Text

Audit of NRCs Force-on-Force Security Inspections of Fuel Cycle Facilities OIG-18-A-21 September 27, 2018 All publicly available OIG reports (including this report) are accessible through NRCs Web site at http://www.nrc.gov/reading-rm/doc-collections/insp-gen

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 OFFICE OF THE INSPECTOR GENERAL September 27, 2018 MEMORANDUM TO: Margaret M. Doane Executive Director for Operations FROM: Dr. Brett M. Baker /RA/

Assistant Inspector General for Audits

SUBJECT:

AUDIT OF NRCS FORCE-ON-FORCE SECURITY INSPECTIONS OF FUEL CYCLE FACILITIES (OIG-18-A-21)

Attached is the Office of the Inspector Generals (OIG) audit report titled Audit of NRCs Force-on-Force Security Inspections of Fuel Cycle Facilities.

The report presents the results of the subject audit. Following the September 18, 2018, exit conference, agency staff indicated that they had no formal comments for inclusion in this report.

Please provide information on actions taken or planned on each of the recommendation(s) within 30 days of the date of this memorandum. Actions taken or planned are subject to OIG followup as stated in Management Directive 6.1.

We appreciate the cooperation extended to us by members of your staff during the audit. If you have any questions or comments about our report, please contact me at (301) 415-5915 or Eric Rivera, Team Leader, at (301) 415-7032.

Attachment:

As stated

Office of the Inspector General U.S. Nuclear Regulatory Commission Defense Nuclear Facilities Safety Board OIG-18-A-21 September 27, 2018 Results in Brief Why We Did This Review Audit of NRCs Force-on-Force Security Inspections of Fuel Cycle Facilities The Nuclear Regulatory Commission (NRC) has What We Found regulatory oversight of the security programs at two NRCs force-on-force program for the Category I facilities is generally Category I fuel cycle facilities: effective and inspections are conducted in a timely manner.

BWX Technologies, Inc. located However, opportunities exist to improve NRCs force-on-force in Lynchburg, VA and Nuclear Fuel Services, Inc. located in program for Category I facilities by (1) improving the handling of Erwin, TN. Category I facilities classified information on the inspections and (2) completing NRCs are licensed to use and possess a 3-week force-on-force inspections more efficiently.

formula quantity of strategic special nuclear material, which must be protected. A 2016 NRC classification bulletin changed the classification of database information from previous inspections and procedures NRCs force-on-force inspections were not developed to implement these changes. NRC has not simulate combat between a developed detailed procedures for ensuring that classified mock adversary force and a licensees security force. The information is handled appropriately on force-on-force inspections inspection is designed to for Category I facilities. As a result, the lack of procedures could lead evaluate and improve the to an unauthorized disclosure of classified material. Force-on-force effectiveness of a licensees inspections at Category I facilities, consisting of 3 weeks of activities, security force to defend their facility against a design-basis can be completed more efficiently. The applicable inspection threat, which is a profile of the procedure has not been recently updated; thus, NRC may not be type, composition, and using its resources as efficiently as possible.

capabilities of an adversary. NRC and its licensees use the design basis threat to design systems to What We Recommend protect against acts of radiological sabotage and to This reports makes recommendations to: (1) develop and implement prevent the theft or diversion of a procedure to ensure classified information is handled and secured special nuclear material.

properly on force-on-force inspections, and (2) update Inspection The audit objective was to Procedure 96001 to revise how and when the target area inspection determine the effectiveness of is conducted for Category I facilities. Agency management stated the force-on-force program for their general agreement with the findings and recommendations in fuel cycle facilities.

this report.

Audit of NRCs Force-on-Force Security Inspections of Fuel Cycle Facilities TABLE OF CONTENTS ABBREVIATIONS AND ACRONYMS .......................................................... i I. BACKGROUND ................................................................................ 1 II. OBJECTIVE ...................................................................................... 4 III. FINDINGS......................................................................................... 4 A. NRC Needs to Improve Handling and Securing Classified Information on Category I Facility Force-on-Force Inspections ............................................................................. 5 B. Category I Facility Force-on-Force 3-Week Inspection Could Be Completed More Efficiently ............................................... 7 IV. CONSOLIDATED LIST OF RECOMMENDATIONS ....................... 11 V. AGENCY COMMENTS ................................................................... 12 APPENDIX A. OBJECTIVE, SCOPE, AND METHODOLOGY ............................... 13 TO REPORT FRAUD, WASTE, OR ABUSE ............................................. 15 COMMENTS AND SUGGESTIONS .......................................................... 15

Audit of NRCs Force-on-Force Security Inspections of Fuel Cycle Facilities ABBREVIATIONS AND ACRONYMS CAT Composite Adversary Team DOE Department of Energy NRC Nuclear Regulatory Commission OIG Office of the Inspector General SSNM Strategic Special Nuclear Material i

Audit of NRCs Force-on-Force Security Inspections of Fuel Cycle Facilities I. BACKGROUND Category I Fuel Cycle Facilities The Nuclear Regulatory Commission (NRC) has regulatory oversight of the security programs at two Category I fuel cycle facilities (Category I facilities)1: BWX Technologies, Inc. located in Lynchburg, VA and Nuclear Fuel Services, Inc. located in Erwin, TN. These facilities manufacture fuel for Government reactors and also process uranium for use in commercial nuclear power reactors (power reactors). Category I facilities are licensed to use and possess a formula quantity of strategic special nuclear material (SSNM), which must be protected.

Purpose of Force-on-Force NRCs force-on-force inspections simulate combat between a mock adversary force and a licensees security force. The inspection is designed to evaluate and improve the effectiveness of a licensees security force to defend their facility against a design-basis threat, which is a profile of the type, composition, and capabilities of an adversary. NRC and its licensees use the design basis threat to design systems to protect against acts of radiological sabotage2 and to prevent the theft or diversion of special nuclear material3.

Adversary Force and DOE Equipment The Composite Adversary Team (CAT) is the mock adversary force for the Category I facilities force-on-force inspection. The CAT is composed of voluntary Department of Energy (DOE) security guards who leave their 1 Category I fuel cycle facilities use or possess at least a formal quantity of SSNM (strategic special nuclear material). SSNM, which is defined in Title 10, Energy, of the Code of Federal Regulations 70.4 is SSNM in any combination in a quantity of 5,000 grams or more computed by the formula grams =

(grams contained in Uranium-235) + 2.5 (grams Uranium-233 + grams plutonium).

2 Radiological sabotage is a deliberate act against an NRC licensee that could directly or indirectly endanger the public health and safety by exposure to radiation.

3 Special nuclear material is defined by the Atomic Energy Act of 1954 as plutonium, uranium-233, or uranium enriched in the isotopes uranium-233 or uranium-235.

1

Audit of NRCs Force-on-Force Security Inspections of Fuel Cycle Facilities assigned post, at a DOE facility, to participate in the inspection. CAT members act as tactical operators who play the role of terrorist adversaries in the force-on-force inspection.

NRC and DOE have an interagency agreement for NRC to use DOEs equipment during the force-on-force inspections. The equipment uses lasers and blank ammunition to simulate actual battle or attack scenarios.

Individuals have small laser sensors scattered on their body, which detect when the person has been illuminated by a firearms laser simulating an injury or death. The information from DOEs equipment is registered onto a database.

Classified Information Category I facilities conduct classified activities. Classified information could be used by an adversary to harm the U.S. or its allies and must be protected. NRCs classification bulletins identify the subject matter, the information that needs to be protected, and the classification level of the information.

Composition of a Force-on-Force Inspection Force-on-force inspections are conducted at both Category I facilities and at commercial nuclear power plants. At Category I facilities, the inspections are conducted in accordance with NRC Inspection Procedure 96001, NRC Force-on-Force Inspections at Category I Fuel Cycle Facilities. At the commercial nuclear power plants, the mock adversary force attempts to reach and simulate damage to significant components of safety-related systems. These components are referred to as target sets and they protect the reactors core or the spent fuel, which could potentially cause a radioactive release to the environment. At the Category I facilities, a similar process is used to assess the effectiveness of a licensees protective strategy capabilities relative to the design basis threats of radiological sabotage and theft or diversion of strategic special nuclear material.4 4 10 CFR 73.1 is the regulation that references the design-basis threats for the Category I facilities.

2

Audit of NRCs Force-on-Force Security Inspections of Fuel Cycle Facilities Force-on-force inspections at Category I facilities are conducted every 3 years (triennial), span 3 non-consecutive weeks, and include tabletop drills and simulated combat exercises between a mock adversary and the facilitys security force. Table 1 depicts the three site visits that comprise an inspection.

Table 1: Force-on-Force Inspection Category I Facility Inspection Power Reactor Program Program Target Area Inspection5 Planning Week Exercise Week Source: OIG Generated Each week of the force-on-force inspection has a separate purpose. The target area inspection week is to perform a target information analysis; the planning week is to analyze the sites protective strategy and to plan the force-on-force exercises; and the exercise week is to observe the licensee perform two force-on-force exercises and analyze any findings.

The inspection is conducted by a team composed of inspectors from NRC Headquarters, an inspector from Region II, and active duty military advisors. Active duty military advisors provide NRC with technical advice.

5 Although Inspection Procedure 96001 does not state how long target area inspection lasts, one inspector noted that at a recent BWX Technologies, Inc. inspection, a target area inspection took six hours shared between two days and included two days for travel.

3

Audit of NRCs Force-on-Force Security Inspections of Fuel Cycle Facilities Responsible NRC Offices The Office of Nuclear Security and Incident Response, Division of Security Operations, is responsible for the force-on-force inspections. Within the Division of Security Operations, the Security Performance Evaluation Branch develops and oversees NRCs program for performance-based evaluations of licensee security programs, including force-on-force exercises and tabletop drills. In addition, an inspector from Region II is also part of the inspection team, as Region II inspectors conduct the core inspection program6 at BWX Technologies, Inc. and Nuclear Fuel Services, Inc.

II. OBJECTIVE The audit objective was to determine the effectiveness of the force-on-force program for fuel cycle facilities. Appendix A contains information on the audit scope and methodology.

III. FINDINGS NRCs force-on-force program for the Category I facilities is generally effective and inspections are conducted in a timely manner. However, opportunities exist to improve NRCs force-on-force program for Category I facilities by (1) improving the handling of classified information on the inspections, and (2) completing NRCs 3-week force-on-force inspections more efficiently.

6 The core inspection program requires physical security areas to be inspected either annually, biennially, or triennially. The physical security areas include the following items: access authorization, access controls, contingency response, equipment performance, fitness for duty, material controls, target area reviews, security training, and protection of sensitive and classified information. The core inspection program also requires two material control and accounting inspections annually and a transportation security inspection once every three years.

4

Audit of NRCs Force-on-Force Security Inspections of Fuel Cycle Facilities A. NRC Needs to Improve Handling and Securing Classified Information on Category I Facility Force-on-Force Inspections NRCs policy is to ensure that classified information is handled and secured appropriately and is protected from unauthorized disclosure in accordance with regulations, Executive Orders, and NRC procedures.

A 2016 NRC classification bulletin changed the classification of database information from previous inspections and procedures were not developed to implement these changes. NRC lacks clarity and consistency on how classified information is handled and secured because the agency has not developed detailed procedures for ensuring that classified information is handled appropriately on force-on-force inspections for Category I facilities. The lack of procedures could lead to an unauthorized disclosure of classified information. This audit did not detect any unauthorized disclosure of classified information.

What Is Required Classified Information Should Be Appropriately Handled and Protected Federal agencies, including NRC, should appropriately handle and protect classified information. Management Directive and Handbook 12.2, NRC Classified Information Security Program, states NRCs policy is to ensure that classified information is handled appropriately and is protected from unauthorized disclosure in accordance with regulations, Executive Orders, and NRC procedures.

What We Found Handling and Securing Classified Information Can Be Improved NRC can strengthen handling and securing classified information at Category I facilities during force-on-force inspections. On March 2016, NRC signed an original classification decision and associated 5

Audit of NRCs Force-on-Force Security Inspections of Fuel Cycle Facilities Classification Bulletin CB-DBT-1,7 changing various points of classification and categorized information during the force-on-force inspections at a higher classification level. Currently, there are differing views among the NRC staff on whether the database used during Category I facility force-on-force inspections contain classified information.

Some Staff Unclear Whether Classified Information is on the Database Some NRC staff are unclear as to how information is handled and secured for the database that is used to facilitate the Category I facility force-on-force inspections. For example, NRC staff stated that the database has contained classified information during prior Category I facility force-on-force inspections. Yet, other NRC staff members stated the database does not contain any classified information. Consequently, NRC staff have different interpretations on whether there is classified information on the database while the classification bulletin states Category I facilities possess classified information.

Why This Occurred Lack of Detailed Procedures There is a lack of clarity and consistency on how classified information is handled and secured because NRC has not developed a detailed procedure for the appropriate handling of classified information at Category I facilities during the force-on-force inspections.

Why This Is Important Unauthorized Access and Potential Leakage of Classified Information If NRC does not have strong effective internal controls with a detailed procedure for handling classified information at Category I facility force-on-7 CB-DBT-1: Classification Guidance for the U.S. Nuclear Regulatory Commission Theft or Diversion Design-Basis Threat for Category I Fuel Cycle Facilities.

6

Audit of NRCs Force-on-Force Security Inspections of Fuel Cycle Facilities force inspections, unauthorized parties may have access to classified information and there could be a potential leakage of classified information to adversaries.

Recommendation OIG recommends that the Executive Director for Operations

1. Develop and implement a procedure to ensure classified information is handled and secured properly on force-on-force inspections for Category I fuel cycle facilities.

B. Category I Facility Force-on-Force 3-Week Inspection Could Be Completed More Efficiently The Principle of Efficiency from NRCs Principles of Good Regulation states when there are several effective options, the agency should adopt the one that minimizes the use of resources. However, force-on-force inspections at Category I facilities consist of 3 weeks of activities (target area inspection week, planning week, and exercise week), which could be completed more efficiently. This is happening because the applicable inspection procedure has not been recently updated; thus, NRC may not be using its resources as efficiently as possible.

What Is Required NRC Regulations Should Be Efficient Efficiency is one of the principles that guides how NRC carries out its regulatory activities, as stipulated in NRCs Principles of Good Regulation.

Specifically, this principle states that where several effective alternatives are available, the option which minimizes the use of resources should be adopted.

7

Audit of NRCs Force-on-Force Security Inspections of Fuel Cycle Facilities What We Found Category I Facility 3-Week Force-on-Force Inspections Can Be Completed More Efficiently Category I Facilities The force-on-force inspections for Category I facilities can be completed more efficiently. Currently, the force-on-force inspection for the Category I facilities is comprised of 3 weeks (target area inspection week, planning week, and exercise week). The target area inspection week is to perform a target information analysis; the planning week is to analyze the sites protective strategy and to plan the force-on-force exercises; and the exercise week is to observe the licensee perform two force-on-force exercises and to analyze findings. Notably, in practice, target areas are also reviewed during walk downs of the facility during planning week.

Power Reactors In comparison, the NRC inspection team for power reactors completes the force-on-force inspection (a) in 2 weeks (planning and exercise) and (b) the target set inspection (power reactors version of the target area inspection) is completed by inspectors from NRCs Regions prior to the force-on-force inspection.

NRC Staff, Advisors, and Licensee Opinions NRC staff, advisors, and licensee staff noted that dedicating a full week to target area inspection is unnecessary.8 For example, 13 out of 23 of these individuals noted that the target area inspection week is unnecessary and may be completed without having a full week dedicated to a target area inspection. This opinion is further supported by a June 5, 2018, memorandum from the Security Oversight and Support Branch, Division of Security Operations, which concluded that the additional week allotted for 8

Although Inspection Procedure 96001 does not state how long target area inspection lasts, one inspector noted that at a recent BWX Technologies, Inc. inspection target area inspection took six hours shared between 2 days and included 2 days for travel.

8

Audit of NRCs Force-on-Force Security Inspections of Fuel Cycle Facilities the target area inspection at Category I facility force-on-force inspections was unnecessary.

Why This Occurred Inspection Procedure 96001 Has Not Recently Been Updated Inspection Procedure 96001 for Category I facility force-on-force inspection has not been recently updated. Inspection Procedure 96001 was last updated in 2014 while the power reactors force-on-force Inspection Procedure 71130.039 was last updated in 2016. Cognizant interviewees attributed the difference in the frequency of updates to the power reactors force-on-force program taking precedence over the Category I facilities force-on-force program because there are more power reactors compared to the two Category I facilities that have force-on-force inspections.

Why This Is Important NRC May Not Be Using Its Resources Efficiently NRC may not be using its resources as efficiently as possible when conducting Category I facility force-on-force inspections. Inspectors use NRC travel funds to travel to the Category I facilities for the force-on-force inspections. The travel cost for three inspectors to attend the target area inspection at BWX Technologies, Inc. in Lynchburg, VA, which is currently performed in a single week, can total $2,093. Additionally, when inspectors travel to conduct the target area inspections, they are taken away from performing other tasks at their normal duty stations. When inspectors are at their normal duty stations, they are able to work on regular work-related tasks.

The June 5, 2018, Security Oversight and Support Branch memorandum stated that the target area review week is an unnecessary NRC travel expense and an unnecessary burden on the licensee. As such, if the target area inspection is combined in one of the other 2 remaining weeks 9 Contingency Response - Force-on-Force Testing, dated December 22, 2016.

9

Audit of NRCs Force-on-Force Security Inspections of Fuel Cycle Facilities or conducted by non-headquarters inspectors, the agency could save resources.

Recommendation OIG recommends that the Executive Director for Operations

2. Update Inspection Procedure 96001 to revise how and when the target area inspection is conducted and consider options such as:

Allow Region II to conduct target area inspection prior to the force-on-force inspection, or Conduct target area inspection during planning week.

