The Importance of a Nuclear Security Culture

Author Name: Etfa Khurshid Mirza      02 Apr 2021     Nuclear

As demand for nuclear energy increase, many states are developing long-term plans for production and consumption. But as research and development expands, for example of small modular reactors, can these states ensure a reliable and systematic approach for an effective “nuclear security culture”?

Nuclear safety considers the risk of human error and dangers of external events. Nuclear security focuses on deliberate acts designed to cause damage and harm, including the risk of material being diverted to terrorists and non-state actors. State plans and operations must be framed and implemented in a cohesive manner so that security measures do not compromise safety and vice versa. This is a national responsibility, requiring the strengthening of domestic architecture amid the challenge of new technologies.


The cyber-attack on an Indian nuclear power plant in September 2019 demonstrated the vulnerability of states to the threat, and the consequent need to improve national nuclear security architecture.

Indian officials said the administrative network of the Kudankulam Nuclear Power Plant was hacked. They said there was no critical damage, but a large amount of data was stolen by a malware-infected network. That illustrates the risks of subsequent attacks damaging critical infrastructure. Hacking of the software controlling a nuclear reactor, can lead to sabotage, unauthorized use, and in extreme cases, reactor meltdown.

In last year’s cyberattack on the US SolarWinds Corp, a software company managing the information technology of US government agencies and Fortune 500 companies, more than 18,000 customer servers were infected. Among the victims were the Department of Energy and its National Nuclear Security Administration, which manages the US nuclear arsenal. President Joe Biden has rightly made cyber-security a top priority.


The global stockpile of highly enriched uranium in 2019 was about 1335 metric tons, with about 310 tons of plutonium. This is enough material to build thousands of weapons of mass destruction. To safeguard nuclear and radioactive materials in use, storage, and in transport, measures must be implemented against theft, sabotage, unauthorized access, and illegal transfer.

With the Chernobyl nuclear accident in 1986, the importance of the human factor became apparent, given lackadaisical attitudes towards nuclear security practices, roles, and responsibilities. Public knowledge of safety is a crucial concern for nuclear plant operations, both for the provision of information that is needed and preventing the revelation of security-related information. The culture of nuclear safety and security must be a symbol of integrity, competence, and transparency by all actors involved in materials and facilities.


The term “nuclear security culture” was first used in an International Atomic Energy Agency meeting of experts in 2000, discussing the Convention on the Physical Protection of Nuclear Materials Eight years later, the IAEA introduced guidelines, based on the organizational culture model of Edger Schein.

In a “nuclear safety culture”, protection and safety should receive the utmost attention by individuals and organizations, on openness, transparency and information sharing. For “nuclear security culture”, there should be an understanding of the commitment and accountability in any activity affecting security.

The Nuclear Safety Framework deals primarily with the internal danger of human failure in a restricted environment. The Nuclear Security Framework deals predominantly with intent to do harm by unconfined insiders or by external actors. The “nuclear security regime” has three major components: 1) the legislative and regulatory framework for the implementation of state policy though legal bodies; 2) the institutions and organizations applying the policy; 3) the systems and measures adopted by organizations and individuals to implement the policy.

Pakistan offers a case for study. The legislative and regulatory system requires an independent regulator, through the legal channel established by the National Command Authority to fulfill nuclear security obligations. The state has taken comprehensive steps, in compliance with international standards, to protect its nuclear facilities and equipment, to control imports and exports in a National Nuclear Detection Architecture, and to establish a Nuclear Emergency Response System to prevent illicit transport of nuclear material. Islamabad also provides other countries with technical training on nuclear safety.


No country can instill a safety and security culture overnight. It must assess three essential elements of systems: beliefs and attitudes, management systems, and behaviors. The challenge is that there are no fixed criteria to measure those attitudes and behaviors. Due to the confidentiality of nuclear security measures, availability of data is limited, and most changes and evolution in national security culture are not recorded.

Given the threats of nuclear terrorism, all states must at least draw a baseline of nuclear security to be continuously improved. A guide on effective regulation, inspection, performance tests, and reviews should be widely promoted and become a norm to create a strong security and safety culture.

Effective regulation should be based on requirements set forth by the state’s regulatory body in compliance with international standards. A minimum threshold of performance tests to mitigate the chance of terrorist attacks on nuclear facility is essential. Testing should check activation of systems, mobilization of forces, and other performance indicators. These tests should be followed by inspections and assessments regarding any vulnerability to theft or sabotage, the physical protection of nuclear materials on-site and off-site, and the construction of nuclear reactors. Reviews on nuclear security should encompass general safety guidelines with measure over radiation, waste management, and emergency response preparedness.

During the COVID-19 pandemic, the risk has increased of disruption of nuclear power operations. This has elevated nuclear security and implementation of necessary practices. It is the responsibility of states possessing and using nuclear technology to build a comprehensive security architecture and culture.


Etfa Khurshid Mirza is a researcher at Centre for Aerospace and Security Studies (CASS). This article was first published in EAWorldView. She can be reached at


Image Source: