Nuclear Security Challenges –for The United States, And
Nuclear Security Challenges – for theUnited States, and OthersMatthew Bunn, Harvard Kennedy SchoolBelfer-Pakistan Dialogue, Istanbul, April 14-15 2017belfercenter.org/mtaNuclear theft and sabotage are real dangers2qMultiple terrorist groups have sought nuclear weapons— al Qaeda’s program progressed as far as carrying out explosivetests in the Afghan desert— Aum Shinrikyo had substantial effort before 1995 nerve gas attacks— Only hints of ISIS interest (extended monitoring of Belgian nuclearofficial) – but has more , people, control of territory, ability torecruit globally than the othersqqqMultiple government studies (in U.S. and elsewhere) haveconcluded that sophisticated terrorist groups could make acrude bomb if they got the material 20 cases of seizure of stolen nuclear bomb material inpublic recordAlso multiple cases of actual or planned nuclear sabotage— Most recent: Insider sabotage of Doel-4 turbine in 20141
A recent example: insider sabotage and acleared terrorist at Doel-43qAugust 2014: An insider at Doel-4reactor in Belgium drains lubricant,destroys reactor turbine— 100 million damage— Investigators unable to find culprit— Sabotage intended to cause economicdamage, not radiation releaseqInvestigation finds that long before,contractor Ilyass Boughalab hadaccess to vital area— Passed security clearance review in2009— In late 2012, left to fight for terroristsin Syria (reportedly killed later)— Later convicted as part of“Jihad4Belgium” terrorist groupSource: Kristof PietersFive key challenges for nuclear security in theUnited States (and elsewhere)4qq1.2.3.4.5.Like nuclear safety, nuclear security is never ”done” –requires focus on continuous improvementEffective nuclear security systems include many elements, butstrong efforts in five areas are key:Design requirements covering the full spectrum of plausibleadversary capabilities and tacticsComprehensive programs to protect against insider threatsTargeted programs to strengthen security cultureRealistic performance testing and vulnerability assessmentConsolidating material to the minimum number of locations2
Covering the full spectrum of plausibleadversary capabilities tactics5qChallenge: need to protect against plausible possibilitieswithout wasting money on unrealistic threats— But adversaries learn, evolve, adaptqU.S. experience— Drastically increased DOE DBT after 9/11 attacks – in two steps— Then, as costs/inconveniences became clear, DOE DBT shifteddownward again— NRC DBT different – increased after 9/11, then largely stable— Are they enough? What are the odds of adversaries having ALL thecapabilities envisioned in the DBT? What are the odds ofadversaries having more capability in some areas (e.g., multipleinsiders)? Can systems be designed to provide significant protectionbeyond the DBT? If the state is to handle beyond-DBT threats, howto prepare to fulfill that responsibility?Insider threats are the most dangerousnuclear security problem6qPeople don’t want to believe theirfriends and colleagues couldbetray the organization— Leads to serious lapses in protectionagainst insider threatsqqqqOften even obvious “red flags” gounreported, unaddressedU.S. continues to experience seriousinsider challengesNew Bunn-Sagan book includes“Worst Practices Guide” on hownot to handle the insider threat,detailed case studies, data onjihadist thinking on sider-threats3
Comprehensive protection frominsider threats7qChallenge: insiders are trusted by other staff, can use theirspecialized knowledge and authorized access to pose a threat— Source of most past nuclear theft and sabotage casesqComprehensive insider threat program should include:— Background checks before access, and ongoing monitoring after accessis granted— Material accounting and control sufficient to detect any theft, andidentify when and where it happened (and who had access then)— Monitors that would detect any unauthorized access to or removal ofnuclear material— Strong incentives for staff to report concerning behavior, potentialvulnerabilities— Constant surveillance of material, and of vital areas for sabotage— Effective program to address employee disgruntlement— Is it enough? How do we assess? What about multiple insiders?Programs to strengthen security culture8qChallenge: How to build organizational culture wherepeople are always vigilant, always on the look-out forvulnerabilities to be fixed, ways to improve security?— “Good security is 20% equipment and 80% culture”qEvery nuclear operating organization should have atargeted program in place to:— Assess its security culture— Strengthen security culture over timeqSome key elements:— Leadership focus on security— Broad understanding of the threat – and security’s importance— Structuring incentives to encourage staff to focus on security4
