Human Factor in Nuclear Security: Establishing and Optimizing Security Culture 3031202775, 9783031202773

This book attempts to look into the genesis of security culture as a concept which emerged with the recognition of the r

233 24 6MB

English Pages 201 [202] Year 2023

Report DMCA / Copyright

DOWNLOAD PDF FILE

Table of contents :
Preface
Contents
About the Author
List of Figures
List of Tables
List of Boxes
1 Human Performance
1.1 Patterns of Behavior
1.2 Competence
1.3 To Err is Human
1.4 High-Tech Innovations
References
2 National and Organizational Culture
2.1 Culture Diversity
2.2 National Dimensions
2.3 Four Types of Organizational Culture
2.4 High Reliability Organization
2.5 Edgar Schein’s Principles of Organizational Culture
References
3 Security Culture in Nuclear Facilities and Activities
3.1 Role of Nuclear Security Culture
3.2 IAEA Model of Security Culture
3.3 Beliefs, Assumptions, and Value
3.4 Management Systems
3.5 Security Culture Drivers
References
4 Capacity and Competence Building for Nuclear Security Culture
4.1 Cross-Cutting Function
4.2 Education
4.3 Training
4.4 Nuclear Knowledge Management
4.5 Knowledge Management Networks
4.6 Stakeholder Engagement
4.7 IAEA Activities in Nuclear Security Culture
References
5 Assessing and Enhancing Nuclear Security Culture
5.1 Role of Self-Assessment
5.2 Special Considerations for Security-Culture Self-Assessment
5.3 Process of Security Culture Self-Assessment
5.4 Self-Assessment Tools
5.5 Conducting the Analysis
5.6 Benefits of Self-Assessment
5.7 Corrective and Enhancing Measures
References
6 Bringing Safety-Security Culture into Harmony
6.1 Safety as an IAEA Priority
6.2 Two Sides of the Same Coin
6.3 Aligning Safety and Security Culture
6.4 Crucial Topics and Areas
6.5 Six Phases of Harmonization
References
7 Security Culture for Users of Radioactive Sources
7.1 Vulnerabilities and Misuse
7.2 Physical Protection and the Human Factor
7.3 Radioactive Sources: Special Considerations for Security Culture
7.4 Security Culture Model for Radioactive Sources
7.5 Evaluating and Enhancing
References
8 Nuclear Security Culture as a Tool to Address Insider Threat
8.1 What is Insider Threat?
8.2 Security Culture Applicability
References
9 Application of Culture Methodology in Non-nuclear Domains
9.1 Part I: Biomedical Domain: Biorisk-Management Culture
9.1.1 Biorisk Management
9.1.2 Human Performance
9.1.3 Model of Biorisk-Management Culture
9.2 Part II: Policy and Management Practice: Compliance Culture in Strategic Trade
9.2.1 Establishing Compliance Management
9.2.2 Strategic-Trade Compliance Model
9.2.3 Samples of Compliance-Culture Indicators
9.2.4 Assessment and Enhancement
Conclusion: A Way Forward
Global Tier
National Tier
IAEA Tier
Appendix A IAEA Security Culture Characteristics and Associated Indicators (As Listed in Appendix II of Technical Guidance 28-T Self-assessment of Nuclear Security Culture in Facilities and Activities)
Management Systems
Leadership Behavior
Personnel Behavior
Appendix B A Methodology for Evaluating the Implementation of Human-Reliability Programs
Introduction
Methods for Collecting Data
HRP Evaluation and Indicators
Findings: Levels of Maturity
Visualization of Self-assessment Results
Conclusion
Recommend Papers

Human Factor in Nuclear Security: Establishing and Optimizing Security Culture
 3031202775, 9783031202773

  • 0 0 0
  • Like this paper and download? You can publish your own PDF file online for free in a few minutes! Sign Up
File loading please wait...
Citation preview

Advanced Sciences and Technologies for Security Applications

Igor Khripunov

Human Factor in Nuclear Security Establishing and Optimizing Security Culture

Advanced Sciences and Technologies for Security Applications Editor-in-Chief Anthony J. Masys, Associate Professor, Director of Global Disaster Management, Humanitarian Assistance and Homeland Security, University of South Florida, Tampa, USA Advisory Editors Gisela Bichler, California State University, San Bernardino, CA, USA Thirimachos Bourlai, Lane Department of Computer Science and Electrical Engineering, Multispectral Imagery Lab (MILab), West Virginia University, Morgantown, WV, USA Chris Johnson, University of Glasgow, Glasgow, UK Panagiotis Karampelas, Hellenic Air Force Academy, Attica, Greece Christian Leuprecht, Royal Military College of Canada, Kingston, ON, Canada Edward C. Morse, University of California, Berkeley, CA, USA David Skillicorn, Queen’s University, Kingston, ON, Canada Yoshiki Yamagata, National Institute for Environmental Studies, Tsukuba, Ibaraki, Japan

Indexed by SCOPUS The series Advanced Sciences and Technologies for Security Applications comprises interdisciplinary research covering the theory, foundations and domain-specific topics pertaining to security. Publications within the series are peer-reviewed monographs and edited works in the areas of: . biological and chemical threat recognition and detection (e.g., biosensors, aerosols, forensics) . crisis and disaster management . terrorism . cyber security and secure information systems (e.g., encryption, optical and photonic systems) . traditional and non-traditional security . energy, food and resource security . economic security and securitization (including associated infrastructures) . transnational crime . human security and health security . social, political and psychological aspects of security . recognition and identification (e.g., optical imaging, biometrics, authentication and verification) . smart surveillance systems . applications of theoretical frameworks and methodologies (e.g., grounded theory, complexity, network sciences, modelling and simulation) Together, the high-quality contributions to this series provide a cross-disciplinary overview of forefront research endeavours aiming to make the world a safer place. The editors encourage prospective authors to correspond with them in advance of submitting a manuscript. Submission of manuscripts should be made to the Editor-in-Chief or one of the Editors.

Igor Khripunov

Human Factor in Nuclear Security Establishing and Optimizing Security Culture

Igor Khripunov Stimson Centre Washington D.C., USA

ISSN 1613-5113 ISSN 2363-9466 (electronic) Advanced Sciences and Technologies for Security Applications ISBN 978-3-031-20277-3 ISBN 978-3-031-20278-0 (eBook) https://doi.org/10.1007/978-3-031-20278-0 © The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG 2023 This work is subject to copyright. All rights are solely and exclusively licensed by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. The publisher, the authors, and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, expressed or implied, with respect to the material contained herein or for any errors or omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in published maps and institutional affiliations. This Springer imprint is published by the registered company Springer Nature Switzerland AG The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland

Preface

Human performance is molded by numerous factors that can enhance or impair human behavior. By extension individuals’ performance reverberates across an entire organization, shaping or misshaping how well the institution performs work functions—including functions meant to offset security risks. After all, humans have a well-earned reputation for being the most complex, least understood, and most fallible component of any institution. Still, people are the main players in the design, testing, maintenance, and operation of any security system, and the system depends on each person’s capabilities, limitations, motives, and attitude, as well as on the quality of instruction and training provided him or her. Any interface between technologies and operators devised to enforce security standards requires effective input from what is commonly known as the “human factor” and reliability. The historic belief has been that human errors and violations stem from individual frailties or morale problems. I maintain, however, that weaknesses in organizational processes and cultural values contribute far more to security failures than do individual mistakes. The book describes how human performance can be improved, either reactively after a security event or preferably proactively before a problem arises, within the context of a general improvement performance. It requires a systematic approach for determining desired performance, continuously evaluating beliefs and attitudes among personnel, identifying and analyzing performance gaps, developing and implementing enhancement and correction solutions, and assessing the results of improvement interventions for assuring that performance improvement takes place. Thus, renovating the culture within an organization constitutes the best remedy for security shortcomings. “Nuclear security culture” is the focus of this book. It is a tool to support, enhance, and sustain nuclear security at power plants and other facilities that handle fissile materials. The book reviews the genesis and application of nuclear security culture as developed and practiced by the International Atomic Energy Agency (IAEA). Such a culture habituates trained individuals to hunt for security risks, stay motivated, empirically evaluate the ambient culture at the site, and adjust it to emerging needs. The role of culture is now unambiguously recognized as a significant interdisciplinary factor that elevates standards of performance, safety, security, compliance, and personal discipline. The book spotlights potential v

vi

Preface

and actual challenges that must be addressed to make security culture a user-friendly, universal, and sustainable instrument—transforming the human factor from what is often perceived as a liability into an asset to nuclear security. The book describes specialists’ long-running efforts to apply the IAEA security culture methodology to nuclear power-generating facilities as well as other elements of the nuclear complex. A separate chapter focuses on how operators of radioactive sources can harness culture to bolster security and discusses the role of management and other actors in this process. An example of practical application of this methodology and its indicators comes in the chapter on addressing insider threats. Yet another chapter provides an example of how this methodology can be applied in other domains such as the biological sciences, where it goes under the name “biorisk management culture.” Nuclear security culture emerged much later than safety culture in response to new threats and vulnerabilities, but both cultures have a common objective, namely the protection of people, society, and the environment from a large release of radioactive material. The two cultures have many principles in common, although their implementation and priorities are different. The book discusses the interface between security and safety culture and suggests conceptual and practical approaches to coordinate them in an efficient cultural program—guaranteeing both safety and security. Based on the author’s personal experience as a IAEA consultant and an instructor at numerous workshops in countries at different stages of planning or developing nuclear infrastructure and with different organizational and national cultures, this book may be a useful reading source for students, scholars, and practitioners interested in improving and updating their knowledge of the human dimension of nuclear security as well as honing skills to implement, assess, and enhance institutional culture. This is a universal methodology. Readers can easily adjust it to their specific needs and professional interests. The author would like to thank Dr. James Holmes (USA) and Christopher Tucker (USA) for making this book possible, as well as Khairul Khairul (Indonesia), Vladimir Yankov (Bulgaria), Carsten Speicher (Germany), and Terry Kuykendall (USA) for their support and contribution. Athens, GA, USA

Igor Khripunov

Contents

1 Human Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.1 Patterns of Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.2 Competence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.3 To Err is Human . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.4 High-Tech Innovations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

1 1 5 8 11 12

2 National and Organizational Culture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.1 Culture Diversity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.2 National Dimensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.3 Four Types of Organizational Culture . . . . . . . . . . . . . . . . . . . . . . . . . . 2.4 High Reliability Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.5 Edgar Schein’s Principles of Organizational Culture . . . . . . . . . . . . . References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

13 13 16 19 22 24 29

3 Security Culture in Nuclear Facilities and Activities . . . . . . . . . . . . . . . 3.1 Role of Nuclear Security Culture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.2 IAEA Model of Security Culture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.3 Beliefs, Assumptions, and Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.4 Management Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.5 Security Culture Drivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

31 31 33 35 38 40 42

4 Capacity and Competence Building for Nuclear Security Culture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.1 Cross-Cutting Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.2 Education . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.3 Training . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.4 Nuclear Knowledge Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.5 Knowledge Management Networks . . . . . . . . . . . . . . . . . . . . . . . . . . .

43 43 44 46 51 53

vii

viii

Contents

4.6 Stakeholder Engagement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.7 IAEA Activities in Nuclear Security Culture . . . . . . . . . . . . . . . . . . . References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

54 58 60

5 Assessing and Enhancing Nuclear Security Culture . . . . . . . . . . . . . . . . 5.1 Role of Self-Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.2 Special Considerations for Security-Culture Self-Assessment . . . . . 5.3 Process of Security Culture Self-Assessment . . . . . . . . . . . . . . . . . . . 5.4 Self-Assessment Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.5 Conducting the Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.6 Benefits of Self-Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.7 Corrective and Enhancing Measures . . . . . . . . . . . . . . . . . . . . . . . . . . . References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

61 61 62 65 68 74 77 79 81

6 Bringing Safety-Security Culture into Harmony . . . . . . . . . . . . . . . . . . . 6.1 Safety as an IAEA Priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.2 Two Sides of the Same Coin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.3 Aligning Safety and Security Culture . . . . . . . . . . . . . . . . . . . . . . . . . . 6.4 Crucial Topics and Areas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.5 Six Phases of Harmonization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

83 83 86 88 89 95 97

7 Security Culture for Users of Radioactive Sources . . . . . . . . . . . . . . . . . 7.1 Vulnerabilities and Misuse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.2 Physical Protection and the Human Factor . . . . . . . . . . . . . . . . . . . . . 7.3 Radioactive Sources: Special Considerations for Security Culture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.4 Security Culture Model for Radioactive Sources . . . . . . . . . . . . . . . . 7.5 Evaluating and Enhancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

99 99 101

8 Nuclear Security Culture as a Tool to Address Insider Threat . . . . . . 8.1 What is Insider Threat? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.2 Security Culture Applicability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

115 115 119 126

9 Application of Culture Methodology in Non-nuclear Domains . . . . . . 9.1 Part I: Biomedical Domain: Biorisk-Management Culture . . . . . . . . 9.1.1 Biorisk Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.1.2 Human Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.1.3 Model of Biorisk-Management Culture . . . . . . . . . . . . . . . . . . 9.2 Part II: Policy and Management Practice: Compliance Culture in Strategic Trade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.2.1 Establishing Compliance Management . . . . . . . . . . . . . . . . . . 9.2.2 Strategic-Trade Compliance Model . . . . . . . . . . . . . . . . . . . . . 9.2.3 Samples of Compliance-Culture Indicators . . . . . . . . . . . . . . 9.2.4 Assessment and Enhancement . . . . . . . . . . . . . . . . . . . . . . . . .

127 127 128 129 132

103 106 109 113

136 136 139 141 142

Contents

ix

Conclusion: A Way Forward . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 Appendix A: IAEA Security Culture Characteristics and Associated Indicators (As Listed in Appendix II of Technical Guidance 28-T Self-assessment of Nuclear Security Culture in Facilities and Activities) . . . . 153 Appendix B: A Methodology for Evaluating the Implementation of Human-Reliability Programs . . . . . . . . . . . . . . . . . . . . . . . . 183

About the Author

Dr. Igor Khripunov joined the Center for International Trade and Security (formerly the Center for East-West Trade Policy) at the University of Georgia in 1992 and served until July 2018 as Distinguished Fellow and Director as well as Adjunct Professor at the University of Georgia’s School of Public and International Affairs. He was also Editor-in-Chief of the 1540 Compass, a journal published between 2012 and 2017 in cooperation with the UN Office for Disarmament Affairs. He is a nonresident fellow at the Stimson Center, USA, and often acted as a consultant and training instructor for the International Atomic Energy Agency (IAEA). Igor Khripunov extensively collaborated with the UN Specialized Agencies, NATO Science for Peace and Security Program, and other international organizations. Igor Khripunov has contributed to several books and book chapters on WMD arms controls and nonproliferation, nuclear safety and security, terrorism, and organizational culture. He has written over 200 articles and op-eds in world media including Arms Control Today, Comparative Strategy, Security Dialogue, Jane’s Intelligence Review, Nonproliferation Review, International Journal of Nuclear Security, Problems of Post-Communism, The Bulletin of the Atomic Scientists, Defense News, and other publications. Dr. Igor Khripunov Nonresident Fellow at Stimson Center Washington D.C., USA [email protected], [email protected]

xi

List of Figures

Fig. 1.1

Fig. 2.1 Fig. 2.2 Fig. 2.3 Fig. 2.4 Fig. 3.1 Fig. 3.2 Fig. 4.1 Fig. 5.1 Fig. 5.2 Fig. 5.3 Fig. 5.4 Fig. 6.1 Fig. 6.2

Fig. 6.3 Fig. 7.1 Fig. 8.1 Fig. 8.2

Application of skill-, rule-, and knowledge-based modes: increasing uncertainty requires more reliance on culture and experience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . National and organizational culture interface . . . . . . . . . . . . . . . . . Organizational effectiveness: four cultural clusters . . . . . . . . . . . . Edgar Schein’s three cognitive levels of organizational culture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Schematic view of the IAEA model for nuclear security culture based on Edgar Schein’s methodology . . . . . . . . . . . . . . . . Shift in security perception under the impact of a robust security culture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Nuclear security series (NSS) publications . . . . . . . . . . . . . . . . . . Building capacity and competency for nuclear security culture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Advantages and disadvantages of surveys as a self-assessment method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Advantages and disadvantages of interviews as a self-assessment method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Advantages and disadvantages of document review as a self-assessment method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Advantages and disadvantages of observation as a self-assessment method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Transition to the culture-for-safety model . . . . . . . . . . . . . . . . . . . Interface of natural and manmade events and the role of harmonized safety-security culture in preventing and mitigating them . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Phased security-safety culture harmonization process . . . . . . . . . . Model of security culture for radioactive sources . . . . . . . . . . . . . Effects of organizational and social strains . . . . . . . . . . . . . . . . . . Samples of culture indicators for characteristics relevant to insider threat program (1) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

7 16 20 26 29 39 41 50 70 72 73 75 85

87 95 108 117 123 xiii

xiv

Fig. 8.3 Fig. 8.4 Fig. 9.1 Fig. 9.2 Fig. A.1

List of Figures

Samples of culture indicators for characteristics relevant to insider threat program (2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Samples of culture indicators for characteristics relevant to insider threat program (3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Model of biorisk-management culture . . . . . . . . . . . . . . . . . . . . . . Model for strategic-trade compliance culture . . . . . . . . . . . . . . . . . Five-point maturity scale with hypothetical self-assessment results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

124 125 133 140 192

List of Tables

Table 2.1 Table 3.1 Table 4.1 Table 6.1 Table 7.1 Table 8.1 Table A.1 Table A.2

Geert Hofstede’s model of national culture . . . . . . . . . . . . . . . . . Key tools for management to effect a cultural change . . . . . . . . Scope of international physical protection advisory missions (IPPAS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Binding and non-binding nuclear safety instruments applicable to nuclear security . . . . . . . . . . . . . . . . . . . . . . . . . . . . Irradiation equipment and their application fields . . . . . . . . . . . . Insider threat: high-risk psychological indicators . . . . . . . . . . . . Overview of methods to collect data . . . . . . . . . . . . . . . . . . . . . . Five levels of maturity for an HRP . . . . . . . . . . . . . . . . . . . . . . . .

19 39 59 85 105 118 185 191

xv

List of Boxes

Box 1.1 Box 1.2 Box 2.1 Box 2.2 Box 3.1 Box 4.1 Box 5.1 Box 6.1 Box 7.1 Box 7.2 Box 8.1 Box 9.1.1 Box 9.2.1

Sources of At-Risk Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . Human Error Precursor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Edgar Schein’s Cultural Fundamentals (Part 1) . . . . . . . . . . . . . . Edgar Schein’s Cultural Fundamentals (Part 2) . . . . . . . . . . . . . . What Are Violations and Why They Happen . . . . . . . . . . . . . . . IAEA E-Learning Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Self-Assessment in Indonesia . . . . . . . . . . . . . . . . . . . . . . . . . . . . Combined Safety-Security Culture Assessment at Kozloduy NPP (Bulgaria) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Radiological Source Incident in Goiania (Brazil, September 1985) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A Radioactive Source Stolen in Mexico . . . . . . . . . . . . . . . . . . . . Insider Threat: Koeberg Nuclear Power Plant . . . . . . . . . . . . . . . Biorisk Management and Human Fallibility . . . . . . . . . . . . . . . . Internal Compliance Program . . . . . . . . . . . . . . . . . . . . . . . . . . . .

3 8 25 27 35 46 78 93 100 103 118 129 137

xvii

Chapter 1

Human Performance

Abstract People are the main players in the design, testing, maintenance, and operation of any security system, and their performance depends on each person’s capabilities, limitations, and motives. The performance of a highly complex socio-technical system is dependent upon the interaction among human, organizational, technical, social, and environmental factors. A major security-related innovation or initiative must be accompanied by a carefully conceived and implemented change in people’s mindset. Human performance plays a key role in implementing fundamental principles such as risk assessment and threat evaluation, graded approach, defense in depth, and many others. Human performance is much more variable and difficult to predict than hardware performance because humans tend to process inputs considering their experience, intentions, and biases. Competencies include skill-based, rule-based, and knowledge-based elements which, once acquired, allow a person to perform a job or task to required standards. Most security lapses in human-designed, -managed, and -operated systems are ultimately the result of low motivation, human miscalculation, or errors. Common perceptions of human error are strongly associated with notions of blame, possible sanctions, and individual responsibility that contributed to failure. Complacency is a multifaceted construct describing a mindset of self-satisfaction based on a false sense of security accompanied by a lack of awareness of potential danger. Security culture is a universal practice to address, among other things, a wide range of human errors and miscalculations, with a special emphasis on deliberate and malicious acts.

1.1 Patterns of Behavior Human performance is shaped by numerous factors that can influence human behavior across an entire organization, impairing or enhancing work functions— including those meant to address security risks. After all, humans have earned a reputation as the most complex component of any institution, not to mention the least understood and the most vulnerable to failure. Still, people are involved as the main player in the design, testing, maintenance, and operation of any security system, and their performance depends on each person’s capabilities, limitations, motives, © The Author(s), under exclusive license to Springer Nature Switzerland AG 2023 I. Khripunov, Human Factor in Nuclear Security, Advanced Sciences and Technologies for Security Applications, https://doi.org/10.1007/978-3-031-20278-0_1

1

2

1 Human Performance

and attitudes, as well as on the quality of instruction and training provided them. Such an interface between technologies and operators to enforce security standards requires effective input from what is usually known as the human factor. Security incidents result from a combination of factors, many of which are beyond the control of any one individual. The degree of need for an integrated and comprehensive view of human performance depends on how effectively the entire management system and personnel function as a team, and on the extent to which all processes are adjusted to known and unexpected risks. IAEA Technical Document 1204 (IAEATECDOC-1204), A Systematic Approach to Human Performance Improvement in Nuclear Power Plants: Training Solutions, emphasizes that integration of organizational factors, such as human and equipment performance, is crucial to effective performance. The document defines human performance as the behavior of people in a system, with a focus on understanding the general behavior of people within the system, rather than on the behavior of any one individual [1]. When an outcome is not consistent with expectations, it is not unusual to trace the problem to an individual involved and classify the case as a human error. Yet the problem’s root causes often lie elsewhere in the organization. Further review may indicate that some aspects of the workplace may be misaligned with what is needed for the required performance. Deficiencies could be traced to gaps in organizational culture and its subsets like security culture (common shortcomings including noncompliance and complacency), an adverse work environment, or equipment design that unintentionally makes the worker carry out inappropriate actions or otherwise interferes with this worker’s ability to perform work functions as required [2]. A review of past accidents indicates that the performance of highly complex sociotechnical systems is dependent upon the interaction among human, organizational, technical, social, and environmental factors. As an illustration, immediately after the Three Mile Incident (1979), the focus fell on the human factor. But careful evaluation afterwards, including of the origins of the Chernobyl accident (1986), gradually widened the focus. The consensus that has taken hold since the mid-1980s views accidents and similar events not exclusively as the consequences of technical failures and human errors, but as the result of an organization-wide context conducive to substandard outcomes. In other words, error-prone institutions suffer from cultural erosion. In this perspective, active human errors are only some of the direct and immediate causes behind such events. Equally important contributing roles belong to what is known as latent errors. Such latent weaknesses are defined as deficiencies in strategies, policies, or training, as well as other areas of management, or as shared beliefs, attitudes, and assumptions among personnel that create ambient conditions conducive to errors and degraded controls. Such weaknesses can escape notice. Deviations from established practices can persist for years without being observed by management and without any detected security breaches or near-misses, until a critical security boundary is reached, and an incident transpires.

1.1 Patterns of Behavior

3

Box 1.1: Sources of At-Risk Behavior • Unfamiliarity: a situation is important but occurs infrequently or is novel, • Time shortage: not enough time is available for error detection and correction, • Understanding: no means available to convey information such that it is easy to understand, • Information overload: simultaneous presentation of information goes beyond a person’s capacity to understand, • New techniques: the need to learn new techniques which may follow philosophies opposing those that have been used previously, • Perceived risk: the actual risks present are greater than the person involved realizes, • Physical ability: the person does not have the physical ability to perform the required tasks, • Mental stimulation: the person is required to spend a lot of time either inactive or involved in highly repetitive, menial tasks, • Disruption: work patterns cause disruption to normal sleep and rest cycles, • Pacing: other people can influence the pace at which tasks can be performed There are reasons to believe that a successful outcome when introducing major security upgrades depends in large part on a culture change. After all, organizations quickly return to a healthy status quo, even when technologies or procedures are altered, if their values, orientations, definitions, and goals stay constant [3]. In other words, a major security-related innovation or initiative must be accompanied by a carefully conceived and implemented change in people’s mindset. The more complex security technology becomes, the more dependent it is on dedicated, security-conscious personnel and the values people internalize. Security systems are unique in the sense that they are designed to stop an adversary whose goal is to defeat the system, rather than to stop human or equipment failings. This makes for a dynamic environment. As adversaries’ capabilities change and threat scenarios evolve, a security system must be able to evolve rapidly and adapt in response. The need for continuous evaluation of a security system and the ability to stay a step ahead by adjusting the system’s performance to changing scenarios is a function that can be performed only by personnel with a deeply embedded security mentality. Watchfulness must be second nature. Human performance plays a key role in implementing fundamental principles such as risk assessment and threat evaluation, a graded approach, defense in depth, and many others. The outcome of the whole range of security-related tasks depends on human performance, including the prevention of potential incidents, conduct of routine security activities, and management of emergency situations. Attitudes and practices among personnel required to optimize human performance in these circumstances may include:

4

1 Human Performance

• • • • •

Being ill at ease with errors. The will to communicate problems and participate in opportunities to improve. Vigilant situational awareness. Sufficient levels of training, competencies, and practice performing a task. Consideration of the physical environment in which personnel is expected to perform. • Rigorous use of error-prevention techniques. • Continuous focus on the possibility of an insider threat; and • Understanding the value of teamwork and relationships. Behavior and underlying motives are valuable sources that enable management to assess and predict, successfully anticipating, preventing, neutralizing, or recovering from human errors. A close observation must be conducted to identify what factors influence behavior in general, and what motivates, provokes, and shapes it when performing security functions and operating security equipment. Since organizations’ security and reliability depend on human behavior, specialists have established and refined a multitude of management tools to help achieve desirable results. Among them are function allocation, task analysis, staffing and qualifications, interface design, and training. Human performance is less predictable than that of hardware because humans tend to process inputs considering not-strictly-rational factors such as experience, intentions, and biases. Human behavior fluctuates under the impact of so-called performance-influencing factors (PIFs) originating from individual character, the work environment, and an organization’s culture. In practice, PIFs can be described as those factors which determine the likelihood of error or stimulate effective human performance. Performance-influencing factors can be grouped into the following three categories: • Individual level. The influences at this level are focused on the performance of individuals or groups of employees working together toward a common goal. Performance-improvement tools tend to concentrate on minimizing surrounding conditions that can lead to increased rates of human error. • Process level. Process-level factors put the accent on the way tasks are accomplished within the organization, including core processes (operation and maintenance), management processes (assessments and professional improvement), and support processes (training). • Organizational level. Organizational-level factors concentrate on the overall organizational strategy, which is visible in the shared values and performance expectations throughout the institution. Culture is the central element of this strategy, and most security-related incidents are the result of cultural weaknesses, not individual behavior. In this context, a key to understanding the root causes of human behavior is to adopt a systemic approach, addressing the entire range of complex interactions. For example, among the important factors to consider in those interactions at a nuclear power plant are those related to individuals, such as knowledge, decisions, thoughts,

1.2 Competence

5

emotions, and actions. The technical factors to consider include the physical aspects of the nuclear power plant and the range of technical tools and equipment used for operations. The operational factor to consider includes the management system, organizational structure, governance of the plant, and human and financial resources. It is useful to review how the weaknesses and strengths of all those factors influence one another and facilitate proactive risk management. Furthermore, the complex system of interactions is broader than a nuclear power plant, its individuals, and its organizational structure. A systemic approach considers a range of interactions with outside stakeholders, including vendors, regulators, contractors, corporate entities, and international organizations. Individual actions taken by one organization often affect other stakeholders in a dynamic and unexpected manner. In this context, a 2014 report issued by IAEA international experts who met in 2013 to review the human and organizational factors affecting the Fukushima accident (2011) characterized the accident not just as a disaster triggered by natural events or technological faults, but also as a human-induced disaster. The experts emphasized that the interaction of human, organizational, and technical factors among all stakeholder organizations and between different levels within each organization must be evaluated and understood for each phase of a nuclear facility’s life cycle [4].

1.2 Competence Competencies include skill-based, rule-based, and knowledge-based elements which allow a person to perform a job or task to requited standards. However, competencies alone are not sufficient because people should have the ability to put them into practice consistent with the scope and nature of work. Competence is built and sustained through a combination of education, training, and experience, enhanced by performance improvement and adjustment techniques. In this sense, security culture and its characteristics serve as a powerful engine for achieving those performance standards. Such competencies and characteristics, influenced by beliefs, attitudes, and risk perception inherent in the patterns of human behavior, may include but are not limited to leadership, communication, task management, teamwork, decisionmaking, and motivation. The skill-based mode refers to the smooth execution of highly practiced, largely physical actions in which there is little conscious monitoring and control. A skillbased response is generally initiated by some specific event, such as the requirement to operate a valve, which may arise from an alarm, procedure, or command. The highly practiced operation of opening the valve is usually executed automatically. Such actions are usually executed from memory without significant focus and attention. Behavior is governed by preprogrammed cognitive instructions that are usually developed through training or experience and depend on external conditions. When skills are learned to the point of automaticity, the information-load on working memory reduces significantly. In the skill-based mode an individual can

6

1 Human Performance

function effectively by utilizing preprogrammed sequences of behavior that requires little conscious control. Skill-based errors are primarily execution errors involving action slip-ups, lapses in attention, or a lack of concentration. Also, a person can be so focused on a skillbased task that important information in the work environment is not detected. A concern for skill-based tasks is that people are already very familiar with said task because they have performed it for a prolonged period. Therefore, the more familiar the task, the less likely they can accurately perceive risk—especially if the system is undergoing change. People become comfortable with risk and eventually grow insensitive to old and new hazards. Skill-based performance in combination with a monotonous work routine is likely to lead to error [5]. For example, security personnel at portals are posted to watch people go through metal detectors and, if necessary, to search and detain them. The error mode for these personnel would be inattention due to their monotonous work duties. Though there is a need for conscious and continuous monitoring and vigilance, repeatedly watching hundreds of people walk through a portal and examining their credentials with very little deviation from routine tends to dull attention. During an emergency like a security event, even simple skill-based actions that are performed on a routine basis can become significant. People are likely to play greater attention to their actions during an emergency, but they may still harbor excessive confidence in their ability to perform familiar actions and perceive little risk in doing so. People switch to the rule-based mode when they find it necessary to modify their largely preprogrammed skill-based behavior in a new situation. This is called the rule-based level because people apply memorized or written rules. Rules are often used when personnel perform activities with which they are less familiar and have not practiced as much. Workers are likely to encounter rule-based performance during safety- and security-related emergencies, particularly when it is necessary to change their otherwise skill-based performance to deal with some unexpected conditions. These rules may have been learned through formal training or by working with experienced workers. In applying these rules, personnel operate by automatically matching the signs and symptoms of the problem to some collective body of knowledge. So, typically, when the appropriate rule is applied, the individual exhibits prepackaged, compartmentalized behavior. The next step is to use conscious thinking to verify whether this solution is appropriate. Rule-based performance depends on personnel to interpret an unfamiliar situation so that they select and undertake the appropriate response. Procedures are prepared for security-related scenarios that can be anticipated. These are predetermined responses and solutions to possible security incidents. Rules are necessary for those less familiar with work activities. Whether an activity guided by procedures is classified as rulebased performance depends on the worker. In normal work situations, such activities are better classified as skill-based when undertaken by experienced users. Since rule-based activities require interpretation using “if–then logic,” the prevalent mode of error is misinterpretation. Such errors involve deviating from an approved procedure and applying the wrong response. For example, when an alarm

1.2 Competence

7

sounds along a fence perimeter, procedures require that security personnel determine why it went off. They can determine the exact location of concern through in-person investigation, reviewing video footage, or both. Many causes may trigger an alarm, ranging from human and animal intrusion to severe weather, falling trees, or equipment malfunction. Many false alarms in a short period may overburden and desensitize staff members—deadening their response to genuine security breaches. The rule-based mode is the only valid option in this case but recognizing when to put a procedure into effect may be a challenge. It is impossible to foresee all risks and dangers to a nuclear facility, so it is impossible to devise preplanned response procedures for every contingency that may befall the site. Even training is unable to adequately forecast all possible situations. In short, there are some situations for which no procedural guidance exists. The third mode is knowledge-based behavior, meaning competence at handing a totally unfamiliar situation. To bring knowledge to bear the workforce must rely on prior understanding of security risks, an incident’s similarity to past incidents, and adequate knowledge of the organization’s overall security regime and procedures. A robust security culture that is continuously discussed, assessed, and enhanced throughout the organization can serve as an indispensable facilitator of knowledge. Knowledge-based situations are often puzzling because the available information is haphazard, often inaccurate, and conflicting. Because uncertainty is high, personnel usually undertake knowledge-based tasks amid stressful situations (Fig. 1.1). Because decisions are sometimes made with limited information and could be based on faulty assumptions, the prevalent error mode in the knowledge-based domain is an inaccurate mental mode. Prior guidance to help personnel effectively

Fig. 1.1 Application of skill-, rule-, and knowledge-based modes: increasing uncertainty requires more reliance on culture and experience

8

1 Human Performance

use rule- and knowledge-based modes is useful and can be promulgated through multiple formats, including workshops, briefings, and general meetings. Such gatherings focus on performing root-cause analysis of past events and current trends as well as conducting trend analysis, experiments, and tabletop exercises. Skills in diagnosis and problem-solving are important when performing knowledge-based activities. The chance for error when involved in such activities is especially high, and errors that do occur are primarily the result of an inaccurate mental model.

1.3 To Err is Human To err is human, to forgive divine, reads an old English idiom. Indeed, most security lapses in human-designed, -managed, and -operated systems are ultimately the result of low morale, human miscalculation, or errors, either through direct actions or a failure to recognize a hazard and design a system to control it. There is clear evidence that operating security technologies may be often dissatisfying and stressful for the personnel. Performance-influencing factors can combine with basic human error tendencies to create situations in which mistakes are likely. Sources of stress include constant monitoring of one’s performance, the limited scope of activities assigned to individuals, the low level of human interaction permitted by the system, and workenvironmental hazards associated with routine activity. The main challenge is how to enhance the human-reliability component of security under physical, psychological, and emotional stress and make its interface with other key components smooth and effective.

Box 1.2: Human Error Precursor These precursors are common human nature conditions associated with events triggered by human errors. Some organizations distribute a plastic-coated error precursors card to their personnel to carry with them on the job. Workers refer to these cards during pre-job briefings to help identify precursors related to the upcoming tasks: • • • • • • • • • •

Stress Inaccurate mental picture Biases Limited short-term memory Fatigue Tunnel vision Excessive social and professional deference Difficulty seeing own errors Inaccurate risk perception Imprecise physical actions

1.3 To Err is Human

9

• Other By themselves, error precursors do not define an error-likely situation. A human act or task must be either planned or occurring concurrent with error precursors to be considered error likely. Since human errors are a byproduct of being human, we are all predisposed to see what we expect to see, to forget complex information, or to do things automatically out of habit. The effects of these failings are often trivial but can have serious implications in the context of the nuclear security regime. Human errors may only be seen as troublesome when something bad happens, even if operators deviate regularly from a procedure. Tolerance of nonstandard practices raises the possibility of preventable human-caused accidents or incidents. Common perceptions of human error are strongly associated with notions of blame, possible punishment, and individual responsibility that contributed to failure. Undue focus on individual human errors, however, can be counterproductive and result in a culture where the last person in the implementation chain receives the blame for a mistake committed by a team of operators. While understanding human error is important, the focus of a human-performance program must be to support people’s work activities to ensure productivity and help manage the risks related to human factors. A robust nuclear security culture is designed to support this function. Examples of helping people do the right thing include rationalizing management practices, designing easy-to-use equipment and procedures, systematically improving, and implementing training, encouraging physical fitness to perform required tasks, rewarding individuals, and coaching team members to help them avoid errors. Error precursors are sometimes noticeable or often obvious. They fall into four distinct categories: individual capabilities (unfamiliarity with tasks, lack of knowledge of new techniques); task demands (time pressure, high workload, multitask work mode); human nature (stress, habit patterns, overconfidence); and work environment (distractions, changes of routine, personality conflicts). Specialists commonly distinguish between “errors of omission”—when an operator or team forgets a relevant detail while implementing an action or procedure, and thus fails to perform the action completely—and “errors of commission,” when an operator or team performs the action completely but incorrectly. However, this approach is simplistic and does not cover all major root causes or how they work. It would be more appropriate to classify mistakes in three distinct groups corresponding to the following levels: behavioral, contextual, and conceptual. • The behavior level is that of “what appears”; it is the surface or what can be physically observed. This level corresponds to the distinction between errors of omission and errors of commission. • Below the behavioral level lies the contextual level, which considers the environment where individuals are making decisions, acting, and interacting with others.

10

1 Human Performance

• The conceptual level is where the underlying causes of human errors can be found in the cognitive sphere. In this perspective, human errors result from the same direct and immediate causes which generate an event itself but are aggravated by technical conditions (pressure to produce, poor workplace design and communication among stakeholders, weak organizational culture) [6]. At-risk behaviors are actions that involve taking shortcuts, violating measures put in place to prevent blunders, or actions intended to improve the performance of a task yet come at the expense of security. These acts, which usually involve taking the path that requires the least amount of effort, are chosen under time pressure and have a higher probability of producing a fault. Persistent at-risk behavior builds overconfidence in one’s personal skills and abilities. Over the long-term people tend to become complacent and downplay the risk and the likelihood of making errors, evincing little concern for the possible consequences of their misbehavior for the organization or themselves. Active errors are observable and can affect individual components of the safety and security regime or disrupt the regime. Complacency is a multifaceted construct describing a mindset of self-satisfaction based on a false sense of security and indifference to potential dangers. Complacency induces operators to skip hurriedly through checklists, fail to monitor their instruments closely, use shortcuts and poor judgements, and resort to malpractice of various types. Common root causes of complacency include overconfidence, contentment, satisfaction with the status quo, disregard of warning signs, unsubstantiated assumptions that risk decreases over time, and acceptance of lower standards of work performance. Complacency is often characterized as safety and security optimism based on a previous track record of success. Such a record may no longer be valid due to the changing operational and technological work environment, or to changing demographics within the staff as personnel come and go. For most individuals, complacency is related to the balance between risk exposure and risk avoidance; it is determined by characteristics of the situation and the individuals involved. Technology complacency, often referred to as automation-induced complacency, describes the relationship between a human operator and an automated system. Technology complacency primarily occurs in multitasking assignments when human operators fail to be vigilant in the monitoring of an automated system because they assume that due to the past highly reliable record, they can trust its operation and shift attention to other tasks. It is recognized that successful performance is often a precursor to complacency. However, complacency has not to be mistaken for a shift in attitude that implies that an organization no longer cares about security. Rather, it often takes the form of organizational inattention, such as failure to retain knowledge, maintain staff proficiency, or sustain essential programs that provide security value but be incorrectly perceived as well as understood and effectively implemented. Security culture and human performance programs often fall into this category.

1.4 High-Tech Innovations

11

The 2014 IAEA report on the Fukushima accident [4] stated that the nuclear industry needs to guard against complacency (p. 38) throughout the design, construction, operation, and shutdown and inactivation phases of a plant’s service life. A growing body of evidence suggests that the accident was the result of human miscalculation along with failures in risk assessment, decision- making, regulations, and nuclear-plant design. For example, the methods used by the plant’s owner (TEPCO) and Japan’s regulator (NISA) to assess the risk from a tsunami lagged in at least three important respects: 1. Insufficient attention was paid to evidence of large tsunamis inundating the region surrounding the plant about once every thousand years. 2. Computer modelling of the tsunami threat was inadequate, but no improvements were considered or suggested. 3. NISA failed to review simulations conducted by TEPCO and to foster the development of appropriate computer modelling tools. Had the risks to the Fukushima Daiichi Plant been recognized and acted upon, this tragic accident could have been prevented. At-risk behavior covers human errors related to unintentional and intentional actions—slips, lapses, mistakes, and violations. Slips occur when a physical action fails to achieve its immediate objective. Lapses involve a failure of one’s memory or ability to recall information. Contributing to slips and lapses are elements such as the timing, duration, sequence, direction, and speed of events. Mistakes, by contrast, occur when a person uses an inadequate plan to achieve the intended outcome. Mistakes usually involve misinterpretations or lack of knowledge. Violations are characterized as the circumvention of known rules or policies. A violation involves the deliberate deviation or departure from an expected behavior, policy, or procedure. Some violations are well-intended, arising from a genuine desire to get a job done according to management’s instructions. Others are a result of a conscious choice to violate a rule because of individual motives or larger cultural considerations. The latter type describes any individual, insider, or outsider, who performs or attempts to perform a malicious act. Money, ideology, revenge, ego, coercion, or a combination thereof may motivate individuals to initiate malicious acts. Targets include nuclear materials and associated areas, buildings, equipment, components, information, systems, and functions. Nuclear security culture primes management and personnel to remain vigilant and take sustained measures to meet such threats.

1.4 High-Tech Innovations The advent of computerization, digitalization, and automation poses another challenge. On the one hand, human skills are increasingly recognized as essential for many security functions, particularly for integrating the human factor with technology into a dynamic human-centric design and operations. On the other, human beings sometimes disuse or misuse automation. Believing an automated aid is less

12

1 Human Performance

reliable than manual operation may lead to disuse. Disaster has occurred during realworld security incidents because people ignored automated warning signals, they considered untrustworthy. Believing an automated aid is more reliable than human operation, by contrast, may lead to misuse—meaning overreliance on automation. Thus, excessive trust in technology may incline human operators to misuse while a lack of trust may incline them to disuse [6]. These two extreme attitudes are likely to generate confusion and tensions among team members. As a matter of fact, trust in automated systems is like trust in another human being. Given possible technological faults and incidents, levels of trust are not stable and tend to fluctuate. Digitization and new technologies risk to significantly affect the nature of interaction within teams. It could bring about weaker teamwork, less interpersonal communication, and more barriers for team members to monitor one another’s activities. With growing automation security personnel have different tasks to perform. They end up dealing almost exclusively with unforeseen circumstances or performing tasks that the designer cannot automate. Automation lightens the workload for security personnel during normal operations, but it leads to reduced attention, deteriorated skills, and loss of situational awareness. Adjustments in the prevailing culture, modifications in management practices, and new approaches to training are essential to combat the ill effects of high technology. Security culture is an implement to address, among other things, a wide range of human error and miscalculations, with a special emphasis on protecting against deliberate and malicious acts. The cultural characteristics and indicators reviewed in this book provide a valuable tool set for strengthening personnel qualities such as professionalism, personal accountability, adherence to procedures, teamwork, cooperation, and vigilance. Given the latent human weaknesses and fallibility exposed in this chapter, the ultimate objective of the security-culture methodology put forward here is to move the human element of nuclear security from being a liability to an asset that equips personnel to support, enhance, and sustain nuclear security.

References 1. International Atomic Energy Agency (2001) A systematic approach to human performance improvement in nuclear power plant: training solutions. IAEA-TECDOC-1204, pp 1–2 2. Canadian Nuclear Safety Commission (2016) Human performance discussion paper DIS-16-05, p2 3. Cameron K, Quinn R (2006) Diagnosing and changing organizational culture: based on the competing values framework, rev ed. Jossey-Bass, San Francisco, CA, p 11 4. International Atomic Energy Agency (2014) Report on human and organizational factors in nuclear safety in the light of the accident of the Fukushima Daiichi nuclear power plant. IAEA, Vienna 5. U.S. Department of Energy (2009) Human performance improvement handbook volume 1: concepts and principles. DOE-HDBK-1028-2009, pp 2/21–2/23 6. Dzindolet MT et al (2003) The role of trust in automated reliance. Int J Hum Comput Stud 58:699

Chapter 2

National and Organizational Culture

Abstract Numerous constituent factors contribute to national culture and make it distinctly different from one country to another. National culture plays a role in determining key parameters of organizational culture. Elements of national and organizational culture contribute to the sustainability of nuclear security culture, a subset of them. Geert Hofstede’s six dimensions of national culture can help management select tools for building up a robust nuclear security culture. The four clusters of organizational culture (clan, adhocracy, hierarchy, and market) are helpful in determining a management mechanism to promote nuclear security culture in a wide range of organizations. The concept of “high reliability organization” (HRO) aims to achieve and sustain almost error-free performance through a combination of organizational design, management practice, personnel training, and culture. This approach identifies principles that enable organizations to achieve reliable performance and bolster their ability to return to normal modes of operation after suffering the consequences of at-risk behavior, malicious acts, or natural disasters. International Atomic Energy Agency (IAEA) methodologies for nuclear safety and security culture are based on Edgar Schein’s widely recognized principles of organizational culture. Applied to security, the essence of Schein’s model is jointly learned, relevant values, beliefs, and assumptions taken for granted as a nuclear facility operates at an acceptable risk and compliance level.

