The Convention on the Physical Protection of Nuclear Material was signed at Vienna and at New York on 3 March 1980. The Convention is the only international legally binding undertaking in the area of physical protection of nuclear material. It establishes measures related to the prevention, detection and punishment of offenses relating to nuclear material.
A Diplomatic Conference in July 2005 was convened to amend the Convention and strengthen its provisions. The amended Convention makes it legally binding for States Parties to protect nuclear facilities and material in peaceful domestic use, storage as well as transport. It also provides for expanded cooperation between and among States regarding rapid measures to locate and recover stolen or smuggled nuclear material, mitigate any radiological consequences of sabotage, and prevent and combat related offences.
As of May 2013, there are 148 parties to the convention, which includes 147 states and the European Atomic Energy Community. Bulgaria, Hungary, Mongolia, Poland, and Russia have denounced the convention after having ratified it.
The objectives of the State’s physical protection regime, which is an essential component of the State’s nuclear security regime, should be:
- To protect against unauthorized removal. Protecting against theft and other unlawful taking of nuclear material;
- To locate and recover missing nuclear material. Ensuring the implementation of rapid and comprehensive measures to locate and, where appropriate, recover missing or stolen nuclear material;
- To protect against sabotage. Protecting nuclear material and nuclear facilities against sabotage; and
- To mitigate or minimize effects of sabotage. Mitigating or minimizing the radiological consequences of sabotage.
The State’s physical protection regime should seek to achieve these objectives through:
- Prevention of a malicious act by means of deterrence and by protection of sensitive information;
- Management of an attempted malicious act or a malicious act by an integrated system of detection, delay, and response; and
- Mitigation of the consequences of a malicious act.
1. NUCLEAR SECURITY MEASURES FOR NUCLEAR MATERIAL AND NUCLEAR FACILITIES:
Nuclear security systems and measures are an essential part of a nuclear power programme and fall within the overall nuclear security infrastructure of the State. The objective of the implementation of nuclear security measures for nuclear material and nuclear facilities is:
- To protect against the unauthorized removal of nuclear material;
- In the event of unauthorized removal of nuclear material, to locate and
- recover that material; and
- To protect nuclear material and nuclear facilities against sabotage;
- In the event of an act or acts of sabotage against nuclear material and nuclear facilities, to mitigate or minimize the radiological consequences of sabotage.
These objectives may be achieved through the implementation of:
- Measures against unauthorized removal of nuclear material in use and storage and sabotage of nuclear facilities; and
- Measures against unauthorized removal and sabotage of nuclear material during transport.
2. MEASURES AGAINST UNAUTHORIZED REMOVAL OF NUCLEAR MATERIAL AND SABOTAGE OF NUCLEAR FACILITIES:
It is critical to understand that on-site security personnel, transport security personnel and off-site response forces including military and law enforcement personnel are instrumental to the implementation of an effective nuclear security system. Effective coordination and cooperation between all of these competent authorities and personnel should be established as part of the design and implementation of the nuclear security system.
The State should ensure that the primary responsibility for the implementation of the nuclear security systems and measures for nuclear material and nuclear facilities rests with the holders of the relevant authorizations, ensuring that:
- The nuclear security measures that are put in place are effective against both unauthorized removal of nuclear material and sabotage;
- The measures are based on the more stringent requirements for physical protection: Either those against unauthorized removal or those against sabotage; and
- When a facility contains nuclear material and other radioactive material the two sets of protection requirements are considered and implemented in a manner such that the more stringent requirements for physical protection of the nuclear material are applied.
The State should ensure that its nuclear security systems and measures are capable of establishing and maintaining the risk of unauthorized removal and sabotage at acceptable levels through risk management which requires:
- Assessing the threat and potential consequences of unauthorized removal or sabotage, and then developing a legal and regulatory framework that ensures that appropriate effective nuclear security measures are put in place.
The State should decide what level of risk is acceptable and what level of protection against the threat should be provided. A graded approach should be used to provide higher levels of protection against nuclear security events that could result in higher consequences including:
- For protection against unauthorized removal, the State should regulate the categorization of nuclear material in order to ensure an appropriate relationship between the nuclear material of concern and the nuclear security measures; and
- For protection against sabotage, the State should establish its threshold(s) of radiological consequences in order to determine appropriate levels of physical protection taking into account existing nuclear safety and radiation protection measures.
The state should make sure that the nuclear security systems and measures reflect the principle of defence in depth as:
- Defence in depth relies upon the implementation of several layers and methods of protection including hardware (security devices), procedures (administrative controls, including management and organization of guards) and facility design (including layout).
The State should ensure that its national response plan and the contingency plan developed by the operator are fully compatible. The State should require evaluations including performance testing to demonstrate this compatibility.
