Re-evaluating security for D&D

MAINTAINING EFFECTIVE SECURITY DURING THE Decommissioning of Nuclear Power Plants outlines the stages of decommissioning and the potential security risks and security arrangements to be implemented at each stage. This includes information security, cybersecurity and changing requirements for the physical protection system.

It also looks at how to re-evaluate nuclear security requirements, as decommissioning progresses and the inventory of nuclear and other radioactive material is reduced.

The target audience includes executives and other senior leaders who need to make decisions related to decommissioning, as well as security managers, nuclear facility managers, and other project managers who are either planning or undertaking nuclear power plant decommissioning.

Understanding security

The first section, on the decommissioning process, looks at different strategies including immediate dismantling (DECON), deferred dismantling or safe enclosure (SAFSTOR) and entombment.

“Regardless of the approach taken, from a nuclear security perspective, proper security arrangements need to be maintained during the entire decommissioning process and applied in a manner that is commensurate with the security risks posed by the remaining radioactive materials,” the guide says.

It identifies three stages: preparation for decommissioning and planning considerations; transition from operation to decommissioning; and dismantling and decontamination.

On Stage 1, WINS says decommissioning should be considered in the design and operational phases of the plant but notes that many plants have been operating for several decades without a clear strategy. While security arrangements do not change during preparation, once decommissioning starts “activities such as segmentation, cutting and milling, especially of large components, require additional working space that must be strictly monitored”.

Stage 2 begins after the final shutdown. “During the transition and decommissioning process, the spent fuel is the most important area of concern from a security perspective”, the guide notes. For SAFSTOR, “Security will need to focus on ensuring that the spent fuel remains secure either in the transfer to dry cask storage or in the pool.” Other decommissioning activities can take place concurrently with the spent fuel operations.

For DECON, prompt dismantling requires the timely removal of the spent fuel from the spent fuel pool to the dry cask storage facility, which will need to have its own security infrastructure and security system. Ultimately, the dry cask storage facility will have to have its own security control point and system.

If the exceptional solution of entombment is selected (for example, following a severe accident), all or part of the facility must be encased in a structurally long-lived material. Each case will be specific and will have to be evaluated according to the accident that led to it.

For Stage 3 (dismantling and decontamination), depending on the decommissioning approach, there is a difference in the level of security needed for the plant site. For DECON, nuclear-grade security would only be needed for the dry cask storage facility, while SAFSTOR requires the entire site to remain secured.

Engaging stakeholders

Section two of the guide, on engaging nuclear security stakeholders, looks at: operator (licensee) roles and responsibilities; managing a changing workforce; state roles and responsibilities; and regulator roles and responsibilities.

The operator generally begins by developing a detailed decommissioning plan for regulatory approval, including a security plan that takes into account changes in operations and facility configuration based on the selected decommissioning strategy.

The plan should include periodic assessments of the security threats, and internal and regulatory audits should confirm the adequacy of the plan regarding those identified threats, WINS says.

As to managing a changing workforce, the guide says the security department “must adapt to frequent changes (rather than routine work) and be ready to deal with unexpected situations”.

Shifting from operations to decommissioning “inevitably leads to significant organisational and cultural changes” and “planning is essential to help the workforce prepare for these changes, which potentially involve redeployment or re-employment”. It is important to maintain enough experience and expertise in the compliance and licensing team until all licences are terminated.

The guide notes that “insiders represent a major threat due to the rapidly changing environment and turnover of personnel”. Trustworthiness or vetting programmes should be established for staff as well as contractors. “Strong access control needs to be maintained until cleanup/ dismantling is achieved.”

The regulator’s primary function is to supervise the decommissioning process, based on the state’s regulatory framework. “Regulations and the regulator are critical to effective and secure decommissioning of nuclear facilities”, the guide notes, saying that it is important regulatory staff have adequate technical knowledge for decommissioning. The skillsets required may differ significantly from those necessary for operating facilities.

Integrating security during D&D

The final section, on integrating security during decommissioning, refers to the IAEA’s Nuclear Security Series. This series “provides international consensus guidance on all aspects of nuclear security” as well as “guidance for how to categorise nuclear material and identify vital areas of a nuclear facility and the levels of protection commensurate with the risk”.

This section looks at: developing a security roadmap; updating the site security plan; communicating security information; plan and exercise response; creating and maintaining an effective security culture; addressing the insider threat; ensuring industrial security; ensuring information security; ensuring cybersecurity; security measures for radioactive waste; and transport security.

The guide warns that security costs “will be a hot topic throughout the decommissioning process for most states”. At this time the plant is not generating income, costs are expected to decrease and options to reduce security costs need to be explored. “For instance, consolidating safety related systems into a safety island on the plant site, which can be protected as a vital area, could be considered.”

A heating, ventilation and air-conditioning system will still be needed but with a lower throughput, so it could be replaced with a smaller unit installed in a separate, protected building. The spent fuel pool could be isolated with its own cooling system, to avoid interface with systems that will be removed during decommissioning. Flexibility is the key to cost-effective security planning, the guide says. “The challenge is to integrate security measures into the workflow of the decommissioning process without hindering work”.

WINS notes that maintaining a nuclear security culture during decommissioning is challenging. “With the large increase of new workers, especially contractors who may not necessarily have a nuclear culture, specific induction programmes and security awareness training sessions are needed.” Security does not just concern physical measures: “it also consists of the attitudes and beliefs of the staff who work at the facility”. The guide recommends conducting regular realistic drills and exercises as well as periodic independent audits of security culture and performance.

To reduce the chance of insider attack, a long-term programme that identifies and counters such risks is required. Policies for managing insider threats should be fully documented and published inside the organisation and random and unannounced audits should be conducted periodically to ensure policies are being implemented.

As to industrial security, the guide notes that expensive tools, machines and other equipment are potential targets for theft, while employee or contractor dissatisfaction could lead to malicious behaviour. Information security is another concern, for instance “sensitive information, including schematics and diagrams of locations and devices, transport routes, specific descriptions of security measures and apparatus, access codes, and information on how security measures can be disabled”. Organisations need to develop specific procedures to identify and protect this information, with access limited to employees with a need to know. Similar concerns are related to cybersecurity.

Security measures for radioactive waste should be included in the early stages of the design and implementation of the decommissioning strategies. This will increase security and reduce costs while facilitating better integration with safety and safeguards systems.

Similarly, transport security needs should be considered as early as possible in the decommissioning plan. The operator should anticipate what waste materials will be generated and will require transport to an off-site location. There should be a generic draft security transportation plan for routine activities and specific ones for special (high-risk) cases. The plan should vary the times and routes for sensitive materials. Whenever possible, material shipments should be consolidated to reduce the number of transports.

Four appendices also contain useful information:

• Appendix A offers questions that can be asked at all levels of an organisation during decommissioning, to help determine effectiveness of the security arrangements.
• Appendix B defines five levels of organisational achievement for security.
• Appendix C looks at security considerations for dry storage of used fuel.
• Appendix D summarises a case study on security staff reduction during decommissioning presented by the Nuclear Energy Institute during a 2019 WINS workshop.