IAEA International Atomic Energy Agency Security of Radiation Sources.

IAEAInternational Atomic Energy Agency

Security of Radiation Sources

IAEA 2

To understand the criteria for establishing the level of security required for radioactive sources and how the criteria are to be implemented by users and the Regulatory Body

Objective

IAEA 3

Contents

• Security and source categorization.• Security requirements to be applied to the user.• Controls to be applied by the Regulatory Body.

IAEA

• States should formulate security policy for radioactive sources and regulatory bodies should develope regulatory requirements that are consistent with the Code of Conduct .

• Operators managing radioactive sources should develope their own security programmes

• Operators should develope measures for the prevention of, detection of, and response to malicious acts involving radioactive sources, and preventing the loss of control of such sources.

• Security measures should be applied on a graded basis, taking into account the current evaluation of the threat, the relative attractiveness of the source, and the potential consequences resulting from malicious use. The requisite level of security is achieved through a combination of deterrence, detection, delay, response and security management

Background

Security of Radioactive Sources IAEA NSS No. 11 (2009)

IAEA 5

Every State should, in order to protect individuals, society and the

environment, take the appropriate measures necessary to ensure:

Basic principles1

1 Code of Conduct on the safety and security of radiation sources, paragraph 7

• that the radioactive sources within its territory, or under its jurisdiction or control, are safely managed and securely protected during their useful lives and at the end of their useful lives;

• the promotion of safety culture and of security culture with respect to radioactive sources.

IAEA

Basic Principles-cont

• Operators, as the authorized entities, should have the primary responsibility for implementing and maintaining security measures for radioactive sources in accordance with national requirements.

• Operators should ensure that their personnel and their contractors are suitably trained and meet the regulatory requirements, which should include trustworthiness.

• Operators should promote a security culture, and establish a management system commensurate with the levels of security

IAEA 7

• Security and source categorization.

• Security requirements to be applied by the user.

• Controls to be applied by the Regulatory Body.

Security of Radioactive Sources.Implementation Guide

IAEA 8

• Design of devices and sources to minimize the feasibility of malicious acts;

• Management of sources only within an authorized and regulated legal framework;

• Measures to prevent unauthorized acquisition of sources;

• Measures to detect theft or loss;

• Measures to respond to theft or loss.

Program against malevolent uses

IAEA 9

Part I: Security Grouping

IAEA 10

Security Grouping based on Source Categorization

• Three Security Groups (A, B, and C) have been identified for the five source categorizations (1, 2, 3, 4 and 5)

IAEA 11

Source categories

1000

10

1

0.01

exempt

Teletherapy sourcesIrradiators

Industrial gamma radiography sourcesHigh / medium dose rate brachytherapy sources

Industrial gauges with high activity sourcesWell logging gauges

Low dose rate brachytherapy sourcesIndustrial gauges with moderate / low activity sources

X-ray fluorescence (XRF) devicesElectron capture devices

1

2

3

4

5

Activity ratioA/D

IAEA 12

Security Grouping based on Source Categorization (cont)

Security Group

Source Category

Examples

A 1

• Irradiators• Teletherapy• Radioisotope thermoelectric

generators• Fixed multi-beam teletherapy

(gamma knife)

IAEA 13


Security Group

Source Category

Examples

B 2• Industrial radiography• High / medium dose rate

brachytherapy

C 3• Fixed industrial gauges that

incorporate high activity sources• Well logging

IAEA 14


Security Group

Source Category

Examples

Applymeasures asdescribedin theBasic SafetyStandards

4

• Low dose rate brachytherapy (except eye and permanent implants))

• Industrial gauges that do not incorporate high activity sources

• Bone densitometers• Static eliminators

IAEA 15


Security Group

Source Category

Examples

Applymeasures asdescribedin theBasic SafetyStandards

5

• Low dose rate brachytherapy eye plaques and permanent implant sources

• X-ray fluorescence devices• Electron capture devices• Mossbauer spectrometry sources• Positron emission tomography

(PET) • check sources

IAEA

RECOMMENDED MEASURES FOR SECURITY LEVEL A

Securityfunction

Security objective Security measures

Detect

Provide immediate detection ofany unauthorized access to thesecured area/source location

Electronic intrusion detection system and/or continuous surveillance by operator personnel.

