A commentary by Matthew Bunn shared at NPEC’s meeting, “Securing Nuclear Arsenals for the Next Half Century: What Does History Recommend?”
Feb 28, 2012
AUTHOR: Matthew Bunn
Beyond Crises-The Unending Challenge of Controlling Nuclear Weapons an…. (PDF) 111.98 KB
Beyond Crises: The Unending Challenge of
Controlling Nuclear Weapons and Materials
Matthew Bunn
February 27, 2012
The papers presented at this workshop are invaluable contributions to thinking about an important aspect of the nuclear danger – the potential for loss of control as states with nuclear weapons go through periods of political turmoil and unrest.
From Sokov, we have the alarming spectacle of military forces digging a trench in the runway with cannon fire to scare off a crowd, in order to be able to fly nuclear weapons away before tarmed gangs arrive and seize them. From Tetrais, we have the spectacle of uncertainty over which group of generals those with control of a nuclear weapon to be tested will be loyal to – and then the nuclear core being driven across the desert in an deux chevaux. From Stokes we have the world’s only case of an armed nuclear missile being fired over long range and then detonated – and word of radical factions among nuclear custodians squabbling with other factors over control of key nuclear facilities. From Khan, we have a more reassuring argument that Pakistan’s seemingly endless political turmoil has never seriously threatened its nuclear control – though well-organized attacks on heavily guarded strategic targets such as the Rawalpindi General Headquarters and the Mehran naval base – apparently with insider help – inevitably raise worries about the possibility of similar attacks on nuclear facilities.
But in a way, each of these papers is the beginning, not the end, of a history. They open intriguing and important questions, but do not give us the answers we would need to understand the full implications of these events. In most of these cases, we do not know in detail how close the nation came to losing control of nuclear weapons, what actors might have been attempting to get them, or what these actors’ plans might have been.
One thing seems clear: political chaos, turmoil, and insurgency in a state armed with nuclear weapons is an extraordinarily dangerous thing. Removing nuclear weapons from regions that may be vulnerable to such turmoil, providing multiple layers of security for nuclear weapons, and doing everything possible to strengthen governance and reduce the chances of such turmoil in states with nuclear weapons all seem to be urgent tasks. Today, they may be most urgent in the very different cases of North Korea – whose dictatorial regime surely cannot last forever (though analysts have been saying the same for two decades) – and Pakistan, where substantial security measures must protect against extraordinary threats, from possible insiders, from outsiders, and from both working together. In both cases, how to accomplish the tasks of strengthening governance and reducing the chance of loss of control remain very much open questions.
But I would argue that the papers at this workshop tell only a small part of the history of nuclear security. They focus only on security for nuclear weapons, not nuclear material, and only on moments of turmoil and crisis, which are blessedly rare.
The broader story is that securing both nuclear weapons and weapons-usable nuclear material has been a difficult challenge throughout the nuclear age, in normal times and in crisis. Indeed, the nuclear thefts that have genuinely occurred have been of weapons-usable nuclear materials, not nuclear weapons (fortunately), and they have not occurred in the midst of political turmoil. If we want to understand the risks of nuclear theft – the central issue nuclear security measures are designed to address – we need to look beyond the windows we have peered through at this workshop.
Real Thefts, Attacks, and Intrusions: Some Cases
Theft of highly enriched uranium and plutonium, the essential ingredients of nuclear weapons, is not a hypothetical worry – it is an ongoing reality. The IAEA has documented some 18 cases of theft or loss of plutonium or highly enriched uranium (HEU) from 1993-2007 that were confirmed by the states concerned. See Table 1.[1] (These cases involving real weapons-usable nuclear material are only one small part of the broader phenomenon of illicit trafficking of nuclear and radioactive materials; the IAEA has reported hundreds of cases involving other materials.) Three of these cases (New Jersey in 2005, Fukui, Japan in 2005, and Hennigsdorf, Germany in 2006) involve inadvertent loss, leaving 15 involving cases of intentional theft and smuggling. Of those, five involve less than a gram of material, and are included here only because of the possibility that these are samples of larger stocks available to the smugglers – as smugglers often claim is the case.
