The vulnerability of nuclear plants to deliberate attack is of concern in the area of nuclear safety and security. Nuclear power plants, civilian research reactors, certain naval fuel facilities, uranium enrichment plants, fuel fabrication plants, and even potentially uranium mines are vulnerable to attacks which could lead to widespread radioactive contamination. The attack threat is of several general types: commando-like ground-based attacks on equipment which if disabled could lead to a reactor core meltdown or widespread dispersal of radioactivity; external attacks such as an aircraft crash into a reactor complex, or cyber attacks.[1]
The United States 9/11 Commission has said that nuclear power plants were potential targets originally considered for the September 11, 2001 attacks. If terrorist groups could sufficiently damage safety systems to cause a core meltdown at a nuclear power plant, and/or sufficiently damage spent fuel pools, such an attack could lead to widespread radioactive contamination. The Federation of American Scientists have said that if nuclear power use is to expand significantly, nuclear facilities will have to be made extremely safe from attacks that could release massive quantities of radioactivity into the community. New reactor designs have features of passive nuclear safety, which may help. In the United States, the Nuclear Regulatory Commission carries out "Force on Force" exercises at all nuclear power plant sites at least once every three years.[1]
Nuclear reactors become preferred targets during military conflict and, over the past three decades, have been repeatedly attacked during military air strikes, occupations, invasions and campaigns.[2] Various acts of civil disobedience since 1980 by the peace group Plowshares have shown how nuclear weapons facilities can be penetrated, and the group's actions represent extraordinary breaches of security at nuclear weapons plants in the United States. The National Nuclear Security Administration has acknowledged the seriousness of the 2012 Plowshares action. Non-proliferation policy experts have questioned "the use of private contractors to provide security at facilities that manufacture and store the government's most dangerous military material".[3] Nuclear weapons materials on the black market are a global concern,[4] [5] and there is concern about the possible detonation of a dirty bomb by a militant group in a major city.[6] [7]
The number and sophistication of cyber attacks is on the rise. Stuxnet is a computer worm discovered in June 2010 that is believed to have been created by the United States and Israel to attack Iran's uranium enrichment facilities. It caused major damage to the facility by operating the centrifuges in erratic and unintended ways.[8] The computers of South Korea's nuclear plant operator (KHNP) were hacked in December 2014. The cyber attacks involved thousands of phishing emails containing malicious code, and information was stolen.[9] Neither of these attacks directly involved nuclear reactors or their facilities.
Nuclear reactors become preferred targets during military conflict and, over the past three decades, have been repeatedly attacked during military air strikes, occupations, invasions and campaigns:
Risks of nuclear energy systems aren't limited to deliberate bombing/shelling of or near nuclear energy plants – nuclear energy systems within war-zones in general have various additional vulnerabilities. Deliberate or unintentional bombing/shelling of or near radioactive waste-sites[15] is a further concern. These risks have become clearer during the 2022 Russian invasion of Ukraine. For example, when Russian forces occupied the inactive nuclear plant at Chernobyl, it still required "a crew of workers to maintain and monitor it to prevent any further nuclear incidents" and before occupation, fatigue of workers, which may not be allowed to freely come and go, may make mistakes more likely.[16] [17] [18]
See main article: Nuclear terrorism.
The EU Commission’s research center (JRC) investigated in spring 2021 in a report and concluded that the terrorist risk of nuclear power plants is vanishingly small, and that even successful terrorism will have relatively insignificant consequences. JRC, finds that hydropower/dams and oil and gas infrastructure pose a significantly greater terrorist risk, although this is still an extremely unlikely hypothetical scenario [19]
American physicist and nuclear energy critic Amory Lovins wrote in his 1982 book Brittle Power that the United States has for decades been running on energy that is "brittle" (easily shattered by accident or malice) and that this poses a grave and growing threat to national security, life, and liberty.[20] Lovins claims that these vulnerabilities are increasingly being exploited. His book documents many significant assaults on energy facilities, other than during a war, in 40 countries and, within the United States, in some 24 states.[21] Following 9/11, he re-released this book.
