About

The human dimension of nuclear security is now widely recognised as fundamental in combating the multitude of threats to nuclear assets. However, cultivating appropriate security-related beliefs, values and behaviours, across a diverse nuclear workforce, is no easy task and one that requires varied and sustained engagement. The nuclear security culture playing cards have been developed in support of this goal. They are designed for use by the nuclear industry and other stakeholders to improve individuals’ understanding of the threat to nuclear facilities, encourage best practices in support effective security implementation and explore the challenges encountered in designing and operating nuclear security systems.

These 52 questions drawing lessons from past incidences, while also incorporating nuclear security best practice, were refined in consultation with industry experts. Each card contains a link to a unique webpage where users can access further information, relevant international guidance and other authoritative references. The cards should be used to prompt informal debate, helping socialise discussions of complex issues surrounding nuclear security implementation in different organisational environments.

x

Personnel Behaviours

Clubs Clubs Clubs Clubs 2 2 2 2
Is it a sign of weakness to tell someone you are experiencing psychological or other personal issues?
What avenues exist for having these types of conversation within your organisation?
Clubs Clubs Clubs Clubs 3 3 3 3
What are some of the warning signs that a colleague may have become an increased security risk?
At what point should changes in a colleague’s behaviour be reported?
What mechanisms exist within your organisations and/or externally for reporting this?
Clubs Clubs Clubs Clubs 4 4 4 4
Is there ever a reason not to follow nuclear security procedures?
What if the procedure negatively impacts on your ability to do your job?
Clubs Clubs Clubs Clubs 5 5 5 5
If you feel a security procedure is ineffective or inappropriate, what should you do?
What avenues exist for communicating issues with security procedures within your organisation?
Clubs Clubs Clubs Clubs 6 6 6 6
“Security violations should always be reported.”
Do you agree with this statement?
Does it matter if you don’t think the security process or procedure is important?
Clubs Clubs Clubs Clubs 7 7 7 7
If you see something that is potentially suspicious should you always report it?
Who do you report it to?
Are there cases where you wouldn’t report something?
Clubs Clubs Clubs Clubs 8 8 8 8
“Sensitive documents should always be locked away if not being used.”
Do you agree with this statement?
What if you are already within a secure area?
Clubs Clubs Clubs Clubs 9 9 9 9
“Teamwork, incorporating open and transparent communication, is essential for delivering effective nuclear security.”
Do you agree with this statement?
Are there limits to the extent that securityrelated information can be shared between different teams?
Clubs Clubs Clubs Clubs 10 10 10 10
“A questioning attitude is important for ensuring effective nuclear security.”
Do you agree with this statement? How can a questioning attitude improve nuclear security?
Are there limits to the types of questions that can be asked?
Clubs Clubs Clubs Clubs J J J J
Scenario: You observe an individual in a restricted area who you don’t recognise.
What do you do?
Would it matter if the individual appears to be a senior manager?
Clubs Clubs Clubs Clubs Q Q Q Q
Scenario: You see someone not wearing their pass at work.
What do you do?
Does it matter that you know them already?
Clubs Clubs Clubs Clubs K K K K
Scenario: You discover that nuclear material is missing, but you think it’s probably just been misplaced.
What do you do?
Does this constitute a security incident?
Clubs Clubs Clubs Clubs A A A A
Scenario: You see an individual wearing their security pass outside of work, which clearly identifies they work at a nuclear facility.
What do you do?
Does this type of behaviour pose a security risk?
x

