Year
2018
Abstract
Nuclear facilities, organizations, and regulatory agencies have a compelling interest in developing effective methodologies to help mitigate potential insider threat. The IAEA Implementing Guide on Preventive and Protective Measures Against Insider Threat (NSS No.8) has multiple references to the role of nuclear security culture (NSC) in addressing insider threat but does not provide any specifics in this regard. This paper attempts to fill in this gap and develop step-by-step guidance for using the evolving NSC methodology to perform this vital function. The IAEA NSC model has 30 characteristics of culture while the Technical Guidance for NSC Self-Assessment lists over 300 culture indicators to illustrate the meaning of each characteristic. At least several of them are directly linked to widely used practices designed to prevent insiders from committing malicious acts and mitigating their possible consequences. Culture indicators associated with these characteristics would enable management to self-reflect to determine existing weaknesses and strengths or launch, if deemed necessary, a full-scope self-assessment focusing on insider threat as the main theme. A followup NSC enhancement plan will prioritize, among other tasks, improving relevant management systems, targeted training curricula, awareness raising and reliable communication systems in a comprehensive effort to promote a robust culture with special emphasis on dealing with insider threat. NSC self-assessments held at regular intervals will enable management to determine whether its follow-up plans yield desired results and what adjustments need to be made under the next plan. Continuous focus on NSC as well as organization-wide dissemination and discussion of self-assessment reports can deter potential insiders from implementing their plans. The proposed approach is just one possible way to cope with the insider risk but it has several important advantages, which are discussed in this paper.