By Osamu Tsukimori
Published 13 April 2021
A series of security missteps at Tokyo Electric Power Co. Holdings Inc.’s Kashiwazaki-Kariwa nuclear plant should serve as a wake-up call for operators over the importance of addressing a potential terrorism threat immediately after any breach is confirmed, a top expert in the field has said.
The Nuclear Regulation Authority on Wednesday effectively banned Tepco from restarting the plant in Niigata Prefecture after it was revealed that the facility had been susceptible to security breaches at 15 locations, and that 10 of them had been left unattended for more than a month. The regulator also found that a Tepco staffer had got past a security guard last September using a colleague’s ID card, and gained entry to the plant’s central control room, after the employee realized his own ID card was missing.
The order was the first of its kind to be issued by the NRA since the body was launched in 2012, a year after the meltdowns at the Fukushima No. 1 nuclear plant. The move also dealt a heavy blow to Tepco’s goals to resume operations of two of the plant’s newest reactors for the first time in more than nine years, in order to curb fossil fuel costs.
Following in the footsteps of the U.S. Nuclear Regulatory Commission, which tightened security measures following the Sept. 11, 2001, terrorist attacks, the NRA has imposed tougher, multifaceted anti-terrorism measures.
Among them are the requirement that a “specialized safety facility” be installed to prevent the release of radioactive materials even if a reactor building were to come under direct attack from a deliberate airplane crash. Since 2016 it has also required a background check on plant workers who have access to sensitive security areas, following requests by the International Atomic Energy Agency.
Similar security gaffes have been reported at other Japanese nuclear operators as well. Kansai Electric Power Co. was given a warning in 2018 for an incident in which an entry key to sensitive areas of the Oi nuclear plant was inappropriately loaned to unauthorized workers.
Without proper security measures, nuclear plants could be vulnerable to multiple security threats, including the theft of nuclear materials, armed attacks by terrorists, insider sabotage or cyberattacks, to name a few.
But the incident in Niigata, among others, is “of particular concern” because the risk of security breaches went unaddressed for months, says Mycle Schneider, an independent consultant and coordinator of the annual World Nuclear Industry Status Report, based in Paris.
“Not taking seriously the potential of a threat is the key problem,” he said. “Discussing with colleagues around the planet, it always seemed as if in Japan there was a very basic missing ingredient. And that was the imagination of a threat. You cannot do efficient safety and security measures if you don’t have the imagination of what could actually happen and who could be the perpetrators.”
Last month the NRA gave Tepco a “red” rating for its nuclear defense management, marking the first time that the worst of the four ratings has been given to an operator in Japan. The order issued to Tepco on Wednesday banning movement of nuclear fuel is set to remain in place for at least a year while the regulator conducts an additional inspection.
NRA Chairman Toyoshi Fuketa said that the sanction is more serious in nature than a suspension order because while there is a statutory limit of one year for a suspension, there’s no set deadline for the end of the latest order issued to Tepco.
“I hope Tepco will take the unprecedented sanction seriously,” he said at a news conference on Wednesday.
Tepco President Tomoaki Kobayakawa apologized to the Niigata Prefectural Assembly on Wednesday for causing worries and concerns, adding that he takes the matter very seriously. He pledged to bolster safety measures following the firm’s own investigation into the cause of the mishaps.
The threat of an unauthorized entry is real, Schneider says, noting that Greenpeace activists have repeatedly demonstrated on film that they could gain entry to sensitive areas inside French nuclear plants.
“Other countries have similar security breaches and malfunctioning security issues at nuclear plants around the world,” he said. “It’s not as if it’s just perfect everywhere else and Japan is kind of the bad guy. But if you have a breach, you have to do something immediately, and apparently that is not what happened in Japan. And that might be of particular concern.”
A breach at the plant that potentially left it susceptible to sabotage is also of great concern as it could be “the most difficult thing” to deal with, Schneider added. He gave an example of a nuclear plant shutdown incident in Belgium in 2014 after the loss of oil in its main turbine. It was subsequently determined that a valve had been deliberately opened in an act of sabotage, but to this day no one has been put behind bars or even arrested for the act, he added.
“They did not have an idea where people were that had access to that space,” he said. “That’s pretty scary. It’s the same situation in Japan. If they don’t know who can get on site or even know the number, that can make the insider threat much worse. Tight site access control is a very basic measure.”
The latest incident came despite the fact that the NRA’s on-site inspectors have 24-hour access to the entire nuclear facility. Some experts have said that puts some of the onus on the regulator, because the incident did not come to light until months after the security breaches and mishaps occurred.
“Even if Japan has stringent regulations, apparently the most simple ones are not being enforced,” Schneider said. “And (the) NRA didn’t see anything. That puts into question not only Tepco but also the NRA, because the oversight was not appropriate.”
Nuclear plants around the world have to guard not only against direct aircraft attacks after 9/11 but also against newer threats like drones or cyberattacks as well, Schneider said.
“After 9/11, there should have been a dramatic revision of the basic attack scenario because there were 20 people that were ready to die in an attack,” he said. “But I don’t think there’s any place that has actually revised what’s called the design basis threat to that level, which I think is a problem."