Y-12 intrusion, 2012:A failure driven by weak security culture9q2012: 82-year-old nun and two otherprotestors enter Y-12 facility— Passed through 3 alarmed fences, settingoff multiple alarms – no one respondedfor extended period— New instrusion detection system setting off10x as many false alarms— Cameras to allow guards to see cause ofalarm had been broken for months— Major breakdown in security cultureqGraffiti from Y-12 Break-InEven today, few U.S. nuclearorganizations have targeted programsto strengthen security cultureRealistic performance testing and assessment10qChallenge: Many security systems that look effective can bebeaten by intelligent and creative adversaries— Adversaries find vulnerabilities we didn’t think ofqqIAEA recommendation: Quality assurance to ensureprotection system can protect against the design basisthreat; force-on-force exercises at least annuallySome key elements:— Create “red teams” with mission and incentives to find vulnerabilitiesand propose solutions— Conduct “tabletop” exercises and brainstorming workshops toidentify and assess tactics adversaries might use— Conduct realistic tests of ability of intelligent adversaries (insidersand outsiders) to find ways to defeat the overall security system –including realistic force-on-force exercises— Address weaknesses identified5
Challenges to realistic assessment, testing inthe United States11qCheating: January 2004: DOEInspector General finds thatWackenhut Corporation had beencheating on security exercisesqWeak incentives: Facilities wantvulnerability assessors to sayeverything is OK, not to findproblemsqSafety concerns limit the realism oftestingqHow to really test the performanceof insider threat protectionprograms?Consolidating material12qqqChallenge: Good security is expensive – and imperfect, soevery site with HEU or plutonium still represents some riskNuclear security summit commitment: minimize stocks andlocations with HEU and plutoniumElements of an effective consolidation effort:— Convert HEU fuels to LEU where practible— Assess each location with nuclear weapons, HEU, or separatedplutonium – do benefits still outweigh the risks? Could benefits stillbe achieved if material was removed and consolidated at anothersite?— Structure nuclear security regulations to give operators incentives toreduce costs by consolidating stocks of materialqU.S. experience:— Huge costs of post-9/11 security requirements created incentives formanagers to eliminate HEU, plutonium wherever possible6
Existing Pakistani good nuclear securitypractices13qqqqSubstantial investment in both physical security and humanreliability/counterintelligenceLarge armed guard forces, multiple types of barriers anddetectors, rapid response forcesCenter of Excellence provides high-quality, consistent trainingActive participant in nuclear security summits, key nuclearsecurity institutions— IAEA nuclear security programme (including training at COE)— CPPNM and its amendment— Global Initiative, Proliferation Security Initiative Opportunities for further nuclear securitycooperation14qqU.S.-Pakistan nuclear security cooperation has alreadyprovided major benefits to U.S. and Pakistani securityExchanges of approaches, best practices to meet each ofthe nuclear security challenges described here – and others– could build both security and confidence— Could establish Pakistan-U.S. expert working groups in each areaqqTransport security would be another fruitful area where bothcountries face challenges, have ideas to offerNear-term international opportunities:— INFCIRC/869, “Strengthening Nuclear Security Initiative”— World Institute for Nuclear Security— ICSANT7
Opportunities for cooperation (II)15qqqqExpanded regulator-to-regulator discussionsRadiological source securityPrevention and detection of illicit traffickingExploration of issues involved in Pakistan joiningINFCIRC/869, e.g.:— Approaches to preparing for international peer reviews of nuclearsecurity— Approaches to implementing key IAEA recommendationsqJoint development of initiatives to sustain nuclear securityprogress with the end of the summit process— Through the IAEA— Through the “Contact Group” of interested countries— Should the Global Initiative add a working group on nuclear securityand physical protection?For additional information 168
