Strengthen Nuclear Security Regulatory Regimes and Strive for Continuous Improvement

Finding

Regulatory requirements for nuclear security are not comprehensive, with significant weaknesses in important areas such as insider threat prevention, security culture, and cybersecurity, leaving dangerous gaps and vulnerabilities around the world.

Data Highlights

• Looking at how many countries receive a high score (67+) for each indicator in the Security and Control Measures category can indicate how strong each area is. Indicators with many countries scoring high for that indicator show an area of strength. Indicators with fewer countries scoring high for that indicator show an area of weakness.
• On the basis of this metric, the strongest areas are Control and Accounting Procedures (78% of countries receive a high score for that indicator), Transport Security (77% of countries receive a high score for that indicator), Response Capabilities (61% of countries receive a high score for that indicator), and On-Site Physical Protection (53% of countries receive a high score for that indicator).
• In contrast, only 31% of countries receive a high score for Insider Threat Prevention, 24% of countries receive a high score for Cybersecurity, and 20% of countries receive a high score for Security Culture.

• These three areas also have the most zero scores. Although no countries receive a score of zero for the indicators On-Site Physical Protection or Response Capabilities, 24% of countries receive a zero for Cybersecurity, 14% receive a zero for Security Culture, and 10% receive a zero for Insider Threat Prevention. Conversely, only 2% of countries receive a full score for Insider Threat Prevention, and only 4% receive a full score for Cybersecurity and Security Culture.

Recommendation

Countries must strengthen their nuclear security regulatory regimes and strive for continuous improvement.

• As risks, technology, and best practices evolve, countries’ efforts to strengthen their security must continuously evolve and improve; countries should avoid becoming complacent about the threat.
• Countries should strengthen their regulatory regimes to improve security practices. Upgrades to regulations should be made regularly to reflect evolving best practices and promote continuous improvement.
• Countries can improve their security by sharing best practices, including through organizations such as the World Institute for Nuclear Security; requesting peer reviews from the IAEA or other countries; and participating in international workshops and conferences to help them improve. Countries should also take advantage of the assistance available through the International Atomic Energy Agency.
• Regulators should engage with their counterparts in other countries to share best practices and lessons learned in different regulatory environments.