Memorandum by Dr David Lowry, Environmental
Policy and Research Consultant, Stoneleigh Surrey
NUCLEAR'S INHERENT INSECURITIES
The first section of the submission attempts
to provide some answers to question asking what "particular
considerations that should apply to nuclear" new build, and
concentrates on an aspect of security of supply that has not been
given any public emphasis by the Government: the insecurities
inherent in creating nuclear explosive materials as part of a
fuel cycle to generate electricity.
A second, very much shorter section, makes comment
on the second question on the "implications of increasing
dependence on gas imports."
"The safety and security of nuclear activities
around the globe remain a key factor for the future of nuclear
technology||||.. The IAEA [also] has strengthened its co-operation
on nuclear security issues with other international organisations,
including the UN and its specialised agencies, Interpol, Europol,
the Universal Postal Union and the European Commission."
Statement to the 58th Regular Session of the
United Nations General Assembly by IAEA Director General Dr Mohamed
ElBaradei, 3 November 2003
It is unsurprising the importance credited to
nuclear safety by Dr ElBaredei in the above quotation. What is
new and important is the coupling of safety with security.
In his speech, he went on to emphasize:
"In light of the increasing threat of proliferation,
both by States and by terrorists, one idea that may now be worth
serious consideration is the advisability of limiting the processing
of weapon-usable material (separated plutonium and high enriched
uranium) in civilian nuclear programmesas well as the production
of new material through reprocessing and enrichmentby agreeing
to restrict these operations exclusively to facilities under multinational
It is arguable that this is a remarkable statement
coming from the director of the United Nations' agency charged
with the promotion of the nuclear industry. But when we consider
he made this comment barely two years after the terrorist attacks
of 9/11 in the United States, it becomes more explicable.
Dr ElBaredei further pointed out that:
"One convention that has gained increased
attention recently is the 1979 Convention on the Physical Protection
of Nuclear Material (CPPNM). In the past two years, 20 additional
States have become party to the Convention, reflecting the importance
of the international nuclear security regime."
As a result of several terrorist events in Britain
in 2005, thankfully none involving radioactive materials, along
with both Government ministers producing anti-terrorist initiatives,
and Parliament debating their pros and cons, such as the Anti-Terrorism
Act, this year has seen terrorism rise to and remain at or near
the top of the public and political agenda.
The context was set in Madrid on 10 March 2005
when UN Secretary-General Kofi Annan told an international conference
of some 400 anti-terror expertsmeeting to mark the first
anniversary of Madrid's own major terror attack on its suburban
rail system a year earlierthat terrorists must be denied
the means to carry out a devastating nuclear attack.
In urging UN member states to adopt the international
convention on nuclear terrorism, Mr Annan made this blunt statement.
"Nuclear terrorism is still often treated
as science fictionI wish it were."
"But unfortunately we live in a world of
excess hazardous materials and abundant technological know-how,
in which some terrorists clearly state their intention to inflict
catastrophic casualties." he said.
"Were such an attack to occur," he
added "it would not only cause widespread death and destruction,
but would stagger the world economy and thrust tens of millions
of people into dire poverty."
In the same month of March 2005but only
made public six months later (see: "Pentagon Revises Nuclear
Strike Plan: Strategy Includes Pre-emptive Use Against Banned
Weapons," by Walter Pincus, Washington Post 11 September
2005) an internal paper* prepared for the Pentagon's Joint
Chief of Staff argues for consideration of the use of nuclear
weapons against an enemy that is using, or "is about to use",
nuclear or other WMD against US military forces or the civilian
population of the United States. If put into practice, this strategy
would significantly both raise the nuclear stakes, and lower the
[*US Doctrine for Joint Nuclear Operations:
These high social stakes underline the importance
of the need to ensure the best possible security applied to nuclear
installations and materials.
Exactly a year ago (16-18 March 2005), the World's
nuclear watchdog, the United Nations' International Atomic Energy
Agency (IAEA) held a timely international conference in London,
co-hosted by the UK Government, on "Nuclear Security: Global
Directions for the Future."
It was the culmination of over three years planning,
as immediately after the terrorist events of "9/11"
in the United States in September 2001, the IAEA General Conferencewhich
always meets annually in Vienna in Septemberrequested a
review of the Agency's activities relevant to preventing nuclear
The first day of the Nuclear Security Conference
reviewed the achievements and shortcomings of international efforts
to strengthen nuclear security; the second day explored how the
international nuclear security regime is adapting to new measuresand
the IAEA role in underpinning them; the third day focussed upon
how the international community can reach a common understanding
to better respond to the global threat of nuclear terror, detect
and prevent it.
Richard Wright, the UK representative on the
IAEA Board of Governors, summed the perceived situation after
three days of intensive exploration by technical experts and decision-makers
with words "Nuclear terrorism is one of the greatest threats
The full findings of the conference are available
on the IAEA web site (www.iaea.org/NewsCenter/News/PDF/conffindings0305.pdf);
here I highlight some of the more pertinent of them.
"Priorities for strengthening nuclear security
include continued efforts to enhance the prevention of terrorist
acts; the physical protection and accountability of nuclear and
other radioactive material in nuclear and non-nuclear use, in
storage and transport, throughout the life cycle, in a comprehensive
and coherent manner. A graded approach should continue be used
under which more stringent controls are applied for material or
activities that pose the highest risk; for example, particular
attention should be given to high enriched uranium or plutonium."
"The fundamental principles of nuclear security
include embedding a nuclear security culture throughout the organizations
involved. By the coherent implementation of a nuclear security
culture, staff remain vigilant of the need to maintain a high
level of security. The long-term sustainability of nuclear security
efforts is a primary concern. The investments made in States,
through their own efforts and through assistance programmes, must
be sustained in order to continue to upgrade or maintain an adequate
level of security. While the level of threat may change from time
to time, an effective level of nuclear security must be appropriately
This is clearly true. Later in this submission
we demonstrate how, in certain regard, these principles are not
being adequately met in UK practice.
A few months after the March meeting, hundreds
of delegates from some 80 countries attended an IAEA conference
in Vienna 4-8 July to consider and adopt amendments to the international
Convention on the Physical Protection of Nuclear Material, which
is a complementary regime to that controlling nuclear terrorist
The international nuclear watchdog is determined
to keep vigilant, because its leadership and membership is all
too aware of the negative implications for the nuclear generation
industry were either a terrorist ( or less likely, a wartime)
attack to take place anywhere in the world against a nuclear power
plant or nuclear installation, or illicitly obtained nuclear material
be used in a so-called "dirty radiological bomb" in
a dense urban area.
Here is a horrifying scenario painted recently
by the sober finance sector magazine, Business Week, to
mark the fourth anniversary of "9/11"
"At 8:30 am on a Tuesday morning, as commuters
converge on Manhattan, an al Qaeda operative explodes a dirty
bomb outside the New York Stock Exchange. The device, while not
especially powerful, contains a radioactive payloadin this
case, caesium extracted from radiological equipment that was stolen
from a New Jersey hospital by a sleeper working there as a lab
The initial blast kills only a few dozen people,
but radiation is quickly dispersed by the prevailing winds. Minutes
after the explosion, New York City Police officers arrivestill
unaware of the real nature of the blast. But when a radiation
detector in one officer's car goes wild, it becomes clear that
a dirty bomb has detonated in the financial center of America's
Word of the explosion reverberates throughout
New York. Many residents panicdespite assurances from the
mayor and police chief that contamination levels would exceed
government limits only in about 40 city blocks. And by 3 pm, half
of Manhattan has tried to leave, clogging trains, highways, and
Six months later, the financial district remains
largely off-limits, and the local economy is limping along amid
a cratering of business confidence, the collapse of the tourism
industry, and a property market in free fall. Economists put the
eventual economic losses at an astronomical $1 trillion . . ."