Principles for all states with HEU, plutonium,or major nuclear facilities17qqqqqqqProtect these items against the full spectrum of plausibleadversary threats and capabilitiesHave well-trained, well-equipped on-site armed guardforces sufficient to defeat the threatHave comprehensive programs to protect against insiderthreatsHave targeted programs to strengthen security culture,including regular security culture assessmentsConduct in-depth assessments and realistic tests to ensurethat nuclear security systems are meeting performance goalsHave nuclear material accounting and control systemssufficient to detect thefts and localize them in place and timeProvide effective cyber protectionFurther Reading and Background Material18qPreventing Nuclear Terrorism: Continuous Improvement orDangerous Decline? (2016) ingNuclearTerrorismWeb.pdfqThe U.S.-Russian Joint Threat Assessment of Nuclear dfA Worst Practices Guide to Insider Threats: Lessons From eats.pdfqNuclear Security .org/qFull text of Managing the Atom publications:http://belfercenter.org/mta9
Nuclear safety and security support nuclearenergy growth19qNuclear energy important to U.S. and Pakistan’s energyfutures (and those of other countries)— Clean, expandable, non-intermittent powerqqPublic support requires public confidence that facilities willbe safe and secureFukushima accident had major effect on public, investorperceptions— Another major accident – or, worse, a terrorist attack – could doomprospects for nuclear growth on scale needed for major climatemitigation, pollution-reduction contributionqqResources for safety and security are essential investments inthe future of nuclear energySafety and security are inextricably intertwined – oftencontribute to each other, sometimes conflictSecurity culture matters:Propped-open security door20Source: U.S. Government Accountability Office10
Complacency is the key enemy –but has deep roots21qqqqqMost nuclear facilities have never had a serious security issue (areal theft or sabotage attempt) in decades of operationVirtually no information is exchanged about the real incidents thatdo occur – no one hears about them100% of the alarms in the average guard’s career will either befalse alarms or testsExisting security systems look impressive – easy to convinceyourself they are impregnableMany sources of cognitive and organizational bias leadingpeople to unduly discount low-probability, high-consequenceevents— No one gets promoted for making a 1/105 risk into a 1/106 risk— Every hour you spend on security is an hour not spent on somethingmore likely to get you promotedSuccess can lead to complacencyFrom James Reason, Managing the Risks of Organizational Accidents (Ashgate,1997)11
An intelligent adversary fundamentallychanges probability estimates23qqProbability is a method developed for random events –planned human actions are not randomEarthquakes will not:— Preferentially strike the site least able to protect against them— Observe the defenses and attempt to bring enough capability todefeat them— Consciously plan to cause both primary and backup systems to failqTerrorists will seek to do all of those things— In security, failures are not independent— In security, the past is a less reliable guide to the future –adversaries learn and evolveqNevertheless, estimating the chance of different events – inconcert with other methods – can help structure thinking, identifyweak points to be addressedAssessing the risk of theft at particularnuclear facilities and transports24qRisk of theft at a particular facility or transport:— Probability of theft attempt (unknown, presumably reduced bystronger security measures)— Probability theft attempt would succeed, determined bynnProbability distribution of adversary capabilitiesCapabilities security system can protect against— Consequences: probability stolen material could be used to make abomb, determined by:nnnqAdversary capabilitiesMaterial quantityMaterial qualityThieves will seek to observe, exploit security weaknesses12