Lovins further claims that in 1966, 20 natural uranium fuel rods were stolen from the Bradwell nuclear power station in England, and in 1971, five more were stolen at the Wylfa Nuclear Power Station. In 1971, an intruder wounded a night watchman at the Vermont Yankee reactor in the US. The New York University reactor building was broken into in 1972, as was the Oconee Nuclear Station's fuel storage building in 1973. In 1975, the Kerr McGee plutonium plant had thousands of dollars worth of platinum stolen and taken home by workers. In 1975, at the Biblis Nuclear Power Plant in Germany, a Member of Parliament demonstrated the lack of security by carrying a bazooka into the plant under his coat.[22]
Nuclear plants were designed to withstand earthquakes, hurricanes, and other extreme natural events. But deliberate attacks involving large airliners loaded with fuel, such as those that crashed into the World Trade Center and the Pentagon, were not considered when design requirements for today's fleet of reactors were determined. It was in 1972 when three hijackers took control of a domestic passenger flight along the east coast of the U.S. and threatened to crash the plane into a U.S. nuclear weapons plant in Oak Ridge, Tennessee. The plane got as close as 8,000 feet above the site before the hijackers' demands were met.[23] [24]
In February 1993, a man drove his car past a checkpoint at the Three Mile Island Nuclear plant, then broke through an entry gate. He eventually crashed the car through a secure door and entered the Unit 1 reactor turbine building. The intruder, who had a history of mental illness, hid in a building and was not apprehended for four hours. Stephanie Cooke asks: "What if he'd been a terrorist armed with a ticking bomb?"[25]
Fissile material may be stolen from nuclear plants and this may promote the spread of nuclear weapons. Many terrorist groups are eager to acquire the fissile material needed to make a crude nuclear device, or a dirty bomb. Nuclear weapons materials on the black market are a global concern, and there is concern about the possible detonation of a small, crude nuclear weapon by a militant group in a major city, with significant loss of life and property. It is feared that a terrorist group could detonate a radiological or "dirty bomb", composed of any radioactive source and a conventional explosive. The radioactive material is dispersed by the detonation of the explosive. Detonation of such a weapon is not as powerful as a nuclear blast, but can produce considerable radioactive fallout. Alternatively, a terrorist group may position some of its members, or sympathisers, within the plant to sabotage it from inside.[26]
The IAEA Incident and Trafficking Database (ITDB) notes 1,266 incidents reported by 99 countries over the last 12 years, including 18 incidents involving HEU or plutonium trafficking:[27]
Terrorists could target nuclear power plants in an attempt to release radioactive contamination into the community. The United States 9/11 Commission has said that nuclear power plants were potential targets originally considered for the September 11, 2001 attacks. If terrorist groups could sufficiently damage safety systems to cause a core meltdown at a nuclear power plant, and/or sufficiently damage spent fuel pools, such an attack could lead to a widespread radioactive contamination. According to a 2004 report by the U.S. Congressional Budget Office, "The human, environmental, and economic costs from a successful attack on a nuclear power plant that results in the release of substantial quantities of radioactive material to the environment could be great."[34] An attack on a reactor's spent fuel pool could also be serious, as these pools are less protected than the reactor core. The release of radioactivity could lead to thousands of near-term deaths and greater numbers of long-term fatalities.[1]
If nuclear power use is to expand significantly, nuclear facilities will have to be made extremely safe from attacks that could release massive quantities of radioactivity into the community. New reactor designs have features of passive safety, such as the flooding of the reactor core without active intervention by reactor operators. But these safety measures have generally been developed and studied with respect to accidents, not to the deliberate reactor attack by a terrorist group. However, the US Nuclear Regulatory Commission does now also require new reactor license applications to consider security during the design stage.[1]
In the United States, the NRC carries out "Force on Force" (FOF) exercises at all nuclear power plant (NPP) sites at least once every three years. The FOF exercise, which is typically conducted over 3 weeks, "includes both tabletop drills and exercises that simulate combat between a mock adversary force and the licensee’s security force. At an NPP, the adversary force attempts to reach and simulate damage to key safety systems and components, defined as "target sets" that protect the reactor's core or the spent fuel pool, which could potentially cause a radioactive release to the environment. The licensee's security force, in turn, interposes itself to prevent the adversaries from reaching target sets and thus causing such a release".[1]
