1. RADIOACTIVE SOURCES:
Radioactive sources vary widely in physical size and properties, the amount of radiation they emit, and type of encasing. Some are portable instruments, such as gauges for taking measurements, while others are fixed pieces of equipment, such as a radiotherapy machine for cancer treatment.
Radioactive sources are used throughout the world for a wide variety of peaceful and productive purposes in industry, medicine, research and education, and in military applications. These sources utilize radioactive materials that are firmly contained or bound within a suitable capsule or housing; although some sources involve radioactive materials in an unsealed form.
Until the 1950s, only radionuclides of natural origin, particularly radium-226, were generally available for sources. Since then, radionuclides produced artificially in nuclear facilities and accelerators have become widely available, including cobalt-60, strontium-90, caesium-137 and iridium-192.
The IAEA has categorized radioactive sources, to identify those types that require particular attention for safety and security reasons. Most significant are certain industrial and medical radioactive sources – typically cobalt-60, caesium-137, strontium-90, and iridium-192 – that emit high levels of radiation. The social and economic benefits from the many applications of radioactive sources are high, in the billions of dollars worldwide each year.
Radioactive sources that are outside of regulatory control are called “orphan sources” for short. They may never have been subject to regulation, or they may have been regulated initially but then were abandoned, lost, misplaced, stolen, or removed without authorization. Some sources may not be formally “orphaned” but their control may be weak and therefore vulnerable to being mishandled or lost.
Millions of sources have been distributed worldwide over the past 50 years, with hundreds of thousands currently being used, stored, and produced. Many of these sources are weakly radioactive, and they pose little radiological risk. Worldwide, the IAEA has tabulated more than 20,000 operators of significant radioactive sources: more than 10,000 radiotherapy units for medical care are in use; about 12,000 industrial sources for radiography are supplied annually; and about 300 irradiator facilities containing radioactive sources for industrial applications are in operation.
In many countries, as the regulatory control of radioactive sources is weak, the inventories are not well known.
Through its program to help countries improve their national infrastructures for radiation safety and security, the IAEA has found that more than 100 countries may have no minimum infrastructure in place to properly control radiation sources. However, many IAEA Member States – in Africa, Asia, Latin America, and Europe – are making progress through an IAEA project to strengthen their capabilities to control and regulate radioactive sources. The IAEA is also concerned about the over 50 countries that are not IAEA Member States (there are 134), as they do not benefit from IAEA assistance and are likely to have no regulatory infrastructure.
The IAEA has been active in lending its expertise to search out and secure orphaned sources in several countries. In Kabul, Afghanistan in late March, the IAEA was called in to secure a powerful cobalt source abandoned in a former hospital. In Uganda a week later, the IAEA helped the government to secure a source that appeared to have been stolen for illicit resale.
More than 70 States have joined with the IAEA to collect and share information on trafficking incidents and other unauthorized movements of radioactive sources and other radioactive materials. The IAEA database includes 284 confirmed incidents since 1 January 1993 that involved radioactive material other than nuclear material. In most of these cases, the radioactive material was in the form of sealed radioactive sources, but some incidents with unsealed radioactive samples or radioactively contaminated materials such as contaminated scrap metal also have been reported to the illicit trafficking database and are included in the statistics. Some States are more complete than others in reporting incidents, and open-source information suggests that the actual number of cases is significantly larger than the number confirmed to the IAEA.
Not all these incidents reflect deliberate attempts to steal radioactive sources. The great majority of detected trafficking incidents appear to involve opportunists or unsophisticated criminals, motivated by the hope of profit. In some cases, the theft of sources was incidental to the theft of vehicles, and in other cases, the thieves may have been interested in an item’s resale value as an expensive instrument or as scrap metal. Nevertheless, it is apparent that an important fraction of cases involved persons who expected to find buyers interested in the radioactive contents of stolen sources and their ability to cause or threaten harm. Customs officials, border guards, and police forces have detected numerous attempts to smuggle and illegally sell stolen sources.
Radioactive sources can be detected and their movement monitored. The effective detection range depends on the amount and type of radiation emitted by the source and also on the possible presence of shielding materials that may reduce the amount of radiation that reaches the detector. Fortunately, the most intense and dangerous sources normally are the most susceptible to detection. Several types of instruments already are in use for detecting illicit movement of radioactive materials, and more advanced systems are under development that will be more sensitive, easier to use, or more capable to identify exactly what kind of radioactive materials are present.