Unfortunately, after 2008, the IAEA stopped issuing public updates of this list of HEU and plutonium incidents. This does not mean, however, that incidents stopped occurring. The Georgian government has confirmed that in March 2010, Georgian agents seized approximately 18 grams of HEU just below 90% enrichment from smugglers who crossed into Georgia from Armenia. The smugglers reportedly claimed that more was available.[2] In June 2011, authorities in Moldova arrested six people who reportedly had 4.4 grams of weapon-grade HEU. The smugglers claimed to have access to nine kilograms of HEU, which they were willing to sell for $31 million. Moldovan officials report that “members of the ring, who have not yet been detained, have one kilogram of uranium.” This case appears to involve a real buyer – still at large – and the possibility that there are kilograms of weapon-grade HEU in the smugglers’ hands, making it potentially the most serious case in years.[3]
In addition to these cases confirmed to the IAEA, there is strong evidence that a number of additional thefts have occurred – including confessions and convictions for some of the perpetrators – which the states concerned have not confirmed to the IAEA. Inparticular, there was a well-documented theft of 1.5 kilograms of 90% enriched HEU in 1992 (described in detail below), and two thefts from Russian naval facilities in 1993 which are not included in the IAEA database. Thus there appear to be approximately 20 well-documented cases of actual theft and smuggling of plutonium or HEU in the public record.[4] At the classified level, the U.S. government regards a significant number of additional cases as confirmed.
To these cases of actual theft and smuggling of plutonium and HEU must be added a substantial number of attempts, attacks, and intrusions that have taken place over the years. These include, among others, the still-unexplained apparent loss of hundreds of kilograms of HEU at the Nuclear Materials and Equipment Corporation (NUMEC) in the mid-1960s (which the balance of evidence suggests was a theft by senior facility officials on behalf of Israel);[5] a 1982 incident in which an insider at the Koeberg nuclear power plant in South Africa planted and detonated explosives on the steel pressure vessel (before fuel had been loaded, intended only to raise alarm, not to spread radioactivity);[6] incidents in 2001 in which terrorist teams carried out reconnaissance at Russian nuclear weapons storage sites, and apparently also on nuclear weapon transport trains;[7] a 2007 intrusion in South Africa in which two teams of armed men attacked the Pelindaba site, where hundreds of kilograms of HEU are stored (with one of the teams penetrating a 10,000 volt security fence, disabling intrusion detectors, going to the emergency control center and shooting a worker there after a struggle, and departing without ever being engaged by site security forces).[8]
In short, the threats are out there. In a world that includes terrorists with global reach, effective nuclear security and accounting measures are needed wherever nuclear weapons, plutonium, or HEU exist. All countries with such stockpiles on their soil should ensure that they are at least protected against a modest group of well-armed, well-trained outsiders, a well-placed insider, and both outsiders and an insider working together, using a broad range of tactics. Countries that face more substantial adversary threats – Pakistan being an obvious example – need to provide even higher levels of protection.[9]
Unfortunately, in many countries around the world, the security measures in place today are demonstrably not sufficient to protect against the kinds of threats terrorists and thieves have already shown they can pose. As just one example, a U.S. team visiting a foreign site with a Category I quantity of HEU in the period 2005-2010 found that there were no fences around the perimeter, no sensors to detect intrusions, no video surveillance systems to help guards assess the cause of alarms generated by sensors, and no vehicle barriers.[10] (It is a reasonable bet that this facility also did not have an on-site armed response team to protect it from armed attackers.) The U.S. team recommended that all of these basic security measures be put in place, which the country agreed to do. But when a team of congressional auditors visited in 2010-2011, some of the improvements were still underway. The fact that such glaring weaknesses still existed at a site with Category I materials years after the 9/11 attacks speaks volumes about the urgent work still ahead to plug nuclear security weak points around the world. Indeed, I would argue that every country with nuclear weapons or weapons-usable nuclear materials – including the United States – has more to do to ensure that these items are effectively protected.
Punctuating Complacent Equilibrium: The U.S. Case
If political turmoil is not the most important driver of nuclear security problems, what is? In a word, complacency – the belief that nuclear terrorism is not a serious threat, and that whatever security measures are in place today are already sufficient. The history of nuclear security is a story of punctuated equilibrium, with long stretches of complacency and little change punctuated by moments when something – typically a major incident of some kind – made it possible to move the system to a higher-security state, from which it would then begin to drift slowly into complacency again. The results of incidents and other events are mediated by the different political cultures and institutions in different countries, so that one country might react to an incident by establishing substantial new security rules, while another might react by participants in the system offering explanations as to why it could never happen again.
For a brief picture of this kind of punctuated equilibrium, consider the nuclear security history of the United States, which today probably has more stringent nuclear security rules and higher nuclear security expenditures than any other nation on earth. (The Department of Energy alone now spends some $1.8 billion a year on security, most of which goes to secure the nuclear weapons and weapons-usable materials it controls.[11])
From the beginning, the U.S. nuclear weapons program had substantial layers of security. But also from the beginning, there were serious weaknesses – highlighted by events such as the loss of nuclear weapon design information to the Soviet Union, and driving the plutonium pit for the Trinity test across the desert in an ordinary four-door Packard.
The first major puncture in the complacent equilibrium surrounding security for nuclear weapons was the 1960 visit to bases in Europe where U.S. nuclear weapons were stored by a team from the Joint Committee on Atomic Energy (JCAE). They appalled by the limited measures in place to prevent seizure or unauthorized use of a U.S. nuclear weapon. At one base, for example, the team saw aircraft armed with fully operational U.S. nuclear weapons, ready to take off at a moment’s notice, with foreign pilots. “The only evidence of U.S. control was a lonely 18-year-old sentry armed with a carbine and standing on the tarmac.”[12] This led to the decision to develop and install the first primitive permissive action links (PALs) on U.S. nuclear weapons in Europe.
The situation with respect to weapons-usable nuclear materials was much worse. In the 1950s and 1960s, the Atomic Energy Commission (AEC) literally imposed no rules at all concerning how private companies with weapons-usable nuclear material had to secure such stocks, believing that because the material was valuable, companies would protect it adequately themselves.[13] Various authors pointed out that the consequences to society of theft of enough nuclear material for a bomb were far greater than the financial value of the material, but logic was not sufficient to overcome complacency. Official government reports include photographs of items such as canisters containing 48 kilograms of HEU sitting on a dolly unguarded at an airport, waiting for a flight, or the exterior wall of a building that served as the principal barrier to accessing HEU that was so thin it could be cut open with tin snips.[14] The privately-owned plutonium reprocessing plant at West Valley had many bombs’ worth of separated plutonium on site, with only one guard during the day – and none at night.[15] Nuclear material accounting was in its infancy and terribly inaccurate, and really tamper-resistant seals were not in use.
It was conditions such as these that existed at the Nuclear Materials and Equipment Corporation (NUMEC) in Apollo, Pennsylvania in the 1960s, when the poor accounting records that existed seemed to suggest that hundreds of kilograms of HEU were missing. I doubt we will ever know for sure, but the balance of evidence suggests that senior management of the facility stole a large amount of HEU and provided it to Israel.[16] (This reminds us that insider protection programs must include the senior leaders of a site among those they are designed to protect against.) Later in 1965, there was another large incident of HEU material unaccounted for (MUF) at the Nuclear Fuel Services (NFS) plant in Irwin, Tennessee [17] – a plant that continued to have problems with MUFs larger than the statistical limits permitted for decades thereafter.
The NUMEC and NFS episodes were another puncture for the complacent equilibrium. The AEC tightened material accounting rules, and designated Los Alamos as the lead laboratory to develop technology for non-destructive assay and other means of nuclear material accounting. (Ironically, the development of many of the technologies used for international safeguards around the world today was initiated in response to concern about a possible theft in one unsafeguarded nuclear program on behalf of another unsafeguarded nuclear program.) The AEC tasked an advisory group to review its safeguards program, and in 1967 the group recommended drastic improvements in security and accounting, warning – I believe for the first time ever in a U.S. government report – that terrorists might be able to get weapons-usable nuclear material and make a crude nuclear bomb.[18] Advocates within the AEC, notably Theodore B. Taylor, were pushing for action to improve nuclear security, and warning of a possible nuclear terrorist threat.[19] By 1970, the AEC finally issued requirements for private companies with weapons-usable nuclear material to provide some protection for it – though these initial regulations were quite weak.
