INMM

International Best Practices in Nuclear Security Risk Management

 From the Workshop on International Best Practices in Nuclear Security Risk Management, Washington, DC USA, held May 2007

Some degree of risk is associated with all human endeavors and this certainly includes nuclear material activities. Responsible stewardship of nuclear materials requires risk management. Risk management should be considered as the highest level of nuclear materials management.

These best practices were identified, discussed, and documented at a workshop on international best practices in nuclear security risk management held in Washington, DC, in May 2007. This workshop was conducted in partnership by three INMM entities: the Government-Industry Liaison Committee, the Physical Protection Technical Division, and the Materials Control and Accountability Technical Division. Participants came from four States with large nuclear programs and represented government agencies and regulators, licensees and operators, commercial industry, national laboratories, and academia.

These nuclear security risk management international best practices are presented as a standalone set. They are consistent with the other best practices published on the INMM webpage but they have not been collated or combined. This may be considered for future versions.  

Best practices in risk management:

  • Risk management in itself is a best practice in nuclear security. Risk management recognizes that not all variables in nuclear security risk can be addressed in an absolute manner. Decisions need to be made on the implementation of all aspects related to security for a nuclear facility using a broad, systems approach. These decisions need to be made in an informed and balanced manner.
  • The fundamental principle of risk management is informed decision making. The risk acceptance official should have all pertinent information available and have the ability to balance security needs with other factors to include mission, operations, and safety.
  • Because of the complexity of the information involved in security risk management, risk acceptance decisions should be kept to the lowest levels possible.
  • Line management at all levels needs to be involved in the development of security policy and implementation.
  • Policy should provide fundamental objectives of a security program and should be "risk-informed."
  • Policy should undergo a quality assurance check to ensure that it is still relevant and comprehensive.
  • Implementation should be performance- vice prescriptive-based and designed through a systems approach.
  • The security of the system, not just the security system, should be considered in the design and implementation of the system.
  • The nuclear security system should be optimized across the entire program and take into consideration the entire life cycle of the program.
  • When all technologies, strategies, and tools have been employed to balance security, mission, and operation then another opportunity for risk mitigation is to address the consequences of an attack.
  • Technologies that render the material unusable in the event of an attack should be considered.
  • Emergency preparedness is the key to mitigating the consequences of a nuclear terrorist attack. The security community should establish and maintain upfront coordination with emergency preparedness officials.
  • Peer reviews conducted within an appropriate, need-to-know-based community can be valuable in identifying best practices and lessons learned.
  • Best practices and lessons learned should be documented and shared to the extent practicable so that the entire community may benefit.

Best practices in Design Basis Threat (DBT):

  • Establishing a "Design Basis Threat" policy is a best practice. This policy provides a baseline against which all subject to the policy must design systems and implement strategies capable of providing appropriate protection.
  • The DBT should be informed by intelligence; to include local, regional, national, and international.
  • The DBT should be graded in accordance to the relative attractiveness of the target and the consequence of its loss.
  • The DBT should include the number, characteristics, and capabilities of the adversary/adversaries.
  • The DBT should be reviewed periodically and updated upon new intelligence.
  • Consider evaluating the likelihood of attack vice assuming the absolute occurrence of an attack.

Best practices for design of PPS:

  • Protection systems should be designed using a systems approach
  • Consolidate materials to decrease the number of target locations and focus security systems and protective force deployment.
  • Incorporate intrinsic security features into the design of new facilities.
  • Implement defense in depth security; layers of security that are redundant and have non-common mode failure.
  • Technology for detection deployed further out from the target can allow for more practical and cost-effective response times.
  • Consider low tech/low cost alternatives for delay.
  • Balance technology deployment with protective force personnel.
  • Use technology as a force multiplier; unattended technologies can be useful in preventing casualties to protective force personnel while interrupting and neutralizing the adversary.
  • Users should work with technology developers and deployers to ensure technology is installed and performing its intended function in a sustainable manner.
  • Technology developers and users should exchange information on user needs and technology opportunities on a regular basis.

Best practices for performance testing:

  • Performance testing is integral to determining the effectiveness of both a component of a system and the entire system.
  • To the extent possible and within safety considerations, performance testing should be realistic.
  • Recognizing that testing an entire system may be too cost-prohibitive, there is good information to be gained in testing individual components.
  • Through an analytical process, facilities should determine which system elements are critical to the overall protection system and focus their performance testing efforts on those critical system elements.
  • Data obtained from performance testing should be in used in vulnerability analyses to determine the overall system effectiveness for the physical protection system.
  • Simulation and modeling tools can be used to supplement operational performance testing data.

Best practices for vulnerability analysis:

  • The use of a vulnerability analysis to understand the threat and its effect on the facility and using that knowledge to estimate overall system effectiveness and identify areas for improvement is a best practice.
  • Vulnerability analyses should incorporate empirical data to the extent possible: data from the operational environment and performance testing.
  • All subjective information used in the vulnerability analysis should be supported by subject matter experts and fully documented.
  • There are many different tools for vulnerability analyses; the capabilities and limitations of the different tools should be examined in order to determine which tool addresses user needs.
  • Simulation tools can be used to provide data for the vulnerability analysis process.
  • Vulnerability analyses should use current data and be updated with new data as it becomes available to ensure that the analysis reflects the operational environment.
  • Consider the use of a combination of non-standard and traditional sources as input to the risk effectiveness equation. For example, plausibility/belief models can be used for the probability of attack source term that allows linguistic representation and probabilistic models for the security system effectiveness and consequence mitigation
  • Determine if and how management and operations can be included into the system effectiveness model.
  • Determine the system effectiveness of the materials control and accountability program as one way to provide an estimate of the insider protection system performance.
  • There are many different tools that can model and identify the effects of explosives on the site and the protection system. These tools can be used to identify standoff distances and the need for exclusion areas for large vehicles.