Security of Nuclear Facilities and Material

  • Security at nuclear facilities is the responsibility of national governments.
  • To date, no cyber-attack on a nuclear reactor’s information and control system has compromised safety.
  • The first time an operating civil nuclear power plant was attacked by an armed group was during Russia's military action in Ukraine in early 2022.

Nuclear security relates to the prevention and detection of, and response to, theft, sabotage, unauthorized access and illegal transfer or other malicious acts involving nuclear material and other radioactive substances and their associated facilities. As a function, nuclear security is distinct from the safeguards to prevent the proliferation of atomic weapons technology. Ultimate responsibility for the security of nuclear facilities and the fuel cycle rests with national governments, which should define the roles and responsibilities of the regulatory and other competent authorities, as well as operators.1

Although safety and security are treated separately, if a facility or a radioactive source is not secure, it could pose a potential hazard and, thus, is not safe. Since the early 2000s, there has been a shift of attention from ensuring that nuclear materials are not diverted from peaceful uses, towards protecting plants from armed assault and cyber-attacks.

Threat from terrorism

Following the ‘9/11’ attacks in New York and Washington on 11 September 2001, governments revisited nuclear security and put more emphasis on terrorism. In 2002 the Group of Eight (G8) industrial countries expanded their cooperation to launch the Global Partnership Against the Spread of Weapons and Materials of Mass Destruction to “prevent terrorists, or those that harbour them, from acquiring or developing nuclear, chemical, radiological and biological weapons; missiles; and related materials, equipment and technology.”2 This global partnership has grown and now has 31 members. Additionally, in 2004 the United Nations Security Council approved Resolution 15403 obliging every state to adopt and enforce laws to stop non-state actors from obtaining weapons of mass destruction, including nuclear weapons.

The potential threat of nuclear terrorism also sparked another dimension to the debate within civil society over the risks posed by nuclear technology. Several non-governmental and academic organizations dedicated to raising the political profile of such threats were founded or began programmes examining the security of nuclear materials at power plants, hospitals and research institutions. The Nuclear Threat Initiative (NTI), for example, was founded in early 2001 to “protect our lives, livelihoods, environment and quality of life now and for future generations from the growing risk of catastrophic attacks from weapons of mass destruction and disruption.” The Fissile Materials Working Group (FMWG) was set up in 2009 as an international coalition of NGOs to advocate improved security of fissile materials.

The NTI and the FMWG were instrumental in shaping the agenda of four Nuclear Security Summits, which were held between 2010 and 2016 on the initiative of US President Barack Obama (see section below on Nuclear Security Summits).

The 9/11 attacks prompted the IAEA’s General Conference to review its programmes relevant to preventing acts of terrorism involving radioactive material. The first Nuclear Security Plan (for 2002-2005) was prepared and a series of publications on nuclear security was developed, along similar lines to the existing nuclear safety guidelines. In 2012, the Nuclear Security Guidance Committee was established to engage with member state governments in preparing nuclear security guidance.

The threat from terrorism influenced the definition of security adopted by the IAEA, which argues:

Vulnerabilities at nuclear facilities can make them susceptible to malicious acts and create opportunities for terrorists or criminal groups. The objective of physical protection is, therefore, to prevent access to, or control over, the nuclear facility or nuclear material through the use of protective measures, technical means and/or the use of guards and response forces.4

Protective measures include physical barriers, (e.g. walls, fences and gates), controlled and restricted access to identified locations within the facility, and categories of identification badging for personnel. A number of technical controls also exist, such as radiation detection portals, surveillance cameras, X-ray scanners for detecting hidden weapons or explosives, and interior and exterior intrusion detection sensors. The numbers and capabilities of security personnel must also be appropriate to the level of threat, as assessed by the government.

