Nuclear security in UK plc: the current state of play

01 Jan 09

The Office for Civil Nuclear Security (OCNS) regulates the movement of all civil nuclear material by road and rail throughout the UK (and worldwide when it’s carried on UK-flagged vessels). Appropriate measures must obviously be taken to prevent the theft or sabotage of nuclear material in transit.

During the period April 2007 to March 2008, no less than 1,450 movements of civil nuclear material were notified to the OCNS (although 200 were cancelled post-notification due to operational reasons). That’s a significant reduction on recent years.

In his report, director of civil nuclear security Roger Brunt has stated: “The decline is the result of the larger-than-expected number of outages at nuclear power plants, which greatly reduced the number of spent fuel movements.” Brunt expects these figures to “return to levels more in line with recent norms” during the 2008-2009 reporting period (and that’s despite the planned decommissioning of certain plants).

Within the UK, 704 notifications were made during the current survey period for the movement of spent nuclear fuel (comprised of 322 notifications for rail transport and 382 relating to transport by road). Category III nuclear material was moved through UK ports on 109 occasions during the reporting period, with imports and exports realised either from or to China, France, Germany, Japan, the Netherlands, Peru, the Russian Federation, South Korea, Spain, Sweden and – last but by no means least – the USA.

Reports made under Regulation 18

Pleasingly, Brunt reports that there were no instances of theft or sabotage of nuclear material. Three reports were made under Regulation 18 of the Nuclear Industries Security Regulations 2003, two of which related to the activities of Greenpeace demonstrating against a single shipment of spent Magnox fuel consigned from Sweden to the UK for reprocessing.

The third report concerned a short-term loss of power to both lighting and CCTV at a Class A Approved Carrier’s compound, but “compensatory measures were activated immediately” to solve the problem.

Fourteen inspections were carried out by OCNS transport security inspectors for this present review. “We have particularly concentrated on the security arrangements underpinning the moves of spent nuclear fuel,” stated Brunt, “and the results have confirmed a high level of security awareness and thoroughness of planning among all those involved in such moves.” It’s good news, then.

Concentration on information security

The Nuclear Industries Security Regulations 2003 require the civil nuclear industry to protect sensitive nuclear information against the threats of theft or compromise. Such information would include any information relating to national security and/or nuclear proliferation.

Not unreasonably, the OCNS fully expects civil nuclear operators and contractors to apply the Government’s protective marking system to all such information and store it (in whatever media it may be held) to a level of security commensurate with its protective marking.

The work of OCNS information security inspectors includes advising operators on the security of sensitive nuclear information held on civil licensed nuclear sites (as well as advising those civil nuclear operators with offices which are not licensed nuclear sites, but which nevertheless hold sensitive nuclear information).

In practice, the inspectors will examine IT systems, filing and recording arrangements, handling procedures and the ‘security furniture’ in which sensitive nuclear information is maintained. Necessarily, they’ll also be in constant contact with OCNS personnel security inspectors (more of whom anon) to ensure that, once again, those with access to sensitive information are security cleared – or vetted – to a level commensurate with the protective marking carried by such material.

“Overall,” said Brunt in his report, “sensitive nuclear information has been stored and handled with due regard to procedures designed to deliver effective protection. The civil nuclear industry as a whole has been careful to employ well-qualified, experienced IT professionals who work closely with the OCNS’ information security inspectors.”

Brunt is adamant that all those involved in information security recognise the challenges presented by rapidly changing technology, the need for constant vigilance in keeping items such as laptops secure and the potential for those with hostile agendas to hack into IT systems.

“The civil nuclear industry has adapted well to the IT security challenge,” asserted Blunt, “applying both Her Majesty’s Government-endorsed and recognised international standards to maximise barriers against the compromise of confidentiality, integrity and the availability of information.”

Inspections and the National Nuclear Network

During the review period, 31 information security inspections were carried out. Pleasingly, they revealed a high level of compliance. Negative observations that were made related only to “relatively minor corrections”.

