can serve as a model of industrial security in America. Our plants are far more secure than any other sector of our Nation's infrastructure and have been recognized as such by several independent organizations and security experts. Third, while the industry is fully committed to protecting its employees, the public and its assets, our companies have maximized the level of protection they can reasonably provide to these facilities. Although we coordinate extensively with government entities on security matters, continued emphasis on integrated response planning is necessary; and there are important legal and policy limitations to further increasing the security requirements that the operators of the plant have to satisfy. As you know, nuclear power plants were built to be robust and secure. A nuclear reactor is secured by several feet of concrete walls and an internal barrier of steel reinforced concrete. They were built to contain the effects of a reactor accident and also to withstand natural accidents such as hurricanes, earthquakes, fires and floods. Even before the September 11th attacks, every nuclear plant was protected by a strategy that included protective perimeters, physical barriers, sophisticated access authorization technology and a professional, well-armed security force. We conduct background checks on all of our employees and strictly control access to our plants. After September 11th, the industry--in response to orders issued by the NRC--enhanced security at our plants significantly. Each nuclear power plant is scheduled to meet the requirements of the most recent NRC security orders by the October 29th deadline. Over the past 3 years, we have expanded our security force by 60 percent, from 5,000 to 8,000 security officers at the 64 sites. During that time, the industry has spent about $1 billion to increase the security force and to significantly enhance physical protection at the plant. About two-thirds of that or more is physical protection. So there are things happening at the plants. My written testimony provides details regarding these improvements. However, some of them are considered safeguard information and thus not available to the public. As part of the new security requirements, each plant will conduct multiple--and I repeat--multiple force-on-force exercises every year. The NRC formally evaluates each plant's force-on-force exercise at least once every 3 years, as you have heard before. In these exercises, the NRC evaluates the execution of the security strategy, the performance of the plant security force and strategy, the performance of the plant security force and the performance of the independently trained adversary force used in the mock attacks. I am looking forward to questions on why we hired Wackenhut, which I am sure we will get. We can talk about that. We think it is the right thing to do. We think it will enhance security at the plants. Given the September 11th attacks, we also significantly increased our cooperation and coordination with State and local law enforcement. We have worked closely with the NRC, the Department of Homeland Security and other Federal, State and local authorities, with the goal of building a seamless security for our plants. However, additional emphasis on integrated response planning is needed; and there are important legal implications to us doing certain things that we don't have the authority to do, that we need help from the governmental entities to do. Mr. Matthiessen's testimony provides results from a new report by Riverkeeper on the consequences of possible terrific attack on the Indian Point nuclear power plant in New York. I just want to take a minute to discuss that report. The industry always welcomes meaningful technical analysis of our nuclear facilities. However, this Riverkeeper report is more of the Hollywood equivalent of merging plots of ``The Perfect Storm,'' ``The Day After Tomorrow'' and ``Independence Day'' and trying to sell it to the public as a realistic scenario. Simply, the likelihood of the accident sequence in this report leading to a release of radiation is so incredibly low that it is not credible. With your permission, Mr. Chairman, I would like to include in the record an analysis of the Riverkeeper report recently prepared by leading technical experts. Thank you. Mr. Kucinich [presiding]. Thank you very much. [The prepared statement of Mr. Fertel follows:] [GRAPHIC] [TIFF OMITTED] T8358.066 [GRAPHIC] [TIFF OMITTED] T8358.067 [GRAPHIC] [TIFF