Almost all known cases of theft of nuclear material involved an insider. The threat of a nuclear facility insider, either individually or in collusion with an outsider, stealing fissile material or committing sabotage at a nuclear facility is a difficult one to accept and prevent. The skills, knowledge, access, and authority held by some insiders make the threat difficult to mitigate. Even when the insider’s illicit activities are observed by coworkers, they often go unreported due to the unwillingness of many workers to recongnize the potential for an insider threat and to report on a colleague.
A multi-layered approach can mitigate the insider threat. Each nuclear facility applies multiple layers of security measures to protect material to include administrative controls and policies and technical systems that are integrated to minimize the insider threat.
- Administrative Controls and Policies: These measures include materials accounting, procedures, human reliability program, and nuclear security culture.
- Human reliability programs help identify at-risk employees before they can become a threat.
- Nuclear security culture programs seek to educate employees on the threat, encourage robust procedural adherence and effective management, and help employees understand their personal responsibility for nuclear material security.
- Technical Systems: These measures include access controls, material controls, detection and delay features. Access control systems and material controls can be used to help enforce administrative controls such as the two person rule, compartmentalization of information, and separation of duties. Detection systems identify when an insider violates access requirements, and delay barriers can impede an insider from accessing a target.
Combined with legal penalties for theft, unauthorized possession, and smuggling of material, these security measures are aimed at deterring a potential insider and making their task more difficult.