Home > NRC Library > Document Collections > General Communications > Information Notices > 1993 > IN 93-94
UNITED STATES NUCLEAR REGULATORY COMMISSION OFFICE OF NUCLEAR REACTOR REGULATION WASHINGTON, D.C. 20555 December 9, 1993 NRC INFORMATION NOTICE 93-94: UNAUTHORIZED FORCED ENTRY INTO THE PROTECTED AREA AT THREE MILE ISLAND UNIT 1 ON FEBRUARY 7, 1993 Addressees All holders of operating licenses or construction permits for nuclear power reactors. Purpose The U.S. Nuclear Regulatory Commission (NRC) is issuing this information notice to alert addressees of potential safety/safeguards issues raised as a result of an unauthorized forced entry into a protected area at Three Mile Island (TMI) Nuclear Generating Station. It is expected that recipients will review the information for applicability to their facilities and consider actions, as appropriate, to avoid similar problems. However, suggestions contained in this information notice are not NRC requirements; therefore, no specific action or written response is required. Description of Circumstances On February 7, 1993, TMI Unit 1 was operating at full power. At 6:53 a.m. an intruder drove a station wagon into the TMI site entrance and continued past the north gate guard house of the owner-controlled area. The intruder was traveling in the outbound traffic lane at an estimated 54-64 km per hour [35-40 miles per hour]. After observing that the intruder had failed to stop at a posted stop sign, the site protection officers at the north gate notified other onsite protection officers, thus prompting security personnel to respond. The vehicle then passed through a second stop sign and continued toward the processing center building for the protected area, which it skirted, heading toward the protected area gate. The vehicle breached the gate, thus activating the protected area alarm system and prompting security personnel to assess the situation on closed circuit television. The vehicle proceeded approximately 57 m [189 feet] and crashed through the Unit 1 turbine building aluminum rollup door. The vehicle caused damage to a secondary system condensate resin liner, an auxiliary steam line, and auxiliary support equipment. The plant operators in the control room were notified of the event by a call from the outgoing operations shift foreman who had witnessed the event and a site protection officer who had been informed of the event by the north gate 9312030104. IN 93-94 December 9, 1993 Page 2 of 5 site protection officers. Control room personnel responded by implementing emergency response procedures, including locking control room fire doors, classifying the event as a site area emergency, performing required notifications, and maintaining and monitoring the plant at full power. The security staff responded by posting site protection officers to intervene at predesignated vital areas, confirming vital area integrity, and with the aid of offsite responders, assessing the threat and searching for the intruder. The U.S. Army explosives ordnance disposal unit responded and surveyed the vehicle for suspicious objects, conducted a search for explosive devices, and removed the vehicle from the turbine building. During the search-and-clear operations, TMI security personnel and offsite response personnel found and apprehended the unarmed intruder at the bottom of the turbine building in a small space under piping in the condenser area. Following the operations shift supervisor declaring a site area emergency, the site emergency response program was implemented and the Commonwealth of Pennsylvania response organizations and the NRC were notified of the event. Due to the potential security threat at the time, the licensee chose not to fully activate its emergency response organizations. Personnel safety considerations prompted a decision not to staff the inplant technical support center or operations support center while the intruder was at large. After visually inspecting plant equipment, verifying that operating plant parameters were within the technical specification license criteria, and confirming that the safety systems were available, the licensee ended the site area emergency at 4:25 p.m. On February 8, 1993, the NRC Executive Director for Operations directed that an NRC incident investigation team be established to investigate the event. The team consisted of NRC personnel with a broad knowledge of physical plant security, safeguards, emergency planning, plant systems and operations, and criminal investigation, and an industry representative. Discussion The incident investigation team findings and conclusions are contained in both the public and safeguards versions of NUREG-1485, "Unauthorized Forced Entry Into the Protected Area at Three Mile Island Unit 1 on February 7, 1993," issued in April 1993. Some of the issues raised by the team with regard to the event and subsequent declaration of a site area emergency are relevant to operations at a power reactor site. These issues are summarized as follows: (1) Protected Area Barriers and Assessment System The performance objectives of Title 10 to the Code of Federal Regulations (10 CFR) Part 73 do not specifically address preventing a vehicle from forced entry through the protected area barrier and that . IN 93-94 December 9, 1993 Page 3 of 5 there is no NRC guidance specific to performance standards for a security response to such an intrusion. Notwithstanding this, the TMI Unit 1 assessment system was not effective in observing the intruder/vehicle penetrating the protected area barrier. Although the protected area detection system functioned (alarmed) as designed, the use of a land vehicle reduced the available time that security personnel had to respond and significantly affected their strategy toward protecting vital areas. (2) Interface Between Operations, Emergency Response, and Physical Security Response Activities Shortly after the protected area barrier was breached, the operator at the central alarm station implemented a procedure to limit access to vital areas. Implementation of the procedure reduced the number of key cards that would open vital area doors and resulted in only one member of the onshift operations crew having a valid key card to enter the vital areas. The TMI emergency operating procedure for responding to a penetration of the protected area specified that the control room fire doors (which were not vital area doors) be locked. A basis for this procedural requirement was not established. Locking the fire doors isolated the control room from the staff and equipment needed to implement the emergency response plan and introduced potential problems for plant operations. The decision to maintain stable, steady-state reactor operations at full power during the security incident was in accordance with an established emergency operating procedure and found to be appropriate by the incident investigating team. However, the procedure did not contain qualifying guidance to the operators. The incident investigating team noted that maintaining stable, steady-state operations at full power may not be appropriate for all security event conditions covered by the procedure. (3) Effect of security on Licensee Emergency Response and on Emergency Plan Implementation The shift operations supervisor was initially distracted from making the event classification and emergency declaration partly because of personnel safety concerns. His first priority was to lock the fire doors to the control room. Personnel safety considerations also prompted a decision not to staff the normal designated in-plant technical support center or the operations support center which are located in the control tower. Instead, an ad hoc decision was made to direct the technical support center and operations support center personnel to the training center. In addition, the Emergency Director responded to the central alarm station, which had the effect of relocating the emergency control center from the control room area to the service building. This relocation created confusion and complicated implementation of the emergency response plan. The licensee focused on . IN 93-94 December 9, 1993 Page 4 of 5 re-establishing the security of the facility and eliminating the intruder, thus obscuring the broader emergency response measures required for potential radiological sabotage. (4) Process for Implementing 10 CFR 50.54(x) and (y) Provisions During the event, the licensee suspended normal security entry processing into the protected area to allow offsite personnel to have free access to the vehicle and to conduct associated investigations. Routine security checks and records also were suspended. Although the suspension of security requirements is addressed in 10 CFR 50.54(x) and (y), compensatory alternatives were not considered in their application during this event. Additionally, the licensee did not report to the NRC Operations Center that it had suspended certain security measures in accordance with the provision of 10 CFR 50.54(x). (5) Communications Systems During the event, several difficulties arose that adversely affected communications with offsite organizations and licensee emergency response staff. Only certain telephones were specified by procedures to be used for emergency notifications and callbacks, and these telephones were not accessible because the control room fire doors were locked. The individuals making notifications and callbacks were not trained in the procedures they were to follow. Although the central alarm station was used as the emergency control center, the central alarm station communications capability was not designed to support both emergency preparedness and security functions. Also, the licensee telephone system had an off-hours restriction that did not permit outgoing calls from certain telephones. This restriction was not completely lifted until 7.5 hours after the intruder penetrated the protected area. In addition, the NRC did not have access to information in the emergency response data system because of a telephone line failure at TMI. The above items illustrate a broad spectrum of activities that were not anticipated or covered by procedures. While it cannot be expected that every variable of a security event can be anticipated in advance, there may be some lessons learned from the event that can be applied generally. On the basis of the NRC incident investigation team findings with respect to this event, the NRC staff is considering the need for additional regulatory actions. . IN 93-94 December 9, 1993 Page 5 of 5 This information notice requires no specific action or written response. If you have any questions about the information in this notice, please contact one of the technical contacts listed below or the appropriate Office of Nuclear Reactor Regulation (NRR) project manager. /S/'D BY BKGRIMES Brian K. Grimes, Director Division of Operating Reactor Support Office of Nuclear Reactor Regulation Technical contacts: Michael S. Warren, NRR (301) 504-3211 Donald M. Carlson, NRR (301) 504-3212 Attachment: List of Recently Issued NRC Information Notices .
Page Last Reviewed/Updated Thursday, March 29, 2012