["New York Takes Another HitIt has
been readying itself for a dirty bomb since 9/11, but . . .
Business Week. 19 September 2005 http://www.businessweek.com/magazine/content/05_38/b39
The Business Week "dirty bomb" scenario
uses nuclear material stolen from a hospital, but there is real
concern such material could be illicitly obtained from commercial
nuclear power installations, as UN Secretary General Kofi Annan
highlighted before the Clinton Global Initiative, which ran contemporaneously
(14-16 September 2005) with the UN World Summit, the dangers
that proliferation posed, in giving terrorists opportunities to
steal nuclear products that they could use to make so-called "dirty"
bombs, which would combine radioactive material with conventional
explosives in order to make bombs that could spread harmful radioactivity
over a wide area.
He re-inforced these concerns in his address
to open the 60th General Assembly of the United Nations on 17
September 2005, when he insisted: "we face growing risks
of proliferation and catastrophic terrorism . . ." www.un.org/webcast/ga/60/statements/sg050917eng.pdf
So, for New York, read Paris, Tokyo, Moscow,
London, Manchester, Glasgow, Birmingham or any other major urban
I make the observation with consternation there
is an apparent disconnect between the justifiable international
concern over security threats posed by the insecurities of commercial
nuclear energy sector, and the promotion of an expanded nuclear
sector by the very authorities warning of the risk! It is indeed
peculiar that just as policy makers were starting to face up to
the real insecurities posed by existing nuclear plants and fuel
cycle installationsand the transports between themat
the London and Madrid conferences, the IAEA announced at the start
of March 2005 that there were: "Rising Expectations for Nuclear
Electricity Production" in an official IAEA statement, issued
in conjunction with publication of its Nuclear Technology ReviewUpdate
2005, which said:
"The IAEA forecasts stronger growth in countries
relying on nuclear power, projecting at least 60 more plants will
come online over the next 15 years to help meet global electricity
But the "Faustian bargain" infamously
spoken of by former Oak Ridge National Laboratory Director Dr
Alvin Weinberg in 1972 still exists. The spread of nuclear energy
leads to the greater potential for the spread of nuclear weapons.
The international spread of nuclear power technology,
and its concomitant spread of nuclear materials, was no accident:
it was heavily promoted under the US export technology transfer
initiative for "Atoms for Peace", set out in a path-breaking
address to the UN General Assembly by President Dwight D Eisenhower
on 8 December 1953.
In his address, in which he presaged the IAEA,
"My recital of atomic danger and power is
necessarily stated in United States terms, for these are the only
incontrovertible facts that I know. I need hardly point out to
this Assembly, however, that this subject is global, not merely
national in character.
". . . So my country's purpose is to help
us move out of the dark chamber of horrors into the light, to
find a way by which the minds of men, the hopes of men, the souls
of men every where, can move forward toward peace and happiness
and well being.
"Who can doubt, if the entire body of the
world's scientists and engineers had adequate amounts of fissionable
material with which to test and develop their ideas, that this
capability would rapidly be transformed into universal, efficient,
and economic usage."
Part of the Milestone Document Series published by the National
Archives & Records Administration)
Nearly 50 years later we witnessed the near
inevitable outcome of this policy of nuclear promotion: a country
whose director of nuclear affairs deliberately and covertly proliferated
nuclear technology. This is the notorious story of Abdul Qadeer
"AQ" Khan, of Pakistan.
The current US President, George W Bush was
forced to admit the danger in a chilling speech he made on nuclear
proliferation and materials controls at Fort Lesley J McNairNational
Defense University, in Washington, DC in February 2004:
"In recent years, another path of proliferation
has become clear, as well", said the President. "America
and other nations are learning more about black-market operatives
who deal in equipment and expertise related to weapons of mass
destruction. These dealers are motivated by greed, or fanaticism,
or both," Mr Bush warned. They find eager customers in outlaw
regimes, which pay millions for the parts and plans they need
to speed up their weapons programs. And with deadly technology
and expertise going on the market, there's the terrible possibility
that terrorists groups could obtain the ultimate weapons they
After detailing Khan's relations with his business
partner in proliferation, B.S.A. Tahir, based in Dubai, Bush explained
his new Proliferation Security Initiative (PSI), developed
together with Australia, France and Germany, Italy and Japan,
the Netherlands, Poland, Portugal, Spain and the UK designed to
intercept and interdict lethal nuclear (and other dangerous)
materials in transit.
Then he proposed to that the work of the PSI
be expanded to address more than shipments and transfers to "take
direct action against proliferation networks."
He announced the US would:
"help nations end the use of weapons-grade
uranium in research reactors," and urged "more nations
to contribute to these efforts."
He then pronounced:
"The nations of the world must do all we
can to secure and eliminate nuclear and chemical and biological
and radiological materials."
Some may regard that as an admirable aspiration;
we regard it as both practical and necessary.
The President finished by asserting:
"Enrichment and reprocessing are not necessary
for nations seeking to harness nuclear energy for peaceful purposes."
Developments in Iran have since served to strengthen
this. On security grounds alone, many, as I do, would concur.
A few months later, (on 21 June 2004) in a Keynote
Address, Dr ElBaradei told a Carnegie Peace Foundation International
Non-Proliferation Conference held in Washington DC that:
"Nuclear components designed in one country
could be manufactured in another, shipped through a third (which
may have appeared to be a legitimate user), assembled in a fourth,
and designated for eventual turnkey use in a fifth. The fact that
so many companies and individuals could be involved is extremely
worrying. And the fact that, in most cases, this could occur apparently
without the knowledge of their own governments, clearly points
to the inadequacy of national systems of oversight for sensitive
equipment and technology."
He concluded "The present system of nuclear
export controls is clearly deficient."
He then argued "First, we must tighten
controls over the export of sensitive nuclear material and technology
. . . Second, it is time that we revisit the availability and
adequacy of controls provided over sensitive portions of the nuclear
fuel cycle under the current non-proliferation regime . . . We
should consider limitations on the production of new nuclear material
through reprocessing and enrichment . . . considerable advantagesin
safety, security and non-proliferationwould be gained from
international cooperation in the front and the back end of the
nuclear fuel cycle. Third, we should work to help countries stop
using weapon-usable material (separated plutonium and high enriched
uraniumHEU) in their civilian nuclear programmes . . ."
"Fourth, we should eliminate the weapon-usable
nuclear material now in existence.
Within a week, (on 30 June 2004) Dr ElBaredei's
predecessor as IAEA director General Blix called for agreement
on an international treaty to ban the production of weapons-grade
nuclear material and prevent the spread of weapons of mass destruction.
Commenting on the 15-nation WMD Commission in Vienna, which he
chairs, Dr Blix said:
"But there's also a very widespread and
strong feeling on my commission that one must move on with a treaty
that will prohibit all states involved from producing highly enriched
uranium or plutonium, both substances that can be used in nuclear
In a Financial Times Op-Ed article on
2 February 2005titled "Curbing the Nuclear Threat"Dr
ElBaredei said nations should now seriously consider a five-year
moratorium on building new facilities for uranium enrichment and
plutonium separation. "There is no compelling reason for
building more of these proliferation-sensitive facilities, the
nuclear industry already has more than enough capacity to fuel
its power plants and research facilities," he said.
One of the key events at the United Nations
Global summit, 14-16 September last year, was to open for signature
the Convention for the Suppression of Acts of Nuclear Terrorism,
which emerged form the first Millennium Summit in 2000, and was
adopted by the UN General Assembly on 13 April 2005. The nuclear
terrorism treaty, which strengthens the global legal framework
to combat the scourge, requires the extradition or prosecution
of those implicated and encourages the exchange of information
and inter-state cooperation, gained it first signatories in Russian
President Vladimir Putin, US President George W Bush, and French
Prime Minister Dominique de Villepin. It enters into force thirty
days after it is signed and ratified by at least 22 states.
In a related development at the United Nations,
the UK submitted a resolution, Number 1624, on 14 September 2005
to the Security Council calling for tougher controls on terrorism,
including nuclear threats. It stressed the Security Council "call
upon all States to become party, as a matter of urgency, to the
international counter-terrorism Conventions and Protocols whether
or not they are party to regional Conventions on the matter, and
to give priority consideration to signing the International Convention
for the Suppression of Nuclear Terrorism. . ."
US President Bush pressed for the Security Council
to approve the resolution that called upon all nations to take
steps to end the incitement of terrorist acts, and to commit countries
to prosecute, and extradite, anyone seeking fissile materials
or the technology for nuclear devices.
In February last year, the Prime Minister's
Strategy Unit advised him in a report, Investing in PreventionAn
International Strategy to Manage Risks of Instability and Improve
Crisis Response, in a section on the threats from WMDs that:
"Dual use nuclear, chemical or biotech programmes,
which have both civilian and military applications, are a particular
concern because they are more difficult to detect. Leakage of
WMD technology, trafficking and further proliferation is facilitated
by systemic corruption, the presence of organised criminals and
terrorists, poor governance, lack of territorial control and state
failure, all of which are associated with instability." (www.strategy.gov.uk/downloads/work_areas/countries_at_risk/report/index.htm)
In a later section (6.8.3) on the "Proliferation
of Nuclear Technology", the Strategy Unit authors point out:
"On the one hand, developing or expanding
civil nuclear energy programmes is one option to meet increasing
demands for energy, diversify national energy portfolios, increase
energy security and reduce greenhouse gas emissions. On the other
hand, such technology can be used for weapons creation . . ."
and they add:
"The tension embodied in the verification
and peaceful use provisions of the Nuclear Non- Proliferation
Treaty (NPT) does not make for easy enforcement of its aims."
This is true, and the problem was highlighted
at the United Nations Global Summit in September 2005 by Mr Blair,
when he bluntly stated in presenting the UK counter-terrorism
"The United Nations must strengthen its
policy against non-proliferation; in particular, how to allow
nations to develop civil nuclear power but not nuclear weapons."
Aside from the grammatical infelicity, by which
the Prime Minister inadvertently appears to oppose non-proliferation,
in advocating a strengthened policy "against" it (!)
, his support for the development of civil nuclear technology
again demonstrates a long standing disconnect, which at once backs
commercial exploitation of nuclear energy while seeking to control
or indeed halt nuclear weapons proliferation.
These then are the current concerns in the international
community over nuclear terrorism and security threats. This submission
now turns to how these specifically apply to the UK.
For a very helpful recent analysis of the nuclear
security situation in the UK, I would direct the TISC to two reports
of the BNFL Stakeholder Dialogue (SHD), of which I was a participating
member on both firstly the Plutonium Working Group (PWG) and thereafter
the Security Working Group (SWG) respectively, over the past five
years. The final reports of both Working Groups may be accessed
via the web site of the SHD coordinators, The Environment Council,
(196 pages, published 31 March 2003)
(145 pages, Published 10 December 2004)
The report of the Security Working Group summarised
". . .purpose and hope [as] to contribute
to the improvement of the security of BNFL's plant and activities,
including in particular the transport of nuclear material, by
the production of a quality review, using stakeholder dialogue,
unique in this security context. The report is the fruit of rare
collaborative effort on the part of a number of individuals from
a variety of backgrounds with many differences in outlook. Notwithstanding
that such differences in view were so divergent that in some instances
they appeared to fully contradict each other, the group has produced
what it considers to be a constructive and forward looking contribution
to the manner in which security is provided for BNFL's activities."
The 60 recommendations generated by the group
were finally grouped in seven main categories as follows:
(1) Funding and resourcing security activities.
(2) Accountability and openness and transparency
(3) Establishing a mechanism for stakeholder
dialogue with regard to security issues.
(4) Governance and organisational arrangements
with respect to OCNS.
(5) Mechanism for assessing threats (Design
Basis Threat), the testing of security measures prescribed by
an assessment and forecast consequences of such threats if realised.
(6) Development and application of Security
Hazard Indicator for assessment of security impact of an activity
or evaluate the cost benefit of a proposed security measure.
(7) National arrangements which fall into
remit of government.
The Security Working Group collectively agreed
"The attitude of BNFL in undertaking to
implement, or to lobby for implementation of the recommendations
where they lay outside their power (except where it disagrees
significantly with the measure and in any such event to give reasons
for such disagreement), was helpful in creating trust and enabling
the process to move forward."
A number of differences on some security issues
which were addressed in the course of the study remain unresolved,
such as the manner of transportation of nuclear material, the
risks arising from the conduct of plutonium swaps and the degree
which sensitive information on nuclear materials should be made
available to the public.
The SWG report in particular canvassed the difficulty
of ensuring that existing licensed nuclear sites and installationsand
nuclear materials in-situ and in transitcan be properly
secured. This present submission examines further some of the
issues canvassed in the SHD Security Working Group report.
One issue looked at by the SHD SWG members
was that of the vetting of site operating personnel and drivers
of vehicles transporting nuclear materials between licensed nuclear
sites. It was argued by some participants that the competitive
contractorisation of the operational work of the Nuclear Decommissioning
Authority (NDA) will undermine the ability of the UK Government
specialist nuclear security controls quango, the Office of Civil
Nuclear Security (OCNS) to conduct proper vetting, as it will
increase the number and dispersal of those contractors needing
to be vetted.
Here are some observations in respect security
vetting from director of the OCNS in his 2004 annual report:
"Para 37. The vetting system works reasonably
effectively, although it is unavoidably intrusive, time-consuming
and labour-intensive. We advise foreign agencies that vetting
is an essential component in nuclear security arrangements, in
line with IAEA guidelines. There has been pressure in recent years
to cut back numbers being vetted, but the current terrorist threat
has brought about a prudent change of view.
"Para 38. It is sometimes claimed that a
single government vetting agency could achieve greater efficiency.
I doubt this. Our IOs are based close to nuclear sites. OCNS vetting
staff are familiar with conditions within the industry, the hazardous
nature of nuclear and radioactive material, and the work undertaken.
If these close links were ever broken, the discernment of those
undertaking interviews and record checks, and the understanding
informing the decision-making process, would be lost.
"Para 39. The policy and practice of national
security vetting gives full regard to the requirements of the
Data Protection Act, the Freedom of Information Act, the Human
Rights Act, race relations and other relevant legislation. Where
appropriate, vetting information is exempt from disclosure. However,
we are encountering some reluctance by employers and others interviewed
to provide candid references. Despite assurances to the contrary,
some worry that their identities might be disclosed on appeal
and their organisations sued for defamation. I have drawn the
issue to the attention of Cabinet Office officials. I have also
suggested that an interdepartmental committee of vetting authorities
should be re-established, to provide a forum for a regular exchange
of views and the formulation of advice for central government.