The next puncture in the equilibrium came quickly: the Munich Olympics. Suddenly, the idea that a large, well-armed and well-trained team could strike in the heart of a modern developed country was not a hypothetical worry but a stark reality. Congress held hearings that publicly chastised weak AEC security requirements, and the GAO conducted a damning investigation. In 1973, the AEC imposed new nuclear security requirements, and designated Sandia as the lead lab to develop and evaluate physical protection technologies. The Sandia experts began taking a systems engineering approach to security, carefully examining each pathway adversaries might use to get to a nuclear weapon and how it might be blocked, and found many gaping vulnerabilities in the security systems that existed at the time. As one of the grand old men of U.S. physical protection put it to me: “before 1973, the only reason we never lost a nuclear weapon is that no one ever tried to take one.”[20]
Throughout the 1970s, new challenges never let the system return to a complacent equilibrium. Growing public distrust of government and corporate assurances in general, and nuclear energy in particular; the debate over a plutonium economy, with the expectation that scores and eventually hundreds of plutonium-fueled reactors would soon be built, with tens of thousands of people projected to have direct access to separated plutonium; the Indian nuclear test in 1974; the continuation of international terrorist attacks (along with attacks and nuclear hoaxes within the United States); and a stream of investigations and analyses highlighting the dangers of plutonium and HEU and the possibility of nuclear terrorism combined to produce continuing public and government alarm. Indeed, provisions of the Energy Reorganization Act of 1974, which split the Atomic Energy Commission, made it clear that Congress expected the new Nuclear Regulatory Commission (NRC) to take on the security issue immediately. By the end of the 1970s, the new Department of Energy (DOE) and the NRC had both, for the first time, established rules requiring that facilities have security measures in place able to provide protection against a specified “design basis threat” (DBT), and had begun performance tests including force-on-force exercises to test how well security systems worked in practice, ushering in the modern era of nuclear security.
With the Three Mile Island accident in 1979, followed by Chernobyl in 1986 – and with the Cold War heating up – public attention turned to nuclear safety and nuclear war in the 1980s, and there was little public discussion of the danger of nuclear terrorism. Nevertheless, intensive Congressional investigations of DOE security lapses (led by Rep. John Dingell); security tests in which security systems failed to protect against plausible adversary threats; and concern over truck bombs following the bombing of the Marine barracks in Lebanon in 1983 combined to drive further improvements in nuclear security. In 1985, then-Secretary of Energy Herrington formed a “Special Project Team” to carry out a fast-paced review of security at all DOE facilities. The team found a wide range of vulnerabilities and made 94 recommendations for action. Over the next few years, DOE spent an estimated $1.5 billion upgrading physical security to implement these recommendations, in an effort known as “Project Cerberus,” after the mythical guardian of the gates of hell.[21] Yet within a few years, complacency had crept back: security budgets began to fall again, and DOE security managers warned that if immediate actions were not taken, nuclear weapons and materials could not be adequately secured.[22]
The next really dramatic puncture in the equilibrium was the 9/11 attacks. DOE and NRC ratcheted up their nuclear security requirements, new security performance testing programs were put in place, and more – which brings us more or less to where we are today. Events such as the inadvertent flight of the six warheads across the country suggest that in some areas, complacency is back.
It is important to understand that each of these improvements was resisted. Both industrial firms and operators of government facilities complained that the old approaches were enough, that the new requirements were needlessly expensive and burdensome, and that the threats were overstated. They lobbied to weaken various proposed rules and procedures, and often succeeded. What is striking is that the degree of satisfaction with security measures already in place appears to be completely independent of what those security measures actually were; even when the AEC first required that transports of HEU and plutonium have at least a couple of armed guards, the industry complained that this was unnecessary and probably ineffective.[23] Nevertheless, over the years, the trend has been one of halting improvement in nuclear security over time, and industry has usually come eventually to accept and support the requirements.
