By Prof. Natividad Carpintero-Santamaría, General Secretary of the Instituto de Fusión Nuclear “Guillermo Velarde”
Nuclear security is paramount for global security, and assessing its threats and risks is a unique challenge. Nuclear security procedures worldwide have been dramatically improved since the early 21st century and systematically implemented as technology evolves, and adversary tactics and capabilities change. However, there is not a single instrument that addresses nuclear security in a comprehensive way. Novel nuclear weapons development is emerging with advanced manufacturing; nuclear energy programs and nuclear technology are being developed around the world, increasing the necessity to strengthen safeguards; cyber threats and crypto-malware present unknown vulnerabilities, and terrorist organizations operate ubiquitously through global cyber networks.
Enhancing new paradigms in nuclear security has become a must. That implies innovating technologies and upgrading conservative security paradigms both in the area of management systems prioritizing security (training and qualification, visible security policy, interface with the regulator, etc.) and human behavior (motivation, vigilance, effective communications, teamwork, and cooperation, etc.).
Loss of control or theft of a nuclear weapon
Nuclear security requires an integrated security approach to face all contingencies that may arise within a prevention framework. Securing all weapons-usable nuclear materials – highly enriched uranium and weapons-usable plutonium – is of paramount importance. The more nuclear materials and sites, the bigger the exposure to risk or theft. The loss of control of nuclear weapons or their launching systems is a contingency that could occur, falling into the wrong hands, terrorists, etc. For decades, security mechanisms that activate nuclear bomb electronic systems are based on a code known as Permissive Action Links (PAL) that triggers the firing synchronism. PAL, which works through cryptographic codes, is designed differently for each group of nuclear weapons and would respond to different processes. It is perhaps the best-known system to prevent both accidental detonations and unauthorized use of nuclear weapons. Before the 1960s, PAL codes were composed of 5 digits. But since then, other categories – A, B, C, D, and F – were introduced in ascending order of security. Category D consists of a 6-digits code, raising to 12 in the case of category F. This enhances security in case of theft or sale of a nuclear device because, after a few attempts trying to activate it without knowing the PAL code, the electronic systems would self-destruct. However, with adequate technical means, nuclear material could be recovered.
For security reasons, the development of nuclear weapons has followed a conservative method, without rushing to incorporate information communication technology (ICT) systems, to avoid cybersecurity risks. Likewise, to prevent deliberate unauthorized use, the systems are based on multiple technical and administrative controls that configure the defense-in-depth of the weapons. The defense-in-depth is an efficient key security concept with complex methodology and composed of multiple and redundant hierarchical deployed layers of protection, providing effective prevention of a wide range of postulated incidents and accidents and mitigation of their consequences. The general objective of defense-in-depth is to ensure that a single failure, or a combination thereof, whether technical or human, at one level would not propagate to jeopardize subsequent levels. In the case of nuclear weapons, defense-in-depth is about maximizing control of their storage; limiting access to nuclear explosives and weapons components; limit the vulnerability of the explosive configuration during assembly, disassembly, and transportation; keep PAL at the highest level of security with a last-user configuration. Likewise, the systems have increased the safety of nuclear detonation based on the principles of isolation, incompatibility, and inoperability.
Initiative 3S: Safety, Security and Safeguards
Facing emerging risks and threats posed by the misuse of new tangible and non-tangible technologies makes it essential to update physical protection sites with nuclear and radioactive materials; human resource development; accounting, control, and registry of all materials, and nuclear emergency preparedness as part of a holistic prevention policy.
At the G8 summit held in Hokkaido, Japan in 2008, a new Initiative, 3S, was brought to the table. The 3S implies a synergic security interface that can be understood from an integrated view of safety (operating conditions and prevention of accidents or their mitigation to protect people and the environment from ionizing radiation), security (prevent, detect and/or respond to theft, sabotage, and other malicious acts involving nuclear and radioactive materials), and safeguards (avoid the use of nuclear technologies for military purposes in Non-Proliferation Treaty signatory countries).