The State should ensure that the design of the national response plan and the contingency plan be reviewed periodically, including in the light of changes in threats, enhanced understanding of the potential vulnerabilities of a nuclear facility, its systems and structures, and advances in physical protection approaches, systems and technologies, and updated as necessary.
The applicant or operator has prime responsibility for the protection of its facility, based on the threat assessment or Design Basis Threat (DBT). The regulatory authority should ensure that the responsibilities of operators and of the other relevant competent authorities, particularly off-site response forces, are clearly defined in the contingency plans.
It is the responsibility of the applicant or operator to define measures to respond to nuclear security events (contingency measures). The contingency measures should be included in a contingency plan, which will be a part of a security plan required by the regulatory authority and assessed as part of the authorization process for the nuclear power plant.
The applicant or operator should prepare a security plan as part of its application to obtain an authorization. The security plan should be based on the threat assessment or DBT and should include sections dealing with design, evaluation, implementation and maintenance of the nuclear security systems and measures and contingency plans.
The competent authority should review the security plan and once approved the plan should then be implemented in accordance with the authorization. The operator should review the security plan regularly to ensure it remains up to date with the current operating conditions and the nuclear security measures.
The operator should submit an amendment to the security plan for approval by the competent authority before making significant modifications, including temporary changes, to arrangements detailed in the security plan. For changes involving potential reduction in security, approval should be received prior to making the change.
For a new nuclear facility, the operator should make sure that the site selection and design of the nuclear facility should take the need for nuclear security measures into account as early as possible and also address the interface between nuclear security systems and/or measures and those for safety and nuclear material accountancy and control to avoid any conflicts and to ensure that all three elements complement each other.
Depending on the level of threat, operators may need the support of off-site response forces especially in relation to training, equipment, exercises and actual response to a nuclear security event. To effectively provide for a cooperative and coordinated response, the regulatory authority should ensure that appropriate arrangements are put in place between operator and law enforcement agencies as part of contingency planning.
The State should define how the graded approach should be applied to the protection against unauthorized removal of nuclear material and sabotage of nuclear facilities. The State should adopt the categorization system for the protection of nuclear material from unauthorized removal and the method.
The State should define requirements, based on the threat assessment or DBT, for the development of nuclear security measures for nuclear material in use and in storage and for nuclear facilities, depending on the potential consequences of either unauthorized removal or sabotage. The requirements to be taken into account for the protection against unauthorized removal and for measures to locate and recover missing or stolen nuclear material for protection against sabotage.
The State should ensure that the nuclear security systems and measures are compatible with nuclear material accountancy and control measures.
The State should specify the roles and responsibilities of all relevant competent authorities, from State to local levels that will ensure an effective response, in cooperation with operators, to a nuclear security event.
The State should ensure that the regulatory framework in relation to nuclear security systems and measures for nuclear material and nuclear facilities.
The State should ensure that the regulatory framework outlines the requirements for the development of nuclear security measures of nuclear facilities at the relevant stages of licensing and that the required measures are implemented by the applicant or operator at each of the following stages:
- Commissioning (including bringing nuclear material onto the site);
- Operation; and
The State should ensure that the regulatory framework includes in the requirements for licensing the need for a security plan, as part of a licence application, that will detail the applicant/operator’s physical protection system, including details of the design, implementation, maintenance, and evaluation of the nuclear security systems, measures and contingency plans, including the relationship between the applicant/operator and the relevant response agencies.
The State also should make sure that the security plan should also include provisions for regular exercises.
The State should ensure that the regulatory framework requires the applicant/operator to develop arrangements with off-site response forces in cooperation with the competent authority responsible for ensuring the effective implementation of the applicant/operator’s contingency plan.
The State should ensure that programmes, plans, and procedures for preparedness for a nuclear security event (contingency plans) are implemented at the national, local, and facility level and having regard to international obligations, including early notification.
The State should ensure that there are appropriate arrangements in place for coordination between the operator’s contingency plan, the national response plan and the plans of the relevant competent authorities involved in response.
The State, relevant competent authorities, and the operator should exercise the contingency plan and the response plans, in particular to test the coordination with off-site response forces and to identify potential safety–security interface issues.
The State should ensure that before nuclear fuel first arrives on the site and is loaded into the reactor, all elements of the nuclear security systems and measures are in place and relevant competent authorities and other organizations, including the operator, have developed contingency and emergency arrangements and successfully exercised with local and national organizations to the satisfaction of regulatory authority. Nuclear security measures for fuel in temporary storage prior to loading into a reactor should be consistent with the material category.
The State should ensure that response forces are familiar with the site and the sabotage targets, and with potential on-site prevention or mitigation actions.
