powerpoint-presentatie nbs
TRANSCRIPT
Nuclear Security & Safeguards
December 4, 2012
NRC Regulators Conference On Nuclear Security December 4-6 Washington DC USA
11/12/2012
Bart Dal ........................................................................ Ministry of Infrastructure and the Environment Inspectorate for Human Environment and Transport Coordinator Nuclear Security & Safeguards Nieuwe Uitleg 1 | 2514 BP | Den Haag | A01.10 Postbus 16191 | 2500 BD | Den Haag ........................................................................ T +3170-456 2104 F +3184-8300623 M +316-1501 7964 [email protected] www.rijksoverheid.nl
3 11-12-2012
THE NETHERLANDS
Surface: 41.528 km² (18,41% water)
Inhabitants: 16.105.285 (2002)
Capital: Amsterdam
Residence: The Hague
TYPICAL DUTCH
11-12-2012 4
5 Ni
URENCO
NUCLEAR ACTIVITIES IN THE NETHERLANDS
Petten
Nieuwdorp Borssele
PROTECTION OF SENSITIVE INFORMATION ?
6 11-12-2012
Confidentiality
URENCO & ETC ALMELO
11-12-2012 7
URENCO USA, NEW MEXICO
11-12-2012 8
INFORMATION PROTECTION CPPNM
• CPPNM Amendment, Fundamental Principle L: Confidentiality The State should establish requirements for protecting the
confidentiality of information, the unauthorized disclosure of which could compromise the physical protection of nuclear material and nuclear facilities.
• CPPNM Amendment, Fundamental Principle H: Graded Approach Physical protection requirements should be based on a graded
approach, taking into account the current evaluation of the threat, the relative attractiveness, the nature of the material and potential consequences associated with the unauthorized removal of nuclear material and with the sabotage against nuclear material or nuclear facilities.
11-12-2012 9
INFORMATION PROTECTION INFCIRC/225/rev5
• INFCIRC/225/Rev. 5, Para 3.54: Management of a physical protection system should limit access to
sensitive information to those whose trustworthiness has been established appropriate to the sensitivity of the information and who need to know it for the performance of their duties. Information addressing possible vulnerabilities in physical protection systems should be highly protected.
• INFCIRC/225/Rev. 5, Para 3.55: Sanctions against persons violating confidentiality should be part of
the State’s legislative or regulatory system. • INFCIRC/225/Rev. 5, Para 4.10 /5.19: Computer based systems used for physical protection, nuclear
safety, and nuclear material accountancy and control should be protected against compromise (e.g. cyber attack, manipulation or falsification) consistent with the threat assessment or design basis threat.
11-12-2012 10
INFORMATION PROTECTION ?
NUCEAR SECURITY RECOMMENDATIONS ON PHYSICAL PROTECTION OF NUCLEAR MATERIAL AND NUCLEAR FACILITIES:
• PHYSICAL SECURITY
• PERSONEL SECURITY
• INFORMATION SECURITY
CYBER SECURITY 11-12-2012 11
INFCIRC/225/Rev5 , NSS13
History 1972 GREY BOOK 1975 INFCIRC/225 1977 INFCIRC/225/Rev.1 1989 INFCIRC/225/Rev.2 1993 INFCIRC/225/Rev.3 1998 INFCIRC/225/Rev.4 2011 INFCIRC/225/Rev.5 -
11-12-2012 13
INFCIRC/225/Rev5, NSS13
• START 1969, TOKYO PANEL FOR SAFEGUARDS TECHNIQUES AND METHODOLOGIES
• MATERIAL UNDER SAFEGUARDS MUST BE PROTECTED • THEFT OF NUCLEAR MATERIAL, LATER SABOTAGE
• CATEGORISATION OF NUCLEAR MATERIALS
• PROTECTION OF NUCLEAR FACILITIES
• ADDITIONAL PROTOCOL, GCEP SENSITIVE TECHNOLOGY?
• FUNDAMENTAL PRINCIPLES, ESSENTIAL ELEMENTS (UNSCR1540) SCOPE NUCLEAR FACILITIES OR FUEL CYCLE FACILITIES ?