Threat Perceptions

Hearts Hearts Hearts Hearts 2 2 2 2
“A credible threat exists to the nuclear and radiological assets in my organisation.”
Do you agree with this statement?
Are all threats equally likely or impactful?
Hearts Hearts Hearts Hearts 3 3 3 3
Who are insiders?
What threat do they pose to your organisation?
Hearts Hearts Hearts Hearts 4 4 4 4
“Pre-employment screening is the most effective method for mitigating the risk posed by insiders.”
Do you agree with this statement?
What other security measures can be put in place to counter the insider threat?
Hearts Hearts Hearts Hearts 5 5 5 5
“Threats remain constant over the lifetime of a facility.”
Do you agree with this statement?
What events might trigger an increase in the threat? For example, the threat posed by insiders?
Hearts Hearts Hearts Hearts 6 6 6 6
“The major threats to my organisation are external.”
Do you agree or disagree with this statement?
Hearts Hearts Hearts Hearts 7 7 7 7
“Cyber-attacks pose the major threat to my organisation.”
Do you agree with this statement?
What types of cyber-attack are most relevant in your workplace?
Hearts Hearts Hearts Hearts 8 8 8 8
“Nuclear security is the responsibility of the guard and response force.”
Do you agree with this statement?
What about employees in non-security specific roles?
Hearts Hearts Hearts Hearts 9 9 9 9
“Securing physical assets is more important than securing potentially sensitive information.”
Do you agree with this statement?
What risks does the release of sensitive information pose?
Hearts Hearts Hearts Hearts 10 10 10 10
“There should be a clear division between an employee’s personal life and their professional life.”
Do you agree with this statement?
How can an individual’s behaviour in their personal life have implications for nuclear security?
Hearts Hearts Hearts Hearts J J J J
Scenario: A colleague asks you to lend them some money, and you later discover they have asked other colleagues too.
What should you do?
Do they pose a heightened security risk?
Hearts Hearts Hearts Hearts Q Q Q Q
Scenario: A colleague is clearly frustrated at being passed over for promotion.
What should you do?
Do they pose a heightened security risk?
Hearts Hearts Hearts Hearts K K K K
Scenario: A colleague starts to work long hours and begins taking sensitive information home. When questioned they say they have an urgent project to work on.
What should you do?
Do they pose a heightened security risk?
Hearts Hearts Hearts Hearts A A A A
Scenario: Anti-nuclear protests have increased in recent years in your country.
How might anti-nuclear protestors pose a security risk to your organisation?
x

Security-Related Issues

Spades Spades Spades Spades 2 2 2 2
How does nuclear security differ from nuclear safety and nuclear safeguards?
What tensions and synergies exist between nuclear security, safety and safeguards?
Spades Spades Spades Spades 3 3 3 3
“Nuclear safety should take primacy over nuclear security when these are in conflict.”
Do you agree with this statement?
What scenarios can you think of where tensions between safety and security may occur? How might these be resolved?
Spades Spades Spades Spades 4 4 4 4
“Nuclear security should have a separate budget and reporting line to nuclear safety.”
Do you agree with this statement?
What are the risks of combining nuclear security and safety budgets and reporting?
Spades Spades Spades Spades 5 5 5 5
“Technological solutions are the best way to overcome security vulnerabilities.”
Do you agree with this statement?
Can technology alone defend against the diverse range of threats faced by nuclear organisations?
Spades Spades Spades Spades 6 6 6 6
Should employee use of social media accounts be restricted?
If so, to what extent? How can the use of social media pose a security risk?
Spades Spades Spades Spades 7 7 7 7
“It is not possible for facility security systems to protect against all possible threats.”
Do you agree with this statement?
What threats may be beyond the ability of facility security systems to mitigate?
Spades Spades Spades Spades 8 8 8 8
“Effective security culture can be a business enabler.”
Do you agree with this statement?
How can an effective security culture support the operation of your business?
Spades Spades Spades Spades 9 9 9 9
“An adversarial relationship between the regulator and operator is necessary for ensuring effective nuclear security.”
Do you agree with this statement?
How should the relationship between the nuclear security regulator and operator be managed?
Spades Spades Spades Spades 10 10 10 10
In a research environment, how do you balance academic freedoms with security?
What types of security procedures and processes are likely to be most effective in this environment?
Spades Spades Spades Spades J J J J
Scenario: Your facility is in the process of being decommissioned, with employees made redundant once they complete work on their area of the site.
Does this present a heightened security risk? What steps can be taken to prevent an increase in insider attacks?
Spades Spades Spades Spades Q Q Q Q
Scenario: Your organisation has recently expanded and taken on a number of new suppliers.
What steps can you take to ensure security throughout your supply chain?
Spades Spades Spades Spades K K K K
Scenario: Your organisation has invested heavily in a new state-of-the-art physical protection system and there is widespread confidence in the effectiveness of this technology.
Could this make staff more complacent when thinking about security? If so, how?
Spades Spades Spades Spades A A A A
Scenario: You discover a colleague talking about sensitive security-related work information on social media.
What do you do?
How might this information undermine security? Does it matter if this information is posted outside of working hours?
x

