[en] In this study, we generalized quantum digital signature scheme for three-partied[5] to the multi-partied. Also we analyzed this scheme for repudiation, forgery and colluding adversaries. (paper)

[en] Unmanned Aerial System (UAS) Technology has advanced greatly over the last decade. With this advancement, the basic capabilities of UASs could be employed to gain an advantage against adversaries and enhance the security of radioactive material during shipment, storage, and use. UASs may be used for ground surveillance, provide counter surveillance against malicious UASs, add security to shipments, or to physically counter malicious UASs. The greatest limitations to UASs include power requirements, communication availability, laws and regulations, and exploitation by adversaries. With the increase in availability of UASs, adversaries can exploit this technology for nefarious means. Solutions are currently being pursued world-wide to counter UAS threats. A standard, out of the box UAS can record a HD video feed and transmit lower quality real time video to the pilot or control station on the ground. Equipped with GPS receivers, the UASs can be given a preprogrammed route to follow around a facility, be dispatched to a specific location in response to an alarm, or be told to follow a vehicle during transit. The standard UAS will have one or multiple visual spectrum cameras attached, though other optics could be used to enhance surveillance capabilities. The location and heading of the UAS is easily known and can help ground forces respond to threats at fixed locations, allow a vehicle to be monitored while stopped, or watch for adversaries during transit. With speeds up to 150 km/hr published on current UASs, they would be able to deploy from a vehicle, make observations, and dock without stopping.

[en] The scope of the DBT in Finland encompasses nuclear facilities, nuclear materials, and other radioactive materials. Its structure evolved into a level scheme with progressive levels of threat. The level scheme reflects the severity and potential consequences of different threats with the aim to cover today’s situation as well as conservative assumptions. Each level has its own protection objectives. Physical and cyber threats as well as other information security threats are included in the DBT. While the physical threats are defined through adversary capabilities, the cyber threats, due to their rapidly changing characteristics, are mainly defined through attack vectors. The DBT is applied to different facilities and activities in accordance with the magnitude of potential consequences of unlawful acts. Experience shows that it is essential to involve a broad range of expertise throughout the process of threat assessment and DBT development. In the joint effort coordinated by the regulatory authority for radiation and nuclear security and safety other competent authorities and nuclear facility operators contributed through their expertise on the threat environment and on facility operations from the point of view of safety and security. (author)

[en] The United States Department of Homeland Security’s Domestic Nuclear Detection Office (DNDO) is charged with implementing domestic nuclear detection efforts to protect the U.S. from radiological and nuclear threats. DNDO is also responsible for coordinating the development of the Global Nuclear Detection Architecture (GNDA). DNDO is planning to utilize a unique risk analysis tool to conduct a holistic risk assessment of the GNDA known as the Radiological and Nuclear Risk Assessment Methods (RNRAM). The capabilities of this tool will be used to support DNDO risk analyses. The model uses a probabilistic risk assessment methodology and includes the ability to conduct a risk assessment of the effectiveness of layered architectures in the GNDA against an attack by an intelligent, adaptive adversary. This paper overviews the basic structure, capabilities, and use of RNRAM as used to assess different architectures and how various risk components are calculated through a series of interconnected modules. Also highlighted is the flexible structure of RNRAM which can accommodate new modules in order to examine a variety of threat detection architectures and concepts. (author)