10

Audit of NRCs Force-on-Force Security Inspections of Fuel Cycle Facilities IV. CONSOLIDATED LIST OF RECOMMENDATIONS OIG recommends that the Executive Director for Operations

1. Develop and implement a procedure to ensure classified information is handled and secured properly on force-on-force inspections for Category I fuel cycle facilities.

2. Update Inspection Procedure 96001 to revise how and when the target area inspection is conducted and consider options such as:

Allow Region II to conduct target area inspection prior to the force-on-force inspection, or Conduct target area inspection during planning week.

11

Audit of NRCs Force-on-Force Security Inspections of Fuel Cycle Facilities V. AGENCY COMMENTS An exit conference was held with the agency on September 18, 2018.

After reviewing a discussion draft, agency management provided comments that have been incorporated into this report, as appropriate. As a result, agency management stated their agreement with the findings and recommendations in this report and opted not to provide formal comments for inclusion in this report.

12

Audit of NRCs Force-on-Force Security Inspections of Fuel Cycle Facilities Appendix A OBJECTIVE, SCOPE, AND METHODOLOGY Objective The audit objective was to determine the effectiveness of the force-on-force program for fuel cycle facilities.

Scope The audit focused on the NRCs force-on-force program at Category I fuel cycle facilities. OIG conducted this performance audit from February 2018 to June 2018 at NRC headquarters (Rockville, MD) and BWX Technologies, Inc. (Lynchburg, VA). Internal controls related to the audit objectives were reviewed and analyzed.

Methodology To accomplish the audit objective, OIG reviewed relevant Federal laws, regulations, and guidance including Atomic Energy Act of 1954, as amended.

Energy Policy Act of 2005.

Title 10 Code of Federal Regulations, Part 73, Physical Protection of Plants and Materials.

NRC Regulatory Guide: 5.70, Guidance for the Application of the Theft and Diversion Design-Basis Threat for Category I Fuel Cycle Facilities, dated February 10, 2017.

Management Directive and Handbook 12.2, NRC Classified Information Security Program, dated June 25, 2014.

NRCs Principles of Good Regulation.

Inspection Manual Chapter 1245, Qualification Program for New and Operating Reactor Programs, dated August 24, 2017.

Inspection Manual Chapter 1247, Qualification Program for Fuel Facility Inspectors in the Nuclear Material Safety and Safeguards Program Area, dated October 28, 2014.

13

Audit of NRCs Force-on-Force Security Inspections of Fuel Cycle Facilities Inspection Procedure 96001, NRC Force-on-Force Inspections at Category I Fuel Cycle Facilities, dated August 24, 2011.

Inspection Procedure 71130.03, Contingency Response - Force-on-Force Testing, dated December 22, 2016.

Naval Nuclear Propulsion Program Composite Adversary Team Qualification Standard, dated April 2018.

OIG also reviewed the full inspection reports for Category I fuel facilities force-on-force inspections for the last three cycles and resources associated with facilitating the inspections.

OIG conducted interviews of NRC staff and management and licensees to gain an understanding of the roles and responsibilities related to the triennial force-on-force inspection at Category I facilities. Auditors interviewed staff from the Office of Nuclear Security and Incident Response, Region II, and licensee staff at BWX Technologies, Inc. and Nuclear Fuel Services, Inc.

OIG auditors also accompanied inspectors on their inspections at BWX Technologies, Inc. in January, March, and April 2018 and observed the target area inspection, planning week, and exercise week.

We conducted this performance audit in accordance with generally accepted Government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.

Throughout the audit, auditors considered the possibility of fraud, waste, and abuse in the program.

The audit was conducted by Beth Serepca, Team Leader; Eric Rivera, Team Leader; Kristen Lipuma, Audit Manager; Jenny Cheung, Senior Auditor; and Magdala Boyer, Auditor.

14

Audit of NRCs Force-on-Force Security Inspections of Fuel Cycle Facilities TO REPORT FRAUD, WASTE, OR ABUSE Please

Contact:

Email: Online Form Telephone: 1-800-233-3497 TTY/TDD: 7-1-1, or 1-800-201-7165 Address: U.S. Nuclear Regulatory Commission Office of the Inspector General Hotline Program Mail Stop O5-E13 11555 Rockville Pike Rockville, MD 20852 COMMENTS AND SUGGESTIONS If you wish to provide comments on this report, please email OIG using this link.

In addition, if you have suggestions for future OIG audits, please provide them using this link.

15