The nuclear industry has largely been free from violent attacks. A number of incidents in the 1970s and early 1980s were directed at nuclear plants that were under construction, as a way of trying to halt the construction of the reactors. Examples include:

  • Leftist guerrillas briefly occupied the Atucha construction site in Argentina in 1973.
  • The Basque separatist group ETA set off bombs and fired shots at the Lemóniz nuclear power plant in Spain while it was under construction on three occasions between 1977 and 1979, killing three workers, and also assassinated the project’s chief engineer José María Ryan Estrada and his replacement Ángel Pascual Mújica in 1981 and 1982 respectively.
  • Four small bombs planted by an anti-apartheid sympathizer working at the Koeberg nuclear power plant in South Africa during its construction were detonated in 1982, without causing loss of life or injury.
  • Rocket-propelled grenades were fired by associates of the Red Army Faction at the Superphénix fast reactor in France in 1982, while it was under construction, causing minor damage.

Chemicals have been used in terrorist attacks but so far there has not been a case where radiological material has been employed.

Threat from military action

The Additional Protocol of 1979 to the Geneva Conventions contains in Article 56 a provision stating that nuclear power plants “shall not be made the object of attack, even where these objects are military objectives, if such an attack may cause the release of dangerous forces and consequent severe losses among the civilian population."

Before the 2020s, no operating civil nuclear power plant had been the object of a military attack.a In July 2020, tensions between Azerbaijan and Armenia led to an Azerbaijani official threatening a missile strike against Armenia's Metsamor plant. In March 2022, the Zaporozhe nuclear power plant in Ukraine came under attack, and subsequent control, by the Russian military. While none of the plant's six units appeared to be directly targeted, a projectile hit a training centre located within the site. The State Nuclear Regulatory Inspectorate of Ukraine (SNRIU) said a resulting fire had not affected "essential" equipment.

Sabotage at nuclear facilities

Sabotage by insiders at nuclear facilities has occurred, but is extremely rare. Any such incidents are reported to the nuclear safety regulator. A number of different measures are in place to prevent sabotage, with safety-critical systems being protected in many ways. One such measure is the ‘two-person rule’, which requires that two operators are responsible for an activity.

Threat from cyberspace

‘Cyberspace’ describes the domain of distributed and self-regulating computing, digital data storage and digitally encrypted telecommunication. Digitalization is facilitating machine-learning, robotics and predictive analytics. It is revolutionizing manufacturing, plant operation and equipment servicing, not to mention energy distribution and household tasks.

The civil nuclear industry relies on information and communication technology (ICT) systems for a host of functions, just like any other industry does. The 3-D models of nuclear facilities offer a wealth of detail on the make-up of structures, systems and components (SSCs) and their performance. Building information modelling allows the owner of a facility to assemble all the characteristics and information about it in one secure digital format. Additive manufacturing techniques permit users of relatively simple extrusion or jetting devices to use 3-D digital models to create shapes by building up fine layers of self-bonding material (such as metal powders, plastics, or ceramics). The techniques can be applied to small components or even used to build large structures. The storage of vast amounts of information has been made easier by cloud computing.  

The opening up of cyberspace has created additional security challenges. Yukiya Amano, former director general of the International Atomic Energy Agency, stated in 2018: "Digital systems promise higher reliability, more functionality, better plant performance, additional diagnostic capabilities and many other advantages. But, of course, new digital systems also bring new challenges, including those related to nuclear safety and security."5

Cyber-attacks have succeeded in compromising the safety systems in the petrochemical sector and the threat to industrial control systems/safety systems continues to increase.

Cyber-attacks on nuclear facilities have originated from state and non-state actors. In 2003 the 'Slammer' computer worm infected the computer systems at the Davis-Besse nuclear power plant in Ohio, USA disabling a safety monitoring system for five hours. The reactor had been offline for nearly a year before its Slammer infection. Five other utilities were also affected.6 In 2010 the Stuxnet worm – believed to be developed by the US and Israeli governments – caused physical damage to around 1000 centrifuges at Iran's Natanz enrichment facility and also affecting the Bushehr nuclear power plant. It is likely that the worm was introduced through infected USB flash drives and installed files that appeared to originate from legitimate companies. In December 2014 a group calling itself ‘Who am I = No nuclear power’ hacked Korea Hydro and Nuclear Power (KHNP) and stole employee information and non-sensitive technical data and demanded a ransom payment. Malware was discovered in systems used to manage administrative activities at the Kudankulam nuclear power plant in India in September 2019. The malware was linked to the so-called Lazarus Group, operating apparently from North Korea.

