Skip to content

Illustration by iStock, Security Management

Watchdog Sting Operation Uncovers Vulnerabilities in Radioactive Materials Restrictions

Whether you call it research or a sting operation or both, the U.S. Government Accountability Office (GAO) uncovered a dramatic vulnerability in the U.S. guardrails around radioactive material that could potentially be used to create a dirty bomb—an explosive device intended to disperse radioactive material, which could cause hundreds of deaths and billions of dollars’ worth of damage, Physics Today reported.

Beyond the direct harm caused by a bomb, there would likely be significant social and economic harm caused by public panic, decontamination costs, and denial of access to the bomb site for long periods of time, the GAO said.

As part of its project, GAO investigators twice obtained small quantities of highly radioactive isotopes from domestic suppliers. They used shell companies and forced licenses to pose as legitimate buyers to successfully purchase a category 3 quantity of radioactive material of concern from two different vendors. The GAO provided a copy of its forged license to the vendors, obtained invoices, paid them, and the radioactive material was shipped to the shell company addresses. The GAO refused to accept the shipments and returned the material to the senders.

Radioactive materials are defined as categories 1 through 5, with 1 being the most dangerous. Category 3 amounts are defined as less than 10 times the quantity needed to cause permanent human injury.

“As GAO has previously reported, a category 3 quantity of radioactive material can, on its own, result in billions of dollars of socioeconomic costs if dispersed using a dirty bomb,” according to the report, Preventing a Dirty Bomb: Vulnerabilities Persist in NRC’s Controls for Purchases of High-Risk Radioactive Materials. “By purchasing more than one shipment of a category 3 quantity of radioactive material, GAO also demonstrated that a bad actor might be able to obtain a category 2 quantity by purchasing and aggregating more than one category 3 quantity from multiple vendors.”

The paper licenses to possess category 3 quantities of radioactive material can be altered and used to make illicit purchases, the GAO found.

Physics Today reported that the GAO “sting was carried out to show how terrorists might hack the Nuclear Regulatory Commission’s (NRC’s) licensing process for acquiring small amounts of radioisotopes such as cesium-137 and cobalt-60, which have legitimate uses for sterilization, nuclear medicine, well logging, and other applications. Cesium-137 is particularly dangerous due to its readily dispersible powder form. GAO officials declined a reporter’s request to identify the specific isotopes that were acquired.”

The threat of a dirty bomb is a realistic one. An internal U.S. intelligence memo from earlier this month said that agents from the FBI and the U.S. Department of Homeland Security (DHS) have observed an increase in online violent threats against federal officials and facilities, including a threat to place a dirty bomb in front of the FBI headquarters, The Guardian reported.

“From 2011 through 2020, the U.S. Nuclear Regulatory Commission (NRC) reported 4,512 nuclear materials events, which include instances of lost or stolen radioactive materials, radiation overexposures, leaking sources of radioactive material, and other events,” according to the GAO report. “Furthermore, NRC officials told us that since 1990, there have been 34 specific events involving the theft, sabotage, and vandalism of high-risk radioactive materials.

"One of these incidents occurred in April 2019, when a technician was arrested after stealing three iridium-192 radiography devices from his workplace in Arizona," the report continued. "According to a court filing, the technician intended to release the radioactive material at a nearby mall but was arrested after a 2-hour standoff and before he could do so. Furthermore, National Nuclear Security Administration officials we interviewed told us that current assessments of the threat environment show an increasing interest in using radioactive material for making a dirty bomb.”

Tensions at federal facilities are high. At the Internal Revenue Service (IRS) branch in Franklin, Tennessee, a “suspicious letter” was received on 23 August, prompting a hazmat response and a federal investigation. The same day, the IRS announced it would launch a full security review of its facilities nationwide, as congressional Republicans and far-right extremists lash out at the agency and its new $80 billion in funding.

“We see what’s out there in terms of social media,” IRS Commissioner Charles Rettig told The Washington Post. “Our workforce is concerned about their safety. The comments being made are extremely disrespectful to the agency, to the employees, and to the country.”

In a letter to IRS employees, Rettig wrote that the agency would conduct risk assessments for its 600 facilities and evaluate whether to increase perimeter security patrols, boost designations for restricted areas, examine entrance security, and assess exterior lighting.

Meanwhile, members of the U.S. House of Representatives Committee on Homeland Security sent a letter yesterday to the chairman of the NRC urging the commission to “take immediate actions to address vulnerabilities in its controls for purchases of radioactive material,” including “strengthening NRC’s licensing verification procedures and adding security features to its licensing process, which would help prevent illegitimate purchases of radiological material by terrorists and other bad actors.”

The letter continued: “The possibility of nefarious actors being able to buy such dangerous quantities of radiological material should be a call to immediate action. The threat is real—a recent publication by the Terrorgram Collective, a Racially and Ethnically Motivated Extremist group, claimed that dirty bombs are the ‘holy grail of terrorism’ and provided rough instructions on manufacturing a device using uranium ore. As law enforcement has recently been under threats of violence, the Federal Bureau of Investigation (FBI) and Department of Homeland Security have observed calls for using dirty bombs against law enforcement, including suggesting the placement of one in front of FBI Headquarters. Moreover, officials from the National Nuclear Security Administration have assessed that bad actors are showing an increasing interest in making dirty bombs.”

The NRC concurred with the GAO’s recommendation to tighten security features on class 3 materials, including switching from paper to electronic licenses. The agency also initiated a rulemaking process in January 2022 to require sellers to verify buyers’ identities, but that process can take up to two years to complete. The NRC noted that it is taking steps to expedite this rule, but current gaps will remain unaddressed until at least the end of 2023, the GAO warned.