Chapter 67: Nuclear Security Infrastructure

Nuclear security infrastructure is critical to protecting people, society, and environment from any hostile consequence that may arise from a nuclear security threat.  While the responsibility for nuclear security rests entirely with each country, the International Atomic Energy Agency (IAEA) offers specific technical missions to the Member Countries in the area of border monitoring to define their authorities and high-priority tasks aimed at enhancing national nuclear security infrastructure in the areas of detection and response.

The intent of criminals or terrorists acquiring and using nuclear related material or information for malicious purposes is broadly defined as a nuclear threat.   Potential nuclear security threats are classified into the following three categories:

1.     Nuclear Explosive Device:

  • Theft of nuclear weapon; and
  • Theft of material to make a nuclear explosive device like uranium, plutonium and thorium in different forms; radioactive sources; Radioactive contaminated materials, etc.

2.     Radiological Dispersal Device (RDD):

  • Theft of radioactive material/source; and
  • Use of radioactive material out of regulatory control.

3.      Sabotage:

  • Sabotage of a facility or transport to cause dispersal of radioactivity.

There are two ways sabotage may lead to undesired consequences:

  • Directly:
    • Adversary applies energy directly to nuclear/radioactive material to cause dispersal;
    • Adversary must gain access to where material is located; and
    • Example: explosive or incendiary device used to disperse material.
  • Indirectly:
    • Adversary uses energy present in material or system to cause dispersal;
    • Requires initiating process upset and disabling mitigation systems; and
    • Example: disabling primary cooling system and backup cooling capability allowing material to overheat (LOCA).

Examples of undesired consequences include: Loss of Life/Severe Injury: Nuclear detonation, Radiation exposure, Radioactive material inhalation/ingestion; Environmental Damage / Relocation: Radioactive contamination; Political Upheaval: Loss of public confidence; and Economic Loss: Costs from damage to persons, property, infrastructure and/or environment.

The following represents the types of nuclear security threats:

1.     External Threat:

  • Terrorists;
  • Protestors:
    • Demonstrators;
    • Activists; and
    • Extremists.
    • Criminals

2.     Internal Threat:

  • Insider is anyone with authorized, unescorted access who could:
    • act alone or in collusion with external threat:
      • May be passive or active; and
      • May be violent or nonviolent.

Here is a graph, illustrating the configuration of a nuclear security infrastructure: Slide1

1.      A NATIONAL THREAT ASSESSMENT:

The State should undertake a national threat assessment that will support key decisions in relation to the design of its national nuclear security infrastructure and implementation of necessary systems and measures, including for its nuclear power programme.  The threats that need to be assessed are threats to nuclear material and other radioactive material, nuclear facilities, associated facilities and associated activities as well as acts involving nuclear or other radioactive material out of regulatory control.  The State should ensure that the national authorities responsible for the national threat assessment use a suitable threat analysis methodology.

A State’s nuclear security measures should be based on the State’s current evaluation of the threat (the national threat assessment).

The State should keep its national threat assessment under continuous review, and update it periodically and/or as the need arises based on new threat information. 

The methodology for developing the national threat assessment is divided into the following three phases:

1.1  Phase 1: Considerations before a decision to launch a nuclear power programme is taken:

  • Action 1:  The State should designate a competent authority (referred to as the ‘responsible competent authority’) to undertake, in cooperation and collaboration with other relevant competent authorities, a national threat assessment as a key part of the design and development of the State’s national nuclear security infrastructure; and
  • Action 2:  The State should ensure that the responsible competent authority has:
    • Access to, and experience with, threat analysis methodology, as well as access to relevant information to assess and analyse as part of the national threat assessment;
    • The capability, resources and authority to undertake the national threat assessment; and
    • Access to appropriate information and is authorized to obtain assistance of other competent authorities for the development of the national threat assessment.