At present, there is no unanimity on the best way to evaluate the proliferation resistance of an innovative nuclear energy system and fuel cycle. Since the 1980s, R&D projects based on probabilistic methods are being developed to determine diversion or misuse acts in the non-proliferation area. Japan has launched the Integrated Support Center for future advanced facilities with risk-oriented assessment methodologies. Mathematical models and incidence frequency are selected to classify the inherent nature among the 3S incidences to identify concepts, methods, and technologies in a holistic planning of safety, security, and safeguards.
As the use of nuclear power spreads globally, being the only source that can provide large-scale electricity with comparatively minimal impact to the environment, it becomes crucial to sustaining a secure regime in the multiple areas involved in export control, physical protection, and proliferation resistance.
New patterns in cybersecurity at nuclear power plants
A sophisticated and comprehensive security regime prevails at Nuclear Power Plants (NPPs). At current Instrumentation and Control Security (I&C) systems and Facility Networking Security (FNS) are being upgraded from obsolescent analog devices to digital ones to improve nuclear safety, nuclear security, and nuclear material accountancy and control function. However, this transition to digital systems and the complexity of interconnectivity entail increasing threat vectors that require critically reinforcing the prevention of cyberattacks and the mitigation of inadvertent digital failures in the defense-in-depth security. The International Atomic Energy Agency is bolstering policies against cyberattacks at NPPs, and several R&D technologies in cyber protection are being developed.These technologies are intended to analyze the severity of cyber events and differentiate private problems from what could be a problem of public concern. Among other R&D innovations, Sandia National Laboratories (New Mexico, USA) have developed the Integrated Cyber-Physical Impact Analysis and the Center for International and Security Studies (Maryland, USA) has developed the Effect-Centric Approach, Cyber Exploitation Index (CEI), and the Cyber Disruptive Index (CDI). The Nuclear Threat Initiative (NTI) has developed the Cyber-Nuclear Forum to strengthen the protection of civilian nuclear facilities from cyberattacks as a platform that supports cyber-nuclear experts from operational nuclear facilities to enhance global cyber-nuclear capacity.
Conclusion
Nuclear security works like a chain: any weakness endangers the whole structure. Several countries are launching new programs and regulatory bodies in emerging issues in nuclear security. Safety and security are reinforced with each other since they have the common purpose of protecting people, society, and the environment. On the other hand, the nuclear terrorism threat fostered R&D (as a whole) on the effects of radioactive fallout, nuclear forensics techniques, radiological detection systems, as well as neutrino and antineutrino detection systems. Enhancing nuclear security also entails one successful social nuclear culture that includes attitudes and behaviors of people, organizations, and institutions.
About the Author
Natividad Carpintero-Santamaria (PhD) is a Professor at the Department of Energy Engineering at the Polytechnic University of Madrid (UPM), Area of Nuclear Engineering. General Secretary of the Instituto de Fusión Nuclear “Guillermo Velarde”. Member of the Presidium of the European Academy of Sciences.
She is University Expert in Energy Markets and holds a Master’s in Criminology and Psychology of Terrorism, a Diploma in High Studies of Defense, and is a specialist in Prevention and Integral Personal Defense for Women. She is a collaborator in CBRN field research at the Spanish Centre for National Defense Studies (CESEDEN) and Civil Protection in the Ministry of Interior. She has been a member of the Consulting Board of the International Working Group of the G8 Global Partnership. She authored the book “The Atom Bomb: The Human Factor during Second War World” (Díaz de Santos, 2007) and co-edited with Guillermo Velarde the book “Inertial Confinement Nuclear Fusion: A Historical Approach by its Pioneers”. She has been granted with the Cross for Aeronautical Merit with White Distinctive; Cross for Military Merit with White Distinctive; Medal of the Polytechnic University of Madrid and the Medal of the European Academy of Sciences.
She has represented the Spanish Government in several meetings held at the International Atomic Energy Agency (IAEA).