In the U.S., plants are surrounded by a double row of tall fences which are electronically monitored. The plant grounds are patrolled by a sizeable force of armed guards.[35]
In 2009, a paper published in the United States Military Academy's journal alleged that Pakistan's nuclear sites had been attacked by al-Qaeda and the Taliban at least three times.[36] However, the then Director General ISPR Athar Abbas said the claims were "factually incorrect", adding that the sites were "military facilities, not nuclear installations".[37] [38] In January 2010, it was revealed that the US military was training a specialised unit "to seal off and snatch back" Pakistani nuclear weapons in the event that militants would obtain a nuclear device or materials that could make one. Pakistan supposedly possesses about 160 nuclear warheads. US officials refused to speak on the record about the American safety plans.[39]
Insider sabotage regularly occurs, because insiders can observe and work around security measures. In a study of insider crimes, the authors repeatedly said that successful insider crimes depended on the perpetrators' observation and knowledge of security vulnerabilities. Since the atomic age began, the U.S. Department of Energy's nuclear laboratories have been known for widespread violations of security rules. During the Manhattan Project, physicist Richard Feynman was barred from entering certain nuclear facilities; he would crack safes and violate other rules as pranks to reveal deficiencies in security.[40]
A deliberate fire caused between $5m and $10m worth of damage to New York's Indian Point Energy Center in 1971. The arsonist turned out to be a plant maintenance worker. Sabotage by workers has been reported at many other reactors in the United States: at Zion Nuclear Power Station (1974), Quad Cities Nuclear Generating Station, Peach Bottom Nuclear Generating Station, Fort St. Vrain Generating Station, Trojan Nuclear Power Plant (1974), Browns Ferry Nuclear Power Plant (1980), and Beaver Valley Nuclear Generating Station (1981). Many reactors overseas have also reported sabotage by workers. Suspected arson has occurred in the United States and overseas.
In 1998 a group of workers at one of Russia's largest nuclear weapons facilities attempted to steal 18.5 kilograms of HEU—enough for a bomb.
It can be argued that Pakistan's whole nuclear program was jump-started due to sabotage by insiders. Following India's first nuclear weapons test, URENCO scientist A.Q. Khan wrote a letter to the Pakistani Prime Minister, Zulfiqar Ali Bhutto, offering to help start a nuclear weapons program for his home country. Soon after their conversations, Khan started delivering instructions and blueprints to Pakistan, which he got access to through his work translating the sophisticated G-1 and G-2 centrifuge designs from German to Dutch. Khan also acquired the essential expertise for running centrifuge operations from URENCO, which he would later relay back to scientists in Pakistan. When his coworkers at URENCO started to suspect something was going on, Khan had already fled back to his guaranteed safety in Pakistan. After just six years, Khan said his plants were “producing substantial quantities of uranium”.[41] Because of his help getting Pakistan the blueprints needed to start enriching uranium within their borders, Khan is widely regarded to as "the father of Pakistan’s nuclear weapons program".[42]
Various acts of civil disobedience since 1980 by the peace group Plowshares have shown how nuclear weapons facilities can be penetrated, and the group's actions represent extraordinary breaches of security at nuclear weapons plants in the United States. On July 28, 2012, three members of Plowshares cut through fences at the Y-12 National Security Complex in Oak Ridge, Tennessee, which manufactures US nuclear weapons and stockpiles highly enriched uranium. The group spray-painted protest messages, hung banners, and splashed blood.
The National Nuclear Security Administration has acknowledged the seriousness of the 2012 Plowshares action, which involved the protesters walking into a high-security zone of the plant, calling the security breach "unprecedented." Independent security contractor, WSI, has since had a weeklong "security stand-down," a halt to weapons production, and mandatory refresher training for all security staff.
Non-proliferation policy experts are concerned about the relative ease with which these unarmed, unsophisticated protesters could cut through a fence and walk into the center of the facility. This is further evidence that nuclear security—the securing of highly enriched uranium and plutonium—should be a top priority to prevent terrorist groups from acquiring nuclear bomb-making material. These experts have questioned "the use of private contractors to provide security at facilities that manufacture and store the government's most dangerous military material".
