On too many occasions the first input that the security team have to influence the security arrangements at a facility is after the design is agreed and the work is underway; or building use is modified; or the threat landscape changes. Thus, the security arrangements must be retrofitted within restricted footprints, and often within operational and Radioactive Controlled Areas (RCAs), resulting in increased capital (and operational) cost, reduced capability and compromise between safety, operations and security. The economic pressures on nuclear being able to compete with other forms of technology are driving various initiatives such as the Nuclear Energy Institute ‘Nuclear Promise’ in the US, and the UK Nuclear Sector Deal. The latter aspires to reduce the costs of new nuclear build by 30% by 2030, and 20% reduction in decommissioning projects.
Security by design is referenced within INFCIRC 225, Rev 5, and increasingly is the recognition that inherent safety and security arrangements are cheaper and more effective if incorporated prior to construction or operation. The UK’s National Nuclear Laboratory is currently supporting a concept design project for a facility which will operate for many decades. An integrated project team, led by the Safety, Security and Safeguards team have an active role in influencing security from the outset, based on UK guidance provided by the Centre for the Protection of National Infrastructure’s in their Operational Requirements process. Working with the Engineering Design team has already provided great benefit and the opportunity to realise ‘security by design’. This paper discusses the experiences thus far.
Insight to the application of a systematic approach is presented. Engineering and design projects should lend themselves to integration of security requirements, typically being based upon well defined, phased design stages to allow for iterative development of the design as requirements become better defined, risks and uncertainties addressed, and importantly the close marriage between the evolution of the design in tandem with the safety case. UK nuclear regulation places key milestones and regulatory decision points during the evolution of a project. This approach is based upon historic learning and adoption of best practice.
So why then has security not been a core element of engineering and design projects? In part this is due to culture – historically one where security was the ‘dark art’, perceived to be ‘done to a project’ rather than a key component to successful delivery. Perversely, the security that used to shroud security requirements and security specialists is precisely the reason why security was not integrated into design process. The changing threat landscape, global initiatives to combat nuclear terrorism and malicious use of radiological and nuclear materials, enhanced transparency and guidance from bodies such as the IAEA, development of best practice from Non-Governmental Organisations such as the World Institute of Nuclear Security (WINS), and other drivers have all assisted change. In the UK, the integration of the safety and security nuclear regulators to form the Office for Nuclear Regulation (ONR) and a move away from a more prescriptive, to an outcome based regulatory approach placing the onus more clearly on the dutyholder, or operator, have increased the need for a change in approach.
The project team have worked on the development of a Systematic Approach to be adopted that addresses Information, Assessment, Decisions and Processes. It has integrated Best Relevant Practice (BRP) and Learning from Experience (LFE); coupled with a keen focus on the inclusive, interaction with stakeholders and multi-disciplinary capabilities. Absolutely key to which has been the integration of safety, engineering and security; along with operational personnel, and guard force representation.
Presented will be an outline of the approach, the experiences and learning developed throughout the Concept Design phase and the further development in Preliminary Design. The key benefits will be highlighted, along with those key areas of learning that can be adopted by others.