1.2      Phase 2: Preparatory work for the construction of a nuclear power plant after a policy decision is taken:

  • Action 1:  The responsible competent authority should consult widely to help it identify threats to be considered in the national threat assessment and apply a risk informed approach to considering them; and
  • Action 2:  The responsible competent authority should develop the national threat assessment. This should include the full range of threats and cover the maximum threat capabilities affecting:
    • Nuclear material and nuclear facilities;
    • Radioactive material and associated facilities and activities; and
    • Other critical infrastructure and social and political institutions that may be adversely affected by criminal or terrorist acts involving the use of nuclear or other radioactive material out of regulatory control.

1.3        Phase 3: Activities to implement the first nuclear power plant:

  • Action 1:   The responsible competent authority should ensure regular review of the national threat assessment and any necessary updating of the nuclear security infrastructure.

2.     A DESIGN BASIS THREAT (DBT) OR THREAT ASSESSMENT FOR DESIGN OF NUCLEAR SECURITY MEASURES:

The responsible competent authority, using credible information sources, should define the threat and associated capabilities in the form of a DBT or threat assessment.   A DBT should be developed for unauthorized removal of category I nuclear material and sabotage of nuclear material and nuclear facilities that have potentially high radiological consequences, such as a nuclear power plant.

In relation to other nuclear facilities and other radioactive material, associated facilities and associated activities, the State should decide whether to use a threat assessment or DBT.

The design and implementation of nuclear security systems and measures should be based on the DBT, or the threat assessment, and undertaken by the operator.

A DBT should include all attributes and characteristics of potential insider and/or external adversaries, who might attempt an act of unauthorized removal or sabotage against which a nuclear security system is designed and evaluated and that an operator, is expected to be able to counter.

The methodology for threat assessment is divided into the following two phases:

2.1               Phase 1: Preparatory work for the construction of a nuclear power plant after a policy decision has been taken:

  • Action 1:  The State should assign a competent authority (referred to as the responsible competent authority) to determine whether a DBT, or an alternative threat based approach resulting in a threat assessment, is required for the nuclear material, nuclear facilities, other radioactive material, associated facilities, and associated activities;
  • Action 2:  The responsible competent authority should ensure that any threat based approach that is chosen for a threat assessment is appropriate and the decision is fully documented;
  • Action 3:  The responsible competent authority for the DBT should:
    • Coordinate the process for development of the DBT and document the assumptions and decisions made in relation to the DBT;
    • Following the development of the DBT, determine the respective responsibilities of the State and the operator for nuclear security measures;
    • Verify whether the existing regulatory framework is adequate for enabling relevant competent authorities to play their role in nuclear security and response to nuclear security events;
    • Disseminate the DBT or aspects of it to those responsible for providing nuclear security measures, and to those involved in DBT development and review and its use in the authorization and approval process;
    • Promulgate, apply and verify the appropriate security measures to protect the confidentiality and integrity of information provided for and contained in the DBT;
    • Determine how often the DBT should be reviewed and updated and define the process for such review and update, including consideration of appropriate trigger points;
    • Coordinate with other competent authorities to ensure that the need to update the DBT is confirmed and acted upon; and
    • Assess whether any review of the DBT has resulted in the need to revise and update the nuclear security systems and measures, and inform the operator accordingly.
  • Action 4:  If applicable, operators should contribute the following information to assist in the development of the DBT:
    • Feedback on the potential impact of the DBT and its potential use as a basis for implementing nuclear security measures; and
    • Supporting information regarding any concerns about insider threat and any other events that may have nuclear security implications.
  • Action 5:  Other competent authorities such as national and local police, armed forces, border control and customs authorities should also be consulted in the development process of the DBT. Each competent authority should:
    • Develop a list of threats to be considered in the development of the DBT; and
    • Provide feedback to the State authority developing the DBT on the financial and operational impact of potential decisions and actions that may need to be taken in relation to the DBT under development.
  • Action 6:   The State should take action to ensure that risk management measures that are beyond the DBT and are the responsibility of the State are appropriately identified and action is taken by the State to manage these measures.
  • Action 7:   In circumstances where an alternative threat based methodology is foreseen, the responsible competent authorities should:
    • Coordinate the process for development of the threat assessment and document the assumptions made, vulnerabilities considered, consequences identified and decisions made in relation to the threat assessment;
    • Gain agreement for the threat assessment from other competent authorities and relevant State organizations;
    • Verify whether the existing regulatory framework is adequate for enabling relevant State bodies to play their role in nuclear security and response to nuclear security events;
    • Disseminate the threat assessment or aspects of it to those responsible for providing nuclear security measures, and to those involved in threat assessment development and review and its use in the authorization and approval process;
    • Promulgate, apply and verify the appropriate security measures to protect the confidentiality and integrity of information provided for and contained in the threat assessment;
    • Determine how often the threat assessment should be reviewed and updated and define the process for such review and update, including consideration of appropriate trigger points; and
    • Assess whether any review of the threat assessment has resulted in the need to revise and update the nuclear security systems and measures, and inform the operator accordingly.
  • Action 8:   For the development of the threat assessment based on alternative methodology, the operators should contribute the following information to assist in the development of the threat assessment:
    • Feedback on the potential impact of the threat assessment and its potential use as a basis for implementing nuclear security measures; and
    • Supporting information regarding any concerns about insider threat and any other incidents that may have nuclear security implications.
  • Action 9:   Other competent authorities such as national and local police, armed forces, border control, and customs authorities should also be involved and consulted in the process to develop the threat assessment. Each competent authority should:
    • Develop a list of threats to be considered in the development of the threat assessment; and
    • Provide feedback to the competent authority developing the threat assessment on the financial and operational impact of potential decisions and actions that may need to be taken in relation to the threat assessment under development.

2.2       Phase 2: Activities to implement the first nuclear power plant:

  • Action 1:   Based on the DBT, the operator should develop and implement the necessary systems, measures and procedures to protect against the DBT including those relating to security systems, nuclear material control system, contingency plans and transport;
  • Action 2:  Based on the threat assessment, the operators should develop and implement the necessary systems, measures and procedures to protect against the threat(s) identified by the threat assessment including those relating to security systems, emergency preparedness, and transport;
  • Action 3:   The State should ensure the review of the DBT for updating the design of nuclear security systems and measures, as appropriate; and
  • Action 4:   The State should ensure the review of the threat assessment for updating the design of nuclear security systems and measures, as appropriate.

3.     MANAGEMENT SYSTEM FOR NUCLEAR SECURITY:

General aspects of the management system include:

  • The management system of each competent authority and operator should establish objectives and policies for nuclear security as part of an integrated management system;
  • The management system should be consistent with the goals of the organization in relation to nuclear security and should contribute to the achievement of those goals.
  • The management system should integrate a number of other key elements, including:
    • Protection of the confidentiality and integrity of sensitive information;
    • Human resource development; and
    • Assessment of the trustworthiness of personnel.
  • The management system also has a key role to play in the support of a strong nuclear security culture by:
    • Ensuring a common understanding of the key aspects of security within the organization;
    • Providing the means by which the organization supports individuals and teams in carrying out their tasks successfully, taking into account the interaction between individuals, technology, and the organization;
    • Reinforcing a learning and questioning attitude at all levels of the organization;
    • Providing the means by which the organization continually seeks to develop and improve its nuclear security culture; and
    • Reinforcing the safety–security interface.

The methodology for building management systems is divided into the following two phases:

3.1        Phase 1: Preparatory work for the construction of a nuclear power plant after a policy decision is taken:

  • Action 1:   Each organization that has a role in nuclear security should put in place a management system that encompasses policies and objectives that integrate nuclear security within the overall management system;
  • Action 2:   The documentation of the management system in relation to its coverage of nuclear security should include as appropriate the following:
    • The policy statements of the organization in relation to nuclear security;
    • A description of the management system for nuclear security;
    • A description of the structure of the organization for managing nuclear security;
    • Documented delegation of responsibility from the senior management of the operator to the appropriate manager or supervisor with day-to-day responsibility for implementing aspects of nuclear security, including those conditions and qualifications contained in any authorization issued by relevant competent authorities;
    • A description of the functional responsibilities, accountabilities, levels of authority, and interactions of those managing, performing and assessing work related to nuclear security; and
    • A description of the processes and supporting information that explain how the work related to nuclear security is prepared, reviewed, kept up to date, carried out, recorded, assessed, and improved.
  • Action 3:   The documents that describe the management system should be available for use taking into consideration appropriate security classification of the information contained;
  • Action 4:  The documentation of the management system should reflect:
    • Coordination, within the management system of the operator and between the operator and the competent authorities and other bodies needed to support the operator in meeting its nuclear security obligations;
    • The characteristics of the organization and its activities in relation to nuclear security; and
    • The processes carried out by the organization and their interactions in relation to nuclear security.
  • Action 5:   Management and staff at all levels should demonstrate their commitment to nuclear security policies and objectives and adequate resources should be allocated to achieve this. Senior managers should act as role models to ensure the promulgation of nuclear security culture, including in particular the need to protect the confidentiality and integrity of sensitive information through the implementation of the management system.

3.2       Phase 2: Activities to implement the first nuclear power plant:

  • Action 1:   Each applicant or operator should demonstrate as part of an application for authorization or approval that it has in place an integrated management system that takes account of its responsibilities in relation to nuclear security; and
  • Action 2:   There should be a system for monitoring, assessing, and improving the performance of the integrated management system.

4.     PROTECTION OF SENSITIVE INFORMATION AND ASSOCIATED SYSTEMS:

An effective national nuclear security infrastructure needs appropriate identification, classification, protection and management of sensitive information in all forms, covering all of the phases of the lifecycle of information: creation; use; storage; and destruction.

The system for protecting sensitive information may be based on the overall information classification system that the State has in place for information that has national security implications. An appropriate legal and regulatory framework to afford appropriate protection, including specification of the period for which the information should be protected following its creation, should underpin protection of sensitive information that relates to nuclear security.

The State should establish a national policy for protecting sensitive information systems, including computer systems, and other means to store, manage, or transmit sensitive information or are critical for the secure operation of the facilities as well as the secure management of nuclear and other radioactive material in use, storage, and during transport.

The competent authorities should take measures to ensure appropriate protection of sensitive information the disclosure of which could compromise nuclear security. The nature of the information to be protected and the level of protection should be specified in the State’s policy on sensitive information.

The regulatory authority should promulgate its requirements on the protection of sensitive information to operators and require operators to ensure that all related parties that hold sensitive information are contractually required to protect sensitive information as defined in the regulatory requirements.

The methodology for protecting sensitive information is divided into the following two phases:

4.1       Phase 1: Considerations before a decision to launch a nuclear power programme:

  • Action 1:   The State should define its national policy on sensitive nuclear security information based on need to know, graded approach, and defence in depth principles. The policy should include:
    • Definition of the information to be protected;
    • Assignment of clear responsibilities for ensuring protection of sensitive information;
    • Classification of the information, including the level to which the information should be protected;
    • Measures for handling information including the manner in which it should be stored, transmitted, or destroyed;
    • Assignment of responsibilities for each of the competent authorities in relation to information protection;
    • Identification of other measures necessary to protect sensitive information, such as protection of electronic data;
    • Conditions and arrangements for the sharing of sensitive information and for assisting law enforcement and prosecutorial bodies;
    • Detailed procedures, formats and protocols in relation to how information, including information on detection and response systems and measures, will be shared with other States, particularly neighbouring States and relevant international organizations; and
    • Establishment of an offence or offences and penalties in relation to the unauthorized disclosure of sensitive information.