OMITTED] T8358.068 [GRAPHIC] [TIFF OMITTED] T8358.069 [GRAPHIC] [TIFF OMITTED] T8358.070 [GRAPHIC] [TIFF OMITTED] T8358.071 [GRAPHIC] [TIFF OMITTED] T8358.072 [GRAPHIC] [TIFF OMITTED] T8358.073 [GRAPHIC] [TIFF OMITTED] T8358.074 [GRAPHIC] [TIFF OMITTED] T8358.075 [GRAPHIC] [TIFF OMITTED] T8358.076 [GRAPHIC] [TIFF OMITTED] T8358.077 [GRAPHIC] [TIFF OMITTED] T8358.078 [GRAPHIC] [TIFF OMITTED] T8358.079 [GRAPHIC] [TIFF OMITTED] T8358.080 [GRAPHIC] [TIFF OMITTED] T8358.081 [GRAPHIC] [TIFF OMITTED] T8358.082 [GRAPHIC] [TIFF OMITTED] T8358.083 [GRAPHIC] [TIFF OMITTED] T8358.084 [GRAPHIC] [TIFF OMITTED] T8358.085 [GRAPHIC] [TIFF OMITTED] T8358.086 [GRAPHIC] [TIFF OMITTED] T8358.087 [GRAPHIC] [TIFF OMITTED] T8358.088 [GRAPHIC] [TIFF OMITTED] T8358.089 [GRAPHIC] [TIFF OMITTED] T8358.090 [GRAPHIC] [TIFF OMITTED] T8358.091 [GRAPHIC] [TIFF OMITTED] T8358.092 [GRAPHIC] [TIFF OMITTED] T8358.093 [GRAPHIC] [TIFF OMITTED] T8358.094 [GRAPHIC] [TIFF OMITTED] T8358.095 [GRAPHIC] [TIFF OMITTED] T8358.096 [GRAPHIC] [TIFF OMITTED] T8358.097 [GRAPHIC] [TIFF OMITTED] T8358.098 [GRAPHIC] [TIFF OMITTED] T8358.099 [GRAPHIC] [TIFF OMITTED] T8358.100 [GRAPHIC] [TIFF OMITTED] T8358.101 [GRAPHIC] [TIFF OMITTED] T8358.102 [GRAPHIC] [TIFF OMITTED] T8358.103 [GRAPHIC] [TIFF OMITTED] T8358.104 [GRAPHIC] [TIFF OMITTED] T8358.105 [GRAPHIC] [TIFF OMITTED] T8358.106 [GRAPHIC] [TIFF OMITTED] T8358.107 [GRAPHIC] [TIFF OMITTED] T8358.108 [GRAPHIC] [TIFF OMITTED] T8358.109 [GRAPHIC] [TIFF OMITTED] T8358.110 [GRAPHIC] [TIFF OMITTED] T8358.111 [GRAPHIC] [TIFF OMITTED] T8358.112 [GRAPHIC] [TIFF OMITTED] T8358.113 [GRAPHIC] [TIFF OMITTED] T8358.114 [GRAPHIC] [TIFF OMITTED] T8358.115 [GRAPHIC] [TIFF OMITTED] T8358.116 [GRAPHIC] [TIFF OMITTED] T8358.117 [GRAPHIC] [TIFF OMITTED] T8358.118 [GRAPHIC] [TIFF OMITTED] T8358.119 [GRAPHIC] [TIFF OMITTED] T8358.120 [GRAPHIC] [TIFF OMITTED] T8358.121 [GRAPHIC] [TIFF OMITTED] T8358.122 [GRAPHIC] [TIFF OMITTED] T8358.123 [GRAPHIC] [TIFF OMITTED] T8358.124 [GRAPHIC] [TIFF OMITTED] T8358.125 [GRAPHIC] [TIFF OMITTED] T8358.126 [GRAPHIC] [TIFF OMITTED] T8358.127 [GRAPHIC] [TIFF OMITTED] T8358.128 [GRAPHIC] [TIFF OMITTED] T8358.129 [GRAPHIC] [TIFF OMITTED] T8358.130 [GRAPHIC] [TIFF OMITTED] T8358.131 [GRAPHIC] [TIFF OMITTED] T8358.132 [GRAPHIC] [TIFF OMITTED] T8358.133 [GRAPHIC] [TIFF OMITTED] T8358.134 [GRAPHIC] [TIFF OMITTED] T8358.135 [GRAPHIC] [TIFF OMITTED] T8358.136 [GRAPHIC] [TIFF OMITTED] T8358.137 [GRAPHIC] [TIFF OMITTED] T8358.138 Mr. Kucinich. I would like to begin with some questions of Mr. Lochbaum. The industry claims to have spent $1 billion since September 11 upgrading nuclear plant security. What does that claim tell you? Mr. Lochbaum. Well, I think it speaks to how unprepared we were on September 11th, because that's money that wasn't spent until afterward. And I also think it reminds me of the billion dollars that was spent fixing safety problems at Millstone or the hundreds of millions of dollars that were spent fixing problems at the Davis-Besse plant. Mr. Kucinich. I think they spent about $600 million there and about $1 billion at Indian Point to restore plants to a safe level. So how many billions will it take to increase security, in your estimation, to adequate levels? Mr. Lochbaum. I don't think it's a question of money. I don't think there's that much money left to be spent. I think it's more of an attitude question that this subcommittee has explored. I think it's more of a focus and just getting serious about it, more so than the dollar amount, that is preventing it so far. I think the fact that they have been able to do as much as they have behind closed doors is the biggest barrier to getting it done right. Mr. Kucinich. And, in your thinking about this, have you thought about some alternatives to this such as solar, wind? Has the NRC and, to your understanding, or the industry spent any money for security at these facilities? Mr. Lochbaum. Well, if you look at the $1 billion that the industry has spent on upgrading nuclear power plant security and compare that to the amount that's been spent upgrading at wind farms or other renewable technology, if it's been $100, it would probably high. Mr. Kucinich. Would these wind farms be less of a target? Mr. Lochbaum. There's no real hazard there, so there's no real need to provide $1 billion of security to something that is not a hazard to the American people. But the real question is--and it is something beyond me to answer--but is it really worth spending $1 billion protecting Americans or is it