2.1 Culture Diversity Many practitioners and scholars use the term “culture” to explain a variety of phenomena, but as each definition tends to adopt a slightly different perspective, there is no unanimously accepted definition. Perspectives differ because culture is studied by several different disciplines, all of which have their own distinctive approach. These disciplines include anthropology, sociology, and social psychology. For this book, nuclear security culture belongs to the sociological approach, which postulates that appropriately trained individuals can identify the main characteristics of an organizational culture, change the culture, and empirically evaluate it.

© The Author(s), under exclusive license to Springer Nature Switzerland AG 2023 I. Khripunov, Human Factor in Nuclear Security, Advanced Sciences and Technologies for Security Applications, https://doi.org/10.1007/978-3-031-20278-0_2

13

14

2 National and Organizational Culture

In this sense, culture serves as a glue that binds an organization together by providing cues for what employees should say and how they should act. Culture performs several functions: it reduces collective uncertainties by facilitating a common way to interpret the operational surroundings; ensures a balanced social order by making clear what is expected of employees; contributes to continuity by defining key values across generations; and distinguishes between the organization and others by shaping its identity. Various definitions of culture tend to emphasize two common fundamental principles: (a) culture is established patterns of behavior and human interactions, and (b) culture is a system of shared meanings. Culture is beneficial to all employees, both veterans and newcomers, because it conveys the behavior patterns and styles that have persisted in the institution over time and that new employees are encouraged to internalize and emulate. However, the culture is seldom homogeneous within an institution because different and sometimes conflicting subcultures may emerge due to internal and external factors, including slipshod management practices. In the modern world subcultures are inevitable because many organizations and their subsidiaries in other countries have mixed workforces. Employees hail from different ethnic and cultural backgrounds; each brings a worldview to the organization that was molded by the sociocultural environment prevalent in the home country. Therefore, cultural analysis must be open to the existence of diverse subcultures and ready to examine the relationship between them, as cultural disparities may have positive as well as negative implications for the organization. Another important feature of culture is that it is distinct from the concept of organizational climate. Climate consists of temporary attitudes, feelings, and perceptions of individuals. Culture is an enduring, slow-to-change core characteristic of organizations, while climate can change quickly and dramatically. Culture refers to implicit, often indiscernible aspects of organizations, while climate refers to more overt and observable attributes of organizations. Culture includes core values and consensual interpretations about how things are, while climate reflects individualistic perspectives that are frequently modified as situations change, and new information is encountered. As one of several distinct subsets of organizational culture, nuclear security culture is first rooted in a country’s national culture, a shared system of meaning in which certain terms hold an agreed meaning for members of society, identifying and defining what that society considers rational. To paraphrase, national culture is a set of shared beliefs, assumptions, and modes of behavior derived from common experiences and accepted narratives that shape collective identity and determine appropriate ends and means for achieving specific objectives. National cultural values are learned early, held deeply, and change slowly over the course of generations. Organizational culture, on the other hand, is comprised of broad guidelines that are rooted in organizational practices learned on the job. Most importantly, organizational culture is unlikely to trump national culture. At the same time, organizational culture has more common international traits due to globalized trade and communication. Organizational culture is a phenomenon by itself and stands apart from national culture in many ways. An organization is a social system of a different nature compared to a

2.1 Culture Diversity

15

nation because the organization’s members are involved in it only during working hours and leave it behind afterward. Numerous constituent factors, among them history, traditions, geography, religion, and demography, contribute to national culture, making it distinctly different from one country to another. Culture offers a way to interpret the global context and its risks and relate to other members of the community and nation. In other words, culture represents society’s evolving interpretation of historical precedents and contemporary experience. Though resistant to external inputs, national culture evolves from generation to generation and is continuously adjusted by participating groups through negotiations and debate, thus presenting an opportunity to change perceptions, including those related to nuclear threats and security. Hence small, often outnumbered groups of committed experts are important to initiate such negotiations and debates, helping achieve wider popular recognition of nuclear security. Though linked, national and organizational cultures are based on a different set of values and practices. The reason organizational culture was largely ignored until the 1970s as an element in accounting for performance is that it encompasses the taken-for-granted and intangible beliefs, attitudes, values, underlying assumptions, expectations, collective memories, and definitions present in an organization. The role of organizational culture is now unambiguously acknowledged by industry as well as the business and academic communities as a significant factor contributing to higher standards of performance, productivity, safety, security, compliance, and personnel discipline. Due to the multifaceted nature of culture, the existing literature abounds in differing approaches and descriptions, with one common theme, namely that culture represents a shared set of assumptions that facilitate its cohesion and survival. What are beliefs, values, and attitudes? Beliefs are what people believe—or perceive—to be true. A belief is a conviction that something is true, that it exists, or that it is valid. Assumptions about what will be professionally successful fall into this category. A belief is what someone considers self-evident, and it tends to drive human behavior. Values are what management places importance on, and thus what commands “high priority” in an organization. Key management values are usually visible and often conspicuous at a site. When workforce behavior conforms to management’s espoused values, then the organization has truly internalized them. Many values remain unconscious to those who hold them and can only be inferred from the way people act under various circumstances. Attitude is a state of mind or feeling toward an object or a subject. Importantly, attitudes, both positive and negative, affect people’s choices and behaviors toward security, including efforts to prevent or mitigate the effects of incidents. Figure 2.1 illustrates the process of shaping national culture through the experiences and perceptions of national elites, the business community, and the public. National culture plays a role in determining key parameters of national organizational culture, meaning how organizations tend to do their business in that country. National organizational culture is more susceptible to change than is national culture. Specific paths to cultural change may vary in each country depending on the prevalence of unique contributing factors. As a rule, though, a dynamic process of cultural

16

2 National and Organizational Culture

Fig. 2.1 National and organizational culture interface

interaction has a marked impact on resultant subcultures present within national organizations—for instance, safety and security culture, compliance culture, and environmental-protection culture.

2.2 National Dimensions National culture is an important source of nuclear security culture and contributes to its resilience and sustainability. The IAEA Implementing Guide on Nuclear Security Culture acknowledges that “history, traditions, and established management practices often leave a distinct imprint on national security culture as it is observed in different regions and countries” [1]. Geert Hofstede, a Dutch organizational sociologist, and psychologist conducted one of the most comprehensive studies examining interactions between national cultures and organizational cultures, of which nuclear security culture is a subset. Hofstede’s central achievement was setting up an efficient interpretive framework for understanding fundamental differences between countries. His model of national culture consists of six dimensions representing independent preferences for one situation over another that distinguishes countries rather than individuals from one another. The country scores assigned to each country’s dimensions are relative and can only be used meaningfully by comparison. Below are the six dimensions: • Power Distance Index (PDI). This dimension expresses the degree to which the less powerful members of a society expect and accept that power is distributed unequally. Power distance is based on the value system of the less powerful

2.2 National Dimensions









17

members. The way power is distributed is usually explicable from the behavior of the more powerful members of society—the leaders rather than the led. The fundamental issue here is how a society handles inequalities among people. People in societies exhibiting a large power-distance index accept a hierarchal order in which everybody has a place. The order needs no further justification. In societies with low power distance, people demand justification for inequalities of power and strive to remedy them. Individualism versus Collectivism. A high score in this dimension, called individualism, can be defined as a preference for a loosely knit social framework in which individuals can expect their relatives or members of a particular in-group to look after them in exchange for loyalty. A society’s position in this dimension is reflected in whether people’s self-image is defined in terms of “I” or “we.” Employed persons in an individualist culture are expected to act according to their own interests, and work should be organized in such a way that this selfinterest and the employer’s interest coincide. Management in an individualist society is management of individuals while management in a collectivist society is management of groups. Masculinity versus Femininity. The masculinity side of this dimension represents a preference in society for achievement, heroism, assertiveness, and material rewards for success. A society that inclines to masculinity is more competitive than its opposite, femininity, which prefers cooperation, modesty, care for the weak, and quality of life. A society that inclines to femininity is more consensus oriented than a masculine society. In the business context, masculinity versus femininity sometimes manifests itself in a debate between “tough versus tender” cultures. Based on their cultural characteristics, masculine and feminine countries excel in different types of industry and business operations. Uncertainty Avoidance Index (UAI). The uncertainty-avoidance index expresses the degree to which members of society feel uncomfortable with uncertainty and ambiguity. The fundamental issue here is how society deals with the fact that the future can never be known. In effect members ask whether they should try to control the future or just let it happen. Countries exhibiting a strong UAI maintain rigid codes of belief and behavior and are intolerant of unorthodox behavior and ideals. Weak UAI societies maintain a more relaxed attitude in which practices count more than principles. Laws, rules, and regulations are ways whereby a society may try to prevent uncertainty in citizens’ behavior. Societies determined to forestall uncertainty have an array of formal laws and informal rules controlling the rights and duties of employers and employees. A nuclear institution in such a society, moreover, typically institutes extensive internal regulations to control the work process—including security-related endeavors. (Although in such cases the power-distance index plays a role too. Where power-distance acceptance is large, the exercise of discretionary power by superiors replaces the need for internal rules to some extent.) Long-term Orientation versus Short-term Orientation (LTO). Every society must maintain some links with its past while dealing with the challenges of

18

2 National and Organizational Culture

the present and the future. Societies vary on how they prize these two fundamental outlooks. Societies that score low on this dimension prefer to maintain time-honored traditions and norms while viewing societal changes with suspicion. Societies that score high take a more pragmatic approach. They encourage thrift, as well as efforts in the education system to prepare for the future. In the business context, this dimension corresponds to the debate between a “normative” (short-term) perspective and a “pragmatic” (long-term) perspective. • Indulgence versus Restraint. Bulgarian social anthropologist Michael Minkov added this dimension to Hofstede’s five dimensions. Indulgence stands for a society that allows relatively free gratification of basic and natural human drivers related to enjoying life and having fun. Restraint stands for a society that suppresses gratification of enjoyment and regulates it by means of strict social norms [2] (Table 2.1). Some scholars and experts believe that Hofstede’s findings are insufficiently validated and too general for practical use. Still, they help us understand national traditions and values while furnishing guidance for improving security-culture sustainability. His dimensions of culture have practical applications in the field of management, cross-cultural studies, social psychology, and beyond. National cultural tendencies shape personnel beliefs and influence security-related values and practices. For example, in countries or regions with a high power-distance index (PDI), senior management has more leeway to steer the organization in the direction it desires. It can do so by optimizing its involvement as a role model in the organization’s efforts to boost nuclear security. On the other hand, a high PDI may discourage employees from meaningfully participating in open communication and decision-making. If so, organizational structures would be characterized by top-down communication, formality, and central control. In individualism versus collectivism (IDV) societies, there is much better chance for security culture initiatives to succeed if they are spearheaded by a group of like-minded people rather than by individuals. On the other hand, in the collectivist environment employees may be reluctant to report security violations due to the loyalty and commitment to the group of people they belong to. Although teams usually make better decisions than individuals, this is only true if the team avoids the danger of power dynamics and solicit alternative views. A high uncertainty-avoidance (UAI) index is an indicator of institutions inclined to discourage innovative ideas while relying heavily on established procedures to manage unexpected security scenarios, restricting flexibility to act against new and emerging risks, and suppressing diverse opinions regarding security management. On the other hand, while fine-tuning management systems for nuclear security, it is important to keep in mind that individuals with a low UAI are likely to interpret security standards and compliance requirements loosely. They are more willing to take risks and being less resistant to change. As a result, they are prone to take shortcuts in their duties, deviating from standard operating procedures with potentially deleterious consequences.

2.3 Four Types of Organizational Culture

19

Table 2.1 Geert Hofstede’s model of national culture Power Individualism distance versus index (PDI) collectivism (IDV)

Masculinity versus femininity (MAS)

Uncertainty avoidance index (UAI)

Long-term versus short-term orientation (LTO)

Indulgence versus restraint (IND)

• The • The degree • In masculine • In cultures • A society’s • Indulgence extent to to which cultures, with strong “time stands for a which the individuals people (male uncertainty horizon,” or society that less are integrated or female) avoidance, the allows powerful into groups value competpeople importance relatively members • Individualist itiveness, prefer attached to free societies accept assertiveness, explicit the future gratification have loose and ambition and rules and versus of basic and ties between except accumulation formally present natural their that of wealth structured • In long-term human members oriented • In feminine power is activities, drives societies, cultures distributed • In collectivist and related to societies, people value people (male unequally employees enjoying people are actions and or female) • Such tend to life integrated attitude that • Restraints value inequality remain into cohesive affect the relationships is defined stands for a longer groups and future: and quality of from society that with their enjoy persistence, life below, suppresses employer protection in persevernot from gratification • In cultures exchange for ance, thrift, above of needs with weak loyalty • It is reputation and uncertainty endorsed regulates it avoidance, • In short-term by the oriented by means people followers societies, of strict prefer as much people value societal implicit or as by the immediate norms flexible leaders stability, rules or face saving, guidelines respect for and tradition informal activities

2.3 Four Types of Organizational Culture An effective culture gives an organization a competitive advantage by supplying a common perceptual lens: a consensual, integrated, and positive set of perceptions, memories, values, attitudes, and definitions. Effectiveness is the rationale behind efforts to bolster organizational culture and subsequently the security subculture. Organizational effectiveness demands the agility and the determination to reorient security standards when new risks emerge in internal and external environments. How do you measure effectiveness? Kim Cameron and Robert Quinn have classified indicators of effectiveness by two major parameters which give rise to four main cultural clusters: clan, adhocracy, market, and hierarchy [3]. This approach

20

2 National and Organizational Culture

allows an organization to be described by the degree to which it adheres to each of the four clusters, as well as seeks to express the underlying values in the organization and apply these values to the process of organizational change. The first parameter measures an organization’s flexibility, discretion, and dynamism (see Fig. 2.2). Some organizations are viewed as effective if they change and adapt readily. A measure of disorder characterizes their operations. Others are considered effective if they are stable, orderly, and mechanistic. Most government agencies and business conglomerates fall into this category. The continuum ranges from organizational versatility and pliancy at one end to steadiness and durability at the other. The second parameter measures an organization’s orientation. Organizations at one end of the continuum are internally oriented, highly integrated, and unified. At the other end are organizations characterized by external orientation, differentiation, and rivalry. The continuum thus ranges from organizational cohesion and consonance to organizational separation and independence. When graphed against each other with the first parameter on the y-axis and the second on the x-axis, these two parameters form four quadrants each representing a distinct set of organizational-effectiveness indicators. Figure 2.2 illustrates these quadrants, which can help analysts render judgments about organizations and their characteristics. Each axis measures one core value that is opposite from the value at

Fig. 2.2 Organizational effectiveness: four cultural clusters

2.3 Four Types of Organizational Culture

21

the other end. The graph depicts flexibility versus stability, and an inward versus an outward gaze. As noted above, each quadrant has been assigned a label to distinguish its most notable characteristics: clan, adhocracy, market, and hierarchy. It is important to note that these quadrant names derive from the scholarly literature on organizational culture, which explains how different organizational values became associated with different types of organizations over time. Below are brief characterizations of each of the four quadrants, with an emphasis on security-relevant traits: • Clan Culture. A very friendly place to work, where people share a lot about themselves. The organization is held together by loyalty or tradition, and commitment levels are high. The organization emphasizes the long-term benefits of humanresource development and attaches great importance to cohesion and morale. The organization also places a premium on teamwork, participation, and consensus. Educational and training institutions fall into this category and are key to robust security. • Hierarchy Culture. A very formal, structured place to work. Procedures govern what people do and how they do it. The leaders pride themselves on being good, efficiency-minded coordinators and organizers. Formal rules and policies hold the organization together. The long-term concerns are stability and performance, viewed as the product of efficient and smooth operations. Management practices emphasize predictability. Security awareness has a better chance to make inroads in a hierarchical culture. Nuclear power plants and regulatory authorities represent a good example of this type of organizational culture. • Adhocracy Culture. A dynamic, entrepreneurial, and creative place to work. People consistently stick their necks out and take risks. The leaders are considered innovators and risk-takers. The glue that holds the organization together is commitment to experimentation and innovation. The organization encourages individual initiative and freedom. However, the diversity and individualism of members may place obstacles in the way of security-culture promotion. • Market Culture. A results-oriented organization. The major objective is to get the job done. People are competitive and goal oriented. The glue that holds the organization together is an emphasis on winning. Reputation and success are common concerns. The organizational style is hard-driving competitiveness. Often the vision of success may outweigh security considerations. Since organizational effectiveness is a prerequisite for better security, it is important to understand how each cultural type influences effectiveness. Organizations exhibiting clan-type cultures were most effective in domains of performance relating to morale, internal communication, and supportiveness. They were characterized by tight cohesion, collegial decision-making, and a special sense of institutional identity and mission. Organizations that had an adhocracy-type culture were most effective in domains of performance relating to adaptation, system openness, innovation, and cutting-edge knowledge. Their hallmarks are aggressive strategy, initiative, and the determination to push back frontiers. Organizations displaying a market-type culture were most effective in domains of performance relating to their ability to acquire

22

2 National and Organizational Culture

needed resources such as revenue and institutional visibility. They also demonstrated aggressiveness and pursued well-defined strategies. Organizations with hierarchical cultures did not surpass others in any performance domains, but were characterized by tight control, discipline, and accountability, which are pivotal to a robust security culture. Most organizations with nuclear infrastructure can benefit from the methodology proposed here by developing an optimal and balanced combination of all four clusters. For example, a regulatory authority predominately belongs to the hierarchy cluster, the nuclear-physics department at a university resembles a clan, an advanced research institution is an adhocracy, and a manufacturer and supplier of nuclear technology bears most resemblance to a market. The optimal cluster combination depends on a particular organization’s missions, profiles, workforce, and other additional factors.

2.4 High Reliability Organization The close and complex integration of technology and humans has spurred a search for innovative ways to transform the profile of major critical infrastructure and hazardous organizations into what are now known as high-reliability organizations. The objective is to achieve and sustain almost error-free performance through a combination of organizational design, management practice, personnel training, and culture. The HRO concept identifies principles that enable organizations to perform their functions reliably and return to normal modes of operation after suffering the consequences of at-risk behavior, malicious acts, or natural disasters. In other words, high-reliability organizations are equipped to collect, analyze, and apply information about past and current operations in such a way that they can prevent or contain potential failures in the future—including security failures. HROs employ this approach in such high-risk environments as the nuclear industry, health care, aviation, space flight, wildfire fighting, high-speed trains, and chemical production. Increasingly, they have focused on harmonizing and integrating elements of both safety and security into the ambient organizational culture. These are the two cross-cutting practices in the operations of high-reliability organizations. Carl Weick and Kathleen Sutcliffe identify several principles that should lend continuous support to HROs as they discharge their challenging missions [4]: • Preoccupation with failure. An HRO treats any lapse in performance as a symptom that something may be wrong with the whole system, or with a vital part of it. If several small errors happen to coincide, a major disaster could be in the making. Constant vigilance is central for management. • Reluctance to simplify. Though it is true that simplification helps a staff stay focused on the most critical issues and indicators, foregoing simplicity allows the staff to see the wider context and the risks lurking there. HROs take deliberate steps to create a more comprehensive and nuanced picture of the operational

2.4 High Reliability Organization

23

surroundings. Knowing that the world is unpredictable and challenging, they strive to fathom its complexities and risks. • Sensitivity to operations. The big picture for HROs is less strategic and more situational. Well-developed situational awareness enables personnel to make frequent adjustments to institutional practices, preventing minor errors from accumulating into something major. Management strives to detect anomalies while they are still tractable and can be addressed. Associated with the HRO concept are human-reliability programs designed to shape the workforce to the demands of its professional mission. • Commitment to resilience. Resilience refers to an organization’s ability to maintain its structure and function adequately in the face of internal or external change, and to withstand shocks to the system. It is an interactive product of beliefs, attitudes, approaches, behavior, and psychology that helps people fare better amid adversity. Resilience comes in three forms: (a) the ability to absorb strain and perform to acceptable standards despite adversity; (b) the ability to recover and bounce back from surprise events; and (c) the ability to grow and learn from previous experience, hardening the institution against future shocks. The essence of resilience is the intrinsic ability of a HRO to maintain or regain a dynamically stable state, continuing operations after a major mishap. An effective, durable culture of resilience is founded on three tiers: social, organizational, and personal. • Deference to expertise. HROs cultivate diversity, not just because it helps them notice more in complex environments, but also because it helps them do more to counter the complexities they confront. With their centralism, rigid hierarchies are vulnerable to error. Errors at higher levels tend to accumulate and compound with errors at lower levels, resulting in wicked problems that are bigger, harder to comprehend, and more prone to escalation. A way out for HROs is to diversify the decision-making process, involving frontline actors and other people with experience relevant to the operational setting, regardless of their rank. A major rationale behind the HRO concept is to manage the unexpected while speeding up the recovery process. Clearly, this objective cannot be attained without changing people’s perceptions of risk, their professional attitudes, and their morale. The centerpiece is mindfulness, a mental orientation which tracks small failures and prevents them from snowballing into major disasters. Hence, nurturing several subcultures is central to an organization’s efforts to attain the status of a highreliability organization. As suggested by Karl Weick and Kathleen Sutcliffe, such subcultures include: • Reporting subculture: what gets reported when people commit errors or experience near-misses. • Just subculture: how people apportion blame when something goes wrong. • Flexible subculture: how readily people adapt to sudden, radical transients in the pressure, pace, or intensity of stress to the system.

24

2 National and Organizational Culture

• Learning subculture: how quickly people can convert the lessons they learn into actionable guidance, reconfiguring prevailing assumptions and practices within the institution. The traits necessary for security personnel in high-reliability organizations include cognitive skills (problem-solving skills), interpersonal skills (communication, teamwork, and cooperation), personal attributes (trustworthiness, vigilance, questioning, assertiveness, emotional self-control, and stress tolerance). One source of HRO status comes from the implementation of human safety and security reliability programs designed to ensure that individuals occupying positions with access to sensitive materials, technologies, and information meet the highest standards of reliability, as well as physical and mental suitability. Management can guarantee reliability through a system of continuous evaluation that identifies individuals whose judgment and reliability may be impaired by physical, mental, or personality disorders or any other circumstances that pose security or safety concerns. The challenge is that human reliability as practiced in the field is less a program of specific action items than a way of thinking. The reliability of people who work for sensitive organizations is crucial to their performance and ability to achieve their professional goals. IAEA documents refer to human reliability in the nuclear security domain as “trustworthiness.” Appraising trustworthiness involves initial and ongoing assessments of an individual’s integrity, honesty, and professional reliability. Management sizes up everyone in pre-employment checks, and in periodic checks during the term of employment. The goal is to unearth motives and behavior that could transform an employee into an insider threat—potentially one harboring malice toward the institution.

2.5 Edgar Schein’s Principles of Organizational Culture The IAEA security-culture design derives from the organizational-culture model developed by Professor Edgar Schein of the Massachusetts Institute of Technology. Schein’s model was successfully used in the 1990s to foster nuclear safety culture after the Chernobyl accident (1986), which exposed serious gaps in safety compliance along with a disastrous failure of the human factor. Given the many synergies between safety and security and their overlaps within the larger organizational culture, Schein provides a ready-made analytical framework for exploring and modeling nuclear security culture. He defines culture as “a pattern of shared basic assumptions that the group learned as it solved its problems of external adaptation and internal integration that has worked well enough to be considered valid and, therefore, to be taught to

2.5 Edgar Schein’s Principles of Organizational Culture

25

new members as the correct way to perceive, think, and feel in relation to those problems” [5].

Box 2.1: Edgar Schein’s Cultural Fundamentals (Part 1) • Culture is a result of what an organization has learned from dealing with problems and organizing itself internally. It is the sum of everything an organization has learned in its history including goals, strategy, how we do things, and how it organizes itself, which is how we are going to relate to each other, what kind of hierarchy exists, etc. These early learning, if they are successful, become the definition. • Culture matters to the extent an organization is adaptive. If culture is like personality or character, then it matters in the sense to what extent is the culture adaptive to both the external and internal realities. Culture only matters when there is a problem. In the same sense that personality only matters when things are not working right for you. • Do not oversimplify culture. Its far more than “how we do things around here”. Culture operates at many levels and certainly how we do things around here is the surface level. But the explanation of why we do things in that way forces you to look at the root system. If you don’t dig down into the reasons for why we do things this way you have only looked at the culture at a very superficial level and you have not really understood, it. • Your culture always helps and hinders problem solving. There are always parts of the culture that help you solve the problem and other parts of the culture that get in the way. In other words, as groups evolve over time, they face two basic challenges: integrating individuals into an effective whole and adapting effectively to an external environment featuring new threats—both actual and perceived—in order to survive. Internal integration means establishing a common vision and shared values among employees or units, as well as nurturing strong identification with the organization among the workforces. External adaptation implies readiness to respond adequately to external challenges, including security and environmental concerns. As groups find solutions to their problems over time, they engage in a kind of collective learning that generates a set of shared assumptions and beliefs known as culture. Concentrating the workforce on clear, shared assumptions eliminates many of the complications, disconnects, and obstacles that tend to impede performance in such domains as safety, security, and compliance. Basic assumptions constitute the bedrock of culture. These beliefs are so fundamental that most people in a cultural group take them for granted, but not in a conscious way. To understand any culture, it is necessary to unearth basic assumptions that operate on this basic level. They reflect the organization’s history as well

26

2 National and Organizational Culture

Fig. 2.3 Edgar Schein’s three cognitive levels of organizational culture

as values and beliefs thrust upon it by its founders, or by key leaders who made it successful (Fig. 2.3). Applied to security, the essence of organizational culture comes down to jointly learned, relevant values, beliefs, and assumptions that become shared and ultimately taken for granted as a nuclear facility conducts its operations. To paraphrase Edgar Schein, they became shared, sustainable, and taken for granted as new members of the organization realize that the beliefs, values, and assumptions prevailing among the leaders and the staff have begotten organizational success in the past and, therefore, must be “right” [6]. Schein contends that institutional culture comes in layers comprised of underlying assumptions, espoused values, and artifacts. Some layers are directly observable, while others are invisible and must be deduced from what can be observed in the organization [7]. Organizational culture encompasses artifacts, such as physical manifestations (behavior, verbal expression, and symbols) as well as invisible aspects, such as norms, values, thoughts, feelings, and assumptions about reality. A common way of illustrating this is to invoke the image of an iceberg. The main mass of an iceberg remains beneath the water’s surface, so we cannot see most of it. Likewise, many elements of culture remain hidden from view. A well-founded image of an organization’s culture needs to take into consideration both invisible and visible evidence. Culture is a matter of seeing things from different perspectives or looking at alternative ways to explain why things happen. It is important to recognize that the components below the surface create and sustain all visible manifestations of culture throughout the organization. Culturally held values in an organization often rest upon national and ethnic values and assumptions about reality. These are elements of culture that remain unseen and are not cognitively identified in day-to-day interactions among the organization’s personnel. Culture, as a set of basic assumptions, defines what to pay attention to, how to react in given circumstances, and what actions are appropriate. Assumptions often deal with the fundamental aspects of life—the nature of time and space, human nature and activities, and the correct way for individual members of a group to

2.5 Edgar Schein’s Principles of Organizational Culture

27

relate to each other. All assumptions and beliefs ultimately manifest themselves in observable forms such as documents, procedures, and behavior. It is the leaders and managers who guide the way, acting as role models, but they do this unconsciously. It is never discussed openly and is often taken for granted by others. Edgar Schein gives six types of assumptions that can apply to any organization: 1. Assumptions about what is the “truth” in physical and social matters: how reality and truth are determined, and whether truth is to be revealed or discovered. 2. Assumptions about the importance of time in a group: how time is to be measured and defined. 3. Assumptions about how space is to be owned and allocated: the symbolic meaning of space around persons, the role that space plays in shaping relationships between individuals, and boundaries between intimacy and privacy. 4. Basic assumptions about the intrinsic or ultimate aspects of human nature: whether human nature is fundamentally good or bad, and whether it can be perfected. 5. Assumptions about the organization’s relationship with its environment: about the understanding of work and play, and how much active and passive effort is appropriate; and 6. Assumptions about the right way for people to relate to one another: the appropriate ways to distribute power and responsibility, the relative merits of cooperation and competition, the balance between individualism and group collaboration, and the basics of leadership—whether it should derive from traditional authority, law, or charisma.

Box 2.2: Edgar Schein’s Cultural Fundamentals (Part 2) • Be very specific about behavior, how it is impacting your problem, and the future state of behavior you want to see. As the leader identifies the problem, it must be spelled out in specific terms and enable to generate a change program. • Culture is a group phenomenon. Engage focus group to define how the culture is helping and hindering work on a problem. Let’s look at our culture from the point of view of what it is and how it is going to help and how it is going to hinder, but always in the context of what we are trying to do. • Solve problems by identifying and resolving associated discrepancies between values and behavior. Such discrepancies are what forces you into looking at the root system. • Do not focus on culture because it can be a bottomless pit. Again, get groups involved in solving problems. The solution is in internal involvement, may be with an outsider helping that internal group be a better format, but the solution will come out of your internal efforts not from some outsider.

28

2 National and Organizational Culture

The next layer of culture is espoused values; the principles in which the leadership believes, and which it wants the organization to display in action. Examples of espoused values often quoted in organizations are equal opportunity, teamwork, safety, and security. To understand culture, it is necessary to decipher what is going on at the deeper level and establish what are the basic assumptions. Beliefs and values at this conscious level can predict much of the behavior that is observed at the artifacts level. When it comes to action, members of the organization may or may not act according to their values, but these values may shape how workers analyze situations and evaluate whether candidate actions are desirable or undesirable. Values remain influential even though individuals are not cultural automatons and may not abide by them. Artifacts include visible indicators such as a group’s technology, style, behavior, procedures, and documents, along with the architecture of its physical environment. Though artifacts are visible, they are not necessarily easily understood. They can mislead outsiders who are tempted to apply readily available clichés and stereotypes to the group after a cursory examination. Any group’s culture can be studied at these three levels: its artifacts, its espoused values, and its basic underlying assumptions. But if one fails to decipher the pattern of basic assumptions operating under the surface, it will prove impossible to interpret the artifacts correctly or know how much credence to give values articulated by group members. In other words, the essence of a culture lies in the pattern of basic underlying assumptions; once one comprehends those, it is easy to understand the other surface levels and deal with them appropriately. Any group with stable membership and a history of shared learning can develop some degree of culture, whereas a group that has undergone considerable turnover of membership or leadership or has a history bereft of challenging events may not have amassed enough assumptions. Once a set of shared assumptions comes as second nature, it determines much of the group’s behavior—making it possible to teach rules and norms to newcomers in a socialization process that is itself a reflection of culture. Using Edgar Schein’s three layers of culture, the IAEA model for nuclear security culture reproduced in the agency’s “Implementing Guide” divides cultural artifacts into three parts, yielding a total of five elements (see Fig. 2.4). They are: (1) beliefs and attitudes (corresponding to what Schein terms “underlying assumptions”); (2) principles for guiding decisions and behavior (corresponding to what Schein calls “espoused values”); (3) leadership behavior (specific patterns of behavior and actions designed to foster more effective nuclear security); (4) management systems (processes, procedures, and programs in the organization that prioritize security and have an important impact on security functions); and (5) personnel behavior (the desired outcomes of the leadership’s efforts and the operation of the management system). The IAEA model consists of thirty characteristics and a set of indicators for each characteristic in its management and behavior segments. The ultimate objective is to achieve the five core characteristics of personnel behavior: professional conduct, personal accountability, adherence to procedures, teamwork and cooperation, and vigilance. The model is applicable to a wide range of nuclear facilities and

References

29

Fig. 2.4 Schematic view of the IAEA model for nuclear security culture based on Edgar Schein’s methodology

organizations, including nuclear power plants, fuel-cycle facilities, research reactors, nuclear-material transport facilities, radioactive source users, other entities that handle or store radioactive material, and customs and border monitoring organizations. Security-culture indicators are assigned to the characteristics can help assessors gauge the current state of the culture and identify practical ways to improve it. The chief purpose of using indicators is to stimulate thought and continuous learning rather than to prescribe specific actions to remedy deficiencies. Securityculture indicators suggest a way to evaluate relevant characteristics while comprising a framework to facilitate change and development, promote wanted behavior, and discourage unwanted behavior. The next chapter discusses in detail the IAEA’s concept, methodology, and application of nuclear security culture, which clearly acknowledges the role played by the human factor in nuclear security. Like safety culture, which owes its emergence and recognition to past accidents at nuclear power plants, security culture emerged as a reaction to the dangers of terrorism—which could inflict comparable damage on human society and the environment [8].

References 1. International Atomic Energy Agency (2008) Nuclear security culture: implementing guide. IAEA nuclear security series no. 7. IAEA, Vienna, p 19 2. Hofstede G, Minkov M (2010) Cultures and organizations: software of the mind, 3d ed. rev. McGraw-Hill, New York, pp 53–300

30

2 National and Organizational Culture

3. Cameron KS, Quinn RE (2006) Diagnosing and changing organizational culture, rev. JosseyBass, San Francisco, CA, pp 34–37 4. Weick K, Sutcliffe K (2007) Managing the unexpected: resilient performance in an age of unpredictability. Wiley, San Francisco, CA, pp 8–18 5. Schein E (2004) The corporate culture and leadership, 3rd edn. Jossey-Bass, San Francisco, CA, p 17 6. Schein E (1999) The corporate culture: survival guide. Jossey-Bass, San Francisco, CA, p 20 7. Schein E (2004) Corporate culture and leadership, p 36 8. International Atomic Energy Agency (2008) Nuclear security culture: implementing guide, p 18

Chapter 3

Security Culture in Nuclear Facilities and Activities

Abstract The International Atomic Energy Agency (IAEA) model of security culture has five distinct components, some unobservable and some observable, namely beliefs and attitudes; principles for guiding decisions and behavior; management systems; leadership behavior; and personnel behavior. The model’s thirty characteristics are intended to encourage self-examination on the part of organizations and individuals. Where an effective nuclear security culture exists, personnel hold a deep-rooted belief that there exist credible insider and outsider threats, and that nuclear security is important as a result. An effective nuclear security culture requires a set of principles and values that leaders can instill in the organization to provide consistent guidance. Leaders define what the future culture should look like, fire enthusiasm for this vision, and inspire the workforce to make it happen. Effective leaders ensure that personnel are motivated, and value their role in enhancing the culture.

3.1 Role of Nuclear Security Culture Several decades after scholars and practitioners conceived of it, nuclear security culture has evolved into a widely hailed and multifunctional discipline for bolstering nuclear security. It is a subset of organizational culture and draws on scholarly work and practical experience. Security culture is designed to improve the performance of the human component at nuclear facilities, making the interface between the workforce, security technologies, and regulations more effective and user-friendly. That it has become a pillar of nuclear security is attributable to multiple factors, including the IAEA’s emphasis on the international legal framework and its dedicated programs. Indeed, the publications in the IAEA Nuclear Security Series lay the groundwork for practicing security culture alongside other fundamental principles. The IAEA defines nuclear security culture as “the assembly of characteristics, attitudes and behavior of individuals, organizations and institutions which serves as a means to support and enhance nuclear security” [1]. The agency later expanded the definition to encompass measures for making nuclear security sustainable. The beefed-up definition holds that “developing, fostering and maintaining a robust © The Author(s), under exclusive license to Springer Nature Switzerland AG 2023 I. Khripunov, Human Factor in Nuclear Security, Advanced Sciences and Technologies for Security Applications, https://doi.org/10.1007/978-3-031-20278-0_3

31

32

3 Security Culture in Nuclear Facilities and Activities

nuclear security culture is an essential element of sustaining a nuclear security regime” [2]. Culture is a supporting, enhancing, and sustaining tool in IAEA parlance. What is a role of sustainability and how it fits into the whole picture? In the broad sense, sustainability refers to the ability to maintain a process continuously over time. Applied to nuclear security, the sustainable function implies as comprising of a set of objectives and implementing actions incorporated in the nuclear security regime to make human elements and their culture continuously, or increasingly effective in improving nuclear security. In other words, if the nuclear security regime is to adequately perform in the evolving risk environment, it needs to be sustained over time by key elements of organizational culture at both national and operational level. Both levels of the nuclear security regime need to work together in a consistent and complementary manner. The national level includes those elements of the nuclear security regime addressed by the state and its competent authorities that have general, statewide applicability. The national level thus includes responsibilities for: developing and implementing the overarching policy and strategy that support the integrated approach to nuclear security; developing and implementing the legislative and regulatory framework for nuclear security; assigning the roles and responsibilities for nuclear security; and defining the threat at the national level. National level competent authorities may also participate in the implementation of operational nuclear security measures. The operational level includes mostly those nuclear security systems and measures which are implemented at a facility. Operating entities and organizations may include authorized persons, facilities, shippers, carriers, and the frontline officers (e.g., customs and border control, law enforcement and military personnel) with responsibilities for sustaining nuclear security systems and measures applicable to nuclear material and radioactive material, facilities where such material is produced, processed, or disposed of. Also, the operational level covers material in transport as well as detection and response to a nuclear security event. With this division of responsibilities, the national and operational sustainability objectives and implementing actions largely depend on the views, attitudes and behavior of people involved, particularly in leadership positions. The senior management is expected to demonstrate its leadership by establishing and advocating an organizational approach to security that acknowledges the three interactions between people, technology, and the organization. By acting as role models, senior managers establish the acceptance of personal accountability in relation to security on the part of all individuals in the organization and establishing that decisions taken at all levels take account of the priorities and accountabilities for security. They develop individual and institutional values and expectations for security throughout the organization by means of their decisions, statements, and actions. Their actions serve to encourage the reporting of security related problems, to develop questioning and learning attitudes, and to correct acts or conditions that are averse to security. At the level of operating organizations, priority is given to continuous security awareness

3.2 IAEA Model of Security Culture

33

raising actions, including both an appreciation of the threat and recognition of the need for nuclear security, through regular communication with all staff. We can deduce the role of security culture from the IAEA definition of nuclear security as the “prevention and detection of, and response to, theft, sabotage, unauthorized access, illegal transfer or other malicious acts involving nuclear material, other radioactive substances or their associated facilities” [3]. Developed in the aftermath of the 9/11 terrorist acts, this new concept of nuclear security is noteworthy in that it goes beyond physical protection, accounting, and control measures. It is a cross-cutting concept that, explicitly or implicitly, covers a wider playing field. It has come to enfold cargo inspection; customs and border security; export control and cooperation to identify and interdict shipments of weapons-related matériel; interception of illicit trafficking; and personnel-reliability screening and training.

3.2 IAEA Model of Security Culture Since nuclear infrastructure is a highly regulated sector, the IAEA security-culture model combines top-down with bottom-up approaches, on the logic that both practices introduced from the top and attitudes emanating from the bottom of an institution contribute to building a healthy culture [1]. Also, relevant to understanding mechanisms of nuclear security culture and the overall organizational culture is how these mechanisms help detect, interpret, and manage departures from norms and expectations. What differentiates one organization from another is the extent to which people agree on what is appropriate and how strongly they feel about the appropriateness of an attitude or behavior. If under the prevailing culture most people feel strongly about the importance of certain values related to security, there is little latitude for deviation; the staff addresses even slight departures from standards swiftly and as a matter of priority. The IAEA model consists of thirty characteristics and a set of associated culture indicators for each characteristic in its management segment and two behavior segments for leadership and personnel. (Culture indicators and their meanings are discussed in Appendix A.) The ultimate objective is to achieve five core characteristics of personnel behavior, namely professional conduct, personal accountability, adherence to procedures, teamwork and cooperation, and vigilance. The IAEA methodology recognizes that even a structured series of characteristics cannot be comprehensive. Nor can it apply to all circumstances. The objective in providing these characteristics and their indicators is to encourage organizations and individuals to undertake self-examination. The main intent is to stimulate thought rather than to be prescriptive. Also, it is evident that history, traditions, and established management practices often leave a distinct imprint on national security culture as it is observed in different regions and countries. In other words, characteristics of security culture listed in the IAEA methodology can be adapted for specific situations and requirements. It is demonstrated in Chap. 9 by examples of biorisk management culture and compliance culture in foreign trade.

34

3 Security Culture in Nuclear Facilities and Activities

Security-culture indicators are assigned to the characteristics and help describe their meanings, measure the state of culture, and identify practical ways to improve the organization’s security performance. The main purpose of employing indicators is to stimulate thought. Indicators suggest a way to evaluate relevant characteristics and forge a framework under which to facilitate change and development while promoting desirable and discouraging undesirable behavior. In other words, these metrics broaden people’s range of thinking about what constitutes a solid foundation for security. Using them encourages managers to reflect upon security culture and attunes them to the role of the human factor. A thorough review of these cultural markers helps the leadership reflect on the state of nuclear security in their organization, identify human-factor-related gaps in their security regime, and take corrective measures, even without undertaking a full-scope self-assessment. Simple selfreflection does not preclude a full self-assessment should it become necessary to check whether the original diagnosis of a problem was correct, whether corrective measures adopted were effective, and whether the organization is on the right track toward enhancing its nuclear security. A security-culture program also makes use of positive indicators. Positive indicators measure actions taken proactively to improve security, or to prevent security from being degraded, rather than measuring deficiencies after the fact. However, indicators cannot reveal underlying attitudes, so follow-up analysis is necessary to glean insights into how to improve. Combined use of several assessment methods can help to pinpoint root causes and solutions. Indicators can be modified, or additional indicators developed reflecting the profile of the organization and its activities. Assessment teams can develop new indicators based on specific criteria such as: • Whether the indicator is implementable and reliable. • Whether the indicator is relevant and measures what it is intended to measure. • Whether the necessary data are available or can be generated to provide input on the indicator. • Whether the indicator is susceptible to bias or manipulation. • Whether the indicator can be easily and accurately communicated. • Whether different groups interpret the indicator the same way. • Whether the indicator applies broadly across the organization’s operations. • Whether the indicator can be validated. To sum up, culture indicators perform at least three main functions: (a) monitor nonproliferation and security awareness in an organization; (b) determine tools and procedures to tighten security; and (c) motivate the management and staff to take all necessary actions. The purpose of a security-culture self-assessment is to foster excellent security performance in advance of or in response to risks, including insider threats, by providing a clear picture of the influence of the human factor on the organization’s security regime. Compiling such a picture means evaluating key characteristics using indicators as benchmarks.

3.3 Beliefs, Assumptions, and Value

35

3.3 Beliefs, Assumptions, and Value Schein’s model was successfully used in the 1990s to develop nuclear safety culture after the Chernobyl accident (1986), which revealed serious gaps in safety compliance and a disastrous failure of the human factor. Given the many synergies between safety and security and their overlaps as part of the larger organizational culture, the model provides a ready-made analytical framework for exploring and improving nuclear security culture. Schein defined culture as “a pattern of shared basic assumptions that the group learned as it solved its problems of external adaptation and internal integration that has worked well enough to be considered valid and, therefore, to be taught to new members as the correct way to perceive, think, and feel in relation to those problems” [4].

Box 3.1: What Are Violations and Why They Happen Violations are characterized as the intentional (with forethought) circumvention of known rules or policy. A violation involves the deliberate deviation or departure from the expected behavior, policy, or procedure. Most violations are well intentioned, arising from the genuine desire to get the job done according to management’s preferences. Such actions may be acts of omission (not doing something that should be done) or commission (doing something wrong). Usually, adverse consequences are unintended and are not acts of sabotage. The deliberate decision to violate the rule is a motivational or cultural issue. The willingness to violate the rule is generally a function of the accepted practices and values of the immediate work group and its leadership, the individual’s character, or both. In some cases, the individual achieves the desired results wanted by the manager while knowingly violating expectations. Workers, supervisors, managers, engineers can be guilty of violations especially when they are not fully aware of the objectives and the background of a given action. Events become more likely when someone disregards a safety or security rule. A couple of strong situations that tempt a person to do something other than what is expected involve conflicts between goals or the outcome of a previous mistake. People are usually overconfident about their ability to maintain control. The following circumstances prompt a person to violate expectations: • • • •

Absence of authority in the immediate vicinity. Emulation of role models of their choice. Low potential for detection. Pressure from co-workers.

