Remarks by Dr. Dale Klein, Commissioner U.S. NRC for the American Nuclear Society (ANS) November, 2009
- Edited by Linton Levy -
Thank you, and good afternoon, everyone. I am pleased to have the opportunity to participate in this important conference. The concept of managing risk to avoid adverse consequences has been with us since the first human beings appeared on the planet. Over time, the application of the principles of risk management to ever broader fields of activity has been constant and is still expanding. Some view this as progress and others as the unwelcome price we have to pay for the increasing complexity of our existence.
In the regulatory field, the concept of risk as a management tool is relatively recent. At the NRC, it was not until 1995 that the Commission issued a policy statement that encouraged the application of probabilistic risk assessment “as an extension and enhancement of traditional regulation.” As a regulator and based on the agency’s experience over the last two decades, I strongly support the use of risk analysis as a means to focus on the events and activities that pose the greatest risks to public health and safety and to ease unnecessary burdens on licensees. I believe we have come a long way since 1995. I also believe, however, that we can and should expand the systematic use of risk analysis to areas where, up to now, it has been used intermittently. I am referring here to the security arena. This will be a difficult task, however, and will require the concerted effort of the NRC and the industry to carry it out.
The NRC has made great strides in bringing a risk-informed approach to our safety regulations. One very important example of that risk-informed approach is the Reactor Oversight Process, or ROP. The ROP provides predictability of NRC actions at the same time that it recognizes the relative importance of inspection findings by taking into account their risk. While the ROP can certainly be improved, I think it has been a great success in helping the NRC and licensees focus resources on the more risk-significant issues.
Considering the great progress we have made in risk-informing our safety regulations, I believe we have the experience and many tools to further risk-inform the security-related arena. I also believe that in most instances, the U.S. nuclear industry has reached a level of security such that additional requirements would not substantially improve overall security. Let me be clear: I strongly believe we need to remain vigilant but must also do a better job of risk-informing our security-related decisions. When considering additional measures above those required by adequate protection, we need to find ways to determine whether the benefits of proposed security enhancements outweigh the burdens caused by those changes. This is consistent with the Commission policy statement on the use of Probabilistic Risk Assessment, which provides a balanced perspective on the use of risk-related information. The policy statement seeks to reduce unnecessary conservatism associated with current regulatory requirements or, where appropriate, use PRA to support the proposed additional regulatory requirements. Simply put, I think we need to be better regulators in the security arena to ensure that our requirements are balanced. In addition, we need to articulate the difference between a postulated threat and a threat assessment.
At the NRC, our goals of safety and security are of equal importance. However, unlike many nuclear power plant safety issues, security risks are more difficult to quantify. Most security issues do not typically involve a “hard science” and therefore the risks are difficult to analyze.
For example, whereas engineering calculations and related data can help us to determine what size pump or generator to use or what the chances are that it will fail when called upon, the same cannot be said for determining how many guards to have at a plant or what caliber weapons they should carry. Rather, we have to look at the overall security strategy and determine through more subjective means, if we have effectively managed risks associated with radiological sabotage. Some aspects of the security threat, of course, are quantifiable. We can calculate the explosive force of various bomb materials, how much of that material would be necessary to produce a given consequence, and the impacts of various size vehicles crashing into vehicle barriers, for example. However, security rests largely on anticipating the plans of human agents, which is much more difficult than anticipating when a component of safety significance might fail.
In the absence of quantifiable data related to the risks of radiological sabotage, the NRC and industry continue to receive pressure to increase security as well as safety requirements to reach a “zero” risk level. But as we all know, a zero risk level is not realistically attainable in any human activity and as a practical matter, we balance risk against benefit every day in our routine activities. The safest vaccine is never given, the safest airplane never flies, the safest car never moves, and the safest power plant is one that never operates. I think we all understand that some who advocate restrictive regulation and legislation have little interest in advancing the safe use of nuclear materials and energy. This concerns me because those who jump on the bandwagon calling for more security often have little understanding of risk, benefits, or consequences.
Let me give you a specific example of what happens when we don’t carefully think about consequences. After 9/11, the NRC issued many new requirements for security-related upgrades to virtually every one of its licensees representing every sector of the commercial nuclear industry. Of necessity, we did this without having the luxury of applying the Commission’s regular and deliberative rulemaking processes. Although the new requirements have clearly resulted in beneficial increases in the levels of security at NRC-licensed facilities, the new requirements have also resulted in some unintended outcomes.
