OK, but still... couldn't the terrorists detonate a U.S. warhead if they possessed one?

While it's not impossible, it's extremely improbable. Since at least the Kennedy administration, physical mechanisms have existed on the bombs themselves to prevent unintended use. The chief safeguard is what's known as a Permissive Action Link (PAL), which prevents the arming or launching of the weapon "until the insertion of a prescribed discrete code or combination," according to the Department of Defense. The encrypted electronic PAL codes are created and changed periodically by the National Security Agency and kept at tightly secured places in a small number of military command centers. (As noted, the nuclear football is irrelevant here, since it doesn't contain PAL codes.) Though PAL designs are highly classified and have changed significantly over the decades, all are constructed to interrupt the firing process, and some essentially destroy the weapon if a certain number of incorrect codes are entered into the weapon's code box.

And the PAL isn't the only safeguard against unintended use that the bombs possess: Environmental sensing devices ensure the nuke's firing circuits are interrupted unless it achieves a velocity, trajectory or altitude consistent with duly authorized use. Most weapons, especially the more recently developed nukes, use something called insensitive high explosives to compress the nuclear material for a chain reaction -- "insensitive" because "if you drop it, pound it, or subject it to some trauma, it's not going to go off," says Robert S. Norris, a nuclear expert with the National Resources Defense Council.

So Marwan's out of luck. On "24," he employs an engineer, Sabir, who's designed a "chip" that can control the warhead's triggering device -- which, to the extent it means anything, means disabling or overriding the PAL. "Absolutely not," says the ex-official. If a terrorist doesn't have the classified, secured and constantly changing PAL codes (and good luck with that one) he's not activating the warhead. "They've thought this through," says Pike. "They've spent considerable effort to make sure that if nuclear weapons are detonated, it's the result of deliberate national policy."

But if Marwan thought creatively, he might have a slim chance of pulling off a detonation. His engineers do have another way around the PAL: They could take the bomb apart and design another. "If you had a terrorist also intimately familiar -- and I mean intimately familiar, not vaguely familiar -- [with bomb designs] and if he had access to a weapon for very long period of time, then it is not inconceivable that the individual could obtain some nuclear yield," the former senior official cautions. However, even for such expert nuclear engineers, figuring out how to take the bomb apart and rejigger it would require "weeks" of work, and the team would only have a few hours before Jack Bauer captured or killed them all.

Alternatively, Marwan could decide to forgo a nuclear yield altogether and opt for the much easier route of using the plutonium inside the warhead for a dirty bomb. One of his terrorists makes a cursory mention of obtaining a "legacy" warhead, which raises the prospect that the stolen bomb contains conventional high explosive and not the insensitive kind. As the name suggests, conventional explosives in nuclear weapons are vulnerable to high temperatures, meaning the terrorists could subject the warhead to a fire in the hope of detonating the explosives. In such a case, it's highly unlikely that the explosion could trigger a chain reaction and hence a nuclear blast, but the plutonium would disperse and contaminate the surrounding area -- the classic dirty-bomb scenario.

Could the nation's nuclear facilities be subject to a terrorist-induced meltdown?

Nope. If "24's" producers intended to irritate the Nuclear Regulatory Commission, they succeeded. The show's drama kicks off with Marwan's agents stealing a device called the Override, the creation of a defense contractor that adds an external safeguard preventing a civilian nuclear reactor from melting down. According to "24," the Override can also induce a meltdown if a savvy hacker can successfully launch a cyberattack on reactor security. Once accomplished, the Override can actually get control of all nuclear plants in the U.S., creating an environmental disaster so intense that the country will be brought to its knees.

In response to a deluge of worried phone calls after the episode aired, the NRC released a calm-down statement throwing cold water on the idea that any device "could remotely operate all 104 U.S. nuclear power plants via the Internet." And that's because "there is no central nervous system that controls all the nation's nuclear power plants," Cressey explains. "It just doesn't work that way." Unfortunately for the NRC, as the show progressed, the (fictitious) San Gabriel reactor melted down, causing mass (television) chaos and prompting a gigantic (imaginary) evacuation. NRC released another statement: "Nuclear power plants in the United States have redundant safety systems and several very robust physical barriers as well as well-established emergency plans that help ensure people living near these plants are kept safe." When I called for an elaboration, a very polite spokeswoman, Sue Gagner, made it clear that the NRC prefers to put the "dramatic fiction" of "24" behind it.

That's hardly surprising. NRC has had the specter of cyberattack hanging over its head since at least 1997, when the Pentagon organized a famous cyber war game that demonstrated the vulnerability of civilian infrastructure to online assault. In January 2003, an online worm called Slammer disabled a safety monitoring system at the Davis-Besse nuclear power plant in Ohio after a contractor for its owner, FirstEnergy Nuclear, installed an unprotected high-speed connection at the plant to FirstEnergy's internal network. Davis-Besse had been shut down for a year, but even if it was operating, the damage caused by Slammer would have been marginal -- and could neither have caused a meltdown nor spread to another reactor.

Even so, NRC has been beefing up its cybersecurity guidelines: Its most recent draft, issued in December, specifically warns against establishing interconnectivity between plant networks and outside networks to prevent another Davis-Besse. Since the NRC's guidelines aren't mandatory, a terrorist like Marwan could try to exploit laxity by a negligent plant operator, but it's incredibly remote that he would be able to cause significant damage to one reactor through a cyberattack -- let to alone all of them.

Recent Stories