36

3 Security Culture in Nuclear Facilities and Activities

• Individual’s perception that he or she possesses the authority to change the standard. • Standards are not important to the management. • Competition with other individuals or work group. • Obstacles to achieving the work goals. • Precedents: “We have always done it this way” (tacitly practiced by management). Applied to security, the essence of organizational culture is jointly learned, relevant values, beliefs, and assumptions that become shared and eventually come as second nature as a nuclear facility conducts its security focused operations. To paraphrase Edgar Schein, they become shared, sustainable, and taken for granted as new members of the organization come to realize that the beliefs, values, and assumptions prevailing among the leaders and the staff lead to organizational success and, therefore, must be “right” [5]. Beliefs and assumptions that affect nuclear security are formed in people’s minds over time and become causal factors in both the precursors and responses to security events. Without a strong substructure of beliefs and assumptions about threats, an effective nuclear security culture cannot exist. Efforts to instill security-conscious beliefs and expectations must be carefully calibrated to reach everyone working in the facility and not just the organization’s security professionals. Outreach to the local community, which acts as a potential first line of defense against external threats, is also imperative. Two major sources in this process are leadership practice and work experience. Leaders need to lead by example to forge the appropriate patterns of a security-related mindset within the staff. The category of leadership is broken down into two tiers, in which distinctly different roles help shape beliefs and attitudes. Top leaders create visions and strategies, meaning a sensible picture of the future along with a logic for how the vision can be achieved. Managers also focus on plans and budgets, devising specific steps and timetables to implement the strategies, drawing up actionable plans, and allocating funding to execute the plans. The role of a leader in promoting security culture is particularly important in societies with strong paternalistic traditions and where the decision-making process is highly centralized. Since most people within an organization share common experiences, they also come to hold the same unconscious assumptions. For example, if staff members are allowed to enter access-controlled areas without following strict protocols, then essentially all staff will come to an unconsciously acquired assumption that there is no insider threat. The most important assumption for the nuclear security culture of an organization is that there is a credible insider and outsider threat, and that nuclear security is important. In other words, there must be an underlying assumption of vulnerability that permeates the whole workforce, not the organization’s security specialists alone. According to Edgar Schein, “the essence of a culture lies in the pattern of underlying

3.3 Beliefs, Assumptions, and Value

37

assumption” (“beliefs and attitudes in the IAEA Model”), and “once one understands those, one can easily understand the other visible surface levels and deal appropriately with them” [6]. An effective nuclear security requires a set of principles (Schein’s “espoused values”) that leaders can instill in the organization to guide policies, decision-making, management systems, and the behavior of people at all levels. Individuals should be inculcated with these principles, and they should be applied clearly and consistently across the organization. The main principles of nuclear security culture include motivation, leadership, commitment, responsibility, professionalism, and competence, as well as learning and improvement. They are all equally important, but education and training are integral to the implementation of other principles. Depending on the profile of the organization and its specific needs, these principles may include a wide variety of training modules comprising initial training, periodic training, ongoing programs, assessments, and quality assurance on training and trainers. As noted by Roper, Gran, and Fischer, “Security education, as such, is implicit in your day-to-day activities and interaction with organizational personnel. It must be a continuing influence during the employment life cycle of everyone. It is not only the responsibility of security people, but of all people” [7]. Any continuous improvement in security culture is a time-consuming and bumpy path. Complacency is a real danger since no major terrorist attack has yet taken place against nuclear power infrastructure, and since there have been no malicious uses of nuclear or radiological materials yet. Making culture promotion efforts sustainable will remain a problem so long as the threat appears remote and abstract. One way to promote security culture sustainability is to develop a mechanism for integrating security culture into well-established societal values using this IAEA generic model as a template. To this effect, a two-tiered cultural architecture would consist of (a) a facility-based model at the micro level, which would derive its strength in part from national perceptions and relevant policies toward nuclear issues; and (b) general societal values at the macro level. Ideally, these two levels should combine and reinforce each other—harnessing the human component to generate a nuclear security culture that spans the entire society. If at the beginning of this chapter we discussed nuclear security culture to sustain nuclear security at the national and operational levels, here the focus is on sustaining nuclear security culture itself. Input from the macro level, which can have an effect on efforts at the facility level, would include: (a) the nature of compliance with international legal instruments and participation in collaborative programs; (b) the weight placed on nuclear security by the national leadership: (c) the consistency with which the nuclear industry focuses on nuclear security and related issues; (d) criminalization and punishment of crimes associated with nuclear terrorism; (e) general public awareness of and involvement in security matters; and (f) a greater role for universities and other educational institutions. The performance and sustainability of security culture ultimately hinges on security perceptions shaped by national and industry leaders. The two levels should work together toward promoting and popularizing nuclear security culture.

38

3 Security Culture in Nuclear Facilities and Activities

3.4 Management Systems The difference and similarity between a leader and a manager may be summarized as follows: leaders and managers are not different positions; they are different functions often carried out by the same person. In other words, it is the use of individual’s capabilities and competences to give direction to the staff for achieving key security objectives by applying the security culture principles based on shared goals, values, and behavior. A good leader and manager can change culture by intervening at all levels: they can develop new and different assumptions and patterns of thinking about threats to nuclear security, they can establish new patterns of behavior with more emphasis on vigilance, and they can change physical environment, the language, and guiding principles consistent with their situational awareness and relevant security culture priorities. The culture, therefore, tends to mirror the real intention, specific actions, and policies of the upper levels of leadership and management; therefore, this group of individuals play a unique role-modelling function in contributing to a robust security culture. Which leadership styles can be effective to foster nuclear security culture? They must be visionary, i.e., leaders mobilize action toward a strong powerful vision; affirmative, i.e., leaders create emotional bonds, build relationship and harmony; participatory, i.e., leaders involve employees in decision-making; coaching, i.e., leaders coach and develop people; pacesetting, i.e., leaders expect excellence and self-direction. A sound management system is based on a commitment to the quality of performance in all nuclear security activities—making it clear that security has a high priority. If there is a conflict regarding the relative priority of safety, security and operations, senior management is authorized to resolve the conflict, while considering the overall impact of associated risks. This policy forms the foundation of the security management system. Among its priorities is to: • Employ the incentives and disincentives for desired patterns of behavior. • Seek continued improvement in nuclear security culture and work to prevent complacency from compromising overall security objectives. • Ensure that security technology is available, appropriately used and maintained while best practices and security procedures are properly implemented. • Encourage personnel to report any event that could affect nuclear security, rather than keeping the information to themselves. • Ensure that appropriate standards of behavior and performance associated with security are set and expectations for the application of these standards are well understood. • Reinforce a learning and questioning attitude at all levels of the organization. There are several tools by which leaders can effect cultural change through their visible actions (Table 3.1).

3.4 Management Systems

39

Table 3.1 Key tools for management to effect a cultural change Tool

Description

Attention

The values, beliefs, priorities of the leadership appear in where it concentrates its attention. Followers see what the leaders are focusing on, their actions, and pay close attention to their emotions

Reaction to crises

In crises, people’s deeper values are exposed, and observers will remember what happens more than at any other times. In other words, the leader’s actions will be taken to be a true example of what they really believe in

Role modeling

People listen to leaders and watch carefully what they do. Staff members assume the behavior of leaders is most likely what is right and will emulate that

Still, barriers exist and hamper efforts to achieve sustainable cultural transition unless the management can seriously address them. For example, multiple organization subcultures constrained by the ability to communicate between the top and bottom for the organization. Management styles based on professional and educational backgrounds may be different between departments which is likely to create inconsistencies and confusion in their communication channels. Some turnkey nuclear facilities have a multinational staff (for example, at the Barakah Plant in Abu Dhabi) and may encounter difficulties in building uniform segments of organizational culture and a genuine spirit of teamwork which is the foundation of a robust nuclear security culture. Figure 3.1 demonstrates a shift in security perception inside the organization under the impact of a robust security culture. From:

To:

Security is a technical problem limited to a group of professionals

Security is an enterprisewide problem

The Chief Security Officer is considered a technical advisor

The Chief Security Officer is considered an advisor to the business

Security is sporadically singled out for attention, funding, and justification

Security is integrated in planning and businessconduct cycles

Security is an expense

Security is an investment

The focus of security efforts is on threat, vulnerability, and protection

The focus of security efforts is on efficiency, organizational continuity, and preservation of trust

Fig. 3.1 Shift in security perception under the impact of a robust security culture

40

3 Security Culture in Nuclear Facilities and Activities

3.5 Security Culture Drivers One of those drivers is the international legal framework, both binding and nonbinding. The twelve “fundamental principles” of nuclear security were developed immediately after the 9/11 attacks and later codified in the 2005 Amendment to the 1980 Convention on the Physical Protection of Nuclear Material (CPPNM) which came into force eleven years later in May 2016. Its Principle F stipulates that “all organizations involved in implementing physical protection should give due priority to the security culture, its development and maintenance necessary to ensure its effective implementation in the entire organization” (IAEA INFCIRC/274/Rev.1/Mod.1 (Corrected)). Although security culture is listed alongside principles such as threat evaluation, graded approach, defense-in-depth, and quality assurance—implying coequal status—culture is an enabler and a driving force. It is an overarching and integrating concept without which most other fundamental principles cannot be successfully and fully implemented. The Nuclear Security Summits significantly boosted the concept and practical application of nuclear security culture though their documents are not legally binding. The Hague Summit in 2014, for example, encouraged all relevant stakeholders to build and sustain a strong nuclear culture to effectively combat nuclear terrorism and other criminal threats. The summit communique listed nuclear security culture as one of the three pillars of nuclear security—the other two being physical protection and materials accountability (http://2009-2017.state.gov). The Washington Summit in 2016, as the last in their series, adopted action plans with security culture components for international organizations and initiatives (the IAEA, United Nations and Global Partnership against the Spread of Weapons and Materials of Mass Destruction) which were to take over and further pursue the summits’ agendas (Acton Plans http://www. nss2016.org). The Code of Conduct on the Safety and Security of Radioactive Sources is a nonbinding instrument which stipulates that every state should ensure the promotion of safety and security culture with respect to radioactive sources (http://www.iaea.org/publications/6956/code-of-conduct-on-safety-and-sec urity-of-radioactive-sources) Following the 9/11 acts of terrorism in the United States, the Code of Conduct was revised to strengthen several security-related provisions and to address malicious and/or intentional misuse of radioactive sources. Most of the member states have made political commitments to implement the Code and signaled wide support for exploring prospects to upgrade it to a binding status. Many nonbinding documents cover a wide variety of sources which have direct or indirect impact on nuclear security culture. They include UN General Assembly and Security Council resolutions, UN declarations, technical recommendations, guidance documents, and many others which upon codification or endorsement can contribute to guiding principles or standards of the national legal frameworks. For example, the IAEA publications in the Nuclear Security Series are designed to assist states in implementing their obligations and develop a robust security culture. The series has

3.5 Security Culture Drivers

41

a four-tiered structure consisting of fundamentals, recommendations, implementing guides, and technical guidance (Fig. 3.2). On an individual basis, a multitude of sources can contribute, as was evidenced, to a personal mindset leading to acceptance and internalization of nuclear security culture. They include facility leadership behavior acting as role models, flexible management with an emphasis on the role of the human element, management practice for continuous learning at the level of organizations, IAEA programs, pilot projects and workshops, awareness raising arrangements, participation in relevant national and international events, increased emphasis on nuclear security in university syllabi and graduation requirements. Focusing on the people’s values, beliefs, and attitudes as components of nuclear security culture is perhaps the most effective way to deal with human fallibility and prevent security incidents. A robust culture is key to long-term and sustainable success for achieving high standards of reliability of nuclear facilities’ workforce, but culture is hard and slow to change. Hence, concentration on performance, training, error reduction and practice improvement is achievable in the short run as a vehicle to attain long-term objectives of an effective culture. To this end, a security incident must be seen as a failure of the existing multiple controls throughout the organization rather than blamed exclusively on the individual(s) involved. It takes a multi-disciplinary teamwork effort to learn lessons, to get to the root causes and to develop a roadmap to improve nuclear security culture.

Fig. 3.2 Nuclear security series (NSS) publications

42

3 Security Culture in Nuclear Facilities and Activities

References 1. International Atomic Energy Agency (2008) Nuclear security culture. Implementing guide. Nuclear security series no. 7. IAEA, Vienna, p 5 2. International Atomic Energy Agency (2013) Objectives and essential elements of a state’s nuclear security regime. Nuclear security series no. 20. IAEA, Vienna, p 10 3. International Atomic Energy Agency (2009) Nuclear security plan 2010–2013. Report by the IAEA director general. GOV (2009) 54-GC (53) (18), Aug 17, Vienna 4. Schein E (2004) The corporate culture and leadership, 3rd ed. Jossey-Bass, San Francisco, CA, p 17 5. Schein E (1999) The corporate culture: survival guide. Jossey-Bass, San Francisco CA, p 20 6. Schein E (2004) The corporate culture and leadership, 3rd ed. Jossey-Bass, p 36 7. Roper C, Grau, J, Fischer (2006) Security education, awareness and training. Elsevier, Burlington, MA, p 37

Chapter 4

Capacity and Competence Building for Nuclear Security Culture

Abstract Capacity and competence building for nuclear security culture is a systemic approach involving education, training, knowledge management, knowledge networks, stakeholders’ engagement, and other components. Practical support for the educational and training parts is provided mostly by national governments, institutions, and universities. The International Atomic Energy Agency (IAEA) International Nuclear Security Education Network (INSEN) is a major international player and coordinator in this field. Training is an organized activity aimed at imparting specific skills to help recipients improve nuclear security performance or maintain their skills at the required level. Initiated and operated by facility’s leadership, this multi-stage capacity- and competence-building process transforms the attitudes and behavior of personnel through security awareness, motivation, and commitment to a robust and functional nuclear security culture. Knowledge management is an integrated practice for acquiring, transforming, using, and preserving knowledge relevant to nuclear security. Knowledge networks include the collection of people with nuclear security knowledge and serve as a platform to enable the analysis and sharing of nuclear security expertise and experience. Several stakeholders, including regulatory bodies and the public, are involved and make an important contribution.

4.1 Cross-Cutting Function Human capacity and competence building is defined as a systematic and integrated approach that includes education and training, human resource development, knowledge management, and knowledge networks. These components are designed to develop and continuously improve the governmental, organizational, and individual competencies and capabilities necessary to achieve the goals of safe, secure, and sustainable nuclear programs, including nuclear security culture as a cross-cutting element. This cross-cutting application of nuclear security culture demonstrates its wide range of potential uses, as well as a requirement for a comprehensive human capacityand competence-building program that can meet the needs of each professional group. Generic references to culture in the IAEA Nuclear Security Series publications © The Author(s), under exclusive license to Springer Nature Switzerland AG 2023 I. Khripunov, Human Factor in Nuclear Security, Advanced Sciences and Technologies for Security Applications, https://doi.org/10.1007/978-3-031-20278-0_4

43

44

4 Capacity and Competence Building for Nuclear Security Culture

are not enough; they should be supported by internationally and nationally coordinated efforts to develop carefully calibrated tools to fortify the culture in nuclear organizations and activities. Competencies are knowledge, skills, and attitudes in a particular field, which, when acquired, allow a person to perform assigned tasks to identified standards. However, competencies comprising skills, knowledge, and attitudes are not sufficient. People must be empowered and motivated to put what they learn into practice. To acquire and retain various types of knowledge, appropriate knowledge management as well as education and training should be employed. Appropriate attitudes on the part of nuclear facility personnel are necessary, but they cannot be achieved through education and training alone. Attitudes also depend on individual characteristics and the overall organizational culture. The behavior of nuclear security managers and their ability to be everyday role models for their personnel are crucial factors. The role of experience in building capacity and competency is key to nuclear security and reliable operations [1].

4.2 Education Education builds capacity by facilitating the acquisition of expertise and skills for new and existing professionals to master the principles and technologies associated with the security of nuclear and other radioactive materials. The education component includes curricula, individual courses, and other formal instructional activities conducted through educational institutions or in other appropriate formats. Specialized education on nuclear security is designed to establish in-depth knowledge and lay the groundwork for a security culture—particularly for persons interested in pursuing a career in nuclear security, as these educated individuals will be expected in the future to design, develop, implement, and evaluate national nuclear security infrastructure. Regional education programs are useful in establishing a common understanding of nuclear security culture and enhancing collaboration on nuclear security with neighboring countries. Before embarking on any educational program, an assessment of the nation’s needs in relation to nuclear security may be conducted as part of the initial set of tasks when drawing up national policy and strategy toward the nuclear sector. The process of determining educational needs includes evaluating the current capabilities of both existing academic facilities and technical education institutions to ensure that faculty have sufficient expertise to provide instruction related to the security of nuclear and other radioactive materials. A comprehensive plan for either upgrading existing education curricula or developing new curricula may be formulated in conjunction with the development of national policy and strategy for nuclear security education. For structured formal education programs, curriculum development is an important consideration for achieving awareness and culture-building goals. The curriculum for nuclear security education programs is collaboratively developed by relevant stakeholders, which

4.2 Education

45

could include law-enforcement and military academies, other designated nuclear security implementers, and universities and national research institutions. Education programs are tailored to meet the needs of the organization responsible for implementing nuclear security and include, but are not limited to, regulatory bodies and other competent authorities, law-enforcement agencies, and operators. Cooperation with other states and international organizations should be pursued to provide insights into the competencies and resources necessary for implementing the national nuclear security program. Prior to the development and implementation of education curricula, it is useful to harness opportunities for education at institutions in other states, either by sending students abroad to gain experience or by employing nuclear security specialists from other states to provide academic and practical education. The need for human-resource development programs in nuclear security was emphasized at several IAEA General Conferences and Board of Governors meetings. The IAEA took the lead and developed, together with academics and experts, an educational program in nuclear security for a Master of Science (MSc) program and a certificate program to assist states in adopting such programs in the future [2]. The main objective of the “Educational Program in Nuclear Security” released in 2010 in the Nuclear Security Series was to provide detailed guidance for the MSc and certificate programs. It is intended to help universities and other academic institutions develop their own curricula in nuclear security or expand existing academic programs related to this subject. Practical support to member states in implementing their own nuclear security education programs comes from the International Nuclear Security Education Network. Established in March 2010, the INSEN is a partnership between the IAEA, research institutions, and other stakeholders committed to ensure the sustainable establishment of nuclear security education. It achieves this objective through collaborations in the following areas and activities: • Development of peer-reviewed textbooks, computer-based teaching tools, and instructional materials, including exercises and materials for laboratory work. • Faculty assignment and development in the different areas of nuclear security through mutual faculty exchanges or joint development and implementation of in-depth nuclear security training programs. • Student exchange programs to foster international cooperation and exchanges of information. • Quality assurance: consistency with IAEA-defined terminology described in the IAEA Nuclear Security Glossary, the Fundamentals, and other publications. • Thesis evaluations, coordination, and improvement. • Performance of surveys on the effectiveness of nuclear security education among students and faculty. With its membership close to 200 institutions, the INSEN is an informal program open to any educational and research institution that is already involved in nuclear security education or plans to offer it in the future. The role of the IAEA includes convening annual INSEN meetings, putting together subjects for discussion (in

46

4 Capacity and Competence Building for Nuclear Security Culture

consultation with INSEN members), and reporting on the status of ongoing activities. In addition, the IAEA facilitates the INSEN hub by providing and maintaining an IAEA nuclear security web portal where educational materials and information about the network’s members are regularly posted and updated.

4.3 Training It takes a well-trained workforce to establish and maintain a robust nuclear security culture. Select members of this workforce may act as subject-matter experts when developing more extensive training and educational materials and serve as resource persons for expanding the national capacity for nuclear security. Training is an organized activity aimed at imparting implementation-specific procedures to help recipients improve their performance or attain and maintain a required skill level. Comprehensive training programs can improve the efficiency of and strengthen nuclear security capabilities by: • Developing practical and operational knowledge and skills among various stakeholders and contributors to security culture. • Improving and sustaining operational readiness in response to evolving missions, threats, and technologies. • Strengthening multi-jurisdictional and multinational coordination, communication, and partnerships. • Clarifying organizational structures, roles, responsibilities, and authorities. • Sustaining connections with awareness and exercise programs within the nuclear security culture. Training, both knowledge-based and skill-based, is carefully designed to ensure quality and effectiveness for the personnel being trained. Determining what needs to be taught in the training program is critical to this process. This is accomplished through following a systemic approach to training (SAT), which comprises five basic activities: analysis, design, development, delivery, and evaluation. Evaluation occurs at each step of the process and at the completion of the training cycle. The staff then acts on the evaluation results to constantly improve training activities.

Box 4.1: IAEA E-Learning Program IAEA’s Division of Nuclear Security developed an e-learning suite based on the IAEA Nuclear Security Series to provide all staff with nuclear security responsibilities or interested members of the public with a basic understanding of nuclear security principles. Over 20 modules are available on the following topics:

4.3 Training

47

• Crosscutting topics (nuclear security culture, international legal framework, overview of IAEA nuclear security series publications, nuclear security threats and risks, radiation basics and consequences of exposure to radiation) • Nuclear security of material and facilities (categorization of radioactive material, radioactive sources and their application, nuclear material accounting and control for nuclear security, nuclear security threats and risks, physical protection, preventive and protective measures against insider threats, transport security) • Nuclear security of material out of regulatory control (nuclear security detection architecture, radiological crime scene management, nuclear forensics, radiation detection instruments for frontline officers) • Information and computer security (cyber threats, security of nuclear information, computer security assurance activities) Learners receive a certificate after completing each module (and passing a final test, if applicable). Certificates remain available under learner’s account, but they may also be downloaded as a PDF or printed for records. The module on nuclear security culture discusses how human factors contribute to security effectiveness, the nuclear security concept, who is involved in the establishment and sustainability of nuclear security inside an organization, and the steps required to assess and enhance nuclear security culture. More information at: http://elearning.iaea.org/ and CLP4NET. [email protected] In building capacity for nuclear security, training programs at organizations aim to fill gaps between the actual performance of personnel working in an area of nuclear security and the required knowledge and skills needed to follow the IAEA guidance relating to nuclear security. This approach assures the facility meets national and international requirements arising from the legal framework. Based upon the assessment of training needs, training is designed and developed using different platforms to accomplish identified learning objectives: (a) Training and Practical Training: Training often includes a mixture of traditional methods (classroom-style education) and experiential learning (practical, hands-on training that can be linked to specific threats or modes of operation). Traditional training employs textbooks, educational films, and equipment demonstrations. Practical training for nuclear security and culture may include training with relevant equipment, practicing security functions, or practicing using analytical software. A mock or model facility such as a gateway, port, or inspection station may prove useful for practical training. (b) On-the-Job Training: Because training consumes significant time when conducted at off-site locations, many organizations mandate on-the-job training

48

4 Capacity and Competence Building for Nuclear Security Culture

for their personnel. On-the-job mentorship by an experienced officer adds broader context for nuclear security systems and measures, deepening trainees’ understanding of their profession. When the site invests in new capabilities, top leadership often turns to experienced workers to operate the equipment. (c) Virtual Training: Like train-the-trainer strategies, virtual learning can help minimize costs and disruptions to operations by making training more accessible to personnel. Virtual training can be of several types, including e-learning (i.e., a computer-based training class), response simulators, and virtual reality. However, it is important to keep in mind that not all training topics lend themselves to the virtual environment. (d) Collective Training: Collective training may be a valuable complement to individual training by offering opportunities for collaborative learning. In such opportunities, participants depend on one another’s skills and resources to maximize the learning experience. Collective training involves extensive interaction, accountability to other participants, and engagement in common tasks. (e) Train-the-Trainer: Methods such as train-the-trainer can help manage the high costs of training personnel and maintaining their skills. Under this model, one person is selected to become an expert by attending an initial or refresher training class. This person subsequently returns to serve as a local trainer for the rest of the nuclear security personnel. This method allows for quick and efficient dissemination of critical skills and knowledge across the nuclear security regime while also managing costs. Training is generally focused on learning a new skill or improving performance at a specific job. Fundamentally, a systemic approach to training should help provide the training that is needed to address performance requirements within the established competence framework. The first step of SAT is to determine the training needs of the target audience. This is an expansive task that involves analysis of the performance requirements (i.e., duties and tasks) of individuals who have direct responsibility for planning, implementing, or evaluating the effectiveness of the nuclear security program. In this analysis phase, tasks are analyzed to determine which are critical (and require formal training) and which are less critical (and may be learned through other means, such as on-the-job training, and reading assignments). Training objectives are formulated based on the analysis phase and are organized into a logical progression of exercises designed to ensure mastery of each lesson’s objectives. Once designed, the content of each lesson is documented in a lesson plan, which includes directions for the instructor while identifying training aids to enhance learning (such as visual aids, models, and simulations). The training is then delivered to students in accordance with the lesson plans. At each step in the process, the activities performed, and the products developed are evaluated. Evaluation not only measures the internal validity of the training as it is being developed, but also determines whether the training was effective and how it may be improved for the next round of training, thereby ensuring a process of continuous improvement. Several IAEA publications describe the systematic approach to training in detail and explain how it applies in a range of areas [3]. Effective training is necessary to build a cadre of expertise that will serve

4.3 Training

49

nuclear security program managers, directors, and technical experts and to equip curriculum developers and instructors to strengthen nuclear security capacity. Overlapping objectives and the combined effects of education and training contribute significantly to enhanced security awareness. Awareness is widely understood as a fundamental state of knowledge about nuclear security along with an associated set of beliefs regarding nuclear threats, nuclear security systems and measures, and organizational roles and responsibilities. Awareness-raising efforts are less formal than education or training in their method of development, delivery, and measures of effectiveness. Security-culture awareness programs are developed in coordination with safety awareness programs to achieve effective and complimentary safety and security cultures. To optimize an awareness strategy, the following goals and objectives are established: • Providing individuals with knowledge and guidance pertaining to their roles and responsibilities, improving operational readiness in case of a nuclear security event. • Providing foundational knowledge (e.g., information on nuclear material threats, nuclear detection options, and operations) for building a nuclear security culture. This knowledge base allows for advanced training and a broader understanding of one’s mission. • Fostering the development of political will among government entities and organizations. This political will is critical to building and sustaining nuclear security capabilities and programs. Internalizing the critical nature of nuclear security— in other words, coming to regard the need for it as self-evident—will also lend legitimacy to security-related activities undertaken by government. • Promoting a common terminology and basis for raising awareness among the public and nongovernmental organizations. Security awareness is likely to remain a passive construct unless the workforce resolves to take a more proactive approach, which is the underlying principle of culture. Both personal and group motivational systems include a range of administrative tools to achieve this goal. For example, astute managers visibly encourage, recognize, and reward commendable attitudes and behavior. They stress the responsibility to watch for and report unusual occurrences. Well-designed reward systems recognize staff contributions to maintaining nuclear security. And when staff members are aware of the systems of rewards and sanctions relating to nuclear security, they are more likely to remain vigilant in the workplace. A main objective of the awareness raising program is not only to inform the personnel of the existing risks but rather to convince that they are serious and applicable to the entire organization and therefor personally to each employee. Motivated to internalize nuclear security requirements and develop the desired behaviors, the workforce moves closer to a robust and sustainable nuclear security culture (Fig. 4.1). The multidisciplinary approach to education and training encompasses a variety of managerial, organizational, behavioral, and other issues. There is no need to choose between technology-centered and human-centered syllabus design. Rather, internalization of security culture arises from the interplay among awareness, motivation,

50

4 Capacity and Competence Building for Nuclear Security Culture

Fig. 4.1 Building capacity and competency for nuclear security culture

and commitment. In other words, a major objective of nuclear security education and training is to facilitate human interactions with technology—both hard and soft—in security systems, with a view toward helping staff members recognize problems, identify emergent events, anticipate patterns that might lead to a security breach, and take corrective action. The more sophisticated security technologies and arrangements are, the more important it is for personnel within the organization to undergo training to design, operate, maintain, and improve these technologies and arrangements. Supplementary Tool. As security culture and its methodologies mature, its components may be added to the education and training toolset for nuclear security. Below are examples of how and why security-culture assessment can help move organizations along their learning curve and supplement conventional classroom practice: • Preparation for the self-assessment process highlights the importance of nuclear security throughout the organization. Usually, senior management is seen as having initiated and supported the assessment. The head of the organization releases a directive stating its purpose, outlining the procedure for carrying it out, and explaining how the results will be used. • Surveys and interviews are self-assessment tools that involve a major portion of the workforce, enlisting them as active partners rather than passive observers in the classroom. • Though culture indicators backed by the IAEA are mostly generic, it is important to encourage self-assessment teams at each organization either to adjust the indicators to their needs or to develop their own consistent with the profile of the organization and known vulnerabilities it confronts. As a result, survey respondents can clearly see what they do fits into the security regime.

4.4 Nuclear Knowledge Management

51

• Interviews allow for personal contact between an interviewer and a respondent, ideally starting an unconstrained flow of information and providing a chance for respondents to review their own role in the security regime. • The self-assessment process culminates in a final document summarizing the findings, setting the foundation for communicating key messages, and providing a baseline for subsequent discussions. The challenge for practitioners is to figure out how to combine self-assessments with traditional training in a way that raises the effectiveness of both in a mutually complementary manner. For example, a self-assessment of security culture could be preceded by a classroom training session to explain and discuss such topics as the meaning of culture indicators used for surveys, interviews, or focus-group discussions. On the other hand, before recommending a focus for self-assessment, the management should review the records and syllabi from the most recent nuclear security training sessions to identify issues that were covered by those sessions and complement the classroom experience with practical insights. There is a great need to include the concept of nuclear security culture and its methodologies in existing nuclear security education and training modules as a cross-cutting topic, and as a means of bolstering the efficiency of learning methods currently being used.

4.4 Nuclear Knowledge Management It is important not only to amass adequate technical knowledge, expertise, and culture in nuclear organizations but also to maintain the knowledge base once amassed and to ensure it is available when needed. Sustainment involves sharing the experience, skills, and knowledge acquired from operating a nuclear security system among different actors within the security community to achieve better performance throughout the site. Lessons should also be transferred to individuals who have been newly assigned to security-related tasks and responsibilities, helping the facility continuously meet its nuclear security requirements. Therefore, knowledge management is an integral part of capacity- and competence-building programs and needs to be aligned with workforce-management strategies. The key criteria of knowledge management may include the following: promotion of knowledge transfer, knowledge sharing rewards, collaboration with higher education, teaching exchange, joint research projects, joint seminars, links with other R&D institutions. Knowledge management is an integrated, systematic approach to identifying, acquiring, transforming, developing, disseminating, using, and preserving knowledge relevant to achieving specific objectives. Accordingly, knowledge management activities need to involve the following basic processes: (a) Identification of Knowledge Needs. Identifying what knowledge needs to be managed for capacity-building purposes is the first important process in a knowledge-management cycle. The knowledge identified may be explicit, such as technical information on paper or in electronic media, or it may be tacit, such

52

4 Capacity and Competence Building for Nuclear Security Culture

as experience-based insights, skills, practices, and culture divulged by people who implement nuclear security measures. The identified knowledge, either explicit or tacit, needs to be recorded and stored in an organizational knowledge database. (b) A Process of Acquisition of the Necessary Knowledge. The acquired knowledge needs to be transformed and interpreted for specific capacity-building needs. The transformation of knowledge could be performed by developing an implementation plan that allows new nuclear security knowledge to be tailored to national situations and arrangements. Interpretation in this context involves specifying what elements of knowledge need to be used for what purposes, such as problem-solving, development of new technology, or decision-making to achieve desired nuclear security performance. (c) Further Transformation of Acquired Knowledge for Special Needs Is Followed by Its Dissemination to Different Actors in the Nuclear Security System. After the transformation process, the knowledge is disseminated to people who need to know it to meet nuclear security objectives. Channels for knowledge dissemination are defined and optimized to ensure that the knowledge has reached and been understood by the intended recipients with due respect for its sensitive nature. (d) Preservation of Knowledge for Future Application. Knowledge preservation is a vital component of the knowledge-management cycle and is critical to maintaining and continuously improving the capacity of a nuclear security system. Knowledge preservation requires a system with the ability to archive, retrieve, and protect acquired knowledge, and to maintain the usability of the knowledge for future applications depending on risk assessments and other considerations. Knowledge management needs to focus on organizational as well as individual knowledge and culture. Knowledge-management culture is an element that addresses the practices, behaviors, and attitudes that exist within a nuclear organization and together demonstrate the value ascribed to knowledge and lead to robust sharing of knowledge. Trust, teamwork, and active collaboration are all characteristics of a positive knowledgemanagement culture. The key indicators associated with them are a no-blame policy, rewards for sharing knowledge, a commitment to leading by example, and individual and team relationships. One type of activity regarding knowledge management for nuclear security capacity and competence is the establishment of a national database. For example, a national database of nuclear security terminology can be used to ensure that the nuclear security officers from all relevant organizations understand each nuclear function the same way and dedicate themselves to helping build capacity for newcomers with nuclear security responsibilities. Another example is a database of nuclear security personnel assigned common roles. Nuclear security-related knowledge refers to various aspects of nuclear security performance, including procedures, best practices, technical skills for taking physical-protection measures, and culture throughout the nuclear security apparatus.

4.5 Knowledge Management Networks

53

Accordingly, the validity, usefulness, and usability of knowledge differ from recipient to recipient depending on the roles that each recipient assumes in a national nuclear security system. This suggests that it can be beneficial to share knowledge among those who play common roles at different sites in a nuclear security system. In this regard, a database of nuclear security personnel assigned common roles could be useful to enable effective dissemination of knowledge among them, advancing national nuclear security objectives and culture. The IAEA has been a repository of knowledge related to peaceful applications of nuclear technology since the organization was founded in 1957. Nuclear Knowledge Management soon became a program to address member states’ priorities in the twenty-first century. Since 2002, several resolutions have been adopted at the IAEA General Conference, including knowledge-management topics. The conference urged the IAEA Secretariat to help member states, on request, to foster and preserve nuclear education and training in all areas of nuclear technology; develop guidance on and methodologies for planning, designing, and implementing nuclear knowledge-management programs; provide member states with reliable information resources; and develop tools and methods to capture, retain, share, use, and preserve nuclear knowledge. The IAEA has organized several international meetings, schools, and conferences covering a wide range of topics, from general concepts that underpin nuclear knowledge management to specific methods and tools taught at training seminars for practitioners.

4.5 Knowledge Management Networks Knowledge management can be supported through the development and use of knowledge networks. Knowledge networks include the corps of people with nuclear security knowledge and serve as a platform to enable the analysis and sharing of nuclear security-related expertise and experiences to supplement efforts to build national nuclear security capacity. Knowledge networks can be established at both the national and international levels to execute a variety of functions, including fostering nuclear security culture. Knowledge networks for nuclear security at the national level could provide a cadre of experts to groom human resources required to build national nuclear security capacity. For example, the pool of graduates of Master of Science programs in nuclear security might represent the list of capable people who are ready to serve as nuclear security officers in national authorities and other nuclear-related organizations. Establishing such a network helps equip the state with competent people to help meet its nuclear security requirements. This network could consist of various groups with different specialties, including analysis of national nuclear security policies, nuclear security risk assessment, design of physical protection systems, or assessment of nuclear security culture. Knowledge networks for nuclear security at the national level could also support overall effective knowledge management. Knowledge networks based on specific

54

4 Capacity and Competence Building for Nuclear Security Culture

types of responsibility in a national nuclear security system make ideal units for sharing knowledge among people with common jobs and best practices. Thus, they encourage continuous improvement of performance throughout the nuclear complex. National knowledge networks are also useful channels for implementing national nuclear security capacity-building programs. National capacity-building programs for nuclear security, such as Nuclear Security Support Centers (NSSCs), need involvement from all stakeholders, including regulatory bodies, nuclear operators, technical support organizations, law-enforcement agencies, and organizations responsible for responding to nuclear security events. The cooperation and coordination of these stakeholders are critical for optimizing the program to meeting national needs for nuclear security capacity-building. National knowledge networks for nuclear security are the basis for such cooperation and coordination. At the international level, knowledge networks facilitate instructive cooperation, share lessons learned, and serve as channels for international coordination. Knowledge networks can be erected among states that face common challenges in nuclear security, thus allowing participants to learn from one another and lift the aggregate standard for security. The international Network for Nuclear Security Support Centers (NSSC Network) is an example of an IAEA-supported knowledge network in nuclear security capacityand competence-building efforts. Sometimes referred to as Centers of Excellence, the NSSC Network is designed to facilitate the efforts of participating states to improve their capability for building capacity, including capacity in nuclear security culture. The primary role of an NSSC is to facilitate the development of trained and securityconscious human resources and to provide technical and scientific support to ensure the long-term sustainability of nuclear security and security culture. The network also provides opportunities for NSSCs to promote high-level nuclear security training and support services as a cornerstone in the development of sustainable national, regional, and global nuclear security training and support centers. In addition, the NSSC Network facilitates cooperation and assists with activities (including technical and scientific) while directing available resources to meet specific needs. To this end, this NSSC Network acts as a platform for standardizing the quality of nuclear security training in the same way that the IAEA supports the development of training curriculum and material under this framework.

4.6 Stakeholder Engagement Nuclear security culture at a facility has several important stakeholders, and understanding their various perceptions, beliefs, and attitudes is central to effective on-site security and to teamwork among all players. These stakeholders include regulators, law-enforcement agencies, off-site response forces, emergency services, suppliers, trade unions, and local communities. There are organizations and groups that are statutory stakeholders—those required by law to take part in planning, development, or implementation—as well as non-statutory stakeholders—those who take an

4.6 Stakeholder Engagement

55

interest in the nuclear security regime or stand to suffer direct or indirect impact from a nuclear incident. Excluding any stakeholder would damage prospects for building competence and capacity in the realm of security culture. Continual assessment of the stakeholder-engagement program is necessary to ensure that it achieves the goal of a robust security culture. Fundamentally, stakeholders for nuclear security culture should operate in a culturally compatible way. Regulatory Authority. Given the prominent status of nuclear security culture, it is natural that regulatory bodies step in and assume a leading role among other stakeholders. The objective of regulatory oversight for nuclear security culture at the licensees’ installations is to prevent, detect, and respond to conditions that could degrade security performance. Regulatory oversight of security culture complements compliance-based control carried out through inspections of facilities and activities to verify that licensees follow regulatory requirements under conditions specified in the license. Several generic functions of the regulatory framework are relevant and applicable to the oversight mission for nuclear security culture. These functions, as set forth by the IAEA, include: • Provide for the establishment of nuclear security regulations and requirements and associated procedures for applying for, evaluating, and granting authorizations or licenses. • Provide for the establishment of systems and measures to ensure that nuclear materials and other radioactive materials are accounted for or registered and are effectively controlled and protected. • Provide for the establishment of regulations and requirements for protecting the confidentiality of sensitive information assets. • Ensure that prime responsibility for the security of nuclear materials, other radioactive materials, associated facilities, sensitive information, and sensitive information assets rests with authorized persons. • Establish verification and enforcement measures to ensure compliance with applicable laws, regulations, and requirements, including the imposition of appropriate and effective sanctions to punish violations [4]. Developing a common understanding of security culture and establishing a positive dialogue with the licensee are of primary importance for performing effective regulatory oversight of security culture. Therefore, an oversight agency stands to succeed if it abides by three main principles: • Common understanding of security culture and its interface with safety culture. The nature of security culture is unique and needs to be dealt with in a different manner than compliance-based control. The interface with safety culture is critical to achieving a common language and framework that supports both the regulatory body and the licensee in their communication, given the significance of culture for security performance. • Dialogue. To gain a better understanding of security culture, dialogue is necessary to share information, including precursor events, and to communicate ideas and

56

4 Capacity and Competence Building for Nuclear Security Culture

knowledge that are often qualitative in nature. Dialogue supports creative and constructive ways to find solutions for continuous security improvements. • Consistency. Security-culture improvement demands continuous engagement from the licensee. Regulatory oversight of security culture therefore ideally relies on a process through which the regulatory agency continuously maintains and encourages engagement with the licensee. For better interaction as a stakeholder, the regulatory body is advised to stay away from detailed and rigid requirements. Instead, it should attempt to regulate security culture. It may focus on general requirements for management systems that help clarify security-culture expectations and enforce compliance with security-culture indicators. As with many other stakeholders, the regulatory body operates within a wide system that shares common societal values and norms. By directly and indirectly interacting, all players mutually influence each one another’s cultures. In this sense, the regulatory body is in a strong position, by virtue of its role, to profoundly influence a licensee’s security culture. It achieves this through regulatory strategy, the way it carries out its daily oversight work, the type of relationships it cultivates with licensees, the values it conveys, and the importance it assigns nuclear security. Hence, the regulatory body needs to be conscious of its own impact on the security culture of the organizations it regulates and oversees to avoid harmful interference with their security-related duties. What has been achieved so far not only offers new opportunities for enhancing and sustaining security culture but also poses several challenges. One such challenge is how to integrate regulatory bodies into the process and assign to them appropriate legal authority, with due regard for the special nature and complexity of nuclear security culture. Among the benefits from such involvement would be to empower regulatory agencies to help (a) harmonize practices relevant to achieving an effective and sustainable nuclear security culture; (b) harvest experience and lessons-learned from safety culture; (c) advance the safety-security-culture interface and synergies; and (d) open channels for sharing information and experience on the national and international levels. The Public. The public represents an important group of stakeholders outside the industry and the government whose potential must be included in efforts to deal with nuclear incidents. They are loosely described as “civic society,” a phrase embracing a diversity of spaces, actors, and institutional forms varying in their degree of formality, autonomy, and power. Civil associations commonly include charities, nongovernmental organizations, community groups, women’s organizations, professional organizations, trade unions, self-help groups, social movements, business associations, coalitions, and advocacy groups. Their boundaries overlap, and agendas often conflict with one another on specific issues. The public is a challenging stakeholder to deal with because citizens are deeply split regarding the acceptability and value of nuclear power and tend to express their feelings emotionally and differently. One area where consensus is probable and needs to be further nurtured is nuclear terrorism, which includes malicious interference in the operation of nuclear power infrastructure.

4.6 Stakeholder Engagement

57

In addition, there is a clear link in public perceptions between nuclear terrorism, nonproliferation, and nuclear disarmament that is crucial to diminishing nuclear risks, preventing nuclear disasters, and achieving international peace and security. Members of the public are poised to make individual contributions but often lack across-the-board coordination to perform this mission in a more meaningful way. As an integral part of this community, nongovernmental and academic groups can offer their expertise and resources to help focus government and industry efforts on the pressing issues of screening nuclear facilities, materials, and managing the risk of nuclear terrorism. They can come up with innovative solutions, enjoy the trust of the public at large, and exert influence on public opinion. Grassroots movements can lobby for their country’s participation in relevant international agreements and arrangements, advocate speedy ratification of international instruments by national parliaments, and develop proactive approaches while deliberating on proposed government policies. Religious organizations stand on high moral ground to condemn nuclear terrorism and enable local communities to succeed in building resilience as well as reducing the immediate and long-term physical and psychological impact of an accident if it happens. Finally, the independent media plays a vital role in keeping the public informed and has the responsibility for communicating accurate, reliable, and verifiable information. Due to terrorists’ dependence on the media to influence a population, the media must perform a careful balancing act between commercial interests and living up to expectations of good corporate citizenship. Indeed, modern society relies heavily on print, broadcast, and electronic media to alert, inform, and educate the public—roles that intensify during an accident, when warnings and civil notice must be disseminated quick The public should be aware that security is a key consideration for plant operations and view nuclear security culture as a sign of professionalism, skill, and responsibility by all actors involved in the protection of radioactive materials and their associated facilities and transports. Information about general security may be delivered, explained, and divulged provided it does not jeopardize the protection of radioactive materials, transport, and facilities. Details relating to sensitive security arrangements cannot be divulged to the public, but the release of appropriate information can be helpful in rallying public confidence and support for nuclear security. A public convinced of the need for nuclear security can have a positive impact on nuclear security culture through its attitudes or actions. A more empowered and awakened citizenry can contribute to an effective campaign for nuclear safety and against nuclear terrorism. By getting the public on board and recognizing it as a major stakeholder, a meaningful risk communication strategy and other relevant arrangements must be developed in pursuance of five interrelated objectives: (a) reach a common risk assessment enabling the public to be educated and prepared; (b) encourage a well-informed and well-motivated public to contribute to a healthy nuclear security culture; (c) build up public vigilance, persuading citizens to cooperate more closely with law enforcement; (d) reduce the immediate and long-term physical and psychological impact of a terrorist event by fencing off panic, boosting morale, maintaining credibility, and providing guidance; (e) maintain effective lines of communication with victims’

58

4 Capacity and Competence Building for Nuclear Security Culture

groups in the aftermath of major incidents. Hence, the public must no longer be looked upon only as potential victims or panicked masses, but rather as a vital contributing factor for more effective nuclear security and culture.