Companies with sensitive government contracts
(List X firms) already have such a body in the Defence Industries
Security Association (DISA)."
(The full OCNS third annual report is available
The Fourth Annual Report to the Energy Minister
from the Director of Civil Nuclear Security on "The State
of Security in the Civil Nuclear Industry," covering the
year to March 2005 was released in July 2005, and may be examined
The 2005 report informs the minister (para 14):
"As part of a continuing programme of work
since the terrorist attacks in the USA in September 2001, OCNS
is reviewing, with the Nuclear Installations Inspectorate (NII)
and the operators' own specialists, the security and safety measures
in place to protect Vital Areas at nuclear sites, including generating
stations. Vital Areas contain equipment, systems or devices, the
failure of which could have serious consequences for the secure
and safe operation of a nuclear site."
"The programme of work is making good progress
and has so far confirmed significant redundancy in all assessed
But on security vetting it states (para 16d):
"I require all individuals, both police
and industry employees, who have access to facilities holding
Category I nuclear material to be subject to Developed Vetting
(DV) security clearance. In order to maintain his operational
flexibility, the Chief Constable's Vetting Policy for the UKAEAC
demanded that all UKAEAC Officers should be DV, even though a
proportion did not come within my definition of requirement.
With the expansion of the UKAEAC/CNC through
Extended Deployment and in recognition both of the significant
costs of the DV process and of OCNS' finite resources available
for vetting, I welcome the Chief Constable's decision to modify
his policy to allow Officers not employed on Category I nuclear
sites or escort duties to be Security Cleared (SC), the level
below DV. This variation will achieve significant cost savings
for CNPA, ease the administrative burden for OCNS and make Officers
available for front line duty faster. I have matched the Chief
Constable's initiative with some well-defined guidance, giving
him a commitment to `fast-track' clearances to DV from SC should
operational circumstances dictate the need."
And adds at paragraphs 34-39:
"OCNS provides a personnel vetting
service which conforms to the requirements of Regulations 9, 17(3)
and 22(3) of NISR (Nuclear Installations Security Regulations)
03, and which is applied to all permanent employees and contractors
working in the civil nuclear industry. Clearances commensurate
with the level of access to nuclear material and sensitive nuclear
information are granted to individuals and such clearances conform
to national definitions, requirements and procedures.
OCNS revalidate clearances at regular intervals
according to the level granted and consider Appeals against decisions.
35. In the year 1 April 2004 to 31 March
2005, OCNS issued a total of 12,587 clearances, of which 11,447
were for individuals who had not been vetted previously and the
remaining 1,140 were revalidations. The vast majority of the RMB
5 July 2005 12 new cases, 10,112, were for the lowest level of
clearance, the Enhanced Basic Check (BC+), which allows unescorted
access to a site. The balance of 1,335 cases represents the higher
levels of clearance (Developed Vetting (DV), Security Check (SC)
and the Counter Terrorist Check (CTC)) which permit access to
sensitive areas of a site or access to more sensitive nuclear
information. The detail is shown at Table 1 below, which includes
totals recorded for 2002-03 and 2003-04 for comparison.
SECURITY VETTING CLEARANCES GRANTED
||New Cases ||
|Counter Terrorist Check||22
|Enhanced Basic Check||8,381
36. The figures confirm the trends identified in previous
years which show a steady annual increase in the numbers of individuals
requesting clearance. Although no one has been permitted to work
on a nuclear site without the appropriate clearance or escort,
absorbing the increase in tasking has been a significant challenge;
OCNS has had mixed success in meeting it. Against a background
of staff shortages created by retirements on the one hand and
a recruitment moratorium during a major DTI downsizing exercise
on the other, OCNS productivity has continued to improve from
an already high base as a result of better working practices and
a focused commitment by staff on the task. In spite of this, a
backlog of cases built up in the last two quarters of 2004 which
has yet to be addressed. At the end of the reporting period, the
backlog (including arrears in revalidation cases) stood at 666
DV, 687 SC and 1,600 BC+.
37. Details of the numbers of revalidation cases processed
in 2004-05 are shown in Table 2 with totals for 2002-03 and 2003-04
included for comparison.
REVALIDATION OF SECURITY VETTING CLEARANCES
|Developed Vetting (DV)||163
|Security Checks (SC)||51
|Counter Terrorist Checks (CTC)||0
|Enhanced Basic Checks (BC+)||2,552
* Figure reflects policy change to treat BC+ revalidations
as new cases.
38. Although the figures in Tables 1 and 2 demonstrate
the achievements of the OCNS Vetting Branch, one of my highest
priorities now is to clear the backlog of vetting cases. The practical
effect of the backlog on the industry amounts to delays in confirming
recruitment of prospective employees or engagement of contractors,
with the concomitant risk of losing them to other employment,
and additional costs accruing from the need to escort individuals
who do not hold the necessary clearance. In an industry where
margins are so tight, this is a burden which must be reduced.
39. I have recruited new staff to replace those who have
retired and they are now coming on line. We continue to question
how we manage the vetting process to identify further productivity
increases and indeed, during the first quarter of 2005, significant
efficiencies were achieved by treating BC+ revalidations as new
cases. I have also asked all those involved in the industry to
scrutinise carefully all vetting applications to ensure that clearances
appropriate to individual appointments are applied for. The Chief
Constable, UKAEAC's revision of his vetting policy (Subparagraph
16d above) is an example of best practice and I want to extend
such initiatives. However, anecdotal evidence suggests that operators
are requesting higher clearances than are strictly necessary,
and that contractors create headroom for themselves by asking
for more clearances than a project needs, and then employing individuals
whose clearances arrive first. The balance of what have become
unnecessary applications remain in the system, clogging it up
and compounding delays."
So, although overall the DG OCNS says he is satisfied, we
would highlight his comment below on the implications of backlogs
in vetting, that should be explored with him, particularly in
the context of both any new build programme, and the expansion
of between nuclear installations transports that will be inevitable
as the NDA begins to deliver its mission.
"The practical effect of the backlog on the industry
amounts to delays in confirming recruitment of prospective employees
or engagement of contractors, with the concomitant risk of losing
them to other employment, and additional costs accruing from the
need to escort individuals who do not hold the necessary clearance.
In an industry where margins are so tight, this is a burden which
must be reduced."
Security vetting concerns were confirmed when the then Cabinet
office minister, Douglas Alexander told the then Labour MP Llew
Smith in July 2004 in a written answer that:
"The most recent periodic review of the Government's
personnel security system recommended the creation of a new official
committee focussing on this area. That was accepted and that committee
will work to ensure the continued effectiveness of personnel security
policy and practice throughout Government, and in those organisations
with which Government works in partnership."
(Hansard, 21 July 2004 : Column 333W)
It is now known from papers released in February 2005, under
the Freedom of Information Act, that in the last year (2004-05)
the OCNS had over forty cases of potential security breaches under
the current nuclear site management arrangements. (see: www.dti.gov.uk/about/foi/documents/ocns.pdf).