While ICT systems have potential vulnerabilities it is equally important to recognize their security benefits as well. Encryption is an embedded feature of digital data storage and transmission, and the information content is better protected than it was before.

Cyberspace is subject to law and regulation at national and international levels. The Council of Europe Convention on Cybercrime (2004), known as the Budapest Convention, and the International Code of Conduct for Information Security (2015), are the two main legal instruments so far devised, although each is backed by a distinct group of countries. The instruments seek to facilitate intergovernmental cooperation in safeguarding digital information and combatting the misuse of data and networks.

Convention on the Physical Protection of Nuclear Material

During the 1970s, the peace movement began to campaign against nuclear energy by linking it to the production of plutonium, and thus, tendentiously, to the possession of nuclear weapons. Site occupations prevented the construction of the proposed Wyhl nuclear power plant (Germany) and the proposed Plogoff nuclear power plant (France), as well as attempted to prevent the construction of a waste repository at Gorleben in Germany. On the other side of the world, unfounded rumours that nuclear waste would be dumped in the oceans spurred the formation of the Nuclear Free Pacific Movement in 1975. Protests against civil nuclear shipping took place in parallel with attempts to stop nuclear weapons testing from 1971 onwards by Greenpeace and Peace Squadron vessels. In addition to direct action at sea, activist groups attempted to block the arrival of used nuclear fuel for reprocessing at La Hague, France, in 1979.  

Such attempts to interfere with shipments resulted in growing government concerns over the possible sabotage or theft of materials in transit. This led to the adoption of the Convention on the Physical Protection of Nuclear Material (CPPNM) in 1979. The CPPNM, which entered into force in 1987, was the first international treaty to deal with nuclear security.  

The CPPNM originally covered nuclear material during international transport, and obliged countries that signed the convention to cooperate with each other and with the International Atomic Energy Agency (IAEA) in:

  • Protecting nuclear material in transit.
  • Returning stolen material to the country of origin.
  • Protecting the confidentiality of information they communicated to one another and to the IAEA.

The CPPNM was amended in 2005 (coming into force in 2016), and the amendment made it legally binding for governments to protect nuclear facilities and material being used for peaceful purposes, both at facilities, in storage, and during transport. It also provided for expanded cooperation between countries regarding rapid measures to locate and recover stolen or smuggled nuclear material, and to mitigate any radiological consequences of sabotage.

Design basis threat

According to Fundamental Principle G of the CPPNM: "The State’s physical protection should be based on the State’s current evaluation of the threat."7 This evaluation of the threat, referred to as a national nuclear security threat assessment8, forms the basis of threat statements that outline the credible threats to facilities and activities concerning nuclear materials. Threat scenarios against which nuclear facilities must be able to protect themselves against are known as design basis threats (DBTs).

Depending on the regulatory approach being followed, the nuclear regulator should develop requirements based on the threat statements and nuclear security objectives (prescriptive approach); or the relevant operators should develop nuclear security systems to counter the design basis threats (performance-based approach). It is then the responsibility of the operator not only to ensure that its internal capability is sufficiently robust, but also that it can obtain assistance for any security threat that it is unable to manage on its own. In the event of an armed attack on a nuclear plant or transport operation, for example, the operator should expect to receive rapid assistance from the police, gendarmerie or military. It would fall to the police to arrest the perpetrators of an attack, or in advance if this is possible through prior intelligence. This means that the nuclear facility and the security authorities must work together closely in the risk assessment and mitigation exercise.

Design basis threats – which the operator is responsible for protecting against – should fall below the threshold beyond which the operator is unable to adequately respond to. The responsibility to respond to threats beyond the design basis, which cannot be mitigated by the operator's capabilities and/or resources, should lie with the state, although the operator may still have a role in responding to, or mitigating the consequences of, such threats.