4.7 IAEA Activities in Nuclear Security Culture As a cross-cutting and underlying element of nuclear security, culture is either the centerpiece or a supporting feature of numerous IAEA initiatives and programs, which include developing guidance documents, boosting training and awareness in the realm of nuclear security culture, supporting official activities aimed at assessing and enhancing nuclear security culture, sending country missions to improve specific aspects of national nuclear security regimes, and many others. Some of these activities are briefly described below: (a) Coordinated Research Activities. Article III of the IAEA’s statute mandates that the agency encourages and assists research and development and practical application of atomic energy for peaceful purposes. The IAEA’s Coordinated Research Activities (CRAs) have been designed to contribute to the fulfilment of this mandate by stimulating and coordinating research by institutes in IAEA member states in selected nuclear fields. Coordinated Research Activities create fertile ground for bringing together scientists from developing and developed countries to meet, focus on well-defined areas of research, and exchange knowledge, experience, and ideas for mutual benefit. Most CRAs are carried out under the agency’s Coordinated Research Projects (CRPs), each of which brings together an average of fifteen scientific institutes from developing and developed countries to concentrate on problems of common interest. One of the RCM products is Technical Guidance on Enhancing Nuclear Security Culture in Organizations Associated with Nuclear and Other Radioactive Material (Nuclear Security Series No. 38-T, 2021). (b) Integrated Nuclear Security Support Plan (INSSP). The objectives of an INSSP are to identify and consolidate the nuclear security needs of an individual state into an integrated document that encompasses the necessary nuclear security improvements along with a customized framework for coordinating and implementing nuclear security activities conducted by the state, the IAEA, and potential donors. The INSSP is designed to identify actions required to ensure that a state’s national nuclear security regime is effective and sustainable based on nuclear security guidance from the IAEA. The plan is intended to provide a summary of information about all activities a state is currently undertaking or plans to undertake to tighten nuclear security. The INSSP nuclear security framework is organized around five distinct functional areas: legal and regulatory, prevention, detection, response, and humanresources development. The latter functional area encompasses nuclear security culture alongside other personnel matters. Development of an INSSP proceeds

4.7 IAEA Activities in Nuclear Security Culture

59

in four stages: initial draft; discussion, revision, and finalization of the draft; approval of the final draft; and implementation of the approved plan. (c) International Physical Protection Advisory Service (IPPAS). Created by the IAEA in 1995, IPPAS missions furnish a national government with peer advice on how to implement international instruments, as well as guidance from the agency on how to protect nuclear and other radioactive materials, facilities that handle these materials, and activities. An IPPAS mission is an assessment of the existing practices in a state, considering relevant international instruments and IAEA nuclear security publications. It is also an exchange of experience and accepted international practices aimed at strengthening the nuclear security regime, along with procedures and practices being followed by the state. This assessment includes a national-level review of the legal and regulatory framework and procedures in place to execute this framework at facilities and during transport. Table 4.1 provides a list of items (both at the state and facility levels) on which IPPAS missions focus. Security culture is a separate item to be performed at state and facility levels. An IPPAS mission is conducted by a team of international nuclear security experts who tap their extensive experience and international guidance to suggest improvements to the national nuclear security regime. The team reaches conclusions by consensus based on members’ combined expertise. The findings of IPPAS missions are reflected in mission reports that the IAEA treats as confidential information. An essential feature of this advisory service is that IAEA follow-up assistance can be made available upon request. Assistance includes training, technical support, and more targeted assessments of various elements of a state’s national nuclear security regime. Initial steps to build capacity and competency for nuclear security culture through methods described in this chapter accomplishes only half the mission. Culture tends to change under the influence of numerous factors, and to do so in unpredictable Table 4.1 Scope of international physical protection advisory missions (IPPAS)

State level

Facility level

• Institutional and organizational framework • Primary and secondary legislation • Threat assessment and design basis threat • Competent authority • Coordination with other organizations • Inspection and enforcement • Security culture • Information and computer security • Human resources • Other

• Security management • Security procedures • Security assessment capabilities • Protection systems • Security culture • Information and computer security • Other

60

4 Capacity and Competence Building for Nuclear Security Culture

ways. Such factors may include a change of an organization’s leadership or structure, mergers or recruitment of new employees, the overall economic situation, retooling projects, or new risks. It is up to all levels of management to gauge the status of the ambient security culture and stay a step ahead when introducing corrective measures to remedy past problems or striving to meet new challenges. One way to be proactive is to conduct regular self-assessments of culture and launch subsequent corrective actions and culture-enhancement measures to rectify whatever defects these inquiries unearth. Chapter 5 discusses this range of issues paving the way toward a robust nuclear security culture.

References 1. International Atomic Energy Agency (2018) Building capacity for nuclear security. Implementing guide. IAEA nuclear security series no. 31-G. IAEA, Vienna, pp 7–8 2. International Atomic Energy Agency (2011) Educational program in nuclear security. IAEA nuclear security series, no. 12, IAEA. Vienna. Superseded by IAEA nuclear security series no. 12-T (Rev. 1) 3. International Atomic Energy Agency (2001) A systematic approach to human performance improvement in nuclear power plants: training solutions. IAEA-TECDOC-1204. IAEA, Vienna; International Atomic Energy Agency (1999) Experience in the use of systematic approach to training (SAT) for nuclear power plant personnel. IAEA-TECDOC-1057. IAEA, Vienna; International Atomic Energy Agency (2000) Analysis phase of systematic approach to training (SAT) for nuclear power plant personnel. IAEA-TECDOC-1170. IAEA, Vienna 4. International Atomic Energy Agency (2013) Objectives and essential elements of a state’s nuclear security regime. Nuclear security fundamentals. IAEA, nuclear security series no. 20. Vienna, pp 4–6

Chapter 5

Assessing and Enhancing Nuclear Security Culture

Abstract Culture self-assessment identifies early warning signs of weaknesses, which is important for staving off events with significant consequences. Securityculture assessment has distinct features that make it different from a traditional audit or performance evaluation. Divergent, if not controversial, attitudes among the workforce toward security make the task of self-assessment challenging and demanding. Surveys provide clear and straightforward data, because anonymous respondents can express critical views without fear of retaliatory consequences. Interviews allow for flexible questioning, follow-up questions, and personal contacts between an interviewers and interviewees. Quantitative and qualitative methods should be viewed as complementary and as potentially contributing to more accurate and comprehensive results. Search for root causes of people’s behavior is a main mission of selfassessment. The self-assessment report serves as a basis for developing an action plan designed to address deficiencies and weaknesses in organization’s culture.

5.1 Role of Self-Assessment Security-culture assessment plays a key role in developing and maintaining an awareness of the strengths and weaknesses of organizational culture and of nuclear security culture as its subset. Culture self-assessment identifies early warning signs of weaknesses and is important because there is often a delay between the development of these early signs and the occurrence of an event involving significant security consequences. Weaknesses can interact synergistically to create an unstable environment that renders an organization vulnerable to security incidents. By being alert to the early warning signs, the leadership can initiate corrective action in sufficient time to avoid adverse consequences. By focusing on perceptions, views, and behaviors at all levels of the organization, regular assessments help managers understand the reasons for an organization’s patterns of behavior in certain circumstances and to devise more targeted and effective security arrangements. This may contrast with audit-type assessments, which accentuate technical issues more than the intangible human elements. Selfassessment requires conscious effort to think in terms of how individuals and teams © The Author(s), under exclusive license to Springer Nature Switzerland AG 2023 I. Khripunov, Human Factor in Nuclear Security, Advanced Sciences and Technologies for Security Applications, https://doi.org/10.1007/978-3-031-20278-0_5

61

62

5 Assessing and Enhancing Nuclear Security Culture

interact with one another, with the physical surroundings within the site, and with the external environment. The results of a security-culture self-assessment will rarely point directly to specific technical actions. Instead, they will shed light on why particular security-related issues emerge, what the root causes of problems may be, and how nuclear security overall can be improved. Security-culture self-assessment helps both those directly involved with nuclear security and the rest of the organization by illuminating the role of culture and its influence on security performance. An effective self-assessment encourages the staff to accept ownership of the results and facilitates decisions that foster continuous improvement. An attitude prizing continuous improvement derives in part from regularly held self-assessments and a sound understanding of an organization’s strengths and weaknesses, regardless of how well the organization is currently performing. Constant improvement involves searching for ways to refine organizational systems and processes after identifying how to turn changes in technology or changes in the external environment to advantage. The absence of an attitude favoring continuous improvement reveals itself in the form of complacency and organizational inertia. A lackluster institution superficially checks performance against targets while paying little attention to the real status of the security regime, as reflected in employees’ capabilities and the quality of security culture. The development of a continuousimprovement attitude depends strongly on leadership ability, the commitment of senior managers, and willing involvement of staff members in the learning and improvement process. Security-culture assessments have distinct features compared to a traditional audit or performance evaluation: • Such an assessment charts a learning curve rather than providing a checklist of expectations. • A significant purpose is to capture information that helps foster dialogue, reflection, and insight within the organization regarding its behavior. • It clarifies organizational effectiveness and how well it contributes to security. • It gives an organization the opportunity to proactively reduce latent systemic risks. • Specialized training is needed to observe and interpret cultural influences on security. • It is important to effectively communicate the findings of self-assessments throughout the organization to promote self-understanding of cultural patterns, and thereby create an opportunity to identify as well as positively shape these patterns.

5.2 Special Considerations for Security-Culture Self-Assessment The idea of helping sites self-assess their nuclear safety culture originated in the 1990s and continues to make significant progress. The International Atomic Energy

5.2 Special Considerations for Security-Culture Self-Assessment

63

Agency (IAEA) has released several documents to guide the self-assessment process and share best practices [1]. It has performed safety-culture assessments as part of OSART (Operational Safety and Review Team) missions. In addition, many other organizations, both commercial and non-profit, increasingly provide safety-culture assessments. The need for external experts stems mainly from the lack of expertise in behavioral science—the key to designing assessments and judging their findings— on most facility staffs. Like nuclear safety culture, security-culture assessment must balance between self-assessment with and without the involvement of outside specialists, as both modes have their advantages and disadvantages. Self-assessment team members possess in-depth knowledge of the organization, its people, its processes, and key influences on it. They are insiders and therefore have a stake in, and are more accountable for, improvement. On the other hand, self-assessments engage the biases intrinsic to any culture that examines itself. However good their intentions, staff members involved in selfassessment projects are not immune to this. There may be a need for external support and expertise to complement in-house efforts, particularly at the trial stages, and later to verify the assessment’s findings. Such oversight will help the leadership determine whether necessary expertise is available internally, and, if so, whether it is adequate. Organizations must be encouraged to develop skills related to selfassessment, including survey protocols, interview techniques, and findings analysis. In the light of stricter confidentiality requirements and more opaque methods in the security arena relative to safety, self-assessment is likely to become the preferred option. Other distinct features of security-culture assessment need to be taken into consideration: (a) Subcultures exist in any group. As a result, the overall culture is seldom homogeneous. Cultural analysis must therefore be open to the existence of various subcultures and be ready to examine the relationships among them. One important cultural fault line that pertains to security involves the difference in perceptions and attitudes between security and non-security personnel. A person who is not part of the facility’s security contingent may think security is someone else’s job, and that successes and failures in the security realm have little to do with anything that person does or fails to do. It is important to view security culture as the sum of these two subcultures. At the same time, understanding the distinct differences between security and non-security personnel is vital to a balanced and accurate assessment as well as to corrective management actions. (b) While it is safe to assume that most employees take ownership of nuclear safety, security may give rise to divergent if not controversial views among personnel. This dichotomy renders the task of self-assessment both challenging and demanding. Below is a sample list of attitudes toward security that security evaluators are likely to encounter over the course of a self-assessment: • Ownership—people assume responsibility and regard security as their business, feel accountable for security throughout the organization, and do not view the security staff as the sole actors responsible for the security program.

64

5 Assessing and Enhancing Nuclear Security Culture









They take partial credit for and ownership of the program and see the role of the security staff as to advise and assist them in making it work. Participation—people demonstrate an understanding of the need for security and comply with rules and regulations that focus on the benefits of security. They believe the security program and its specifics make sense and make a useful contribution to help the organization operate at acceptable risk. This category of employees is willing to cooperate and follow the rules going a step beyond the requirements, if necessary. Compliance—people follow the rules regardless of whether their compliance contributes to better security. These individuals do exactly what they are told to do in the security program, but if something is not specifically covered by the rules, they act as if it is not their problem. If they come under criticism for this approach, they claim they are very careful about following the rules and cannot be expected to be security experts and handle situations not covered by the rules. Apathy—people do not care one way or the other about security because they do not believe threats exist. They regard security programs as a countermeasure against a hypothetical threat. They may follow security regulations, but if noncompliance gets them in trouble, they do not go one fraction of an inch beyond that. This category of employees is reluctant to discuss security issues and prefers to stay away from efforts to support or improve security systems. Avoidance—people regard security as inherently dangerous, unnecessary, or even harmful. These employees do everything they can to keep from getting involved and turn a blind eye to the need to address security weaknesses or report cases of noncompliance. If these people see a situation that puts assets at risk, they ignore it and discourage others from getting involved or addressing it. They go out their way to avoid any sort of contact or collaboration with the security staff [2].

(c) Since the mission of nuclear security culture is to support, enhance and sustain nuclear security, self-assessment efforts will inevitably focus on beliefs and attitudes toward both internal and external threats. The former poses a special challenge. It is imperative that the entire workforce see security culture as a major tool to deal with insider problems. (Chapter 8 focuses on insider threat and suggests a methodology to address this issue.) (d) Because nuclear security at a facility has several important offsite stakeholders, understanding their perceptions, beliefs, and attitudes is central to an effective onsite security regime (see Chap. 4 regarding stakeholders). Mutual understanding fosters teamwork among all players. These stakeholders include lawenforcement agencies, response forces, first responders, and local communities. An assessment should gauge the extent to which a specific facility or other nuclear-related activity is culturally compatible with such offsite players. The unique features of nuclear security culture and assessments of it should not separate it from safety culture. They should complement each other as part of the

5.3 Process of Security Culture Self-Assessment

65

organizational culture. Moreover, safety and security must reinforce one another as the staff pursues the common objective of protecting people and the environment (see Chap. 6 regarding harmonization of safety and security culture).

5.3 Process of Security Culture Self-Assessment Self-assessment is a step-by-step process that could involve reviewing indicators and other sources to glean insight into the current state of security culture. If, however, management decides to launch a full-scope self-assessment, it may be reasonable to concentrate on core characteristics revealed by recent risk assessments, recommendations from competent authorities, and similar sources. Analyzing past security incidents and unearthing their root causes is yet another method for detecting security-culture characteristics that may pose risk and warrant attention. Since the ultimate objective of security-culture development is to instill high standards of personal behavior such as professionalism, a sense of personal accountability, determination to adhere to procedures, teamwork, cooperation, and vigilance, it would be useful to start a self-assessment by examining some of these qualities and their derivatives while focusing above all on their cultural roots. Cultural change takes place through a long-term process, meaning that the management and staff must maintain constant pressure to implant these qualities. As security culture must be periodically assessed to track progress and adjust programs, it is beneficial to institutionalize this activity inside the organization. A standing framework could include placing a senior manager in charge, periodically disseminating information about the status of security culture, and grooming a core group of staff members to undertake subsequent assessments. The cost of the self-assessment program should be factored into the organization’s budget. Typical costs include computer use, fees for outside consultants (if needed), printing of survey forms and other documents, and time spent by staff members on preparing, conducting, and analyzing the results of the assessment. Self-assessments should be scaled to the size of the organization, the composition of its workforce, and current and projected security risks. Self-assessment is an investment in better security, but it may be difficult to quantify the tangible benefits, at least from a short-term perspective. A prerequisite for successful self-assessment is ensuring confidentiality for its participants throughout its entire process. Evaluators should consider ways confidentiality might be breached before they begin collecting data and put strategies in place to protect it. Upon completion of the preparatory work, the process unfolds through six stages [3]:

66

5 Assessing and Enhancing Nuclear Security Culture

Stage 1. Launch an Outreach Campaign and Establish a Self-Assessment Team An important initial step is building commitment throughout the organization. Self-assessments commonly run into problems because of misunderstandings or apathy. To be effective, senior management must be seen as having initiated and supported the assessment team, commit sufficient time and resources, and develop a strategy to address the results of the process. A directive from the head of the organization is a useful vehicle for sending this message. Such a message should state the assessment’s purpose, outline procedure for carrying it out, and explain how the results will be used. Senior management must visibly involve itself throughout the process rather than delegating responsibility. Concurrently, all senior managers must grasp the scope of the self-assessment, agree to the composition of the assessment. A self-assessment team consists of staff members who represent different departments and are familiar with the procedures for conducting such a review. A staff member with practical experience in appraising nuclear safety culture would be very helpful as a member of the team. Also, comprehensive selfassessment requires suitable behavioral social sciences and organizational psychology resources to support the assessment process, either internally, through contracts, or through support from organizations, such as the IAEA. The first several assessments will benefit from the involvement of an independent expert to provide advice to the team, reduce bias, and share basic skills for interviewing staff members. If the national nuclear infrastructure is diverse enough and more self-assessments are expected in the future, the competent authority can request the IAEA to organize a briefing or training workshop on relevant methods and procedures.

Stage 2. Draft a Self-Assessment Plan and Prepare to Implement It The team and senior management work together to develop a self-assessment plan spanning the entire period of this process and paying due attention to the need to minimize the cost and avoid organizational disruptions. Methods to be included in the plan depend on several variables, such as the time allocated for its conduct, the availability of team members to perform their assessment functions, and budget considerations. These methods are broken into two categories: (1) non-interactive methods (document reviews, surveys, and observations) and (2) interactive methods (individual interviews and focus-group discussions). They both generate qualitative and quantitative data. All these methods have their strengths and weaknesses. It is therefore recommended that a “triangulated” approach be used, whereby a combination

5.3 Process of Security Culture Self-Assessment

of different methods is applied to the same phenomenon. Though triangulation does produce data drawn from multiple points of reference, it remains somewhat subjective. All abovementioned tools are important, but one recommended option to start with is combining non-interactive methods with interactive methods; for example, by carrying out a survey followed by a set of onsite interviews to eliminate possible gaps and clarify ambiguities. Other options are possible, and the choice is up to the Self-Assessment Team.

Stage 3. Start the Data Collection Phase: Survey, Interview, Document Review, and Observation After explaining to the organization’s staff the objectives of the self-assessment, pointing out that it will focus on attitudes and behavior, the team will launch the evaluation. One possible scenario is to conduct surveys, then follow up with interviews, while at the same time continuing a search for relevant information from document reviews and observations. The rationale for this stage is to get an insight into the state of nuclear security culture or its key aspects thereby helping the team determine which areas warrant further scrutiny and follow-up action.

Stage 4. Analyze Data and Consolidate Assessment Results Next, the team analyzes and integrates the results from the survey, interviews, document reviews, and observations. While surveys, for example, provide quantitative data, interviews can capture the quality of human interactions and experiences. Comparison across quantitative and qualitative datasets must be undertaken at the level of conclusions and themes, not beforehand. Results which may contradict each other need to be double-checked and clarified through all available means.

Stage 5. Develop the Outcome Model: Red, Yellow, and Green The next step is to develop a Model of Self-Assessment Outcome. It would be misleading to quantify the extent to which the results meet the indicators. Instead, a threelevel color coded scale provides the groundwork for identifying problem areas. The green level would signify good performance. It would show what needs to be reinforced to maintain momentum. Yellow would signal that despite some positive elements, certain gaps exist and must be dealt with. Red would indicate

67

68

5 Assessing and Enhancing Nuclear Security Culture

serious problems that must be addressed as a priority in the action plan. Most importantly, at this stage the team develops hypotheses to identify root causes of weaknesses or problems identified during the self-assessment. A short list of such hypotheses in the final report is designed to help the management draft a follow-up action plan to enhance nuclear security culture.

Stage 6. Discuss Preliminary Results Throughout the Organization, Submit A Final Report, and Support the Development of a Followup Action Plan The team communicates the security culture profile to the organization, requests feedback, and submits its final report. Some team members are invited to join management in developing an action plan. When developing the plan, it is important to go beyond visible behavioral artefacts to deeper intangible tiers of the culture. By identifying inconsistencies and conflicts between behavior, practices, and policies and the guiding principles of beliefs and attitudes, the plan’s drafters address the underlying causes of deficiencies and problems. This approach enables the organization to enhance nuclear security culture after the assessment.

5.4 Self-Assessment Tools It is up to the team to select assessment tools and their application methods depending on the profile of the organization and availability of participating staff. Each tool is designed to yield specific data to be integrated in the final analysis process. Below are a review of advantages and disadvantages of surveys, interviews, document review and observation. All together, they represent qualitative, quantitate and mixed approaches. Surveys provide a convenient way to obtain input from many employees. They are easy and quick to complete, helping minimize work disruptions while encouraging a high response rate. This method provides clear and straightforward data because anonymous respondents can express critical views without fear of retaliation. Surveys are important to self-assessment because, in addition to quantifying current perceptions, they establish a baseline for tracking changes over time. Hence, some key indicators from the initial self-assessment must be reused in subsequent surveys. Also, surveys make possible large-scale reflection on selected characteristics of security culture, helping the leadership compare responses from different groups and strata of the organization to identify pockets of cultural strength and weakness.

5.4 Self-Assessment Tools

69

Respondents to a survey can be asked to offer comments if they neither agree nor disagree with statements in the survey, or if they have additional information or opinions. Their comments are a valuable tool at any stage of the self-assessment. However, a note of caution is in order. Given the large number of responses demanded in a typical survey, writing fatigue may limit the number of comments. A prerequisite for self-assessments is to involve a full range of personnel in reasonably large numbers. The initial survey supplies an overall picture and lays the groundwork for an action plan, a vehicle for improving nuclear security culture. Since indicators are highly diverse and specialized, the challenge for the first survey team is to select metrics with which most respondents are reasonably familiar. Subsequent self-assessments can be structured differently or may include concurrent surveys that target relevant professional groups separately. For example, one survey could evaluate security personnel and another non-security personnel. Or one could evaluate managers and another non-manager. Other options are possible to evaluate individual characteristics. There are numerous options to determine a scoring scheme for the survey. To choose the proper scheme, survey designers should consider past surveys and methods used, compatibility with surveys in other organizations, the management’s preference for complexity or simplicity—especially if this is a pilot project—and other factors. One widely used scoring system employs a 7-point scale from 1 (Strongly Disagree) to 7 (Strongly Agree). This scheme indicates that a particular indicator is either fully absent or present, completely unobserved and observed, or somewhere in between. “Somewhat Disagree” and “Somewhat Agree” provide more flexibility for respondents. “Neither Agree nor Disagree” indicates that a respondent feels unable to pass judgment on a particular point. The survey asks that the respondent justify such a response in the comment space. Narrative comments are particularly important because they provide subjective data. If respondents know nothing about the subject of a statement, primarily due to their job description, they can check the “Not Applicable” (N/A) box. There are several pitfalls to be avoided when conducting surveys: • Having too many statements and fatiguing respondents. • Providing inadequate instructions for completing the survey. • Administering the survey to respondents who lack the knowledge and background information to respond to some statements. • Failing to assure respondents their anonymity is protected. • Failing to explain the purpose of the survey. • Including statements that are open to misinterpretation. • Carrying out the survey when the staff is too busy to give it full attention. Piloting surveys before formally administering them will help reveal unclear or confusing terminology, ambiguities in question design, or unjustified assumptions within the survey design. A pilot group should consist of ten to fifteen individuals representing a cross-section of the respondent pool (Fig. 5.1).

70

5 Assessing and Enhancing Nuclear Security Culture

Interviews play a significant role in culture assessment because they allow for flexible questioning and follow-up questions. This eases the task of getting at the deeper tenets of an organization’s culture. Interviews also help the leadership: • Compile a differentiated view of the facility’s performance, and of activities that bear on security. • Determine the degree to which staff members formally and informally accept and understand security-related policies, processes, and procedures. • Perceive security-related social norms, beliefs, attitudes, and values among the management and staff, as well as relationships among important traits. Interviews allow for personal contact between an interviewer and a respondent, ideally fostering an unconstrained flow of information. Interviewees need to be carefully selected based on their experience, work positions, and skills, their ability to give specific examples of past practices that they have seen done or heard about, and their ability to supply explanations that provide clues to people’s beliefs and attitudes. Such discussion of past and current practices would be a good theme to keep the interview going. Face-to-face interviews can be divided into three broad types: structured, semi-structured, and unstructured. Of the three, structured interviews involve asking a series of closed questions. They are essentially quantitative surveys completed orally. They provide few benefits compared to surveys, except for compelling respondents to take part in organizations where methods like surveys are new or unpopular. Semi-structured interviews allow evaluators to discern the context surrounding the security regime. For example, a general question to start with might be, “What is your personal role in and contribution to maintaining or improving nuclear security in the organization?” Through positive verbal and nonverbal cues, interviewers encourage respondents to present their story and to elaborate on their responses. Semi-structured

Fig. 5.1 Advantages and disadvantages of surveys as a self-assessment method

5.4 Self-Assessment Tools

71

interviews have pre-formulated questions or themes, some of which may derive from a preliminary review of survey results or from previous experience with security incidents. It generally benefits interviewers to prepare an informal interview guide listing groupings of topics and questions that can be asked of different participants in different ways, depending on their occupation and role in the organization. This helps the interviewer focus on the topics at hand while tailoring questions to the self-assessment’s goals. Unstructured interviews have neither predetermined questions nor a predetermined theme and require more specialized skills from interviewers because security is a highly elusive domain, and its output is difficult to interpret. Ideally, interview guides are tools that evolve. Designers develop, test, and refine questions based on what interviewers learn from asking people. To this end, members of the assessment team share the results of each interview with one another prior to subsequent interviews. Cross-fertilization helps them (a) forecast what kind of discussion will emerge when certain questions are asked, and identify questions that need to be refined; (b) share experiences from previous rounds of interviews to improve performance at subsequent sessions; (c) identify future interviewees based on recommendations from past ones; and (d) reflect on the interviewer’s role, preconditions for face-to-face contact, and behaviors encountered during interviews in order to make adjustments and avoid mistakes in the future. The breadth and depth of the assessment team’s experience determines the usefulness of semi-structured interviews. Focus-group sessions are more effective for exploring broader security-related issues. They also yield a large amount of information over a relatively short period. Compared to individual face-to-face interviews, group sessions have the advantage over observations and surveys because interactions within the group often prompt and sustain discussions while requiring minimal input from the interviewer. Group members share their experiences, views, and attitudes about the topic in question, eliciting responses from one another. Because of differences in age, gender, education, access to resources, and other factors, participants are likely to express many different viewpoints. The interviewer’s role is to facilitate discussion while recording key points that emerge from the discussion. Training and briefings for interviewers should ensure that they behave respectfully while showing empathy and open-mindedness. A major challenge during interviews is establishing trust and providing credible guarantees of anonymity to the interviewee. Failing to reassure interviewees means they will probably be selective in their responses. Efficient notetaking is another vital skill for each interviewer to master before launching the assessment campaign, especially in the case of focus groups (Fig. 5.2). Document reviews can take place prior to a self-assessment to acquaint the team with past security incidents, their root causes, and corrective measures taken. A pattern of incidents or near-misses unearthed during document reviews can help narrow the focus for the self-assessment. The purposes of conducting a document review are as follows:

72

5 Assessing and Enhancing Nuclear Security Culture

Fig. 5.2 Advantages and disadvantages of interviews as a self-assessment method

• To collect background information as general context for the assessment. Reviewing past and present documents helps one understand the history, philosophy, and operation of the nuclear security regime in the organization. • To compare actual implementation of decisions with the intent stated in documents reviewed. The review may reveal a difference between formal statements and intentions and how they were put into effect. It is important to determine whether differences exist and to identify possible reasons for such gaps. • To validate results obtained from other sources and facilitate analysis of data from the self-assessment. The self-assessment team can double-check information generated by other assessment tools and, if needed, facilitate preparation for surveys, interviews, and observations. • To acquire factual data about the issues under review. Reviewing documents is useful for developing a comprehensive picture. For example, documents record the number and type of participants in security-relevant events, the sequence of training sessions, and other important details. Documents under review can be broken down into several categories: • • • •

Vision and mission statements. Policy statements on security. Arrangements for security, including assignment of responsibilities. Instructions for handling employees’ concerns, including those relating to security. • Documents on resource allocation and qualification requirements for security personnel. • Procedures for recruitment strategies, especially in relation to security. • Documented training activities with a special emphasis on security, including training curricula, certification, rates of attendance, feedback, and instructor qualifications.

5.4 Self-Assessment Tools

73

• Leadership statements, general meeting agendas, and any other information deemed appropriate in the specific assessment circumstances. Document reviews can supply insight into how management sets its priorities and how it intends for its policies, programs, and processes to operate in practice. Combined with surveys and interviews, a document review helps evaluators appraise differences between stated policies and procedures and actual behavior. This method also yields information about horizontal and vertical communication throughout the organization and about the efficiency of organizational learning. A document review is a labor-intensive process with administrative limitations. Before the assessment team decides to use this method, it must determine whether top management can make classified documents available to the team, and whether the information gained from the review can be shared with the entire staff in interim and final reports (Fig. 5.3). Observations are conducted to record actual performance and behaviors in real time and under different circumstances, especially during training sessions and emergency drills. Observations are a well-established, time-tested, commonplace tool for managing security. However, the fact that personnel are aware that observers are present may influence their behavior, skewing the results. The general principles for conducting observations include the following: • The preliminary plan for observations emphasizes the most important objects and stages of observation. • Observation does not disrupt the work process and schedule.

Fig. 5.3 Advantages and disadvantages of document review as a self-assessment method

74

5 Assessing and Enhancing Nuclear Security Culture

• Better results are obtained through dispatching several observers to observe the same phenomenon or actions, and then having the observers compare and consolidate their conclusions. • Observations should be systematic and draw on past observations. • Previously recorded observations are often more reliable than observations during a well-publicized self-assessment campaign. The cultural approach involves observing the elements of culture directly (are the staff complying with procedures?) or inferring from observations (what values and beliefs do staff members express?). In this sense, observations can be used to validate findings from surveys and interviews. Cultural observations differ from observations of the performance of assigned tasks. The latter determine how consistently personnel follow written policies and procedures, whereas the former seek to identify cultural norms and expectations. Cultural observations can take passive or active forms. The passive type is noninteractive and limits the observer to watching persons of interest and recording results. The active type includes asking questions or requesting clarifications. Such inquiries may concentrate on specific actions or patterns of behavior observed, such as why a staffer implemented a particular security procedure or action and what the implications would be of failing to implement it. The value of using observations as a tool in self-assessment is that they do not need to be based on an underlying hypothesis that could introduce bias and distort the assessment’s results. They can provide objective information and direct evidence of the truth of a given preposition, inference, or conclusion. As with other methods, however, the self-assessment team should be cautious in generalizing or extrapolating from observations. Rigorous self-assessment involves the use of numerous observations by different people in various areas across the organization, on the logic that reliable information comes from comparing a variety of views from knowledgeable experts. If disparate observers form the same opinions, that tends to be reliable information; if not, bias or some other type of error may have crept into the assessment process. The observation process will be more effective if observers take notes while observing, or reserve time to take notes immediately afterward; combine formal observations of events and actions with less formal interactions with the staff; distinguish in their notes between reporting of facts, descriptions, or interpretations extrapolated from direct observations; and regularly review their notes to synthesize different insights to identify specific elements of culture (Fig. 5.4).

5.5 Conducting the Analysis The analysis stage involves comparing and integrating the findings from the different assessment tools used. Without conducting such an analysis, the self-assessment team would simply be reporting what the members have been told and presenting

5.5 Conducting the Analysis

75

Fig. 5.4 Advantages and disadvantages of observation as a self-assessment method

a tactical summary. Self-assessment starts as a fact-based process but needs to go beyond the simple facts to fulfill its mission. The value that teams members bring is their interpretation of the findings, their analysis of root causes, and their informed opinions about problems and how they might be fixed. Analytical thinking is likely to enrich and contribute to the data-gathering process, but a separate analysis stage is highly recommended. Participation from the entire self-assessment team in analysis sessions will ensure that all members have a chance to share their views and contribute to the analysis. A preliminary analysis session takes place after the survey but before the team has finished gathering all the facts; this allows time for modifying interview guides, interviewing select staffers a second time, or adjusting interview questions to pursue issues that emerged from the preliminary analysis. The analysis stage needs to address, among other issues, two major challenges: (1) “triangulate” to reconcile quantitative and qualitative data generated by the assessment tools used; and (2) build plausible hypotheses that explain cultural strengths and weaknesses identified. Triangulation is broadly defined as combining methodologies to study a single phenomenon, then trying to reconcile divergent data that result from the different methods. It is likely to rely on a “feel” of the situation among assessment team members which is, in other words, the intuition and the firsthand knowledge drawn from the multiple vantage points of their professional knowledge and experience. The rationale behind this approach is that quantitative and qualitative methods complement each other, contributing to better accuracy and more comprehensive results. In other words, triangulation is based on the desirability of mixing quantitative with qualitative methods given the strengths and weaknesses found in a single method. For example, qualitative methods can contribute to analysis of a survey by validating

76

5 Assessing and Enhancing Nuclear Security Culture

its results, interpreting statistical relationships, and clarifying controversies. Quantitative data become more meaningful when compared with content analysis provided by tools such as interviews and observations—in other words, qualitative data. Where there is convergence of quantitative and qualitative tools, confidence in the results grows considerably, while divergent results usually generate alternatives and often help to avoid simplistic explanations. In seeking explanations for divergent results, assessment teams may uncover unexpected results and consider new contextual factors. In this sense, assessment teams must act creatively in a coordinated effort to connect pieces of a complex puzzle into a coherent whole. There is no formal hierarchy between quantitative and qualitative data and their sources. How to combine the use of quantitative and qualitative techniques is inevitably influenced by the assessment team’s viewpoint, which determines which techniques will be combined, how, and why. Qualitative data derived from personal experience and firsthand observations function not only as the glue that cements the interpretation of multi-method results, but also as a critical counterpart to quantitative methods. Indeed, data deriving from qualitative methods are often superior to quantitative data in density of information, clarity of meaning, and clear identification of individuals who play key roles in nuclear security. After the team identifies cultural strengths and weaknesses, the next challenge is to develop hypotheses that attempt to explain the origins and root causes of these institutional traits. Below is an example of how a self-assessment team developed multiple hypotheses in response to an identified weakness, namely that security was not a “clearly recognized value” at the site, and how members agreed on one candidate hypothesis as the most plausible root cause. The initial list of hypotheses included: (a) Inefficient lines of communication have kept management from delivering clear messages on security. (b) The training program places too little emphasis on security. (c) Security arrangements are a low priority in the organization’s budget, downgrading its importance in the eyes of the staff. (d) Policies pertaining to career advancement disregard security performance and contribution. (e) Leadership is not involved in promoting nuclear security and does not act as a role model. To narrow the list to a few working hypotheses, team members convened interviews, reviewed documents, and discussed their observations with managers. As a result, the self-assessment team narrowed the list to a shorter and better-validated list of hypotheses with two remaining candidates (a and d): (a) Inefficient lines of communication. (d) Career-advancement policies that disregard security performance and contribution. Upon further elaboration, team members agreed that because of poor coordination, management messages about the importance of nuclear security failed to reach all

5.6 Benefits of Self-Assessment

77

workforce groups. In the absence of consistent policies and efficient use of communication channels, a growing trend among the workforce relegated nuclear security to a secondary role and treated it accordingly. Effective analysis requires an analytical framework based on interpretation. In cultural analysis, this framework must be made explicit and tap knowledge of how culture operates. Information obtained from surveys, interviews, and other methods must be interpreted and analyzed to provide the basis for well-substantiated conclusions, rather than leaping to conclusions that might appear self-evident yet fall short once subjected to interpretation or analysis. At this critical stage of self-assessment, team members are strongly advised to avoid at least two “traps” in debating all their propositions: (1) Groupthink which is the tendency for individuals in a group to attempt to minimize conflict of opinions and thereby reach consensus without conducting a critical evaluation of alternative viewpoints. Dissenting views typically suppressed, or group members isolate themselves from any outside influence. This can cause team members to avoid raising alternative solutions or controversial issues. (2) Blind adherence to authority causes people to assume that something is true solely because of the authority of the person suggesting this viewpoint. This can be especially problematic when individuals within the team hold positions of authority, are held in high esteem by other members or use their power and position to convince others that they are correct. Sometimes, this can occur on a subconscious level. Self-assessment conclusions may identify numerous problems in an organization, such as overconfidence and complacency, failure of leadership to act as a role model, lack of a systemic approach to security risks, leadership and management that depend more on security technology than on a vibrant human factor, apathy or ignorance toward security culture, or indifference to the experience of others. Consistent use of indicators as references will help management draw up an action plan for cultural transformation.

5.6 Benefits of Self-Assessment Security-culture self-assessment tracks along an important learning curve, both for those directly involved and for the entire organization, as it provides an opportunity to comprehend how culture influences security performance and develop an action plan to renovate the culture if need be. An assessment also enables the management team to: • Improve understanding of employees’ concerns, needs, aspirations, and motivations. • Identify barriers to, or motivations for, change. • Clarify employees’ opinions about key management issues, including the security regime.

78

5 Assessing and Enhancing Nuclear Security Culture

• Facilitate assessment of the vitality and health of the organization, either relative to its own past or in comparison to other organizations. • Build a link to safety-culture assessment to synergize mutual benefits. • Make a priority of moves to strengthen the overall organizational culture in areas like human resource management or internal communication.

Box 5.1: Self-Assessment in Indonesia BATAN-The National Nuclear Energy Agency (now ORTN-Research Organization for Nuclear Energy) has promoted the culture assessment since 2010. The full-scale assessment was performed in 2015 and focused on Indonesia’s nuclear research reactors using the IAEA recommended tools: surveys, interviews, document review and observation. Indonesia has three research reactors and several supporting nuclear facilities, including nuclear fuel and radioactive waste treatment facilities. After data collection and completion of the analysis stage, the assessment team concluded that all three facilities were lacking a comprehensive incentive system relating to security issues. Respondents defined the incentive system as associated with the acknowledgement of the employee’s personal contribution to the security regime. Further analysis found that there was a correlation between tangible security motivation and other characteristics of leadership behavior, e.g., the use of authority and communication. The assessment revealed that the respondents expected their managers to give more time to discuss security as well as guide, and direct employees about the security matters to incentivize personnel. It was also found that respondents feel generally disconnected with their management for not motivating personnel by example. Motivation often goes beyond material rewards and require managers personal involvement in monitoring, evaluating, and demonstrating by their own behavior the value and relevance of security procedures. Yet there is a wide range of reasons why some organizations may be reluctant to take advantage of the IAEA methodology and assess the state of their security cultures, either by themselves or in collaboration with outside entities. Such reluctance may stem from the following considerations: the leadership deems such project unnecessary because the installation has suffered no security incidents; it worries that the assessment team may discover serious deficiencies that will damage the organization’s reputation; the leadership believes resources for the undertaking are insufficient in competition with other priorities like safety culture and production issues; it is reluctant to sign up to a long-term commitment to renovate the institutional culture; managers believe that the benefits to be achieved are negligible and are not worth the time, effort, and expense; or they are concerned that the assessment’s results may be markedly worse than those of other nuclear sites, falling short of supervisory authorities’ expectations. So far, only a few countries have initiated and completed

5.7 Corrective and Enhancing Measures

79

full-scope assessments: Bulgaria at Kozloduy NPP, Indonesia at its three research reactors, and Armenia at Metsamor NPP. There is a need for national authorities and the IAEA to invigorate and incentivize campaigns in support of nuclear security culture assessment and associated actions.

5.7 Corrective and Enhancing Measures A security-culture assessment and the final report to which it gives rise constitute a prelude to the follow-up stage, namely continuous improvement of nuclear security culture. Before launching a corrective and enhancing program, also known as an action plan, it is important to start by selecting specific issues afflicting the organization and determine whether the culture aids or hinders efforts to solve them. The management team selects issues from the outcomes of assessments, routine observations by the team, reviews of past security incidents, and reporting from the workforce of abnormal occurrences and nuclear security incidents or near-misses. Typical issues include the following: (a) nuclear security is not a clearly recognized value, (b) the workforce is ill-motivated to comply with security procedures, (c) the installation suffers from inadequate lines of communication, whether vertical, horizontal, or both, or (d) there are gaps in training and professional improvement programs. The vehicle for corrective measures and enhancement is an action plan devised to unfold in a SMART (specific, measurable, achievable, relevant, and timebound) manner: • Specific: An action plan sets goals and explains how attaining them will contribute to nuclear security. The plan to undertake a specific action should answer five questions: What will be accomplished? Why does it need to be accomplished? Who will carry it out? Where will it take place? Which requirements and constraints are expected? • Measurable: The action plan outlines how to measure success. It describes methods that management will use to judge whether the action has fulfilled its purpose. It also includes criteria for measuring progress. • Achievable: The plan makes clear that the action is realistic, attainable, and accords with the typical performance of the organization. • Relevant: The plan shows how the action will enhance nuclear security. • Timebound: The plan sets forth a timeframe for accomplishing the action. A commitment to a deadline helps a team focus its efforts on completing the action on or before the due date while imparting a sense of urgency [4]. After the plan is finalized, senior management will brief the organization on its content as an outcome of the self-assessment and personal assignments for staff members. While the action plan will provide a framework for specific actions to address identified weaknesses, achieving sustainable improvement in the long-term perspective may require other specific actions: (1) Ensure that management systems adequately support security culture and managers are committed to its continuous improvement; (2) include security culture criteria in the selection process for new

80

5 Assessing and Enhancing Nuclear Security Culture

recruits and promotion of employees; (3) continue to provide training sessions and briefings on security culture; (4) include security culture issues in the scope of regular audits; (5) make sure that newcomers to the organization are familiar with the traditions of and requirements for security culture; (6) integrate security culture issues in the business planning process; (7) keep the organization informed of security culture developments in other organizations and participate in best practice sharing; (8) include security performance and security culture indicators in the criteria used to evaluate employees and managers. There is always a risk that efforts to refurbish a culture will encounter resistance, misunderstandings, and conflicting attitudes within the organization. For instance, the gap between the security and non-security subcultures could undercut facility’s capacity to prevent, detect, delay, and respond to hazards. To illustrate, below is a hypothetical scenario in which a management team, after conducting an assessment, identified an emerging gap between the two subcultures as a major weakness. Accordingly, after deliberating the content of an action plan designed to remedy this weakness and lay the groundwork for inculcating compatible perceptions and attitudes among members of the two groups, the following management actions were suggested to achieve teamwork and collaboration. Management based the plan on relevant characteristics and indicators from the IAEA model of security culture, namely: • 1 (a)—Visible Security Policy: Keep the entire staff informed of the threat environment and its possible impact on the nuclear security regime. • 1 (b)—Clear Roles and Responsibilities: Regularly deliver the message to the entire staff that security is a shared responsibility across the organization. • 1 (c)—Performance Management: Monitor security-related performance through multiple means such as management walkthroughs, reporting of issues, indicators, trend analysis, benchmarking, and observations. • 1 (e)—Training and Qualifications: Organize joint training sessions for security and non-security personnel to improve security-related knowledge and skills through effective interaction. • 1 (f)—Work Management: Focus planning and operational activity on synergies and contradictions among security, safety, and operations to avoid negative interactions among them. • 2 (a)—Feedback Process: Encourage dissenting views, diverse perspectives, and robust discussion of security-related issues and changes. • 2 (d)—Management oversight: Help build trust and promote teamwork within the entire organization. • 2 (h)—Motivation: Make a security-conscious attitude a prominent factor in promotion within the organization. There are three distinct stages in the progression of nuclear security culture under the impact of actions aimed at nurturing the culture. At Stage One the staff sees nuclear security as an external requirement, not as an aspect of operations that helps the facility or activity succeed. Staff members view nuclear security as a chore they must do to comply with rules and regulations,

References

81

not as a much-needed tool. Under Stage One nuclear security problems are seldom anticipated; instead, the staff reacts to them as they occur. At Stage Two, the staff sees nuclear security as an important goal, even in the absence of external requirements. While the workforce increasingly comprehends how attitudes, beliefs, and behavior impact the effectiveness of nuclear security, security management generally concentrates on technical and procedural solutions rather than the human dimension. The facility handles nuclear security in terms of goals, assigning accountability for achieving the goals the leadership sets forth. Management considers how personnel interact with technology, but largely from the viewpoint of increasing the efficiency of the technology rather than overall effectiveness. At Stage Three, the workforce has embraced the idea that continual improvement is critical to maintain nuclear security and the facility’s viability. The staff places strong emphasis on communications, training, management-style efficiency, and effectiveness. Personnel understand the impact of the human factor and security culture on nuclear security. Nuclear security improves through continual selfassessment. Almost all mistakes are viewed as opportunities to understand and correct underlying causes rather than obstacles. The threat environment makes it imperative to explore and assess an appropriate human capacity to support, enhance, and sustain nuclear security. Culture is a crosscutting element and an enabler throughout this process as well as an absolute prerequisite for staying one step ahead of emerging risks. There is always a lag between the time weaknesses develop and an event with significant consequences. Weaknesses tend to interact synergistically, often creating an unstable environment that exposes the organization to serious breaches. By identifying early warning signs in the prevailing culture, corrective actions can be taken in time to prevent the event or mitigate its far-reaching consequences.

