by Duyeon Kim
Published in The Bulletin of the Atomic Scientists on September 7, 2011:
Nature and malice: Confronting multiple hazards to nuclear power infrastructure
By Igor Khripunov and Duyeon Kim | 7 September 2011
Over the past six months, two geological events in Japan and the United States had similar characteristics but very different outcomes. At Fukushima, 40-plus-year-old reactors shut down as designed on March 11 following a magnitude 9.0 earthquake, but the combination of ruptured offsite power supply lines and generators flooded by the ensuing tsunami led to a massive meltdown.
On August 23, a magnitude 5.8 Virginia earthquake shook the US eastern seaboard, causing panic, confusion, and disruption in an area unaccustomed to temblors. The North Anna twin reactor plant in Virginia, which is more than 30 years old, underwent an automatic shutdown. One of the backup generators failed shortly after being started up, but power was continuously supplied by three other generators wisely installed as a precautionary measure. In the absence of simultaneous hazards like the ones that struck Fukushima, the power plant maintained continuous coolant flow around the fuel rods, avoiding a meltdown.
Where should the line be drawn between reasonable and excessive precautionary measures at facilities where cost effectiveness matters? The lessons of Fukushima are under vigorous scrutiny now, and it will take some time to grasp their full meaning. As the International Atomic Energy Agency (IAEA) has suggested, the lessons that need particular study are “those pertaining to multiple severe hazards.” Such complex hazards don’t emerge just from natural disasters. They can also be the result of action by terrorists or others with bad intent. It is even conceivable that a malicious human (or humans) with access to a nuclear plant could take advantage of a natural disaster to cause a nuclear catastrophe. Because severe hazards can arise in these three ways — as what can be termed natech, maltech or combined events — safety and security staffs at nuclear power facilities should be trained to interact with one another as they respond to all three.
Force of nature. The history of nuclear energy abounds with incidents where nature clashed with human infrastructure. Japan seems to top the list of emergency nuclear shutdowns with seismic activity taking nuclear reactors off line in 2004, 2005, 2007, 2009, and of course 2011. Because numerous nuclear plants are located along major waterways, tsunamis are a formidable adversary. The December 2004 tsunami set loose by an undersea earthquake off Indonesia reached the east coast of India, disrupting operations at the Kalpakkam nuclear power plant. Wildfire poses a constant risk, witnessed in 2001 when a unit of Russia’s Novovoronezhskaya nuclear power plant shut down and internal troops were dispatched to support local fire brigades after a fierce blaze approached the plant and its adjacent fuel-storage site. Tornadoes devastated the southern United States in 2011, forcing the Brown’s Ferry nuclear plant to take its three reactors offline when 11 high-voltage power lines were knocked out.
No inventory of natural perils would be comprehensive without noting the phenomenon of solar storms. High solar activity has been mostly a nuisance — in 1989, a solar storm that affected the Salem pressurized-water reactor in New Jersey induced a current surge, melting an electrical transformer, but did not trigger a shutdown. The situation may be different in the next two to three years, according to experts who predict a new cycle of solar activity starting in August 2011. NASA, meanwhile, has warned of a super solar storm in 2012. An intense sun storm could damage a country’s electric power grid, a potential catastrophe for nuclear power plants that rely on the grid to run their cooling systems.
Since the early 2000s, the industrial emergency literature has called complex interactions between natural events and industrial catastrophe “natech disasters.” By definition, natechs involve multiple hazards and pose special challenges for those who try to prevent them and those who respond to them when they do occur. Response efforts are greatly complicated. Responders must simultaneously cope with both the natural disaster and its impact on engineering systems and infrastructure; that impact may involve more than one technical mishap. And many services and utilities needed to deal with engineering problems — water, access roads, power, communications, and so forth — may be unavailable because of natural or other hazards.
Force of malice. The record is clear: Nuclear power installations are attractive targets for deliberate acts of theft, sabotage, or unauthorized break-ins. Before its 9/11 attacks, Al Qaeda had considered nuclear plants as targets of choice; the same is said to be true for the terrorists who planned the November 2008 attack on Mumbai, India. Attacks on fissile fuel production, reactors, spent-fuel storage, and reprocessing facilities would create serious consequences — even if there were little or no damage to the plant or related sites. Officials responsible for protecting nuclear plants must, therefore, take account of not only nature-driven disasters but also such purposeful “maltech” events, which prominently include “insider” threats from nuclear plant employees and others with regular access to such facilities.