Assessing the risk of sabotage at particularnuclear facilities25qRisk of a sabotage attempt at a particular facility ortransport:— Probability of sabotage attempt (unknown, presumably reduced bystronger security measures)— Probability sabotage attempt would succeed, determined bynnnProbability distribution of adversary capabilitiesCapabilities security system can protect againstDifficulty of catastrophic sabotage (related to safety measures)— Consequences, determined by:nnnqQuantity of radioactivity presentPotential to mobilize, disperse the materialNearby populations, economic and other assetsSaboteurs will seek to observe, exploit security weaknessesComparing nuclear safety and nuclear securityrisks: the historical record26qU.S. safety goal: 1/10,000 per reactor-year chance ofmajor core damage; 1/100,000 chance of major release— Obviously haven’t met this goal so far— 4 reactors with major releases (Chernobyl and 3 at FukushimaDaichi) in 16,000 reactor-years of operation – 1/4,000 reactoryears— Other core damage events (TMI, Fermi I )— But goal remains valid – and given horrifying consequences, goal forpreventing nuclear terrorist attack should be more stringentqNuclear theft:— 300 global facilities with HEU or Pu -- 7,500 facility-years overlast 25 years— 20 seizures of stolen HEU or Pu in that time (some from same theft)— 1/400 per facility-year— Most from Russia (but almost most facilities there); several seizuresmay be from same theft – but still, shows rate far too high13
Comparing nuclear safety and nuclear securityrisks: the historical record (II)27qNuclear sabotage— During 16,000 reactor-years of operation:— 1 case in which insider placed explosives on steel pressure vesseland detonated them*— 1 case (very recent) in which insider sabotage destroyed reactorturbine— 1 case in which terrorists overwhelmed and captured the guardforce, were in full control for extended period before leaving whenoff-site response arrived*— 1 case of RPG being fired at, hitting reactor— Multiple cases of terrorist groups planning attacks on reactors— 1 major incident per 3-4,000 reactor-yearsBoth theft and sabotage risks appear to be very highcompared to safety goals*reactor not yet operationalAttack at Pelindaba, Nov. 8, 200728qqqSite with 100s of kilograms of highly enriched uranium (HEU)Attack by 2 teams of armed, well-trained men, fromopposite sides – evidence of insider helpOne team:– Penetrated 10,000-volt security fence– Disabled intrusion detectors– Went to emergency control center, shot a worker there, who raisedfirst alarm– Spent 45 minutes inside guarded perimeter – never engaged by sitesecurity forces– Left through same spot in fence – never caught or identifiedqqSouth Africa has since undertaken major nuclear securityupgrades, established regulatory design basis threatLesson: 2 teams of well-armed, well-trained intruders, withinsider help, attacking with no warning, is a credible threat14
Coping with creative, determined, evolvingadversaries29qqqNuclear security planning must consider the full spectrum ofplausible adversary capabilitiesAdversary capabilities and tactics evolve – DBT from 10years ago may not match today’s threatAdversaries may think of attack strategies the defendershave not considered, e.g.:— Deception (fake uniforms, IDs, paperwork )— Blocking response forces (e.g., mining the road)— Tunneling under or flying over defenses (routine in crimes worldwide)qSolutions:— Consider updating, expanding capabilities in Japan’s DBT— Assign creative team with “hacker” mentality to probe for weakpoints— Carry out realistic tests with unexpected adversary team tacticsBroad range of demonstrated adversarycapabilities and tactics: outsider threats30qLarge overt attack– e.g., Moscow theater, October 2002: 40 well-trained, suicidalterrorists, automatic weapons, RPGs, explosives, no warningqMultiple coordinated teams– e.g., 9/11/01 -- 4 teams, 4-5 participants each, well-trained,suicidal, from group with access to heavy weapons and explosives, 1 year intelligence collection and planning, striking without warningqUse of deception– Uniforms, IDs, forged documents to get past checkpoints, barriersqSignificant covert attackqUse of unusual vehicles or routes– e.g., Pelindaba attackers disabling intrusion detectors– e.g., arrival by sea or air– e.g., multiple cases of tunneling into bank vaults15
