The All-Too-Human Reason Nuclear Material Isn’t Secure Enough

Signs warn against trespassing onto the Y-12 National Security Complex in Oak Ridge, Tenn., on Friday, Aug. 17, 2012.

Erik Schelzig/AP

AA Font size + Print

Signs warn against trespassing onto the Y-12 National Security Complex in Oak Ridge, Tenn., on Friday, Aug. 17, 2012.

Every facility that holds it is vulnerable to security complacency.

“We are improving security at our nuclear facilities,” President Obama told the 2012 Seoul Nuclear Security Summit. Four months later, an 82-year-old nun and two other senior citizens broke into the complex at Oak Ridge, Tennessee, where the United States stores most of its weapons-grade uranium.

They cut through four fences, set off sensors and alarms, hammered on the outside of the storage building, and defaced it with paint and human blood. They remained on the site for over an hour before a guard finally arrested them.

The security failures revealed by Sister Megan Rice at the Y-12 National Security Complex were legion, rooted in complacency and poor training. Management tolerated high false-alarm rates, leading guards to ignore the warnings. Workers dismissed the pounding on the building as unscheduled maintenance. Guards violated communications and weapons-handling procedures when making the arrests.

Norman Augustine, who reviewed the incident for the Secretary of Energy, found “a pervasive culture of tolerating the intolerable and accepting the unacceptable.” Worst of all, government managers in Washington had no idea how bad things had become, and only later realized that the incident raised “important questions about the security of Category I [nuclear weapons-usable] material across the Department of Energy complex” (emphasis added).

The failures at Y-12 have been corrected, but the complacency that caused them persists. There is no reason to believe that it is limited to one facility or one country. Every state or facility housing nuclear material is vulnerable to security complacency.

It’s natural. Most guards will never see a real nuclear security incident in their professional lifetimes, let alone a terrorist attack. Realistic exercises are difficult to stage without risking deaths. Absent intervention, this can lead to continual dis-improvement in the security culture.

As one official explained, “We have been running a system a certain way for such a long time and not really thinking about whether it was working or not.”

How can we defeat complacency? First, we must have a culture committed to continuous improvement, instead of tolerating continuous dis-improvement. Responsibility for security should not be limited to the guard force. Every person working in a facility with nuclear material must be committed to ensuring it is invulnerable to theft. General Eugene Habiger, who headed security for the Department of Energy, said, “Good security is 20% equipment and 80% people.”

Second, if people are to create an excellent security culture, they must be trained and certified as competent. At the 2014 Nuclear Security Summit, 35 leaders pledged to “ensure that management and personnel with accountability for nuclear security are demonstrably competent.” All the attending industry leaders also committed to “ensuring that all personnel with accountabilities for security are demonstrably competent by establishing appropriate standards for selection, training, and certification of staff.”

Unfortunately, while more than 200,000 people around the world have some accountability for the security of nuclear or radiological material, only about half of them report having an opportunity for professional development.

To fill this gap, in 2015 the World Institute for Nuclear Security (WINS) launched a virtual academy offering online training and proctored tests leading to certification of professional competency. The academy provides strategic approaches to security management, not site-specific security measures that would need to be kept secret. To date, 650 participants from over 70 countries have taken courses, with 167 graduates earning 277 certificates related to their specific areas of responsibility. These include radioactive materials management or security for scientists, engineers and technicians.

The WINS Academy supplements the courses with workshops and best-practice guides that WINS also produces, and together these efforts are making a difference. In surveys over the past five years, over 95% of WINS members and workshop participants reported  they had modified their approaches to security because of WINS. Applied to the thousands of members and participants, this represents a significant and tangible improvement in security.

Moreover, these efforts encourage and support a growing international program to develop training through the International Atomic Energy Agency and national nuclear security training centers.

At the upcoming and likely final Nuclear Security Summit in Washington at the end of this month, world leaders will be looking for ways to consolidate the good work they have done over the past six years. One important way is to commit to sustaining and expanding professional training and certification for those accountable for the security of nuclear material. Only well-trained and competent people can defeat complacency.

This post is part of a series published by Carnegie Corporation of New York about issues related to the 2016 Nuclear Security Summit in Washington, D.C., on March 31-April 1 to address the threat of nuclear terrorism. Visit Carnegie.org and join the conversation on Twitter at @CarnegieCorp, #NGOsummit, and #NSS2016. The views expressed above are the author’s own. 

Close [ x ] More from DefenseOne
 
 

Thank you for subscribing to newsletters from DefenseOne.com.
We think these reports might interest you:

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • GBC Issue Brief: Supply Chain Insecurity

    Federal organizations rely on state-of-the-art IT tools and systems to deliver services efficiently and effectively, and it takes a vast ecosystem of organizations, individuals, information, and resources to successfully deliver these products. This issue brief discusses the current threats to the vulnerable supply chain - and how agencies can prevent these threats to produce a more secure IT supply chain process.

    Download
  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Information Operations: Retaking the High Ground

    Today's threats are fluent in rapidly evolving areas of the Internet, especially social media. Learn how military organizations can secure an advantage in this developing arena.

    Download

When you download a report, your information may be shared with the underwriters of that document.