There is an analogous process in relation to the handling of nuclear safety risks. The nuclear facility is required to have sufficient safety systems and technical redundancy to deal with design basis accidents (DBAs) and to have cooperative arrangements available in the event of a beyond design basis accident. For example, nuclear power plants cooperate to share emergency equipment at regional response centres for rapid deployment. Local authorities and technical support organizations have stand-by arrangements to provide assistance, if required. A nuclear operator is not expected to manage all aspects of a major beyond design basis radiological incident that would trigger the implementation of a local emergency plan.

Nuclear Security Summits

Four Nuclear Security Summits were held at the invitation of the USA, South Korea and Netherlands in Washington, DC (2010 and 2016), Seoul (2012) and The Hague (2014). Alongside these intergovernmental meetings, the nuclear industry held four Nuclear Industry Summits as official side events.

At the final 2016 summit, the participants to the Nuclear Industry Summit issued a statement pledging to enhance nuclear security along the following directions:

  • The securing of all nuclear and radiological materials in industrial facilities and applications.
  • The conversion of applications using highly-active radiological sources to alternatives where technically and economically feasible.
  • The minimization of stocks of nuclear and radiological material requiring special precautions where technically and economically feasible.
  • The continual improvement of nuclear security practices.
  • The exchange of nuclear security non-sensitive relevant best practice and discussion of emerging security challenges.
  • The promotion of a culture of safety and security among management and personnel.
  • The improvement of cybersecurity.
  • The provision of appropriate information, where permitted, to the public and stakeholders on the effectiveness of security in the civil nuclear industry.

Notes & references

Notes

a. There have been a number of military attacks against nuclear facilities in Iraq. On 30 September 1980, at the beginning of the Iran-Iraq War, the 40 MWt Osirak reactor in the Tuwaitha Nuclear Research Centre southeast of Baghdad was damaged during a bombing raid carried out by the Islamic Republic of Iran Air Force. The reactor had been under construction and was near to completion at the time of the attack. Although the damage sustained in the attack was subsequently repaired, the reactor was destroyed on 7 June 1981 in an airstrike carried out by the Israeli Air Force. Several facilities at Tuwaitha and the al-Safaa uranium enrichment plant north of Baghdad were bombed by coalition forces during the 1991 Persian Gulf War.

During the Iran-Iraq War, Iraq bombed Iran's partially-built Bushehr nuclear power plant several times between 1984 and 1987. Construction on the plant had been suspended by Siemens in 1980 due to the war. [Back]

References 

1. International Atomic Energy Agency, Nuclear Security Fundamentals, Objective and Essential Elements of a State’s Nuclear Security Regime, IAEA Nuclear Security Series No. 20 (February 2013) [Back]
2. The G8 Global Partnership Against the Spread of Weapons and Materials of Mass Destruction, Statement by G8 Leaders, Kananaskis, Canada (27 June 2002) [Back]
3. UN Security Council Resolution 1540 (2004), United Nations Security Council (28 April 2004) [Back]
4. IAEA Nuclear Security: Achievements 2002-2012, International Atomic Energy Agency (May 2013) [Back]
5. Director General's Statement at INDEX Conference on Nuclear Digital Experience, International Atomic Energy Agency (26 June 2018) [Back]
6. World Energy Perspectives – The road to resilience: managing cyber risks, World Energy Council (2016) [Back]
7. International Atomic Energy Agency, Information Circular, Amendment to the Convention on the Physical Protection of Nuclear Material, INFCIRC/274/Rev.1/Mod. 1 (Corrected) (18 October 2021) [Back]
8. International Atomic Energy Agency, Implementing Guide, National Nuclear Security Threat Assessment, Design Basis Threats and Representative Threat Statements, IAEA Nuclear Security Series No. 10-G (Rev. 1) (2021) [Back]

Ukraine: Russia-Ukraine War and Nuclear Energy