better to spend the $1 billion more productively in providing an energy technology that doesn't provide that risk to ourselves? Mr. Kucinich. Well, you make a series of recommendations in your testimony how to improve physical security at nuclear plants. Do you want to offer to this committee what recommendations you think should be implemented first? Mr. Lochbaum. If I had one to pick from, it would be the spent fuel pool issue, in reducing the threat from spent fuel. Right now, from both a safety standpoint and a security standpoint, we are doing that wrong. Mr. Kucinich. Let me ask you something. Why this issue of the transfer of the cask? Mr. Lochbaum. Right. Mr. Kucinich. Why has this transfer of spent fuel into dry cask not been done before now? Mr. Lochbaum. We started doing it in 1986 in this country. At that time, the casks that we were using could only be used for storage, not for transport. So there was a reluctance to transfer things into dry cask that would then have to be handled twice. Nowadays, the casks that we have can be used for storage and transport. You are going to have to put it in the cask eventually. Why not do it now where it improves safety, it improves the security, and it doesn't affect the cost that much? Mr. Kucinich. Thank you, just have another question for Mr. Fertel. Mr. Shays [presiding]. You may have as much time as you want. Mr. Kucinich. Earlier you heard it brought into the discussion, the situation at Davis-Besse. Would you characterize--are you familiar with it? Mr. Fertel. Yes, I am. Mr. Kucinich. Would you say the events surrounding Davis- Besse are an exception or the rule in the nuclear industry? Mr. Fertel. I would say they were the exception, and it was an unacceptable exception. Going back to questions asked by this committee about lessons learned, following the Davis-Besse event there was a significant lesson learned in our industry resulting in a major materials initiative to make sure that we are looking at materials degradation everywhere in the plant in a much more systemic and integrated way. It's been a very painful lesson for FirstEnergy. It's been a very painful lesson for FirstEnergy, and it's been a very painful lesson for people like yourself, I am sure. It's actually turned out, for the rest of our industry, something that has focused us much better looking at materials issues. We were spending almost $60 million a year looking at materials issues, so it wasn't something being ignored. Mr. Kucinich. So you have learned something from what has happened. Mr. Fertel. Yes, sir. Mr. Kucinich. In the end, you think it will result in more sensitivity from these other plants and in the long run there is good that might come from it. Mr. Fertel. There is good that's come already, sir, as far as a much better technical look at this, a much stronger and integrated look at the analyses, the inspections that you need to do, and clearly a much better awareness at every plant of the importance and the safety culture aspects related to it. So, yes, sir. Mr. Kucinich. Just a final question which you are anticipating. What about these force-on-force exercises? I mean, shouldn't they contain an element of surprise? Mr. Fertel. Well, yes, sir. Mr. Kucinich. Are you surprised that they did? Mr. Fertel. Again, I think people have talked about the DOE exercise a lot. And let's talk about the new requirements NRC has put in for force-on-force exercises and deal with that and let me talk about the Wackenhut issue, since everybody else has mentioned it so far today. Mr. Kucinich. OK. Mr. Fertel. We used to do force-on-force exercises at nuclear power plants every 7 years. NRC now will come in and they will evaluate them at least once every 3 years, but that's just part of the story. They have established standards for what the training needs to be for not only the people that protect the plant but for the adversaries, the qualifications for not only the people that protect the plant but the adversaries. We are going to be doing multiple force-on-force exercises, in addition to normal training and gun firing and things like that--real force-on-force exercises, every plant every year. I can't tell you how many, which is silly to me, but it is safeguards, and I don't know why. I think that's a silly thing. When we in the industry looked at this, we said, the way we should do this, the same model for training operators. We should go to a systemic approach to training, which is a very rigorous way to do it. Make sure we have