3.2 Regulatory Authority:
The regulatory authority should consider establishing a cooperation programme with vendor States, in particular for sharing of information in relation to the potential consequences of a nuclear security event. In addition the competent authorities should consider establishing a cooperation arrangement with the competent authorities of other States with responsibility for authorization and approvals that have experience of oversight of nuclear power plants of the same type as that selected for construction.
The regulatory authority should assess and approve the security plan, the implementation of which should then be part of the conditions attached to the authorization.
The regulatory authority should ensure that the inspection and verification of the nuclear security systems and measures includes testing of the system (including testing of the detection, delay and response systems) and review of the effectiveness of the implementation of the nuclear security systems and measures.
The regulatory authority should require the operator to report any non-compliance with its nuclear security systems and measures including prompt reporting of all events with nuclear security implications.
Recognizing that a revision of the DBT may take time, the regulatory authority should require the operator to implement short-term compensatory measures based on the current threat assessment, if necessary.
If the regulatory authority determines that the nuclear security systems and measures are incapable of providing the required level of protection, the operator should immediately implement compensatory measures to provide adequate protection. The operator should then, within an agreed period, plan and implement corrective actions to be reviewed and approved by the competent authority.
The regulatory authority should ensure that the effectiveness of these compensatory measures against the current assessed threat is evaluated.
The applicant/operator should identify the targets to be protected and design its nuclear security measures to protect targets based upon the threat assessment or DBT. When considering the threats, the applicant/operator should pay due attention to the potential role of insiders.
The applicant/operator should consider establishing a cooperation programme with the vendor and with other organizations operating nuclear power plants and related facilities of the types that are selected for construction, for the purpose of strengthening design of the nuclear security systems and measures.
The applicant/operator should prepare a security plan as part of its application to obtain an authorization to construct a nuclear power plant. The security plan should be based on the threat assessment or the DBT and should include sections dealing with design, evaluation, implementation, performance testing and maintenance of the nuclear security measures, and contingency plans.
The applicant/operator should ensure that its nuclear security measures include procedures and protocols, including trustworthiness checks and programmes for selection and qualifications of staff, to control access of personnel to facilities, critical digital systems and components and sensitive information.
The operator should define procedures setting conditions for activation of the contingency plan when initiating the response to a nuclear security event.
The operator should implement its nuclear security measures and evaluate them before receipt of nuclear material and commissioning of the nuclear power plant.
The operator should implement means and procedures for evaluation, including performance testing, and maintenance of the nuclear security systems and measures.
The operator should review the security plan regularly and should submit any amendments to the security plan for approval by the regulatory authority. For modifications to arrangements detailed in the approved security plan, the regulatory authority should verify the operator’s compliance with the security plan. For changes that may lead to any reduction in security, regulatory approval should be received prior to implementing any modifications.
The competent authority that develops the threat assessment or DBT should continuously review the threats and evaluate the implications of any changes in the threat assessment or DBT. The competent authority should take steps to ensure that any change in the threat assessment or DBT is appropriately reflected in the operator’s security plan by requiring a review, and upgrade if necessary, of arrangements.
The operator should make arrangements to ensure that during emergency conditions and exercises, the effectiveness of the physical protection system is maintained.
In the years ahead, cooperative efforts must address the full range of threats to nuclear security, recognizing that:
- There is a wide spectrum of potential risks; they include nuclear weapons proliferation, theft of nuclear or other radioactive materials, and sabotage of nuclear facilities;
- There are different security risks when considering threats posed by hostile States or by what have been called “subnational” perpetrators, including individuals or groups of criminals and terrorists bent on inflicting mass casualties and deaths; and
- Since risks are associated with different types of consequences, a graded approach is warranted to prioritize and effectively counter threats.
To a large extent, future directions of the IAEA’s programme on the Security of Material rest upon measures to strengthen international cooperation for upgrading nuclear security, including improved capabilities for intercepting and responding to illicit trafficking, and enhanced protection of facilities against terrorism and sabotage. It will be a difficult challenge for the IAEA and its Member States to consolidate all these measures into an integrated, efficient system, thereby ensuring that the security of nuclear and other radioactive material is woven into the infrastructure of nuclear safety and security programmes. Doing so will contribute significantly to national and global efforts to combat and reduce the multidimensional threats of nuclear terrorism.
- IAEA International Conventions and Legal Agreements;
- Wikipedia – European Atomic Energy Community;
- IAEA Establishing the Nuclear Security Infrastructure for a Nuclear Power Programme;
- IAEA Security of Material;
- IAEA Nuclear Security Recommendations on Physical Protection of Nuclear Material and Nuclear Facilities; and
- Security of Material – The Changing Context of IAEA’s Programme by Anita Nilsson.