The papers released under a FOIA request included the following
*OCNS carried out 129 pre-notified inspections in 2004. (These
include the pre-notified inspections covering the last quarter
of the FY 2003-04 cited in the last Annual Report);
*OCNS has carried out 15 no-notice inspections since September
That OCNS does not know how many security passes were
lost/stolen within the nuclear industry in the past year OCNS
states it is primarily interested in confirming that the sites
have an effective pass management system as part of their security
arrangements. This should include procedures for recording lost/stolen
passes, disabling their access where access is automated, and
periodic redesign and re-issue;
*OCNS does not expect to receive reports of individual alarms
etc where the cause has been investigated and assessed as benign.
Nor are companies required to report what are essentially maintenance
matters provided these have been dealt with promptly and have
not significantly downgraded overall security effectiveness. We
have interpreted your question broadly to mean anything out of
the ordinary that the Operators drew to our attention. Therefore,
not all of the incidents reported to us and noted here are of
equal seriousness. None of the incidents involved theft of nuclear
material or sabotage.
To address the question of what these involved, OCNS put
security incidents into three broad categories:
1. Incidents that were responded to because they could
indicate deliberate activity intended, for example, to steal property
(including nuclear material) or information, or commit sabotage.
The figures below subdivide this category into:
(a) incidents responded to immediately and resolved immediately;
(b) incidents responded to immediately and later resolved,
(c) incidents responded to immediately that were deliberate
attempts to by-pass security measures.
2. Security equipment or procedural failures identified
by normal management arrangements or by inspection/audit. Compensatory/corrective
measures were taken to ensure maintenance of overall security
3. Failure of security leading to unacceptable or undesirable
[The numbers and description are gathered together in Annex
1 to the FOIA release]
A key part of the OCNS mission is to identify and characterize
threats. This is how OCNS director highlights "Threat Assessments"
in the latest OCNS annual report:
"11. It is vital, given the potentially serious consequences
of any criminal or malevolent activity directed against civil
nuclear sites or material, or proliferation sensitive technology,
that security measures are designed to counter realistic threats.
Effort must not be wasted on ineffective security precautions.
Accurate, timely intelligence is essential. Information on the
methods, capabilities and intentions of terrorist groups and other
potential adversaries enables security measures to be put in rarely
specific enough to identify in advance when and where attacks
might take place, intelligence reporting often does indicate when
the threat has increased, to enable contingency measures to be
activated in response, such as extra patrols or searching. Intelligence
may also indicate when more labour-intensive security measures
can be scaled back, to avoid over-extending staff and undermining
12. I am pleased to record that the provision of intelligence
has improved markedly over the past six years. When I took over
as Director, little intelligence was received, due to DCNSy's
anomalous position within the UKAEA, as well as resource problems
inhibiting liaison. To begin with, I had to rely on personal contacts
to overcome these difficulties. The transfer to the Department
and the provision of additional staff has remedied these deficiencies.
We now receive all relevant intelligence, not just about nuclear,
radiological and related threats (CBRN), but also providing a
broader context. Most reports are sent to OCNS electronically
via an encrypted data link. We are consulted by the intelligence
agencies about our particular intelligence requirements and our
advice is sought about the interpretation to be drawn from raw
material. We are also able to provide digests and threat assessments
to the operating companies, based on this material, for circulation
to Board members, security managers, contractors and members of
13. The decision by the Government, which I mentioned
in last year's report, to establish the Joint Terrorism Analysis
Centre (JTAC)4 has, as expected, substantially enhanced the quality,
scope and focus of intelligence reporting on the terrorist threat.
JTAC has developed remarkably quickly into a most effective
organisation. I am a member of the JTAC Oversight Board and OCNS
functions as a participating organisation. As well as receiving
intelligence, we provide JTAC with insights into nuclear security
issues to aid reporting on these topics. This year, JTAC staff
have received briefings from OCNS and attended training courses
with managers from the operating companies. Visits to nuclear
sites are being arranged. However, to derive full advantage from
this link with JTAC, one of our two INFOSEC Inspectors is having
to devote much of his time to the work, reading and disseminating
material received and liaising with JTAC analysts based in London.
For this reason, we aim to recruit a third INFOSEC Inspector to
support both functions. Other, larger participating agencies provide
teams of analysts to JTAC on secondment.
14. I mentioned in my previous reports the procedures
we use to assess medium term security threats, incorporated in
a key planning document known as the Design Basis Threat (DBT).
The document is based on the intelligence we receive about the
motives, intentions and capabilities of terrorist groups and other
It is designed to provide a definitive statement of the possible
scale and methods of attack that could be faced at civil nuclear
sites, or when nuclear material is being transported. The DBT
also takes account of the availability of countermeasures and
contingency arrangements provided by the police, the MOD and other
agencies. It makes clear which forms of possible attack the nuclear
operating companies are expected to guard against, which types
of attack remain the responsibility of the Government and whether,
in the latter case, the companies are required to take mitigating
or preventative measures.
15. The DBT provides the basis for the design, implementation
and management of security measures by the civil nuclear companies.
It is also used by OCNS to develop or revise model security standards
and guidance, evaluate site, transport and computer security plans
prepared by the operators, and to monitor compliance. The companies
subject to regulation have supported this approach because it
provides a clear, rational basis for security planning, resource
management and quality control.
Furthermore, the approach is regarded by the IAEA as best
practice and has been adopted by other foreign regulatory authorities."
He ends stating:
"For security reasons, the DBT is classified SECRET and
no further details can be published."
A 140-page study prepared for MPs and Peers by the Parliamentary
Office of Science and Technology (POST), published in July 2004,
on "Assessing the risk of terrorist attacks on nuclear facilities,"
carries a short section (4.5) on the UK DBT. It states:
Official information on the potential scale and methods of
terrorist attack at civilian nuclear facilities is contained within
a document known as the Design Basis Threat (DBT) as recommended
by the IAEA (Box 3-2). The contents of the DBT, drawn up by OCNS,
are secret, although OCNS mentions two possibilities which are
now included: the possibility that terrorists might use vehicles
loaded with explosives to crash through perimeter defences,
and the threat that terrorists who were prepared to kill themselves
or risk discovery might attempt to penetrate into [certain
sensitive areas inside sites] to detonate explosives.61
The DBT makes clear which forms of possible attack the nuclear
operating companies are expected to guard against and which remain
the responsibility of the government, and whether, in the latter
case, companies are still required to take mitigating or preventative
measures.62 Different countries publish varying amounts of detail
about the Design Basis Threat. There is more publicly available
information on the US DBT than most other countries. Some of these
are listed in Box 4-1, to illustrate the kinds of attack contemplated
by authorities, although this provides no indication of the contents
of the UK DBT."
The POST report is an excellent overview, insufficiently
known to Parliamentarians. I would especially recommend TISC
invites its primary author, Dr Chandrika Nath, to provide oral
evidence to explain, and perhaps, update her findings.
It may also be instructive for TISC to look at how details
of the UK DBT are classified, or otherwise, elsewhere.
In the United States, following the terrorist events of September
11, 2001, a review of nuclear security was conducted by the regulatory
authorities. The following is part of the text of the Nuclear
Regulatory Commission (NRC) press release issued on September
21, 2001 under the headline:
"NRC REACTS TO
The press release said:
"In light of the recent terrorist attacks, U.S. Nuclear
Regulatory Commission officials and staff have been working around
the clock to ensure adequate protection of nuclear power plants
and nuclear fuel facilities. This has involved close coordination
with the Federal Bureau of Investigation, other intelligence and
law enforcement agencies, NRC licensees, and military, state and
Immediately after the attacks, the NRC advised nuclear power
plants to go to the highest level of security, which they promptly
did. The NRC has advised its licensees to maintain heightened
security. The agency continues to monitor the situation, and is
prepared to make any adjustments to security measures as may be
In view of the recent unprecedented events, Chairman Richard
A. Meserve, with the full support of the Commission, has directed
the staff to review the NRC's security regulations and procedures."