One specific new requirement for nuclear power plants and other types of licensees was to install multiple bullet resistant enclosures – also known as BREs – throughout their protected areas to provide observational posts and fighting positions with which to repel an attack in lieu of traditional security patrols. Although these BREs can be effective in protecting security guards while repelling an attack, I firmly believe that these BREs have contributed to the security guard attentiveness issues we have seen recently at some commercial nuclear power plants. Let’s be honest, if you were isolated in a small room with little ventilation and only small slits to use to view the outside world, you would likely grow bored and inattentive, too. I think in this case we may have set ourselves up for failure.
As a regulator, we must ensure that any security upgrades and new requirements proposed in the future add real value. You don’t necessarily want to use an axe instead of a scalpel, just because it is bigger and stronger.
Let me focus on a different example in the materials arena. There continues to be a debate about the security of certain radiation sources, primarily cesium-137. Many of these sources are used in life-saving medical procedures at many hospitals in America. Since the events of September 11, 2001, NRC has promulgated regulations and Orders which have increased, in a risk-informed manner, the security associated with these sources. Our efforts so far have not severely limited the availability of the vital medical procedures to the American public.
However, as I told the Society of Nuclear Medicine, increasing the security of these sources beyond current levels would likely have the opposite of the intended outcome. It could actually decrease the overall health and safety of the U.S. population by imposing such restrictive requirements that the medical community would essentially be denied access to radioactive materials for nuclear medicine, thus preventing patients from receiving beneficial treatments.
There are pundits who can and will postulate all sorts of dire scenarios involving misuse of nuclear materials. But alarmist rhetoric, no matter how popular in the media, is not the basis for making a regulatory decision. It is easy to address the hypothetical, it is much harder to understand the real public health consequences of an action.
My comments today are really more of a challenge since I am not aware of any particular tried-and-true methods of risk-informing security solutions. I do know that the NRC has a lot of expertise and talent in developing and applying risk-informed techniques, and I’m sure that the NRC staff can find ways to develop smart solutions. For instance, in the area of fire protection, the staff has been working for nearly eleven years to risk inform the Commission’s regulations. Incidentally, fire protection is an area where human action, and, subsequently, human error have also been shown to be a significant contributor to overall plant risk due to the significant role that operators play in the fire protection defense-in-depth strategy on safety. So we have some experience that possibly could help us in developing a risk-informed approach to security. And maybe we’ll get some ideas here today as well.
On the theme of good ideas, let me repeat a point I have made before. Now, more than ever, design engineers and security professionals have the opportunity to incorporate industry lessons-learned at the design stage and “build security in” from the beginning. The industry has
learned much, pre- and post-9/11. And, improvements can be realized in both safety and security through the design process. An excellent example of this is the Commission requirement that new reactor designs perform an aircraft impact assessment.
In my recent travels to Japan, I marveled at how the Japanese were able to provide secure observation platforms or “pathways” which allowed us to tour most areas of the Japanese nuclear power plant without substantially increasing security risks. It is my understanding that our own Bureau of Engraving and Printing has been using similar secure pathways and other security measures to conduct successful public tours for over four decades. These entities have figured out that openness and security can co-exist if we are smart about how we approach these problems and if we have the luxury of “building in” security and openness at the design stage. I believe that in the next generation of nuclear facilities built in the U.S., we must consider ways to address this if we expect to continue to build public confidence.
Let me make one additional point about security and openness. The NRC views nuclear regulation as the public’s business and, as such, believes it should be transacted as openly and candidly as possible to maintain and enhance the public’s confidence. Ensuring appropriate openness explicitly recognizes that the public must be informed about, and have a reasonable opportunity to participate meaningfully in, the NRC’s regulatory processes. At the same time, the NRC must also control sensitive information so that security goals are met. The challenge is to use risk management to maintain the necessary balance between the NRC’s goals of openness and security.
I would like to close by emphasizing that the NRC and the nuclear industry have done a great deal to strengthen security since 9/11. Even before the terrorist attacks, nuclear power plants and other nuclear facilities were some of the most fortified civilian facilities in the country. Nevertheless, our national level homeland security efforts have intensely focused on the nuclear industry, and I expect that this focus will continue. As a result, I believe that it is time for a recalibration of our thinking about risk management and security in the nuclear industry. This recalibration will allow the Federal government to increase its focus on risks associated with other critical infrastructure, such as the chemical and biological sectors, where the need may be greater. The defense of our nation is only as strong as its weakest link.