Leadership and Management

Diamonds Diamonds Diamonds Diamonds 2 2 2 2
What is nuclear security culture?
Why is it important?
What are some of the indicators of effective nuclear security culture?
Diamonds Diamonds Diamonds Diamonds 3 3 3 3
“My organisation has an effective nuclear security culture.”
Do you agree with this statement?
How could security culture be improved in your organisation?
Diamonds Diamonds Diamonds Diamonds 4 4 4 4
“Consistent enforcement of security processes and procedures is critical to cultivating an effective nuclear security culture.”
Do you agree with this statement?
How can you help encourage colleagues to follow security processes and procedures?
Diamonds Diamonds Diamonds Diamonds 5 5 5 5
“Staff surveys are an excellent way of assessing nuclear security culture.”
Do you agree with this statement?
What are the strengths and limitations of surveys? What other methods might be used to measure security culture?
Diamonds Diamonds Diamonds Diamonds 6 6 6 6
“All staff should be involved in the formulation of new security processes and procedures.”
Do you agree with this statement?
What are the benefits and drawbacks to involving a wide range of staff?
Diamonds Diamonds Diamonds Diamonds 7 7 7 7
“Reporting security near misses has a reputational cost and is not worthwhile.”
Do you agree with this statement?
What are the potential benefits of reporting near misses?
Diamonds Diamonds Diamonds Diamonds 8 8 8 8
What measures can be taken to protect a nuclear facility from cyber attacks?
What role do employees play in ensuring effective cyber security?
Diamonds Diamonds Diamonds Diamonds 9 9 9 9
“Senior managers should always explain their decisions taken with respect to security.”
Do you agree with this statement?
Are there limitations to what can be shared?
Diamonds Diamonds Diamonds Diamonds 10 10 10 10
“Punitive measures are essential in ensuring effective nuclear security.”
Do you agree with this statement?
What are the limitations of punitive measures? What other mechanisms exist for encouraging security-conscious behaviour?
Diamonds Diamonds Diamonds Diamonds J J J J
Scenario: It is common practice for staff in your organisation to violate security processes and protocols.
What steps could leadership, management and others take to strengthen security compliance?
Diamonds Diamonds Diamonds Diamonds Q Q Q Q
Scenario: It is common practice, after employees leave your organisation, for them to continue to access company systems and sensitive information.
What policies and procedures should be put in place to ensure that company systems and sensitive information are protected?
Diamonds Diamonds Diamonds Diamonds K K K K
Scenario: You are a manager and discover that your staff have been following procedures incorrectly. After training, most staff are now compliant, but a few members are refusing to change their behaviour.
What options are available?
If no action is taken, what is the impact onthe wider team?
Diamonds Diamonds Diamonds Diamonds A A A A
Scenario: Despite the existence of cyber security policies and controls, your organisation is suffering from an ever-increasing number of successful cyber-attacks.
What steps could the leadership, management and others in your organisation take to strengthen cyber security?

In @HobbsCSSS's latest article, 'Data Science in Support of Radiation Detection for Border Monitoring', written in… https://t.co/wP7p2RPEsv

Twitter logo

Contact

Email: csss@kcl.ac.uk

Address: King's Building, Strand Campus, Strand, London, WC2R 2LS