Nuclear Security Culture: Roles and Responsibilities


So now let’s take a look at the roles and
responsibilities of different organizations and how that plays a role in overall nuclear
security. So, obviously, the State has a role in nuclear security and nuclear security culture.
The State defines the overall protection objectives. The State distributes responsibilities to
other entities. The State provides all of the protection of information. It’s what determines
what information will be classified and what information would not be classified. And,
oftentimes, the State also projects information both to the facilities and the regulators
as well as to the public. The State projects that information, and that projection of information
impacts the culture and belief systems of all those involved.
Various organizations within the State also have responsibility. So, those organizations
might do things like produce the security policy for the facilities and organizations
in charge of those facilities. It defines out the management structure. It provides
resources to those facilities, and it might provide review and improvement of existing
systems. So various organizations have responsibilities here where they would have to come in and
look at various facilities and organizations and review what their policies and procedures
are and then determine whether or not additional policies and procedures are needed. Culture
makes a big impact there as well. If the regulators and the higher ups in the organizations are
coming into a facility and projecting to them how important security is to them, then the
people at the facility are going to respond to that, say, “Ah, my people above me think
that security is very important, it, therefore, must be very important for to me as well,
because it could be a part of my potential future.” And, so, those upper-level organizations
have a large impact as well. Within that is the managers inside of that
organization. And, of course, there is a definition of responsibilities for those, and those tend
to be at the more practical level. So this is, how do we carry out our control practices
for materials, equipment, technology, and information. They define out the qualifications
and training structure for personnel at the various facilities. They also provide a lot
of the hands-on motivation to the individuals at the facilities, and, of course, they also
do audit and review. So, these are managers who will come and look at what’s going on
within a facility, look at the practices and policies that are being conducted, review
those and provide input on how to make changes. When they do those reviews and provide those
inputs, if they are looking at it from a security standpoint, that will help impact the culture
within the organization by putting a stamp on it and saying, “We care about that culture.
We want you to understand the importance of security to the overall structure of the facility.
We want you to understand the importance of this facility to the overall structure of
our organization in the continued management of our organization.
And then, of course, there’s the individuals at the facility, those individual workers.
They obviously have responsibility associated with the actual conduct of operations at the
facility. They are the ones who are moving the materials around. They are the ones that
are entering that facility on a day-to-day basis. So they have to have a strict and prudent
approach in how they conduct their operations. They also have a very important job in vigilance
and questioning. Let me explain what I mean by that. When they come to work every day,
they need to be thinking about, “How do I impact the security of my facility. When I
come to work every day, and I have an employee who works with me or in my section, and I
notice things about the behaviors of that employee–maybe that employee is very depressed
right now or maybe that employee is having some problems at home–do I need to bring
that up and tell that to the managers in the level above me? Do I need to provide that
information?” And, in many cases, the answer is, “Yes.” And you have to look at it from
the standpoint not that you are ratting, you are turning in your fellow employee, but from
the standpoint that what you’re doing is providing for the overall security of the facility,
which is the overall security of the individuals working in that facility as well. By looking
out for the welfare of all of the facility, the individuals working in the facility. That’s
an important part, being vigilant about security, and that includes questioning the attitudes
and behaviors of various employees within the facility as well as vigilance against
outsider threats. Whenever I see things, if I see a door propped open or if I see a card
reader that’s not working, I have a responsibility to report that and not just allow the security
personnel to find it. If I notice that, it is part of my job to report that information.
And, of course, that impacts the speed of reaction, that I as an employee, by providing
that–let’s take the case of I see a door propped open–if I as an employee can report
that, that’s going to be much faster than a security guard could ever find that. There
is a limit to how many security guards there are. They are a minority personnel within
the overall system; whereas, all of the employees at the facility, they have a much stronger
impact in terms of the speed of reaction as a detector within the system.
So the key messages from this particular section is that the threat of malicious acts by insiders
and outsiders is a credible and real threat. Let me describe what I mean by that. Insider
and outsider threats both exist–they both historically have occurred, insiders being
individuals who have been employed and work at a facility, or who have access, authority,
or knowledge over that facility, and they have, in the past, helped, or in some cases
attacked themselves, those particular facilities. In many cases, it has been over theft and
not over sabotage or terrorist acts, but in some cases it has been over more malicious
acts. And then outsider threats, the outsiders being individuals coming from outside of the
facility and attacking that facility. Those could be criminal organizations. They could
be terrorist organizations. That is a real and credible threat. They very much do exist,
and they exist within almost every country on earth.
The second key message is that good security culture requires the commitment at an organization
level, leadership from managers and regulators, and the engagement of all personnel. So the
key there is that it is at all levels. You can’t just go to one particular example–for
example, we could take the example of the Y-12 nuclear security lapse in which the security
guards had a major role in terms of their lapse in nuclear security culture, but you
might also argue that that is only one portion of it though, that the managers at that facility
also had a responsibility there, and did they have good nuclear security culture. I would
argue probably not, since it was being passed down to the guards as well. And even above
that, the regulators and the Department of Energy, was their nuclear security culture
at the level it should be, given their particular mission and given the facilities that they
manage?

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *