Technical Meeting on Radiation Safety in Industrial Radiography:

Session on Safety-Security Interface

Revision of NSS No. 11 - Security of Radioactive Sources

Christina GeorgeDivision of Nuclear Security

Safety-Security Interface

• Safety-security interface is particularly relevant in applications involving users of portable or mobile sources

• Industrial radiography is an application where the authorized person typically bears responsibility for safety and security

• Knowledge of safety standards and security recommendations/guidance is extremely important

2

IAEA Guidance for Regulations

• IAEA Security of Radioactive Sources Implementing Guide (Nuclear Security Series No. 11) provides guidance to States on developing regulations for the security of radioactive sources

• This recommended approach is summarized in the following slides

3

Three Step Process in NSS No. 11

• Establish graded security levels with corresponding Goals and Objectives for each security level

• Specify the security level applicable to given sources

• Select and implement a regulatory approach: prescriptive, performance-based, or combined

4

Step 1: Establish Graded Security Levels

• NSS No. 11 recommends the following security levels and associated Goals:• Security Level A: prevent unauthorized removal of a

source (timely detection and response)• Security Level B: minimize the likelihood of

unauthorized removal of a source (immediate detection of the unauthorized removal, but not requiring a response to interrupt the act)

• Security Level C: reduce the likelihood of unauthorized removal of a source

5

Step 1: Establish Graded Security Levels

• NSS No. 11 further recommends establishing a set of Security Objectives

• For each of the security functions: Detection, Delay, Response, and Security Management

• For each Security Level A, B, and C

• These Objectives state the desired outcome from the combination of measures applied to meet the objective

• For example, the Delay Objective for Security Level A is: provide delay after detection sufficient to enable response personnel to interrupt the unauthorized removal

• The complete set of recommended Security Objectives for each security level is in Table 2 of NSS No. 11

6

NSS No. 11, Table 2

7

Security LevelsGoals

Objectives for meeting each goal with respect to

• Detection• Delay• Response• Security

Management

Step 2: Specify the Security Level Applicable to Given Sources

• The security level for a given source should correspond to the potential harm the source could cause if used in a malicious act

• A starting point is the categorization system used in the Code of Conduct from RS-G-1.9

• The Guide notes that as a default arrangement, the regulatory body could use these categories to assign the security level applicable to a given source, as set forth in Table 5 of NSS No. 11

8

NSS No. 11, Table 5

9

Step 2: Specify the Security Level Applicable to Given Sources

• NSS No. 11 further recommends that the regulatory body pay special attention to the following factors when assigning security levels to radioactive sources:

• Attractiveness (e.g., chemical and physical form, nature of radioactive emissions, ease of handling, collocation, perceived economic value)

• Sources in temporary storage

• Vulnerability and threat level

• Mobile, portable, and remote sources

• These considerations could lead to adjustment of the assignment of sources to security levels in Table 5

10

Step 3: Select and Implement a Regulatory Approach

• NSS No. 11 explains that there are three alternative approaches for directing operators how to demonstrate they meet the Security Objectives• Prescriptive approach• Performance-based

approach• Combined approach

11

Step 3: Select and Implement a Regulatory Approach: Prescriptive Approach

• Regulatory body establishes specific required security measures for each security level

• NSS No. 11 provides recommendations for such required measures using a prescriptive approach in Tables 6, 7, and 8

• Provides simplicity in implementation for both the regulatory body and operator

• Limited flexibility to address actual, non-standard situations

12

NSS No. 11, Table 6, 1 of 2

13

Security Function Security Objective Security Measures

Detect

Provide immediate detection of any unauthorized access to the secured area/source location.

Electronic intrusion detection system and/or continuous surveillance by operator personnel.

Provide immediate detection of any attempted unauthorized removal of the source, including by an insider.

Electronic tamper detection equipment and/or continuous surveillance by operator personnel.

Provide immediate assessment of detection.

Remote monitoring of CCTV or assessment by operator / response personnel.

Provide immediate communication to response personnel.

Rapid, dependable, diverse means of communication such as phones, cell phones, pagers, radios.

Provide a means to detect loss through verification.

Daily checking through physical checks, CCTV, tamper indicating devices, etc.

Delay Provide delay after detection sufficient for response personnel to interrupt the unauthorized removal.

System of at least two layers of barriers (e.g. walls, cages) which together provide delay sufficient to enable response personnel to interdict.

Response Provide immediate response to assessed alarm with sufficient resources to interrupt and prevent the unauthorized removal.

Capability for immediate response with size, equipment, and training to interdict.

NSS No. 11, Table 6, 2 of 2

14

Security Function Security Objective Security Measures

Security Management

Provide access controls to source location that effectively restrict access to authorized persons only.

Identification and verification, for example, lock controlled by swipe card reader and personal identification number, or key and key control.

Ensure trustworthiness of authorized individuals.

Background checks for all personnel authorized for unescorted access to the source location and for access to sensitive information.

Identify and protect sensitive information.

Procedures to identify sensitive information and protect it from unauthorized disclosure.

Provide a security plan. A security plan which conforms to regulatory requirements and provides for response to increased threat levels.

Ensure a capability to manage security events covered by security contingency plans.

Procedures for responding to security-related scenarios.

Establish security event reporting system.

Procedures for timely reporting of security events.