GAS CENTRIFUGE ENRICHMENT TREATIES
• TREATY OF ALMELO – 1970
• TREATY OF WASHINGTON - 1992
• TREATY OF CARDIFF - 2006
• TREATY OF PARIS - 2012
11-12-2012 14
11-12-2012 15
ENRICHMENT TECHNOLOGY COMPANY, ETC
TRICASTIN, FR ALMELO,NL
JUHLICH, GE CAPENHURST, UK
11-12-2012 16
SECURITY ARRANGEMENTS
• CLASSIFICATION GUIDE FOR CENTRIFUGE COMPONENTS • PENTAPARTITE HANDBOOK ON SECURITY OF CLASSIFIED INFORMATION, INCLUDING CYBER • HARMONIZATION OF SECURITY REQUIREMENTS
• ATOLL CLASSIFICATION OF TECHNOLOGY INFORMATION
• STATE ACCREDITATION OF WORKERS AND VISITORS • SECURITY ARRANGEMENTS SAFEGUARD INSPECTIONS (MANAGED ACCESS)
11-12-2012 17
Type of information In the UK, Germany Netherlands and France
In the US
Gas Centrifuge technology
ATOLL Restricted Data
Security/Safeguards information
No special markings National Security Information (not marked as such)
Clearance equivalence tabel
UK US FR NL GE
SECRET ATOLL DV Q SD B U2 CONFIDENTIAL
ATOLL SC L CD B U1
RESTRICTED ATOLL SC L B 9
SITE ACCESS
ONLY BPSS ACC CA VOG AtZuV
SECURITY CLASSIFICATION
11-12-2012 18
INFCIRC/225/Rev5 versus INFORMATION PROTECTION
• ENRICHMENTS SITES HAVE CAT3 NUCLEAR MATERIAL , LIMITED ACCESS AREA IS SUFFICIENT • ON ALL SITES IS A CENTRIFUGE ASSEMBLY AREA (CAB), RECYCLE CENTRE (RCC), HOT TEST AREA
Physical Protection System? SECRET ATOLL = VITAL or INNER AREA??
11-12-2012 19
SAFEGUARDS AND ADDITIONAL PROTOCOL
• MANAGED ACCESS =ADDITIONAL PROTOCOL (2004) • FIRST MANAGED ACCESS IS: LIMITED FREQUENCY UNANNOUNCED ACCESS (LFUA) • LFUA DEVELOPED FOR CENTRIFUGE ENRICHMENT PLANTS BY THE HEXAPARTITE SAFEGUARDS PROJECT (HSP-1983) LFUA MANAGES ACCESS TO CASCADE HALLS WITH CENTRIFUGE ARRANGEMENTS.
CASCADE HALL ARE RESTRICTED AREAS
EXPERIENCES WITH MANAGED ACCESS
PROTECTING SENSITIVE INFORMATION: • LIMIT VIEW TO WHAT HAS TO BE SEEN • VISUAL ACCESS ≠ PHYSICAL ACCESS (DISTANCE) • VIEW FROM DIFFERENT SIDES (DOORS/WINDOWS) • SHROUDING OF DETAILS (ACCESS DELAY) • LIMIT RESIDENCE TIME (ROUTING) • LIMIT NUMBER OF INSPECTORS • NO NOTE/PHOTOGRAPH TAKING • ESCORTING AT ALL TIMES VERIFICATION FMCT IN WEAPON STATES?
21
IT PROTECTION
• Slammer worm crashed Ohio nuke plant network • Cyber-attack stole Mitsubishi warplane, nuke plant data • Chinese Spies Steal F-35 Joint Strike Fighter Data from BAE Systems • French AREVA nuke biz slapped in mystery cyberattack • Saudi oil giant seals off network after mystery malware attack • Espionage hack attack preys on chemical firms • Vacuum cleaner set Swedisch nuke plant on fire • EDF security bosses guilty of hacking Greenpeace • Top General warns of cyberspy menace to UK biz • Cyberspy attacks targeting Russians traced back to UK and US • French officials: Don’t worry about fatal nuclear explosion • Obama Gov wants 3 yrs porridge for infrastructure hackers • Chinese cyberspies target energy giants • France blames China for hack attacks etc, etc, etc………
ETC COUNTS 60 ATTACKS /DAY
Bloomberg News
Iran Nuclear Plants Hit By Virus Playing AC/DC
Stuxnet Flame Thunderstruck
11-12-2012 23
In Cyberattack on Saudi Firm, U.S. Sees Iran Firing Back
Saudi Aramco’s Khurais plant, ¾ of pc’s wiped
SOME THOUGHTS IN CONCLUSION
• THE CONFIDENTIALITY OF INFORMATION GOES FURTHER THAN THE PHYSICAL PROTECTION OF NUCLEAR MATERIALS AND FACILITIES
• PROTECTION IS A MEANS, NOT A GOAL IN ITSELF • SENSITIVE TECHNOLOGIES SHOULD BE PROTECTED EQUALLY
AS NUCLEAR MATERIALS, USING A GRADED APPROACH • A PROPOSAL FOR A FIRST GUIDANCE DOCUMENT ON THE
PROTECTION OF SENSITIVE TECHNOLOGIES HAS BEEN OFFERED TO THE IAEA SOME TIME AGO BY THE TROIKA COUNTRIES, ETC AND URENCO
• THE EXTENSIVE EUROPEAN EXPERIENCE WITH PROTECTING TECHNOLOGY DURING SAFEGUARDS VERIFICATIONS MIGHT BE HELPFUL IN THE RATIFICATION PROCESS OF THE FISSILE MATERIAL CUTOFF TREATY (FMCT).
•
Questions…???
11-12-2012 25
11-12-2012 26
Kernfysische dienst / Nucleaire Beveiliging & Safeguards