From the Special International Workshop on Global Best Practices in Materials Accountancy, Control, held June 7 – 11, 2004, Prague, Czech Republic
NMPCA1. Establish a legal and regulatory framework.
Each state should establish a legislative/ regulatory framework to control, account for, and physically protect their nuclear material. The framework should determine program requirements, both general and specific, and include a system to evaluate and authorize (or license) private or other governmental bodies involved with nuclear materials. The framework should also include provisions for development, implementation, and maintenance of a design basis threat (DBT). The state system should verify compliance with requirements and effectiveness against the established DBT, and there must be a means to enforce these requirements that includes fines and effective sanctions.
NMPCA2. Establish an independent, competent authority.
Each state should establish a competent authority that is responsible for overseeing the legislative/regulatory framework, and ensure it is given the adequate authority and financial and human resources to fulfill its responsibilities. The state should take steps to ensure that the competent authority is independent of (not subject to) undue influence by any other body in charge of the promotion or utilization of nuclear energy for civilian or military purposes.
NMPCA3. Ensure effective program administration at nuclear material sites.
Program administration, implemented by nuclear material sites, should ensure that their program addresses critical functions, establishes appropriate authorities and responsibilities, supports the nuclear material missions of the state, and facilitates integration with other programs such as operations and health and safety. It should also address strategic planning for new systems and technologies, as well as changes in facility designs. Program administration should provide training to those who perform control and accounting and physical protection functions and use employee feedback to strengthen system performance. The program should be designed to engender a high level of nuclear security culture.
NMPCA4. Use a “graded” approach to implement requirements.
Each facility or site should use a graded approach to implement its control and accounting, and physical protection requirements – providing scrutiny and protection as needed depending on a range of factors. The graded approach should take into account the current evaluation of the threat, the relative attractiveness and nature of the material, and the potential consequences associated with the unauthorized removal of nuclear material and sabotage of nuclear facilities or nuclear material. The degree of nuclear material protection, control, and accountability implemented should increase in parallel with the risk and consequences of failure.
The state regulatory body should be responsible for grading material attractiveness and evaluating the threat in order to determine the corresponding appropriate level of protection. Ideally, it will take international views and practices into account. Nuclear material should be graded by their strategic importance. For example, the IAEA guidance document on “The Physical Protection of Nuclear Materials and Nuclear Facilities”, INFCIRC/225/Rev.4, assigns nuclear materials to different categories ranging from I to III depending on the amount of material in question and how useful that material would be in making weapons or an improvised nuclear device. The material grading system should consider how much effort is required to convert the material into a weapons-usable form as well as self-protection characteristics, such as radioactivity, that make the material more difficult to handle.
NMPCA5. Instill a “ security culture” in all organizations with operational responsibility for nuclear facilities.
The effectiveness of an entire nuclear material protection, control, and accountability system (e.g., the design, operation, and maintenance of the hardware; the design and adherence to procedures) is critically dependent on human performance. It does not matter how effective the hardware and procedures are if guards turn off intrusion detectors because they become annoyed by repeated false alarms, or senior managers bypass the security system because of their stature within the organization, or staff do not bother to lock doors. A strong security culture is needed to ensure that the entire system functions as intended.
A good security culture must be founded on a healthy “respect for the threat.” All staff, from the senior leadership on down, must believe that there is a credible threat (potentially from both insiders and outsiders) and that the security measures will help mitigate that threat. Attitudes and beliefs cannot be shifted without a lot of explanation and discussion followed by action. The example of senior managers is particularly critical. The development and maintenance of a security culture requires a concerted effort by the whole state.
NMPCA6. Provide for quality assurance.
A quality assurance program should be implemented to provide confidence that specified requirements are satisfied. The quality assurance program should also ensure that the integrated system design is capable of providing sufficient information to correctly assess alarms, investigate anomalies, quantify and localize any losses, and report significant events. Moreover, the quality assurance program should be capable of identifying system improvements and specifying corrective actions.
The performance effectiveness of the detection, delay, and response elements of a physical protection system should be evaluated in relation to the DBT and the consequences associated with the loss of or damage to the target. This analysis ultimately determines the risk, which is the primary metric of acceptability of nuclear material security systems. If a risk level is judged too high, the nuclear facility should be required to take corrective action to bring it into the acceptable range or face a shutdown.
Continual testing and maintenance is required to ensure the values of detection probabilities, delay times, and response times remain as initially used in the analysis. Testing should identify weaknesses in the system, leading to the redesign of the system to correct for these vulnerabilities.
To evaluate the effectiveness of the nuclear material protection, control, and accountability program, assessments should be conducted at all levels—internal (both subject matter expert and management assessments) on an ongoing basis and external (conducted by the state authority) on a periodic basis.
The principle of quality assurance should also apply to policy. Requirements for material control and accountability and physical protection should be continually evaluated to determine if policy requirements are adequate to address a changing environment and if all the requirements are still necessary.
NMPCA7. Use international resources and work cooperatively.
States should avail themselves of international resources as needed, and other states should provide financial and expert help. International assistance can and should be provided in such a way as to accommodate the concerns of many states related to revealing information considered to have national security significance or sovereignty issues.
Bilateral arrangements in which one state provides direct assistance to another, such as the U.S.‑Russian arrangement, or other multilateral initiatives should be encouraged. The IAEA offers advisory services (for example, the International Physical Protection Advisory Service [IPPAS]), training, and other technical assistance to help countries improve their accounting and physical protection systems. Financial assistance should be found for those countries that enlist the help of an IAEA advisory team, but do not have the resources to implement IAEA recommendations. The June 2002 G-8 Global Partnership accord includes an offer to provide financial and technical assistance to other states in developing and maintaining security and accounting and control for all their nuclear materials.
International cooperation is particularly critical in the event a theft or act of sabotage does occur. States should immediately alert other states and the IAEA and exchange information that might help recover the material or mitigate the radiological consequences of sabotage.