the discipline in our system for security activity just like we do for operator training. That's what we are doing. We also looked at and we said, the way these force-on-force exercises are done--and, Mr. Turner, I think said that, at DOE, the Secretary had formed a special adversary group. Those are DOE people. They are not outsiders. OK. When the U.S. Army does their war games, they use the U.S. Army. OK. They don't bring the Russians in. You know, they don't bring in other bad guys. They do it professionally. Mr. Kucinich. From what I understand, if I may, they don't describe information ahead of time as to---- Mr. Fertel. I will get the information. The information that is described ahead of time in force-on-force exercises now. You do need to know when they are going to do it at the site. Because, while you are doing an exercise, there's real guys with real guns protecting the site. So people need to know that you are going to do an exercise at that site. That's known. Outside of that, they don't know. They don't go--I don't know what happened at the Y-12 facility. It's the first I heard of it, because I don't follow the DOE stuff where they said what facility they were going to attack. But, as Luis Reyes said, this scenario that they do on the attack and the way NRC is doing this is being developed by NRC. They decide what the attack is, whether it's to go for spent fuel. The adversaries know that. They get help from an insider. The defensive guys don't know this. Mr. Kucinich. So Wackenhut then, the guy wouldn't cheat at mock drills at NRC facilities, but we have something on the record that suggests that at DOE facilities it might be a little different. Mr. Fertel. I don't know whether Wackenhut would cheat at anything. I think human beings cheat. Human beings make mistakes, and human beings do things they shouldn't. Mr. Kucinich. Well---- Mr. Fertel. The people that we have running this CAF team, OK, the people that are doing this Composite Adversary Force, the three top people that are running that basically are all Special Forces, OK? They never worked for the industry before. The project manager has 10 years as a Ranger. One of the team leaders was a team leader for the Delta Force. The other team leader is a special ops guy who ran a whole bunch of guys that did all types of things like snipers and everything else. These guys want to win, OK? They are out there to do the best job they can and to win. On our side--and I think this gets lost in almost every discussion about nuclear energy. I think it's important. I certainly feel as passionately about this, Congressman, as you do about your Davis-Besse experience. I know a lot of people that work at the plants. I find it insulting personally when their integrity is challenged all the time, OK? I think David Lochbaum offers a lot of positive things that have helped us in a number of areas of safety, and I may agree with some insecurity issues, some of which are being dealt with. That's helpful. But the people at the plants who work there--but who do you think gets killed first if terrorists attack and win? They do. OK? Who do you think gets hurt if something happens at a plant and something happens offsite? Their family, their friends and their neighbors. So the implication that they don't care I think is actually really wrong. Now that doesn't mean you don't make mistakes. It doesn't mean you can't do things better. I think that's one of the things we really want to do. We talked about sleeping guards and so forth and what happens with energy. What happened at sites where that happened is they fired them. Mr. Kucinich. When you said the implication they don't care, who are you speaking of? Mr. Fertel. Well, I mean, that's the way most of the discussion has gone, to be honest. You know, well, if NRC isn't doing this, the plants wouldn't; and, gee, the guys at the plants don't care unless David Lochbaum or Alex Matthiessen are involved. I am not saying they shouldn't be involved. All I am saying is that the people that work at those plants care as much about safety and security as anybody who sits up here talking with us or talking to you. I think we need to understand that. Mr. Kucinich. I don't know that there is anybody on this committee that would dispute that. Mr. Fertel. I am glad to hear that. Mr. Kucinich. Except, you know, for one qualification. And that is that you know and I know that all of these people who care so much about doing the right job for themselves, their co-workers, their