The possibility of a maltech event at a nuclear facility is not imaginary. A July 2011 intelligence report from the US Department of Homeland Security titled “Insider Threat to Utilities” warns that violent extremists have in fact obtained insider positions, and that outsiders have approached utility employees about conducting physical and cyber-attacks. Meanwhile, President Barack Obama has said that attacks by “lone wolves” are “the most likely scenario that we have to guard against right now,” and a report card released in August by the Bipartisan Policy Center’s National Security Preparedness Group also raises concerns about the self-radicalization or “lone wolf” problem.
A combination of forces. Opportunistic antagonists may seek to time malicious activity so it coincides with and takes advantage of natural disasters that weaken safety systems, overburden security personnel, and distract managers’ attention. Few reports at the height of the Fukushima crisis, for example, even mentioned security as a component of the response and mitigation strategies. Clearly, however, a nuclear plant beset by natural disaster could make a more inviting target for terrorists than a plant in routine operation, with the full complement of safety and security staff in place. The possibility of such “combined” disasters must be incorporated in safety and security plans for nuclear power plants.
Next steps. After its Ministerial Conference on Nuclear Safety in June, the IAEA called for a “fully transparent assessment of the Fukushima Daiichi Nuclear Power Station accident in order for the international community to be able to draw and act upon lessons learned.” In the wake of Fukushima, it seems clear that an even more overarching review is in order — one that takes the possibility of natural, malicious and combined disasters into account and involves both safety and security planning. The international community may wish to consider the following steps:
- Develop synergistic safety-security frameworks and consolidated risk-assessment methods. It is important to factor in natechs, maltechs, and combined disasters as emerging and realistic hazards and to carry out risk assessments of all three general categories of possible disaster on a regular basis. The key to the success of this consolidated approach is to make safety and security cultures coexist and effectively reinforce each other.
- Integrate safety-security into nuclear power plants. The key is to build or retrofit combined safety and security considerations into a plant’s entire service life, from the drawing board and site selection to the design, construction, operation, and decommissioning phases.
- Implement coordinated emergency response and combined training programs. It is important that safety measures and security measures do not handicap but rather reinforce and strengthen one another. In the event of a multiple hazard, plant personnel must respond to each emergency simultaneously. This means a security plan must be compatible with and complementary to the safety plan, and vice versa. Safety personnel tend to be composed of operators, engineers, and technicians; the security staff is usually made up of military personnel, police, and guards. It is vital that these two cultures are well-coordinated.
- Strengthen IAEA nuclear safety and security standards. At the May 2011 Group of Eight summit in France, Russia called for compulsory IAEA safety standards and restrictions on building reactors in earthquake-prone areas. The challenge is to persuade IAEA member states to sign up for mandatory safety rules while obtaining their agreement to dub the UN watchdog the “enforcer.” In light of growing and evolving nuclear threats, the international community must begin by agreeing on a baseline nuclear security standard.
- Strengthen governance. Instilling the right habits and traits in those who respond to complex nuclear disaster is critical. It is the nuclear managers who must organize, recruit, train, and lead safety and security personnel in a way that helps the leadership react flexibly and quickly in a time of such disaster. Leadership and management demonstrated at the highest levels are needed to ensure effective coordination and balance between safety and security. That’s to say, better governance is needed to create and maintain that balance.
We have entered an age in which nuclear and radiological threats emanate not from a single source but from nature’s fury, human error, crime, and terrorists — and a combination of those factors. It only makes sense, accordingly, that safety and security frameworks be as comprehensive and integrated as possible. It is time to combine both our thinking and our practical approaches to limit the consequences of natural disasters and deliberate acts — to think of nuclear safety and security efforts as united in a common goal.
Igor Khripunov is distinguished fellow at the University of Georgia’s Center for International Trade and Security. His expertise is in nuclear security culture, export control and nonproliferation, and arms control compliance and verification. Prior to 1992, he was in the Soviet foreign service and participated in many arms control fora and talks, including those involving the Intermediate-Range Nuclear Forces Treaty and the Strategic Arms Reduction Treaty.
Duyeon Kim is the deputy director at the Center for Arms Control and Non-Proliferation, where her policy work focuses on North Korea, nuclear nonproliferation, nuclear security, and nuclear terrorism prevention. She is a former career journalist from Seoul, Korea, having served as the Foreign Affairs Ministry correspondent and Unification Ministry correspondent for a leading South Korean broadcaster. Her news stories covered North Korea’s nuclear programs, the Six-Party Talks, inter-Korean relations, US foreign policy, South Korean foreign policy, and the United Nations.