The OCNS must fall into line with the requirements of the Government’s Manual of Protective Security. A number of supplements to this were written and issued during the current civil nuclear industry review period. Specifically, Brunt and his team have monitored the number of classified contracts – and the companies to whom they’re being awarded.

“The numbers of both have grown,” said Blunt, “mainly due to the fragmentation of the industry as the Nuclear Decommissioning Authority (NDA) decommissioning programme continues.” Much of the guidance issued by the OCNS has referred to the handling of classified contracts, both in document and IT formats.

At the request of the Health and Safety Executive’s Nuclear Directorate, British Energy has conducted security risk assessments on computer-based systems important to safety. It’s a project designed to improve still further the security of legacy computer systems essential to the safe operation of nuclear plants. Progress has been good.

OCNS inspectors have also encouraged the development of the National Nuclear Network (NNN) – an IT infrastructure project sponsored by the NDA which, on completion, will join up the nuclear industry with a classified network. The NNN will have the potential to allow the industry to communicate electronically with other Stakeholders, and also harbour the capacity to permit companies involved with constructing and operating a new generation of nuclear power plants to join the network at some point in the future.

Speaking about the NNN, Brunt is unequivocal in his views. “Without this initiative, the fragmentation of the industry as the NDA competitive process gathers momentum would probably have led to the growth of a multiplicity of smaller systems. The OCNS therefore welcomes this project, not least because it should simplify regulation and reduce the need for any additional information security inspectors.”

There have been no serious breaches reported to the OCNS under Regulation 22 of the Nuclear Industries Security Regulations 2003. A single laptop was reported stolen but, according to Brunt, it “had been encrypted and the information it contained would be of little consequence even if it could be accessed”.

An overview of personnel security issues

The OCNS’ Vetting Office is directly responsible for providing a security vetting service to the civil nuclear industry. All permanent employees and contractors must be vetted to a level of clearance consistent with their access to sensitive nuclear materials and/or information.

In processing peoples’ applications and granting clearances to work, the OCNS complies with the same nationally agreed standards and procedures that apply to national security vetting. Clearances will be revalidated at agreed intervals, and there’s a definitive appeals procedure for those applicants whose request for clearance is, for whatever reason, denied.

Brunt is a happy man as far as personnel security is concerned, mainly due to the fact that the Vetting Office has returned another very strong performance. A total of 17,149 clearances to work were issued in 2007-2008 at either developed vetting, security clearance or counter-terrorist check levels, thereby maintaining the productivity achieved during the last two years and meeting the civil nuclear industries’ high expectations of the service.

Come the end of March, all backlogs of reviews pertaining to developed vetting cases had either been cleared or were being processed ahead of a renewal decision. “Clearing this backlog has been an important achievement,” added Brunt, “not just in terms of underwriting confidence in security but also because it has released OCNS vetting resources for other personnel security tasks.”

Of the 17,000-plus security vetting clearances, 13,618 were new clearances and 3,531 revalidations.

Cabinet Office Vetting Transformation project

The OCNS’ Vetting Office has, not surprisingly, welcomed the proposals of the Cabinet Office’s Vetting Transformation project for the future provision of national security vetting within the UK. The key recommendation is that – in the interests of promoting economies of scale – all investigative casework for national security vetting cases will devolve to a small number of shared service providers who return completed files to vetting authorities for the decision on whether or not to issue clearances.

In addition, the Defence Vetting Agency has invested heavily in IT to improve the efficiency and response times of its vetting processes, and now expects civil nuclear industry employees to use scannable security questionnaires in support of applications for security clearance or counter-terrorist checks.

Now that Disclosure Scotland is fully operational, the OCNS has been able to strengthen the baseline standard check by including a full check on an individual’s unspent criminal record. Until now, the OCNS has been reliant upon self-declarations which cannot be fully corroborated. Since 1 October, such checks have been a mandatory requirement for the baseline standard level of clearance, thus allowing the OCNS to replace the enhanced baseline standards with the revised baseline standard itself.

