Security of Nuclear Facilities and Material

(Updated August 2020)

  • Security at nuclear facilities is a joint responsibility of national governments and the operators.   
  • To date, no operating civil nuclear facility has been attacked by an armed group.  
  • To date, no cyber-attack on a nuclear reactor’s information and control system has compromised safety.  

Nuclear security relates to the prevention and detection of, and response to, theft, sabotage, unauthorised access and illegal transfer or other malicious acts involving nuclear material and other radioactive substances and their associated facilities. As a function, nuclear security is distinct from the safeguards to prevent the proliferation of atomic weapons technology. Ensuring the security of civil nuclear facilities and the fuel cycle is the responsibility of the operator of the facility and the government, including the police and security agencies.  

Although safety and security are treated separately, if a facility or a radioactive source is not secure, it could pose a potential hazard and, thus, is not safe. Over the past two decades, there has been a shift of attention from ensuring that nuclear materials are not diverted from peaceful uses, towards protecting plants from armed assault and cyber-attacks.  

Convention on the Physical Protection of Nuclear Material

During the 1970s, the peace movement began to campaign against nuclear energy by linking it to the production of plutonium, and thus, tendentiously, to the possession of nuclear weapons. Site occupations prevented the construction of the proposed Wyhl nuclear power plant (Germany) and the proposed Plogoff nuclear power plant (France), as well as attempted to prevent the construction of a waste repository at Gorleben in Germany. On the other side of the world, unfounded rumours that nuclear waste would be dumped in the oceans spurred the formation of the Nuclear Free Pacific Movement in 1975. Protests against civil nuclear shipping took place in parallel with attempts to stop nuclear weapons testing from 1971 onwards by Greenpeace and Peace Squadron vessels. In addition to direct action at sea, activist groups attempted to block the arrival of used nuclear fuel for reprocessing at La Hague, France, in 1979.  

Such attempts to interfere with shipments resulted in growing government concerns over the possible sabotage or theft of materials in transit. This led to the adoption of the Convention on the Physical Protection of Nuclear Material (CPPNM) in 1979. The CPPNM, which entered into force in 1987, was the first international treaty to deal with nuclear security.  

The CPPNM originally covered nuclear material during international transport, and obliged countries that signed the convention to cooperate with each other and with the International Atomic Energy Agency (IAEA) in:  

  • Protecting nuclear material in transit. 
  • Returning stolen material to the country of origin.  
  • Protecting the confidentiality of information they communicated to one another and to the IAEA.  

The CPPNM was amended in 2005 (it came into force in 2016), and the amendment made it legally binding for governments to protect nuclear facilities and material being used for peaceful purposes, both at facilities, in storage, and during transport. It also provided for expanded cooperation between countries regarding rapid measures to locate and recover stolen or smuggled nuclear material, and to mitigate any radiological consequences of sabotage.  

The threat from terrorism

Following the ‘9/11’ attacks in New York and Washington on 11 September 2001, governments revisited nuclear security and put more emphasis on terrorism. In 2002 the Group of Eight (G8) industrial countries expanded their cooperation to launch the Global Partnership Against the Spread of Weapons and Materials of Mass Destruction to “prevent terrorists, or those that harbour them, from acquiring or developing nuclear, chemical, radiological and biological weapons; missiles; and related materials, equipment and technology.”1 This global partnership would later on grow and now has 31 members. Additionally, in 2004 the United Nations Security Council approved Resolution 15402 obliging every state to adopt and enforce laws to stop non-state actors from obtaining weapons of mass destruction, including nuclear weapons.  

The potential threat of nuclear terrorism also sparked another dimension to the debate within civil society over the risks posed by nuclear technology. In 2004 Graham Allison of the Belfer Center for Science and International Affairs at Harvard University published Nuclear Terrorism: The Ultimate Preventable Catastrophe, in which he advocated a ‘Three Nos’ strategy to deny access to nuclear weapons technology and material: ‘No loose nukes’; ‘No new nascent nukes’; and ‘No new nuclear states’. Several non-governmental and academic organisations dedicated to raising the political profile of such threats were founded or began programmes examining the security of nuclear materials at power plants, hospitals and research institutions. The Nuclear Threat Initiative (NTI), for example, was founded in early 2001 to “protect our lives, livelihoods, environment and quality of life now and for future generations from the growing risk of catastrophic attacks from weapons of mass destruction and disruption.” The Fissile Materials Working Group was set up in 2009 as an international coalition of NGOs to advocate improved security of fissile materials.  

