By Igor Khripunov
According to the International Atomic Energy Agency (IAEA), nuclear security culture is “the assembly of characteristics, attitudes and behavior of individuals, organizations and institutions which serves as a means to support and enhance nuclear security.” The concept of security culture emerged much later than nuclear safety culture, which was triggered by human errors that led to the Three Mile Island, Chernobyl and Fukushima accidents. Much as these incidents confirmed the importance of nuclear safety, security culture has gained acceptance as a way to keep terrorist groups from acquiring radioactive materials and prevent acts of sabotage against nuclear power infrastructures. Safety and security culture share the goal of protecting human lives and the environment by assuring that nuclear power plants operate at acceptable risk levels.
The 2010 Nuclear Security Summit held in Washington, DC, emphasized the importance of culture as a critical contributing factor to nuclear security:
The IAEA security culture design is based on the organizational culture model developed by Professor Edgar Schein of the Massachusetts Institute of Technology (MIT). Schein’s model was successfully used in the early 1990s to develop nuclear safety culture. In the security culture model it is founded on healthy respect for the threat. From the most senior leader to the technician, security measures must be a priority for the staff. This underlying conviction then permeates the way people work, driving their behavior under normal and abnormal conditions.
In a facility that enjoys a healthy security culture, personnel typically display a deep–rooted belief that there are credible insider and outsider threats, including theft, sabotage, unauthorized access, illegal transfer of material, and other malicious acts. They consider it their duty to counteract those threats. These beliefs form the foundation of nuclear security culture and are vitally important because they influence behavior to achieve objectives relating to nuclear non-proliferation and counterterrorism. Without this strong substructure of beliefs and attitudes, an effective nuclear security culture cannot exist. Efforts to instill such beliefs and attitudes must be carefully calibrated to reach everyone working in the facility and not only the organization’s security professionals. The local community ―a potential first line of defense against external threats― also must be familiar with the substructure of security ideology.
If beliefs and attitudes constitute the foundation of a security culture architecture, the next stage includes principles to filter beliefs and attitudes in order to develop sound policies and procedures. These principles include motivation, leadership, commitment and responsibility, professionalism and competence, and learning and improvement. The entire workforce should be inculcated with these principles and―to show that leadership is dedicated to security―presented with proof that these principles are applied consistently across the organization. Three major elements exist at the administrative core of security culture development: facility leadership behavior and style, proactive policies and procedures for reaching the objective, and the ultimate goal, personnel performance. The promotion of an effective security culture will inspire characteristics of personnel behavior that include personal accountability, adherence to procedures, teamwork, and vigilance.
The performance of leaders is the main element within the facility. They need to lead by example to forge the appropriate pattern of ideas and perceptions by staff. Managers must emphasize roles and responsibilities, visible security policies and cyber–protection. The role of the leader in promoting security culture is particularly important in societies with strong paternalistic traditions where the decision–making process is highly centralized.
The 2012 Summit in Seoul needs to focus on at least four specific measures contributing to the sustainability of nuclear security culture in individual countries and globally. The improvement of security culture is a continuous process. In the absence of a terrorist attack against nuclear power infrastructure, the element of sustainability plays a critical role in countering low motivation and complacency.
First: Two-Tiered Approach Anchored in National Values and Culture
The 2010 Summit encouraged the integration of security culture into general societal values instead of focusing on the facility–based model currently favored by the IAEA. Thus, a proposed two–tiered architecture would consist of 1) the facility–based model at the micro level, deriving its strength in part from national perceptions and relevant policies toward nuclear issues, and 2) general societal values at the macro–level. Ideally, these two levels combined will harness the human component to generate a more sustainable nuclear security culture.
If nuclear security represents a societal value, the macro–level input from national culture will reinforce efforts at the facility level. The input expected at the macro-level would include: a) nature of compliance with international legal instruments and participation in assistance programs; b) weight placed on nuclear security by the national leadership; c) consistency with which the nuclear industry focuses on nuclear security and related issues; d) criminalization and punishment of crimes associated with nuclear material and the security of nuclear installations; e) general public awareness of and involvement in security matters; and f) a greater role for educational institutions and universities
The performance and sustainability of a nuclear security regime ultimately hinge on security perceptions shaped by national and industry leaders. Weak input from the macro level must not discourage efforts at the micro level. Ideally, the two levels should work together toward promoting and popularizing nuclear security culture.
A sustainable security culture will depend on the efforts of individual countries to assimilate generic international standards into their national culture as well as integrate it into their established organizational culture as a subset. In practice, this means that the ongoing IAEA Regional Training Workshops need to be followed by training events in individual countries that would attempt to adjust their generic standards to prevailing national practice, values and traditions. Such efforts may require a multidisciplinary approach involving a wide range of non-technical experts.
Second: “Selling” the Security Culture
It needs to be recognized and widely publicized that security culture goes beyond traditional perceptions of physical protection and can yield numerous other benefits. Security culture would encourage the workforce to remain vigilant, question irregularities, execute its work diligently, and exhibit high standards of personal and collective accountability. While not a panacea, it can contribute to a vibrant and robust security regime and is applicable to the entire workforce. It is also responsive to a threat milieu in which risks are too numerous to predict, even for the most farsighted leader. Other potential benefits include better information technology security and protection of trade secrets; improved safety arrangements; reduced across–the–board theft and diversion; reduced risks of vandalism and sabotage by employees and outsiders; lower insurance rates; improved mechanisms for personnel control and accounting under emergency conditions; and better relationships with local authorities and surrounding communities. Also, an institutionalized security culture across the nuclear sector, introduced in coordination with the government, may facilitate auditing and inspections when government officials verify compliance with security and other standards.
