Back in 2010, US President Barack Obama launched the Nuclear Security Summit process, a series of high-level global meetings aimed at locking down or eliminating loose nuclear materials. Many of the 47 countries that attended made and fulfilled pledges to reduce their stockpiles, but there was no universal measuring stick to evaluate where they stood or how they progressed. In 2012, the Nuclear Threat Initiative helped fill that gap when it came out with the first Nuclear Security Index. For the first time, the world had a baseline assessment of nuclear materials security in 176 countries.
Last week the Nuclear Threat Initiative published its third Index, which contains both sobering news and useful tools for the nonproliferation community as it prepares for the fourth and final Nuclear Security Summit at the end of March. After the index was released, Bulletin contributing editor Elisabeth Eaves interviewed former US Senator Sam Nunn, who is co-chair of the Nuclear Threat Initiative and perhaps most famous as co-architect of the Nunn-Lugar Cooperative Threat Reduction Program, which for more than two decades provided assistance to former Soviet states to help secure and destroy old weapons of mass destruction.
The new index finds that progress on nuclear security has slowed down. In the last two years, fewer improvements were made than between 2012 and 2014, and none were made in the so-called “core protection and control measures” that it tracks. These include on-site physical protection, control and accounting, insider threat prevention, physical security during transport, and response capabilities in regard to nuclear materials.
For this latest edition, the index also expanded the number of metrics it looks at, and for the first time assessed the risk of cyber-attack. It found that of 24 countries with weapons-usable nuclear material, seven had no regulations whatsoever requiring protection of nuclear sites against cyber-attack. Of another 23 countries that have no weapons-usable material but do have nuclear sites,13 have no such regulations. “Nuclear facilities are not prepared for the growing cyber threat,” the report says.
The Bulletin talked to Nunn about the thinking behind the index, his hopes for the upcoming Nuclear Security Summit, the likelihood of catastrophic nuclear terrorism—which NTI calls “the greatest security threat facing the world”—and much more.
BAS: The NTI’s first Nuclear Security Index came out back in 2012. What made you decide to start making one?
NUNN: The Nuclear Security Summits, which began in 2010, were really putting some high-level attention on the whole question of materials security, and we felt the index would be a contribution we could make that governments could not do themselves because of sensitivities, diplomacy, and that sort of thing. We felt it would make a real contribution if countries could take a look at the way a panel of international experts viewed the challenge, and see what indicators the experts thought it was advisable to review in determining a country’s proficiency in protecting nuclear materials.
BAS: How can the index be used to help advance the goals of the Nuclear Security Summits?
NUNN: Most countries would probably take the view that they are doing their own security and that the outside assessment is not needed or valid, so it’s not something that countries are standing on their heads and applauding about, particularly those that are in the bottom third. But we believe the index complements the efforts being made at the summit level. Most leaders don’t focus on the details; this really does focus on the details. Most leaders rely on people below them and sometimes don’t look at what objective observers might think. So we felt this would give leaders a chance to hold those beneath them accountable, and it would give the general public in each country a chance to hold their own governments accountable.
BAS: One of the observations in the new report is that progress on nuclear security has slowed down in the last couple of years, with many advances between 2012 and 2014 and fewer since then. Why do you think that has happened?
NUNN: That’s not something we can measure in the index, which looks at objective things like metrics and public records, but I can give you my own view. Any time you have the United States and Russia—which together possess 90 percent of the nuclear weapons and material—in a state of near-confrontation, as they have been over both Ukraine and Syria, without any kind of arms control agenda, I think it discourages other countries from thinking this ought to be a top priority. Why should they make getting their small amount of nuclear material secure a priority, when the two largest players seem not to be moving forward?
I’m sure there’s also a low-hanging fruit factor. Countries that were most willing to get rid of their nuclear material have already done so.
And I’m sure there were other factors, like the problems going on in the Middle East, Europe, and the South China Sea. There are just a lot of competing priorities for a lot of countries. So it has slowed down. But the good news is, if you look at the last six- to eight-year period, we’ve made a lot of progress.
BAS: Does the fact that the United States and Russia are also modernizing their nuclear arsenals play into the slowdown on nuclear security?
NUNN: It’s very hard to be chain smoking and telling everyone else they shouldn’t take a puff. When you get the two superpowers not discussing reductions but really discussing a very significant buildup, it creates a very negative psychology, particularly in terms of moral leadership, when they try to convince the others to put these issues on the front burner. So yes, modernization is certainly a factor.
BAS: What do you hope to see come out of the fourth and final Nuclear Security Summit, which will take place this spring in Washington?