Step 3: Select and Implement a Regulatory Approach: Performance-Based Approach

• Regulatory body establishes a required level of security system performance against the threat for each security level (such as the recommended goals in NSS No. 11)

• Operator designs a security system that provides that level of performance defined by the regulatory body

• Allows each operator to address their own circumstances• Potentially more cost-effective for the operator than the

prescriptive approach• Requires both regulatory body and operator to have

relatively high levels of security expertise

15

Step 3: Select and Implement a Regulatory Approach: Combined Approach

• Includes elements drawn from both prescriptive and performance based approaches

• Allows regulatory body greatest flexibility• For example, the regulatory body might apply

performance-based approaches for higher activity sources and a prescriptive approach for lower activity sources

16

Illustrative Security Measures

Security Regulations 17

Revision of NSS 11

• Priority for 2014 –Security of Radioactive Material in Use and Storage and of Associated Facilities• In May 2013, the NSGC took the decision that the

Secretariat should “develop a DPP for the review and revision of NSS 11. The new DPP should extend the scope to all radioactive material…”

• Intended to be the single implementing guide for RAM in use and storage, and to provide more practical guidance on implementation of NSS 11

• Consistent with guidance development for nuclear material and nuclear facilities

18

Revision of NSS 11 – Where are we?

1. Document Structure• Developed using the structure of NSS 14

– Section 1 – Background, Purpose, Scope, Structure– Section 2 – Objectives of a State’s Nuclear Security Regime– Section 3 – Elements of a State’s Nuclear Security Regime

» Elaborates on State, Regulatory Body and Operator functions, security concepts and functions, but at a high level

– Section 4 – Detailed guidance on recommendations, keeping to the structure of NSS 14 with the contents of NSS 11 plus new guidance

– New Section 5 – To contain the details of the prescriptive regulatory approach

– Appendices being reviewed for content, to be bolstered or removed

19

Revision of NSS 11 – Where are we?

2. Document Contents• Elaboration on elements of a State’s nuclear security

regime; • Incorporation of guidance from various cross-cutting

guides including IG for NSS 13, Sustaining a NS Regime;• Guidance on the DBT or “Alternative Threat Statement”

process and output in Section 3, followed by detailed guidance on how to use the results of the DBT/ATS in Section 4;

• More explanatory guidance and examples of application of D-values and categorization to all radioactive materialEmphasis on adjustment of security levels and resulting security measures based on considerations such as sources in storage, vulnerability and threat level; mobility/portability and remote sources with examples

20

Revision of NSS 11 – Where are we?

2. Document Contents (cont’d)• More detailed guidance from draft guide on security

management and security to be included, with contents of a security plan in appendix

• Input on computer security in the context of radioactive material and associated facilities – high level guidance, plus security measures as part of regulatory requirements?

21

Revision of NSS 11 – Where are we?

3. Document Development• CM1 – Feb 2014 – Agreement on scope issues;

assignment analyses, chapters/sections to working groups or individuals

• Sub-working group meeting on security-based categorization – March 2014

• CM2 – April 2014 – Presentation of WG findings and agreement on way forward, detailed review of draft to date; group work on document structure; identification of topics to be developed

• Home-based assignments May-July; update to NSGC in June

• CM3 –25-29 Aug 2014 to review consolidated draft

22

Revision of NSS 11 – Where are we going?

Document Development (cont’d)• Sep-Oct 2014 – Secretariat review of first draft• Nov 2014 – First draft for circulation• Q1-2015 – TM to obtain feedback from Member States on

draft• Q1-2015 - Disposition of all MS comments; submission to

Coordination Committee• Q2 - 2015 - Consideration of draft by the NSGC for

approval to proceed to 120 day Member State review

Publication process to follow!

23

Transport Security

• NSS No. 11 provides guidance only for security of radioactive sources in use and storage

• Regulations for security of sources in transport can be based guidance on NSS No.9

24

In Summary

• NSS No. 11 recommends a three-step process for developing a regulatory framework

• The assignment of security levels for radioactive material should be adjusted depending on specific considerations Particular attention should be paid to portable and mobile sources given the increased likelihood of loss or theft.

• Revision of NSS 11 is intended to provide more detailed guidance and examples for users on how to implement the three-step process

25

26

Thank you !

c.george@iaea.org or ext. 26633

For more information, see:

https://nusec.iaea.org/portal/UserGroups/RadioactiveMaterial/tabid/922/Default.aspx

Nuclear Security Recommendations

NSS No. 14 Nuclear Security Recommendations on Radioactive Material and Associated Facilities• Defines the main elements of a States

security regime;• Provides broad security recommendations

for the State, for facilities, for transport:

Security Regulations 27

Security System

A security system is the integration of people, procedures, and equipment for the protection of radioactive sources against theft, sabotage, or other malicious acts.

Security Regulations 28

Security Objective: Prevent Theft and Sabotage

• Deter the adversary• Implement a security system which adversaries

perceive as too difficult to defeat• Problem: deterrence is impossible to measure

• Defeat the adversary with security system• Functions required: detection, delay, response• Actions of response force prevent adversary

from accomplishing his goal

Security Regulations 29

Graded Approach

• The graded approach ensures that the highest consequence sources receive the greatest degree of physical protection

• Graded approach is based on:• Evaluation of threat• Relative attractiveness• Nature of the source• Potential consequences of malicious acts

Security Regulations 30