In 2010, there was a security breach at a Belgian Air Force base which possessed U.S. nuclear warheads. The incident involved six anti-nuclear activists entering Kleine Brogel Air Base. The activists stayed in the snow-covered base for about 20 minutes, before being arrested. A similar event occurred in 2009.[43]
On December 5, 2011, two anti-nuclear campaigners breached the perimeter of the Cruas Nuclear Power Plant in France, escaping detection for more than 14 hours, while posting videos of their sit-in on the internet.[44]
Stuxnet is a computer worm discovered in June 2010 that is believed to have been created by the United States and Israel to attack Iran's nuclear facilities.[8] It switched off safety devices, causing centrifuges to spin out of control. Stuxnet initially spreads via Microsoft Windows, and targets Siemens industrial control systems. While it is not the first time that hackers have targeted industrial systems,[45] it is the first discovered malware that spies on and subverts industrial systems,[46] and the first to include a programmable logic controller (PLC) rootkit.[47] [48]
Different variants of Stuxnet targeted five Iranian organizations,[49] with the probable target widely suspected to be uranium enrichment infrastructure in Iran;[50] [51] Symantec noted in August 2010 that 60% of the infected computers worldwide were in Iran.[52] Siemens stated that the worm has not caused any damage to its customers,[53] but the Iran nuclear program, which uses embargoed Siemens equipment procured secretly, has been damaged by Stuxnet.[54] [55] Kaspersky Lab concluded that the sophisticated attack could only have been conducted "with nation-state support".[56]
Idaho National Laboratory ran the Aurora Experiment in 2007 to demonstrate how a cyber attack could destroy physical components of the electric grid.[57] The experiment used a computer program to rapidly open and close a diesel generator's circuit breakers out of phase from the rest of the grid and explode. This vulnerability is referred to as the Aurora Vulnerability.
The number and sophistication of cyber attacks is on the rise. The computers of South Korea's nuclear plant operator (KHNP) were hacked in December 2014. The cyber attacks involved thousands of phishing emails containing malicious code, and information was stolen.[9] Nothing important was hacked at the plant, so the group was unable to threaten the operation of the reactor. Releasing personnel files and business data doesn’t compromise nuclear safety, even if it embarasses the company. [58]
In December 2017 it was reported that the safety systems of an unidentified power station, believed to be in Saudi Arabia were compromised when the Triconex industrial safety technology made by Schneider Electric SE was targeted in what is believed to have been a state sponsored attack. The computer security company Symantec claimed that the malware, known as Triton exploited a vulnerability in computers running the Microsoft Windows operating system.[59]
In April 2022 Taiwan News reported that an Anonymous-affiliated hacker Cyber Anakin had contracted COVID-19 and under five days long "Operation Wrath of Anakin: No Time to Die", hacked nuclear power plant interfaces in China, alongside other computer systems such as government websites, agricultural management systems, coal mine safety interfaces, and satellite interfaces, as acts of retaliation.[60]
Population density is one critical lens through which risks have to be assessed, says Laurent Stricker, a nuclear engineer and chairman of the World Association of Nuclear Operators:[61]
The KANUPP plant in Karachi, Pakistan, has the most people—8.2 million—living within 30 kilometres, although it has just one relatively small reactor with an output of 125 megawatts. Next in the league, however, are much larger plants—Taiwan's 1,933-megawatt Kuosheng plant with 5.5 million people within a 30-kilometre radius and the 1,208-megawatt Chin Shan plant with 4.7 million; both zones include the capital city of Taipei.
172,000 people living within a 30 kilometre radius of the Fukushima Daiichi nuclear power plant have been forced or advised to evacuate the area. More generally, a 2011 analysis by Nature and Columbia University shows that some 21 nuclear plants have populations larger than 1 million within a 30-km radius, and six plants have populations larger than 3 million within that radius.
However, government plans for remote siting of nuclear plants in rural areas, and the transmission of electricity by high-voltage direct current lines to industrial regions would enhance safety and security.
On the other hand, nuclear plant security would be at elevated risk during a natural or man-made electromagnetic pulse event, and the ensuing civil disorder in surrounding areas.
In his book Normal Accidents, Charles Perrow says that multiple and unexpected failures are built into society's complex and tightly coupled nuclear reactor systems. Such accidents are unavoidable and cannot be designed around.[62]
In the 2003 book Brittle Power, Amory Lovins talks about the need for a resilient, secure, energy system:
The foundation of a secure energy system is to need less energy in the first place, then to get it from sources that are inherently invulnerable because they're diverse, dispersed, renewable, and mainly local. They're secure not because they're American but because of their design. Any highly centralised energy system—pipelines, nuclear plants, refineries—invite devastating attack. But invulnerable alternatives don't, and can't, fail on a large scale.[63]