References 1. International Atomic Energy Agency (2016) Performing safety culture assessment, safety reports series no. 83. IAEA, Vienna; International Atomic Energy Agency (2008) SCART guidelines: reference report for IAEA safety culture assessment review team (SCART), IAEA services series no. 16. IAEA, Vienna; International Atomic Energy Agency (2002) Safety culture in nuclear installations: guidance for use in the enhancement of safety culture, IAEA-TECDOC1329. IAEA, Vienna; International Atomic Energy Agency (2002) Self-assessment of safety culture in nuclear installations: highlights and good practices, IAEA-TECDOC-1321. IAEA, Vienna; International Atomic Energy Agency (1994) ASCOT guidelines: guidelines for organizational self-assessment of safety culture and for reviews by the assessment of safety culture in organizations team, IAEA-TECDOC-743. IAEA, Vienna 2. Roper C, Grau J, Fischer L (2006) Security education, awareness and training: from theory to practice. Elsevier, pp 74–78 3. International Atomic Energy Agency (2015) Self-assessment of nuclear security culture in facilities and activities: technical guidance, IAEA nuclear security series no. 28-T. IAEA, Vienna, pp 17–19

82

5 Assessing and Enhancing Nuclear Security Culture

4. International Atomic Energy Agency (2021) Enhancing nuclear security culture in organizations associated with nuclear and other radioactive material. Technical guidance. IAEA nuclear security series no. 38-T. IAEA, Vienna, pp 201–204

Chapter 6

Bringing Safety-Security Culture into Harmony

Abstract An institution where safety and security culture are in harmony is wellpositioned to identify obstacles to enhancement of safety and security, and to achieve more effective interaction between the two domains. Although there are shared elements between nuclear security culture and nuclear safety culture, however, it is important to acknowledge that it is undesirable to combine these two programs into a single integrated function. Keeping nuclear safety and security processes separate but in alignment can result in an efficient cultural program that ensures that safety and security are integral to all aspects of an organization. The road to a harmonious safety-security culture includes a set of topics and areas critical to the success of this process. It may take a six-phase process to achieve harmonization and maintain it.

6.1 Safety as an IAEA Priority The commonality between elements of nuclear security culture and nuclear safety culture has been widely discussed and acknowledged at the conceptual level for over a decade. The need for a cultural basis for nuclear safety was conceived first, while the concept of nuclear security culture evolved years later. The idea that nuclear safety culture should be an important requirement in international nuclear program management first appeared in an International Atomic Energy Agency (IAEA) review conducted in 1986, after the Chernobyl accident. The IAEA further developed this preliminary concept to support nuclear-power-plant safety. It ultimately evolved into a stand-alone initiative that has direct application for a range of nuclear programs. The IAEA has developed an international framework for strong safety culture consisting of five overarching characteristics: 1. 2. 3. 4. 5.

Safety is a clearly recognized value. That leadership is committed to safety is clear. Accountability for safety is clear. Safety is integrated into all activities. Safety is learning-driven [1].

Each of these high-level characteristics has several attributes that are essential for achieving a strong safety culture. For example, “accountability for safety is clear” © The Author(s), under exclusive license to Springer Nature Switzerland AG 2023 I. Khripunov, Human Factor in Nuclear Security, Advanced Sciences and Technologies for Security Applications, https://doi.org/10.1007/978-3-031-20278-0_6

83

84

6 Bringing Safety-Security Culture into Harmony

includes such attributes as “there is a high level of compliance with regulations and procedures”, and “ownership for safety is evident at all organizational levels and for all personnel”. These markers define what good looks like when assessing and improving safety culture and like security culture indicators. Furthermore, the IAEA has established an integrated approach that promotes seamless integration between an institution’s management system and its safety culture. Management systems help assure safe operations at nuclear organizations. However, safety performance depends on the actions of individuals and groups, and their actions are influenced by the safety culture of the organization. In light of that, “The Management System for Facilities and Activities” requires any management system to promote and support safety culture by ensuring a common understanding of the key aspects of safety culture within the organization; providing the means by which the organization supports individuals and teams in carrying out their tasks safely and successfully, taking into account the interaction between individuals, technology, and the organization; reinforcing a ‘learning and questioning’ attitude at all levels of the organization; and, by providing the means by which the organization continually seeks to develop and improve its safety culture [2]. As most other evaluations of human perceptions, the IAEA methodology for assessing safety culture consists of five simultaneous and independent methods of collecting data, namely interviews, observations, focus groups, document reviews, and a questionnaire. Evaluators conduct initial analysis of each resulting dataset independently to limit how much the results from one influence another. This stovepipe approach increases the objectivity and breadth of information obtained about a nuclear facility’s safety culture. Once all five datasets have been analyzed, cultural expressions have been extracted, and themes have been identified, the safety-culture assessment team draws up a summary tapping each source of information. The product is a cultural image of the organization that the team can compare to the IAEA safety-culture framework. A cultural outcome of the February 2016 “International Conference on Human and Organizational Aspects of Assuring Nuclear Safety—Exploring 30 Years of Safety Culture” was a call to evolve from the theoretical concept of safety culture through the more practical concept of a “culture for safety” [3]. Practitioners argue that making the transition to a culture for safety furnishes a reminder that safety culture is not a discrete entity that can be implanted in or removed from an organization’s culture. Rather, safety is an outcome of an organization’s culture, as the ambient culture influences every aspect of how the organization’s personnel behave, from how it develops a management system to how it puts defense-in-depth principles into practice. As such, the goal for any organization is to nurture an organizational culture that encourages individuals to work to achieve safety day by day—in other words, to achieve a culture for safety. Figure 6.1 demonstrates the advantages of the transition from the safety-culture approach to the culture-for-safety model. The basic ideas and elements of nuclear safety culture identified by the IAEA pointed to the need for a parallel nuclear security culture. A 2001 IAEA report on “Measures to Improve the Security of Nuclear Materials and Other Radioactive Material”, issued immediately after the September 11 terrorist attacks on the United

6.1 Safety as an IAEA Priority

85

Fig. 6.1 Transition to the culture-for-safety model [4]

States, specifically cited the necessity for nuclear security culture [4]. Detailed guidance on how to establish and promote the concept of a nuclear security regime and nuclear security culture came in the IAEA’s 2008 “Nuclear Security Culture: Implementing Guide” [5]. Section 2.4 of this document briefly discusses the relationship between security culture and safety culture stating that the principal shared objective of security culture and safety culture is to limit the risk resulting from radioactive material and associated facilities based on common principles, e.g., a questioning attitude, rigorous and prudent approaches, and effective two-way communication. The IAEA’s concept of shared objectives between security culture and safety culture is manifest by the agency’s organizational structure, which places the responsibility for both disciplines within an integrated IAEA Department of Nuclear Safety and Security. Some functions of nuclear security and safety, however, fall under different divisions within this department though integral to both security and safety operations. Understanding where safety and security intersect, and discerning is critical to identify an overarching culture harmonizing security with safety. Since these elements of a comprehensive organizational culture are inextricably intertwined, the most effective and efficient approach to creating a program that fosters security and safety culture demands that leaders determine which functions are complementary and which are not. Significantly, the IAEA treats the following legal instruments governing nuclear safety as relevant to nuclear security (Table 6.1): Table 6.1 Binding and non-binding nuclear safety instruments applicable to nuclear security Binding instruments

Non-binding instruments

Convention on early notification of a nuclear accident

Code of conduct on the safety of research reactors

Convention on assistance in the case of a nuclear International basic safety standards for accident or radiological emergency protection against ionizing radiation Convention on nuclear safety

Regulations for the safe transport of radioactive material

Joint convention on the safety of spent fuel management and on the safety of radioactive waste management

Safety requirements on preparedness and response to a nuclear or radiological emergency

86

6 Bringing Safety-Security Culture into Harmony

6.2 Two Sides of the Same Coin Although there are shared elements at the interface between nuclear security culture and nuclear safety culture, it is important to acknowledge that it is impractical and undesirable to fully combine—or force—safety and security programs into a single function. Security culture is sufficiently distinct in its objectives and approaches to justify its status as a separate field. For safety culture, the primary focus falls on unintended acts or conditions that could lead to disruptions, breakdowns, or releases of hazardous substances from authorized research, production, and transportation efforts. Responses emphasize engineering for protection and tightening safety management. For security culture, the primary focus is on the intentional misuse of infrastructure and materials by terrorists, criminals, or other threatening elements. Responses emphasize intelligence gathering, physical protection, vigilance, and compliance. While safety and security staffs seen their subordinate objectives through different means, they share the main objective of protecting human lives, society, and the environment. Given that the rationales behind security culture and safety culture differ—the difference between intentional and unintentional hazards—areas of disagreement are likely. The goals of safety and security programs may conflict at times, or otherwise have mutually exclusive objectives. For example, for safety purposes it may be desirable to identify and quantify the amounts and types of radiological or nuclear materials in a specific area or facility. From a security perspective openly disclosing the nature and size of the inventory could increase the site’s attractiveness as a prospective terrorist target. To strike a compromise between the two imperatives, it would be advantageous to assess the safety hazard without considering the design basis threat. The product would be a program of requirements that ensures physical protection while maintaining safety restrictions, considering emergency requirements for both security and safety. However, while conflicts between security and safety may require deconfliction on the program or regime level, the top objectives of security culture and safety culture are more universal. Conflict is less likely on the upper level of organizational culture. Nuclear safety culture and nuclear security culture function best when the leadership recognizes and exploits common elements and functions while preserving the distinct objectives and goals of each cultural program. This dualism demands negotiation, cooperation, and understanding among stakeholders, but an organizational culture that integrates elements of nuclear security culture and nuclear safety culture is attainable. For these reasons, finding the common ground between cultural programs is imperative. A key area where security and safety cultures intersect, and interface is in evaluating the effects of safety and security-related events. The results of an event initiated by an intentional act may have some or all the same consequences as an accident. The Fukushima Daiichi nuclear accident of 2011 is a case in point. Although the damage to the reactors was caused by an earthquake and tsunami, it is easy to imagine a manmade attack that is equally capable of crippling a country’s economy and power

6.2 Two Sides of the Same Coin

87

Fig. 6.2 Interface of natural and manmade events and the role of harmonized safety-security culture in preventing and mitigating them

supply. That being the case, calibrating the culture will help the facility to develop a coordinated approach to combat security events (intentional, malicious events) and safety events (natural events), as shown in Fig. 6.2. Given that these events (however initiated) may have similar results (demanding emergency response, military or paramilitary action, mobilization of health or medical resources, tapping of international support, and the like), mapping the interface between safety and security is essential for devising programs that deploy limited resources efficiently. In addition to evaluating the security-safety interface to project possible impacts of nuclear security and nuclear safety events, it is also feasible and desirable to evaluate how the intersection between these two cultural programs could benefit an organization or operation. When evaluating the interface between nuclear security culture and nuclear safety culture at the highest levels of an organization, it becomes evident that the cultural aspects of the two programs provide opportunities for optimizing and streamlining resource allocation. A specific element that has major impact on both nuclear safety and nuclear security cultures is the human factor, meaning the human beliefs, attitudes, and behavior within the organization. As with safety, instituting and maintaining a nuclear security culture depends upon the human element, including leadership role, as well as workforce commitment, understanding, accountability, and other factors. As previously stated, both nuclear safety culture and nuclear security culture strive to limit risks associated with nuclear

88

6 Bringing Safety-Security Culture into Harmony

and radioactive materials and facilities that handle them. To meet this paramount objective, it is necessary to apply common principles and guidance, accentuating leadership values and actions; identifying and resolving problems; stressing personal accountability; planning and controlling work; fostering continuous learning; encouraging a safety- and security-conscious work environment; ensuring smooth communications flow through the organization, both horizontally and vertically; nurturing trust and respect; and encouraging a questioning attitude among the staff. These traits shared between security and safety culture constitute the crucial interface between the two. Changing a culture can be a challenging and time-consuming endeavor. Since safety culture is more solidly established and thus more acceptable to constituents within organizations, making use of the interface between these two cultural programs offers a vehicle to generate additional support for security culture by association. Invoking well-accepted tenets of safety, that is, helps constituents harvest benefits for security. Many diverse organizations are concerned with protecting radioactive material and their associated locations, facilities, and transport but some of them have little technical knowledge about nuclear and other radioactive material. This lends greater weight to the need for effective structural, communication, information, and exchange systems. In any case, the interface between security and safety can benefit from consolidated management.

6.3 Aligning Safety and Security Culture Recent years have seen discussions of taking both nuclear security culture and nuclear safety culture into account when implementing a program in either realm. The conviction that security culture and safety culture share many goals is critical to security and safety operations, and in turn lays the substructure for higher-level security and safety programs, and ultimately for top-level security and safety culture. Understanding where these programs intersect, and where it is possible to coordinate between them, is important for implementing an overarching, harmonious culture that stresses safety and security. All facilities around the world that conduct nuclear operations or use nuclear or radioactive material are prospective targets for criminal or terrorist activities. Malign activities could involve attempts to disperse radioactive materials, sabotage safety and security systems, disrupt operations, or attack transportation systems. Furthermore, several recent nuclear facility threat and vulnerability assessments reveal that threats could involve not just external but insider participation, and that a range of motives and objectives might prompt malefactors to act. From minor disruptions to major breaches of nuclear containment or confinement, the spectrum of postulated threats to nuclear facilities demands a sophisticated plan of action to prevent or mitigate the effects of attacks. However, malicious acts are not the only concerns for nuclear operations. Scenarios have been posited whereby inadvertent worker safety violations also result in dire consequences. Therefore, it is critical to put measures in place for

6.4 Crucial Topics and Areas

89

protecting against both malicious (security-based) and unintentional (safety-based) incidents. National and international best practices indicate that taking a harmonized approach to security in safety represents the best way to prepare for and mitigate the risk of attacks or accidents. Such an approach requires organization-wide commitment, patience, diligence, and perseverance to ensure that the institution reaches its goals. It also requires resources, including time and funding, to perform the initial steps required to achieve harmony between safety and security. Some necessary resources and actions include: • A clear and visible commitment from all echelons of management, including active participation in and support for safety- and security-culture programs and efforts to align them. • Efforts to compile and distribute knowledge about security and safety cultures, and how they currently—or after harmonization could—interact. • Continual attention to and encouragement of efforts to ensure that the institution is making progress in a timely manner, and that participants are not losing interest or becoming complacent. • Allotment of time to convene meetings to share ideas, issues, pitfalls, problems, and concerns regarding the harmonization process. • Well-defined responsibilities and goals for individuals tasked with managing the harmonization process. • Dedication to the process of learning and continual improvement while developing the specific elements of the harmonization process required for the specific organization or operation. • Implementation of a tracking and measuring process to verify that harmonization efforts are proceeding as planned, and that efforts are finding success. • Development or revision of mission statements, policies, procedures, protocols, and directives that facilitate alignment between nuclear safety and security culture. If correctly accomplished, the process of aligning nuclear safety with security culture will result in an efficient and effective cultural program that ensures safety and security pervade all aspects of an organization. The beliefs and attitudes necessary to ensure success for both safety and security culture are the same: everyone involved must understand the importance of safety and security culture, and the benefits of harmonizing them, and everyone must believe that dangers to the safety and security of operations are real and credible and deserve attention.

6.4 Crucial Topics and Areas Visible Commitment from All Levels of Management—It is necessary for management to show full support for the harmonization of safety and security culture by demonstrating a visible, viable and sustained commitment to the process. This commitment

90

6 Bringing Safety-Security Culture into Harmony

must be evident from all levels of management throughout the organizational structure. Managers must identify the benefits of safety and security culture and communicate them. As an example, management could set aside specific time to address these issues in routine meetings such as morning briefings. Managers could provide statements or presentations that profile current issues in safety and security. During management’s review of documentation, managers should ensure that harmonization of safety and security culture is reflected in policy statements, guidance, and directives. Management must also commit to take part in training and education programs, ensuring that they incorporate both safety and security. Dissemination of Information, Knowledge, and Data—Disseminating knowledge requires a multilayered, interactive program that will need continual development and maintenance to be effective. Issues pertaining to aligning safety with security culture can be highlighted by convening safety and security training sessions to announce the results of safety and security self-assessments. Management can alert non-security personnel to the tenets of harmonization by providing them with training on security and security culture, possibly through e-learning information systems. Training and seminars are effective methods for communicating information. Continual Motivation to Avoid Complacency—Regardless of how evident it is that a program or concept is good—such as bringing safety in sync with security culture— leadership must constantly reinforce it to ensure it becomes integral to routine work processes. Motivational measures include training, coaching, and encouraging staff at the bottom level. While posters, flyers, or banners related to safety and security may reinforce key ideas, they are insufficient in themselves to inspire thought or action. Additional measures to foster morale include: (1) welcoming feedback on past efforts to improve the culture and encouraging team spirit as the facility contemplates future improvements; (2) discussing concerns about complacency at employee gatherings; (3) working to increase trust between employees and management; and (4) creating a long-term plan to manage change and spur constant improvement. Inclusion of Topics at Special and General Meetings—An important element of harmonization of safety and security culture is raising awareness about responsibilities shared between safety and security staffs. Meetings are an ideal venue to discuss related topics. Gatherings could be conducted in a wide range of formats, including status-update meetings, information-sharing meetings, decision-making meetings, problem-solving meetings, innovation meetings, and team-building meetings. Organizations often conduct separate internal meetings to weigh safety and security issues. Managers may be reluctant to add additional meetings to specifically address nuclear safety and security culture harmonization. If so, they should devise a plan that includes safety-security harmonization while minimizing the impact on time, effort, and resources. Also, meetings that are intended to discuss how to align nuclear safety and security culture could sprawl out to cover ancillary issues. It is crucial to keep the scope narrow and keep the focus on central issues. Clearly Defined Responsibilities for Individuals—There is a high likelihood that the process of harmonizing safety and security culture may lose focused or be demoted

6.4 Crucial Topics and Areas

91

among the institution’s priorities unless persons are specifically tasked with ensuring that the process continues until it is ingrained in operations. Although everyone is responsible for developing security and safety culture, it is important to assign leaders to sustain these efforts. Activists for safety and security culture should work together to advance their common goals. One of the most important roles of responsible individuals would be to help eliminate or mitigate the competition between safety and security personnel and encourage them to cooperate. This could include altering the job descriptions of safety and security personnel to encourage a combined safety and security culture or working to change perceptions that safety and security culture stand apart. Learning and Continual Improvement—For the process of harmonizing safety and security culture to mature, management must institute a program of ongoing learning, continual evaluation, and improvement to support it. Continual improvement should include fostering openness between safety and security personnel to facilitate communication and learning. Management could create a combined database of lessons learned in safety and security, holding quarterly meetings to review incidents, report on status, and share best practices for harmonizing safety and security. A continual improvement process typically involves devising means to capture and track action items and ensure that they are accomplished. Continual learning is a prerequisite for a robust safety and security culture. Tracking Mechanisms to Measure Progress—It is essential to track progress to determine whether initiatives to integrate security and safety culture are being implemented and are effective. It may be feasible to identify elements of safety and security that can be combined and set milestones toward doing so. This might involve setting benchmarks and overall and specific safety and security performance indicators to gage progress. A key parameter to track would be the conduct of simultaneous self-assessments to make safety and security more efficient. Doing so would take advantage of similarities between the two domains and help reduce redundancy and cost. Savings could be one measure of progress during self-assessments and enhancement. Action-item tracking systems typically harness a database that provides reminders of actions that remain unresolved. This type of computer-based system automatically tracks issues and reduces employees’ workload. Updating Policies, Procedures, and Protocols—An important part of a sustainable, integrated nuclear safety- and security-culture program is ensuring that relevant policies, procedures, and protocols undergo periodic updates to reflect the evolving nuclear safety and security environment. Management should institute a program to ensure that this happens, signifying the organization-wide commitment to harmonizing safety with security culture. Unless the directives that drive this change reflect top leadership’s commitment, the process may not command the priority it merits. It is necessary to keep everyone abreast of changes to policies, procedures, and protocols. A specific, documented approach will notify everyone of updates and encourage them to acquaint themselves with the changes.

92

6 Bringing Safety-Security Culture into Harmony

Contribution of the Regulatory Authority—Input from the nuclear regulatory agency may facilitate alignment of safety and security culture, but the process does not require it. Government should update existing laws related to safety and security harmonization or enact new ones and codify its wishes in oversight documents. But since the concepts of safety culture and security culture are somewhat philosophical in nature, it is difficult to develop concrete, verifiable criteria to measure it. Regulatory agencies should not attempt to regulate the integration of safety and security as a condition for licensing or judging the performance of nuclear installations. Because culture develops gradually over time, any guidance should be designed to aid the developmental process and encourage rather than demand harmonization. Encouraging a shared perception that safety and security culture reinforce each other, and initiating positive dialogue with the licensee, are of primary importance for performing regulatory oversight. Therefore, regulatory oversight should derive from three main principles: • Common understanding of the harmonization process. The nature of security culture is unique and needs to be dealt with in a manner different from compliancebased control. The interface with safety culture is crucial to achieving a common language and framework that allows the regulatory authority and the licensee to communicate. • Dialogue. To help regulators understand safety-security culture harmonization, dialogue is necessary to share information, including about precursor events, and to communicate ideas and knowledge that are often qualitative rather than quantitative in nature. Dialogue is a creative and constructive way to find solutions for continuous improvement. • Consistency. Improving safety and security culture demands continuous engagement from the licensee. In turn, regulatory oversight depends on the agency’s maintaining regular engagement with the licensee. The regulatory authority should not impose detailed or rigid requirements, but rather attempt to regulate the harmonization process. Oversight mechanisms must cover the entire lifecycle of nuclear installations, including major technical and organizational innovations. Mission Statements and Plans of Action—A mission statement should state the organization’s goal and objectives toward its culture. It should clearly define why safety and security are harmonized, reiterating management’s commitment, setting forth the benefits of harmonization, outlining a strategy, and setting a schedule for accomplishing the mission. The statement needs to be realistic and achievable. The contents of a typical plan of action include: (1) an assessment of the current situation, justifying action while identifying needs; (2) clear goals; (3) measures for tracking progress toward the goals; (4) roles and responsibilities; (5) barriers to success; (6) a timeline; (7) budget and other resources; (8) enablers and contingencies; (9) milestones and key implementation steps to measure progress; (10) expected results and end date; (11) a communication plan to aid in implementation; and (12) a list of stakeholders.

6.4 Crucial Topics and Areas

93

Training and Qualification—Developing effective training involves: (1) analyzing the current situation and developing a plan for training development; (2) selecting specialists with appropriate knowledge and qualifications to present the training materials; (3) ensuring the use of appropriate training materials on safety, security, and safety and security culture; (4) determining the duration of training sessions and the overall course; (5) identifying target groups to be trained and levels of training applicable to each target audience; (6) ensuring that everyone agrees that a credible threat exists, and that nuclear safety and security are important; (7) holding ongoing, integrated safety and security training sessions; and (8) conducting joint training to raise awareness of the confluence between safety and security. It is prudent to review safety and security training materials and seek opportunities to develop integrated training modules wherever feasible. Self-Assessment and Enhancement—When possible, it is advisable to include both safety and security assessors when conducting self-assessments of safety or security. In addition, it is helpful to seek opportunities to harmonize safety and security selfassessments, addressing common elements in a single assessment process. Developing a combined safety-security culture can foster a comprehensive understanding of safety and security culture, identify obstacles to enhancing safety and security culture, and achieve more effective interactions between safety and security culture. A better understanding of characteristics common to the two cultures results. Issues when designing a harmonized safety-security self-assessment program include (1) deciding on the composition of the self-assessment team; (2) defining the scope and targets for harmonization; (3) defining the implementation timeline; (4) allocating responsibility for the process; and (5) identifying possible challenges that must be addressed. Box 6.1: Combined Safety-Security Culture Assessment at Kozloduy NPP (Bulgaria) The joint safety-security self-assessment was conducted in the period from May 2018 to May 2019. In addition to identifying the strengths and weaknesses of both cultures, the purpose was to test and possibly validate the applicability of the combined approach to optimize evaluation activities and integrate the improvement of safety and security culture in a mutually supportive and user-friendly way. The self-assessment team consisted of 24 persons including safety and security experts, quality assurance specialists, operation staff, sociologist, psychologist, and human factor expert. Five methods of data collection were used: survey, interviews, focus group discussion, document review and observation. Move than 30 percent of the Kozloduy NPP personnel were involved in this pioneering initiative. The survey included preparation of a questionnaire, proportional selection of safety and security employees as respondents, processing, and reviewing the participants’ responses. The survey was the only data collection method conducted jointly. To conduct interviews, the

94

6 Bringing Safety-Security Culture into Harmony

self-assessment team was divided into several sub-groups which were responsible for interview conduct, analysis, and reports with their conclusions. Two focus group sessions discussed people’s attitudes toward security, i.e., whether security measures are a nuisance or necessity. The document review and observation were conducted by the security component of the self-assessment team. The results were analyzed jointly by the entire team concentrating on security awareness of non-security personnel, accessibility of the security documents, availability of sufficiently qualified and motivated employees for safety and security functions as well as implications for the in-house training programs. Regarding a future format of such joint self-assessments, it was decided to split surveys into two (separate for safety and for security) while maintain joint discussion and analysis of the overall results including the development and implementation of a joint plan.

Corrective Action Plans—Corrective action plans (CAPs) constitute the final stage of self-assessments, and the basis for developing corrective measures to improve safety and security cultures. Root-cause analysis helps management determine which actions are necessary, set priorities, decide the urgency of each action, and assign responsibilities. The corrective action plan process can be facilitated using a Corrective Action Tracking System. Preparing a SMART corrective action plan drives process improvement and supports making best practices everyday routine. To review, the elements of a SMART CAP are: Specific, Measurable, Action-Based, Realistic, and Timely. Dissemination of Lessons Learned and Case Studies—The lessons-learned process involves factoring experiences extracted from a project, operation, or assignment into future endeavors. Learning from the past may include conducting root-cause analysis to unearth the human element in facility operations. Since the lessonslearned process includes spotlighting failures, it is important to employ caution and sensitivity when documenting and disseminating information, and to consider the impact on individuals when preparing the write-ups. Difficulties may arise when lessons learned involve confidential or classified information. Management must exercise sound judgment when deciding how and when to release information about lessons learned. Emergency Response Plans—Safety and security are already integrated to a degree because they share some of the same resources. Safety and security representatives should work together to prepare and update emergency response plans to afford safety and security equal consideration. Some organizations resist issuing guidance for nuclear emergency response because they fear that it could be complex and confusing. Options for a nuclear safety-security culture hospitable to improved emergency response planning might include integrating the regulatory process into planning, finding specific interfaces between safety and security, and addressing the involvement of all stakeholders.

6.5 Six Phases of Harmonization

95

6.5 Six Phases of Harmonization A harmonization program for security and safety culture may be conducted in a six-phase process, as shown in Fig. 6.3. When enacting this process, wise management allocates enough time to each phase to complete it before moving on to subsequent phases. Because cultural reform is an abstract and complex enterprise, sequential scheduling and patience are essential to institute an effective program. In general, the activities undertaken in each phase are: • Phase 1—Awareness: In the initial phase the organization has little or no cultural coordination between safety and security functions. The department responsible for nuclear safety may know little about security culture, including security decision-making, arrangements, or protocols. Conversely, the security department may not be well-versed in elements of safety culture, whose prime directive is to protect personnel. This dichotomy results in a situation where actions undertaken by one body may significantly—and unwittingly—undercut the operations of the other. The first step in the harmonization process is to instill awareness of how safety and security functions impact each other, what they have in common and where they conflict, and why working together helps security and safety personnel achieve mutually beneficial goals. • Phase 2—Communication: Once safety and security staffs come to view cooperation between them as highly desirable and beneficial, the second step of the process is to institute effective communications. In most nuclear organizations there is little communication between safety and security personnel with respect to protecting vital areas and responding to hazardous or dangerous situations. To Phase 1: Awareness Phase 2: Communication Phase 3: Understanding Phase 4: Cooperation Phase 5: Harmonization Phase 6: Maintenance Fig. 6.3 Phased security-safety culture harmonization process

96









6 Bringing Safety-Security Culture into Harmony

align safety and security cultures, management must boost the degree of communications until both departments actively disseminate information and update each other on issues of mutual concern. Phase 3—Understanding: Establishing working communications provides a platform for sharing knowledge and insight, and thus deepens understanding of how security and safety functions relate to one another. Members of each culture must not just share but fully understand what their counterparts to say about how security influences safety and safety influences security. Comprehensive understanding of shared cultural elements will help both sides discern opportunities for cooperation and promote helpful actions throughout the organization. At the same time, understanding these relationships alerts safety and security personnel to the fact that failing to communicate and coordinate across departmental boundaries amplifies the facility’s vulnerability across the board. Phase 4—Cooperation: As facility personnel come to understand the value of integrating safety and security culture, opportunities for cooperation come to be self-evident. By Phase 4, individuals within the organization actively seek opportunities to cooperate with each other and thoroughly understand the mutual benefits of doing so. In this phase the safety and security organizations learn to work together whenever possible to streamline protocols, put both safety and security principles into practice, and manage the risks inherent in nuclear-related operations. Phase 5—Harmonization: As cooperation increases, the organization can start reaping the tangible benefits of harmonizing security and safety. Neither department need sacrifice its internal goals or give up responsibilities. Rather, each organization will have implemented a systematic process to ensure that the facility benefits from coordinating and integrating their efforts. Mutual commitment to achieving higher cultural goals lays the basis for such benefits as streamlined operations, reduced costs, and increased safety and security. By the end of phase 5 the staff and management from top to bottom are committed to goals manifest in the composite safety-security culture. Phase 6—Maintenance: After the facility achieves harmony between the two cultures, the facility sets out to maintain the new normal. The maintenance phase helps indoctrinate new personnel, manage operational changes, and cope with other factors pertaining to the organization’s culture. Periodic evaluation of the nuclear security and safety cultures is a must to ensure that harmony endures. Maintenance also involves taking corrective actions when need and sharing lessons learned within the staff.

Based on the preceding discussion, a nuclear facility or program can bolster its organizational culture by seeking ways to harmonize parts of that culture that share common ground. Even though common elements lie at the interface of nuclear security culture and nuclear safety culture, however, it would be impractical and unwise to attempt to force safety and security programs into a single function or department.

References

97

Nuclear security culture is sufficiently distinct in its concepts and methods to justify its separate status. To determine how intimately nuclear safety culture and security culture should be harmonized at a site, management should pay special attention to: • How directly the government involves itself in site operations. If the state perceives a threat of nuclear terrorism, it may have to provide public support to combat that threat. It has no similar obligation about safety. • How much to disclose about site operations. As a rule, security information must be kept confidential, whereas safety generally advances through openness and transparency. • How to manage different worldviews. Security personnel typically have military or police backgrounds, whereas general staff have technical or engineering backgrounds, knowledge of machinery, and experience maintaining it [6]. Security and safety departments see the world differently and operate from different assumptions about their professions. Again, for the six-phase process to succeed, management must allow enough time to fulfill the goals of each phase before proceeding to subsequent phases. An organizational culture that synchronizes security and safety cultures to the maximum degree possible will position a facility to execute its operations at acceptable risk. There are numerous benefits from a properly harmonized safety-security culture program that are certain to outweigh the initial efforts required to evaluate and implement the harmonization process. This process is front-loaded with requirements for resource allocation to initiate and evaluate the necessary elements for the desired outcome. Although this initial outlay of time, materials, and funds may challenge the resource allocation planning for some organizations, the achievement of a harmonized nuclear safety-security program can provide both tangible and intangible dividends for the effort and resources expended.

References 1. International Atomic Energy Agency (2006) Application of the management system for facilities and activities, IAEA Safety Guide No. GS-G-3.1. IAEA, Vienna 2. International Atomic Energy Agency (2006) Management system for facilities and activities, IAEA Safety Guide No. GS-R-3. IAEA, Vienna 3. Closing statement by the IAEA Deputy Director General Juan Carlos Lentijo. Retrieved from https://www.iaea.org/newscenter/news/exploring-30-years-of-safety-culture-iaea-hosts-intern ational-conference-on-human-and-organizational-aspects-of-assuring-nuclear-safety 4. International Atomic Energy Agency (2001) Measures to improve the security of nuclear materials and other radioactive material, IAEA Board of Governors General Conference, GC (45)/20. IAEA, Vienna 5. International Atomic Energy Agency (2008) Nuclear security culture: implementing guide, IAEA Nuclear Security Series No. 7. IAEA, Vienna 6. International Atomic Energy Agency (2010) The interface between safety and security of nuclear power plants, IAEA INSAG-24. IAEA, Vienna, p 19

Chapter 7

Security Culture for Users of Radioactive Sources

Abstract There have been many instances all over the world in which radioactive material has been smuggled, lost, stolen, abandoned, or even used for committing malicious acts. An effective security culture for radioactive sources depends not only on proper planning, training, and maintenance, but also on those who have a role in regulating, managing, and operating facilities and their activities. Special features of the security regime for radioactive sources make it different from the underlying principles of the IAEA generic model and have a substantive effect on its culture design and assessment procedures. Given such special requirements, there is a need for differentiated methodology, which would place an emphasis on security culture enhancement for select groups of individuals directly involved in material operation, while also applying awareness raising measures to the rest of the workforce. The benefit of differentiation is a targeted approach which makes time and resource investment commensurate with the roles and responsibilities of each staff member.

7.1 Vulnerabilities and Misuse Radioactive sources are used throughout the world in many widespread applications for a variety of peaceful, productive, and beneficial purposes. These applications can include industrial radiography, oil well logging, medicine, research and education, and military. Typically, these sources use radioactive materials that are contained or bound within a suitable capsule (sometimes referred to as “housing”), also known as sealed radioactive sources, but occasionally include radioactive materials in an unsealed form. These sources vary considerably in a few ways such as physical size and properties, the amount of radiation they emit, and the type of encasing. They can comprise of portable instruments (e.g., gauges for taking measurements) and pieces of equipment (e.g., a radiotherapy machine for cancer treatment).

© The Author(s), under exclusive license to Springer Nature Switzerland AG 2023 I. Khripunov, Human Factor in Nuclear Security, Advanced Sciences and Technologies for Security Applications, https://doi.org/10.1007/978-3-031-20278-0_7

99

100

7 Security Culture for Users of Radioactive Sources

Box 7.1: Radiological Source Incident in Goiania (Brazil, September 1985) In 1985, a medical institution in Goiania (Brazil) moved to a new location and abandoned a Cs137 teletherapy source at the old premises. Two years later, local metal scrap collectors removed the source, dismantled it, ruptured the capsule, and retrieved 100 g of cesium chloride which was circulated throughout the city without knowing associated risks. Consequences for the local communities included: • 4 persons dead within four weeks. • 260 persons contaminated including 124 persons with life threatening internal and/or external contamination. • 4 hospitals, 42 residences, numerous public buses, and private cars heavily contaminated. • Demand for locally produced industrial and agricultural products dramatically dropped nation-wide leading to numerous bankruptcies and high unemployment. • Over 3,500 m3 of accumulated radioactive waste to be buried in the public land. It is important to note that when radioactive sources are safely managed and securely protected the risks to workers and the public are minimal. However, if a radioactive source becomes out of control, unshielded, or its radioactive material is dispersed as the result of an accident or a malicious act, the danger of radiation exposure becomes very real. There have been many instances all over the world in which radioactive sources have been smuggled, lost, stolen, abandoned, or even used for malevolent actions. Certain industrial and medical radioactive sources, including Cobalt-60, Caesium-137, Strontium-90, and Iridium-90 are most significant given that they emit high levels of radiation. The IAEA has categorized radioactive sources to identify the types that require particular attention for safety and security reasons. These categories range from Category 1 (most dangerous to human health if not managed safely and securely, with exposure from a few minutes to an hour) to Category 5 (least dangerous but would still require appropriate regulatory control). Radioactive sources have the potential to be used as weapons as either radiological dispersal devices (RDDs), known as “dirty bombs”, or as radiation exposure/emitting devices (REDs). RDDs disperse radioactive material into the environment while REDs use a stationary radioactive source to expose victims to high levels of radiation. RDDs and REDs of any kind present a potent and effective terrorist weapon because they threaten to expose civilian populations to radiation, engendering anxiety, stress, and panic with the potential for casualties resulting from excess doses of radiation. Public health experts believe the psychological effects may be equally harmful, if not more prevalent, than their physical health consequences [1].

7.2 Physical Protection and the Human Factor

101

Few, if any, deaths will result from radiation exposure in a small-scale RDD attack. Spreading small amounts of radiological material has no immediate substantial health effects, other than to instill public fear, panic, and alter public behavior. The major challenge for governments will be long-term disaster mitigation involving cleanup, the relocation of residents away from heavily contaminated areas, psychological care, and public education to ensure that areas struck by terrorists are not abandoned out of inflated fears of radiation and its effects.

7.2 Physical Protection and the Human Factor A facility that stores and uses a radioactive source should have a sufficient level of security to address the risk of an adversary committing a malicious act. Financially, it makes sense that a facility would not reduce the risk to society to lower than what is required by regulation, as then the facility would be overspending on security. This is rarely a problem, as often the driving force of facilities when conducting analyses of their security systems are to scale down their security measures to reduce overhead costs. In some circumstances, a robust security culture can serve as a compensatory measure. A key step toward establishing required security measures depends on the determination of the threat-holder in utilizing the radioactive material in use, storage, and transport [2]. A threat assessment will serve as a common basis for regulatory authorities and users of radioactive sources when performing their respective functions and duties. Once a threat assessment is established and a graded approach is applied to security arrangements, the organization will start designing a physical protection system that incorporates all vital elements such as: deterrence, detection, delay, and response. This graded approach will be based on the principles of risk management, which factor in the level of threat in conjunction with the relative attractiveness of the material for malicious actors. In other words, this graded approach and the established categorization system for radioactive sources are shaped by factors including the quality, physical and chemical properties, mobility, availability, and accessibility of sources. The core element of the security system is a security plan that is designed to protect radioactive material while also implementing measures to address an increased threat level, respond to security events, and protect sensitive information. The scope of security plans should cover: • A description of the radioactive material and the environment of its use and storage. • An agreed-upon level of threat. • A description of specific security concerns needing to be addressed. • A description of the current security system and its objectives.

102

7 Security Culture for Users of Radioactive Sources

• Security procedures that provide guidance to operator personnel for operating and maintaining security measures, and the security procedures that are to be followed before and after maintenance. • Administrative aspects, including definitions of the roles and responsibilities of individuals with security responsibilities, access authorization processes, trustworthiness determination processes, information protection processes, inventories and records, event reporting, and review and revision of security plans. • Guidance on how procedural and administrative security measures will be scaled to meet increased levels of threat, as assessed by the state; and • Response measures to actions including cooperation with relevant competent authorities in locating and recovering radioactive material consistent with the national practice. Once the security system is designed, the influence of human factors must be considered and built into the calculation for its success. This means looking at each of the factors that are considered high risk due to human error, inconsistencies, complacency, and other reasons. One of the IAEA security recommendations for radioactive sources emphasizes the importance of promoting a security culture: “All organizations and individuals involved in implementing nuclear security should give due priority to the nuclear security culture with regard to radioactive material, to its development and maintenance necessary to ensure its effective implementation in the entire organization” [3]. Indeed, an effective security culture for radioactive sources depends not only on proper planning, training, operations, and maintenance, but also on the thoughts and actions of people who plan, operate, and maintain security systems. The foundation of security culture is dependent on those who have a role in regulating, managing, or operating facilities or activities involving radioactive sources, or even those likely to be affected by such activities, ability to recognize that a credible threat exists, and that security is important [4]. Due to the work environment and ease of accessibility, it is the motivated and vigilant personnel, in combination with adequate physical protection, who are indispensable players in safeguarding radioactive sources. In some states, the physical protection, accounting, and control systems for radioactive sources are insufficient. Radioactive sources are used, stored, and transported by private entities often to a large quantity of consumers who are viewed as soft targets by potential adversaries [5]. Radioactive source users may be technically competent but are still vulnerable if they discount the role of the human factor. The entire security regime stands, or falls based on the people involved. Thus, the human factor plus the upper tier of managers and leaders must be addressed continuously and meticulously to ensure the security regime will be effective, sustainable, and optimal.

7.3 Radioactive Sources: Special Considerations for Security Culture

103

7.3 Radioactive Sources: Special Considerations for Security Culture As an assembly of characteristics, attitudes, and behavior, security culture is a supporting, enhancing, and sustaining tool for the security of radioactive sources. As defined by the IAEA, the objectives of the security regime are to: • Protect against the unauthorized removal of radioactive material. • Protect against sabotage of material, facilities, and activities (i.e., production, processing, use, storage, disposal, transport, etc.); and • Ensure the implementation of rapid and comprehensive measures to locate and recover radioactive material that is lost, missing, or stolen and to re-establish regulatory control [6]. Several features of radioactive source security make it distinctly different from nuclear security and have a substantive effect on its culture design and its assessment. These distinct features can be summarized as follows: Continued prevalence of safety orientation. Many organizations with limited use of radioactive sources have large operational units where no radioactive sources are utilized, and where security mentality is not well developed or popular. As a result, managers tend to delegate security to their lower-tiered staff and are less involved personally. For those in charge of operating sources, the priority to protect people from radioactive sources rather than to protect sources from people remains. This concept of safety orientation makes it necessary to design and implement both safety and security measures in an integrated manner to ensure that security measures do not compromise safety, and safety measures do not compromise security. Moreover, both safety and security measures must complement each other and be mutually supportive. Multiple and intermodal transport. In view of the potential vulnerability of radioactive material in transport, the design of an adequate transport security system incorporates the concept of defense and uses a graded approach to prevent material from becoming susceptible to malicious acts. Accordingly, it is important to factor in effective security transport schedules, routing, security of passage, information security, and other relevant procedures.

Box 7.2: A Radioactive Source Stolen in Mexico In December 2013, a truck which was transporting the cobalt-60 teletherapy source from a hospital to a radioactive waste storage center was stolen near Mexico City. National authorities later reported that the source was recovered close to where it was stolen. The radioactive cobalt-60 source contained in the device was removed from the protective shielding by the perpetrators,

104

7 Security Culture for Users of Radioactive Sources

but there was no indication that it was damaged or broken up and no sign of contamination in the area. As a precautionary measure, the police secured the area around the source to 500 m. This source, with an activity of 3,000 curies (111 terabecquerels), belongs to Category 1 defined by the IAEA as an extremely dangerous to humans. If not safely managed or securely protected, it would be likely to cause permanent injury to a person who handled it or who was otherwise in contact with it for more than a few minutes. The Mexican authorities decided to monitor potential radiation exposure to persons who might have been close to the unshielded source, and hospitals were alerted to watch for symptoms of such exposure. Security measures taken during transport of radioactive sources to protect against malicious acts should be based on evaluating the threat to the material and its potential to generate consequences. The transport of radioactive sources is usually an interim phase between production, use, storage, and disposal. The potential radiological consequences of the loss of control due to theft of radioactive sources during use, storage, or transport do not differ in principle, although the potential consequences of an act of sabotage might differ depending on the location of radioactive sources. The nature of radioactive source transport poses serious challenges to implementing physical protection systems due to the source’s increased vulnerability. Each stage of a source’s life cycle may require some sort of transportation either from manufacturer to user, or while being used in field operations, or from user to disposal sites. A potential adversary, especially an insider, can choose a point along transportation routes where the source would be most vulnerable and procedures for physical protection are least effective. For international transport, operators should ensure that any state-by-state variation in security measures are applied while the radioactive material is in transit; in addition to determining the exact location in which the responsibility for security is transferred. Integration into overall security regime of host organizations. At large and diversified institutions, radiological security and culture should be blended into an overall security regime of the host organization. For example, hospitals with radiology wards have their own set of unique security and safety risks depending on demographics, service offerings, and administrative strategy. The security of a hospital is a collaborative effort, as the security service may not be exclusively responsible for all the components of the protection program and security management. For example, the basic elements and environment of a hospital create many risks and challenges including: • Healthcare is usually provided twenty-four hours per day and hospitals are easily accessible. • Healthcare staff are predominately female and are most likely targets of violence. • Workplace violence is an increasing problem.