Provide immediate detection ofany attempted unauthorizedremoval of the source, includingby an insider

Electronic tamper detection equipment and/ or continuous surveillance by operatorpersonnel

Provide immediate assessment ofdetection

Remote monitoring of CCTV or assessment by operator / response personnel

Provide immediatecommunication to responsepersonnel

Rapid, dependable, diverse means ofcommunication such as phones, cell phones, pagers, radios

Provide a means to detect lossthrough verification

Daily checking through physical checks, CCTV, tamper indicating devices, etc.

IAEA

RECOMMENDED MEASURES FOR SECURITY LEVEL A - Cont

Securityfunction


Delay Provide delay after detection sufficient for response personnel to interrupt the unauthorized removal

System of at least two layers of barriers (e.g. walls, cages) which together provide delay sufficient to enable response personnel to interdict.

Response Provide immediate response to assessed alarm with sufficient resources to interrupt and prevent the unauthorized removal.

Capability for immediate response with size, equipment, and training to interdict .

Security management

Provide access controls to source location that effectively restrict access to authorized persons only.

Identification and verification, for example, lock controlled by swipe card reader and personal identification number, or key and key control

Ensure trustworthiness ofauthorized individuals

Background checks for all personnel authorized for unescorted access to the source location and for access to sensitive information.

Identify and protect sensitiveinformation.

Procedures to identify sensitive information and protect it from unauthorized disclosure.

Provide a security plan. A security plan which conforms to regulatory requirements and provides for response to increased threat levels

Ensure a capability to manage security events covered by security contingency plans

Procedures for responding to security-related scenarios

Establish security event reporting system Procedures for timely reporting of security events.

IAEA

RECOMMENDED MEASURES FOR SECURITY LEVEL B

Securityfunction


Detect

Provide immediate detection ofany unauthorized access to thesecured area/source location

Electronic intrusion detection system and/or continuous surveillance by operator personnel.

Provide detection of any attempted unauthorized removal of the source

Tamper detection equipment and/ or periodic checks by operator personnel


Remote monitoring of CCTV or assessment by operator / response personnel

Provide immediatecommunication to responsepersonnel

Rapid, dependable means ofcommunication such as phones, cell phones, pagers, radios


Weekly checking through physical checks, tamper indicating devices, etc.

IAEA

RECOMMENDED MEASURES FOR SECURITY LEVEL B - Cont

Securityfunction


Delay Provide delay to minimize the likelihood of unauthorized removal

System of two layers of barriers (e.g. walls, cages).

Response Provide immediate initiation of response to interrupt unauthorized removal .

Equipment and procedures to immediately initiate response.

Security management


One identification measure


Background checks for all personnel authorized for unescorted access to the source location and for access to sensitive information.



Provide a security plan. A security plan which conforms to regulatory requirements and provides for response to increased threat levels



Establish security event reporting system Procedures for timely reporting of security events.

IAEA

RECOMMENDED MEASURES FOR SECURITY LEVEL C

Securityfunction


Detect

Provide detection of unauthorized removal of the source

Tamper detection equipment and/ or periodic checks by operator personnel


assessment by operator / response personnel


Monthly checking through physical checks, tamper indicating devices, or other checks to confirm the presence of the source.

Delay Provide delay to reduce the likelihood of unauthorized removal of a source

One barrier (e.g. cage, sourcehousing) or under observation byoperator personnel

Response Implement appropriate action in the event of unauthorized removal of a source.

Procedures for identifying necessaryactions in accordance withcontingency plans

IAEA

RECOMMENDED MEASURES FOR SECURITY LEVEL C - Cont

Securityfunction


Security management


One identification measure


Appropriate methods for determining the trustworthiness of authorized individuals withunescorted access to radioactive sources and access to sensitive information..



Provide a security plan. Documentation of security arrangements and reference procedures



Establish security event reporting system

Procedures for timely reporting of security events.

IAEA 22

Part II: Applicable Security Measures

IAEA 23

Applicable Security Measures

Administrative

Appropriate administrative measures include:

• access control procedures;• alarmed access points (e.g. with radiation detectors);

• key control procedures;

• video cameras or personal surveillance;

• records related to the management of sources;

IAEA 24


Administrative (cont)

Appropriate administrative measures include:

• regulations and guidance;

• reliability and trustworthiness of personnel;

• information security;

• quality assurance measures; and

• establishment of a safety culture and security culture.

• source inventories;

IAEA 25

Applicable Security MeasuresTechnical Measures

• walls;• cages;• transport packaging;• locks and interlocks for doors

(or access points);• locked, shielded containers.

• fences;

Appropriate technical measures include:

IAEA 26


Emergency response plan (Group A and B sources)

Minimum contents of the plan

• Early notification procedures.

• Immediate response measures to be taken.

• Procedures for public communication.

The plan should be

• Exercised periodically.

• Evaluated periodically.

IAEA 27


Information Security (Group A and B sources)

Information that can be used to identify specific locations, specific security measures or weaknesses in the system of management of sources should be controlled and distributed on a “need to know” basis. This includes information concerning:

• the specific locations of sources;

• the facility’s security plan and security systems;

• temporary or permanent weaknesses in the security system;

IAEA 28


Information Security (cont)

• source utilization plans and records;

• proposed dates and times of source shipments and transfers;

• emergency response plans and systems.

IAEA 29


Personnel background checks (Group A and B sources)

Authorized users

• the licensee should ensure trustworthiness;

• check should be made before an authorization is granted.

IAEA 30


Transport

The transport of Security Group B and C sources should:

• satisfy the performance requirements for security for the particular group;

• for a mobile source, administrative controls such as personal surveillance should be rigorously maintained;

• include consideration of a communication link to allow timely response to incidents or potential threats.

IAEA 31


Transport

The transport of Security Group A sources should provide for:

• background checks on trustworthiness of the transport organization and operatives;

• deterrence through the use of locked and sealed transport packages and the use of a dedicated, locked transport unit;

• timely detection through radio communication between the personnel in the vehicle and a security office or organization;

IAEA 32


Transport (cont)

The transport of Security Group A sources should provide for:

• response through security trained transport operatives;

• an emergency plan developed to deal with emergencies in transit.

IAEA 33

Part III: Responsibilities of the Authorities

IAEA 34


The Regulatory Body

The Regulatory Body should:

• establish systems to ensure, where practicable, that radioactive sources are identifiable and traceable;

• maintain appropriate records of authorizations that clearly indicate the type of radioactive source, and records of the transfer and disposal of source on termination of the authorization;

IAEA 35


The Regulatory Body (cont)

The Regulatory Body should:

• implement an inspection Program that includes verification that facilities and radiation protection Programs are maintained and adequately manage the radioactive sources.

• ensure that regulations and other criteria with regard to the security of radioactive sources remain adequate and valid;

IAEA 36

Part IV: Responsibilities of the Registrants and Licensees

IAEA 37


Registrants and Licensees

Registrants and Licensees:

• who appoint other people to carry out actions and tasks, nevertheless remain responsible for the relevant actions and tasks themselves.

• bear the responsibility for setting up and implementing the technical and organizational measures that are needed to ensure both the safety and security of the authorized sources;

IAEA 38


Registrants and Licensees (cont)

Registrants and Licensees should ensure that:

• when not in use, sources are promptly stored in an approved manner and relevant to the requirements of the security grouping to which the source(s) belong;

• the transfer of sources to another person is documented and that person is appropriately authorized to receive the transferred source;

• sources are managed in accordance with the authorization;

IAEA 39



Registrants and Licensees should ensure that:

• financial provisions in accordance with regulatory requirements are in place for the safe disposal of disused sources;

• sources are shipped and received in accordance with regulatory requirements.

IAEA 40


Surveys and audits

• perform an inventory check of all radiation sources at regular intervals, including x-ray equipment, spent, calibration and crawler control radioactive sources;

The registrant or licensee must:

• ensure that all radioactive sources are surveyed when removed from, and returned to, storage;

IAEA 41


Surveys and audits

• apply the same survey and audit procedures to locations where extended field site work is taking place and where a temporary store is established;

The registrant or licensee must:

• if a radiation source cannot be located, take action as if an accident has occurred and shall immediately notify the Regulatory Body.

IAEA 42



In addition to normal reporting requirements relating to safety issues, registrants and licensees should report to the Regulatory Body:

• any loss of control over a radioactive source;

• unauthorized access to, or unauthorized use of, a source;

• malicious acts threatening authorized activities;

• failures of equipment containing radioactive sources which may have security implications;

• the discovery of any unaccounted source.

IAEA 43

• Security of Radioactive Sources. Implementing Guides. IAEA Nuclear Security Series No. 11, Vienna (2009).

• Categorization of Radioactive Sources, Safety Guide RS-G-1.9, IAEA, Vienna (2005).

References

IAEA International Atomic Energy Agency Security of Radiation Sources.

Documents

Transcript of IAEA International Atomic Energy Agency Security of Radiation Sources.