security in gauging activity

11/12/2008

1

SECURITY IN GAUGING ACTIVITY

Name:FAEIZALALISection/Division:SEKSYENPERUNDANGANATOMICENERGYLICENSINGBOARD(AELB)MINISTRYOFSCIENCETECHNOLOGYANDINNOVATION

Background

Before 11 September 2001, the security of radioactive sources was largely addressed by measures protecting the sources from

Security Awareness Expert Grouphttp://www.aelb.gov.myhttp://ansn.aelb.gov.my

y p gunintentional access by inappropriately qualified personnel or attempts at theft for financial gain

2

REGULATORY CONTROL HIERARCHY

ActRegulation


OrderCode of PracticeMaterial Advisor

LEGISLATIVE FRAMEWORK

i. Main Legislation

Atomic Energy Licensing Act 1984 (Act 304)

ii. RegulationsRadiation Protection (Licensing) Regulations 1986


( g) gRadiation Protection (Basic Safety Standard) Regulations 1988

Regulation No. 52 Emphasize on the licensees responsibility on the protection of sources from theft and sabotage

Radiation Protection (Transportation) Regulations 1989Radiation Protection (Appeal) Regulations 1990

11/12/2008

2

Laws are in place.

Regulatory Authority exists.

RADIATION PROTECTION & SECURITY INFRASTRUCTURE


Rules, regulations and standards have been established.

Arrangements for radiation safety training, radiation protection services and radwaste management services are in place.

- Adoption of the Code of Conduct on Security of Radioactive Sources and the 3 Supporting documents

1st announcement to licensees on 10 December 2008 2nd Announcement on the adoption of these d t t P R ibl f th Li



documents to Person Responsible for the License (PRFL) & Radiation Protection Officer (RPO) on 30 June 2009.

- Source registry database systems


Establishment of emergency planningand preparedness: cooperation with National Disaster Center

Lead Agency for Radiological EmergencyLaunch inter-agency National Drill


Technical Support Organization:Nuclear Malaysia Agency

Cooperation with relevant government agencies have been established:

Ministry of Health, Royal Customs Malaysia, Royal Malaysian Police etc.

ADOPTIONCodeofConductonTheSafetyandSecurityofRadioactiveSources

ApprovedbytheIAEABoardofGovernorson19S t b 2003


8

September2003

ApprovedbytheAELBBoardofMeetingonAugust2007

11/12/2008

3

3elementarydocumenttosupporttheimplementationCoC;

1. CategorizationofRadioactiveSources2. SecurityofRadioactiveSources


9

3. GuidelinesonImportandExportofRadioactivesSources

CATEGORIZATIONOFRADIOACTIVESRSG1.9

Provideasimple,logicalsystemforrankingradioactivesourcesbasedontheirpotentialtocauseh h h l h


10

harmtohumanhealthGroupingthepracticesinwhichthesesourcesareusedintodiscretecategories.

SECURITYOFRADIOACTIVESOURCES

Tecdoc1355

Intendedtoprovideguidancetoregulatorybody,manufacturers,suppliersandusersofsourcesindecidingwhichsecuritymeasuresareneededtoensureconsistencywiththeInternationalBasicSafetyStandardsandtheRevisedCodeofConduct for the Safety and Security of


11

ConductfortheSafetyandSecurityofRadioactiveSources.

Itisrecognizedthattheremustbeabalancebetweenmanagingsourcessafelyandsecurely,whilestillenablingthemtobeusedbyauthorizedpersonnelwithoutunduehindrance

GUIDANCEONTHEIMPORTANDEXPORTOFRADIOACTIVESOURCES

ThisGuidanceprovidesacommonframework,tootherradioactivesourcesinadditiontoCategory1and2sources.


12

AggregationofsourcesthatmayposearisksimilartoCategory1or2sourceswillbeconsideredunderthecontextofthisGuidance

11/12/2008

4

OBJECTIVE

To ensure security of sources requires that measures be applied to prevent unauthorized access to radioactive sources at all stages of their life cycle, as well as loss, theft, and unauthorized transfer of sources


,To ensure the safety of radioactive sources requires controlling exposure to radiation from sources, both directly and as a consequence of incidents, so that the likelihood of harm attributable to such exposure is very lowSecurity is therefore a prerequisite for safety

13

Definitions

Design basis threat for sources means the attributes and characteristics of potential insider and/or external adversaries, who might attempt damage to, or unauthorized removal of, radioactive sources , against which a physical protection system is designed and evaluated


and evaluated

Security means measures to prevent unauthorized access or damage to, and loss, theft or unauthorized transfer of, radioactive sources

Security culture means characteristics and attitudes in organizations and of individuals, which establish that security issues receive the attention warranted by their significance

14

DefinitionsSafety means measures intended to minimize the likelihood of accidents with radioactive sources and, should such an accident occur, to mitigate its consequences


Safety culture means the assembly of characteristics and attitudes in organizations and individuals which establishes that, as an overriding priority, protection and safety issues receive the attention warranted by their significance

Accounting means physically checking that all sources are present in their expected location. This may be satisfied by an appropriate radiation survey.

15

Definitions

Inventorying means a campaign to physically check all sources possessed, by specifically and uniquely identifying each individual source using

i t h i l b


appropriate means such as serial numbers.

Principal parties means the person having the main responsibilities for the application of the basic safety standards. These are registration of licensees.

16

11/12/2008

5

Overall strategy

Prevention of acquisition of radioactive sources by those with malevolent intent. This includes measures to:

Deter (prevent) unauthorized access to the source or source


Deter (prevent) unauthorized access to the source, or source location, in order to deter theft;detect any such attempts at unauthorized access;delay unauthorized access or theft;provide rapid response to attempts at unauthorized access or theft.

17

Threat assessment

The use of a design basis threat assessment methodology is recommended as the best method to design the security measures for specific sources.


A detailed design basis threat assessment methodology to define the appropriate level of security consists of the following activities

Characterize the source, its type, nature and applicationPerform an assessment of the potential threat within the country as a whole, based on information from security and intelligence experts.

18

Threat assessment

Evaluate the potential consequences of successful actions to acquire the sourceDetermine, based on the assessment of threat and potential consequences a design basis threat against


potential consequences, a design basis threat against which the security should be designed and evaluated.Perform a vulnerability analysis for the specific source, or sources against this design basis threat

19

Performance objectives for security groups

four security groups are defined based on these fundamental protection capabilities. They provide a systematic way of categorizing the graded performance objectives required to cover the range of security


j q g ymeasures that might be needed, depending on the assessed risk

Security Group A:

Security Group B:Security Group C:Security Group D:

20

11/12/2008

6

Security Group A

Measures should be established to deter unauthorized access, and to detect unauthorized access and acquisition of the


qsource in a timely manner. These measures should be such as to delay acquisition until response is possible

21

Security Group B:

Measures should be established to deter unauthorized access, and to detect unauthorized access and acquisition of the


qsource in a timely manner.

22

Security Group C:

Measures should be established to deter unauthorized access


verify the presence of the source at set intervals

23

Security Group D

Measures should be established to ensure safe use of the source and adequately protect it as an asset, verifying its


p , y gpresence at set intervals.

24

11/12/2008

7

Security Group (Gauging)Security Group A Security

Group BSecurity Group C

Security Group D

Safe management and protect as an asset

Deter (prevent) unauthorized access


(p )

Timely detection of unauthorized access

Timely detection of unauthorized acquisition of the radioactive source

Verification of source presence at setintervalsDelay acquisition

until response is possible

25

Assignment of radioactive sources to security groups

most effectively achieved by using the outcomes of the threat assessment

the IAEA has developed a revised Categorization of Radioactive


Sources (IAEA-TECDOC-1344)

sources in Categories 1 to 3 generally have the possibility of giving rise to exposure sufficient to cause severe deterministic effects if they are uncontrolled

26

Security groups based upon source categorization

SecurityGroup

SourceCategory

Examples of practices

A 1 Radioisotope RTGs)IrradiatorsTeletherapy Fixed multi- knife)

2 Industrial radiography


B 2Industrial radiographyHigh/medium dose rate brachytherapy

3 Fixed industrial gauges (e.g. level, dredger, conveyor)Well logging gauges

C 4Low dose rate brachytherapy (except those below)Thickness/fill-level gaugesPortable gauges (e.g. moisture/density)Bone densitometerStatic eliminators

D 5 Low dose rate brachytherapy eyeplaques and permanent implant sourcesX ray fluorescence devicesElectron capture devices

27

Source Category 1 & 2


11/12/2008

8

Source Category 3,4 & 5


TYPES OF SPECIFIC SECURITY MEASURES

Administrative measuresaccess control procedures;alarmed access points (e.g. with radiation detectors);key control procedures;


key control procedures;video cameras or personal surveillance;records related to management of sources;inventories; regulations and guidance;reliability and trustworthiness of personnel;information security;establishment of a safety culture and a security culture.

30

TYPES OF SPECIFIC SECURITY MEASURES

Technical measuresfences;walls;


cages;transport packaging;locks and interlocks for doors;locked, shielded containersintrusion-resistant source-holding devices.

31

Licensee ResponsibilityLicensees bear the responsibility for setting up and implementing the technical and organizational measures that are needed for ensuring both the safety and security of the sources for which they are authorized.

Licensees should ensure that:Sources are managed in accordance with the authorization.


Sources are managed in accordance with the authorization.When sources are not in use, they are promptly stored in an approved manner. Storage should be in accordance with the requirements for the group to which the source belongs.Any transfer of sources to another person is documented and that person is authorized in accordance with the applicable regulatory requirements to receive the transferred source.Financial provisions in accordance with the regulatory requirements for the safe management of disused sources are in place.Sources are shipped and received in accordance with regulatory requirements.

11/12/2008

9

Licensee Responsibility

Individuals (radiation worker) with assigned responsibility for sources

Reliable


ReliableAuthorizedProper training

Inventories and RecordsAll sources should be inventoried at least on an annual basis and should be maintained and updated as follows:

The routine inventoryWhenever the recorded parameters change and particularlyWhenever sources are transferred


The records should include the following particulars:Location of the sourceRadionuclideRadioactivity on a specified dateSerial number or unique identifierPhysical formSource use historyReceipt, transfer or disposal of the source

Status and Event Reporting System

Unusual events to be reported to the Regulatory Authority could include:

Loss of control over a radioactive source


Unauthorized access to, or unauthorized use of a sourceMalicious acts threatening authorized activitiesDiscovery of any unaccounted source.

Specific Security Measures


Measures

36

11/12/2008

10

Specific Security Measures

Groups A and B, a basis is needed for the design of the appropriate delay and detection devices.

For security groups C and D there is less need for a


For security groups C and D, there is less need for a design basis threat approach and application of existing standards is an appropriate approach

A summary of recommended measures described below is given as follows:

Group A Group B Group C Group DGeneral administrative measures

Daily accounting Weakly accounting Semi-annual accounting

annual accounting

Access control to sources location allowing timely detection of unauthorized access

Access control to sources location

No specific provision

Deterrence (prevent) provided by:

A. 2 tech measures B. 2 measures (1 tech measure)

C. 1 tech measures

S ifi l G i


Routine measures to ensure safe used and protect as and asset

Specific emergency response plan Generic emergency response plan

Background checks

Security plan

Information security

Upgrade security for increase threat

Timely detection provided by:

A: Remotely monitored intruder alarm

B: Local alarm

Timely response to an alarm

Security Group A and B

Emergency response planSpecific emergency response procedures should be developed.

Background check


ac g ou d c ecLicensees should ensure that persons engaged in the management of group A and B sources are trustworthy

Information securityInformation or documents that can be used to identify specific locations, specific security measures or weaknesses in principal partys system of management of sources should be controlled and distributed.

Security Group A and B

Response to an increased threatThe planning for response to an increased threat of malevolent use should take place in close cooperation with the Regulatory Authority


Security plansThe security plan should describe how the security provisions in this document are met for the source(s) under consideration

40

11/12/2008

11

Security Group ASources in storage

a locked and fixed container or a device holding the source;a locked storage room, separating the container from unauthorized personnel;access control to the storage room;detection of unauthorized access or removal of the source;


ability to respond in a timely manner to such detection.stored in a shielded container, which is locked;kept in an enclosed, secured vehicle;the vehicle parked inside a locked compound or locked garage;the vehicle subject to continuous detection of unauthorized intrusion attempts and thereshould be the capability to respond to intrusion.

Hh 41

Security Group A

Sources in transportbackground checks on trustworthiness of the transport organization and operatives;deterrence through use of transport packages locked and sealed


deterrence through use of transport packages locked and sealed and in a dedicatedtransport unit, which is locked;timely detection through radio communication between the personnel in the vehicle anda security office or organization;response through security trained transport operatives;emergency plan developed to deal with emergencies in transit

42

Security Group B

Sources in storagea locked and fixed container or a device holding the source;a locked room to separate the container from unauthorized access;


access;access control to the room;ability to detect unauthorized access to, or removal of the source.

43

Security Group B

Sources in transportTransport of Security Group B sources should satisfy the performance requirements for


y p qsecurity for this group. comply with national and international legislation and agreements on security in transport

44

11/12/2008

12

Security Group CSources in transport

Transport of Security Group B sources should satisfy the performance requirements for security for this groupcomply with national and international legislation and


agreements on security in transport

Sources in storagesources could be stored in a locked, fixed container and in a room with control on access.

45

Security Group D

ensure safe use of the source and adequately protect it as an asset, verifying its presence at set intervals.


comply with national and international legislation and agreements on security in transport

46

TEMPORARY STORAGE

emergency or the discovery of an orphan source

sources should be removed from a temporary


p ystorage to a designated facility as soon as practicable, with the objective that no source is stored temporarily for greater than 30 days

47

Thank you


48

security in gauging activity

Documents

protection of sources

radiation protection

radiation safety training

royal customs malaysia

licensees responsibility

nd announcement

royal malaysian police

p gunintentional access