7.3 Radioactive Sources: Special Considerations for Security Culture

105

• Drugs are used and stored at the facility. • Money is handled throughout the facility; and • Hospitals are soft targets for terrorists [7]. Diverse applications. Radioactive sources are utilized across a wide range of industrial production, construction, research, medical, and other applications. The diversity of security regimes and its impact on organizational culture is much more extensive than the more uniformly structured nuclear sector. For example, common users of sources include non-destructive testing, radiation sterilization of health care products, modification of polymeric materials, online process control systems, mineral resource evaluation, food irradiation and many others. Dispersed throughout numerous industrial units and medical institutions, security culture poses a challenge in efforts of formulating a uniform approach (Table 7.1). Mobile and portable operation. Industrial radiography sources, a wide range of gauges, and others are routinely moved around and often located ‘off-site’ where traditional approaches of physical protection cannot be applied effectively. For this category of sources, a timely detection, delay, and response are not easy to accomplish. Users of portable gauges are required to both maintain control and constant surveillance when in use, and at a minimum use two independent physical controls to secure them from unauthorized removal when not in use. The security procedures implemented must ensure that the two physical barriers are in place to increase the Table 7.1 Irradiation equipment and their application fields Scanning

X-ray equipment is used in carrying out security checks on luggage at airports and also in verifying the quality of welds in pipelines. Other kinds of irradiation equipment are used in gauging the thickness of paper, plastic films, and metal sheets

Agriculture

Irradiation equipment is used with the sterile insect technique, whereby male insects are irradiated and made sterile. They are then released, but have no offspring when they mate. The technique has been used successfully against the tsetse fly in Zanzibar, the Mediterranean fruit fly in Mexico, and the screwworm in North Africa and the Southern United States

Medicine

X-ray equipment is used in, for example, dentistry, mammography, and the diagnosis of fractures. More powerful radiation is used for therapeutic purposes, such as the treatment of cancer, in which the radiation is directed at the cancerous cells to minimize the damage to healthy cells

Sterilization and food preservation Very strong radiation is used in sterilizing surgical instruments and surgical gloves, which would not withstand the temperatures involved in conventional sterilization. Certain drugs are also sterilized by means of radiation. The same technique is used in the preservation of food

106

7 Security Culture for Users of Radioactive Sources

level of deterrence compared to that of a single barrier. In addition, the two physical barriers would make unauthorized removal of the portable gauge more difficult. The difficulty in controlling the use of traditional methods amplifies the importance of human reliability, vigilance, and improvisation as key traits of security culture. The mobile and portable modes of operation impose a burden on users of radioactive sources; specifically, on those who must continuously improve security arrangements in coordination with local law enforcement personnel across the country. One such compensatory measure is establishing a communications link to allow for a quick response to incidents. In many countries, save large urban centers, local law enforcement is often inadequately trained to respond to radiological emergencies and require expert assistance. Limited resources and security awareness. In some countries, financial, technical, and human resources are still lacking efforts to address the risk of diversion of radioactive material and its malicious use. Most of these countries do not have an established nuclear power infrastructure which, given its scale and significance for the national economy, often serves as a source of advanced security methodology and good practices to share with users of radioactive sources. The absence of factual evidence to demonstrate the risk of radioactive material being used for malicious purposes has precipitated a sense of complacency among users of radioactive sources and regulatory authorities. In addition, hiring trained and armed professional guards to protect the site 24 h a day is expensive. Security equipment and hardware, including intrusion detection and assessment systems, are also costly to install and maintain. Disposal challenges. End-of-life source management is another challenge in some countries due to a lack of uniform practices that often leave sources without regulation. Options open to users include a return to manufacturers, recycling or disposal, and storage. However, financial, and other constraints frequently prevent them from following these procedures in a consistent manner. For example, the financial cost of returning the source to the manufacturer can be difficult to predict as the source’s end-of-life value may be more expensive or vastly underestimated. There have been efforts requesting source owners to develop disposal plans prior to their import, and for owners to implement such plans when the sources become disused. However, the issue of financial provisions to support these plans continues to be poorly planned and implemented. As a result, some disused sources become vulnerable to weak regulatory control and may fall into the category of “orphan sources”, meaning those not under control after being abandoned, misplaced, lost, stolen, or transferred without appropriate authorization.

7.4 Security Culture Model for Radioactive Sources The security culture model for radioactive sources cannot be an exact replica of the IAEA model described in the 2008 Implementing Guide [8]. Based on the same organizational culture approach, this model, its characteristics, and its indicators

7.4 Security Culture Model for Radioactive Sources

107

must reflect features specific to the operation of radioactive sources. The underlying principles are to promote and support the security regime for radioactive sources by: • Raising security awareness among all staff members in the organization while also building an effective security culture for individuals who are managing and operating radioactive sources or are otherwise professionally associated with their use. • Providing how the organization supports individuals and teams in successfully performing security related tasks, while also considering the interaction between individuals, technology, and management. • Ensuring a common understanding of the key aspects of security culture within the organization. • Reinforcing a learning and questioning attitude at all levels of the organization; and • Providing how the organization continually seeks to develop and improve its security culture as well as make it sustainable. Special security requirements for radioactive sources (discussed above) may justify a differentiated approach toward security culture. More frequent and intense efforts are expected to focus on a select group, which has a direct or indirect relationship with radioactive sources (management teams, security personnel, operations, technicians, and others). The determination of the dividing line between this group and the rest of the workforce outside radioactive source operations is up to the organization’s leadership. The general policy is that security awareness development is applicable to all employees as a core value. However, given limited resources, it would be reasonable to place more emphasis on security commitments, as well as the evaluation and enhancement process for a more limited group. In other words, differentiation is a targeted approach and makes time and resource investment in training and culture development commensurate with the roles and responsibilities of individuals. Awareness raising is a common foundation for across-the-board effective security throughout organizations that operate radioactive sources. The goal is to develop an awareness of possible risks and threats to the security and safety of radioactive sources that can be translated into support for actions to address those risks and threats. An emphasis should be placed on performance and behavior because security awareness raising is not simply about enhancing understanding or imparting risk-based information, but rather empowering people to act at appropriate times and in appropriate ways commensurate with their roles and responsibilities. All employees must be informed about how to recognize indicators of danger and react accordingly. Moreover, they must be guided to do the right thing, at the right time once they recognize such situations. Topics to be covered during security awareness sessions should explain (1) why radioactive sources may be targeted, and by whom; (2) how adversaries including insiders can endanger them; (3) personnel motivation and possible consequences of their actions; (4) the limitations of security regimes and concurrent vulnerabilities;

108

7 Security Culture for Users of Radioactive Sources

and (5) what can be done to prevent loss or damage. Emergency drills and exercises would complement, if possible, these sessions (Fig. 7.1). The IAEA Security Culture Model with its characteristics and culture indicators provide guidance for the differentiated process of security awareness and culture enhancement through several stages until reaching the security commitment, i.e.,

Fig. 7.1 Model of security culture for radioactive sources

7.5 Evaluating and Enhancing

109

ownership stage. All staff members are expected to have shared beliefs and attitudes that (a) a credible threat to radioactive sources exists; (b) a radiological event would have devastating health, environmental, economic, social, and psychological impacts; and (c) a robust security regime is desirable and necessary. The model outlines elements of an effective security culture as the goal based on proactive skills and practices enabling personnel to address threats by taking appropriate actions and setting an example for others to follow. Ideally, all personnel must reach the commitment stage, but this may be a challenge given special operational and structural features of radioactive source users. Hence, while applying these principles to the entire workforce, emphasis and priority is accorded to a group of managers and staff with roles and responsibilities associated with the operation, transport, and storage of radioactive sources. A security culture development program has the following three goals: • Increase understanding by relevant personnel of the importance of security, of the nature and immediacy of the threats, and of their personal accountability for security. • Improve manager performance, both in terms of enhancing security effectiveness and contributing to a strong security culture; and • Establish an organizational policy and structure that creates a basis for strong security culture and supports the sustainability of the radiological security program. Culture indicators assigned to each characteristic of the model are designed to maintain adequate levels of security culture and ensure its sustainability. The ability to assess the status of security culture is a prerequisite to successful business development and maintenance. Applying assessment methodology requires a multidisciplinary approach since culture is composed of intangible human traits such as beliefs, values, and ethics, which are acquired and internalized differently by everyone.

7.5 Evaluating and Enhancing Security awareness and culture assessments play a key role in developing and maintaining an awareness of the strengths and weaknesses in protecting radioactive sources. The purpose of a security culture assessment is to provide a clear picture of human factor’s influence on an organization’s security regime. Charting trends over time can provide the management with an early warning of problems, thereby reinforcing sustainability. A prerequisite for successful assessment is ensuring there is confidentiality in participants throughout its entire process. There are at least three options for evaluating security awareness and culture: (1) basic, (2) intermediate, and (3) comprehensive. Their selection depends on many factors and circumstances including risk estimates, the size of the organization and workforce, and the records of previous security incidents or near misses.

110

7 Security Culture for Users of Radioactive Sources

Basic. This method is based on statistical methods and information derived mostly from document review, observations, and other sources. Basic indicators focus on: 1. The percentage of security incidents or near misses during previous quarter or year compared to previous periods. 2. The percentage of employees who have received security refresher training during the previous quarter or year. 3. The percentage of security improvement proposals submitted, considered, or implemented during the previous quarter or year. 4. The percentage of communication briefs for employees that included security information. 5. The number of security inspections conducted by senior managers, managers, or supervisors during the previous quarter or year. 6. The number of employee suggestions relating to security improvements during the previous quarter or year; and 7. The percentage of routine organizational meetings with security as an agenda item. While this audit-type assessment will not provide any insights into the drivers of personnel behavior, it may signal potential negative trends in the security regime’s future, as well as the need to take corrective action including, if necessary, the launch of a more in-depth assessment. Intermediate. This type of assessment is based on managers’ own “yes” or “no” judgment regarding the relevant culture characteristics as well as the evolving structure and functionality of the security component of the organization’s management systems. Being non-interactive, these security management indexes have limited utility but can pinpoint the functional areas where major deficiencies or gaps are most likely to exist because of inadequate human performance. Compared to basic, the intermediate approach can stimulate managers’ further consideration of specific problems and justify a more comprehensive method. Such security management indexes requiring a “yes” or “no” response include: 1. 2. 3. 4. 5. 6. 7. 8. 9.

A security policy is established and posted. Processes are in place to identify the mandatory requirements relating to security. Regularly held management meetings cover significant security items. Professional rewards or recognition is associated with the achievement of security goals. Roles and responsibilities for all security positions are clearly defined in relevant documents. Security related performance results are compared to targets and regularly communicated to staff. Feedback from staff is requested, appreciated, and analyzed. Periodic evaluation of security training programs is conducted, and revisions incorporated. Contingency plans are established to address unforeseeable events.

7.5 Evaluating and Enhancing

111

10. Processes and protocols exist for handling sensitive information. 11. Checklists/detailed procedures for security systems maintenance exist. 12. Training is provided to guide appropriate personnel in identifying high-risk behavioral symptoms. 13. An insider threat mitigation program is in place. 14. Management processes are in place for changes that could affect security. 15. Contingency plans are in place; and 16. Communication by management with local and national organizations involved in nuclear security is regularly performed. An alternative to this method would be for a management team to review culture indicators and self-reflect on the state of security to identify human-factor-related gaps. A quick look, however, would not preclude a more labor-intensive assessment should it become necessary to check whether the original diagnosis was correct, if the measures adopted by management really worked, and if the organization is on the right track. Comprehensive. This is a multi-stage process comprising of both non-interactive and interactive assessment tools focusing on management and behavior characteristics of the IAEA Security Culture Model. This process is a full-scope self-assessment outlined in Chap. 5 but may include several modified or new characteristics and culture indicators. Surveys, interviews, focus group discussions, document review, and observation are principal tools. Some of the indicators are generic in nature and should be treated as examples or illustrations that each organization should tailor to its own circumstances and needs. Additional indicators should be developed, reflecting the profile of the organization and its activity. To this end, the indicators may be modified or developed to address, for example, a facilities design and any special security risks, such as a surge in transport operations, extensive use of radioactive sources in the field or activities outside the established security arrangements. Selfassessment for users of radioactive sources or transport operations may need a set of indicators reflecting a risk based and graded approach for such organizations. Such new specific indicators, if there is a clearly recognized need for them, should be developed by a team of experts and their use approved by management. Below are samples of new and modified indicators designed for security culture self-assessment and enhancement at organizations which manufacture, transport, use, store, and dispose of radioactive sources: • Managers ensure that when sources are not in use they are promptly stored in an approved manner as required for the category to which they belong. • A security plan for the transport of radioactive material is developed, adopted, implemented, and periodically reviewed as necessary. • Periodic account for each radioactive source uses such methods as a physical check, remote video monitoring, examination of seals or other temper-indicating devices, or radiation measurements.

112

7 Security Culture for Users of Radioactive Sources

• Individuals engaged in the transport of radioactive material receive training including training in the elements of security awareness, commensurate with their responsibilities in implementing security plans. • Effective security in transit is achieved by considering transport schedules, routing, security of passage, information security and procedures. • The total time that radioactive material is in transport, the number of intermodal transfers and the waiting times associated with the intermodal transfer are kept to the minimum. • Records of radioactive sources inventories and accountings are protected at a security level consistent with the sources covered. • In cases where the required security measures cannot be fully met during field or off-site operations, alternative compensatory measures are implemented that will provide an equivalent level of security. • Disused sources are disposed within the specified period after determining that extended or long-term storage of disused sources pose an increased threat to the security. • Contingency plans are in place to respond to malicious acts in transport, including plans for the recovery of lost or stolen material and for mitigating consequences. • A record is kept of all persons who have access to, or monitor, the use of keys associated with the operation of radioactive sources. Radioactive sources play a crucial role in industry and health care. Due to their variety and application, they have security features distinct from generic approaches applicable to other nuclear facilities and activities. The importance of effective life cycle management from cradle to grave is imperative to the safety and security of radioactive sources. In this context, the human dimension of their security, i.e., radiological security culture, can provide much needed multidisciplinary cooperation in the face of expected and unexpected risks. The use of radioactive sources is spreading globally. There are signs that more sources will soon operate in areas characterized by a lack of stability, inadequate operational experience, and low security priority. Furthermore, there is a significant link between expanding the use of radioactive sources and global development of health care. Demand for more radiationbased technologies is expected in industry, agriculture, and research as part of the globalized economy. Such technologies are becoming widely used as state-of-theart tools in laboratories to provide information without destroying the sample, improve analysis results, achieve optimal cost effectiveness, and promote rapid data acquisition. Against the background of these developments and trends, a cultural approach to the protection of high-risk radioactive sources is becoming indispensable. In this context, however, seldom will a security culture self-assessment yield clear-cut or easily actionable results. Instead, it helps move the organization along its learning curve by determining what attitudes and beliefs need to be established in an organization, how these attitudes and beliefs manifest themselves in the behavior of assigned personnel, and how desirable attitudes and beliefs can be transcribed into formal

References

113

working methods. In this sense, an assessment of security culture should complement the current evaluation methodology for gauging vulnerability and physical protection, thus helping refine overall security arrangements for radioactive sources.

References 1. Bromer, E (1998) Psychological effects of radiation catastrophes. In: Peterson L, Abrahamson S (eds) Effects of ionizing radiation: atomic bomb survivors and their children (1945–1995). Joseph Henry Press, p 283 2. International Atomic Energy Agency (2011) Nuclear security recommendations on radioactive material and associated facilities, IAEA Nuclear Security Series No 14. IAEA, Vienna, p 13 3. International Atomic Energy Agency (2009) Security for radioactive sources, IAEA Nuclear Security Series No. 11. IAEA, Vienna, p 6 4. Bieniawski A, Iliopoulos I, Nalbandian M (2016) Radiological security: progress report. In: Nuclear threat initiative, p 10 5. International Atomic Energy Agency (2011) Nuclear security recommendations on radioactive material and associated facilities, IAEA Nuclear Security Series No 14. IAEA, Vienna, p 5 6. International Atomic Energy Agency (2009) Security of radioactive sources, IAEA Nuclear Security Series No.11. IAEA, Vienna, p 10 7. Nibbelink S (2012) Hospitals meet security challenges with integrated security and facility solutions. In: Schneider electric, pp 6–7 8. International Atomic Energy Agency (2008) Nuclear security culture, IAEA Nuclear Security Series No 7. IAEA, Vienna

Chapter 8

Nuclear Security Culture as a Tool to Address Insider Threat

Abstract The IAEA Implementing Guide on Preventive and Protective Measures against Insider Threats No. 8-G (Rev.1) has many references to the role of nuclear security culture in addressing insider threats, but it provides insufficient specifics how to harness culture in practice. This chapter attempts to fill in this gap and develop stepby-step guidance for using the nuclear-security-culture methodology to perform this vital function. The IAEA model lists thirty characteristics along with over 300 associated indicators of culture to illustrate the meaning of each characteristic. Several characteristics used in this chapter are directly linked to practices designed to prevent insiders from committing malicious acts, and to mitigate the consequences of such acts. For example, the Human Reliability Program falls under the characteristic “continual determination of staff trustworthiness”, Mitigation of Occupational Strain under “work environment”, Compliance with the IAEA Proposed Preventive and Protective Measures under “adherence to procedures”, and Improved Observation Skills under “vigilance”, which encompasses observation and reporting. Culture indicators associated with these characteristics enable management to self-reflect, discerning weaknesses and strengths and, if deemed necessary, launching a full-scope self-assessment aimed primarily at countering the insider threat. A follow-up cultureenhancement plan will prioritize improving management systems, targeted training curricula, awareness-raising, and communication systems in a comprehensive effort to promote a robust culture able to deal with threats from within. Constant focus on the relevant characteristics as well as organization-wide dissemination and discussion of self-assessment reports can deter hostile insiders from implementing their plans. The security-culture approach complements the organization’s methods by identifying root causes of insiders’ misbehavior and enhancing vigilance throughout the workforce.

8.1 What is Insider Threat? The term “insider” denotes an adversary authorized access to a nuclear facility, a transport operation, or sensitive information. A physical-protection system is designed and evaluated against threats posed by both outsiders and insiders. Insider © The Author(s), under exclusive license to Springer Nature Switzerland AG 2023 I. Khripunov, Human Factor in Nuclear Security, Advanced Sciences and Technologies for Security Applications, https://doi.org/10.1007/978-3-031-20278-0_8

115

116

8 Nuclear Security Culture as a Tool to Address Insider Threat

threats are different, however, as they present a unique problem. Insiders could take advantage of their access (i.e., their right or opportunity to gain admission to a sensitive site), complemented by their authority (i.e., their power or right to enforce obedience), and their knowledge of the facility (i.e., awareness or familiarity gained through training or experience), to bypass dedicated physical-protective elements or other precautions such as safety, nuclear material control and accountancy (MC&A), and security-conscious operating procedures. Moreover, insiders enjoying authorized access and positions of trust are more capable than outsiders of defeating security obstacles. Insiders have more opportunity (i.e., more favorable conditions) to select the most vulnerable target, and they know when the best time to perform a malicious act would be. In addition, they can space out a hostile act over a long period of time to maximize the likelihood of success. Gradual measure could include, for example, tampering with safety equipment to prepare for an attempt at sabotage, or falsifying accounting records to repeatedly steal small amounts of nuclear material. Insiders may hold different positions, including designers of physical-protection systems, system-administration staff, researchers performing experiments, IT specialists, security guards, material handlers, clerks, nuclear-material custodians, safeguards officers, operational maintenance workers, or senior managers. Others not directly employed may include vendors, emergency personnel (firefighters and first responders), contractors, subcontractors, or outsourced service providers. It would be a dangerous fallacy to underestimate the possible damage inflicted by ordinary workers and employees (e.g., decommissioning, construction, or decontamination workers). Insider motives could include ideological, personal, financial, or psychological factors. Management should never assume that personnel are so loyal that they will never undergo a change of ideology, shift their allegiance, or yield to personal incentives such as financial gain. Following a negative work-related event such as a dispute with an employer, demotion or firing, or an unwanted transfer, disgruntled employees are much more likely to become insider threats and much less likely to take an active hand at improving the organization’s security. Now that many first-generation nuclear power plants are being decommissioned, personnel whose jobs are at risk may nurse grudges against their employers and become threats. Also, an individual could be coerced into becoming an insider, or could coerce others, including family members, into working against nuclear security. In Northern Ireland in 2004, for example, thieves robbed a bank and made off with £26 million. They kidnapped the families of two bank managers and blackmailed the managers into helping them carry out their crime [1]. Similarly, terrorists could use coercive tactics to enlist help in stealing nuclear materials. Security guards and personnel also present an insider threat. In non-nuclear guarded facilities, guards account for numerous insider security incidents. Groups of insiders familiar with weaknesses in security operations rank among the most difficult threats for security systems to defeat. Hence, whenever possible, nuclear security systems should be designed to supply substantial protection against small groups of collaborators.

8.1 What is Insider Threat?

117

Fig. 8.1 Effects of organizational and social strains

Unaddressed discontent and workplace stress typically fan perceptions of injustice from management. Resentments stem from unfair outcomes (distributive injustice), procedures that beget unfair outcomes (procedural injustice), or abusive treatment from others (interactional injustice). The first two forms of injustice are structural, produced by poor interactions between individuals and the organization. On the other hand, interactional injustices are social in nature, as they arise from interactions between employees and their peers or supervisors. Resulting negative emotions include discouragement, anger, frustration, and fear. If powerful enough, these passions may goad some individuals into acts driven by malice (Fig. 8.1). It is important to avoid the “myth of absolute security”, the belief that a facility is already completely secure [2]. This is never correct and could encourage complacency. Complacency is the enemy of preparedness and degrades efforts at prevention, detection, protection, and mitigation. More importantly, managers should never succumb to the temptation to minimize emergency response and mitigation efforts to project the illusion that there is nothing to fear. Again, management should never assume employees are immune to incentives to pose insider threats. It is critical to enact programs to screen employees for trustworthiness before hiring them, and to monitor their behavior once employed. But no one should ever assume that screening programs are 100 percent effective. Personnel screening, training, and monitoring systems are meant to pick up subtle signs that personnel reliability has been or is about to be compromised. And while blatant red flags seldom go unnoticed, they can escape notice if individual incentive systems and information-sharing procedures discourage people from reporting them (Table 8.1).

118

8 Nuclear Security Culture as a Tool to Address Insider Threat

Table 8.1 Insider threat: high-risk psychological indicators Indicator

Description

Disregard for authority

The employee disregards rules, authority, or policies, and feels that he/she is above the rules, or that they only apply to others

Disengagement

The employee keeps to himself, is detached, withdrawn, and tends not to interact with individuals or groups; avoids meetings

Anger management

The employee often allows anger to build inside, has trouble managing emotions and feelings of anger or rage, and holds strong grudges

Not accepting feedback The employee is observed to have a difficult time accepting criticism and tends to take personally or becomes defensive when a message is delivered. The employee has been observed to be unwilling to acknowledge errors or admitting to mistakes and may attempt to cover up errors through lying or deceit Disgruntlement

The employee is observed to be dissatisfied in their current position; chronic indications of discontent such as strong negative feelings about being passed over for a promotion or being underpaid or undervalued; may have a poor fit with current job

One reason nuclear security culture constitutes a tool for countering insider threats and their consequences is because a robust security regime explicitly recognizes that low standards of security culture, security awareness, and trustworthiness may abet insider attempts to perform malicious acts. An approach predicated on the human vigilance harnesses security-culture methodology to cope with insider threats. Also important is that previously applied methods were largely based on the qualifications, motivations, and attitudes of the people directly or indirectly involved in the process, which makes security culture an attractive choice as an integrating mechanism for prevention and protection.

Box 8.1: Insider Threat: Koeberg Nuclear Power Plant • The perpetrator was employed by the plant which was under construction and stole a set of Koeberg plans. His job was mapping pipes and valves at the installation for use in case of emergency. • Four bombs were planted on the two reactor heads at the power station as well as at strategic points under the control rooms. • The attack on the French-built nuclear installation which was suspected at that time to be used to produce plutonium to manufacture atomic bombs was planned by the Special Operation Department of the African National Congress. • The bombs were detonated several days before the plant went on stream and nobody was hurt in the explosion and ensuing fire. • The attack delayed the commissioning of the plant by about 18 months.

8.2 Security Culture Applicability

119

8.2 Security Culture Applicability To assess the status of an organization’s beliefs and attitudes regarding insider threats, management needs to review indicators for the characteristic “vigilance”, as described in the Personnel Behavior section of the IAEA model. This section deals with insiders, among other dangers. Twelve culture indicators associated with “vigilance” include the following: • Staff members notice and question unusual indicators and occurrences and report them to management as soon as possible using established procedures. • Staff members are attentive to detail. • Staff members seek guidance when unsure of the security significance of unusual events, observations, or occurrences. • Staff members and contractors believe that a credible threat exists. • Staff members and contractors are trained in observation skills that help them identify irregularities in implementing security procedures. • Staff members and contractors are aware of the potential insider threat and its consequences. • Staff members and contractors strive to counteract manifestations of complacency. • Staff members and contractors always understand and embrace the need for a watchful and alert attitude. • Staff members and contractors feel safe from reprisal when reporting errors and incidents. • The facility enforces a policy prohibiting harassment and retaliation for raising nuclear security concerns. • Staff members or contractors make decisions or act consistent with their responsibilities if they need to react before managers arrive on the scene of an incident. • Staff members or contractors notify managers of incidents or incidents that compromise computer security or information security. To make a self-assessment aimed at forestalling insider threats meaningful, the assessment team needs to review indicators associated with characteristics spelled out in the Management Systems and Leadership Behavior sections. Such a review could help management evaluate the above-listed indicators of “vigilance” as well. A follow-up evaluation could yield a verdict on whether the organization is prepared to address the insider threat. As noted in Chap. 5, the IAEA methodology recommends applying surveys, interviews, focus-group sessions, direct observations, and document reviews as tools. Surveys are important to self-assessment because they establish a baseline for tracking changes over time. Survey statements are derived from culture indicators, and respondents are asked to grade each statement based on a 7-point scoring system. The 7-point scale ranges from 1 (Strongly Disagree) to 7 (Strongly Agree). Interviews play a significant role in culture assessment because they allow for flexible questioning and follow-up clarifications from interviewees. Document reviews provide background information on relevant policies and how the facility seeks to put those

120

8 Nuclear Security Culture as a Tool to Address Insider Threat

policies into effect. This eases the task of getting at the deeper tenets of an organization’s culture. Observations record actual performance and behavior in real time and under different circumstances. Regular assessments focusing on culture characteristics relevant to the insider threat keep these risks under constant and comprehensive scrutiny as opposed to separate, disconnected initiatives. Involving a considerable portion of the workforce in surveys, interviews, and focus groups not only enables organizations to identify cultural weaknesses conducive to insider threats, but also provides a sustainable learning experience to complement classroom training. Nine of thirty security-culture characteristics from the IAEA model are directly relevant to countermeasures against the insider threat. They and their associated indicators comprise the basis for a security-culture self-assessment and enhancement. Depending on the organization’s profile and how well qualified its personnel are to perform a self-assessment, such characteristics will help identify cultural strengths that generate beliefs, assumptions, and attitudes to encourage security awareness, or weaknesses that may prod staff members into malicious acts. Culture indicators associated with these characteristics should be used as statements for surveys, further explored during interviews, and carefully evaluated during the process of observation. Below are the nine characteristics important to a self-assessment process focused on the insider threat: 1. Continuous Determination of Trustworthiness—Management Systems (i) Management should undertake initial and ongoing assessments of everyone’s integrity, honesty, and reliability to identify motives or behavior typical of insider threats. Checks for trustworthiness attempt to determine whether greed, financial status, ideology, psychological troubles, a desire for revenge against perceived injustice, physical dependency on drugs, alcohol, or sex, or coercion could prod an individual into a malign act. Reviewing personal records, references, network history, financial background checks, and psychological examinations or medical records could unearth evidence of an incipient insider threat. 2. Work Environment—Management Systems (d) An “employee-satisfaction index” implies that staff members’ professional work ethics and attitudes constitute part of the security culture. As adopted from the General Strain Theory (GST) in criminology, organizational strains (such as mismatching expectations, the pressure of sanctions, job dissatisfaction, or low prestige) can fan perceptions of organizational injustice conducive to noncompliance with procedures, or to malicious acts [3]. Managers should be trained to identify and raise concerns about an employee’s behavior with an appropriate person such as a senior manager, security manager, or liaison-resource advisor. Implementing a career-enhancement policy that trains all employees for higher positions in the organization will help create a pool of trained experts who can replace staff members found unreliable. 3. Adherence to Procedures—Personal Behavior (c) This characteristic implies compliance with the full range of preventive and protective measures recommended in the IAEA [4]. These measures include

8.2 Security Culture Applicability

121

administrative measures (procedures, instructions, and rules) along with technical measures (protection layers, material-accounting hardware) designed to prevent malicious acts from being carried out. Their objective is to detect, delay, and respond to threats while mitigating the consequences of acts carried out. An effective nuclear security culture motivates personnel to comply with securityrelated measures while avoiding shoddy performance in general. Management should oversee protective controls with sufficient vigor to facilitate the compliance critical to nuclear security. It should maintain and periodically evaluate them to ensure they remain effective. The organization should analyze compliance risks by considering the root causes of noncompliance and the severity of their consequences for nuclear security. 4. Training and Qualifications—Management Systems (e) This characteristic’s focus is to raise security awareness levels among personnel about insider threats and the consequences of malicious acts for everybody (the company, its staff, and other stakeholders in the security enterprise). However, behavior depends not only on knowledge (awareness), but to a larger extent on culture, visions, attitudes, and other socio-psychological phenomena. Awareness is just an intellectual step toward a culture that contributes to secure behavior. The purpose of this characteristic is to nourish an environment in which all employees are mindful of security policies and procedures, so that they can aid in detecting and reporting inappropriate behavior or acts. Security awarenessraising should also provide measures to reduce the possible consequences of blackmail, coercion, extortion, or other threats to employees and their families. Security awareness-raising programs should be developed in a coordinated manner with safety programs to establish effective and complementary safety and security cultures. It is important for management to ensure that security awareness of insider threats is fully integrated into the facility’s nuclear operational culture and its self-assessment cycle. 5. Vigilance—Personal Behavior (e) The success of measures to deal with insider threats depends on both vigilance and individual staff members’ observational skills. An appropriate questioning and reporting (feedback) attitude should be encouraged throughout the organization. To this end, personnel should be motivated and trained to observe behavior, recognize suspicious behavior, and properly handle those who exhibit threatening behavior. Reporting unusual activities or behavior should be everyone’s responsibility. Personnel should understand that the security and safety of their coworkers and themselves are at stake. Multiple layers of security will increase the probability of stopping an insider threat before a malicious act occurs. 6. Personal Accountability—Personnel Behavior (b) Accountability for one’s actions and a clear understanding of the consequences of misdeeds constitute a strong deterrent for insider threats. Violators are averse to being caught and are more likely to act when they believe they will not be discovered. Successful insider-threat programs have shown that establishing and promoting clear accountability for actions and setting expectations and boundaries for staff decrease the probability of an insider threat. It is important that

122

8 Nuclear Security Culture as a Tool to Address Insider Threat

potential inside malefactors be convinced that deliberate violations of laws and regulations will be discovered and will incur severe sanctions. Certainty that disciplinary action or prosecution will follow an infraction may deter insiders from committing malicious acts. In addition, requiring the organization’s senior management to inform government authorities of malicious acts, near-misses or attempts would provide feedback for other operators, and possibly prompt updates or enhancements to regulatory requirements. 7. Quality Assurance—Management Systems (j) Quality assurance is an element of a satisfactory nuclear security program. The quality-assurance policy and programs for nuclear security should ensure that a security system is designed, implemented, operated, inspected, and maintained in a condition that enables the staff to respond effectively to an inside adversary. Quality-assurance programs should also ensure that overseers of a nuclear security system document its performance adequately. This is particularly important when instituting corrective actions. Quality assurance should require that nuclear security systems be configured to ensure their continuity of operations and to help management understand the potential consequences when changes are made. 8. Information Security—Management Systems (g) Information security includes protecting the integrity, availability, authenticity, and confidentiality of sensitive information through physical, technical, and administrative controls. An acceptable use of computer-based systems policy may include approving the use of IT assets, apprising employees that their use of IT assets will be monitored, providing training, and explicitly explaining to employees which actions are forbidden on facility computing systems. Experience has demonstrated that most incidents involving computer security systems stem from human causes, namely unintended non-malicious or conscious malicious acts. Management instills computer-security culture through activities designed to instruct personnel while increasing computer-security awareness (e.g., posters, notices, management discussions, training, or tests). Management should review indicators of computer security culture periodically reviewed and work toward constant betterment to keep pace with the risk environment. 9. Management Oversight—Leadership Behavior (d) Management should put a communication system in place to keep personnel informed about current outsider and insider threats. Ongoing communication strategies may include bulletins, internet posts, and presentations to groups on a regular basis. Face-to-face discussions and reflection seminars are powerful communications methods because they are interactive. One objective of management oversight is to carry out surveillance measures to monitor personnel activities and ensure that unauthorized or suspicious activities are identified, reported, and assessed. Surveillance is useful for detecting or investigating cases where the amount of nuclear material taken to perform a duty differs from the amount reported, or when an individual fails to secure sensitive equipment. Personnel performing surveillance must be able to distinguish among authorized, suspicious, and unauthorized actions and have the means to report suspicious unauthorized activity rapidly and safely (Figs. 8.2, 8.3, 8.4).

8.2 Security Culture Applicability

123

Fig. 8.2 Samples of culture indicators for characteristics relevant to insider threat program (1)

Given the organization-wide scale of a self-assessment that concentrates on combating insider threats, the final-analysis stage may pose difficulties because of fundamental distinctions between quantitative and qualitative research. Quantitative data garnered from surveys and document reviews are mostly about “the numbers”, while qualitative data are “the words” collected through interviews, focus groups, or observations. Qualitative and quantitative methods represent two different research paradigms with little overlap and very limited capacity for conversion between specialists in the one and the other. The strength of the quantitative approach is that numerical data facilitate comparisons between groups while helping determine the extent to which respondents agree or disagree on this topic or that. The qualitative approach makes it possible to probe for underlying values, beliefs, and assumptions consistent with Edgar Schein’s principles of organizational culture. In these circumstances, it is useful to apply a mechanism for “triangulating”, broadly defined as combining methodologies to study some phenomenon, then trying to reconcile data when they diverge on a given subject. The rationale behind this approach is that quantitative and qualitative methods should be viewed as complementary, contributing to accurate, more comprehensive

124

8 Nuclear Security Culture as a Tool to Address Insider Threat

Fig. 8.3 Samples of culture indicators for characteristics relevant to insider threat program (2)

findings. Triangulation allows for mixing quantitative and qualitative methods to tap the strengths and weaknesses of each. For example, survey results (quantitative) make it possible to go beyond reasonable guesses based on qualitative methods, and thus contribute to greater confidence about generalizing one’s findings. Quantitative methods contribute to survey analysis by validating its results, interpreting statistical relationships, and clarifying certain controversies. Quantitative data become more meaningful when compared with content analysis provided by tools such as interviews and observations (qualitative data). Qualitative data, however, are often superior to quantitative data in density of information, clarity of meaning, and clear identification with individuals who play key roles in nuclear security. With the nine supplementary characteristics and their associated indicators as the primary focus, the self-assessment process helps unearth culture weaknesses in an organization before security breaches take place, and to remedy factors that could lead to insider threats. Dangers from within stem from gaps in practices for evaluating trustworthiness, inconsistent practices for dealing with organizational strains, inadequate adherence to prescribed preventive and protective measures, poorly managed

8.2 Security Culture Applicability

125

Fig. 8.4 Samples of culture indicators for characteristics relevant to insider threat program (3)

training for personal, the lack of a systemic approach to enforcing vigilance, and deficient accountability for the workforce. It is up to management to determine which characteristics and indicators to appraise and to determine the scale on which the assessment takes place. Findings from the assessment will help management calibrate its insider-threat program, develop a follow-up action plan and delegate responsibilities to address the threat. A major purpose of sharing the contents and conclusions from a self-assessment of insider threats is to foster a sense of ownership among the staff while riveting attention on weaknesses revealed through the assessment process. To this end, the final report and the follow-up action plan must emphasize how security from internal threats benefits individuals and groups, and thus helps the staff transcend the customary compliance-based understanding of security. Benefits include an efficient security regime that conforms to the organization’s needs, provides for better IT security, protects trade secrets, improves safety, reduces theft and diversions of nuclear materials, reduces the risk of vandalism or sabotage, improves mechanisms for control during emergencies, and reduces the need for cumbersome auditing procedures. The value of a self-assessment of this genre resides in its systemic and comprehensive nature. Properly conducted, it examines the problem of insider threats through

126

8 Nuclear Security Culture as a Tool to Address Insider Threat

the prism of the institution’s overall culture, of which security comprises a subset. Like any other evaluation method, this approach is far from perfect, but it is versatile, complements other methods, and compensates for their shortcomings. That commends it to management.

References 1. Moore C (2006) Anatomy of a £26.5 million heist. In: Sunday life 2. Bunn M, Sagan S (2016) Insider threat. Ithaca and London: Cornell University Press, p 24 3. Agnew R (2001) Building on the foundation of general strain theory: specifying the types of strain most likely to lead to crime and delinquency. J Res Crime Delinquency 38:319–361 4. International Atomic Energy Agency (2020) Preventive and protective measures against insider threats, Implementing Guide, IAEA Nuclear Security Series No.8G (Rev.1). IAEA, Vienna

Chapter 9

Application of Culture Methodology in Non-nuclear Domains

This chapter illustrates the applicability of the culture methodology and their elements in two very different domains. One part is about biorisk-management culture in the biomedical field, and the other about strategic-trade compliance culture in managing risks in domestic and foreign trade operations. The purpose is to demonstrate that an approach centered on the human factor could prove effective in many different fields. It is not unique to nuclear or radiological security. After tailoring it to an organization’s mission, profile, and operating environment, management can use it to evaluate and upgrade the culture—holding down the risks and dangers inherent in handling hazardous materials and other types and noncompliance.

9.1 Part I: Biomedical Domain: Biorisk-Management Culture Abstract Biorisk-management-culture is a subset of organizational culture that emphasizes responsible conduct in life sciences, biosafety, and biosecurity. It is further defined as a family of beliefs, attitudes, and patterns of behavior of individuals and organizations that supports, complements, or enhances operating procedures, rules, and practices. It also encompasses professional standards and ethics designed to prevent the loss, theft, misuse, or diversion of biological agents, related materials, technology, or equipment, as well as the unintentional or intentional exposure to—or release from biocontainment of—biological agents. Given the complexity of biosafety and biosecurity oversight systems, the need for evidence-based decision-making (e.g., on staffing, areas in need of improvement, or the choice of training programs), and the ability to detect behavioral changes associated with a particular intervention, it is important to periodically assess the strengths and weaknesses of biorisk-management culture. This chapter applies the experience in culture assessment and enhancement accumulated in the nuclear and radiological domains to biorisk management, paying due regard to © The Author(s), under exclusive license to Springer Nature Switzerland AG 2023 I. Khripunov, Human Factor in Nuclear Security, Advanced Sciences and Technologies for Security Applications, https://doi.org/10.1007/978-3-031-20278-0_9

127

128

9 Application of Culture Methodology in Non-nuclear Domains

this field’s special features. With appropriate modifications the model is applicable to a wide range of institutions, including biological research and public-health laboratories, diagnostic facilities, and bioproduction facilities. Biorisk-management culture and its systematic assessment are critical to understanding, among other things, the human factor, the strengths, and weaknesses of the biorisk-management framework, what could cause a system to break down, analysis of incidents, sources of human error, breaches of biosafety or biosecurity, and effectiveness of training.

9.1.1 Biorisk Management This is a process designed to assess and control risks associated with the handling, use, storage, and disposal of biological agents and toxins in laboratories and facilities. The objective of establishing standards for biorisk management is to: (1) introduce and maintain a biorisk-management system capable of limiting risk to acceptable levels for employees and the surrounding community as well as the environment; (2) guarantee that standards are in place and implemented consistently; (3) establish guidelines for biosafety and biosecurity training, awareness-raising, and promotion of best practices; (4) ensure that a third party certifies that the organization is complying with the biorisk-management system. The human factor is the underlying principle that integrates safety and security in the management process. Biorisk assessments are key to effective management and should be conducted periodically or when needed to cope with changing circumstances. For instance, management should initiate a risk assessment when work practices change, for instance by introducing new biological agents or altering the workflow or volume of work. Other factors may trigger risk assessments, including incidents or near-misses, modifications to standard operating procedures (SOPs), new safety and security risks reported by government agencies, modifications to national laws or regulations, or revisions to emergency or contingency requirements. Risk assessment lays the groundwork for developing biorisk-management policy, which should clearly state the institution’s overall priorities and its commitment to constantly improving the performance of personnel. Top priorities should include reducing the risk of unintentional or intentional release of, or exposure to, biological agents and toxins; compliance with all legal and regulatory requirements; personal accountability; and biorisk information-sharing with all stakeholders. Managing biorisk in a laboratory or facility relies on a hierarchy of tools, including biorisk awareness-raising for all personnel, eliminating risks (i.e., by inactivating biomaterials), substituting a substance entailing less risk for a hazardous substance (i.e., by using surrogate bioagents or attenuated strains), isolating risky materials (by instituting access restrictions, for instance), instituting safeguards through engineering (i.e., by installing biosafety cabinets) or administrative (supervision, training, or SOPs) controls, and using personnel protective equipment (PPE).

9.1 Part I: Biomedical Domain: Biorisk-Management Culture

129

Box 9.1.1: Biorisk Management and Human Fallibility In 2014, the US Centers for Disease Control and Prevention (CDC) closed two labs and halted some biological shipments in the wake of several incidents in which highly pathogenic substances were mishandled by federal laboratories. The cases included an accidental shipment of live anthrax; the discovery of forgotten live smallpox samples; and an incident in which a dangerous influenza strain was accidentally shipped from CDC to another lab. The investigation found multiple problems with operating procedures. Such mishandling of dangerous biological agents was attributed to inadequate compliance with prescribed laboratory guidelines, poor understanding of the laboratory procedures, and insufficient training of the laboratory personnel. It was a clear case of weak biorisk management culture which seriously jeopardized the lab personnel and its collaborators. People comprise the core of a biorisk-management culture program. Human fallibility (expressed for instance as human errors or intentional misuse of biological materials, equipment, and technology, or unprofessional attitudes toward biosafety and biosecurity) arguably constitutes the largest source of biosafety and biosecurity risks in laboratories and at other facilities working with biological agents and toxins. At the same time, effective biorisk-management culture could be the critical element of a strategy for mitigating risk. Therefore, an organizational culture that accentuates such human traits as professionalism and security awareness, personal accountability, compliance, mutual respect and cooperation, vigilance, and reporting is an important trigger for periodic assessments and effective policy implementation. One of the goals of the biorisk management approach is to develop a comprehensive laboratory biosafety and biosecurity culture, allowing biosafety and biosecurity to become part of the daily routine of a laboratory, improving the overall level of working conditions and pushing for expected good laboratory management.