4.2       Phase 2: Preparatory work for the construction of a nuclear power plant after a policy decision is taken:

  • Action 1:   The State should assign responsibilities to the appropriate competent authorities for the protection of sensitive nuclear security information and the protection of computer systems, networks, and other digital systems that store sensitive information or are critical for the secure operation of the nuclear or other radioactive material facilities (sensitive information systems);
  • Action 2:   The competent authorities should define appropriate requirements for protecting sensitive nuclear security information and sensitive information systems;
  • Action 3:   The regulatory authority should promulgate requirements that an operator should demonstrate to the satisfaction of the regulatory authority that it complies with the regulatory requirements related to the protection of sensitive information and sensitive information systems. This should include its contractual arrangements with vendors and contractors;
  • Action 4:   Each competent authority should establish and implement policy and procedures for the protection of sensitive information and sensitive information systems, including policy and procedure for the appropriate sharing of information with other relevant agencies both nationally and internationally;
  • Action 5:   Each competent authority should ensure that relevant personnel are trained in procedures for protection of sensitive information and sensitive information systems;
  • Action 6:  Each operator should implement relevant policies for the protection of sensitive information and sensitive information systems, including procedures for the transmission of information to the regulatory authority and the competent authority for transport in relation to the nuclear security systems and measures of the operator and impose these requirements on vendors and contractors through appropriate arrangements; and
  • Action 7:   Each operator should ensure that relevant personnel are trained in procedures for protection of sensitive information and sensitive information systems, and impose these requirements on vendors and contractors through appropriate arrangements.

5.     TRUSTWORTHINESS OF PERSONNEL:

Taking into consideration State laws, regulations or policies regarding employment rights and job requirements, a formal process should be used to demonstrate the trustworthiness of personnel involved in nuclear security infrastructure, to the appropriate levels, for their roles. This formal process should serve to assist in reducing the risk of authorized personnel engaging in illegal activities, for example becoming insider threats.

The methodology for ensuring trustworthiness of personnel is divided into the following two phases:

5.1       Phase 2: Preparatory work for the construction of a nuclear power plant after a policy decision is taken:

  • Action 1:  Competent authorities should establish policies and procedures, consistent with national laws, requiring personnel having specified responsibilities relevant to nuclear and other radioactive material and associated facilities and associated activities, to:
    • Be subject to appropriate trustworthiness checks; and
    • Have as a condition of employment that a positive ‘trustworthiness check’ is obtained and maintained.

5.2       Phase 2: Activities to implement the first nuclear power plant:

  • Action 1:   In implementing a trustworthiness policy, the competent authorities should ensure that processes are in place to determine the trustworthiness of persons with authorized access to nuclear and other radioactive material, associated facilities and associated activities, and sensitive information and sensitive information systems; and
  • Action 2:   The competent authorities should adopt measures and procedures to ensure that the trustworthiness of personnel is regularly reviewed and revalidated.

6.     HUMAN RESOURCES FOR NUCLEAR SECURITY:

Each competent authority and organization with a role in nuclear security should properly address human resources. An assessment of the State’s education and training needs in relation to nuclear security should be conducted as part of its initial set of tasks during the establishment of the national policy and strategy that is discussed in detail in Section 2. Cooperation with other States and international organizations should be pursued to provide insights into the competences and human resources necessary for implementing the national nuclear security infrastructure as part of a nuclear power programme.

The assessment process for education and training needs for nuclear security should include examination of the current capabilities of existing academic facilities and research and development centres as well as technical training institutions to provide training in areas of technical, legal, and policy expertise related to nuclear security that will be required for the authorization, approval, operation and oversight of the national nuclear security infrastructure for the nuclear power programme.

On the basis of the assessment of the education and training needs for nuclear security, a comprehensive plan for either upgrading existing training institutions or building new training institutions should be developed during the development of the national policy and strategy. Possibilities for collaboration in human resources development for nuclear security, for example with potential vendor States and other States in which nuclear power plants are operated, should be explored at an early stage.

Experience shows that, before education and training curricula are put in place, it could be useful to use opportunities for education in institutions in other States, to send nuclear security trainees abroad, and to hire nuclear security specialists from other States to provide academic and practical education and training, so as to start developing human resources from Phase 1 onwards. When hiring general security staff, additional training in nuclear security should be considered.

Due consideration should be given to securing local resources skilled in nuclear security, since the loss of trained human capital may jeopardize the effectiveness and sustainability of the nuclear security infrastructure. In the light of the experience of developing States, a strategy to attract and retain within the State high quality nuclear security staff should be developed as part of the national policy and strategy developed by the coordinating mechanism.

