Samuel Apikyan and David Diamond (eds.)Nuclear Threats and Security ChallengesNATO Science for Peace and Security Series B: Physics and Biophysics10.1007/978-94-017-9894-5_9

9. Risk Informing Security at the US Nuclear Regulatory Commission

Joseph D. Rivers¹

(1)

Nuclear Regulatory Commission, Washington, DC, USA

Joseph D. Rivers

Email: joseph.rivers@nrc.gov

Abstract

The US Nuclear Regulatory Commission (NRC) has efforts underway to better risk inform security regulations. The NRC has conducted two workshops to obtain stakeholder feedback on how to accomplish this. Topics at the last workshop included an in depth look at risk methodologies/approaches, the likelihood of initiating events, modeling and simulation tools, cyber security, and the using the attractiveness of special nuclear material to an adversary to inform NRC’s graded security program. In addition, the NRC staff is responding to recommendations from a NRC Risk Management Task Force that concluded in 2012. Among its recommendations was to better communicate between safety and security to allow both disciplines to leverage off each other. This paper will summarize the current initiatives to better risk inform security and provide a detailed overview of NRC’s efforts to consider the attractiveness of special nuclear material to a potential adversary in the development of a graded security program. In particular, this effort has identified levels of dilution as a key factor that could be used to adjust security requirements.

Keywords

Nuclear securityRisk informing

9.1 Background

Over the last half dozen years, the NRC has worked to identify ways to better risk inform its security regulatory process. The NRC’s safety regulatory process has a strong tradition of being risk informed. In order to identify what might be possible, the NRC engaged in a number of activities. The NRC conducted a workshop hosted by Sandia National Laboratories in 2010, which brought together safety and security risk experts form the government, national laboratories, and universities. Commissioner George Apostolakis led a Risk Management Task Force from 2011 to 2012. The NRC conducted a second workshop in 2014 hosted by the Institute of Nuclear Materials Management (INMM).

The Sandia Workshop brought together security and safety risk experts from government, national laboratories and universities. The first half of the workshop consisted of presentations on the topic of risk informing security. Workshop participants were split into groups during the second half of the workshop to identify areas/topics that might be fruitful for focusing efforts in the future. The workshop identified six possible areas that might be pursued to better risk inform security:

Uncertainty of initiating events
Use of simulation tools
Collaboration between safety and security professionals
Cyber security
Need for improved metrics
Development of a demonstration project like WASH 1400.

The Risk Management Task Force was tasked with developing a strategic vision and options for adopting a more comprehensive, holistic, risk-informed, performance-based regulatory approach. The task force identified recommendations for the major program areas within the NRC’s regulatory program. However, the recommendations tended to be predominantly safety oriented. The limited discussion of security focused on the need to make sure that terminology used in the safety and security disciplines was better understood. In particular, the need was identified to produce a glossary to identify how terminology used in the two disciplines was either similar or different.

In February 2014, the INMM hosted the Risk Informed Security Workshop in Stone Mountain, Georgia. The workshop was organized as a follow-on to the Sandia Workshop, providing an opportunity to dig deeper into areas that had been identified at the earlier workshop. In addition to some background presentations, there were six panel discussions: