Small Modular Reactors and Advanced Reactor Security: Regulatory Perspectives on Integrating Physical and Cyber Security by Design to Protect Against Malicious Acts and Evolving Threats

How can future nuclear technologies and Small Modular Reactors (SMRs) deter and prevent organized crime groups, terrorists, and malicious actors from attempting to steal or sabotage nuclear materials and facilities? This paper presents the benefits of integrating Security by Design (SeBD) into a regulatory framework to allow more a flexible and effective design of physical protection systems for SMRs. During its effort to modernize the Nuclear Security Regulations, the Canadian Nuclear Safety Commission (CNSC) licensing application process provides for the option of SeBD in moving toward a performancebased approach with less prescriptive requirements. CNSC also recognizes the need for a graded approach using risk-informed criteria for nuclear security. As part of the SMR Vendor Design Review 1 Duguay: Small Modular Reactors Security by Design to Protect Against Malicious Acts and Evolving Threats International Journal of Nuclear Security, Vol.7, No.1, 2020 doi:10.7290/ijns070102 (VDR) process, CNSC reviews SeBD proposals as well as interfaces with safety (robustness), safeguards (Nuclear Material Accounting and Control), operations, and sustainability. The CNSC also recognizes the need to share relevant, nuclear, sensitive information from the National Design Basis Threat (DBT) with SMR designers so they can consider credible and evolving threats in their proposed SeBD. Finally, the interfaces between nuclear security and system engineering specialists within the VDR process allow one to look at both physical and cyber security systems in a more holistic approach. This allows the regulator to look at how SMR developers propose to optimize nuclear safety to mitigate or protect against potential acts of sabotage and radiological release. SeBD offers opportunities to reduce costs for new nuclear facilities. However, it is not a “silver bullet.” SeBD needs to be integrated as part of an overall security strategy taking into consideration essential security policies, facility characteristics, the materials used, and the national threat/DBT. In addition, there are other relevant security challenges to address, such as remote facilities without readily available off-site response capabilities, the concept of building unmanned/remotely operated nuclear facilities, ever evolving cyber security threats, over-reliance on digital technologies, the use of lethal force by autonomous and remotely operated security systems, or protecting floating (e.g., offshore) or transportable SMRs. Some of these SMR designs being considered are for future use, but now is the time to address some complex issues and legal/ethical questions that may shape the reality of future generations.