Broad range of demonstrated adversarycapabilities and tactics: insider threats31qMultiple insiders working togetherqOften including guards– Many cases of theft from guarded facilities worldwide– Most documented thefts of valuable items from guarded facilitiesinvolve insiders – guards among the most common insiders– Goloskokov: guards the most dangerous internal ed/bribery/corruptionIdeological persuasionBlackmailA trustworthy employee may not be trustworthy anymore if hisfamily’s lives are at riskThreats may come from abroad:the Vastbërga heist32qSeptember 2009, armed men steal millions from a cashdepot in Vastbërga, Sweden— Arrived in stolen helicopter— Had automatic weapons, custom-built explosives, custom-built ladders— Delayed police arrival with “caltrops” to puncture tires on nearbyroads, bag that looked like bomb at police heliport— Escaped with millions 30 minutes after the theft began— Eluded pursuit by abandoning helicopter, switching to unknown car— Gang was ex-paramilitary from Serbia – half a continent away16
Threats may come unexpectedly from within:Aum Shinrikyo33qqJapan has long seen itself as a very low-threat countryBut Aum Shinrikyo provides a counter-example— Aum had extensive effort to get nuclear weaponsnnPursued purchase from RussiaBought farm in Australia with U deposits, sought to mine and enrich its ownuranium— Also had extensive biological program, carried out multipleattempted anthrax attacks (may never have had a deadly strain)— Its nuclear, chemical, and biological efforts were unknown to allbefore its nerve gas attacks in 1995qOther threats could arise without warning – might focus morethan Aum on nuclear material within JapanA joint U.S.-RussianviewqqqFirst ever U.S.-Russian jointthreat assessmentConcludes the danger isreal, urgent action isneeded to reduce itEndorsed by broad rangeof retired military,intelligence tion/21087/3417
With nuclear material, terrorists may be ableto make crude nuclea
—Global Initiative, Proliferation Security Initiative 13 Opportunities for further nuclear security cooperation qU.S.-Pakistan nuclear security cooperation has already provided major benefits to U.S. and Pakistani security qExchanges of approaches, best practices to meet each of the nuclea
May 02, 2018 · D. Program Evaluation ͟The organization has provided a description of the framework for how each program will be evaluated. The framework should include all the elements below: ͟The evaluation methods are cost-effective for the organization ͟Quantitative and qualitative data is being collected (at Basics tier, data collection must have begun)
Silat is a combative art of self-defense and survival rooted from Matay archipelago. It was traced at thé early of Langkasuka Kingdom (2nd century CE) till thé reign of Melaka (Malaysia) Sultanate era (13th century). Silat has now evolved to become part of social culture and tradition with thé appearance of a fine physical and spiritual .
On an exceptional basis, Member States may request UNESCO to provide thé candidates with access to thé platform so they can complète thé form by themselves. Thèse requests must be addressed to esd rize unesco. or by 15 A ril 2021 UNESCO will provide thé nomineewith accessto thé platform via their émail address.
̶The leading indicator of employee engagement is based on the quality of the relationship between employee and supervisor Empower your managers! ̶Help them understand the impact on the organization ̶Share important changes, plan options, tasks, and deadlines ̶Provide key messages and talking points ̶Prepare them to answer employee questions
Dr. Sunita Bharatwal** Dr. Pawan Garga*** Abstract Customer satisfaction is derived from thè functionalities and values, a product or Service can provide. The current study aims to segregate thè dimensions of ordine Service quality and gather insights on its impact on web shopping. The trends of purchases have
Bruksanvisning för bilstereo . Bruksanvisning for bilstereo . Instrukcja obsługi samochodowego odtwarzacza stereo . Operating Instructions for Car Stereo . 610-104 . SV . Bruksanvisning i original
Chính Văn.- Còn đức Thế tôn thì tuệ giác cực kỳ trong sạch 8: hiện hành bất nhị 9, đạt đến vô tướng 10, đứng vào chỗ đứng của các đức Thế tôn 11, thể hiện tính bình đẳng của các Ngài, đến chỗ không còn chướng ngại 12, giáo pháp không thể khuynh đảo, tâm thức không bị cản trở, cái được
Glossary of Social Security Terms (Vietnamese) Term. Thuật ngữ. Giải thích. Application for a Social Security Card. Đơn xin cấp Thẻ Social Security. Mẫu đơn quý vị cần điền để xin số Social Security hoặc thẻ thay thế. Baptismal Certificate. Giấy chứng nhận rửa tội