The NTI and the FMWG were instrumental in shaping the agenda of four Nuclear Security Summits, which were held between 2010 and 2016 on the initiative of US President Barack Obama (see later section).  

Furthermore, the 9/11 attacks prompted the International Atomic Energy Agency’s (IAEA’s) General Conference to review its programmes relevant to preventing acts of terrorism involving radioactive material. The first Nuclear Security Plan (for 2002-2005) was prepared and a series of publications on nuclear security was developed, along similar lines to the existing nuclear safety guidelines. In 2012, the Nuclear Security Guidance Committee was established to engage with member state governments in preparing nuclear security guidance.   

The threat from terrorism influenced the definition of security adopted by the IAEA, which argues:  

Vulnerabilities at nuclear facilities can make them susceptible to malicious acts and create opportunities for terrorists or criminal groups. The objective of physical protection is, therefore, to prevent access to, or control over, the nuclear facility or nuclear material through the use of protective measures, technical means and/or the use of guards and response forces.3

Protective measures include physical barriers, (e.g. walls, fences and gates), controlled and restricted access to identified locations within the facility, and categories of identification badging for personnel. A number of technical controls also exist, such as radiation detection portals, surveillance cameras, X-ray scanners for detecting hidden weapons or explosives,; and interior and exterior intrusion detection sensors. The numbers and capabilities of security personnel must also be appropriate to the level of threat, as assessed by the government.  

The nuclear industry has largely been free from violent attacks, with the only cases having taken place in the 1970s and early 1980s. These incidents were directed at nuclear plants that were under construction, as a way of trying to halt the construction of the reactors. Examples include:  

  • Leftist guerrillas briefly occupied the Atucha construction site in Argentina in 1973.
  • The Basque separatist group ETA set off bombs and fired shots at the Lemóniz nuclear power plant in Spain while it was under construction on three occasions between 1977 and 1979, killing three workers, and also assassinated the project’s chief engineer José María Ryan Estrada and his replacement Ángel Pascual Mújica in 1981 and 1982 respectively.  
  • Four small bombs planted by an anti-apartheid sympathiser working at the Koeberg nuclear power plant in South Africa during its construction were detonated in 1982, without causing loss of life or injury.  
  • Rocket-propelled grenades were fired by associates of the Red Army Faction at the Superphenix fast reactor in France in 1982, while it was under construction, causing minor damage.  

Chemicals have been used in terrorist attacks but so far there has never been a case where radiological material has been employed. To date, no operating civil nuclear facility has been attacked by an armed group.  

Tension between Azerbaijan and Armenia led to an Azerbaijani official in July 2020 threatening the security of the Metsamor plant.

Sabotage at nuclear facilities

Sabotage by insiders at nuclear facilities has occurred, but is extremely rare. Any such incidents are reported to the nuclear safety regulator. There have been no reports of sabotage at US nuclear power plants since 2004 and the UK Office for Nuclear Regulation has never received a report concerning acts of theft or sabotage of nuclear material.   

A number of different measures are in place to prevent sabotage, with safety critical systems being protected in many ways. One such measure is the ‘two-person rule’, which requires that two operators are responsible for an activity.  

The threats from cyberspace

‘Cyberspace’ describes the domain of distributed and self-regulating computing, digital data storage and digitally encrypted telecommunication. The massive advances in information and communication technology (ICT) over recent decades have been called variously the Digital, Information, or Fourth Technological Revolution. Digitalization is facilitating machine-learning, robotics and predictive analytics. It is revolutionizing manufacturing, plant operation and equipment servicing, not to mention energy distribution and household tasks.  

