Imagine the following scenario, not too different from the plot of the current season of the TV series “24” – but not that farfetched, either. The White House gets a call from a terrorist group that claims it has systematically diverted enough plutonium to make a crude nuclear bomb – perhaps 15 pounds – from a U.S. nuclear fuel fabrication plant. The group also claims that it was assisted by an insider in the IT department who was able to cover up the theft by compromising the computer-based material accounting system. The terrorists then threaten to detonate the bomb in Chicago in 24 hours unless its exorbitant demands are met.
The first thing the White House would want to know is whether the threat is credible or not. So the president calls the manager of the facility and asks if any plutonium is missing. Here’s the conversation:
MANAGER: “I’ll get back to you.”
THE PRESIDENT: “When?”
MANAGER: “Well, we’ll check our computer records and let you know in 72 hours if we can’t account for all of it.”
THE PRESIDENT: “We don’t have 72 hours! And the thieves claimed they fudged the computer records! You need to measure all the plutonium you have and make sure it’s all there pronto!”
MANAGER: Mr. President, we can’t do that. It would take us weeks or months to actually measure the plutonium. But, with all due respect, the Nuclear Regulatory Commission does not require us to rapidly assess the validity of alleged thefts in every conceivable theft scenario, or to do so without the use of our records system.
THE PRESIDENT: Call Jack Bauer!
MANAGER: I’m sorry, but it’s no use. Jack Bauer is not one of the tools that we committed to use in our Fundamental Nuclear Material Control Plan.
Plutonium and MOX Fuel
A shocking state of affairs, but sadly true. The plant in question is the Mixed Oxide (MOX) Fuel Fabrication Facility (MFFF) at the Savannah River Site in South Carolina, now under construction by Energy Department contractor Shaw AREVA MOX Services. The MFFF is being built to turn excess plutonium from the U.S. nuclear weapons program into a type of nuclear reactor fuel called MOX. It has experienced massive cost escalation and other programmatic difficulties in recent years, leading DOE to reconsider its plan to finish construction and operate the plant. However, MFFF supporters in Congress are forcing DOE to continue construction, and the project remains very much alive.
For more than ten years, UCS has been assisting local citizen groups and their counsel, Diane Curran, in efforts to block the NRC from issuing construction and operating licenses for the MFFF. In these proceedings, UCS has fought to ensure that the MFFF, if built, would have robust physical security and material accounting systems to protect against and detect theft of plutonium by terrorists. Although we have won some important concessions along the way, in a February 2014 initial decision, a majority of the three-member NRC Atomic Safety and Licensing Board (ASLB) dismissed our complaints, opening the door for the NRC to issue the operating license.
In the decision, the ASLB noted that “NRC regulations do not require an applicant to rapidly assess the validity of alleged thefts in every conceivable theft scenario. Nor do regulations require an applicant to rapidly assess without the use of its records system.” A majority of the ASLB found that MOX Services provided reasonable assurance of its ability to rapidly assess the validity of alleged thefts and were satisfied that the company would take whatever actions are appropriate and necessary to evaluate the theft as it is alleged.
The initial decision has been appealed to the five NRC commissioners. The appeal is still pending, but there is little chance that the commissioners will vote to overturn the ruling of the ASLB majority.
A Flawed Plutonium Accounting System
Because of the security issues involved, the ASLB hearings were conducted behind closed doors, and many of the pleadings were not publicly released. But now that a redacted version of the decision has been made public, UCS is free to talk about our concerns with the material accounting system at the MOX plant, within the boundaries of the information that the NRC has released.
The central issue has to do with MOX Services’ approach to satisfying important NRC requirements for verifying periodically that items containing plutonium are where they are supposed to be and have not been tampered with. While the traditional approach to satisfying these requirements involves physically locating and inspecting items within certain time periods, MOX Services proposed instead that verification be accomplished only virtually, using the data within computerized inventory and process control systems. But one problem, as our hypothetical threat scenario indicates, is that this introduces additional uncertainty, as the data itself could potentially be inaccurate, either by accident or by malicious intent.
We argued that if the NRC were to accept this approach, MOX Services would have to provide a very high level of assurance that the data itself was accurate – that is, that it accurately reflected where the plutonium was in the plant. And we further pointed out that the NRC had no means of getting that level of assurance under the plan proposed by MOX Services. In fact, the NRC doesn’t even have a regulation for protection against cyberattack at a fuel cycle facility like the MFFF, although it plans to adopt one at a future date. In approving MOX Services’ material accounting scheme, the ASLB is relying entirely on the Energy Department’s cybersecurity requirements, without independently confirming that those requirements would be stringent enough to ensure the fidelity of the material accounting data.
MOX Services has committed to verifying the amount of plutonium in a storage vault within 72 hours, but by relying only on its computer records system. This verification doesn’t involve physically checking the material in the vault within this time frame because MOX Services refuses to – and perhaps is unable to – commit to doing so. (The plant will do an inventory check every 6 months, but in between will rely largely on its computerized records. This interim accounting is essential because if plutonium were stolen, it could be converted into a weapon in a matter of a few weeks or less.)
How Long Would Accounting Take?
But if an alleged theft involved compromise of the records system, MOX Services has made no commitment for how long it could take to verify whether any plutonium was in fact missing. And the ASLB majority accepted this state of affairs. (Panel chairman Michael C. Farrar, in his dissent, was sympathetic to our cybersecurity concerns.)
(And this doesn’t even take into account the possibility that the plutonium was not stolen from vault storage but from other areas of the plant, where it’s even harder to rapidly account for the loss of bomb-sized amounts of plutonium – an additional issue that we didn’t have the time or resources to raise with the ASLB.)
This means that if the MFFF eventually starts up and the scenario we present comes to pass, the president could be waiting for weeks, or even months before the plant manager could answer the question: Is any plutonium missing?
At a time when the threat of terrorism remains high, this inadequate approach to detecting theft of U.S. plutonium poses unacceptable and unnecessary risks to the whole world.