The bad news in this story is that the richest and most powerful country on earth, with the most nuclear security experience, found achieving effective nuclear security to be an enormous challenge, which took decades to accomplish (and remains in some respects unfinished) – and that it often took dramatic incidents such as major losses of nuclear material or terrorist attacks to lead to change.
The good news in this story is that on several occasions, “incidents” that could be generated by policy – Congressional investigations, testing programs, analyses and reviews – were sufficient to lead to important improvements in nuclear security. We are not doomed to wait until catastrophe strikes before nuclear security improvements are made. But how can policy drive such change more effectively in the future – in the United States and elsewhere?
Overcoming Complacency
For years, as this history was playing out within the United States, the U.S. government has been seeking to convince countries around the world to improve nuclear security, with varying degrees of success. Policy tools have included attempting to negotiate treaties, such as the Convention on the Physical Protection of Nuclear Materials and its 2005 amendment; seeking ever-more-specific IAEA nuclear security recommendations, such as the recent revision of Information Circular 225 (INFCIRC/225, the IAEA recommendation referenced in many nuclear supply agreements); pursuing technical cooperation to upgrade security (as in the Nunn-Lugar program and larger related efforts funded by the National Nuclear Security Administration); helping to consolidate dangerous nuclear stocks to fewer locations, for example by converting HEU-fueled research reactors and removing their HEU; passing UN Security Council resolutions, such as UNSCR 1540, which legally obligates all countries to provide “appropriate effective” security and accounting for whatever stockpiles they may have; and, most recently, the nuclear security summit process, bringing dozens of heads of state together to commit to take action to improve nuclear security.[24]
What the United States has been seeking to do, in effect, is to accelerate this process of punctuated equilibrium, to convince countries to improve their nuclear security faster and more extensively than they otherwise would. While each of these efforts has had its value, I believe the time has come for the United States and other countries to take on the driving cause of weak nuclear security – complacency – more directly.
The fundamental key to success in improving nuclear security and preventing nuclear terrorism is to convince political leaders and nuclear managers around the world that nuclear terrorism is a real and urgent threat to their countries’ security, worthy of a substantial investment of their time and money, and that improvements on their part are necessary to reduce the risk—something many of them do not believe today. If they come to feel that sense of urgency, they will be likely to take the needed actions to prevent nuclear terrorism; if they remain complacent, they will not. Some of the critical work of building this sense of urgency is already being done; the nuclear security summit, I believe, did make some inroads in convincing some policymakers that the threat of nuclear terrorism was real, as has the Global Initiative to Combat Nuclear Terrorism. But much more needs to be done, if President Obama’s objective of ensuring effective security for all vulnerable nuclear weapons and weapons-usable materials worldwide is to be achieved. There are three layers of complacency that must be overcome: (1) the belief that terrorists could not plausibly make a bomb; (2) the belief that nuclear security measures are already adequate, so that terrorists could not plausibly get the materials needed for a bomb; and (3) the belief that even if terrorists could get nuclear material and could make a crude bomb, it is the United States’ problem, not a problem other countries need to worry about very much.