NUNN: Sustainability of the overall effort has got to be right at the top of the list. This is a continuous process to address a dynamic, continuing challenge. In my view it’s a race between cooperation and catastrophe.
I’d also like to see further progress in reductions, and hopefully more countries getting rid of all their weapons-usable nuclear material.
We also need to see focus and follow-through on military materials. We—our index, the summits, most of the treaties, and the IAEA—only measure about 17 percent of all the nuclear materials out there, because about 83 percent of them are military. That’s something they discussed at the 2014 summit, and it has to be at the top of the list this year.
Finally, 23 countries have signed up to take steps to prevent a radiological or “dirty bomb” event. It’s important to keep the focus on that, too.
So, sustainability, further reductions, military materials, and the radiological focus. That would be my wish list.
BAS: For the first time this year, the Nuclear Security Index looks at protections against sabotage and cyber-attack. What prompted you to introduce the cyber-threat assessment?
NUNN: We felt from the very beginning that we ought to find a way to do it, and we devised a way, based on what’s in the public record, to do it with enough validity to be helpful to countries that really want to improve. We look at two basic questions: Is cyber-security a required part of the threat assessment conducted when building new power plants? And second, do countries have a way of testing their own systems?
BAS: Did you also choose to measure the risk of cyber-attack because you see it as a growing risk?
NUNN: No doubt about it. I think the threat of cyber grows every day in this country, and it’s probably going to be with us for a long, long time, if not forever.
BAS: Is there reason to think that a US nuclear power plant is at risk of an accident caused by cyber-attack?
NUNN: We’re probably near the top of the list in terms of things we do to protect against that possibility. We have an independent Nuclear Regulatory Commission, we have [legal] requirements on cyber, and we have a growing culture on cyber, so I would say that relatively speaking, United States power plants are doing pretty darn well. But everything is relative in this area. Virtually anything is vulnerable. It’s a dynamic kind of threat that continues to evolve.
BAS: What do nuclear power plant operators need to do to protect their facilities from cyber-attack?
NUNN: Of the things we measure in the index, they need to meet legal and regulatory requirements that the threat be recognized and dealt with by each facility, and that systems be tested.
They also have to do a lot of things we don’t measure in the index, having to do with culture, training, and engineering. A whole lot of this is personnel-related. It’s important that people be conscious of the threat and understand that everybody has a role in prevention.
BAS: You’ve observed that it’s hard to keep this subject on the front burner. We’re heading into a US presidential election. How can nuclear security concerns be made part of the discussion?
NUNN: I hope our index gives a thrust to that. I hope it will be discussed in at least broad, general terms, though I think it would be very hard for a presidential debate to get down to the details of cyber, because it’s so complicated. And I hope the index will be discussed not only in this country but in other countries. I hope it will allow the nonprofit and NGO community, as well as the public at large, to begin to hold officials accountable and demand certain assurances. We think it’s not enough for any country to just say, “We don’t have a nuclear regulatory commission, we don’t have laws or regulations in place, but trust us, we’re doing all the things we need to do.” That’s not going to last long after the first disaster.
BAS: The NTI considers catastrophic nuclear terrorism “the greatest security threat facing the world.” What is the chain of things that would have to happen for a terrorist group such as ISIS to get its hands on enough weapons-usable nuclear material to build a nuclear bomb?
NUNN: People think that only large quantities are the problem, but of course several smaller quantities that are either stolen or purchased illicitly could add up to enough nuclear material to make a weapon. It’s not a piece of cake; it’s not easy. There would have to be some expertise. But I would think that certainly making a crude nuclear weapon—not one that would be delivered by a missile in space, but one that would be put in the back of a truck and detonated in a major city—is well within the know-how and capability of an awful lot of people out there. So we think the best way to prevent that is to protect nuclear material and get rid of as much of it as possible. There are no guarantees in this area, but we can certainly reduce the risk.
BAS: What are your concerns regarding nuclear power development in politically unstable regions? Saudi Arabia, Jordan, Turkey, and Egypt, for example, are all interested in nuclear power, if not already actively pursuing it.
NUNN: I hope the low-enriched uranium fuel bank being built in Kazakhstan will play a major role in addressing that. (Editor’s note: This IAEA project, which the NTI was instrumental in launching, will give countries access to enriched nuclear fuel when faced with supply disruptions.) Having a backup supply to the marketplace means countries won’t feel they need their own indigenous ability to enrich. Because if they can make low-enriched uranium, they can take it right up the scale to highly enriched uranium. We have to have assurances that countries can enjoy the benefits of nuclear power without creating more danger by having their own enrichment cycles. If country after country adopts its own enrichment cycle, the dangers and risks are going to go sky high.