The IAEA and its Member States are working hard to raise levels of radiation safety and security, especially focusing on countries known to have urgent needs. The IAEA has taken the leading role in the United Nations system in establishing standards of safety, the most significant of which are the “Basic Safety Standards for Protection Against Ionizing Radiation and for the Safety of Radiation Sources” and the more recent “Code of Conduct on the Safety and Security of Radioactive Sources.” These guidelines promote consistent international approaches to radiation protection, safety and security.
At the request of countries, the Agency can send expert teams to help governments develop national strategies or to advise on dealing with disused sources. Its advisory teams work with countries to assess their systems for radiation control and its emergency response teams respond to radiological emergencies. Within its 2002 Action Plan on Combating Nuclear Terrorism, the IAEA established a program to ensure that significant, uncontrolled radioactive sources are brought under regulatory control and properly secured by providing assistance to Member States in their efforts to identify, locate and secure or dispose of orphan sources.
Every Country (State) will need to define its domestic threat. This process needs to begin with a national threat assessment, which is an analysis that documents – at a national level – the credible motivations, intentions and capabilities of potential adversaries that could cause harm through the sabotage of a facility or the unauthorized removal of a radioactive source for malicious purposes.
Every State will need to take the appropriate measures to ensure that radioactive sources within its territory, or under its jurisdiction or control, are securely protected during and at the end of their useful lives. This includes the promotion of a security culture with regard to radioactive sources and adequate education and training of regulators and operators. States will need to have an effective national legislative and regulatory infrastructure in place to govern the security of radioactive sources, which:
- Prescribes and assigns governmental responsibilities to relevant bodies including an independent regulatory body to establish, implement, and maintain a regime that ensures the security of radioactive sources;
- Establishes security requirements for radioactive sources and includes a system of evaluation, licensing, and enforcement or other procedures to grant authorizations;
- Places the prime responsibility for the security of radioactive sources on the operators;
- Provides for measures to reduce the likelihood of the attempt of malicious acts;
- Provides for measures that mitigate/minimize the consequences of malicious acts involving radioactive sources; and
- Establishes punishable offences covering malicious acts involving radioactive sources.
The implementation and operation of the legislative and regulatory infrastructure for the security of radioactive sources rely on the effective cooperation between the various bodies assigned governmental responsibilities. Typically, these bodies are likely to include a State’s regulatory body, intelligence community, ministries of interior, defence, transportation, foreign affairs; law enforcement; customs a coast guard and other agencies with security related responsibilities.
States will need to ensure that the regulatory body is adequately resourced, in terms of personnel and funding, to fulfil its regulatory functions, including implementing an inspection programme to verify that the security of radioactive sources is effectively maintained. This inspection programme should be supported by written procedures and performed by qualified personnel. The frequency of inspections should take account of the security level of the radioactive source(s) and may consider an operator’s past performance in maintaining compliance with security requirements. Inspections of security measures implemented by an operator can be performed together with inspections for verifying compliance with other regulatory requirements, such as safety, or as stand-alone inspections.
Operators, as the authorized entities, should have the primary responsibility for implementing and maintaining security measures for radioactive sources in accordance with national requirements. Operators may, depending on a State’s regulatory requirements, appoint or contract a third party to carry out actions and tasks related to the security of radioactive sources, although the authorized operator should retain the prime responsibility for regulatory compliance and effectiveness of the actions and tasks. Also, operators should ensure that their personnel and their contractors are suitably trained and meet the regulatory requirements, which should include trustworthiness.
Operators should verify that sources are present at their authorized location at prescribed intervals. Any absence or discrepancy should be promptly investigated and reported to the regulatory body. Processes should be in place to ensure that all Category 1, 2, and 3 sources for which operators are authorized are identifiable and traceable.
When required by the regulatory authorities, operators should carry out vulnerability assessments of their radioactive sources based on the current assessed threat. Operators should promote a security culture, and establish a management system commensurate with the levels of security, to ensure that:
- Policies and procedures are established that identify security as being of high priority;
- Problems affecting security are promptly identified and corrected in a manner commensurate with their importance;
- The responsibilities of each individual for security are clearly identified and each individual is suitably trained, qualified, and determined to be trustworthy;
- Clear lines of authority for decisions on security are defined;
- Organizational arrangements and lines of communications are established that result in an appropriate flow of information on security within the entire organization;
- Sensitive information is identified and protected according to national regulations; and
- Radioactive sources are managed in accordance with a security plan, when required by the regulatory body.
3. A SECURITY SYSTEM:
A security system should be designed by the operator’s security professionals to deter adversaries from committing a malicious act or to minimize through detection, delay and response the likelihood of an adversary succeeding in completing such a malicious act. Such an act would consist of a sequence of actions by one or more adversaries (threat) to obtain access to a source (target) either in order to commit an act of sabotage or another malicious act, or in order to remove the source without authorization.