On that basis, Brunt is in the process of devolving responsibility for this level of check to the civil nuclear operators in all instances where no problems arise. “I shall expect civil nuclear companies to incorporate baseline standard checks within their normal recruiting procedures before any new employees are given access to civil nuclear premises,” asserted Brunt.

Awareness and aftercare procedures

Thankfully, the OCNS has been able to remind the industry of its continuing obligations under the Immigration, Asylum and Nationality Act 2006. In short, the OCNS will never issue a clearance unless evidence has been provided of an individual’s right to work here in the UK. As far as the law’s concerned, of course, the obligation to check this is the case rests squarely on the shoulders of employers.

OCNS inspectors have also begun a series of vetting inspections. Four were carried out during the survey period, and more are planned for 2009. These inspections are vitally important, as they allow the OCNS to ensure compliance with vetting procedures, promote consistency across the civil nuclear industry, provide advice and allow discussion of individual cases as appropriate.

“Overall,” explained Brunt in his detailed report, “I’m satisfied that the civil nuclear industry is effectively and proportionately regulated. I can also confirm that I have no requirement for further changes or additions to the current regulations as they apply to the civil nuclear industry. That said, there’s no room for complacency, particularly with regard to maintaining standards through focused training, individual care in protecting sensitive nuclear information and effective vetting procedures.”

International commitments and activities

Brunt’s well aware it’s important the UK is seen to contribute to international guidance on security for nuclear sites, and will accept requests for support from international partners “whenever possible”. If prioritisation is necessary then requests from the International Atomic Energy Agency take precedence.

During the review period, there have also been two meetings of the European Nuclear Security Regulators’ Association (ENSRA). The first took place in Barrow back in July last year, the second in March 2008 (this time in Prague). Having been admitted in 2006, representatives from the regulatory authorities of the Czech Republic and the Netherlands joined those from the original eight member states (Belgium, Finland, France, Germany, Spain, Sweden, Switzerland and the UK).

Brunt chaired the Barrow gathering, encouraging delegates to swap their ideas on Best Practice techniques and the promotion of a greater understanding of the many security issues the industry now faces. There was also an essential briefing on security arrangements for the maritime transport of nuclear materials.

The OCNS has also contributed to a Nuclear Directorate response for a bilateral exchange with the Norwegian Radiation Protection Agency (the operators of which maintain a close interest in developments at Sellafield).

Support to Government and administration

In Government, the OCNS has contributed to work led by the Foreign and Commonwealth Office to improve nuclear security abroad. Links have also been developed and maintained with Ministry of Defence officials responsible for defence nuclear material security policy. Brunt continues to be a member of the Oversight Board relating to the Joint Terrorism Analysis Centre.

This reporting period marks the first year since OCNS’ transfer to the Health and Safety Executive and the merger with the Nuclear Safety Directorate and the UK Safeguards Office to formally establish the Nuclear Directorate. Brunt reports that the OCNS is now “fully incorporated within the HSE’s administrative systems, procedures and support contracts”.

When it comes to staffing, the OCNS has undergone a significant restructuring exercise these past 18 months. According to Brunt, this has delivered “better frontline regulation, improved business procedures and reduced administrative overheads”.

Prior to merging with the Health and Safety Executive in April 2007, the OCNS employed 42 staff. That figure is now down to 35, with 15 security inspectors employed and deployed by the Approvals and Compliance Unit and eight individuals working for the Vetting Unit. The remaining staff support the NDA, new build projects, liaison with the national intelligence services and international liaison. They also provide the necessary support services at Harwell.

Get the latest stories first with info4security's newsletters: Click to signup

Post and bookmark this story at the following sites:

What is this?

del.icio.us	Digg	Reddit	Google	Newsvine