President Obama should work with other countries to take several steps to overcome this complacency and build the needed sense of urgency and commitment, including:[25]
Joint threat briefings and assessments. Upcoming summits and other high-level meetings with key countries should include detailed briefings for both leaders on the nuclear terrorism threat, given jointly by U.S. experts and experts from the country concerned. These would outline both the very real possibility that terrorists could get nuclear material and make a nuclear bomb, the global economic and political effects of a terrorist nuclear attack, and steps that could be taken to reduce the risk. U.S. briefings for U.S. and Russian officials highlighting intelligence on continuing nuclear security vulnerabilities were a critical part of putting together the Bush-Putin Bratislava nuclear security initiative. With some key countries, the United States should seek agreement to draft joint assessments of the threat, following on the recent non-government U.S.-Russian assessment.[26]
Intelligence-agency discussions. In many countries, the political leadership gets much of its information about national security threats from its intelligence agencies. It is therefore extremely important to convince the intelligence agencies in key countries that nuclear terrorism is a serious and urgent threat—and that plausible actions, taken now, could reduce the risk substantially. During the second Bush term, DOE intelligence was actively working with foreign intelligence services to make this case, and to build cooperation against the threat. This effort should be renewed and expanded to include focused efforts by the Director of National Intelligence, the Central Intelligence Agency, and other U.S. intelligence agencies as well.[27]
The “Armageddon Test.” President Obama should direct U.S. intelligence—possibly working in cooperation with agencies in other countries—to establish a small operational team that would seek to understand and penetrate the world of nuclear theft and smuggling. The team would be instructed to seek to acquire enough nuclear material for a bomb. If they succeeded, this would dramatically highlight the continuing threat, and potentially identify particular weak points and smuggling organizations requiring urgent action. If they failed, that would strongly suggest that terrorist operatives would likely fail as well, building confidence that measures to prevent nuclear terrorism were working.[28]
Nuclear terrorism exercises. Building on the exercise program that has begun in the Global Initiative to Combat Nuclear Terrorism, the United States and other leading countries should organize a series of exercises with senior policymakers from key states. These exercises should have scenarios focused on theft of nuclear material, the realistic possibility that terrorists could construct a crude nuclear bomb if they got enough HEU or plutonium, just how difficult it would be to stop them once they had the material, and how much all countries would be affected if a terrorist nuclear bomb went off.[29] Participating in a realistic exercise can reach officials emotionally in a way that briefings and policy memos cannot. A program of such exercises should become a central element of the Global Initiative.
Fast-paced nuclear security reviews. The United States and other leading countries should encourage leaders of key states to pick teams of security experts they trust to conduct fast-paced reviews of nuclear security in their countries, assessing whether facilities are adequately protected against a set of clearly-defined threats—such as a well-placed insider, or two teams of well-armed, well-trained attackers. (In the United States, such fast-paced reviews after major incidents such as 9/11 have often revealed a wide range of vulnerabilities that needed to be fixed.)
Realistic testing of nuclear security performance. The United States and other leading countries should work with key states around the world to implement programs to conduct realistic tests of nuclear security systems’ ability to defeat either insiders or outsiders. (Failures in such tests can be powerful evidence to senior policymakers that nuclear security needs improvement.)
Shared databases of threats and incidents. The United States and other key countries should collaborate to create shared databases of unclassified information on actual security incidents (both at nuclear sites and at non-nuclear guarded facilities) that offer lessons for policymakers and facility managers to consider in deciding on nuclear security levels and particular threats to defend against. The World Institute for Nuclear Security (WINS) could be a forum for creating one version of such a threat-incident database. In the case of safety, rather than security, reactor operators report each safety-related incident to groups such as the Institute of Nuclear Power Operations (the U.S. branch of the World Association of Nuclear Operators), and these groups analyze the incidents and distribute lessons learned about how to prevent similar incidents in the future to each member facility—and then carry out peer reviews to assess how well each facility has implemented the lessons learned.[30]
The Path From Here
There is a great deal to be done to ensure effective and lasting security and accounting are in place for all nuclear warheads and weapons-usable nuclear materials around the world. While much can still be accomplished during the four-year effort, we must begin to focus on what happens beyond – for nuclear security, like nuclear safety, will require constant vigilance, and a focus on continual improvement, as long as nuclear weapons and weapons-usable materials continue to exist.
The papers at this workshop have made a valuable contribution to understanding how states have handled these matters in decades past. But there is much yet to be done to understand the history of nuclear security. To find the most effective policies to strengthen nuclear security worldwide, we need to know:
· Why have different countries made very different decisions about what nuclear security and accounting rules to put in place?
· What factors have led countries to change their nuclear security and accounting practices?
· What factors have been the most important obstacles to, and constraints on, such changes?
· What approaches can best strengthen security culture, convincing all key staff of nuclear operations to take security seriously and constantly seek ways to improve it?
· What measures could best ensure that once effective nuclear security and accounting measures and strong security cultures have been put in place, they are sustained for the long haul?
Once we have learned some of the answers to these questions, we will be in a better position to judge how countries might best be convinced to make decisions that would drastically reduce the danger that nuclear weapons or the materials needed to make them could be stolen and fall into the hands of terrorists.