In March 2022, the world watched in shock as Russia’s army fired on and occupied Ukraine’s Zaporizhzhia and Chornobyl nuclear power plants. Russian forces fired high-explosive shells around Zaporizhzhia Nuclear Power Plant, causing the plant to lose its off-site power source and forcing it to rely on short-term emergency diesel generators to cool the reactors and spent fuel. Russian forces also physically and psychologically abused staff at the Zaporizhzhia and Chornobyl sites, degrading their ability to safely operate the facilities.
In deciding to forcibly occupy Zaporizhzhia—the largest nuclear power plant in Europe—Russia has risked widespread radiological contamination and jeopardized the health of the people and the environment across the region. State-based targeting of nuclear facilities is not new; however, it has never been so reckless and brazen.
This is a situation that few anticipated. Nuclear facilities were not designed to defend against national militaries or to operate safely in a war zone. War undermines nuclear safety and security in many ways, from undercutting security culture to introducing threats that exceed what a facility could reasonably be expected to guard against (known as design basis threat or DBT). Nuclear facilities should, however, be resilient during long-term crises. Although the NTI Index does not assess how effectively a country or area’s nuclear security system will perform against specific threats, it does highlight measures that could help nuclear facilities reduce risks when crises occur. To that end, nuclear facilities should do the following:
- Require a disaster contingency plan. More than one-third of the 46 countries and Taiwan with nuclear facilities do not have a disaster plan. All national regulatory frameworks should require that a plan is in place to physically protect nuclear infrastructure in the event of a human-caused or natural disaster.
- Adopt a DBT that accounts for all realistic threats a nuclear facility must protect against. Developing a DBT includes a process by which governments evaluate threats to nuclear facilities and develop a description of adversary attributes and characteristics that nuclear facilities should defend against. For nuclear facilities to have security systems capable of preventing theft and sabotage from non-state actors, this process must be continuous, especially during crises when threats might emerge rapidly or unpredictably.
- Conduct regular and realistic security system evaluations. Domestic regulators and licensors should require nuclear facility operators to assess the effectiveness of their security systems and personnel by regularly conducting force-on-force exercises based on realistic threat considerations, including a variety of crises.
- Foster an effective security culture. An organization with a strong security culture has staff who are committed to security, strive for excellence, and look for ways to make their security systems stronger. Steps to promote a strong security culture (e.g., incentivizing high performance standards, providing threat briefings, and conducting self-assessments) can help nuclear facilities and organizations imbue the commitment to security procedures and practices at all levels of the organization. Having a strong security culture is essential during a crisis when rapidly evolving events may distract personnel from regular protocols.
- Improve cybersecurity. Crises, especially those that require staff to work remotely, can create opportunities for adversaries to exploit cybersecurity vulnerabilities. Regulators and licensors should require nuclear operators to protect against cyber attacks and include such attacks in their DBT. This is particularly important as facilities incorporate more digital technology into their operations and as countries and areas consider pursuing automated nuclear technologies.
- Provide bilateral or multilateral aid to countries and areas experiencing nuclear security crises. Countries and areas can support one another during crises that threaten nuclear facilities by providing or accepting financial and practical bilateral or multilateral assistance.
Beyond resilience building, countries and areas should work to stem the problem at its root by strengthening norms and laws against the targeting of nuclear facilities. The first step is for countries and areas to pledge not to attack civilian nuclear facilities and encourage others to do the same. This action should be supported with national statements emphasizing that an attack on a civilian nuclear facility is in no one’s interest, achieves no meaningful military outcome, could threaten the future of nuclear power deployment, and has severely detrimental effects on public health.