[en] An Insider has a greater threat to the security system of radioactive material facility due to their ability to get benefit of their rights to access, authority and knowledge of a facility. Insiders may be have the capability to by-pass many detection measures, because of their access for entry or by other available ways. An insider may be in any position at a radiological facility, they may be high level employee or low level, where the factors affecting insider attempt insider opportunity and motivation. The security plan introduces the physical protection systems at a facility and depend on the regulations and best practices for protection against both the insider and external adversary. The description includes the fundamental principles that are used to establish the physical protection system at the facility and should contain a description of the principles for an effective insider mitigation program, then identifies the policies and, subsequently, defines the operations and procedures which control physical protection at the facility. This paper views measures for the preventive and protective actions against insider related to security of Radioactive Material (RM) and associated facilities where the design and evaluation of physical protection system against threats posed by outsiders and insiders, where proposed requirements include the general requirement, identification of potential insider threats, which defined the design basis threat (DBT) or the national threat assessment about insider threats so as to identify the potential insider threats for facilities, identification of target process for insider, insider characterization and measures against potential insiders comprises firstly, Preventive measures aiming to exclude potential adversaries and to reduce the likelihood of insiders trying to commit a malicious act, so for example the licensee before hiring any employee in job shall check the trustworthiness of the persons (background check ''criminal and ideological''- financial obligations- work history – alcohol testing- psychological) and during career progression who have knowledge of sensitive information. Also trustworthiness of personnel – inspect vetting procedures and records (including contractors) including pass issue and updating for this check all five years or when take place change in DBT .

[en] Terrorists continue to seek radioactive materials to cause harm and disruption. Many soft targets (e.g., hospitals and universities), which use radioactive materials for research and to treat cancer, take steps to increase the security surrounding these materials. However, any detection and delay measures at a site are meaningless if there is no timely and effective response from the local law enforcement agency. The Office of Radiological Security’s Training Academy at Y-12 provides multiple resources to bridge the gap between sites and local law enforcement so that the law enforcement is aware and prepared to respond to a site’s event involving radioactive materials. The Office of Radiological Security’s Alarm Response Training establishes a bridge between sites and local law enforcement by bringing them together to initiate a dialogue. By the end of the week long training local law enforcement understand the threat posed by the material, its location within their jurisdiction, and how to respond to an event involving the radioactive material. After training sites and local law enforcement implement facility walk downs and conduct exercises together to continue strengthening the bridge. The Office of Radiological Security also recognizes it cannot train ever single law enforcement officer in the United States at its Y-12 Training Academy. Therefore, the office developed Customized Alarm Response Training. Customized Alarm Response Training takes the course directly to the local law enforcement working with them to develop and establish their own one-day Alarm Response training program so that they can train their own responders. Customized Alarm Response Training enables the law enforcement to be ready to respond to actual events in the area while receiving valuable training specific to their jurisdiction and needs. Taking ownership of the training through Customized Alarm Response Training expands the bridge between sites and local law enforcement by ensuring all officers in a jurisdiction are aware of a site’s radioactive materials and are prepared to effectively respond. A timely and effectively response by local law enforcement is key to stopping an event involving radioactive materials. Without it a site’s security system is ineffective against an adversary. The Office of Radiological Security provides tools to build and reinforce bridges between sites and their local law enforcement agency so that responders are prepared to thwart the most determined of adversaries from obtaining radioactive materials. (author)

[en] Nuclear facilities spend substantial and time on designing effective security systems and putting detection, delay and response measures in place. Having done this, facilities hardly ever get in the situation where they need to actively use these security measures to counter an actual threat. This results in three important questions that need to be considered: 1. How do we know that the technical security measures are in effective in detecting and withstanding a real-life, intelligent and creative adversary? 2. How do we ensure that (and train that) especially the guards – who in normal working life hardly ever encounter any adversaries – are continuously alert to detect and counter threats that surface unexpectedly? 3. How well is not only the guard force, but also the facilities as a whole prepared to withstand combined attach scenarios, including physical, social engineering and cyber scenarios? This paper discusses how the security managers of nuclear facilities in The Netherlands collaboratively addressed the questions above by developing in industry sector wide Force on Force exercises team. This team comprises members of all nuclear facilities in The Netherlands and performs as adversary test team unannounced security exercises at those facilities. (author)

[en] This article, published in issue 80 of 'l'ACROnique du nucleaire', aims to retrace the early steps in the consideration of the possibility of a nuclear accident in France, with the inclusion of 'non-institutional' participants and applying the lessons learned in Belarus in the contaminated territories around the Chernobyl nuclear power plant. After a review of the origin of the involvement of the Association pour le Controle de la Radioactivite dans l'Ouest (ACRO) in addressing post-accident issues alongside the populations living in an environment polluted by radioactivity, it discusses, from the critical viewpoint of an NGO, the context and the working method adopted for this examination. This is followed by some key elements of the programme and unresolved questions about the available body of knowledge which motivates research and about the method adopted for the work. The conclusion, moderately optimistic, highlights some advances and limits arising during this exercise in a French nuclear scene which remains characterised by a centralized mode of management. (author)

[en] It is time to review our approach to source categorization to ensure it remains relevant Categorization of radioactive sources dates back at least 13 years since TECDOC 1191 was first published. [Ref] It was later superseded by TECDOC 1344 in 2003 and RS-G-1.9 in 2005. These documents were first concerned about radioactive sources which have the potential for causing significant harm to persons in the short term. They also specified that such categorization would be relevant to decisions regarding: notification and authorization by registration or licensing; the security requirements during each stage from manufacture, through transport, storage, use, transfer and repair, to decommissioning and disposal; and emergency preparedness. (REF TecDoc 1191). Continuous improvement is intrinsic to a professional approach to any discipline. There is some operational experience that suggests that the original thinking, useful though it has been, deserves review to make it sure it is still relevant. We put emphasis on source categorisation, but actually that overly focusses on radiological consequences. We argue that social, economic and political consequences are at least as important and they do not obviously lend themselves to a graded approach in the same way that dose does. Focusing on the consequences as one factor to theoretically, categorize the radioactive source and, practically, apply security measures necessary to protect it gives rise to this question: Is a “secure” category 1 source, really more attractive to adversaries than a vulnerable category 3 source/sources? This brings us back to the basic idea behind applying security measures in order to prevent any unauthorized removal of the source. Attractiveness of a source for adversaries, especially nuclear terrorists, is very much linked to the vulnerability factor and ease of removal and not only the direct consequences of the malicious uses of this source. For a terrorist, getting hands on several category 3 caesium sources used in mobile gauges could be preferable to reaching for a fixed radiotherapy cobalt source. Though categorization of radioactive sources, from a safety perspective, is relevant and adequate for approaching different safety issues in order to meet safety objectives for the protection of people and the environment, it seems to lack the same efficiency when analyzing the objectives of applying security measures and protection of the source itself. Keeping in mind that vulnerability is linked to the threat assessment of the country, it is important to explore means of assessing vulnerability and involving it in the security-related categorization of radioactive sources. Furthermore, if security risk = threat x consequence (source strength?) x vulnerability then why are we not addressing the vulnerability component? Surely it is time to refine our thinking? This paper explores the potential for categorization of radioactive sources from another perspective with more emphasis on some security related factors beyond safety. At least, it has to be correct to revisit a methodology that has hardly benefitted from the thirteen years of operational experience that has been gained since its methods were introduced? And if the outcome proves to be that “we got it correct first time”, then we can be more comfortable, more confident and demonstrably assiduous as professionals. (author)

[en] Linking the three core processes of any business - the strategy, its implementation and the people doing the work - determines the success or failure of every organization. And the strength of the link between these three processes determines the degree to which a business is able to deliver what it wants to achieve. The IAEA is no exception. So, what do we want to achieve- Our starting point can be taken from the Safeguards Resolution adopted by the General Conference last month. That resolution reconfirmed that the Agency's safeguards are a fundamental component of nuclear non-proliferation and that they promote greater confidence among States by providing assurance that States are complying with their obligations under relevant safeguards agreements. It went on to say that Agency safeguards also contribute to strengthening collective security and help to create an environment conducive to nuclear cooperation. Further to that statement, I would add my personal vision for the future of Agency safeguards: it is a future in which our Member States and their nuclear industries see us as not as adversaries, but as important partners; a future in which the independence of our work and soundness of our conclusions remains paramount; and a future in which any non-compliance is firmly dealt with. To achieve this vision, meet our obligations and fulfil the expectation of our Member States requires the careful and successful linking of strategy, implementation and people