“You don’t need massive amounts of force to allow a nuclear plant to go into instability. The plant has enough energy to destroy itself. Drones can be used to tickle the plant into instability.” – John Large, Large & Associates
Compiled by leading British nuclear expert John Large of consulting engineers Large & Associates, and commissioned by Greenpeace France, the report followed several unexplained, but apparently co-ordinated, flights of tiny versions of drones – unmanned aerial vehicles (UAVs) – over French nuclear installations. Unidentified UAVs breached restricted airspace over 13 of France’s 19 nuclear power plants between early October and late November 2014. In January a UAV was spotted over the Elysée Palace, and in February drones were seen flying around five other Paris landmarks.
In public evidence to the French parliament, Mr Large stated various modes of drone attack against the defences of a standard NPP could include precisely targeted IEDs (improvised explosive devices) or dropping equipment to aid an insider saboteur.
Not toys but machines
The report modelling showed that the “flexible access and manoeuvrability of the drones” means that they were able to fly over and twist around physical barriers that “belonged to a different age.” Even small, battery-powered drones can lift at least 10 kg, while vehicles available in high-street hobbyist shops “are certainly not toys but machines capable of following and discharging intelligent commands.”
Chatham House cyber security expert Caroline Baylon backed this up: “Because drones are so small, conventional radar cannot detect them. There’s a huge vulnerability there.” She wrote in Newsweek in December 2014 that drones could also provide air support for an actual ground-based attack; drop explosives to damage power or communications networks; and be used to bomb spent-fuel pools, which are less well protected than reactor cores.
According to the French Directorate General for Civil Aviation, 1,300 commercial drone licences were granted since 2012, but they can easily be bought without a licence on the high street or online. Soldiers are authorised to shoot drones down, but not when they are over an NPP for fear of causing damage – which is exactly where they would be if used in an attack.
In 2014 Britain’s 16 operational reactors suffered 37 security breaches, including by at least one small UAV – the highest number since 12 breaches in 2011. The Large report recommended a major exercise to test the resilience of the UK’s power stations against acts of terrorism. With the recent terrorist attacks in Paris still painfully fresh in the national memory, France has now tasked its National Research Agency with investigating ways to improve detection and interception of small, low-flying drones and has announced that it plans to share its findings with other European countries.
NPP’s defences are designed to prevent accidents, not against terrorist threats. According to Large “most plants in France are not acceptable. The plants in the rest of Europe are old and need reviewing in this respect.” NPP defences are based on the design-based threat (DBT) – defined by the NRC and the UK Office for Nuclear Regulation (ONR), as the “range of threats faced by nuclear facilities,” based on assumptions about the capabilities of an attacker.
By 2014, and after many recommendations, the NRC characterized the DBT as a “well-trained and dedicated paramilitary force armed with automatic weapons and explosives and intent on forcing its way into the plant to commit radiological sabotage. Such a force may have the assistance of an ‘insider’… The threat also includes bomb-laden land and waterborne vehicles.” But so far it does not include drones.
In warning that the authorities are “burying their heads in the sand,” Large added cyber sabotage to the threat of physical attacks: existing NPPs are not designed to counter the threat of “near-cyborg technology… In each of the four… attack scenarios that I examined, the plant fared very badly indeed – if these scenarios had been for real, there would have been the potential for a major radioactive release.”
In March 2014 the South Korean government accused North Korea of carrying out cyber-attacks in December 2014 on its NPP operator, after investigators concluded the North was responsible. In 2003, a computer virus penetrated the network at the Davis Besse Nuclear Power Plant in Ohio. Although the plant was shut down at the time it was, nevertheless, still vulnerable as technicians had not installed a Microsoft security patch.
Plots and attempts
What precedent is there for NPP attack? Previous attempts are rare, but a hallmark plot was uncovered in November 2005 to carry out an attack on the Lucas Heights NPP, on the outskirts of Sydney, Australia. A group of Melbourne- and Sydney-based jihadists had undergone terrorist training on two country stations in New South Wales. After tracking the group, police stopped three suspects near the plant a year before their arrest, as part of police Operation Pendennis. Investigators discovered that an access on the outer security fence had been cut. The group had stockpiled weapons, including Australian Army rocket launchers, explosives, and other bomb-making materials – and had scoped out other high-profile Australian targets as well as Lucas Heights. Five men were convicted of terrorism charges in October 2009.
More recently, in May 2014 20 activists of the Ukrainian Right Sector were detained by Russian police for allegedly trying to seize the Zaporozhye NPP – Europe’s largest nuclear power plant, located between the beleaguered city of Donetsk and Russian-occupied Crimea – in the country where the world’s worst NPP disaster occurred, at Chernobyl in April 1986.