family or community, there's a few people that make the decision. Now, granted, my experience is greatly informed by something in my own backyard. I understand that. Mr. Fertel. I understand that. Mr. Kucinich. When we know that photos in this hole in the reactor head were kept out of the file deliberately, when we know this thing wasn't reported, when we know when the NRC had full information they didn't move forward to act on it, I know that, too. So I am not using that to impugn the whole industry. I have given you an opportunity to acquit the industry, and you did. But, you know, I am saying that when you have one problem like that, because we are talking about nuclear power plants, it requires the utmost in terms of accountability, and that's what this committee is about. I want to thank the gentleman and thank the Chair for his indulgence. Thank you. Mr. Shays. I am going to, at this time, turn to the professional staff to ask some questions. Mr. Chase. Thanks. Mr. Fertel, a quick question. NRC says that it's going to take 3 years to implement and to test the new security plans. You are saying that there will be force-on-force exercises every year. What goes into developing these force-on-force exercises, having seen a number of them. The question I have is, has any thought been given to prioritizing these force-on- force exercises? There are a number of plants that are in the more densely populated areas. Indian Point is one example. Has any thought been given in terms of prioritizing where and when we should do these exercises? Mr. Fertel. First of all, NRC is making all those decisions. The plants have no idea until a set period before the exercise that the planning can be done. So if I'm at the end of next year, I don't know now, I'll know within a few weeks because they've got to do planning. There has been some of what you've asked for already done. Because NRC has been doing a pilot and a transitional force-on- force exercise program for the last 2 years; and over the latter part of this year, it's been testing the new design basis threat as part of it. Even though you don't have everything necessarily in place, you knew what you were going to do and you were able to test it. And what they have chosen-- for instance, Indian Point. Indian Point has already had both a force-on-force and an integrated response and an emergency planning exercise. So I think the NRC has attempted to do some of that. My understanding--and, again, I'm giving you kind of an arm's length because they make the decision--is that there is probably about 30 sites that haven't gone through the force-on- force, and those are the ones that haven't gone through the transitional period in the last year and a half or two. Those are the ones that they would pick from for the first year starting November of this year, and I think they will prioritize their--based upon looking at factors like where the site is, when was the last time they actually exercised, and things like that. So, to some degree, it's being done already. Mr. Chase. But a concern could be that the force-on-force exercises that were done or have been done to date are under the old DBT, not under the new DBT. Mr. Fertel. Some were. Mr. Chase. So what I'm asking is, under the new DBT, we know that it's stronger, supposedly stronger. Have they given any thought to prioritizing? Mr. Fertel. They haven't shared that with us. And to be honest, they don't want to share it with us because they don't want to give the sites much lead time in knowing what's going on. Now, again, starting in November, starting actually later this year, every site will start doing their own force-on-force exercises as part of what they have to do, and it's more than one a year per site, absent NRC. And, as I think Roy Zimmerman said, they will probably have their residents and others observing lots of those. And my guess is they could do that, because every site, whether it's an Indian Point site or it's North Anna, will be doing them as part of their normal routine annual training that they're going to have to do. But I don't have an explicit answer to your question because NRC controls that. Mr. Chase. Do either of the other witnesses want to comment? OK. Mr. Matthiessen, I'm curious. On what basis do you conclude the NRC-revised DBT is too low? Mr. Matthiessen. Well, on what basis do I--well, just because the DOE is requiring greater DBT and also because I think in a post September 11 world we have to be thinking in terms of the most