What role do nuclear facility operators play in providing nuclear security?
Operators of nuclear facilities, as well as shippers and users of nuclear and radioactive materials, are the first line of defense against theft or sabotage. They are responsible for translating national security legislation into facility and material-specific policies, and implementing on-site systems that put these policies into practice.
Implementing a security system often begins by constructing a design basis threat (DBT).
- A DBT draws on threat assessments by intelligence agencies and law enforcement officials to estimate the potential insider and outsider threats a facility can credibly expect to face [i]
- The DBT is used to create a threat statement, or list of threats that the facility must be capable of withstanding [ii]
- The security measures necessary to meet these challenges are then defined accounting for other issues (e.g., technical, economic, and political feasibility) to determine an optimal approach that both meets requirements and complies with national legislation. [iii]
Operators must design a security system capable of defending a target against realistic threats. To be effective, a security system must be able to: [iv]
- Detect when an intrusion has occurred
- Assess whether the intrusion is a threat or a false alarm
- Communicate the nature of the threat to response forces (e.g., the number of intruders and their location)
- Delay the threat until response forces arrive
- Defeat the intruders before they can either steal material or sabotage the facility.
In designing a system capable of meeting these objectives, operators:
- Emphasize the principle of defense-in-depth, which calls for redundancy of systems and independence of redundant systems from one another [v]
- Adopt a graded approach, whereby available security resources are allocated in accordance with the relative attractiveness of the target (e.g., is the nuclear material being protected directly weapons-usable?), and the severity of the potential consequences of successful theft or sabotage [vi]
- Carry out vulnerability assessments and regular realistic performance testing [vii]
- Vulnerability assessments are vital for weeding out common-mode failures, which result from unforeseen interactions between system components, and refer to how a fault in one component can cause multiple other components to fail. [viii] For example, in October 1966 at a reactor in Missouri, an emergency safety device designed “to reduce risk that materials from the core would burn through the containment walls in an accident,” broke off and blocked coolant from reaching the reactor core, nearly causing the reactor to meltdown [ix]
- Performance testing includes force-on-force exercises, whereby teams of outsiders, insiders, or a combination of the two simulate an attempt to steal material or sabotage a facility. [x]
- Account for the human element by:
- Instituting strong personnel reliability programs to determine the trustworthiness of personnel granted access to sensitive areas or information. [xi] This is essential to reducing the risk of insider threats
- Building a strong security culture among those responsible for security-related tasks, which instills an understanding that security is a process of continuous improvements, rather than an end-state. [xii]
What role do national governments play in nuclear security?
National governments have many essential nuclear security responsibilities, including:
- Enacting laws and regulations that set security requirements for nuclear facility operators and their facilities. Without strong legislation and effective regulation, operators are unlikely to provide sufficient levels of protection
- Establishing an independent regulatory agency with sufficient authority and resources to provide oversight and hold the state’s nuclear enterprise accountable. Ideally, the legal and regulatory system sets both prescriptive and performance-based requirements that detail what specific security measures operators should implement, and also how well those measures should perform [xiii]
- Sharing information with operators about possible threats to facilities
- Taking actions to build confidence in the effectiveness of their security, such as publishing relevant laws and regulations, annual reports, or other information providing the broad outlines of security arrangements
- Enacting laws that criminalize and set appropriate penalties for theft and attempted theft of nuclear and other radioactive materials, as well as acts of nuclear and radiological terrorism. Strong legal frameworks ensure security incidents are investigated and prosecuted, potentially helping to deter criminal behavior
- Recovering lost or stolen nuclear or other radioactive material
- Installing radiation detectors at border crossings and seaports to deter and interdict illicit trafficking in nuclear and other radioactive materials
- Conducting intelligence and law enforcement operations to identify and disrupt individuals or groups intent on supporting or committing acts of nuclear or radiological terrorism.
Not all countries engage in the activities described here, and many do so only to varying degrees. Many countries are undertaking significant efforts to strengthen their nuclear security legal frameworks, and to improve their capabilities to prevent nuclear and radiological terrorism, often in cooperation with other countries and international organizations. [xiv]
How are cyber and information security relevant to nuclear security?
- Nuclear information security is the protection of sensitive information, whether in physical or digital form, that could be used to steal material or commit an act of sabotage. For example, a transport schedule detailing the time and route of a shipment of nuclear material could provide someone with the information to then intercept and attack that transport
- Cyber security is the protection of digital computer and communications systems and networks against cyber-attacks that could enable the theft of material or sabotage of a facility. For example, non-state actors might employ cyber-attacks to disable access control systems—such as alarms, electronic locks, or video surveillance cameras—to infiltrate areas where nuclear material is stored
- Cyber-attacks are a growing threat worldwide, and specific events targeting nuclear installations have brought attention to the importance of robust information and cyber security
- In 2010, the Department of Homeland Security (DHS) was aware of 41 attacks against U.S. infrastructure targets, 5 of which had been directed against nuclear facilities [xv]
- In 2011, DHS knew of 198 attacks, 10 of which had been directed against nuclear facilities [xvi]
- Cyber-attacks can also exploit vulnerabilities to cause physical damage. [xvii] As such, cyber-threats must not be seen as separate from traditional nuclear security challenges.
- The IAEA offers guidance on how information and cyber security levels should be structured, recommending operators employ six different tiers of security. These begin with a baseline generic level applicable throughout a facility, followed by levels one through five for specified areas of a facility, where level one has the greatest and level five the least security. [xviii]
Sources
[i] Mary Lynn Garcia, The Design and Evaluation of Physical Protection Systems (Burlington: Butterworth-Heinemann, 2008), 37-38.