Human resource development in nuclear security will vary depending on the extent to which a State develops its indigenous capabilities in nuclear security immediately or relies initially on capabilities supplied by vendor or other States.

Indigenous capability in nuclear security should be established and developed in the long term, to ensure the sustainability of the national nuclear security infrastructure and the effectiveness of nuclear security systems and measures put in place by operators. A State should develop its own training and education capability to ensure the long term availability of key human resources in the nuclear security area. Other possible solutions are regional training centres and nuclear security networks to enhance national capacity building and to contribute to sustaining the global nuclear security framework. In addition, States should ensure that they have measures in place for the coordination of training activities among relevant competent authorities including possible cooperation with competent authorities in other States.

The methodology for human resource development is divided into the following three phases:

6.1       Phase 1: Considerations before a decision to launch a nuclear power programme:

  • Action 1:   The State should, in conjunction with the relevant competent authorities, assess the full range of nuclear security related disciplines required for the national nuclear security infrastructure;
  • Action 2:   The State should assess the availability of those nuclear security related disciplines within the State;
  • Action 3:   The State should assess the educational capabilities within the State for these nuclear security related disciplines or consider the extent to which it can rely on external sources as a supply of resources for particular disciplines;
  • Action 4:   The competent authorities should identify specialized training needs for existing nuclear security personnel or other security personnel within the State;
  • Action 5:   The competent authorities should develop plans to train or hire the human resources necessary for the nuclear security infrastructure of the State;
  • Action 6:   The competent authorities should consider national training institutions in other States and relevant international organizations that could provide education and training in key areas related to nuclear security;
  • Action 7:   The competent authorities should consider their strategy for attracting, training and retaining an adequate number of experts to meet the needs of all organizations involved in the nuclear security infrastructure for a prospective nuclear power programme; and
  • Action 8:   The competent authorities should consider establishing competences and a system of qualification and accreditation for nuclear security personnel.

6.2       Phase 2: Preparatory work for the construction of a nuclear power plant after a policy decision is taken:

  • Action 1:   All competent authorities should actively recruit staff to ensure that there is sufficient capacity in all areas relevant to nuclear security in a timely manner;
  • Action 2:   All organizations involved in nuclear security should commence the relevant education and training with the appropriate institutions;
  • Action 3:   Competent authorities should use experts from other States where necessary to augment the nuclear security training programme;
  • Action 4:  The State should discuss with other State counterparts and international organizations the feasibility of establishing regional training centres for nuclear security personnel; and
  • Action 5:   The State should implement measures for coordination of training activities among relevant competent authorities including possible cooperation with competent authorities in other States.

6.3       Phase 3: Activities to implement the first nuclear power plant Action: The State, in conjunction with competent authorities and the operator, should plan how it will continue to maintain the supply of appropriately trained human resources in nuclear security over the life of the nuclear power programme:

  • Action 1:   All competent authorities and operators involved in nuclear security should ensure the continued availability of sufficient competent human resources for the efficient and effective implementation of measures necessary for the national nuclear security infrastructure throughout the stages of development of the programme; and
  • Action 2:   All competent authorities and operators should prepare and implement a human resource management programme that should include staffing, qualification, and training and succession management for nuclear security purposes.

7.     PROMOTION OF A SECURITY CULTURE:

Nuclear security culture has to be effective at three levels. The first is the national nuclear security policy that the State decides to put into practice; the second is each organization that has a role in putting the national security policy into effect; and the third is the management and individuals in each organization that should put nuclear security policies into effect.

Nuclear security culture is the assembly of characteristics, attitudes and behaviour of individuals, organizations, and institutions that serves as a means to support and enhance nuclear security. It is essential that nuclear security culture is embedded within all organizations involved in nuclear security. When such a culture is successfully embedded, staff at all levels within an organization understand and appreciate the need to maintain a high level of nuclear security.

The effectiveness of the nuclear security infrastructure is dependent on the actions of individuals as well as the way in which they collectively influence nuclear security. Nuclear security culture plays a key role in ensuring that individuals, organizations and institutions remain vigilant and that sustained measures are taken to counter threats.