On 29 April 2003 the NRC announced changes being made in
the DBT. The text read in part:
"The NRC, after extensive deliberation and interaction
with stakeholders, has approved changes to the design basis threat
(DBT). The Commission believes that the DBT represents the largest
reasonable threat against which a regulated private guard force
should be expected to defend under existing law . . . In addition,
the Commission has approved the issuance of two other Orders to
nuclear plants . . . to further enhance protection of public health
and safety, as well as the common defense and security.
These Orders, in combination with the recently-issued Order
in the area of access authorization, enhance the already strong
defense capability at these sites using three interdependent elements
directed to best protect the public, with the appropriate resources
placed at the right places. These elements are:
The revised Design Basis Threat and associated defensive
capabilities derived from previous measures that the Commission
directed; tighter work hour control and more robust training requirements
for security personnel, to increase their capability to respond
to threats; and enhanced access authorization controls to ensure
all plant personnel with access to critical areas have had the
most rigorous background checks permitted by law.
The Order that imposes revisions to the Design Basis Threat
requires power plants to implement additional protective actions
to protect against sabotage by terrorists and other adversaries.
The details of the design basis threat are safeguards information
pursuant to Section 147 of the Atomic Energy Act and will not
be released to the public. This Order builds on the changes made
by the Commission's February 25, 2002 Order. The Commission believes
that this DBT represents the largest reasonable threat against
which a regulated private security force should be expected to
defend under existing law. (emphasis added) It was arrived at
after extensive deliberation and interaction with cleared stakeholders
from other Federal agencies, State governments and industry.
Under NRC regulations, power reactor licensees must ensure
that the physical protection plan for each site is designed and
implemented to provide high assurance in defending against the
DBT to ensure adequate protection of public health and safety
and common defense and security. Extensive changes in those physical
protection plans will now be made and submitted to NRC for approval.
The second Order describes additional measures related to
security force personnel fitness for duty and security force work
hours. It is to ensure that excessive work hours do not challenge
the ability of nuclear power plant security forces to remain vigilant
and effectively perform their duties in protecting the plants.
The NRC developed this unclassified Order through a public process.
The third Order describes additional requirements related
to the development and application of an enhanced training and
qualification program for armed security personnel at power reactor
facilities. These additional measures include security drills
and exercises appropriate for the protective strategies and capabilities
required to protect the nuclear power plants against sabotage
by an assaulting force. This Order requires more frequent firearms
training and qualification under a broader range of conditions
consistent with site-specific protective strategies. The details
of the enhanced training requirements are safeguards information,
and will not be released to the public. As with the DBT Order,
the Commission solicited comments on a draft training Order from
cleared stakeholders, including security personnel and took those
comments under consideration in reaching its final decision.
[As a matter of public fact, the Orders were challenged in
the United States Court of Appeals for the District of Columbia
Circuit by the NGO, Public Citizen, Inc., and San Luis Obispo
Mothers for Peace, in a suit brought on 30 June 2003. The full
text is on the NRC website at:
The disclosures over the sensitivities and changes in the
USfollowing its post "9/11" revieware
the subject of a special analysis by one of our authors, and are
appended as Annex 1 to this submission. This analysis clearly
demonstrates that a sensible, detailed discussion on the DBT can
be held in open session.
I would thus recommend TISC invites before them both the
director and deputy director of the OCNS to examine how they advise
decision makers and ministers on the comparative risk from the
hazards posed by breaches of security at nuclear installations.
It is hard to comprehend how the US Nuclear Regulatory Commission
has found it possiblepost 9/11in their country,
the United States, deeply wounded by the terrorist actions on
their own soil, to put the many details into the public domain
on changes in the US DBT that still remain classified, and hence
beyond independent critical appraisal, in the UK.
Some MPs have made efforts to discover the background to
the UK DBT. The then Energy minister Brian Wilson told MPs in
a written reply nearly four years ago:
"I cannot add to the information about the key planning
document known as the design basis threat (DBT) which the Director
of the Civil Nuclear Security referred to in his recent annual
report on the `State of Security in the Civil Nuclear Industry
and the Effectiveness of Security Regulation', placed in the Libraries
of the House on 11 June 2002. The assessment is classified and
no further details can be published. The Director of Civil Nuclear
Security assures himself that a site operator's ability to protect
against the DBT is adequate and is tested." (Official Report,
26 June 2002: Column 892W)
In July 2004, a question was put to the DTI energy minister
on the DBT, asking which organisations provided information used
by the Office for Civil Nuclear Security (OCNS) to construct its
design basis threat (DBT) for plants and operations of civil
nuclear companies; and whether the OCNS shares information on
the United Kingdom DBT with its United States counterpart?
The then Energy minister Stephen Timms replied:
"The Design Basis Threat is a planning tool that draws
principally on assessments produced by the Security Service and
the Joint Terrorism Analysis Centre (JTAC), of which OCNS is a
member. OCNS discusses the processes involved in the production
and use of a Design Basis Threat with many member states of the
International Atomic Energy Agency, including the United States,
but does not exchange analyses or conclusions that are protectively
marked." (Official Report, 16 July 2004: Column 1383W)
This is a matter we would recommend is explored further by
BNFL MUF PROBLEM HIGHLIGHTS
Another issue that is central to nuclear materials security
is how reliable is the accountancy procedure?
In February 2005 BNFL admitted that nearly 30 kilogrammes
of plutonium remained "unaccounted for" in its annual
nuclear materials stocktake. The Times newspaper reported
it as its front page lead story.
The Whitehaven News, Sellafield's local newspaper,
in its 24 February 2005 edition reported a BNFL spokesperson as
saying that, in fact, the IAEA sets standards on these uncertainties
"at 1% of the total Sellafield throughput but the latest
figures represent only around 0.5% of this."
BNFL had issued a statement on 17 February which boldly stated
"Euratom, the European regulator with responsibility
for this issue, has accepted all inventories as satisfactory".
Further investigation demonstrated that this brief comment
was not comprehensive, and hid an unresolved problem, viz. that
Euratom, the European Unions' nuclear watchdog regulator, remained
in dispute with BNFL over the application of safeguards at Sellafield.
Indeed, DTI energy minister Mike O'Brien stated in a written parliamentary
answer to MPs:
"BNFL and the [DTI] Safeguards Office are currently in
discussion with the European Commission to resolve measurement
issues that have been identified in certain aspects of nuclear
material accountancy at Sellafield." (Official Report, 25
February 2005: Column 888W)
The important fact to recognise is not that the percentage
uncertainty is less than 0.5%, but the actual quantity of the
plutoniuma potent nuclear explosive materialis around
30 kilogrammes. With the IAEA's "significant quantity"
to trigger security concerns of this nuclear material being 8
kilogrammes, this means that more than three times that (around
10 nuclear bombs worth) were not accounted for.
This problem is not one of safety, but security, safeguards
and materials accountancy. 100,000 kilogrammes of reprocessed
plutonium is currently stockpiled at Sellafield. The fact that
such a large surplus of this potent nuclear explosive remains
without a long-term management solution remains an awkward political
problem for ministers. And it also puts the inability of BNFL,
Sellafield's operators, to account for 30 kilogrammes into context.