The civil nuclear industry relies on ICT systems for a host of functions, just like any other industry does. The 3-D models of nuclear facilities offer a wealth of detail on the make-up of structures, systems and components (SSCs) and their performance. Building information modelling allows the owner of a facility to assemble all the characteristics and information about it in one secure digital format. Additive manufacturing techniques permit users of relatively simple extrusion or jetting devices to use 3-D digital models to create shapes by building up fine layers of self-bonding material (such as metal powders, plastics, or ceramics). The techniques can be applied to small components or even used to build large structures. The storage of vast amounts of information has been made easier by cloud computing.  

The opening up of cyberspace has created additional security challenges. Yukiya Amano, former director general of the International Atomic Energy Agency, stated in 2018:  

Digital systems promise higher reliability, more functionality, better plant performance, additional diagnostic capabilities and many other advantages. But, of course, new digital systems also bring new challenges, including those related to nuclear safety and security.4 

Cyber-attacks have succeeded in compromising the safety systems in the petrochemical sector and the threat to industrial control systems/safety systems continues to increase. The threat to nuclear installations cannot be excluded – a data breach involving sensitive commercial or nuclear information could cause significant reputational damage or loss of regulatory and public confidence.  

Concerns that plant personnel could be subverted by extremist ideas and provide insider support in facilitating cyber-attacks have grown. These concerns have probably arisen as a result of cases where confidential information has been stolen by hackers and whistle- blowers, which demonstrated the vulnerability of computer systems to unauthorised intrusion and data theft. Cyber-attacks on nuclear facilities have originated from state and non-state actors. In December 2014 a group calling itself ‘Who am I = No nuclear power’ hacked Korea Hydro and Nuclear Power (KHNP) and stole employee information and non-sensitive technical data and demanded a ransom payment. Malware was discovered in systems used to manage administrative activities at the Kudankulam nuclear power plant in India in September 2019. The malware has been linked to the so-called Lazarus Group, operating apparently from North Korea.  

While ICT systems have potential vulnerabilities it is equally important to recognise their security benefits as well. Encryption is an embedded feature of digital data storage and transmission, and the information content is better protected than it ever was before.  

Despite its relative novelty, cyberspace is subject to law and regulation at national and international levels. The Council of Europe Convention on Cybercrime (2004), known as the Budapest Convention, and the International Code of Conduct for Information Security (2015) are the two main legal instruments so far devised, although each is backed by a distinct group of countries. The instruments seek to facilitate inter-governmental cooperation in safeguarding digital information and combatting the misuse of data and networks.  

Nuclear Security Summits

Four Nuclear Security Summits were held at the invitation of the USA, South Korea and Netherlands in Washington, DC (2010 and 2016), Seoul (2012) and The Hague (2014). Alongside these inter-governmental meetings, the nuclear industry held four Nuclear Industry Summits as official side events.  

At the final 2016 summit, the participants to the Nuclear Industry Summit issued a statement pledging to further enhance nuclear security along the following directions:  

  • The securing of all nuclear and radiological materials in industrial facilities and applications. 
  • The conversion of applications using highly-active radiological sources to alternatives where technically and economically feasible. 
  • The minimization of stocks of nuclear and radiological material requiring special precautions where technically and economically feasible. 
  • The continual improvement of nuclear security practices. 
  • The exchange of nuclear security non-sensitive relevant best practice and discussion of emerging security challenges. 
  • The promotion of a culture of safety and security among management and personnel.  
  • The improvement of cybersecurity.  
  • The provision of appropriate information, where permitted, to the public and stakeholders on the effectiveness of security in the civil nuclear industry.  

Design Basis Threat

Designing physical protection systems for nuclear material and facilities requires an understanding of the threats a state must protect itself against. These threat assessments address questions such as ‘who’ and ‘why’, as well as the capabilities, tactics and support considerations associated with the threat. Such a description is referred to as the design basis threat (DBT). It describes the threat scenarios against which a licensed facility must be able to protect itself against. An appropriately designed protection system reflects the DBT, which is drawn up and mandated by the government. It is the equivalent of a similar system used to define the level of safety required at a nuclear facility, known as the design basis accident (DBA).  