3.2 Security Functions:
A security system to protect radioactive sources from an adversary intent on committing a malicious act should be designed to perform basic security functions: Deterrence, Detection, Delay, Response, and Security Management:
- Deterrence occurs when an adversary, otherwise motivated to perform a malicious act, is dissuaded from undertaking the attempt. Deterrent measures have the effect of convincing the adversary that the malicious act would be too difficult, the success of the act too uncertain, or the consequence of the act to the adversary too unpleasant to justify the undertaking. Measures designed specifically to deter thus involve communication to the adversary about the presence of measures performing the other security functions. If this communication has the intended effect, deterrence is the result;
- Detection is the discovery of an attempted or actual intrusion which could have the objective of unauthorized removal or sabotage of a radioactive source. Detection can be achieved by several means, including visual observation, video surveillance, electronic sensors, accountancy records, seals and other tamper indicating devices, process monitoring systems, and other means. Adversary awareness of detection measures can also serve as a deterrent;
- Delay impedes an adversary’s attempt to gain unauthorized access or to remove or sabotage a radioactive source, generally through barriers or other physical means. A measure of delay is the factor of time, after detection, that is required by an adversary to remove or sabotage the radioactive source. Adversary awareness of delay barriers can also serve as a deterrent;
- Response encompasses the actions undertaken following detection to prevent an adversary from succeeding or to mitigate potentially severe consequences. These actions, typically performed by security or law enforcement personnel, and other State agencies, include interrupting and subduing an adversary while the attempted unauthorized removal or sabotage is in progress, preventing the adversary from using the radioactive source to cause harmful consequences, recovering the radioactive source, or otherwise reducing the severity of the consequences. The prospect of successful response can also serve as a deterrent; and
- Security Management includes ensuring adequate resources (personnel and funding) for the security of sources. It also includes developing procedures, policies, records, and plans for the security of sources and for a more effective security culture, in general. This term also includes developing procedures for the proper handling of sensitive information and protecting it against unauthorized disclosure.
3.3 Design and Evaluation of Security System:
A well designed security system should integrate measures to perform all five security functions so as to effectively secure the target from the threat, consistent with the following security concepts:
- Deterrence cannot be measured: The objective of deterrence is to dissuade an adversary from attempting a malicious act. As a result, the impact of deterrent measures cannot be quantified. Therefore, the design of a security system should not be wholly based on deterrence;
- Detection before delay: The function of delay is to provide response personnel with sufficient time to deploy and interrupt or interdict the adversary’s efforts to complete a malicious act. Therefore, detection must precede delay. If an adversary is given the opportunity to overcome barriers and other obstacles prior to encountering intrusion sensors or other detection means, the adversary will have completed the most difficult tasks before being detected and thus may well succeed in removing or sabotaging the radioactive source before the response personnel arrive. In this case, barriers do not serve as a delay but rather, at most, as deterrents;
- Detection requires assessment: Most means of detection provide an indirect indication of potential malicious action, such as attempted unauthorized access, removal or sabotage of a radioactive source. The only direct indication is by direct human observation. Therefore, when an alarm or other indirect indication is triggered, there is always some uncertainty as to the cause. As a result, detection should always be complemented by assessment to determine the cause of the alarm. Alarm assessment requires human observation and judgment, through deployment of response personnel to investigate the cause of the alarm, through remote closed circuit television (CCTV) systems, or similar means. Sometimes, adversaries may attempt to exploit any delay between detection and assessment to mask their malicious intent. Therefore, immediate assessment is the goal of any security system;
- Delay greater than assessment plus response time: A security system is successful if it detects and a correct assessment is made of an adversary attempting a malicious act in sufficient time for subsequent delay measures to permit response personnel to interrupt and stop the adversary prior to completion of the act or to initiate prompt actions to mitigate potentially high consequences. This relationship of the functions of detection, delay and response is known as timely detection;
- Balanced protection: This is a concept of equivalent security functions (deterrence, detection delay, response, and security management) that provides adequate protection against all threats along all possible pathways. In other words, delay times through each pathway, detection measures associated with each detection element and the resulting responses provide the necessary protection to prevent a successful act; and
- Defence in depth: A concept of several layers and methods of protection (structural, technical, personnel and organizational) that have to be overcome or circumvented by an adversary in order to achieve their objective.
4. A REGULATORY PROGRAMME:
The provisions in the Code of Conduct relating to the security of radioactive sources have been strengthened to provide measures to reduce the likelihood of malicious acts. The Code also specifically mentions that States should give appropriate attention to radioactive sources considered by them to have the potential to cause unacceptable consequences if employed for malicious purposes. In case of such an event, requirements and guidance on emergency preparedness and response, intervention and the remediation of contaminated areas are available from the IAEA. Guidance on protecting people against radiation in the aftermath of a radiological attack is given by the International Commission on Radiological Protection.
