Today I went through a file I have on my desk containing nothing but incidents of “security breaches” at nuclear power plants and facilities going back five years.
They include a stack of articles about 1.2 inches think.
I was hoping to do a more detailed report on this subject, but time constraints prevent that for now.
But a few incidents are worth noting:
In May 2012, it was reported that a couple of Greenpeace activists breached security at a Bugey nuclear site in southeastern France. In that incident the men used a “para-glider” to circumvent security at the nuclear power plant then proceeded to drop a smoke flare.
The stunts exposed serious security flaws within the system posed by a determined individual or individuals with a little imagination.
In yet another incident 57 activists used a truck to make their way onto the Fessenheim nuclear power plant facility operated by EDF in France in 2014. There they hung anti nuclear banners from the main plant, which housed two 900 MW reactors. Strangely red faced officials maintained that the activist, which were running all over the place at the time police arrived, said security was not compromised, according to one Reuters news report. Unconfirmed reports suggest however that at least 3 activists found entrances to the main reactor building unsecured at the time?
However the greater threats to nuclear facilities are from insiders:
In fact the greatest dangers to nuclear facilities are sabotage and theft from “insiders”, according to political scientist Scott Sagan. He went on to say in one article I clipped that “insider threats are the most serious challenge confronting nuclear facilities in today’s world.”
In reviewing my own collection of news reports collected from all over the world I would have to agree with that statement.
“In every case of theft of nuclear materials where the circumstances of the theft are known, the perpetrators were either insiders or had help from insiders”, he went on to say. This is also correct.
Given that the other cases involve bulk material stolen covertly without anyone being aware the material was missing, there is every reason to believe that they were perpetrated by insiders as well.
Other threats include sabotage/sabotage attempts, especially in the United States and elsewhere against nuclear facilities conducted by insiders.
For example a diesel generator at the San Onofre Nuclear Generating Station in Southern California was possibly sabotaged, likely by an insider, in 2012. Although that is still under investigation.
A review of various incidents reveals the most spectacular act of sabotage occurred at South Africa’s Koeberg nuclear power plant (then under construction) in South Africa in 1982 when someone detonated explosives directly on a nuclear reactor.
In terms of lessons learned from all this:
- Don’t assume that serious insider threats can’t originate from within your organization.
- Don’t assume that background checks will necessarily solve the insider problem.
- Don’t assume that warning indicators of insider threats will be read properly.
- Don’t assume that insider conspiracies are impossible.
- Don’t assume that organizational culture and employee disgruntlement don’t matter.
- Don’t forget that insiders may know about security measures and how to work around them.
- Don’t assume that security rules are being followed.
- Don’t assume that only consciously malicious insider actions matter.
- Don’t focus only on prevention and miss opportunities for mitigation.
Its also important to realize that insider threats most often come from people who, at one time or another, were on the payroll of the organization and have knowledge of how to navigate the system to gain access to critical areas or data.
You would be surprised how many organizations, not just those dealing with nuclear facilities fail to adhere to such standards.
Such is also the case in reviewing so many of these articles dealing with nuclear facilities.
I would also say that outsourcing security responsibility is another area were we could be looking at. While it may seem more cost effective to do that, you still lose in terms of your respective ability to know that such things as background checks, and drug screens and polygraphs are being done more regularly than just before the worker is hired to preform tasks relating to security at your facility.
One of the problems in trying to review such incidents, especially those dealing with nuclear facilities is the lack of reliable reporting. Understandably there is a lack good and “unclassified” information about the details of such nuclear security related incidents.
I also lack sufficient funding and computer access to really accomplish a detailed review at this time.
My other problem is the Nuclear Regulatory Commission (NRC) is not often too keen on receiving unsolicited reports on nuclear security issues, if done improperly you could wind up with not so friendly FBI (Federal Bureau of Investigation) agents at your door asking a lot of questions.