Critical Infrastructure: Nuclear Reactors, Materials, and Waste Sector
KeywordsReactor security Nuclear materials
Nuclear reactors provide several key societal benefits – including electricity generation and industrial/medical isotope production – that need to be protected against malicious activities.
Therefore, to ensure these benefits are realized, facilities hosting these technologies fall under the purview of the US Department of Homeland Security’s Nuclear Reactors, Materials, and Waste Sector. Given that the natural and physical characteristics of nuclear materials pose unique – and potentially catastrophic – consequences, related security and emergency management responsibilities must mitigate such current threats as expanding terrorist capabilities, increasingly sophistical cyber actions, aging equipment (including power grids), and supply chain challenges.
a significant incident or failure…would likely result in extremely high economic costs, major onsite and/or offsite property damage, and evacuations…[as well as] long-term cleanup costs and economic damage to the local region. (DHS 2015, p. 9)
The rest of this paper describes efforts at such protection by focusing on nuclear reactors as a use case. After briefly introducing the need for reactor security, unique challenges, key security concepts, and common themes between different approaches to reactor security are discussed. These challenges, concepts, and common themes are reflective of the larger Nuclear Reactors, Materials, and Waste Sector and aid in protecting this critical infrastructure.
What and Why of Reactor Security
Nuclear reactors generate these aforementioned benefits by using the energy released during the rapid and exponentially increasing collisions of atomic and subatomic particles known as nuclear fission. The process of fission has two major products. The first is a large amount of thermal energy, or heat – captured from the fission of nuclear materials (Nuclear materials is a term designated for elements capable of sustaining fission in a controlled chain reaction and is commonly known to consist of uranium, plutonium, and thorium) – that is converted into electricity or used in desalination. The second product results from the change in the atomic structure of the materials that undergo fission – which is how the various radionuclides that support medical and industrial needs are generated.
Two major categories of nuclear reactors manipulate nuclear fission to different ends. The first is known as power reactors and is primarily used to generate electricity or for desalination for societal consumption. For example, the United States has 99 operating nuclear power reactors that account for approximately 20% of its domestic electricity production (DHS 2015). Similarly, the International Atomic Energy Agency’s (IAEA) Power Reactor Information System (PRIS) reports 450 nuclear power reactors internationally that account for approximately 11% of global electricity production, with the highest nuclear energy-based electricity production of over 70% in France (International Atomic Energy Agency 2018b). Through PRIS, the IAEA also reports more than 50 new nuclear power reactors in various stages of consideration or under construction – including in Belarus, China, Turkey, Russia, and the United Arab Emirates (International Atomic Energy Agency 2018b).
The second major category consists of research reactors that are smaller, produce less thermal power, and are used for a variety of purposes. According to the IAEA’s Research Reactor Database (RRDB), there are 225 research reactors worldwide, including 31 in the United States. Research reactors can be used for exploring new nuclear fuel cycles, neutron activation analysis, and educational purposes (International Atomic Energy Agency 2018a). These reactors are also commonly used to generate radioisotopes used in medical procedures, to include the need for strontium-89, palladium-107, iridium-192, and iodine-125 (or 131) in cancer treatments. In addition, these reactors produce the molybdenum-99 used in medical imaging devices. Research reactors are also used to generate isotopes for industrial uses, to include (but not limited to) iridium-192 and selenium-75 used in industrial radiography, as well as americium-241 for well-logging and commercial/residential smoke detectors. Research reactors are less technically complex than power reactors, require significantly less fuel to operate, use higher-enriched fuel than power reactors, and their designs avoid the high temperatures and pressures of electricity-generating reactors. Research reactors can exist in wide-ranging operational environments, including universities, medical facilities, and commercial campuses around the world (National Academy of Sciences 2016).
To ensure these societal benefits are enjoyed, the efforts to make nuclear reactors, materials, and waste secure and resilient must protect against “[any] deliberate act against a [nuclear reactor] that could directly or indirectly endanger public health and safety through exposure to radiation” (Holt and Andrews 2014). Such deliberate activities include sabotage (either by directly or indirectly adding energy to cause a radiological release), theft (removing materials to use in an off-site radiological release), and unanticipated reactor transients (causing operations to slow/stop and resulting in unacceptable consequences such as loss of profit or reputation) (Please see chapters “Threat Assessment,” or “Insider Threat,” for further discussion.).
2012: Activists entered two Swedish nuclear power plants without being stopped by guards, and four of them hid overnight on a reactor building roof (MacFarlene 2016).
2014: French nuclear power plants were plagued by unexplained drone overflights that challenged existing reactors security measures (Solodov et al. 2018).
2014: An unidentified adversary tampered with turbine lubricant at the Doel Nuclear Power Station in Belgium causing Unit 4 to shut down for 5 months (MacFarlene 2016).
2016: French investigators discovered video surveillance footage of a Doel Nuclear Power Station official in the home of one of the Paris terror attack suspects (MacFarlene 2016).
Natural disasters and extreme weather
Structural issues of specialized designs and components
An aging infrastructure and workforce
Supply chain disruptions
Nuclear material diversion or mishandling
designed to protect three primary areas of vulnerability: controls on the nuclear chain reaction, cooling systems that prevent hot nuclear fuel from melting even after the chain reaction has stopped, and storage facilities for highly radioactive spent nuclear fuel. (Holt and Andrews 2014, p. 1)
Unique Challenges Facing Nuclear Reactor Security
Yet, the special physical properties of nuclear reactors pose a set of additional – and unique – challenges for security and emergency management efforts. The first unique challenge in securing nuclear reactors is the danger related to radioactive materials (Radioactive materials can consist of several species of the same chemical element with different masses whose nuclei are unstable and dissipate excess energy by spontaneously emitting radiation in the form of alpha, beta, and gamma rays). To achieve their societal benefit, reactors use a subset of these radioactive materials capable of sustaining chain reactions to harness the energy released by fission. By-products of nuclear fission are atomic fragments with unstable nuclei, which is the physical phenomenon that makes them radioactive. Radioactive materials also carry particular, severe, and psychologically fear-inducing characteristics related to acute (e.g., radiation poisoning) and delayed (e.g., latent cancer) human health effects. Despite the fact that materials used in power reactors is not viable for military use, nuclear materials are often conflated with the danger associated with nuclear weapons (For further discussion please see chapter “Human-Made Disasters: Nuclear and Radioactive Weapons Accidents.”). The dangers attributed to radioactive materials – both factual and perceived – create a higher standard for reactor security beyond that traditionally expected for other critical infrastructure.
These radioactive materials also need special handling equipment, rules, and processes to ensure that these materials – and the energy they produce – are used in a controlled manner. One example of special handling equipment are reactor cooling systems that consist of both active (e.g., using energy to dissipate heat in the reactor like forced flow cooling loops in nuclear power plants) and passive (e.g., allowing heat to dispel naturally as with cooling towers) mechanisms. Another example of special handling equipment relates to the need to store the highly radioactive nuclear fuel that has been used in a reactor. So-called spent nuclear fuel (in some arenas, this term is called “used nuclear fuel”) is most commonly stored in large pools of water or in large concrete casks. As indicated by Holt and Andrews (2014), in addition to the nuclear reactor itself, another challenge is that each of these pieces of special handling equipment also requires protection from malicious activities.
Nuclear reactors must also safely function in multifaceted operational environments and handle physical environments with extremely high temperatures and pressures. Nuclear reactors must also navigate long operational lifetimes (often 40–60 years for power reactors) with the industrial emphasis on safety, a significant emphasis on production, and where, according to one nuclear security expert, “every dollar that a facility manager spends on protection is a dollar not spent on revenue-generating production” (Bunn 2005). Operations at nuclear reactors must also survive under the scrutiny and influence of fluctuating public opinion over the correct balance between the societal benefits provided and risks (real and perceived) accepted. For power reactors, their infrastructure footprint and larger number of moving parts present a wider range of potential threats, while the large workforce also poses potential conflicts for security-related activities. For research reactors, their smaller infrastructure footprint and smaller number of moving parts present less of a range of potential threats, but their proximity to other operations can result in less control over access to the reactor or its special handling equipment – which represents a special set of potential challenges to reactor security. Each of these unique challenges are dimensions that must be accounted for when protecting nuclear reactors.
Reactor Security: Key Concepts
While the national-level competent security authority mandates the existence of these zones, the nuclear reactor facility is responsible to operationalize them with the proper security technologies and procedures. This is an example of the importance of clearly and effectively communicating and implementing the different security-related responsibilities between national-level and facility-level nuclear stakeholders.
The [nuclear reactor] sites are divided into three zones: an “owner controlled” buffer region, a “protected area,” and a “vital area.” Access to the protected area is restricted to a portion of plant employees and monitored visitors, with stringent access barriers. The vital area is further restricted, with additional barriers and access requirements. (Holt and Andrews 2014, p. 1)
The second key concept relates to preventive measures to protective nuclear reactor facilities. These measures seek to stop malicious activities to reactor facilities before undesired consequences are experienced (For further discussion, please see chapter “Physical Security: Methods (e.g., Crime Prevention Through Environmental Design/CPTED) and Practices (e.g., Surveillance)”). Some preventive measures seek to detect malicious activities in order to initiate a mitigation, or response, and can consist of such measures as video cameras, motion sensors, closed-circuit television systems, and human observation. Another type of preventive measure seeks to delay malicious activities through the use of physical barriers (e.g., bullet-resistant surfaces within the reactor facility) or administrative controls (e.g., access requirements into the reactor building). Preventive measures also include efforts to increase trustworthiness among facility personnel and can include (but are not limited to) background investigations, highly trained security officers, and programs that incentivize adhering to security procedures (For further discussion on detection, please see chapters “Intrusion Detection Systems,” “Physical Security: Interior Applications – Doors, Access Control,” or “Physical Security: Video Surveillance, Equipment and Training”. For further discussion on delay, please see chapter “Physical Security: Exterior Application: Perimeter Controls (Bollards, Fencing, Lighting).”).
Mitigation measures – the third key concept – seek to contain or reduce the severity of undesired consequences resulting from malicious activities (For further discussion, please see chapter “Emergency Management: Concepts and Definitions.”). For nuclear reactors, the primary mitigation for suppressing such consequences is the containment structures (meter-thick steel-reinforced concrete) enveloping the reactors. Similarly, reactor facilities have safety systems in place for quickly stopping the nuclear chain reaction occurring in the reactor. In this case, the control room for reactor operations – more specifically, the ability to drop control rods into the reactor or to flood the reactor core – represents another mitigation measure. Additionally, the existence of different “security zones” represents yet another mitigation measure by increasing the distance between the results of a malicious activity against the reactor and subsequent dangers to the public.
Common Themes and Guiding Principles
Despite the lack of global standards (MacFarlane 2016), there are common themes and lessons to be learned from various applications of these key concepts that can serve a strong foundation for reactor security. First, nuclear reactors face a unique set of challenges to effective security above and beyond those traditionally associated with other types of critical infrastructure. Second, effective reactor security is predicated on the combination of strong regulatory standards at the state level, performance requirements established by the competent security authority, and implementation of related technological and procedural measures at the facility level. Third, reactor security must be effectively coordinated across facility operations and properly employed for sustained long-term success.
In addition, strong reactor security can be built using a few long-established guiding principles supported by both international best practices – including from the IAEA’s Nuclear Security Series (International Atomic Energy Agency 2017b) and the World Institute for Nuclear Security’s Best Practice Guides (2018) – and US-based documents (e.g., US Nuclear Regulatory Commission (2017) and US Department of Homeland Security (2015) regulations and reports). First, the safety principle of defense-in-depth describes the benefits of creating multiple, concentric layers of protection measures around nuclear reactors can enhance robustness reliability and resiliency of security performance. Second, the principle of balanced protection describes the importance of equivalence between protection measures that compose a security layer. Moreover, this second principle describes the importance of removing as many “weakest links” as possible – ensuring that similar access controls are in place at the main facility entrance and the loading dock, for example.