sophisticated, multi-directional suicidal attacks. And from what I know--and I obviously can't repeat it here--the NRC has only bumped up its DBT marginally, and I think there really needs to be a much more serious level. Mr. Shays. Let me just ask you, though. I mean, basically, why would you be in a position to know what the DBT was? Mr. Matthiessen. Why would I be in a position to know what it is? Mr. Shays. It's not public. Mr. Matthiessen. Well, I don't know specifically what it is. I have an indication or a sense of what it is. Mr. Shays. So it's admittedly third-hand concerns. Mr. Matthiessen. It is. But I take it on pretty good---- Mr. Shays. You all tend to get your information fairly accurately, but I was just curious. Mr. Matthiessen. I would just love to make a comment in response to Mr. Fertel, if I could. I just want to mention that he mentioned the force-on-force drill at Indian Point and the emergency planning exercises that were done earlier this summer. I would just suggest that if those are any indication of what the rest of the industry can look forward to, then I think we are in trouble, and I think that the public should be very, very concerned. In the case of the emergency planning exercise that was done, the NRC, in what looked like a PR move more than a serious test of emergency planning, did conduct a terrorist mock attack on the plant. But, unfortunately, the test didn't involve any release of radiation whatsoever. So as far as I was concerned, they might as well have been testing the security or emergency planning around a Wal-Mart. I mean, the whole point of doing these emergency plans is because nuclear reactors are a special case, they contain materials that are very, very dangerous, and what we need to think about is a worst-case scenario, and a worst-case scenario does involve the release of radiation. And, likewise, for the force-on-force test, again, they tend to get advance notice, way in advance. The operators, from what we've heard again from security guards inside the plant, spent a lot of time and money beefing up security to abnormal levels in anticipation of the actual day. The attacks happen in day light over prescribed routes. From what we understand, the mock terrorists were not trained at terrorist levels and not equipped with the kind of weaponry that terrorists would likely have. So, again, I think that the integrity of these exercises is not what it needs to be if we are serious about truly testing the ability of these plants to repel a terrorist attack and to evacuate and protect people in the event of a terrorist attack. Mr. Shays. If you could just respond to that last point. Mr. Fertel. Just on the force-on-force at Indian Point, I was not there, so I can't verify; and I don't think Alex was there, either. But I do know that one of the reasons I heard that they do do night exercises as part of force-on-force, it's pretty routine. I think at Indian Point they made a conscious decision because of the terrain and the danger that they were not going to do it as part of this pilot program when they were doing it, and I understand that was a very conscious decision to avoid personnel injury at the point. But night exercises are part of force-on-force. Coming up November 1st, when these orders are effective, all the adversaries will have to meet the standards both for their capability and their fitness that the NRC has set. And that's pretty good standards. And, again, that's a major improvement over before September 11, to be honest, and as will the defenders. So I would expect, Alex, that you will see--I can only go by what you said on Indian Point, but you will see improved force-on-force at Indian Point as they start their exercises. Mr. Matthiessen. I hope so, but we may not see the results for another 3 years. Can I just ask a question of Mr. Fertel? Mr. Shays. No. Mr. Matthiessen. Sorry. Mr. Shays. That's all right. You can ask us a question if you would like. What's the question you would like us to ask him? Mr. Matthiessen. Well, I would just like to ask why--what is the industry and the NRC's response for not instituting what we see as pretty straightforward measures that wouldn't even cost the industry that much that would add an enormous measure as far as we have been led to believe. Mr. Shays. Such as? Mr. Matthiessen. A couple of the passive systems, barriers that I mentioned in my testimony, the Dunlop barriers and the Beamhenge, these are ways that you would really--you'd go a long way toward