Benchmarking nuclear and aviation security

Over the last 50 years, only nine recorded incidents have taken place worldwide involving an armed attack on, or bombing of, a nuclear installation. None of them came close to causing a radiological release — not least because the majority of attacks were on reactors under construction in Europe.

Similarly, no ‘dirty bomb’ has been exploded anywhere in the world (ie aiming to cause radioactive contamination) and no nuclear material has been stolen and subsequently used to build and detonate an improvised nuclear device.

In practice, many enhancements to the global nuclear security regime over the last 18 years have not been in response to a security incident involving nuclear or other radioactive material, but because of the consequences of security failures in the aviation sector.

The airborne attacks on 11 September 2001 in the USA caused many fatalities and casualties and resulted in huge costs as a result of infrastructure damage and subsequent restoration. Almost 3000 people lost their lives, and the property damage alone is estimated to have cost $100 billion. Estimates of the total economic damage inflicted by the attack range up to $2 trillion. Unsurprisingly, the civil aviation sector, overseen by the UN-affiliated International Civil Aviation Organization (ICAO) based in Montreal, Canada, was quick to respond.

Within five months, a high-level ministerial conference had approved a new and ambitious ICAO Global Aviation Security Plan that gave new impetus to improving international standards for aviation security and introduced a mandatory global audit programme. Simultaneously, although with much less urgency, the International Atomic Energy Agency (IAEA) also began to examine how its limited role in nuclear security could evolve, as did national nuclear regulators and the industry. Hitherto, all of these organisations had focused primarily on nuclear safety.

Sixteen years on from the 9/11 attacks, the World Institute for Nuclear Security (WINS), supported by the MacArthur Foundation, launched a research project to compare the evolution of the international security regimes in the civil nuclear and aviation sectors before and after the 9/11 attacks and identify transferable best practices between them. What, if anything, had the aviation sector done that should be copied by the nuclear sector, which has so far avoided serious security incidents?

Over the last two years, WINS has worked with experienced practitioners in both sectors and interviewed many individuals with responsibilities for aviation and nuclear security at all levels. Its final report will be published in December 2019, but Dr Roger Howsley, WINS’ executive director, gave Nuclear Engineering International a foretaste of the conclusions.

Same difference

People might ask what the aviation and nuclear sectors have in common. Commercial civil aviation is a public-facing activity, transporting billions of people each year. It is a dynamic and competitive international sector, where time is money and customer satisfaction is a high priority.

By contrast, nuclear power plants (and associated fuel cycle facilities) are some of the most robust static structures on earth, with control points that prevent unauthorised public access. Security at these plants is often characterised by the phrase ‘guns, guards and gates’, which is very different to the public image that airports want to achieve. But, in fact, we have found several common themes and some strong similarities. Examples include:

• The state is ultimately accountable for security, and both sectors are overseen by national regulators;
• Most countries view the sectors as part of the national critical infrastructure;
• For both, security arrangements are of significant political and public concern;
• Both sectors are increasingly concerned about cybersecurity and insider threats, and the implications of drone technology;
• Operators in both sectors would say their first priority is safety and security.

Based on the research, Howsley believes there are opportunities for the two sectors to work more closely together, including joint projects between the IAEA and ICAO and cooperation among national regulators and operators.

Howsley says: “It’s really surprising that we were the first organisation to highlight and research in detail the common challenges as well as the differences between the sectors. To our knowledge, no substantial interactions have taken place between ICAO and the IAEA on security issues since 9/11, despite the fact that they have the same Member States.”

Question of authority

Howsley notes that ICAO’s Member States have given it the authority to implement much more professional and effective security oversight arrangements worldwide, including revised aviation security standards and a mandatory audit programme. Since 2002, ICAO has conducted over 430 audits in 180 states and regularly publishes the consolidated findings showing the level of compliance with ICAO standards.

IAEA Member States have refused to give the organisation equivalent powers in the civil nuclear sector, insisting that everything related to nuclear security be done only at the request of the State.

“Though far from perfect, it really is astonishing how much authority and how well-organised the aviation sector is under ICAO leadership. Wherever we looked, we found a sense of urgency, not just in words but in coordinated actions,” says Howsley.

“In contrast to the IAEA, ICAO has an inclusive approach and welcomes the involvement of aviation industry associations, principally Airports Council International and the International Aviation Transport Organisation. We found a close and effective partnership that has resulted in, for example, professional, certified training centres and requirements for security worldwide. ICAO and the industry are working together to identify new technologies for streamlining security screening and making personal security faster and more efficient. Meanwhile, the IAEA struggles to get traction in implementing a strategic plan of action because it lacks the mandate to lead from the front.”

Why have ICAO’s Member States given their endorsement for a mandatory global aviation security regime but have so far resisted giving an equivalent mandate to the IAEA for the civil nuclear sector? Howsley says: “Almost certainly, it is because the IAEA is a much more political organisation. We heard time and time again from the people we interviewed that ICAO is a technical organisation that stays out of politics. In contrast, the IAEA’s role in nuclear non-proliferation verification (safeguards) severely constrains its ability to act in the same manner as ICAO.

“The reality is that the military origins of the nuclear programmes that began in the 1940s and 1950s continue to overshadow the need for a modern, technical approach to international security oversight and standards. The security of civil nuclear installations is still wrapped up with national security and state secrecy, and there is simply no justification for it.”

Looking ahead

What might change, after the research conducted by WINS?

Howsley says, “Inertia and complacency are the enemies of progress. Just because the nuclear sector has so far not experienced a significant security event doesn’t mean that one isn’t just around the corner. And we all know how the nuclear sector could be damaged should a serious incident take place.

“At a time when the world is craving for substantial sources of low carbon-electricity, why can’t the international community get its act together and put in place an effective and mandatory international regime for civil nuclear security?

“If the IAEA can’t do it as currently structured, maybe it is time to split the organisation’s technical responsibilities from its more political responsibilities. Complementary to that, we would be delighted to see the World Association of Nuclear Operators start to peer-review cyber risks and insider threats in the context of extended nuclear safety on behalf of the industry.”

WINS is scheduled to publish the full report of its finding on its website (www.wins.org) in December.