Sound nuclear security culture needs:

  • Clear policy and legislation that emphasizes the importance of nuclear security;
  • Institutions, including competent authorities and operators, with clear mandates, roles and responsibilities in relation to nuclear security;
  • Leaders and managers who model behaviour that emphasizes nuclear security;
  • Recruitment and training of personnel that encourage individuals to have the attitudes and behaviours that support nuclear security;
  • Strong training programmes and frequent exercises that reinforce the attitudes and behaviours that support nuclear security;
  • Sufficient resources to sustain the nuclear security infrastructure, systems and measures; and
  • Fostering of safety culture and security culture taking into account their commonalities and differences.

The methodology for the support of a sound nuclear security culture is divided into the following two phases:

7.1       Phase 1: Considerations before a decision to launch a nuclear power programme:

  • Action 1:   The State’s national policy and strategy should recognize that a strong nuclear security culture is essential.  The State’s national nuclear security infrastructure should reflect this and its implementing measures should recognize the importance of a strong nuclear security culture.

7.2       Phase 2: Preparatory work for the construction of a nuclear power plant after a policy decision is taken:

  • Action 1:   All competent authorities and institutions involved in nuclear security should encourage and promote appropriate behaviour, attitudes and characteristics of a sound nuclear security culture;
  • Action 2:   The State should strongly promote effective leadership and management of nuclear security within all competent authorities and institutions, including operators, with responsibility for nuclear security;
  • Action 3:   Competent authorities and institutions, including operators, should strongly promote effective leadership and management of nuclear security within their organizations;
  • Action 4:   Competent authorities and institutions, including operators, should develop tools and methodologies for assessing nuclear security culture within their organizations; and
  • Action 5:   Competent authorities and institutions, including operators, involved in nuclear security should be encouraged to foster a positive nuclear security culture through positive role models (leaders and managers), training, positive reinforcement through recognition of nuclear security culture, sound policies and processes that support nuclear security.

8.     SUSTAINING THE NATIONAL NUCLEAR SECURITY INFRASTRUCTURE:

Sustaining the national nuclear security infrastructure relies upon:

  • Commitment of the necessary resources to ensure that the national nuclear security infrastructure is sustained and effective in the long term;
  • Establishment of an effective management system within all competent authorities, entities, and organizations that have responsibility for nuclear security;
  • Recognition that credible threats will continue to exist and that nuclear security is important at the institutional, organizational, and individual level; and
  • Evaluation of threats over time to ensure that nuclear security systems are always consistent with the current evaluation of the threats.

The methodology for sustaining the national nuclear security infrastructure is divided into the following two phases:

8.1       Phase 1: Preparatory work for the construction of a nuclear power plant after a policy decision is taken:

  • Action 1:  The State should establish a sustainability programme to ensure that the nuclear security infrastructure is effective in the long term by committing the necessary resources. This requires assessment and regular review of all components: national policy and strategy, legal and regulatory frameworks, financial support, and investment in human resources; and
  • Action 2:   Competent authorities and operators should establish sustainability programmes for their nuclear security systems and measures. Sustainability programmes should encompass:
    • Incorporation of sustainability factors into the design of nuclear security systems and measures;
    • Maintenance and continuous improvement of the management system for nuclear security;
    • Human resource management, capacity building, and training in relation to nuclear security;
    • Equipment updating, maintenance, repair and calibration of nuclear security systems;
    • Performance testing and operational monitoring of nuclear security systems;
    • Configuration management; and
    • Ongoing assessment of resource allocation and operational cost analysis to ensure appropriate allocation of resources for the maintenance of nuclear security systems and measures.

8.2       Phase 3: Activities to implement the first nuclear power plant:

  • Action 1:   Competent authorities and operators should ensure the implementation of their sustainability programmes for the nuclear security systems and measures.

Resources:

  1. IAEA Establishing the Nuclear Security Infrastructure for a Nuclear Power Programme by D. Jinchuk; and
  2. IAEA Establishing the Nuclear Security Infrastructure for a Nuclear Power Programme – Series Number 19.

Chapter 68