protecting these facilities and---- Mr. Shays. We will make sure that we have a dialog about that. Mr. Matthiessen. OK. Mr. Chase. Mr. Fertel, how optimistic are you that the industry--according to GAO and the NRC, they are saying that the implementation of the security plans are going to take place by the end of October of this year. How confident are you that's going to actually happen? Mr. Fertel. As of 2 weeks ago, everybody was on schedule to be able to meet the requirements of the orders by October 29th. There's some issues where people may not have the picture that the chairman liked of the bullet-resistant enclosure that protects the officers. There are some plants that may have some problems in getting deliveries of some of those and will have to take other actions, and that's mainly because our soldiers in Iraq and our Defense Department and the DOE are getting priority. There's only two sources of steel for those, apparently; and our guys get bumped a bit on that. But, otherwise, we are going to be ready on October 29th. Mr. Chase. And, last, Mr. Matthiessen, would you share with us your thoughts or give us the status on the--if you can recall. The concerns regarding evacuation plans in New York and Connecticut. Mr. Matthiessen. I mean, again, what concerns me so much is that the FEMA used to have a policy of requiring certification of the plans by the four counties that surround the plant as well as the State. But a couple years ago, after the Witt report came out and showed pretty conclusively that this plan couldn't work in the event of a terrorist attack on the plant, especially--or, sorry, a radioactive release, especially in the case of a fast-breaking release, these counties became very uncomfortable and became convinced that it really wasn't possible to evacuate or even shelter people in place of a level that would be satisfactory, and so they withdrew that certification, as did the State emergency management office. And the FEMA came out, as you probably know, last August and just rubber-stamped the emergency plan without any evidence--not providing any evidence--this shouldn't be safeguards information, most of it anyway--without any evidence or analysis upon which they base that conclusion. And, of course, the NRC came out and rubber-stamped it a half an hour later, on a Friday in late July. And this is kind of typical of these agencies. And, again, I think you don't have to be a James Lee Witt that, given the road congestion, given the population densities, there is just no way that you could realistically evacuate that area or shelter people in place. Second, I do want to make a comment on the---- Mr. Shays. I'm sorry, I need to interrupt you. Mr. Matthiessen. I'm sorry. Mr. Shays. I have a need to be sitting at a desk at 2 in order to not lose my place in another committee hearing. So, if that's all right, let me just go on and ask. What I'm wrestling with, Mr. Lochbaum, is--first of all, Mr. Fertel, what I'm the wrestling with is that I think the industry needs to do a better job, as much as you point out it was one of the most secure industries before September 11, because I think that we are going to have to have a very significant debate about the future of nuclear energy. And I wrestle as an environmentalist with the fact that, if I want to get at greenhouse gases, is there a role that nuclear energy has to play. Right now, Millstone's one, two, and three are about 50 percent of Connecticut's--based on your testimony, and it used to be more when we had the Yankee plant plus one, two, and three--you know, we were oversubscribed. But tell me how you sort out, Mr. Lochbaum. Do you think nuclear energy simply can't be expanded at all? Mr. Lochbaum. I guess we view nuclear energy as providing the bridge to the future, with renewable energy technologies and improved energy efficiency being that future. But that future is, quite frankly, not here today. So we think that the safe operation of existing plants, until the--as they reach in their normal lifetimes they get replaced by better technologies of the 21st century technologies would be our druthers. Mr. Shays. This spent fuel is a huge concern to me. And, you know, I see them at the facility on the Hudson River, you know, saw the pool where they are at and so on. And they were in the contained area, I believe, is my recall. But we just are collecting more and more of this. Mr. Fertel, how do you wrestle with that? Mr. Fertel. Well, I think Congress clearly has a good role