TIME FOR AN INTEGRATED APPROACH TO NUCLEAR RISK MANAGEMENT, GOVERNANCE AND SAFETY/SECURITY/EMERGENCY ARRANGEMENTS
1. INTEGRATING NUCLEAR SAFETY, SECURITY AND EMERGENCY ARRANGEMENTS
Safety and security have traditionally been regulated and managed in isolation from each other. Safety management has been the responsibility of operators, engineers, safety managers and scientists whereas security tends to be the responsibility of a separate function frequently led by ex-military and police personnel with a different professional background and range of competencies.
This situation must change. The complex, interconnected nature of safety, security and emergency management requires convergence; without it, serious gaps in capability and response will persist. Security needs to be integrated into mainstream organisational management; it is neither efficient nor effective to consider nuclear safety cases, security vulnerability assessments, and financial and reputational risk separately. Doing so requires the adoption of an all hazards approach that concentrates on what needs to be done before and during a crisis. It also requires an integrated response that covers emergency arrangements and a proactive, trustworthy, empowered crisis communication mechanism that understands both safety and security.
2. A CLEAR DEFINITION OF NUCLEAR LIABILITY
Boards and their organisations need to recognise that liability for nuclear safety and security invariably rests with them, whether or not they are subject to effective regulation or their regulator has adequately assessed the threat. Boards also need to recognise that their liability and insurance arrangements are influenced by their approach to risk management, risk appetite, profit versus risk attitude, and the overall reputation of their organisation for such matters. Furthermore, their liability is not constrained to nuclear-related legislation; organisations are increasingly being prosecuted for criminal liability when there is evidence of wilful misconduct.
3. IMPROVED CORPORATE GOVERNANCE
Because cultural behaviour in any organisation is driven from the top down, it is critical that the Board and senior executives lead their facility’s nuclear security culture by example. No-one can guarantee whether or not a terrorist attack will occur; if one should take place, Boards must be able to demonstrate that they have taken all reasonable steps to prepare for and respond to such an event.
Implementing an integrated approach to risk management requires that Boards put in place the same effective oversight arrangements for nuclear security that they have already put in place for the performance and compliance of safety, finances and the environment.
4. PEER REVIEW AND SHARING BEST PRACTICES – BUILDING CONFIDENCE
The international sharing of best security practices?and how to integrate them into mainstream nuclear operations?has lagged behind the sharing of nuclear safety practices. One major reason for this is an unjustified belief that it is not possible to share best security practices because it would involve the exchange of classified information.
Given the importance of an integrated approach to nuclear safety, security and risk management, and the need to learn from international experience, such attitudes must now change. The nuclear industry and its regulators need to understand that it is possible to share best management practices relating to security while maintaining secrecy of site-specific arrangements.
5. EDUCATION AND TRAINING – BUILDING CAPACITY
Nuclear security training is currently under resourced and overlooked. Any assessment of worldwide training and education programmes will elicit a stark contrast between safety and security. Nuclear safety training is widely available, well structured and accredited, and it is the norm for nuclear safety management to be demonstrably competent, experienced and well trained. The same framework and availability of training does not exist for security management.