The insider threat to nuclear safety and security

Abstract

Civil nuclear organizations must provide evidence for the resilience of their systems to various threats from humans. Some threats are internal and involve human failure, in terms of error or procedural violation. Other threats are more sinister, and involve grievance, malice and criminal intent. Nuclear organizations apply safety and security risk management to deal with this spectrum of threats from humans. Nuclear safety deals predominantly with internal threat of human failure, whereas nuclear security deals predominantly with threats from outside. However, different threats may be hard to delineate; internal threats and insider threats may share attributes and have similar effects. If divergent functions do not address convergent threats, this may weaken safety and security defences. Therefore, there needs to be a holistic approach to the risk management. This article considers where the human factors discipline fits in addressing the linear defences designed to mitigate safety hazards and security threats, and in addressing non-linear forms of defence designed to mitigate the threat from insiders.