How to protect nuclear plants from terrorists

Temelin nuclear power plant, Czech Republic. IAEA/Flickr, CC BY-SA

In the wake of terrorist attacks in Brussels, Paris, Istanbul, Ankara and elsewhere, nations are rethinking many aspects of domestic security.

Nuclear plants, as experts have long known, are potential targets for terrorists, either for sabotage or efforts to steal nuclear materials.

Currently there are 444 nuclear power plants operating in 30 countries around the world and 243 smaller research reactors, which are used to produce isotopes for medical uses and to train nuclear engineers. The nuclear industry also includes hundreds of plants that enrich uranium and fabricate fuel for reactors. Some of these facilities contain materials terrorists could use to build a nuclear or “dirty” bomb. Alternatively, power plants could be “hijacked” to create an accident of the sort experienced at Chernobyl and Fukushima, sending clouds of radioactivity over hundreds of miles.

At last month’s Nuclear Security Summit in Washington, D.C., representatives from 52 countries pledged to continue improving their nuclear security and adopted action plans to work together and through international agencies.

But significant countries like Russia and Pakistan are not participating. And many in Europe are just beginning to consider physical security measures. From my perspective as a former nuclear regulator and now as director of the Center for International Science and Technology Policy at George Washington University, it is clear that nuclear plants are vulnerable to terrorist attacks.

Physical and cyber threats

It is not news that security is weak at many civilian nuclear power and research facilities.

In October 2012, Greenpeace activists entered two nuclear power plants in Sweden by breaking open a gate and scaling fences without being stopped by guards. Four of them hid overnight on a roof at one reactor before surrendering the next morning.

Just this year, Sweden’s nuclear regulatory agency adopted a requirement for armed guards and additional security measures at the plants. However, these upgrades do not have to be in place until early 2017.

In 2014 French nuclear plants were plagued by unexplained drone overflights. And Greenpeace activists broke into the Fessenheim nuclear plant near the German border and hung a large banner from the reactor building.

In light of the recent Brussels attacks, reports from Belgium are more alarming. In 2012 two employees at the country’s Doel nuclear power station left Belgium to fight in Syria. In 2014 an unidentified saboteur tampered with lubricant in the turbine at the same reactor, causing the plant to shut down for five months. And earlier this year authorities investigating the Paris attacks discovered video surveillance footage of a Belgian nuclear official in the home of one of the Paris suspects.

One has to assume that potential attackers may understand how the sites and materials can be used.

Given the heightened state of alert in Europe, governments should, I believe, immediately increase security at civilian nuclear facilities. They could emulate the United States, where security at nuclear facilities has substantially increased since the September 11, 2001 terrorist attacks.

American role model

U.S. nuclear power plants now are some of the most well-guarded facilities in the world.

The U.S. Nuclear Regulatory Commission (NRC) regulates both safety and security at nuclear power plants. After 9/11, these sites were required to add multiple layers of protection, with the cores of reactors (where the fuel is located) the most highly defended areas.

Hand scanner at U.S. nuclear plant. U.S. Nuclear Regulatory Commission/Flickr, CC BY

Up to one-third of the workforce at many U.S. nuclear plants now is security-related. Many nuclear utilities used to hire contract security forces; now guards at many of these plants are employed directly by plant owners and have opportunities to move to other jobs at their sites, increasing employee satisfaction and improving performance.

NRC regulations require U.S. nuclear plants to hold regular drills in which well-trained former military units attack the plants with up-to-date materials and techniques. NRC observers evaluate these exercises, and facility owners face stiff penalties for failure.

The United States has also adopted regulations to ensure cybersecurity at reactors. As new, entirely digital reactors come online, such measures will be more necessary than ever.

The successful 2010 Stuxnet attack, for example, in which a computer worm infiltrated computers at Iranian nuclear facilities and caused machines to malfunction, showed how vulnerable unprotected computer networks can be.

Improving security worldwide

There are no global standards for physical protection at civilian nuclear facilities. Each country adopts its own laws and regulations dictating what nuclear site owners are required to do to protect plants from attack.

As a result, measures at plants can vary widely, with some countries depending on the local police force for protection and leaving guards unarmed. Often the level of security depends on cultural norms and attitudes, but the recent attacks in Europe suggest a rapid adjustment is needed.

Here are steps that, in my view, all countries can take to make nuclear plants more secure.

One priority is to provide enough funds to the International Atomic Energy Agency (IAEA), which has recently elevated its physical security section to assist member countries looking for ways to protect their nuclear plants more effectively. Since 2010 the agency has trained more than 10,000 people in nuclear security, including police and border guards. It also tracks illicit trafficking and other activities involving nuclear material, and has recorded nearly 3,000 such events since 1995.

Countries that have nuclear power plants or research reactors understandably tend not to spotlight the challenges of protecting these sites. But we know from instances like the ones cited above that they exist. In many countries nuclear regulatory agencies oversee safety but not security. Each of these nations needs to empower an independent regulator to enforce new requirements and inspect security at nuclear sites. Most importantly, security forces at nuclear facilities should be required to practice attack scenarios regularly under the gaze of independent observers.

IAEA Director General Yukiya Amano visits the Barakah nuclear plant construction site in the United Arab Emirates, 2013. IAEA/Wikimedia, CC BY-SA

Countries such as the United States that already have solid physical security requirements for nuclear facilities can help.

Nuclear regulators from all countries meet regularly and could easily share information and train their counterparts on plant physical security. In December 2012, for example, the U.S. NRC organized the first-ever International Regulators Conference on Nuclear Security. No other government has offered to head up a follow-on meeting since then.

And countries with existing reactors aren’t the only problem. At least 60 countries have expressed a desire to acquire nuclear power. The United Arab Emirates is in the process of constructing four reactors. Turkey and Vietnam have made deals with the Russian manufacturer, Rosatom, in which construction, financing, operation, even waste disposal, will be handled solely by the Russians. Many of these “emergent” countries do not regularly attend Convention on Nuclear Safety peer review meetings at the International Atomic Energy Agency. Without a security regime in place, how can we expect them to do any better than the existing plants?

To prevent an attack at a nuclear site, governments must take security at nuclear sites seriously now, not a year from now.

In light of the current terrorist threat and with four Nuclear Security Summits completed, countries with nuclear plants need to up their game with regards to physical security at nuclear power facilities before it’s too late.