This incident was given a context in May 2005, when the Guardian
newspaper (9 May) revealed that some 83 m3 of radioactive liquors,
containing up to 200 kilogrammes of plutonium, had been leaking
from a section called the "feed clarification cell"
inside Thorp, Sellafield's most modern reprocessing plant, operated
by the British Nuclear Group (BNG), part of BNFL. The Nuclear
Decommissioning authority, owners of Thorp, subsequently issued
a Media Statement on 27 May, recording it had taken receipt of
an internal report of the incident from the British Nuclear Group
board of inquiry.
Indeed, the most stunning revelation in the official report
of the accident"Board of Inquiry report into the fractured
pipe in the Feed Clarification Cell in Thorp", BNFL, 26 May
2005(www.britishnucleargroup.com/pdf/2765_1.pdf ) prepared
by the British Nuclear Groupa subsidiary of BNFLposted
on its website at the end of June 2005 was embedded in paragraph
5.2 on page 9 of the 34 page document. It said: "This event
has demonstrated that despite high quality construction, serious
faults can occur within Thorp which breach primary containment.
Given the history of such events so far, it seems likely that
there will remain a significant chance of further plant failures
occurring in the future even with comprehensive implementations
of this report." (emphasis added)
Astonishingly, the nuclear quango, the Nuclear Decommissioning
AuthorityThorp's ownershave decided, despite this
admission, to authorise the British Nuclear Group, Thorp's operators,
to re-open Thorp, without reference to either ministers or Parliament.
This would thus continue the longest running scandal in the British
The Energy Minister informed Parliament in written answer,
issued in September 2005, that his predecessor as the minister
responsible, had first been informed of the leak on 21 April.
(Official Report, 12 September 2005: Columns 2269-70W)
The Energy Minister had earlier informed Parliament in a
written answer on 15 June what was known about the accident, in
"the results of BNGSL's investigation suggests that the
pipe may have started to fail in August 2004 and that complete
failure of the pipe may have occurred in mid-January 2005. Opportunities
such as cell sampling and level measurements were missed which
would have shown that material was escaping to secondary containment."
(Official Report, 15 June 2005: Column 413W)
The Energy Minister revealed in his answer last September
"The special report (dated 10 May 2005) on this incident,
as required under Article 14 of Commission Regulation 302/2005,
was forwarded to the Commission's DG Transport and Energy Directorate
H by the UK Safeguards Office on 13 May 2005. However, this official
notification had been preceded by verbal notification to the Commission
of accounting discrepancies in THORP during a routine inspection
on 29 March 2005. When it became clear that the discrepancies
were due to a leak, the Commission were informed on 21 April 2005.
Further details were provided to Commission inspectors on the
Sellafield site during the week beginning 25 April 2005."
He added that while there is no formal requirement to notify
the International Atomic Energy Agency:
"the UK made a statement at the Board of Governor's in
Vienna during the week of 13 June 2005. The UK Safeguards Office
has been kept informed of all related discussions between the
British Nuclear Group Sellafield Limited, including participating
in a meeting held at the DG TREN offices in Luxembourg on 16 June
2005. (Official Report, 12 September 2005: Columns 2269-70W)
The final report of this accident makes for chilling reading,
with its candid hair-raising account of how major problems can
occur in even relatively new nuclear plants handling nuclear materials
I would thus recommend to TISC to evaluate the implications of
this reportnot least because the BNL's parent, BNFL, is
often touted as a possible future builder/operator of new nuclear
This was an accident that created environmental safety and
potentially nuclear security problems. But there assuredly are
bigger nuclear terrorist threats. At the 7th Irish and UK Local
Authorities Standing Conference on Nuclear Hazards, held in Drogheda,
County Louth, Ireland, held on 10-11 March 2005, specialist consultant
Dr Gordon Thompson, of the Institute for Resource and Security
Studies, Cambridge, Massachusetts presented a chilling paper on
the theme: "Are Nuclear Installations Terrorist Targets?"
He pointed out that in the US the Government has published
a design of a cruise-missile warhead intended to penetrate rock
or concrete. He reported that the warhead has a diameter of 71
cm, a length of 72 cm, and a total mass of 410 kg; when tested
in 2002, it created a hole of 25 cm diameter in tuff rock to a
depth of 5.9 m; that one means of carrying such a device would
be a general-aviation aircraft; and that a Beechcraft King Air
90 will carry a payload of up to 990 kg at a speed of up to 460
km/hr; a used King Air 90 can be purchased for US$0.4-1.0 million.
In other words, a viable platform of attack is well within
the budgets of international terrorists. The vulnerabilities are
manifold: spent fuel stores, high activity radioactive waste liquor
storage tanks; long-term immobilised radioactive waste stores;
and nuclear reactor containment at Magnox reactors.
Dr Thompson provided the following typologies of vulnerability:
|Mode of Attack||Characteristics
||Defenses at a US Plant|
|Commando-style attack|| Could involve heavy weapons and sophisticated tactics.|
Successful attack would require substantial planning and resources.
|Alarms, fences and lightly-armed guards, with offsite backup
| Readily obtainable.|
Highly destructive if detonated at target.
|Vehicle barriers at entry points to Protected Area
| Readily obtainable.|
Highly destructive at point of impact.
|None if missile launched from offsite
| More difficult to obtain than pre-9/11.|
Can destroy larger, softer targets.
Explosive-laden smaller aircraft
| Readily obtainable.|
Can destroy smaller, harder targets.
10-kilotonne nuclear weapon
| Difficult to obtain.|
Assured destruction if detonated at target.
[I record that it was Dr Thompson's memorandum to another
select committee of this House, the Defence Select Committee,
in January 2002, that led to that Committee making a recommendation
that the terrorist threat to nuclear installations be conducted
by POST, resulting in the POST report to which reference was
made above. The TISC may find it useful to invite Dr Thompson,
who has since been used as a security consultant by the Committee
on Radioactive Waste Management (CoRWM) on security challenges
posed by handling and transporting nuclear waste, to give further
oral details on his concerns over insecurities at UK nuclear installations.
Another vulnerabity of nuclear plants is cyber insecurity.
An article by Kevin Poulsen, of Security Focus (8 March
2005) reported that two companies that make digital systems for
nuclear power plants have come out against a US Government proposal
that would attach cyber security standards to plant safety systems.
The 15-page proposal, introduced in December 2004 by the
US Nuclear Regulatory Commission would rewrite the NRC's "Criteria
for Use of Computers in Safety Systems of Nuclear Power Plants."
The current version, written in 1996, is three pages long and
makes no mention of security.
The plan expands existing reliability requirements for digital
safety systems, and the article states:
"infuses security standards into every stage of a system's
lifecycle, from drawing board to retirement."
So far, industry reaction has been less than glowing. Capri
Technology, a small California firm that builds specialized systems
and software for nuclear plants, calls the regulations "premature",
and says the proposal could deter plant operators from installing
new digital safety systems entirely.
"The NRC tries to promote the use of digital technology
in the nuclear power industry on the one hand, but then over-prescribes
what is needed when a digital safety system is proposed,"
wrote company president William Petrick, in comments filed with
the commission. An industry veteran, Petrick advocates withdrawing
the proposal until the NRC and industry experts can agree on a
more effective cyber security strategy.
Framatone, a French company that develops and builds plants
from the ground up, had a similar response. The company argued
in its comments that the NRC is painting with too broad a brushfor
example, by applying the same security standards to software running
on a general purpose computer, and to firmware embedded in a chip.
