How to protect nuclear plants from terrorists

In light of the recent Brussels attacks, reports from Belgium are more alarming. In 2012 two employees at the country’s Doel nuclear power station left Belgium to fight in Syria. In 2014 an unidentified saboteur tampered with lubricant in the turbine at the same reactor, causing the plant to shut down for five months. And earlier this year authorities investigating the Paris attacks discovered video surveillance footage of a Belgian nuclear official in the home of one of the Paris suspects.

One has to assume that potential attackers may understand how the sites and materials can be used.

Given the heightened state of alert in Europe, governments should, I believe, immediately increase security at civilian nuclear facilities. They could emulate the United States, where security at nuclear facilities has substantially increased since the September 11, 2001 terrorist attacks.

American role model
U.S. nuclear power plants now are some of the most well-guarded facilities in the world.

The U.S. Nuclear Regulatory Commission (NRC) regulates both safety and security at nuclear power plants. After 9/11, these sites were required to add multiple layers of protection, with the cores of reactors (where the fuel is located) the most highly defended areas.

Up to one-third of the workforce at many U.S. nuclear plants now is security-related. Many nuclear utilities used to hire contract security forces; now guards at many of these plants are employed directly by plant owners and have opportunities to move to other jobs at their sites, increasing employee satisfaction and improving performance.

NRC regulations require U.S. nuclear plants to hold regular drills in which well-trained former military units attack the plants with up-to-date materials and techniques. NRC observers evaluate these exercises, and facility owners face stiff penalties for failure.

The United States has also adopted regulations to ensure cybersecurity at reactors. As new, entirely digital reactors come online, such measures will be more necessary than ever.

The successful 2010 Stuxnet attack, for example, in which a computer worm infiltrated computers at Iranian nuclear facilities and caused machines to malfunction, showed how vulnerable unprotected computer networks can be.

Improving security worldwide
There are no global standards for physical protection at civilian nuclear facilities. Each country adopts its own laws and regulations dictating what nuclear site owners are required to do to protect plants from attack.

As a result, measures at plants can vary widely, with some countries depending on the local police force for protection and leaving guards unarmed. Often the level of security depends on cultural norms and attitudes, but the recent attacks in Europe suggest a rapid adjustment is needed.

Here are steps that, in my view, all countries can take to make nuclear plants more secure.

One priority is to provide enough funds to the International Atomic Energy Agency (IAEA), which has recently elevated its physical security section to assist member countries looking for ways to protect their nuclear plants more effectively. Since 2010 the agency has trained more than 10,000 people in nuclear security, including police and border guards. It also tracks illicit trafficking and other activities involving nuclear material, and has recorded nearly 3,000 such events since 1995.

Countries that have nuclear power plants or research reactors understandably tend not to spotlight the challenges of protecting these sites. But we know from instances like the ones cited above that they exist. In many countries nuclear regulatory agencies oversee safety but not security. Each of these nations needs to empower an independent regulator to enforce new requirements and inspect security at nuclear sites. Most importantly, security forces at nuclear facilities should be required to practice attack scenarios regularly under the gaze of independent observers.

Countries such as the United States that already have solid physical security requirements for nuclear facilities can help.

Nuclear regulators from all countries meet regularly and could easily share information and train their counterparts on plant physical security. In December 2012, for example, the U.S. NRC organized the first-ever International Regulators Conference on Nuclear Security. No other government has offered to head up a follow-on meeting since then.

And countries with existing reactors aren’t the only problem. At least sixty countries have expressed a desire to acquire nuclear power. The United Arab Emirates is in the process of constructing four reactors. Turkey and Vietnam have made deals with the Russian manufacturer, Rosatom, in which construction, financing, operation, even waste disposal, will be handled solely by the Russians. Many of these “emergent” countries do not regularly attend Convention on Nuclear Safety peer review meetings at the International Atomic Energy Agency. Without a security regime in place, how can we expect them to do any better than the existing plants?

To prevent an attack at a nuclear site, governments must take security at nuclear sites seriously now, not a year from now.

In light of the current terrorist threat and with four Nuclear Security Summits completed, countries with nuclear plants need to up their game with regards to physical security at nuclear power facilities before it’s too late.

Allison Macfarlane is Professor of Public Policy and International Affairs, George Washington University. This article is published courtesy of The Conversation (under Creative Commons-Attribution/No derivative).