Year
2017
Abstract
Force-on-force (FOF) exercises, if properly conducted, are excellent ways for a regulator to assessthe effectiveness of nuclear facility security plans and the competence of security personnel. Theseperformance-based inspections can reveal vulnerabilities that may not be apparent fromcompliance-based document reviews. However, because such inspections are difficult to arrange,execute and sometimes interpret, they can become a source of tension between licensees andregulators. The protocols that govern the conduct of FOF exercises are key elements of a successfulinspection program. However, if the protocols are too prescriptive, they can undermine theflexibility of inspectors to maintain an element of surprise by running attack scenarios that involvetactics, techniques and procedures (TTPs) that licensees may not expect. But since licensees hatesurprises and they especially hate to lose a FOF exercise, it is in their interest that FOF inspectionsbe as predictable as possible. Partly in response to industry pressure, the FOF inspection programthat the US Nuclear Regulatory Commission (NRC) instituted in 2003 has undergone significantchanges since its inception. The program is currently subject to a Commission-directed review thatmay lead to further modifications, which potentially could reduce the effectiveness of the program.This paper draws from publicly available information to analyze these issues.