Third, the principle of taking a graded approach to reactor security describes how the selection and implementation of both technological and administrative protection measures are scaled to align with the operations of the nuclear facility – nuclear power plants need a larger security infrastructure than research reactor facilities, for example. Fourth, the guiding principle for reactor security to be risk-based describes how decisions related to the selection and implementation of protection measures are quantitatively mapped to clearly define undesired consequences and the current understanding of potential malicious activities against the facility.
Establishing robust collaboration/communication channels and protocols
Identifying sector-specific threats and vulnerabilities to enable a risk-informed approach
Developing programs and measures to cost-effectively reduce physical/cyber risks
Supporting planning and risk mitigation for coordinated response and rapid recovery
Promoting continuous learning and adaptation to reduce nuclear risks
Taken together, leveraging these common themes and guiding principles can enable strong and sustainable security and emergency management efforts not just for nuclear reactor facilities but also for the larger set of nuclear-related pieces of critical infrastructure. More specifically, reactor security helps support the DHS nuclear sector vision to “support national security, public health and safety, economic stability by enhancing…the security and resilience of the Nuclear Sector in an all-hazards environment” (DHS 2015, p. 30).
- Bunn, M. (2005). Incentives for nuclear security. In Proceedings of the 46th annual meeting of the institute of nuclear materials management (INMM). Phoenix: INMM.Google Scholar
- Holt, M., & Andrews, A. (2014). Nuclear power plant security & vulnerabilities, Congressional Research Service, Report for Congress RL34331.Google Scholar
- International Atomic Energy Agency. (2017a). Member States’ competent authorities. https://nucleus.iaea.org/RRDB/RR/ReactorSearch.aspx.
- International Atomic Energy Agency. (2017b). Nuclear security series. https://www.iaea.org/resources/nuclear-security-series.
- International Atomic Energy Agency. (2018a). Research reactor database. https://nucleus.iaea.org/RRDB/RR/ReactorSearch.aspx.
- International Atomic Energy Agency. (2018b). The database on nuclear power reactors. IAEA’s Power Reactor Information System. https://pris.iaea.org/PRIS/home.aspx.
- MacFarlane, A. (2016). “How to Protect Nuclear Plants from Terrorists” U.S. News & World Report, April 13. https://www.usnews.com/news/articles/2016-04-13/how-to-protect-nuclear-plants-from-terrorists.
- National Academies of Sciences. (2016). Chapter 3: Research reactors and their uses. In Reducing the use of highly enriched uranium in civilian research reactors. Washington, DC: The National Academies Press.Google Scholar
- U.S. Department of Homeland Security. (2015). Nuclear reactors, materials, and waste sector-specific plan: An Annex to the NIPP 2013. https://www.dhs.gov/sites/default/files/publications/nipp-ssp-nuclear-2015-508.pdf.
- U.S. Nuclear Regulatory Commission. (2017). Physical protection. https://www.nrc.gov/security/domestic/phys-protect.html.
- World Institute for Nuclear Security. (2018). Category: Best practice Guides. https://www.iaea.org/resources/nuclear-security-series.
- Behrens, C., & Holt, M. (2005). Nuclear power plants: Vulnerability to terrorists. Congressional Research Service, Report for Congress RS21131.Google Scholar
- International Atomic Energy Agency. (2011). Nuclear security recommendations on physical protection of nuclear material and nuclear facilities (INFCIRC/225/Revision 5). Vienna: International Atomic Energy Agency.Google Scholar
- U.S. Code of Federal Regulations. (2017). Part 73 – Physical Protection of Plants and Materials (10 C.F.R. 73).Google Scholar