Risk Informing Security At The U.s. Nuclear Regulatory Commission

There have been initiatives at the U.S. Nuclear Regulatory Commission (NRC) to risk-inform security. In order to effectively risk-inform security, a risk structure should be established in order to better understand the overall risk framework, as well as how individual elements of security contribute to the overall risk. Although the staff has offered approaches to establish a structure to risk-inform security, NRC management has chosen to not develop a structured approach. Management cannot see immediate benefit, so chooses to pursue piecemeal approaches that rarely result in any measurable results. However, these activities have cost NRC and the industry significant resources, resulting in few measurable results. This paper will provide insights into the historical efforts to risk-inform security and offer an approach that has a higher likelihood of success.