Cyber security "is sufficiently important and complex
to merit a more considered set of guidance," the French nuclear
reactor builder, Framatone, has argued. "A significant joint
effort should be undertaken to publish comprehensive cyber security
guidance that covers present and planned uses of software in nuclear
plants," the company asserts
And in 2004 the IAEA itself warned of growing international
concern about the potential for cyber attacks against nuclear
facilities, and said it was finalizing new security guidelines
of its own. No successful targeted attacks against plants have
been publicly reported, but in 2003 the "Slammer" worm
penetrated a private computer network at Ohio's idled Davis-Besse
nuclear plant and disabled a safety monitoring system for nearly
five hours. The worm entered the plant network through an interconnected
contractor's network, bypassing Davis-Besse's firewall.(http://www.theregister.co.uk/2005/03/08/nuclear_cyber_security/
I thus recommend that TISC invite before it suitable witnesses
to explain the vulnerabilities posed by cyber-threats to nuclear
Several pointed questions have been raised in Parliament
in the past year over nuclear security, including concerns over
potential threats to nuclear installations from aircraft.
Defence minister Adam Ingram said in response to a question
in April 2004 asking the Secretary of State for Defence if he
would list each near miss incident involving RAF aircraft and
United Kingdom nuclear installations reported to his Department
in each year since 2000 that:
"Restricted areas for aircraft have existed around nuclear
facilities for many years. In the aftermath of 9/11 the Civil
Aviation Authority (CAA) revisited this policy, issuing an amendment
to Article 85 of the Air Navigation Order, and now major nuclear
installations have a restricted area of two nautical mile radius.
The number of alleged breaches of restricted areas involving
RAF aircraft and United Kingdom nuclear installations reported
to the Ministry of Defence in each year since 2000 is detailed
in the following table. The Ministry of Defence, Defence Flying
Complaints Investigation Team carried out investigations on each
occasion and concluded that five of these were found to have infringed
restricted areas. I will shortly place copies of all reports of
the investigations in the Library, with all personal data redacted
in accordance with the Data Protection Act 1998."
|Total number of|
|2004 (up to 31 March 2004) 3
(Official Report, 27 April 2004: Column 874W)
Mr Ingram later told MPs that:
"Both Royal Air Force and United States Air Force aircraft
operate with the same restrictions in respect of overflights of
nuclear installations and residential areas. Nuclear installations
are to be avoided by a radius of two nautical miles from a fixed
centre-point or a height of 2,000 ft, by all types of aircraft.
In respect of "residential areas" we grant avoidances
in the United Kingdom military low-flying system to towns with
a population of 10,000 or more, as well as everything within certain
major avoidance areas. Towns granted avoidances are to be overflown
at not less than 1,000 ft by helicopters, and not less than 2,000
ft by fixed wing aircraft. (Official Report, 25 May 2004: Column
It is on the Parliametnary record from an earlier written
answer to the now retired Labour MP Llew Smith that a "near-hit"
incident reported on 4 April 2002 concerning a helicopter landing
in the grounds of the BNFL nuclear installation at Berkeley, Gloucestershire.
It turned out to be a Canadian military helicopter on a joint
military exercise. But what if it had been a group of international
terrorists? The plant management did not know.
It was reported in several newspapers (The Observer, Sunday
Express) on 11 September 2005 that nuclear sites would henceforth
be routinely deployed to guard nuclear plants: "Armed police
drafted in to protect nuclear plants from terror attack,"
was one headline.
Armed police have been introduced at two nuclear power stations
in Suffolk, it was confirmed yesterday. Civil Nuclear Constabulary
officers have been drafted in to patrol. Security at the sites
of BNG's Sizewell A and British Energy's Sizewell B plants near
Leiston has been reviewed, along with other plants throughout
the country, following both the 9/11 attacks and the London bombings
in July. Sizewell B director Mark Gorry revealed to a Sizewell
stakeholders group meeting that the move was intended to boost
confidence and act as a deterrent. In January 2003, 30 Greenpeace
campaigners scaled the dome containing the pressurised water reactor
at the Sizewell B plant. They said the protest was to highlight
the station's poor security and vulnerability to attack.
I recommend that Greenpeace be invited along with officials
from the British Nuclear Group and British Energy to explore the
current robustness of security at UK nuclear plants.
The following disturbing statements were included in an exhibition
hosted by BNFL at its Sellafield site, prepared by the British
"A nuclear device could be the ultimate weapon for a
terrorist, but fortunately, such devices are very difficult and
expensive to build. Although the UK government does not allow
plutonium from civil nuclear reactors to be used in the UK's nuclear
weapons, some people are worried about terrorists getting hold
of plutonium illegally. By reprocessing and by transporting MOX
fuel, which contains plutonium, all over the world, we are increasing
the risk of plutonium proliferation."
"Some people believe that as reprocessing separates reactor-grade
plutonium from spent fuel it increases the terrorist risk and
should therefore be stopped. Leaving the material as spent fuel
is often considered safer as it is less attractive to terrorists
who would have to separate the plutonium from the fuel themselvesa
long and difficult process. But terrorists could still use the
spent fuel, with out separating out the plutonium, to make a `dirty
"The Irish Government, environmental groups, and organisations
opposed to nuclear proliferation have all expressed opposition
to the opening of the MOX fuel manufacturing plant at Sellafield.
The case put forward against MOX fuel manufacture includes, but
is not confined to, the risk of plutonium proliferation, the possibility
of slightly increased radioactive discharges, and economic arguments
based upon the apparent lack of customer orders for the new fuel."
"Civil nuclear plants have to meet certain national standards
of security and design to protect them against sabotage and terrorist
attacks. But the attacks of 11 September 2001 forced many people
to reassess the lengths that terrorists might go to."
"The high-level liquid waste that comes from reprocessing
is stored in constantly cooled tanks at Sellafield. These tanks
represent one of the world's most hazardous concentrations of
long-lived radioactive material and are, therefore, a prime terrorist
target. An attack on these tanks, similar to the one in New York
in September 2001, could have extremely serious consequences for
much of the UK and Ireland."
I found these observations alarming, but not alarmist, when
I visited the exhibition at Sellafield. All of these statements
were to be found at the web site for Sparking Reaction at:
www.sparkingreaction.com/home.shtml. The web site, and exhibition,
has now been closed.
I recommend representatives of the Science Museum be invited
before TISC to give evidence on the basis of these commentaries.
This addresses one aspect of the "the implications of
increasing dependence on gas imports," as stressed by the
Secretary of State for Trade & Industry and energy minister
as one of the key reasons underpinning the need for an Energy
Energy minister Malcolm Wicks told Parliament in a written
answer in February this year that while the 2003 Energy White
Paper did not specifically forecast the rate of depletion of UK
gas, it did say that "it is . . .likely that the UK will
become a net importer of gas on an annual basis by around 2006"
He explained that this was "in line with the projections
of outside analysts."
For example, he added "Wood Mackenzie, in its August
2001 multi-client report entitled "Running Short of Gas:
The Outlook for UK and Irish Gas Markets", had said "It
is probable that the UK will become a net importer of gas in either
2005 or 2006." (Official Report, 7 February 2006: Column
So it would seem to me to start asserting in 2006 that the
UK is running out of gas earlier than the 2003 Energy White Paper
predicted is inaccurate, and provides a misleading justification
to hold an Energy Review.
I recommend DTI ministers are invited to explain why they
have done so.