The DBT provides the context for the licensed operator of a nuclear facility to undertake its own risk assessment. The aim of the exercise is to encourage an operator to evaluate its capacity to mitigate the risk arising from a set of plausible scenarios set out in the DBT. It is then the responsibility of the operator not only to ensure that its internal capability is sufficiently robust, but also that it can obtain additional assistance for any security threat that it is unable manage on its own. In the event of an armed attack on a nuclear plant or transport operation, for example, the operator should expect to receive rapid assistance from the police, gendarmerie or military. It would fall to the police to arrest the perpetrators of an attack, or in advance if this is possible through prior intelligence. This means that the nuclear facility and the security authorities must work together closely in the risk assessment and mitigation exercise as it effects a nuclear facility.

There is an analogous process in relation to the handling of nuclear safety risks. The nuclear facility is required to have sufficient safety systems and technical redundancy to deal with design basis accidents and to have cooperative arrangements available in the event of a beyond design basis accident. For example, nuclear power plants cooperate to share emergency equipment at regional response centres for rapid deployment. Local authorities and technical support organisations have stand-by arrangements to provide assistance, if required. A nuclear operator is not expected to manage all aspects of a major beyond design basis radiological incident that would trigger the implementation of a local emergency plan.  

The division of responsibilities for dealing with threats is illustrated in the figure.

Roles and responsibilities for protecting against threats5 

The operator should be permitted a degree of discretion over the form of physical protection measures required to account for information confidentiality, human reliability and trustworthiness, and engendering a security culture. In this case, a balanced regulatory approach comprising prescriptive and performance-based requirements can be the optimal solution. However, a mixed approach is only suitable when the operator possesses sufficient knowledge, skills and experience. It also depends on maintaining good communication between the operator and the police and security services, for example, in selecting routings for the transport of nuclear materials, which relies on local knowledge of the route that the operator may not be aware of.  

On the other hand, making sure that no-fly zones are respected by aircraft (of all sizes) is a matter for the state. A guard force with the capability to shoot down a manned or unmanned aircraft would need to be licensed to do so. In many countries only the state has the authority to use this level of potentially lethal force. Even where private guard forces are licensed to employ force, there are practical constraints as a result of the potential for civil litigation. Civil and human rights must be respected and there is a danger that private security forces may not be regarded as legitimate guardians by local communities living around the facility, especially if guards undertake patrols beyond the site boundary.  

Thus, from the point of view of an operator, physical protection of a facility or of materials during transportation aims at preventing any harm to people and the environment during an incident and the use of force should be limited to that necessary for self-defence. The objective is to prevent, detect and respond to an assault, and not necessarily to defeat a potential adversary without state support.  

The state therefore has an important role. As already pointed out, if a nuclear facility is not secure then it poses a safety risk, and the government will be ultimately held accountable by the public if anything goes wrong. It is the state’s obligation to prevent nuclear facilities and radioactive materials from being misappropriated and to define the competencies of the regulatory bodies assigned to supervise the nuclear industry. Striking the right balance is not easy, necessitating good communication between the operator, regulatory bodies and security services but from the government side there must also be understanding of the commercial situation that the enterprise is working within.  

Security training and culture

Another important part of security at nuclear facilities is the presence of a security-conscious and conscientious workforce, as well as an engaged and supportive community as its neighbour. The management should also serve as an example of safe and secure behaviour. Nuclear safety and security must be coordinated from the very start of any nuclear project and a culture for nuclear safety and security should be developed, established and fostered in the organisation. 


Notes & references

References 

1. The G8 Global Partnership Against the Spread of Weapons and Materials of Mass Destruction, Statement by G8 Leaders, Kananaskis, Canada (27 June 2002) [Back]
2. Resolution 1540 (2004), United Nations Security Council (28 April 2004) [Back]
3. IAEA Nuclear Security: Achievements 2002-2012, International Atomic Energy Agency (May 2013) [Back]
4. Director General's Statement at INDEX Conference on Nuclear Digital Experience, International Atomic Energy Agency (26 June 2018) [Back]
5. Adapted from Figure 2, IAEA Nuclear Security Series No. 10, Implementing Guide, Development, Use and Maintenance of the Design Basis Threat, International Atomic Energy Agency, (May 2009) [Back]


Share


You may also be interested in