9.1.2 Human Performance Human performance refers to actual behavior and the results of people’s actions, as opposed to an ideal or abstract view of what they are supposed to do. Actual results come from a complex combination of people’s risk perceptions, motives, and ability to perform their tasks, along with expectations set by leadership, the quality of work procedures, conditions at the site, and many others. When things go wrong, it is common for event reports to describe the gap between the expected outcome and what happened. By systematically evaluating the capabilities and limitations of personnel, human-performance management can appraise the prevailing organizational culture

130

9 Application of Culture Methodology in Non-nuclear Domains

and determine whether it contributes to the institution’s mission in a safe and secure way. Laboratory and biomedical facilities’ leadership is responsible for devising a management system (through policies, practice, and adequate resources) that ensures safe and secure handling, storage, and transport of biological materials (a biological risk-management system). However, most current policy and management efforts to ensure the effectiveness of biorisk-management programs focus more on compliance with rules, regulations, and implementation of training and education programs, and less on cultural factors. They pay little attention to improving people’s beliefs, attitudes, and motives to support biosafety and biosecurity, which depend in large part on the behavior of personnel handling biological agents and toxins. Despite the systematic and evidence-based approach developed in other domains, such as the nuclear and radiological sector, many institutions lack the tools to assess the culture among individuals and organizations that participate in biorisk management. A hospitable culture embodies a set of behaviors, attitudes, and policies that enable a person or organization to work in a safe and secure manner with biological agents and toxins. It also spurs individuals and organizations to respond appropriately and effectively to biological hazards. Bioethics are an important driving force in this process. These are the moral principles or values that governing research in the life sciences while setting limits on certain biological research procedures, technologies, or treatments because of their implications for society. An effective culture does include compliance with rules and regulations as a major characteristic, but it complements compliance by reinforcing the knowledge and skills acquired through biosafety, biosecurity, and bioethics training and work experience. Top leadership shapes the organization’s approach to compliance while applying core values and generally accepted governance, ethical, and community standards. Embedding compliance in employees’ behavior depends, above all, on leadership that sets clear values for an organization while implementing measures to promote compliant behavior. If the leadership of a laboratory or other biomedical facility does not make biosafety culture and biosecurity culture top priorities, then personnel within those organizations will find it difficult to monitor, adapt, and improve their behavior. They may not recognize their critical role in managing risk, or they may not feel inspired to provide critical feedback if they believe the leadership will not act upon that information. The concept of biorisk-management culture integrates both safety and security as well as bioethics and established norms of social responsibility. Reinforcing the norms of responsible conduct in the life sciences is critical to (1) counteracting the diversion of biological materials, equipment, or technology to harmful purposes, and (2) fostering the long-term wellness of the public, animals, plants, the environment, and the economy. Biorisk management culture can be defined as a family of beliefs, attitudes, and patterns of behavior on the part of individuals and organizations. A healthy culture supports, complements, or enhances operating procedures, rules, and practices as well as professional standards and ethics designed to prevent the loss, theft, misuse, or diversion of biological agents, related materials, technology,

9.1 Part I: Biomedical Domain: Biorisk-Management Culture

131

or equipment, and the unintentional or intentional exposure to—or release from biocontainment of—biological agents. Biorisk-management culture combines top-down with bottom-up approaches. Practices are introduced from the top while attitudes are pioneered from the bottom, setting in motion a cultural build-up process. Culture also plays a part in detecting, interpreting, and managing departures from norms and expectations. What differentiates one organization from another is the extent to which people agree on what is appropriate and how strongly they feel about the appropriateness of a particular attitude or behavior. Bioethics, research excellence, biosafety, and biosecurity represent the foundation of biorisk-management culture. Training in bioethics (again, defined as the moral principles or values that govern life-sciences research, factoring in the moral or societal implications of certain biological procedures, technologies, or treatments) provides the basis for building common values and beliefs within an organization. However, to be relevant to biorisk-management culture, training and education should address an array of issues, including ethical theories, ethical concerns embodied in the life sciences, emerging technologies, dual-use dilemmas, methods for ethical research, and research integrity. Training should also consider how bioethical dilemmas are molded by life-science professionals’ cultural values and beliefs about the concepts of biosafety, biosecurity, and responsible conduct. Additional topics for discussion could include differences between common morality and professional ethics and between applied ethics and professional ethics. Analyzing and providing examples of ethical decisionmaking frameworks (derived from decision theory, the precautionary principle, rights-based approaches, deontological ethics, or principle-based frameworks) will promote dialogue and raise awareness of approaches for weighing the ethical and societal implications of emerging technology. Also, awareness of and commitment to relevant codes of conduct (formal statements of values and professional practices for a group of individuals with a common focus) for occupations or academic fields pertaining to the life sciences define expectations while reminding scientists of their moral and ethical responsibilities of scientists. This is the equivalent of a Hippocratic oath to “do no harm”. Professional ethics plays a much more important role in biorisk-management culture than it does in other domains—including the nuclear field. Laboratory errors may incur significant costs in time, personnel effort, or patient outcomes, and may endanger the health security of individuals, communities, animals, plants, and the environment. A vigorous quality-management system does not guarantee an error-free organization, but it can ensure prompt detection of errors when they occur, while also contributing to a strong biorisk-management culture. Strengthening biorisk-management culture implies devoting training resources and consideration to management systems, leadership and personnel behavior, principles for guiding decisions and behavior, and beliefs and attitudes pertaining to biosafety, biosecurity, and responsible conduct. Performing assigned duties and responsibilities in a safe, secure, and responsible manner is key and must be emphasized during

132

9 Application of Culture Methodology in Non-nuclear Domains

culture assessments (which, in successful institutions, affirm that training is effective and that personnel are motivated to apply their knowledge, skills, and abilities to meet the standards of their profession).

9.1.3 Model of Biorisk-Management Culture A model of biorisk-management culture consists of (1) intangible beliefs and attitudes that impel human behavior; (2) principles that guide decisions and behavior; (3) observable behavior on the part of leadership (patterns of behavior and actions that foster or detract from biorisk-management culture); (4) observable management systems (processes, procedures, and programs that afford biorisk management its priority and have important impact on the organization’s functions); and (5) observable personnel behavior (a product of the leadership’s efforts and the operations of management systems) (Fig. 9.1). Beliefs and attitudes are the bedrock of biorisk-management culture and mold human behavior, including among individuals who regulate, manage, or operate biological facilities or activities and those who stand to be affected by such activities. Beneficial beliefs and attitudes hold that (a) biological agents and toxins represent a credible threat to international and national public health; (b) there is a real risk that insiders or outsiders will misuse biological materials; and (c) biosecurity is just as important as biosafety to biorisk management. Beliefs and attitudes can be reinforced in multiple ways: 1. Raise awareness of risks associated with working in a laboratory with biological materials (e.g., accidental exposure, infection, or release; intentional theft or misuse; or dangers to radiological, chemical, or physical safety), 2. Highlight potential ramifications for and impact on public health, animal health, or the environment should a hazardous event transpire. 3. Raise awareness and increase understanding of ethical, legal, and societal issues and consequences that accompany research, development, and technologies associated with the life sciences. 4. Raise awareness and place emphasis on the importance of quality systems and practices in laboratory biosafety and biosecurity training and research. 5. Review codes of ethics and social-responsibility guidelines governing research in the life sciences. 6. Review regulations, guidelines, policies and procedures, and training requirements applicable to biosafety, biosecurity, and dual-use research. An effective biorisk-management culture requires a set of principles that leaders can instill in the organization to guide policies, decision-making, management systems, and the behavior of people at all levels. Individuals should be familiar with these principles, and they should be applied clearly and consistently across the organization. The main principles include motivation, leadership, commitment, responsibility, professionalism, competence, and learning and improvement. They are all

9.1 Part I: Biomedical Domain: Biorisk-Management Culture

133

Fig. 9.1 Model of biorisk-management culture

equally important, but education and training are integral to the implementation of the other principles. Depending on the profile of the organization and its specific needs, these principles may include a variety of training modules comprising initial training, periodic training, ongoing programs, assessments, and quality assurance for training and trainers. Management systems ensure that biorisk-management requirements are integrated with other health, environmental, compliance, and economic requirements. The overall objective is to achieve a balanced, risk-based approach.

134

9 Application of Culture Methodology in Non-nuclear Domains

The model of biorisk-management culture profiled here has twenty-one characteristics in the management systems and behavior (both leadership and personnel) segments. If properly husbanded, they will foster effective biorisk management while bolstering the culture. Cultural indicators are assigned to each characteristic to explain its meaning and to furnish a tool for evaluating it. Moreover, these markers stimulate thought and continuous learning. In other words, cultural indicators are benchmarks which help evaluators take the culture’s measure, identify practical ways to improve it, and trace how it evolves. They constitute a framework for facilitating biorisk-management culture change and development, promoting desirable while discouraging undesirable cultural traits. Biorisk-management culture has several distinct features, meaning that leadership must adapt any organizational methodology drawn from another domain to focused on the biological sector’s inherent challenges and priorities. The model, for example, assigns “safety-security interface” as a key characteristic of the biological domain, while revised indicators reflect needs specific to this domain. Nevertheless, recognizing the commonality between domains where the human element plays a central role helps expand shared values, facilitate interdisciplinary collaboration, and promote sharing of experiences across disciplines. Features specific to the biomedical domain include: (a) multiple players whose roles often compete; (b) the diversity of agents and diseases, some pandemic or endemic to particular countries or regions; (c) vast differences in national public-health capacities to prevent, detect, and respond to biohazards; (d) the diversity of research and production facilities, from large pharmaceutical companies to small biotech firms; (e) the array of regulatory regimes geared to different sectors; and (f) challenges posed by neuroscience and biosynthesis. Accordingly, any review and evaluation methodology accounts for indicators specific to the field: • Managers of laboratories address the dual-use nature of the agents their facilities hold, and they take responsibility for adopting appropriate biorisk-management measures. • Managers and scientists directly responsible for VBM (valuable biological material) safekeeping assess the relative scientific importance of these materials, ascertaining whether they need to be maintained and, if so, protected and accounted for. • Laboratory biorisk-management activities tap input from scientific directors, principal investigators, biosafety officers, laboratory scientific staff, maintenance staff, administrators, information-technology staff, law-enforcement agencies, and security staff. • Control procedures track and document the inventory, use, transfer, and destruction of VBM. • Policy documents recognize that sound biosafety practices also reinforce security. • While handling dangerous pathogens and toxins, the organization ensures that all emergency-response personnel, including law enforcement, are alert to safety issues at the site and procedures to follow if a security incident occurs.

9.1 Part I: Biomedical Domain: Biorisk-Management Culture

135

• Research with biological agents and toxins involves not only addressing the scientific questions raised by researchers but also ensuring that they conduct the research in a safe manner and secure environment. • Procedures for the safe and secure transport of cultures, specimens, samples, and contaminated materials are in place. • Procedures define the roles, responsibilities, and authorities of laboratory personnel who handle, use, store, transfer, or transport VBM. • Systems and controls are in place to proscribe illegitimate or unethical research. • Internal transport security includes reasonable documentation, accountability, and control over VBM in transit between secured areas of the facility, as well as when taking delivery of these substances through the shipping and receiving processes. • Management has determined which PPE are needed, made them available, and seen to it that the staff uses and maintains protective equipment appropriately within the facility. • Documented procedures are in place to define, record, analyze, and learn from accidents and incidents involving biological agents and toxins. • Professional and bioethical eligibility and suitability for working with VBM are part of training for all personnel authorized access to sensitive materials. • The institution protects information about a particular VBM consistent with the degree of risk from seeing it compromised. • Comprehensive ethical reviews are carried out and documented before final decisions are reached on publishing information about bioagents or research. • Procedures are in place to identify and document all contaminated or potentially contaminated waste items, and to conduct decontamination and other measures needed to remedy an accident or incident. • Vaccines, other preventive measures, and treatments are available to minimize the consequences of accidental or intentional releases of biological materials. • Procedures are in place to reassure the public that the risks inherent to laboratory work are controlled through appropriate safety and security tools. • Scientists adhere to codes of conduct as a model for their professional behavior, and as a caution to refrain from unethical research. Life-sciences research and other biotechnology and biomedical endeavors are essential to develop new treatments and therapeutics, strengthen health research systems, and promote public, animal, and environmental health surveillance and response activities. Yet these activities are not without risk to the health security and wellness of people, animals, and the environment, if biological agents are misused or otherwise released from biocontainment, either accidentally or intentionally. Experience shows that focusing primarily on rules, regulations, and training and education programs without evaluating the baseline culture and charting progress toward improving it dooms efforts to manage biological risks and threats. While challenging, periodic assessments of biorisk-management culture will help the organization understand the efficiency and effectiveness of its biorisk-management framework, fathom the causes of a system breakdown, analysis accidents or incidents, trace breaches of biosafety or biosecurity to human error, and appraise the efficiency and

136

9 Application of Culture Methodology in Non-nuclear Domains

effectiveness of training. A strong biorisk-management culture is premised on the staff’s willingness to report concerns, respond to incidents, and communicate risks. It profits from identifying, collecting, analyzing, and disseminating lessons learned and best practices.

9.2 Part II: Policy and Management Practice: Compliance Culture in Strategic Trade Abstract Most strategic-trade violations and lapses—both intentional and unintentional—are due mainly to deficiencies in the human factor. In human-designed, -managed, andoperated systems, export-control violations and lapses are ultimately the result of malice, feeble motivation, human miscalculation, complacency, or simple mistakes on the part of the staff. Strategic-trade-compliance culture (STCC) is designed to integrate the human factor with export-control technologies, laws, rules, regulations, and procedures. As a subset of organizational culture, STCC can be measured, promoted, and changed. International Standards Organization (ISO) Standard 19,600 provides a benchmark for organizations to establish compliance-management systems to foster helpful cultural traits. Such traits include beliefs, attitudes, principles, management systems, and behavior that help achieve an effective compliance culture.

9.2.1 Establishing Compliance Management An effective, organization-wide management system enables an organization to demonstrate its commitment to compliance with relevant laws, including legislative requirements, industry codes, and organizational standards, as well as standards of good corporate governance, best practices, ethics, and community expectations. For this purpose, ISO Standard 19600 provides a benchmark that an organization can use to establish a compliance management system for fostering its compliance culture. Only human beings can comply with their obligations or shape an organization to attain its goals. In other words, human beings, as members of the organization, are the interface between the organization of which they are part and the society to which they belong. The human factor is key to compliance. Hence the management system is not only about policies, structures, and procedures but about instilling beliefs, perceptions, and attitudes conducive to a culture of compliance. ISO 19600 defines a compliance risk as the effect of uncertainty on the objective of compliance. Leadership can estimate risk by multiplying the probability of a breach of compliance obligations by the consequences of such a breach. As an example, the chief risks posed by weapons proliferation involve seeing hostile actors develop, acquire, manufacture, possess, transport, transfer, or use nuclear, chemical,

9.2 Part II: Policy and Management Practice: Compliance Culture …

137

or biological weapons or their means of delivery. If the organization neglects these risks, it inadvertently or willfully creates proliferation risks and could be charged with noncompliance. Indeed, proliferation risks constitute a special type of noncompliance risk. Its other consequences could include personal and environmental harm, economic loss, harm to the institution’s reputation, or administrative liability. In pointing this out, ISO 19600 sets a unique and universally applicable benchmark. Risk evaluation involves comparing the level of compliance risk found through analysis with the degree of compliance risk the organization is prepared to tolerate. This comparison helps the leadership set priorities for designing and implementing controls. Compliance risks should be reassessed periodically, or whenever there are: (a) new or changed activities, products, or services; (b) changes to the organization’s structure or strategy; (c) significant external changes such as to financialeconomic circumstances, market conditions, or geopolitical conditions; (d) changes to compliance obligations; or (e) cases of noncompliance. Ideally speaking, the leadership shapes the organization’s approach to compliance culture around core values and generally accepted governance, ethical, and community standards. Embedding compliance in the behavior of the people who work for the organization depends above all on leadership that sets the example, embodying clear values while implementing measures to promote compliant behavior. There is a risk of noncompliance if leadership fails in its duty at any level of the institution. Building a management system to promote compliance culture involves five steps. First, the leadership establishes and upholds the core values underlying strategictrade compliance while integrating compliance-management requirements into the organization’s business practices. Second, the leadership identifies compliance risks and obligations. Third, the leadership uses what it has learned about the operating environment to fashion a compliance policy. The policy explains overarching principles while committing the organization to strategic trade compliance. The compliance policy is not a stand-alone document; it is supported by other documents that outline operational policies, procedures, and processes. When developing a compliance policy, leadership must take account of special international, regional, or local obligations, the organization’s strategy, objectives, and values, and the nature and level of risk associated with noncompliance. Fourth, once the management system is in place, the leadership reforms the attitudes and behavior of management. And fifth, the leadership modifies the behavior and attitudes of subordinate personnel, who put the management system into practice.

Box 9.2.1: Internal Compliance Program It is critical for companies to build and support robust internal compliance programs. Frequently, governments will fine or investigate companies for export control violations when those violations are due to poor internal oversights and human error as opposed to malicious intent. An internal structure

138

9 Application of Culture Methodology in Non-nuclear Domains

of policies and procedures as well as designated personnel, sized appropriately for the company, can screen customers and review transactions to greatly reduce noncompliance risk. Companies already conduct internal assessments related to environmental, health, and safety regulations. Such internal assessments can be adopted and retooled to ensure compliance with security-relevant regulations like export controls. A robust internal compliance program will typically contain these core elements: (a) A statement of commitment by senior management (b) Processes for conducting risk assessments on customers and transactions (c) Designated personnel throughout the company for following processes and reviewing risk assessments (d) Robust recordkeeping processes and procedures (e) Relevant internal training of senior personnel and awareness training of all personnel (f) Continuous auditing of internal compliance processes Executing such an initiative consciously changes the culture. When values, goals, and perceptions are misaligned with the threat environment, organizations typically fall short of their goals, even if the leadership institutes wise new policies and procedures. In other words, major innovation must be accompanied by a carefully conceived and implemented change in people’s mindset. The more sweeping the change, the more dependent an institution is on dedicated and motivated personnel and their values. The role of management is to ensure that employees fully understand the policy and operational procedures and how to apply them to carry out their compliance obligations. For a compliance system to be effective, management must lead by example in vigorously adhering to compliance requirements. Many organizations have a dedicated unit (internal compliance program) or a dedicated person (compliance officer) responsible for overseeing compliance daily, while others maintain a cross-functional compliance committee to coordinate strategic trade compliance across the organization. A sample of culture indicators includes the following: • Staffers report compliance concerns, issues, and failures. • The staff understands the potential consequences of noncompliance. • The staff participates in training provided by the compliance-management program. • Workers notify co-workers when they are doing something that could adversely affect compliance. • Multilevel and multidisciplinary teams enlist in-house and external experts in strategic trade to solve compliance-related problems.

9.2 Part II: Policy and Management Practice: Compliance Culture …

139

• The workforce regards compliance enforcement a respectable and careerenhancing professional occupation worthy of qualified personnel. • Staff members consider the compliance-related aspects of their work valuable and important.

9.2.2 Strategic-Trade Compliance Model The model described here is designed to address two types of noncompliance behavior, namely intentional acts, and unintentional acts. In the former category, employees turn a blind eye to potential employment of dual-use items for non-civilian purposes by blowing their predominantly civilian use out of proportion. They downplay the problem. Another line of justification is that such items are freely available elsewhere in the world, and that it is just a matter of time before lawmakers adjust national legislation to conform to this reality. Through such reasoning, some individuals rationalize their actions while making peace with their professional conscience. In a time of economic crisis, managers may give risky transactions the green light to keep the business alive, and they may demand support from their colleagues. Other employees may believe that the export-control enforcement system has deficiencies and limitations and that the truth about a questionable transaction can be hidden behind technicalities. Unintentional acts may result from insufficient training and experience, tepid motivation, or poor accountability. Substandard analytical skills, ignorance of international and national legal frameworks, superficial review and verification of customers’ background information, and limited access to the interagency mechanism are just a few problems that could lead to export-control failures. This model has several features resembling those in the International Atomic Energy Agency model of nuclear security culture, discussed in previous chapters of this book. Leadership launches the reform initiative, supported by the management systems, and implants standards of behavior conducive to compliance. Beliefs and attitudes are drivers of culture and include the following (Fig. 9.2). Strategic trade compliance culture may be defined as the family of individual and group values, attitudes, perceptions, competencies, and patterns of behavior that determine the degree of commitment to controlling trade items, as well as the style and proficiency with which the institution manages compliance. An organization attains competence in the compliance realm in many ways, chiefly through education, training, and work experience. Management tailors a learning package to compliance obligations and risks, based on the assessed gaps in knowledge; incorporates it into annual training plans; and assesses its effectiveness and makes improvements for the future. Methods for collecting data to monitor and assess the compliance system’s efficacy depend on the organization’s size, scale, nature, and complexity. Such methods include ad hoc reports of noncompliance; information gleaned from hotlines; complaints or whistleblowing; sampling and integrity testing; perception surveys; direct observations; formal interviews; facility tours and inspections; and audits and reviews.

140

9 Application of Culture Methodology in Non-nuclear Domains

Fig. 9.2 Model for strategic-trade compliance culture

Unless otherwise directed by law, an organization chooses a format, content, and timing for its compliance reporting that fits its circumstances. A compliance report can cover changes in compliance obligations, their impact on the organization, and a proposed course of action to meet the new obligations; measurement of compliance performance, including noncompliance and efforts at continual improvement; the number and detail of possible noncompliance incidents, along with an analysis of them; information about the compliance-management system’s effectiveness, achievements, and trends; or results from audits and monitoring activities. Compliance culture thus constitutes opportunity for a successful and sustainable organization. Compliance is an outcome of an organization that meets its obligations,

9.2 Part II: Policy and Management Practice: Compliance Culture …

141

and compliance culture becomes sustainable once embedded in the overall organizational culture, and in turn in the behavior and attitudes of people who work for it. While compliance management must maintain its independent status, it should be integrated with the organization’s financial, risk, quality, environmental, and safety management processes and its operational requirements and procedures.

9.2.3 Samples of Compliance-Culture Indicators Developing a culture of compliance demands active, visible, consistent, and sustained commitment from the entire management team. The product of this commitment is a common standard of behavior that permeates every area of the organization. Samples of compliance-culture indicators include the following: • The organization identifies and evaluates compliance risks. • The organization identifies the causes for and consequences of noncompliance. • Management ensures that compliance policy and compliance objectives are established and are consistent with the organization’s strategic direction. • Management communicates its commitment to compliance in order to build awareness and motivate employees. • Management establishes and maintains accountability mechanisms, including timely reporting on compliance matters and noncompliance. • Commitment to compliance is communicated widely in clear statements supported by action. • Resources are allocated to establishing, developing, implementing, evaluating, and improving a robust compliance culture through awareness-raining activities and training. • Policies, procedures, and processes reflect not just legal requirements, but also voluntary codes and the organization’s core values. • The organization works constantly to improve its compliance performance. • The compliance policy explains how compliance is integrated with other functions, such as governance, risk, audit, and legal. • The compliance policy is communicated to all employees. • The compliance policy is supported by other documents, including operational policies, procedures, and processes. • Management leads by example in the realm of compliance. • Management has established compliance performance indicators while monitoring and measuring compliance performance. • Management actively undertakes and encourages mentoring and coaching employees to promote compliance behavior. • Employees fulfill compliance obligations relevant to their positions and duties. • Employees report compliance concerns, issues, and failures. • The organization determines the skills necessary for employees who do work that affects the performance of the compliance management system.

142

9 Application of Culture Methodology in Non-nuclear Domains

• The training program’s primary objective is to ensure that all employees are competent to perform their duties in keeping with the organization’s commitment to compliance. • Education and training for personnel are tailored to obligations and compliance risks. • Employees are enabled and encouraged to raise compliance concerns with the appropriate level of management. • Monitoring of compliance performance typically includes the status of compliance culture. Measurable indicators help the organization evaluate whether it is achieving its objectives and quantify its compliance performance. Measuring compliance performance and culture is challenging in some respects, but it is nevertheless vital to demonstrate that the compliance management system is effective. Indicators will vary with the organization’s maturity and the timing and extent of new or revised programs.

9.2.4 Assessment and Enhancement Compliance culture should undergo periodic assessment as a stand-alone component of the organization’s culture, or as integral part of the larger organizational culture. An evaluation plan sets out the process, schedule, and resources, along with the information to be collected. The focus falls on identifying strengths and weaknesses of the culture, including noncompliance and near-misses, instances when the institution failed to meet its compliance obligations, and the status of compliance culture, including instances of success and evidence that the staff is correcting compliance failures unearthed in the past. Information collection and use during a self-assessment proceeds through several methods and sources: • Ad hoc reports of noncompliance as problems transpire. • Information provided through hotlines, complaints, and other feedback, including whistleblowing. • Informal discussions, workshops, and focal groups. • Sampling and integrity testing. • Results of surveys. • Direct observations, formal interviews, facility tours, and inspections. • Audits and reviews. • Stakeholder queries, training requests, and post-training feedback. Once the information has been collected, it must be analyzed and critically assessed to identify root causes and appropriate actions to be taken. Analysis should focus on systemic and recurring problems for rectification or mitigation, as they are likely to entail significant compliance risks for the organization. Management

9.2 Part II: Policy and Management Practice: Compliance Culture …

143

chooses the format, content, and timing for its internal compliance reporting to fit its circumstances, unless otherwise directed by law. Compliance reports could include changes to compliance obligations, the impact of such changes on the organization, and a proposed course action to meet the new obligations; measurement of compliance performance, including noncompliance and courses of action meant to improve performance; the number and details of noncompliance incident and subsequent analysis of them, along with corrective actions undertaken; or results from audits and monitoring activities. An effective compliance-management system should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations on a confidential basis and without fear of retaliation. Organizations’ success and reputation in strategic trade depend in large part on whether they maintain a culture of integrity and compliance. Integrity and compliance constitute an opportunity to establish and maintain the status afforded a successful organization. An organization-wide compliance-management system demonstrates the leadership’s commitment to relevant laws and regulations, industry codes and standards, standards of good corporate governance, best practices, ethics, and public expectations. An organization’s approach to compliance is shaped by all layers of management, which is responsible for instilling beliefs and attitudes that underwrite an effective and sustainable compliance culture. By making compliance practices effective, durable, visible, and part of everyday routine, organizations stand to benefit when negotiating partnerships with domestic or foreign entities, leveraging their reputations globally, seeking to import high-tech equipment, participating in international projects in science and technology, trying to avoid sanctions for noncompliance, and recruiting talent. The upsides from effective strategic trade control are immense.

Conclusion: A Way Forward

The International Atomic Energy Agency (IAEA) defines nuclear security culture as “the assembly of characteristics, attitudes and behavior of individuals, organizations and institutions which serves as a means to support, enhance and sustain nuclear security” (IAEA NNS No. 7, p. 5 and IAEA NNS No. 20, p. 10). Culture is a supporting and enhancing tool. The role it plays can be deduced from the definition of nuclear security, which is “the prevention and detection of, and response to, theft, sabotage, unauthorized access, illegal transfer or other malicious acts involving nuclear material, other radioactive substances or their associated facilities”. Developed in the aftermath of the 9/11 terrorist acts, this concept of nuclear security is noteworthy in that it goes beyond physical protection, accounting, and control measures. Explicitly or implicitly, this cross-cutting concept covers a broad playing field, including inspecting cargo; tightening customs and border security; enforcing export controls and cooperating to identify and interdict shipments of weapons-related matériel; intercepting illicit trafficking in weapons-related items; and conducting personnel-reliability screening and training. Security culture applies across the entire workforce and constitutes a tool to address both unintentional and intentional breaches. Well-designed training programs, improved ergonomics, and efficient personnel recruitment policies deal with inadvertent breaches; malice animates deliberate breaches. Hostile actors may try to divert nuclear material or commit acts of sabotage. Insiders may make such attempts within the confines of the institution, or they could collude with outsiders. Security culture is a major tool to combat insider and outsider threats. Prevailing practices attest that a multitude of sources can contribute to the goal of an effective security culture: 1. National leaders and industry managers now act as role models. For example, over fifty national leaders took part in the series of Nuclear Security Summits convened after the turn of the century. 2. The IAEA has taken an active hand in training and methodology development, directly enhancing culture and sustainability. © The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG 2023 I. Khripunov, Human Factor in Nuclear Security, Advanced Sciences and Technologies for Security Applications, https://doi.org/10.1007/978-3-031-20278-0

145

146

Conclusion: A Way Forward

3. Flexible management systems now emphasize the role of the human element, consistent with risk and vulnerability assessments tailored to each facility. 4. Organizations now strive for continuous learning through initial training, periodic training, education programs, and quality assurance for training and trainers. 5. The IAEA now supports pilot projects on self-assessment in select countries as a learning and awareness-raising tool. 6. Staff routinely take part in national and international events relevant to nuclear security. 7. Syllabi and graduation requirements at higher-education institutions have come to emphasize nuclear security and culture. 8. Efforts are under way to find optimal ways to harmonize safety culture and security culture. An effective security culture can yield numerous benefits, encouraging the workforce to remain vigilant, question irregularities, execute its work diligently, and exhibit high standards of personal and collective accountability. Culture is certainly not a panacea, but it can contribute to a vibrant and robust security regime and is applicable to the entire workforce. It is also responsive to a threat milieu in which risks are too numerous to predict, even for the most farsighted leader. Other potential benefits include better IT security and protection of trade secrets; improved safety arrangement; reduced across-the-board theft and diversion of hazardous substances; reduced risks of vandalism and sabotage by employees and outsiders; improved mechanisms for personnel control and accounting under emergency conditions; and better relationships with local authorities and surrounding communities. In addition, an institutionalized security culture across a given sector, introduced in coordination with the government, may facilitate auditing and inspections when government officials verify compliance with security standards. In 2008, the IAEA published the Implementing Guide on nuclear security culture (IAEA NNS No. 7, 2008). The guide defines the concept and characteristics of nuclear security culture while describing the roles and responsibilities played by institutions and individuals entrusted with a function in the security regime. Since then, the IAEA has conducted over twenty-five international, regional, and national workshops to promote security culture and train nuclear-security personnel at all levels to apply the methodology. Two technical-guidance documents were released in 2017 and 2021, namely “SelfAssessment of Nuclear Security Culture in Facilities and Activities” and “Enhancement of Nuclear Security Culture in Facilities and Activities” (IAEA NNS No. 28-T and No. 38-T, respectively). The self-assessment methodology was successfully put to the test assessing security culture at Indonesia’s research reactors, Bulgaria’s nuclear power plant, Malaysia’s hospitals for radioactive sources, and Armenia’s nuclear power plant. Results were submitted to IAEA technical meetings and discussed at international conferences. Similarly, and of equal importance, was an IAEA initiative to launch a coordinated research project entitled “Development of Nuclear Security Culture Enhancement Solutions” (NSCES) (IO2007) to conduct

Conclusion: A Way Forward

147

analysis and research of approaches and methods, as well as develop additional practical tools to assess and enhance nuclear security culture. The project was designed to refine assessment and enhancement methodologies and integrate security culture into well-established societal values using the IAEA model as a template. Member states were invited to join one of the four working groups established under this project and delegate their experts to share their experiences and contribute to the groups’ activity. The Nuclear Security Summits in Washington (2010), Seoul (2012), the Hague (2014) and Washington (2016) significantly boosted the concept and practical application of nuclear security culture. The Hague Summit, for example, encouraged all relevant stakeholders to build and sustain a strong nuclear security culture to effectively combat nuclear terrorism and other criminal threats. The summit emphasized the need to develop a nuclear security culture, with a particular focus on the interface between safety and security. The Hague Summit communique listed nuclear security culture as one of three pillars of nuclear security—the other two being physical protection and materials accountancy (http://2009-2017.state.gov). The Washington Summit, held in March 2016 as the last in the series of nuclear security summits, adopted five action plans for five international organizations or initiatives that were to take over and further pursue the security agenda. Three of them (the IAEA, United Nations, and Global Partnership against the Spread of Weapons and Materials of Mass Destruction) were assigned roles in nuclear security culture. Under these plans, the IAEA strives to (1) enhance the practice of nuclear security culture, such that it is infused into all elements of national nuclear security regimes, and (2) increase assistance to states to help them foster nuclear security culture, including through published guidance and self-assessment and training materials. The Global Partnership aids and coordinates programs and activities aimed at nurturing nuclear security culture. The role played by the United Nations is less precise, as the Washington Summit took the opportunity to “advocate” that the world organization provide support for improving nuclear security culture (http://www.nss 2016.org). The 2022 Conference of the Parties to the Amendment to the Convention on the Physical Protection of Nuclear Material acknowledged in its Outcome Document that physical protection is linked or, in many cases, interconnected with other areas of nuclear security, such as, nuclear material accounting and control, information security and computer security, with the elements of confidentiality, integrity and availability of information, nuclear security culture and nuclear security measures for material out of regulatory control (IAEA Outcome Document ACPPNM/RC/2022/4, para. 25). The momentum toward nuclear security culture has now reached the point where a global roadmap—a comprehensive and coordinated strategy—is needed. Given the diversity of institutions and stakeholders involved, it is rational to identify three distinct tiers that interact with and complement one another, both vertically and horizontally: the global tier, the national tier, and the IAEA. Due to its unique expertise, the agency must play a leading role.

148

Conclusion: A Way Forward

Global Tier All states should consent to be bound by both the Convention on Physical Protection of Nuclear Material and its 2005 Amendment, which came into force in May 2016. It is paramount that the international community facilitate common or compatible approaches to integrating provisions of the amendment into national law, including its Fundamental Principle F (security culture). The IAEA must contribute to this process. According to Principle F, every organization involved in implementing physical protection should give due priority to security culture, to developing and maintaining it as necessary to ensure it takes root throughout in the entire organization (IAEA INFICIRC/274/Rev.1/Mod.1 (corrected), 18 October 2021). Now that the 2005 Amendment has come into force, the status of nuclear security culture was upgraded to the level of international law, on par with other major elements of physical protection. New member states accept the amendment upon ratifying the Convention on Physical Protection of Nuclear Material—further consolidating the status of security culture. Stakeholders must coordinate security-culture activities specified in the five action plans adopted at the Washington Nuclear Security Summit. The plans’ objective was to ensure political momentum, constantly strengthening nuclear security at the national, regional, and global levels. As indicated above, the summit recommended that the United Nations, IAEA, and Global Partnership take certain measures to promote nuclear security culture. Each of these institutions must recommit itself to and build upon the objectives set out in the Washington Summit action plans. Furthermore, new initiatives on nuclear security culture are needed to establish better channels between these organizations and initiatives to improve coordination and engage new stakeholders. Stakeholders must fashion a mechanism to apply the IAEA methodology for nuclear security culture to other domains, in particular chemical and biological, to achieve a common architecture for interdisciplinary security culture. Security culture exists in many areas beyond the nuclear domain. It exists anywhere as institutions try to safeguard sensitive materials, protect assets, and prevent acts of sabotage. However, efforts to reform security culture remain largely isolated from one another in the absence of sufficient horizontal communications. Security experts espouse similar ideas and concepts, but they need a platform to achieve cross-fertilization. UNSCR 1540 (2004) could acts as such a platform. The resolution’s power lies in its mandatory legal status for all UN members. Importantly, the focus must be on helping enlist UNSCR 1540 nongovernmental stakeholders, including the business community, academia, nongovernmental institutions, and the public. Culture is a crucial enabler and motivator where the force of law is lacking. In this spirit, the IAEA can make a significant step forward by reaching out to the UNSCR 1540 Committee and its Group of Experts.

Conclusion: A Way Forward

149

National Tier Global actors must lend their support to national regulators as they revise existing or draft new oversight documents to incorporate nuclear security culture. Security culture will significantly benefit from systematically applied regulatory oversight at all facilities and activities throughout their full lifetime, from commissioning to decommissioning. Regulatory oversight of security culture would complement compliance-based control, carried out through inspections of facilities and activities to verify licensees’ compliance with regulatory requirements. A major challenge is how to integrate regulatory bodies into the cultural enterprise as major stakeholders, assigning them appropriate legal authority with due regard for the intangible nature and multidisciplinary complexities of nuclear security culture. Among the likely benefits from more intimate regulatory oversight are (a) harmonizing good practices; (b) learning lessons from safety culture; (c) deepening the interface between safety and security culture; and (d) establishing channels for sharing information and experience among security stakeholders. University-based education and professional training programs should expand their focus on nuclear security culture. By incorporating nuclear security into university courses, governments can fill an important educational and training gap, and in so doing embed a culture of security from the early stages of future nuclear professionals’ careers. Developing courses on nuclear security is a challenging task, due in large part to its broad and intrinsically multidisciplinary nature. Academia must reach beyond the confines of traditional disciplines, cover unfamiliar topics, and employ innovative teaching and assessment methods. To explore these complex topics, frameworks and concepts must be drawn from both the hard and the soft sciences, tapping such fields as physics, engineering, information technology, applied security studies, management and behavioral studies, and psychology. The IAEA International Nuclear Security Education Network (INSEN) has provided substantive support for national educational institutions and must expand its outreach to socalled nuclear newcomers, countries currently at the conceptual or implementation stages of building national nuclear-power infrastructure. Global and national bodies must make nuclear security culture sustainable at nuclear and radiological facilities and institutions. An important measure of success for security-culture promotion is to make the culture sustainable. One way to achieve this goal is to integrate it into general societal values, complementing the facilitycentric IAEA approach. A two-tiered architecture would consist of the facility-based model at the micro-level, deriving its strength in part from industry perceptions and general societal values at the macro-level as a source of national policies in the nuclear sector. Input likely to emanate from the macro-level includes (a) the nature of compliance with relevant international legal instruments and participation in international programs; (b) weight placed on nuclear security by national leadership; (c) the consistency with which the government focuses on security and related issues; (d) criminalization and prosecution of crimes associated with nuclear material and the security of nuclear installations; (e) general public awareness of and involvement

150

Conclusion: A Way Forward

in security matters; and (f) a visible role for academia in promoting awareness of nuclear security and building the capacity to make it a reality. Ideally, combining these two echelons will help leadership harness the human component to generate more sustainable nuclear security. In addition, a durable security culture will depend on the efforts of individual countries to assimilate generic international standards into their national cultures, as well as integrate it into their prevailing organizational cultures. Such efforts will demand a multidisciplinary approach, involving non-technical as well as technical experts to represent all stakeholders. Leadership must treat the public as a major stakeholder in the security enterprise. The public should view nuclear security culture as a sign of professionalism, skill, and accountability on the part of all actors involved in protecting nuclear and radioactive materials, facilities that house and handle them, and conveyances used to transport them. Every group or organization in the nuclear field should work on raising public and media security awareness. To communicate effectively about securityculture issues, government officials and nuclear facility operators must understand and respect the public’s very real worries about radiological safety and security. Citizens understand and seem concerned that terrorists are intent on breaching the safety and security features built into nuclear installations. They typically question whether security systems are adequate and take an active interest in making security robust enough to keep safety features operational and reliable. Accordingly, a meaningful risk-communication strategy and regular interaction with the public are particularly important.

IAEA Tier The IAEA can play a pivotal role as a global coordinator and leader in efforts to enhance nuclear security culture. The agency can (a) provide member states with tools to promote and sustain nuclear security culture; (b) evaluate the state of nuclear security culture and track progress toward enhancing it; and (c) coordinate international agencies’ efforts at spurring cultural reform. To that end the IAEA must amass the human, organizational, and technical capacity to accomplish the following missions: • Further promote the IAEA self-assessment, enhancement, and other relevant methodologies among member states, and train nuclear personnel to use them. • Tailor the IAEA generic methodologies for nuclear security culture to specific facilities and activities, paying due heed to risk and vulnerability assessments relating to obtaining, storing, handling, transporting, and disposing of radioactive sources. • Promote synergies between security and safety culture to pave the way for coordinated action and harmonization between the two fields. • Collaborate with other organizations and initiatives to promote nuclear security culture.

Conclusion: A Way Forward

151

• Introduce or expand elements of nuclear security culture into ongoing programs like International Physical Protection Advisory Service (IPASS), International Nuclear Security Advisory Service (INSServ), Integrated Nuclear Security Support Plan (INSSP), Integrated Regulatory Review Service (IRRS), and into future programs that may come into being. • Engage with other international organizations and non-nuclear industries to share the IAEA’s experience and make nuclear security culture part of a comprehensive chemical, biological, radiological, and nuclear security culture using United Nations potential and its resolution UNSCR 1540 as a vehicle. • Develop outreach materials such as program brochures, posters, and a website on nuclear security culture. • Involve academia in in-depth research on topics related to security culture. • Support submission of technical and non-technical papers to appropriate journals and conferences. As nuclear security culture earns recognition as a tool in efforts to bolster nuclear security, it is imperative to introduce a comprehensive and coordinated strategy to accommodate emerging needs and facilitate its further progress on the global, national, and IAEA levels. Specific actions listed here do not represent, in any way, exhaustive lists. Rather, these are samples and illustrations of what needs to be accomplished over the long term. Charting a roadmap for nuclear security culture is daunting because intangible human characteristics like beliefs, attitudes and perceptions comprise culture, while measuring and improving cultural traits require a multidisciplinary and interpretive approach. Moreover, security culture is a multi-stakeholder endeavor, as well as a cross-cutting element for many areas of nuclear security. Still, those attempting to manage it can draw on rich experience with organizational culture and nuclear safety culture. Collaborating across institutional lines is a must to reap the benefits of nuclear materials while forestalling catastrophe. A renewed global effort to invigorate the human-factor-centered security culture is vital now that the world and the nuclear complex are navigating through a time of tumult fraught with pandemic uncertainties, economic malaise, and armed conflict in dangerous proximity to nuclear installations.

Appendix A

IAEA Security Culture Characteristics and Associated Indicators (As Listed in Appendix II of Technical Guidance 28-T Self-assessment of Nuclear Security Culture in Facilities and Activities)

Management Systems Staff performance is influenced by the quality of management and provision of expectations, requirements, and standards for the conduct of work, training, documented procedures, and information systems. A multidimensional management system is an essential feature of effective nuclear security culture. The management systems are continuously aligned with the security goals of the organization to integrate its elements, including safety, radiation and environmental protection, quality, human and organizational factors, and societal and economic elements so that security is not compromised. Management systems are applied to enhance security and foster a strong security culture by: • Bringing together all necessary elements for security management in the organization and its activities in a coherent manner. • Describing the arrangements made for management of the organization and its activities. • Describing the planned and systematic actions necessary to provide confidence that all requirements are met; and • Ensuring that security is included in the decision-making process and is not compromised by any other decisions. Below are seventeen security culture characteristics of the Management Systems in the IAEA’s Model with several sample of abbreviated indicators assigned to them: (a) Visible Security Policy A policy document is needed in an operator’s organization which states the commitment of the organization to nuclear security. This document should establish the

© The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG 2023 I. Khripunov, Human Factor in Nuclear Security, Advanced Sciences and Technologies for Security Applications, https://doi.org/10.1007/978-3-031-20278-0

153

154

Appendix A: IAEA Security Culture Characteristics and Associated Indicators (As …

highest expectations for decision making and conduct and should be supported by an atmosphere of professionalism in the security field. For security, there is the need to ensure that staff members understand that adherence to policy is expected of all personnel. These expectations include protecting information, being aware of potential security concerns and threats, and being vigilant in reporting security incidents. These general expectations can be established through a documented code of conduct.

Culture Indicators for Visible Security Policy

Achieving the goals of the culture indicators requires a careful selection of tools available to managers in each specific case and set of circumstances. As an illustration, the management may need to do the following regarding the cultural indicator: “Security function respected within the organization”: • Implement an awareness campaign to educate personnel on the importance of the role of security. Its key objective is to remind personnel about the potential consequences to personnel, their family, their facility/activity, their country, and the environment if material gets out of regulatory control. It also reminds personnel how one incident can threaten the stability of the entire nuclear industry. • Host meetings where information is shared with security personnel on the projects the facility/activity is pursuing so that they gain a better appreciation of personnel’s technical expertise. • Educate security personnel on the importance of establishing trust with other personnel by: (1) explaining why security processes are done in a certain way, (2) how security processes benefit personnel and the facility/activity, and (3) how failing to address security issues in a timely manner can create larger problems. • Create a more positive perception of security by interacting with other personnel on a regular basis (not only when there is an incident or problem) by: – Conducting walkthroughs of the facility to see what is going on and talking to

Appendix A: IAEA Security Culture Characteristics and Associated Indicators (As …

155

personnel about the importance of nuclear security and their role in protecting assets. – Hosting informal discussions of security policies, personnel’s security concerns, recent incidents occurring locally or internationally, etc. (b) Clear Roles and Responsibilities A significant part of establishing an effective nuclear security management structure is having clearly defined roles and responsibilities. Members of all organizations need a clear understanding of ‘who is responsible for what’ to achieve the desired results. It is particularly important to review and update the responsibility system when organizational change is being planned or executed.

Culture Indicators for Clear Roles and Responsibilities

Regarding these indicators, the management should focus on: how security responsibilities are assigned; the visibility of the overall responsibility of the managers in charge of security; what documents clearly identify security responsibilities; what procedures are in place to review documents which identify security responsibilities; to what extent staff members and contractors are able to enunciate their own responsibilities; and how contractors’ roles and responsibilities for security are defined in contractual documents, etc. (c) Performance Management Quantified measures of nuclear security performance, with associated goals, are essential in establishing management expectations and in involving staff to achieve desired results.

156

Appendix A: IAEA Security Culture Characteristics and Associated Indicators (As …

Culture Indicators for Performance Management

As an illustration, the management may need to do the following regarding the cultural indicator: “Action is taken when security performance does not fully match goals”: • Develop and implement a documented process on what action is to be taken when security performance goals are not met. This can include re-evaluating performance goals and preparing an action plan. • Record, investigate, and analyze security incidents to determine if there is a systemic problem. (d) Work Environment The physical and psychological work environment has a large impact on how staff members perform their tasks and comply with nuclear security requirements. In some instances, this has a direct impact while in others the impact is less direct. Job satisfaction and avoidance of job-related tension are imperative. A policy should be in place discussing perceived injustices among staff and contractors and should be vigorously monitored by management. Stress awareness training for managers is helpful as part of the overall learning process for the organization. These measures can be supported and enhanced by human factor specialists and psychologists.

Appendix A: IAEA Security Culture Characteristics and Associated Indicators (As …

157

Culture Indicators for Work Environment

As an illustration, the management may need to do the following regarding the culture indicator: “Work climate supports teamwork and sharing of knowledge”: • Establish teams and working groups to tackle special projects. Such projects could address how to improve a specific work process. The teams would write up their findings and present them to management. • Establish a mentoring program to give junior colleagues more visibility and exposure to different skills and knowledge. • Hold meetings of personnel from various departments to share current activities and exchange good practices and solutions. (e) Training and Qualification An effective nuclear security culture depends upon staff having the necessary knowledge and skills to perform their functions to the desired standards. Consequently, a systematic approach to training and qualifications is required for an effective nuclear security culture. It is important for senior staff to share their experience with new and junior staff members and contractors as well as disseminate knowledge about lessons learned from past events. There should be an integrated, coordinated effort between personnel training and qualifications programs and the plant procedure system. A decision as to the level of detail and structure of a particular procedure for a particular task should be based, at least, upon knowledge of the training objectives related to this task. Similarly, the training objectives for a particular task should be developed based on an understanding of the level of detail of the associated procedure. A comprehensive training program where all aspects of the procedures (actions, guidance, consequences, etc.) are discussed can result in a reduced amount of information required thereby reducing the level of effort needed to develop and maintain procedures.