to play in moving the ball forward on Yucca Mountain, funding it appropriately, providing the oversight to DOE to make sure they do it appropriately and dealing with the issues around it will move that ball forward. I think, in the interim, clearly you're going to try and do everything you can and are doing everything to manage it safely from a security standpoint, NRC has issued advisories to the plants on what they can do to improve security. Mr. Shays. Let me ask you this. How is it that we have been able to increase production when we haven't added a plant in 30 years? Mr. Fertel. Well, we actually have added a lot of plants in the last 30 years. We just haven't ordered a plant in that period. Mr. Shays. We haven't what? Mr. Fertel. We haven't ordered a new one, but we've added about 50 plants since 1980. But the way we have increased it in the decade---- Mr. Shays. We've had 50 plants since 1980? Mr. Fertel. Yeah. Mr. Shays. How many have we had since 1990? Mr. Fertel. As far as real plants, concrete and steel? Two, I think. Mr. Shays. OK. Mr. Fertel. But we have added the equivalent of 19 since 1990 in improving output from the plants, operating them better, doing a thing that we call uprates, where you can either improve the turbine or you can improve something on the reactor, on the reactor side to get more power out of it. And we have added two plants. So we've added about 19,000 megawatts since 1990 in kilowatt hours out. Mr. Shays. Do you all want to quickly speak to this issue of citations and whether they have to respond in writing or so on? I mean, is this of concern? Or are we more concerned than we should be? Mr. Lochbaum. As Mr. Reyes said, it's consistent with how they deal with safety issues. So it's the same approach. I also go back to what Mr. Zimmerman said. They are piloting the new significance determination process. Mr. Shays. And that's a good thing. Mr. Lochbaum. Well, it depends on how it comes out. It's a trial run now. But that could--depending on how that outcome is, could go further to better defining that line between what gets reported and what gets followed up, what the plant owners do and what the NRC does. I'm comfortable with that. If there is a better way of doing it, I'm open to that. But I bought into the process and I'm comfortable with it the way it is. Mr. Fertel. I think an aspect that maybe could help your comfort level--because you clearly weren't comfortable with it, listening to the discussion, is that I think the impression when they say they are doing a sample makes it sound like, oh, my God, they're just choosing a few. When they're doing the sample, they are doing a sample in security, they are doing a sample in safety, they are doing samples in other areas. And what they are looking for, in all honesty, is to see if there is any sort of a systemic breakdown in the corrective action program that the plant uses. And if they see a breakdown, well, then it's a whole other ball game for the NRC to come in and basically do major inspections. So they want your processes to work; and, if they work, they are comfortable. Mr. Shays. OK. I am going to adjourn. Actually, there is one other question. If staff's waiting for me--I am going out that door and I'm hustling. I have a better feeling of knowing the NRC is present every day. Are we underutilizing those folks? If you don't know, that's another issue. Mr. Lochbaum. We were concerned that--several years ago, the NRC changed its policy, like in 1997, 1998. They used to have more NRC resident inspectors, more people onsite. As part of a budget-cutting move, they removed some of the people from that onsite presence. That contributed to the problem that Davis-Besse--that Representative Kucinich is concerned about. Mr. Shays. But it seems to me that they could be doing followup. I mean, evidently, they have prescribed things they should do. Mr. Lochbaum. It's hard when there's so few of them. If they went back to the levels they had 5, 6 years ago, they could do more because there were more people there. Mr. Shays. Well, if you have two and you add one more, that's three. That's a 50 percent increase. Maybe even that would be beneficial. Mr. Lochbaum. It couldn't hurt. Mr. Shays. I'm sorry. I have a feeling there's some other things we could say, but it's been a long day, and it's been a very helpful day, and I appreciate all your contribution. So, we are going to call this hearing closed. Thank you. [Whereupon, at 2:07 p.m., the subcommittee was adjourned.] <all>