The shift toward an effective nuclear security culture is characterized by the recognition of security as an investment rather than a burdensome expense. Also, the overall perspective of security moves beyond threats, vulnerability, and protection and integrates efficiency, organizational continuity, and the preservation of trust.
Third: Reinforcing the Safety-Security Nexus
At the site of the 1986 Chernobyl disaster, U.N. Secretary-General Ban Ki-moon said, “We need to build a stronger connection between nuclear safety and security. Though nuclear safety and security are distinct issues, boosting one can bolster the other. At a time when terrorists and others are seeking nuclear materials and technology, stringent safety systems at nuclear power plants will reinforce efforts to strengthen nuclear security. A nuclear power plant that is safer for its community is also one that is secure for our world.”
Safety culture is guided by the principle of transparency and across-the-board involvement, while security is focused on intelligence gathering and confidentiality, including post-event investigation. Leadership must arrange procedures so that security and safety measures reinforce, rather than handicap each other.
Safety and security measures need to be built into a plant throughout all phases of its service life, from design and construction to routine operation and decommissioning. Safety and security should begin at the drawing board, with assessment of candidate sites for the plant and the design of the installation itself. Assessing and continuously reassessing risk from safety and security angles is crucial throughout the plant’s lifetime. Realistic safety and security risk estimates factor in a wide range of hazards, not to mention combinations of hazards, both natural and man-made. Confronted with complex disasters, nuclear managers must organize, recruit, train, and lead safety and security personnel in a way that helps the leadership react flexibly and quickly. Instilling the right habits and traits—the optimal overlap of safety and security culture—is critical.
Fourth: Evaluation of the Nuclear Security Culture
The challenge in evaluating security culture is that culture is composed of intangible human characteristics like positive attitudes, high morale, ethics, teamwork, and the organization’s reputation. Trends charted over a period of time can provide early warning to management to investigate the causes behind the observed changes and reinforce sustainability. In addition to monitoring changes and trends, it may also be necessary to compare the indicators against identified targets and goals, evaluating the staff’s strengths and weaknesses.
There are two options to evaluate nuclear security culture:
1) Basic: Positive Indicators
- Percentage of employees who have received security refresher training during the previous month/quarter;
- Percentage of security improvement proposals implemented during the previous month/quarter;
- Percentage of improvement teams involved in determining solutions to security related problems;
- Percentage of employee communication briefs that include security information;
- Number of security inspections conducted by senior managers/managers/supervisors during the previous week/month (a security inspection may be combined with a housekeeping inspection);
- Percentage of employee suggestions relating to security improvement;
- Percentage of routine organizational meetings with security as an agenda item.
Positive security indicators serve as a mechanism for giving recognition to employees who improve security by thought, action or commitment. Recognition for achievement is a powerful motivating force to encourage continued improvement.
2) Intermediate: Security Performance Indicators
They are designed to show a level of performance that is deteriorating or not acceptable. Each facility can develop its own set of indicators which would best meet its needs. This methodology is currently used by the IAEA to enable state parties to evaluate nuclear security culture at their facilities. The actual values of the indicators are not intended to be direct measures of security, although security performance can be inferred from the results achieved. The numerical value of any individual indicator may be of no significance if treated in an isolated manner, but can be significant when considered in the context of the performance of the other indicators. The problem—recently discovered—with this approach is that it is difficult to develop predictive indicators as indicators are often either too easy to manipulate or are not sensitive enough to allow for early intervention.
The IAEA needs to develop a comprehensive and internationally acceptable methodology for evaluating nuclear security culture and widely disseminate it for practical use. In addition to strengthening sustainability, it will promote cooperation and the sharing of best practices.
The 2010 Nuclear Security Summit elevated the reliability of the human factor to the top of the nuclear security agenda. A vehicle to improve the human factor is security culture, which connotes not only the technical proficiency of the people but also their awareness of proliferation risks and motivation to follow established security procedures, comply with regulations, and take initiative when unforeseen circumstances arise. A workforce made up of individuals who are vigilant, question irregularities, execute their work diligently, and exhibit high standards of personal and collective behavior will maintain tight security. There is no way to make the world’s expanding nuclear power infrastructure safe and secure other than to make allies of the people entrusted with operating nuclear power plants. The 2012 Summit in Seoul must go beyond the conceptualization of nuclear security culture and embark on the path of effective implementation. Given the cross-cutting role of the human factor, its successful outcome will largely depend on the extent to which it can formulate specific measures and recommendations which would ultimately contribute to a sustainable security culture.
Dr. Igor Khripunov is Distinguished Fellow and Adjunct Professor at the University of Georgia Center for International Trade and Security. Dr. Khripunov joined the University of Georgia in 1992 after a distinguished career in the Soviet/Russian Foreign Service. His expertise includes nonproliferation export control, physical protection and vulnerability assessment, nuclear security culture, safety-security interface and organizational culture. He is a consultant to the International Atomic Energy Agency (IAEA) and participates in a wide range of IAEA sponsored events. Dr. Khripunov has contributed to a number of books and book chapters on nuclear energy development, nonproliferation and other global issues; he has written numerous articles published in journals, including Comparative Strategy, Security Dialogue, Jane’s Intelligence Review, Problems of Post-Communism, and the Bulletin of the Atomic Scientists.