Such malicious acts and potential consequences could include:
- The deliberate placement of a breached or unshielded source in a public area;
- The deliberate dispersion of radioactive material to cause adverse health effects (by using, for example, a radioactive dispersal device (RDD)); and
- The use of an RDD for the purposes of contaminating ground, buildings and infrastructure leading to denial of access to these areas, which may be based on radiation protection criteria, economic impact and the cost of cleanup and reconstruction.
Many States already have a regulatory programme in place that covers activities such as authorization, review and assessment, inspection and enforcement. Safety and security measures should be designed and implemented in an integrated manner so that they do not compromise each other. Establishing such a regulatory programme for the security of radioactive sources involves three basic steps for the regulatory body:
4.1 Step 1: Establish graded security levels with corresponding goals and objectives for each security level:
Radioactive sources have a wide range of characteristics (such as activity) that make them attractive in varying degrees to adversaries. A corresponding range of effective security measures should be utilized to ensure that the sources are adequately protected using a graded approach. In order to ensure adequate security capability without imposing overly restrictive measures, the concept of security levels should be used. Three security levels (A, B, and C) have been developed to allow specification of security system performance in a graded manner.
Security level A requires the highest degree of security while the other levels are progressively lower. Each security level has a corresponding goal. The goal defines the overall result that the security system should be capable of providing for a given security level. The following goals have been developed:
- Security level A: Prevent unauthorized removal of a source;
- Security level B: Minimize the likelihood of unauthorized removal of a source; and
- Security level C: Reduce the likelihood of unauthorized removal of a source.
Malicious acts can involve either unauthorized removal of a source or sabotage. While the security goals only address unauthorized removal, achievement of the goals will reduce the likelihood of a successful act of sabotage.
Security systems that achieve the goals listed above will provide some (although limited) capability to detect and respond to an act of sabotage. In order to meet the goals, it is necessary to achieve an adequate level of performance for each of the security functions: deterrence, detection, delay, response, and security management. That level of performance is defined as a set of objectives for each of the functions. These objectives state the desired outcome from the combination of measures applied for that objective.
Deterrence is a security function which is difficult to quantify. Consequently, it has not been assigned an associated set of security objectives and measures in this publication.
4.2 Step 2: Determine the security level applicable to a given source:
In order to specify an appropriate security level for a source, consideration should be given to the potential harm that the source could cause if it were used in a malicious act. This potential for harm then guides the process of assigning an appropriate security level to the source. This process consists of the following steps:
- Categorizing sources based on the potential to cause harm if used for malicious purposes (including aggregation of sources in a given location as appropriate):
In recognition of the fact that human health is of paramount importance, the categorization system is based primarily on the potential for radioactive sources to cause deterministic health effects. The D value is the radionuclide specific activity of a source which, if not under control, could cause severe deterministic effects for a range of scenarios that include both external exposure from an unshielded source and inadvertent internal exposure following dispersal (e.g. by fire or explosion) of the source.
The categorization system has five categories, as shown below. This number of categories should be sufficient to enable the practical applications of the scheme, without unwarranted precision.
- Unlisted Sources;
- Short Half-life Radionuclides;
- Unsealed Radioactive Sources;
- Radioactive Decay; and
- Aggregated of Sources.
Assigning an appropriate security level to each category:
- As a default arrangement, the regulatory body could use the categories listed above to assign the security level applicable to a given source.
The purpose of categorizing radioactive sources is to provide an internationally accepted basis for risk informed decision making, including measures to reduce the likelihood of malicious acts. However, socioeconomic consequences resulting from malicious acts were excluded from the categorization criteria as no methodology for quantifying and comparing these consequences exists, especially on an international basis.
4.3 Step 3: Select and implement a regulatory approach (prescriptive, performance based, or combined) for directing operators as to how to design, implement and evaluate security measures in order to meet the security objectives:
There are three alternative approaches that the regulatory body may use for directing operators on how to demonstrate that they meet the security objectives. The approach selected by the regulatory body should take into account its own capabilities and resources, the capabilities and resources of the operators that it regulates, and the range of sources that should be protected:
- A prescriptive approach establishes specific security measures determined by the regulatory body to meet the security objectives for each security level;
- A performance based approach is one where the regulatory body allows flexibility for the operator to propose the particular combination of security measures that will be used to achieve the security objectives; and
- A combined approach includes elements drawn from both prescriptive and performance based approaches.