158

Appendix A: IAEA Security Culture Characteristics and Associated Indicators (As …

Culture Indicators for Training and Qualification

As an illustration, the management may need to do the following regarding the culture indicator: “Training materials include good practices and lessons learned from security breaches”: • Share information with personnel on security breaches that can be researched and turned into case studies using non-sensitive information • Conduct independent searches for information on security breaches. • Work with partner organizations to share non-sensitive information on security breaches that can be used for case studies. • Work with security personnel on the presentation of lessons learned and good practices that can be applied to the case study. (f) Work Management Managers influence culture throughout their organization through their leadership and management practices. With sustained efforts, and by employing incentives and disincentives at their disposal, they establish patterns of behavior or even alter the physical environment. Senior management are in charge of initiating practices that comply with these objectives. Through their behavior, management demonstrate their commitment to nuclear security and, in doing so, play an important role in promoting security culture within the organization.

Appendix A: IAEA Security Culture Characteristics and Associated Indicators (As …

159

Culture Indicators for Work Management

As an illustration, the management may need to do the following regarding the culture indicator: “Work planning ensures that security is maintained”: • Introduce procedures that include compensatory measures that will be developed and implemented before any maintenance work that may compromise the security system is scheduled. • Introduce procedures that inform all appropriate personnel of what the impact of maintenance work will be on their normal duties. • Introduce administrative procedures such as the two-person rule to be implemented as necessary. • Conduct walkthroughs randomly during shift to personally observe the effectiveness of the nuclear security system. (g) Information Security Computers play an essential role in all aspects of the management system and the safe and secure operation of facilities and activities using, storing, and transporting nuclear and other radioactive material. All such computer systems need to be secured against malicious acts. The security of sensitive information and assets implies protecting the confidentiality, integrity, and availability of such information and assets. When computer-based systems are used to process, transmit, and store such information, adequate protection of its confidentiality, integrity, and availability cannot be achieved without the implementation of computer security measures throughout the life cycle of such digital assets.

160

Appendix A: IAEA Security Culture Characteristics and Associated Indicators (As …

Culture Indicators for Information Security

As an illustration, the management may need to do the following regarding the culture indicator: “Classification and control measures documented”: • Establish a training program for personnel who will handle sensitive material and distribute user-friendly documents so that personnel can easily reference how to handle, store, and identify sensitive information. • Identify points of contact or other sources that can provide guidance and answer questions on how to protect sensitive documents. (h) Operations and Maintenance A wide variety of security systems are used to achieve nuclear security objectives. These include, for example, accounting and control, physical protection, and computer management systems. Nuclear security system equipment will require ongoing operation, periodic maintenance, and occasional modification and replacement. In all cases, it is necessary to ensure that the intended function of the system is not compromised or, if systems must be removed from service, then compensatory measures are in place.

Culture Indicators for Operations and Maintenance

Appendix A: IAEA Security Culture Characteristics and Associated Indicators (As …

161

As an illustration, the management may need to do the following regarding the culture indicator: “Operation and maintenance use approved procedures”: • Establish a maintenance plan and fund the maintenance according to plan. • Establish operational procedures. • Include operational experience into maintenance plan and procedures (e.g. take into consideration historical operational life of each item). • Conduct performance tests to evaluate procedure implementation effectiveness and function of devices and equipment. (i) Determination of Staff Trustworthiness Any security barrier or procedure can be defeated with insiders acting alone or in collaboration with others. An effective process for the determination of trustworthiness and for the mitigation of insider threats must be in place. Determination of staff trustworthiness is designed to ensure that individuals who occupy positions affording access to nuclear and other radioactive material, facilities, and programs meet the highest standards of reliability as well as physical and mental suitability. This objective is accomplished through a system of continuous evaluation that identifies individuals whose judgement and reliability may be impaired by physical or mental/personality disorders, alcohol abuse, abuse of legal and illegal drugs or other substances, or any other condition that may be of security or safety concern.

Culture Indicators for the Determination of Staff Trustworthiness

As an illustration, the management may need to do the following regarding the culture indicator: “Screening matches risks, documented and periodic”: • Implement a trustworthiness program that complies with state-level guidance. • Use certified medical doctors, psychologists, and testing facilities that can confidentially test personnel for medical and psychological conditions which may adversely affect personnel performance.

162

Appendix A: IAEA Security Culture Characteristics and Associated Indicators (As …

• Conduct the personnel assessment process initially upon placement in the program, and then proceed on a continual basis as personnel’s behavior can change over time. • Secure records of all personnel included in the trustworthiness program, even after personnel are no longer in the program. (j) Quality Assurance The security function of an organization is important and requires the same degree of rigor, control, and assessment as any other major program area. Standard quality management practices should be applied. Documented evidence of the benefits of quality management initiatives can convince security personnel that quality service helps grow trust and support for the organization and the people in it. Implementation of the quality assurance program involves managers, performers of tasks, and those responsible for the verification and assessment of the effectiveness of the program. The management has the key responsibility to ensure that the program functions properly and to establish and cultivate principles that integrate quality assurance practices with daily work activities. The extent and type of quality verification need to reflect the security significance and nature of the individual tasks. Such verification methods include audits, checks, and examinations to ensure that each task has been satisfactorily performed or that any necessary actions have been taken.

Culture Indicators for Quality Assurance

As an illustration, the management may need to do the following regarding the culture indicator: “Quality assurance procedures are evaluated against good practices”: • Require evaluation against good practices on a routine basis. • Have relevant sources and documents to review available. • Make arrangements for personnel to attend national and international meetings regarding good practices.

Appendix A: IAEA Security Culture Characteristics and Associated Indicators (As …

163

(k) Change Management Many organizational problems and failures arise from the inadequate change of management. This is true of changes in equipment, procedures, organizational structures, and roles of personnel. The organization should have effective processes in place to understand, plan, implement, and reinforce change as it applies to the security function. Senior management should encourage the active and positive involvement of all staff in change management to achieve a common and clear direction. This requires that management effectively communicate with staff and timely intervene if things go wrong. Other stakeholders, too, need a clear understanding of intentions. Each change should have identified contingency plans to deal with problems. Should a particular change require the implementation of the contingency plan or if there is a need for another reconsideration at any step, it is recommended that a review of the activities carried out at earlier steps be made in order to learn from experience.

Culture Indicators for Change Management

As an illustration, the management may need to do the following regarding the culture indicator: “Change management process in place for the security function”: • Establish a change management process to check that changes to operations, security, or safety processes do not negatively impact the other. Appropriate representatives within the facility/activity should meet on a regular basis and discuss the potential impact of any changes. • Establish a procedure for evaluations to be conducted if implementing a change would require new or revised training. (l) Feedback Process An organization that can learn from its own experience will be able to continuously improve its nuclear security performance. In order to do this effectively, a mechanism must exist for obtaining, reviewing, and applying experience from internal and external sources. Such a mechanism will allow staff members and contractors

164

Appendix A: IAEA Security Culture Characteristics and Associated Indicators (As …

to identify errors in procedures and submit suggestions for revisions and provide reasons for change. This is especially true if difficulties were encountered when implementing the procedure. The process should be easily implemented in order to encourage constructive feedback. It should also ensure feedback is given to the person submitting comments as to what follow-up actions are being taken due to their submissions. Industry operating experience is a source of information which should be used to improve procedures.

Culture Indicators for Feedback Process

As an illustration, the management may need to do the following regarding the culture indicator: “Feedback is valued and encouraged”: • Establish a process for gathering feedback on a regular basis. • Evaluate feedback in a timely manner and respond, if feasible. • Announce, as appropriate, changes that will be made based on feedback and give credit to appropriate personnel. • Conduct walkthroughs and hold informal discussions to elicit feedback from personnel. (m) Contingency Plans and Drills The nuclear security system must be in a continuous state of readiness to handle security events at any time. An important element of the system is the set of contingency plans used to respond to attempted or successful malicious acts, or to address a security breach. Since a state’s response to security incidents often involve multiple agencies and organizations, effective contingency planning implies working closely with all agencies and organizations involved in a response. Contingency planning is also an interactive process and must constantly evolve and be updated to sustain its viability as an effective plan. Routine performance tests and evaluations provide lessons learned that should be used for the continuous improvement of contingency plans. A site’s emergency plan should complement the contingency plan and include measures to mitigate or minimize the consequences of radiological sabotage as well as human error, equipment failures, and natural disasters. The contingency plans should include the objectives, policy, and concept of operations for the response to

Appendix A: IAEA Security Culture Characteristics and Associated Indicators (As …

165

sabotage or attempted sabotage, and of the structure, authorities, and responsibilities for a systematic, coordinated, and effective response. The state should ensure that joint exercises of the contingency plans are regularly conducted to evaluate their effectiveness and to ensure that contingency plans form the basis of training programs by state agencies involved in the response to nuclear incidents. Contingency plans developed by the state and the operator should be regularly reviewed and updated based on changes in operations, changes to the threat assessment, the results of exercises and evaluations, and changes in organizations involved and activities that are necessary to prevent theft or sabotage and respond effectively to a nuclear incident. Preparedness is essential for an effective security incident response and involves engaging in a continuous cycle of contingency planning, organizing, training, equipping, exercising, evaluating, and taking corrective action to achieve and maintain readiness to respond to a security incident. Preparedness requires close cooperation between the operator, the competent authority, and other agencies involved in a response to a nuclear incident. Contingency planning is an aspect of preparedness, i.e., contingency plans are a part of a broader program of preparedness that includes concepts of planning, integration, coordination, communication, training, exercise, and evaluations.

Culture Indicators for Contingency Plans and Drills

As an illustration, the management may need to do the following regarding the culture indicator: “The human factor in security systems is evaluated periodically”: • Establish performance testing program of personnel and procedures. • Involve personnel in performance testing and develop recommendations on how to keep personnel alert and equipment operating most effectively. • Conduct walkthroughs randomly during each shift to observe how personnel are performing.

166

Appendix A: IAEA Security Culture Characteristics and Associated Indicators (As …

• Request input from personnel on how to keep themselves and equipment operating at their most effective levels. (n) Self-assessment There must be a system of self-assessment that includes a wide range of assessment programs, root cause analyses, culture indicators, lessons learned, and corrective tracking programs that can be used for nuclear security. The purpose of selfassessment in security culture is to provide a clear picture of the extent to which nuclear security is part of the organization’s culture. This involves evaluating the key characteristics of security culture in the organization by comparing certain indicators of the current culture with reference levels of those indicators that would correspond to an optimal security culture. Security culture self-assessment plays a key role in developing and maintaining an awareness of the strengths and weaknesses of the organization’s nuclear security culture. By focusing on perceptions, views, and behavior at all levels of the organization, regularly held self-assessments will help managers understand the reasons for an organization’s patterns of behavior in certain circumstances and to devise more effective security arrangements. Self-assessment needs conscious efforts to think in terms of how individuals and teams interact with one another, with the physical surroundings within the site, and with the external environment.

Self-Assessment Culture Indicators

As an illustration, the management will need to do the following regarding the cultural indicator: “Corrective action plans are developed and tracked”: • Establish procedures that require corrective action plans to be developed as an element of the facility self-assessment program. • Establish a database to record progress of implementation of the corrective action plans and identify personnel to track and report on progress on a regular basis. (o) Interface with Regulator (and Law Enforcement Bodies) Effective nuclear security often involves several regulatory and law enforcement bodies. A constructive working relationship with each regulatory or law enforcement body is important to ensure that information is exchanged regarding important

Appendix A: IAEA Security Culture Characteristics and Associated Indicators (As …

167

nuclear matters. The role of the regulator is to ensure that the licensee properly discharges its prime responsibility of security through the security management. For this purpose, the regulator should promote an effective security management system in the organization; verify that the organization operates its security management system as required; exchange information about security related events; require the organization to formulate and introduce actions to reinforce strengths and address weaknesses; and monitor the performance of the organization. This may involve not only the relationship between the regulatory body and the regulated organization but also, when necessary, law enforcement bodies.

Culture Indicators for Interface with Regulator

As an illustration, the management may need to do the following regarding the culture indicator: “Staff members view the regulatory role positively”: • Host a representative of the competent authority on a regular basis to speak at a meeting with all personnel on the competent authority’s responsibility and how it affects facility and its personnel (include a Q&A session). (p) Coordination with Off-Site Organizations Nuclear security at an organization has several important off-site stakeholders and understanding their priorities, perceptions, beliefs, and attitudes is central to effective on-site security and teamwork among all players. These stakeholders include organizations that provide intelligence, security skills training, medical assistance, mitigation, and other services. It is important to ensure that the organization operating a specific facility or performing other nuclear related activities has a culture compatible with those off-site players.

168

Appendix A: IAEA Security Culture Characteristics and Associated Indicators (As …

Culture Indicators for Coordination with Off-Site Organizations

As an illustration, the management may need to do the following regarding the culture indicator: “Off-site and on-site organizations regularly hold security exercises”: • Establish and implement security exercises on a regular basis for all personnel potentially involved in the response, including primary responders, secondary responders, response leaders, and support personnel. • Include requirements for post-exercise evaluation to identify any changes that should be made to procedures and memoranda of understanding which detail roles and responsibilities of each response organization. (q) Record Keeping As a primary component of the security regime, the record keeping management system conforms to the recommendations of recognized international standards. The records and relevant reports must be complete, accurate, and timely and provide sufficient information to resolve irregularities. An effective records system is updated each time an item of nuclear or radioactive material is received, transferred, relocated, processed, produced, shipped, or discarded. For nuclear security, the records system should provide the information needed to assist in identifying and quantifying in a timely manner the amount of any nuclear material missing or stolen.

Culture Indicators for Record Keeping

Appendix A: IAEA Security Culture Characteristics and Associated Indicators (As …

169

As an illustration, the management may need to do the following regarding the culture indicator: “Confidential records are protected”: • Establish a procedure that defines requirements on how to protect various levels of records, both hard copies and electronic files due to the sensitive nature of information in them. • Establish a procedure on how to exchange sensitive information with outside organizations. • Maintain records in secure format but allow authorized people to have access.

Leadership Behavior “Leadership” and “management” are often used interchangeably but they are two different concepts. Leadership is a set of processes that creates organizations in the first place or adapts them to significantly changing circumstances. Leadership defines what the future should look like, aligns personnel with that vision, and inspires them to make it happen despite all obstacles. Management is a set of processes that can keep a complicated system of people and technology running smoothly in pursuance of objectives established by leaders. The most important aspects of management include planning, budgeting, organizing, staffing, controlling, and problem solving. The key to an effective nuclear security culture is the active support and personal involvement of leadership. A lack of consistent efforts to institute nuclear security as a priority, both in policies and in practice, make it difficult for personnel to internalize the importance of nuclear security and their role in the process. Furthermore, the absence of significant incidents makes it challenging to motivate security personnel and persuade other staff members that threats are real and must be taken seriously in order to prevent real harm and reputational damage. Effective leaders ensure that personnel are motivated and that their role in enhancing nuclear security is valued. Maintaining and improving nuclear security requires frequent monitoring and regular communication with personnel at all levels to assess strengths and identify areas for improvement. During communication, leaders demonstrate a willingness to hear corrective feedback and act upon this information. Additionally, they reinforce culture through their own willingness to submit to all security procedures and monitoring, and not seek special treatment and exemption due to their status and power. They act as role models by setting an example for others. Further, effective leaders communicate organizational needs and challenges to state and regulatory authorities/agencies, facilitating transparency in their organization’s nuclear security culture efforts. Successful leaders allocate the necessary resources and support to the development of their organization’s nuclear security culture via the methods below:

170

Appendix A: IAEA Security Culture Characteristics and Associated Indicators (As …

(a) Expectations Leaders establish performance expectations for nuclear security to guide staff in carrying out their responsibilities. Such expectations may be annunciated in the organization’s documents, at general meetings, or during face-to-face communication/interviews with individual staff members or contractors. Leadership expectations paint a picture of where the organization would like to be in the future. Such expectations can be used to align the efforts and energies of all staff as overall aspirations of the entire organization. It is leadership’s responsibility to communicate such expectations, but it is essential that staff members have an opportunity to learn and understand the driving force for those expectations so that they are committed to achieving them as well.

Culture Indicators for Expectations

As an illustration, the management may need to do the following regarding the culture indicator: “Ensure resources are available to perform as expected”: • Review the budget for security and discuss with personnel implications of funding/not funding specific requests. • Conduct a cost–benefit analysis to ensure that risk level is adequately addressed. (b) Use of Authority Managers establish the responsibility and authority of each position within the nuclear security organization. Authoritative procedures should be clearly documented and understood by personnel. Many incidents and human errors can be prevented by ensuring clear and accurate procedures regarding responsibility and authority, and by management reinforcing that the procedures be used and followed. In poor security culture environments, some individuals are not fully aware of all requirements, responsibilities, and accountabilities of their job. This can arise either because the job descriptions were not properly prepared in the beginning, or because superiors did not properly brief individuals on their scope of work.

Appendix A: IAEA Security Culture Characteristics and Associated Indicators (As …

171

Culture Indicators for Use of Authority

As an illustration, the management may need to do the following regarding the culture indicator: “Management holds people accountable for their behavior”: • Address any behavior that can impact the effectiveness of the nuclear security system and discuss the incident with subordinates to determine the cause and immediately follow with the appropriate course of corrective action. • Regularly assess staff members’ contribution to nuclear security in their annual performance evaluation. • Apply punishment and sanctions, per incident, fairly and evenly. • Review relevant job descriptions and, if necessary, revise the responsibilities and the authority for relevant category of employees. (c) Decision-Making The decision-making process through an organization is an important part of nuclear security culture. Adherence to formal and inclusive decision-making processes demonstrate to staff the significance that management places on security decisions and the need to improve the quality of decisions. Preconceptions, presumptions, and narrow thinking are common weaknesses of decision-making. Lack of external information and questioning attitudes can contribute to ineffective decisions and actions.

172

Appendix A: IAEA Security Culture Characteristics and Associated Indicators (As …

Culture Indicators for Decision Making

As an illustration, the management may need to do the following regarding the culture indicator: “Solicit dissenting views to strengthen decisions”: • Engage personnel working with security issues daily, as they may have vital insight and valid ideas for improving a situation. Their input can result in innovative, less expensive, and more effective solutions. (d) Management Oversight An effective nuclear security culture depends upon the behavior of individuals; and such behavior, in turn, is strongly influenced by good supervisory skills. To supervise the development of an effective nuclear security culture, management can contribute, among other things by: being visibly interested in security; demonstrating a leadership style that has an appropriate balance between caring and controlling; ensuring that security is addressed in the strategic plans of their organizations; regularly reviewing the security policy of the organization to ensure its adequacy for current and anticipated circumstances; encouraging staff to have a questioning attitude on security issues; monitoring security trends to ensure that security objectives are being achieved; giving recognition to those who achieve security improvements, and not restricting their interest to situations where there is a security problem. Senior management ensures that their organization has a security management system that provides a structured systemic means of achieving and maintaining high standards of security performance.

Appendix A: IAEA Security Culture Characteristics and Associated Indicators (As …

173

Culture Indicators for Management Oversight

As an illustration, the management may need to do the following regarding the culture indicator: “Staff members are held accountable for adherence to procedures”: • Communicate expectations orally and in writing so that all personnel are aware of the need to adhere to policies and procedures. Any diversion from the policies and procedures are grounds for corrective actions and need to be documented in the personnel’s records and included in their performance evaluation. (e) Involvement of Staff Performance is improved when people can contribute their insights, ideas, and experiences to other staff members. Mechanisms should be in place to support this objective for nuclear security. Staff members’ involvement in and commitment to the security improvement process is likely to lead to a wider appreciation of issues involved in the nuclear security regime and have broader benefits in culture promotion. Leaders create an environment that encourages staff to work as a team while continuously seeking ways to improve by identifying actions that can enhance security in their own work areas. To this end, leaders should develop an aligned and engaged workforce who understands their role in meeting organizational goals and are willing to strive for and sustain excellence.

Culture Indicators for Involvement of Staff

174

Appendix A: IAEA Security Culture Characteristics and Associated Indicators (As …

As an illustration, management may need to do the following regarding the culture indicator: “Leaders involve staff, when possible, in risk assessment and decisionmaking processes”: • Establish a team of various nuclear security experts to conduct the facility/activity risk assessment and provide recommendations. • When making major decisions, hold brainstorming sessions with personnel to generate ideas and alternate solutions. During this brainstorming session, management should: • Concentrate on the one issue to resolve; • Entertain all ideas; and • Defer judgements until group has agreed on the best ideas. (f) Effective Communication An important part of an effective nuclear security culture is to encourage and maintain the flow of information throughout the organization. Communication is one of the key factors for effective and successful performance. Leaders use formal and informal methods of communication to convey the importance of nuclear security. The flow of information up the organizational chain is just as important as the flow of information down the organizational chain. Good communication brings about three essential advantages: it is a good defense against misunderstandings; it helps override hierarchical and departmental barriers; and it contributes to satisfactory working conditions, which improves the motivation of staff members on all levels. Good communication involves three elements: transmission, reception, and verification. Various methods can be valuable, from oral team briefing to dedicated written security communications, but there is little doubt that face-to-face communications have the greatest effect. It is important to check that messages have not only been sent but have also been received, understood, and being acted upon.

Culture Indicators for Effective Communication

Appendix A: IAEA Security Culture Characteristics and Associated Indicators (As …

175

As an illustration, the management may need to do the following regarding the culture indicator: “Management welcomes staff input, takes action or explains why no action was taken”: • Support personnel by providing recommendations and suggestions through: • The implementation of the personnel suggestion program; and • An open-door policy (management is willing to meet one-on-one with personnel to discuss important issues). • Establish a process to provide feedback to personnel regarding their recommendations and let them know how and if they were addressed. (g) Improved Performance To avoid complacency, an organization should strive to continuously improve nuclear security performance. Leaders establish processes and show—by personal example and direction—that they expect staff to look for ways to learn and improve. A learning organization can tap into the ideas, energy, and concerns of those at all levels in the organization. Enhancements in security are sustained by ensuring that the benefits obtained from improvements are widely recognized by individuals and teams and this, in turn, leads to an even greater commitment and identification with the process of improving security culture. Ideally, all staff members are involved in proactively contributing ideas for improvement and are encouraged to become aware of what world class performance means in their jobs. They contribute not because they are told to do so, but because they want to do so. Hence, staff need to be given the opportunity to compare how they do things with how others do, so that they are aware of what constitutes as excellence in their field of work. Leaders should provide mechanisms to enable experience and ideas to be transferred within the organization.

Culture Indicators for Improved Performance

176

Appendix A: IAEA Security Culture Characteristics and Associated Indicators (As …

As an illustration, management may need to do the following regarding the culture indicator: “The cause of security events and adverse trends are identified and corrected”: • Support the implementation of an incident analysis system, which tracks root causes and identifies trends. • Oversee the development of any corrective action plan and track its progress. • Review information from security events and distribute lessons learned to personnel so that security incidents can be minimized in the future. (h) Motivation The satisfactory behavior of individuals depends upon motivation and attitudes. Both personal and group motivational systems are important in improving the effectiveness of nuclear security. Peer pressure is universally recognized as one of the most powerful factors that influence an organization’s culture. Recognition can be given through the organization’s news channels and by asking teams to present the success of their projects at the organization’s meetings and functions. Money, rewards, and other physical gifts are appreciated; however, they should not be overused because they often do not have the same impact as peer and organizational recognition. The selection of appropriate types of motivation should consider both national and organizational culture. What may be seen as an attractive reward in one culture may be seen as trivial or inappropriate elsewhere. Individuals should be treated and recognized in a manner that makes them feel personally comfortable and genuinely appreciated.

Culture Indicators for Motivation

As an illustration, the management may need to do the following regarding the culture indicator: “Staff are aware of a system of rewards and sanctions”: • Establish procedures documenting a system of rewards and sanctions relating to nuclear security.

Appendix A: IAEA Security Culture Characteristics and Associated Indicators (As …

177

• Familiarize personnel with the system of rewards and sanctions. • Disseminate documents detailing a system of rewards and sanctions to all staff. • Maintain a description of the rewards and sanctions system so that it is easily accessible to personnel (e.g., posted on facility/activity internet site). • Apply systems of rewards and sanctions evenly to all personnel.

Personnel Behavior Personnel performance depends on both personnel having the individual competencies for effective performance and on having appropriate organizational factors to support personnel in carrying out their clearly designated assignments. In other words, a perfect training system that provides all the needed competencies will not necessarily result in the human performance required by the security regime unless organizational conditions are in place, which reward needed behavior. Competence is the ability of personnel to apply skills, knowledge, and attitudes in order to perform an activity or a job to specified standards in an effective and efficient manner. Personnel behavior applied to foster security culture comprise of five characteristics: professionalism, personal accountability, adherence to procedures, teamwork/cooperation, and vigilance. These characteristics may be developed through education, experience, and formal training. For specific security related functions, several criteria may need to be satisfied and competence should be acquired by a combination of the above-mentioned methods. The training needs required for duties important to security should be considered a priority, while relevant procedures, references, resources, tools, equipment, and standards should be used in the training process to ensure that errors, omissions, and poor practices are not considered acceptable. For these critical duties, the training environment should be as realistic as possible to promote positive actions carried over from the training environment to the actual job environment. (a) Professional Conduct All organizations involved with nuclear security need their personnel to adhere to high standards of professionalism. It will help the individual to understand his or her role in the organization, the most effective ways to carry out their role, and why their actions should be done in a proper manner.

178

Appendix A: IAEA Security Culture Characteristics and Associated Indicators (As …

Culture Indicators for Professional Conduct

As an illustration, the management may need to do the following regarding the culture indicator: “Security is considered a respectable and career enhancing profession for qualified personnel”: • Work with human resource and training department personnel to establish career paths for nuclear security positions. • Disseminate career path options to personnel in nuclear security positions. • Encourage those personnel to take steps (e.g., training) to enhance their professional qualities, abilities, and knowledge and mentor them on how to improve their nuclear security career. (b) Personal Accountability Accountable behavior means that all personnel know their assigned tasks related to nuclear security (i.e., what they have to accomplish, by when, and what results should be achieved), and they either execute these tasks as expected, or report their inability to do so to their supervisor. Personnel understand their personal responsibility to foster a professional environment, support teamwork, identify challenges to nuclear security, and take ownership for the preparation and execution of assigned work activities.

Culture Indicators for Personal Accountability

Appendix A: IAEA Security Culture Characteristics and Associated Indicators (As …

179

As an illustration, the management may need to do the following regarding the culture indicator: “Personal accountability is clearly defined in appropriate policies and procedures”: • Work with management and human resource personnel to include “personal accountability for nuclear security” in job descriptions. (c) Adherence to Procedure Procedures represent cumulative knowledge and experience. It is important that they are followed to avoid repeating errors that have already been identified and corrected. It is also important that procedures are clear, up to date, readily available, and userfriendly to prevent personnel from departing away from the approved methods. There is a great difference between having excellent procedures on paper and having procedures that are understood and applied consistently. They should identify and address the main risks to those who use them. In particular, the rules and procedures reinforced by training need to be clearly emphasized to the workforce regarding requirements, since only then will the procedures pass the test of relevance. If procedures are not valued, then shortcuts or “work-around” actions will be practiced. This could led to further degradation of security standards, since working around an important requirement will quickly lead to a culture in which even more important security procedures are no longer viewed as vital and fundamental.

Culture Indicators for Adherence to Procedures

As an illustration, the management may need to do the following regarding the culture indicator: “Staff members understand the potential consequences of noncompliance with established procedures”: • Explain to personnel the consequences of noncompliance. • Establish procedures documenting a system of rewards and sanctions related to compliance/noncompliance. • Disseminate documents detailing a system of rewards and sanctions to all personnel.

180

Appendix A: IAEA Security Culture Characteristics and Associated Indicators (As …

• Make relevant procedures available to all personnel. • Train personnel on efficient ways to comply with procedures. • Encourage personnel to self-report. (d) Teamwork and Cooperation An effective nuclear security culture can best be formed in an organization where there is extensive interpersonal interaction and where relationships are generally positive and professional. It is an environment in which individuals and work groups communicate and coordinate their activities within and across organizational boundaries to ensure nuclear security is maintained. Individuals work as a team to provide peer-checks, verify training, ensure detailed security practices, actively peer-coach new personnel, and share information and experiences. Teamwork can build a climate of confidence between the team members, implement methods to work as a team (as in a multifunctional team), deal with conflict management, and encourage experience feedback to enhance performance.

Culture Indicators for Teamwork and Cooperation

As an illustration, the management may need to do the following regarding the culture indicator: “Teamwork is encouraged at all levels and across boundaries”: • Encourage personnel to serve as team members. • Select team members with the right skills and qualities from different departments. • Support the interaction between different disciplines and departments to stimulate learning within the facility. • To generate ideas and alternate solutions, hold brainstorming sessions with personnel. (e) Vigilance Security depends on the vigilance and observational skills of staff. Prompt identification of potential vulnerabilities permits proactive corrective actions. In organizations with effective security culture, incidents and near misses are lessons, which can be used to avoid more serious events. Organizations should promote a vigorous drive to

Appendix A: IAEA Security Culture Characteristics and Associated Indicators (As …

181

ensure that all events, which have the potential to be inconsistent with the security regime, are identified and reported for further action and investigation to discover the root causes of potential discourse. Accordingly, timely feedback is given on the findings and is followed by remedial action. To this end, all staff members and contractors need to be encouraged to report even minor concerns. If staff members are to report near misses, they must believe that these reports are valued and that they and their colleagues will not be penalized or disciplined because of coming forward. In a good reporting culture, it is understood that failure to report any issue may adversely affect security and is highly unacceptable. A good reporting culture should be regarded by staff as just and will be built on an atmosphere of trust.

Culture Indicators for Vigilance

As an illustration, the management may need to do the following regarding the culture indicator: “Staff are aware of potential insider threat and its consequences”: • Work with training department personnel to incorporate information about insider threat into existing facility/activity training programs. • Implement an awareness campaign within the facility to stress that a credible threat does exist via formal and informal discussions, poster campaigns, presentations, training sessions, videos, discussions of actual case studies, etc.

Appendix B

A Methodology for Evaluating the Implementation of Human-Reliability Programs

Introduction This appendix describes a methodology for evaluating human-reliability programs (HRPs) at nuclear facilities and organizations. It takes a systemic approach to collecting, analyzing, and using data to answer questions about a program’s implementation, its outcomes, and possible ways to improve it to meet identified objectives while correcting deficiencies. It consolidates the implementation of nuclear safety and security in response to the rapidly changing and diversifying risk environment. The proposed methodology is based on International Standards ISO 55001 and ISO 55002 and is primarily intended for use by those involved in the establishment, implementation, maintenance, evaluation, and improvement of an asset-management system. Since HRPs are part of organizational culture, the approach put forth by the ISO was adjusted to accommodate a larger role for the human factor and the IAEA methodology discussed in this book. Accordingly, practices and behavior required to optimize human performance include, among other things: (a) unease toward the human tendency to err; (b) the will to communicate problems and participate in opportunities to improve; (c) enhancement of vigilant situational awareness; (d) embrace of the value of teamwork; (e) acceptance of the principle of personal accountability; (f) rejection of complacency; (g) continuous focus on potential insider threats; and (h) stewardship of the wellness and health status of personnel. The evaluation process and follow-up improvement efforts focus on the operations of eight key management categories that contribute to the relevant elements of human reliability, both under normal circumstances and in emergency situations. These categories are defined as: context of the organization, leadership, policy, planning competence, operations, performance evaluation, and improvement. The tools to be used to judge each category comprise questionnaires (surveys), checklists, interviews, document reviews, focus-group discussions, and case studies.

© The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG 2023 I. Khripunov, Human Factor in Nuclear Security, Advanced Sciences and Technologies for Security Applications, https://doi.org/10.1007/978-3-031-20278-0

183

184

Appendix B: A Methodology for Evaluating the Implementation …

HRP evaluation is a systemic method for collecting, analyzing, and using information to answer questions about the program’s implementation or outcomes. It involves reflecting on the following questions: • • • • • • • •

What needs to be evaluated? What is the purpose of the evaluation? Who will use this evaluation, and how? What questions is this evaluation seeking to answer? What information is needed to answer the questions? When is the evaluation needed? What resources are available to conduct the evaluation? How can data be collected? Are questionnaires, interviews, focus-group discussions, document reviews, or observations the best instruments? • How will the data be analyzed? • What is the timeline for carrying out the evaluation?

Methods for Collecting Data Ideally, evaluators use a combination of methods. For example, a questionnaire can quickly collect a great deal of information from a lot of people. Then evaluations can follow up with interviews to elicit more information from certain respondents to the questionnaire. Case studies could be drafted to supply in-depth analysis of notable cases from which important lessons can be learned. Below is an overview of the methods for collecting information, from which evaluators can select depending on their skills and the available timeframe. Some methods of evaluation are interactive, notably interviews and focus groups, while others are non-interactive, including questionnaires, surveys, document reviews, and observations.

HRP Evaluation and Indicators Indicators recommended for this methodology assist in evaluating an HRP and identifying practical ways to improve it. As tools to measure the extent to which the HRP implementation is consistent with relevant procedures and standards, they constitute a framework to facilitate changes and improvements for even a successful program. In other words, a thorough review of these indicators will help managers reflect on the state of the HRP in their organization, detect deficiencies and gaps, and take any corrective measures necessary. In fact, the main purpose of using indicators as a best practice is to stimulate thought and learning, rather than to prescribe specific actions. If a full-scope evaluation is warranted, both interactive and non-interactive methods should be employed. The indicators are grouped into management categories, which constitute the driving engine for HRP. Selected samples are profiled here to illustrate

Appendix B: A Methodology for Evaluating the Implementation … Table A.1 Overview of methods to collect data Method Overall, Purpose Advantages

Questionnaires, To quickly and/or easily surveys, get lots of information checklists from people in a nonthreatening way

Complete anonymously Inexpensive to administrate Easy to compare and analyze Administer to many people

185

Challenges Might not get careful feedback Wording can be biased Do not get full story

Can get lots of data Many sample questionnaires already exist Interviews

To fully understand someone’s impressions or experiences, or learn more about their answers to questionnaires

Get full range and depth of information

Can be time consuming

Develops personal relationship

Can be hard to analyze and compare

Can be flexible

Can be costly Interview can bias responses May need to be trained on effective interviewing Document Reviews

To get an understanding of how a program operates without interrupting the program. (Can be gathered from review of procedures,

Get comprehensive and historical information

Time consuming

(continued)

186

Appendix B: A Methodology for Evaluating the Implementation …

Table A.1 (continued)

memos, minutes, finances, etc.)

No interruption in program or program routine

Risk of incomplete information

Information already exists

Need to be clear about what is being looked for

Few biases about information

Not flexible means to acquire data: data is restricted to what already exists Observation

To gather accurate information about how a program operates— particularly about processes

View operations of a program as they are occurring Can adapt to events as they occur

Can be difficult to interpret observed behaviors Can be complex to categorize observations Can influence behaviors Can be expensive

Focus Groups

Explore a topic in-depth through group discussion, e.g., about reactions to an experience or suggestion

Acquire quick and reliable common expressions

Can be hard to analyze responses

Can be an efficient way to acquire range and depth of information in a short time

Need a good facilitator

Can convey key information

Difficult to schedule 68 people together

(continued)

Appendix B: A Methodology for Evaluating the Implementation …

187

Table A.1 (continued)

Case Studies

To fully understand or depict people’s experiences in a program and conduct comprehensive examinations through cross comparison of cases

Fully depict people’s experiences in program input, process, and results Powerful means to portray program to outsiders

Time consuming to collect, organize, and describe Represents depth of information, rather than breadth

the content of each management category. Below are sample indicators associated with each management category: 1. Context of the Organization 1.1 The organization identifies external and internal risks that are relevant to nuclear security and affect the content of its HRP. 1.2 The organization identifies the stakeholders that are relevant to its HRP. 1.3 The organization determines the requirements and expectations for these stakeholders with respect to the HRP. 1.4 The organization understands the requirements for information regarding the HRP and for reporting it both internally and externally. 1.5 The organization establishes, implements, maintains, and continuously improves its HR system in accordance with national and industry standards. 1.6 Personnel understand and support the rationale of the HRP and its objectives. 2. Leadership 2.1 Top management demonstrates leadership and commitment with respect to the HRP. 2.2 Top management ensures that the HRP’s objectives are clearly spelled out and compatible with the organization’s objectives. 2.3 Top management ensures that resources for the HRP are available. 2.4 Top management communicates the importance of the HRP and of conforming to its requirements. 2.5 Top management directs, supports, and encourages personnel to contribute to the effectiveness of the HRP system. 2.6 Top management ensures that the approach used for managing risks in the HRP aligns with the organization’s approach to managing risk. 2.7 Top management reviews and approves the HRP’s plans and documents to ensure that they conform to national law and regulations. 2.8 Managers are trained to evaluate the behavior and performance of their employees to identify security and safety concerns.

188

Appendix B: A Methodology for Evaluating the Implementation …

3. Policy 3.1 An HRP policy is established which is appropriate to the purpose and the structure of the organization. 3.2 The HRP policy is made available in documentary form and communicated throughout the organization. 3.3 The HRP policy is periodically reviewed and updated when necessary. 3.4 Responsibilities and authorities for relevant roles are assigned and communicated throughout the organization. 3.5 An initial evaluation is carried out under the HRP policy to set eligibility standards for sensitive posts (access to sensitive materials, information, or areas). 3.6 Employees accepted into sensitive positions are put under continuous evaluation. 4. Planning 4.1 When planning an HRP system, the organization determines risks and opportunities that must be addressed for the HR system to achieve its intended outcome. 4.2 The organization plans actions to mitigate risks and take advantage of opportunities, considering how risks and opportunities can change over time. 4.3 When establishing objectives for the HRP, the organization considers the requirements set by relevant stakeholders, as well as technical, legal, regulatory, and organizational requirements. 4.4 The organization integrates planning to achieve the HRP’s objectives with other planning activities, especially regarding finance, human resources, and other support functions. 4.5 When planning how to achieve the HRP’s objectives, the organization determines and documents how results will be evaluated and how long the review period will last. 5. Competence 5.1 The organization determines the necessary credentials of persons who perform work that affects its HRP performance. 5.2 The organization ensures that these persons are competent based on education, training or experience. 5.3 Persons who could have an impact on the achievement of the HRP’s objectives are made aware of the repercussions of not conforming to the program’s requirements. 5.4 The organization determines the need for internal and external communications relevant to HRP performance. 5.5 The institution controls information required by the HRP to adequately protect it (e.g., from loss of confidentiality and improper use).

Appendix B: A Methodology for Evaluating the Implementation …

189

5.6 Relevant personnel are trained to identify unusual behavior, the causes of such behavior, and ways to distinguish acceptable from unacceptable forms of unusual behavior. 5.7 HRP-certified employees complete both initial and annual training. 6. Operation 6.1 The organization plans, implements, and controls the processes to meet the HRP’s requirements. 6.2 The organization establishes criteria for processes needed to meet the HRP’s objectives. 6.3 Risks associated with any planned change that could have an impact on achieving the HRP’s objectives are assessed before implementing the change. 6.4 When the organization outsources any activity that could have an impact on achieving the HRP’s objectives, it assesses the associated risks and ensures that outsourced processes and activities are controlled. 6.5 The organization determines the processes and activities to be outsourced. 7. Performance Evaluation 7.1 The organization determines what needs to be monitored and measured. 7.2 The initial evaluation includes, as appropriate and relevant, background checks, initial drug tests, arrest checks, credit checks, education verification, work-history verification, and security orientation. 7.3 The organization determines the methods for monitoring, measuring, analyzing, and evaluating, as applicable, to ensure valid results. 7.4 The organization conducts internal audits at planned intervals to provide information to help determine whether the HRP has been effectively implemented and maintained. 7.5 Top management reviews the organization’s HRP at planned intervals to ensure it is sustainable, adequate, and effective. 8. Improvement 8.1 When trouble occurs while implementing the HRP, the organization takes action to correct it and deal with its consequences. 8.2 Processes are in place to proactively identify potential failures in HRP implementation and evaluate the need for preventive action. 8.3 The organization strives constantly to improve the suitability, adequacy, and effectiveness of its HRP.

Findings: Levels of Maturity The proposed methodology operates on five levels of maturity against which an organization can measure whether it conforms to eight management categories and

190

Appendix B: A Methodology for Evaluating the Implementation …

associated indicators that contribute to effective HRP implementation. It is often to quantify an evaluation’s results with reasonable accuracy owing to the multitude of factors that can weaken or strengthen an HRP. It is more practical to limit the evaluation’s results by selecting one of the five levels of maturity that best reflects, in the evaluators’ view, the state of the HRP implementation process. Below is a table describing each level and its maturity characteristics.

Visualization of Self-assessment Results Figure A.1 is an example of how to capture the results from self-assessment methods reviewed in Table A.1. Evaluators select methods to collect views and opinions pertaining to each individual indicator (a total of 44) from across the organization. Based on the data received, evaluators score each indicator using the five-point maturity scale discussed in Table A.2 (from 0 to 5). The average among all indicators in each management category determines the institution’s maturity level across that category. For example, “Context of the Organization” has six indicators, of which evaluators assigned three a score of 2 and three a score of 3. The sum is 15 and the average score is 2.5, meaning the institution is in transition from level 2 to level 3 in this management category. The figure demonstrates that this organization has achieved mixed progress so far. Management is apparently committed to the program, but it lacks the competence to move ahead. There is progress on the policy side, but operational arrangements are weak. The upshot is that the institution may need assistance training its personnel to evaluate performance.

Conclusion Numerous methodologies are available to assess and analyze HRP implementation and program outcomes. The methodology proposed in this appendix combines the best practices and lessons learned to meet in a comprehensive way current and emerging safety-security risks including large scale natural disasters, dramatic climate changes and epidemics. At the same time, it attempts to address the needs of countries with limited practical experience in adjusting and enhancing safety, security, and human reliability within diverse nuclear complexes. They need a userfriendly evaluation toolset that can easily be applied to nuclear power plants, research reactors, nuclear-material transporters, users of radioactive sources, and other types of nuclear activity. Because a nuclear complex is so diverse, the leadership at each site must modify management categories and indicators to reflect the site’s distinct profile. In addition to its universality and relative simplicity, other benefits of this methodology include:

Appendix B: A Methodology for Evaluating the Implementation …

191

Table A.2 Five levels of maturity for an HRP Scale Description Definition

Maturity Characteristics

0

Innocent

The organization has not recognized the need for this requirement and/or there is no evidence of commitment to put it in place.

1

Aware

The organization has identified the need for this requirement, and there is evidence of intent to progress it.

Proposals are under development and some requirements may be in place. Processes are poorly controlled, reactive and performance is unpredictable.

2

Developing

The organization has identified the means of systematically and consistently achieving the requirements and can demonstrate that these are being progressed with credible and resourced plans in place.

Processes are planned, documented (where necessary), applied and controlled at a local level or within functional departments; often in a reactive mode but could achieve expected results on a repeatable basis. The processes are insufficiently integrated, with limited consistency or coordination across the organization.

3

Competent

The organization can demonstrate that it systematically and consistently achieves relevant requirements.

This involves a formal documented HRP embedded within the organization. The performance its elements are measured, reviewed and continually improved to achieve the objectives.

4

Optimizing

The organization can demonstrate that it is systematically and consistently optimizing its HRP practice, in line with the organization’s objectives and operating context.

Monitoring of performance; and resolution of trade-offs between competing goals in an agile decision-making framework, innovation is a way of life, continual improvement can be widely demonstrated with evidence of results, benchmarking is employed to identify further improvement opportunity, and the management system is even further integrated and effective.

5

Excellent

The organization can demonstrate that it employs the leading practices and achieves maximum value from the management of its assets, in line with the organization’s objectives and operating context.

This is a dynamic and context-sensitive state, so the evidence must include demonstration of awareness of benchmarking positions against similar best in class organizations and that, there are no known improvements that have not already been implemented .

192

Appendix B: A Methodology for Evaluating the Implementation …

Fig. A.1 Five-point maturity scale with hypothetical self-assessment results

• Consistency with emerging practices to assess nuclear security culture, because, after all, determining personal trustworthiness is central to the nuclear-securityculture model. • Familiarity of potential users with data-collection methods such as surveys, person-to-person interviews, focus-group discussions, document reviews, and observations. • Ability to evaluate the HRP implementation process and its outcomes in real time. • Monitoring progress at given intervals using the visualization tool. Reviewing how the institution is faring in all management categories enables leadership to shift priorities and focus on most critical ones. • Sharing experience and best practices across all organizations involved in HRP implementation and seeking out opportunities for collaboration nationally and internationally. Promoting this methodology and introducing it to relevant staff for regular use may require training sessions consisting of lectures and exercises.