[ii] Mary Lynn Garcia, The Design and Evaluation of Physical Protection Systems (Burlington: Butterworth-Heinemann, 2008), 37-38.
[iii] International Atomic Energy Agency, “Implementing Guide: Development, Use and Maintenance of the Design Basis Threat,” IAEA Nuclear Security Series No. 10, p. 3-8, http://www-pub.iaea.org/MTCD/publications/PDF/Pub1386_web.pdf.
[iv] These five objectives are drawn from Matthew Bunn, “Nuclear 101: Technology and Institutions for Nuclear Security,” Project on Managing the Atom Seminar Series, May 8, 2013, www.belfercenter.ksg.harvard.edu.
[v] Institute of Nuclear Materials Management, “International Best Practices in Nuclear Security Risk Management,” Workshop on International Best Practices in Nuclear Security Risk Management, Washington, DC, May 2007, http://www.inmm.org/Nuclear_Security_Risk_Management/3076.htm; Matthew Bunn, “Nuclear Security: What is required?” Presentation, Beijing, October 12, 2011, http://belfercenter.ksg.harvard.edu/files/nuclearsecuritywhatisrequired.pdf.
[vi] International Atomic Energy Agency, “Nuclear Security Recommendations on Physical Protection of Nuclear Material and Nuclear Facilities (INFCIRC/225/Revision 5),” IAEA Nuclear Security Series No. 13, Vienna, 2011, p. 4. http://wwwpub.iaea.org/MTCD/publications/PDF/Pub1481_web.pdf.
[vii] Matthew Bunn, “Nuclear Security: What is required?” Presentation, Beijing, October 12, 2011, http://belfercenter.ksg.harvard.edu/files/nuclearsecuritywhatisrequired.pdf; Matthew Bunn, “Nuclear 101: Technology and Institutions for Nuclear Security,” Project on Managing the Atom Seminar Series, May 8, 2013, www.belfercenter.ksg.harvard.edu.
[viii] Scott D. Sagan, “The Problem of Redundancy Problem: Why More Nuclear Security Forces May Produce Less Nuclear Security,” Risk Analysis, Vol. 24, No. 4, 2004, p. 937; Matthew Bunn, “Nuclear 101: Technology and Institutions for Nuclear Security,” Project on Managing the Atom Seminar Series, May 8, 2013, www.belfercenter.ksg.harvard.edu.
[ix] Scott D. Sagan, “The Problem of Redundancy Problem: Why More Nuclear Security Forces May Produce Less Nuclear Security,” Risk Analysis, Vol. 24, No. 4, 2004, p. 938.
[x] International Atomic Energy Agency, “Nuclear Security Recommendations on Physical Protection of Nuclear Material and Nuclear Facilities (INFCIRC/225/Revision 5),” IAEA Nuclear Security Series No. 13, Vienna, 2011, p. 52, http://wwwpub.iaea.org/MTCD/publications/PDF/Pub1481_web.pdf.
[xi] International Atomic Energy Agency, “Nuclear Security Recommendations on Physical Protection of Nuclear Material and Nuclear Facilities (INFCIRC/225/Revision 5),” IAEA Nuclear Security Series No. 13, Vienna, 2011, p. 8-9, http://wwwpub.iaea.org/MTCD/publications/PDF/Pub1481_web.pdf.
[xii] Matthew Bunn, “Nuclear Security: What is required?” Presentation, Beijing, October 12, 2011, http://belfercenter.ksg.harvard.edu/files/nuclearsecuritywhatisrequired.pdf.
[xiii] Matthew Bunn, “Nuclear 101: Technology and Institutions for Nuclear Security,” Project on Managing the Atom Seminar Series, May 8, 2013, www.belfercenter.ksg.harvard.edu.
[xiv] Matthew Bunn, “Securing the Bomb 2010: Securing All Nuclear Materials in Four Years,” Nuclear Threat Initiative, Project on Managing the Atom, and Harvard University, April 2010, p. 9, http://www.nti.org/about/projects/Securing-bomb/.
[xv] ICS-CERT Industrial Control Systems Cyber Emergency Response Team, “ICS-CERT Incident Response Summary Report 2009-2011,” Control Systems Security Program, p. 3-4, http://ics-cert.us-cert.gov/sites/default/files/documents/ICS-CERT%20Incident%20Response%20Summary%20Report%20(2009-2011).pdf.
[xvi] ICS-CERT Industrial Control Systems Cyber Emergency Response Team, “ICS-CERT Incident Response Summary Report 2009-2011,” Control Systems Security Program, p. 5, http://ics-cert.us-cert.gov/sites/default/files/documents/ICS-CERT%20Incident%20Response%20Summary%20Report%20(2009-2011).pdf.
[xvii] ICS-CERT Industrial Control Systems Cyber Emergency Response Team, “ICS-CERT Incident Response Summary Report 2009-2011,” Control Systems Security Program, p. 6, http://ics-cert.us-cert.gov/sites/default/files/documents/ICS-CERT%20Incident%20Response%20Summary%20Report%20(2009-2011).pdf. Ralph Langner, “To Kill a Centrifuge: A Technical Analysis of What Stuxnet’s Creators Tried to Achieve,” The Langner Group, November 2013, p. 19-20, http://www.langner.com/en/wp-content/uploads/2013/11/To-kill-a-centrifuge.pdf.
[xviii] International Atomic Energy Agency, “Computer Security at Nuclear Facilities,” IAEA Nuclear Security Series No. 17, p. 31, http://www-pub.iaea.org/MTCD/Publications/PDF/Pub1527_web.pdf.