Assessing the Status of Insider Threat Mitigation at Nuclear and Radiological Facilities Eight Years after Information Circular 908: A Status Update Following the Second International Symposium

Year
2024
Author(s)
Jon Christian - Culmen International, Supporting DOE/NNSA Office of Radiological Security
Erin McLaughlin - Culmen International, Supporting DOE/NNSA Office of International Nuclear Security
Abstract

In 2016, recognizing the international community’s need to address the insider threat, the United States and Belgium co- sponsored Information Circular 908 (INFCIRC/908), “Joint Statement on Mitigating Insider Threats.” Eight years later, over 30 subscribers to the joint statement have conducted workshops, convened two International Symposiums (2019 and 2024), hosted Steering Committee meetings, and launched five focus groups under the International Working Group to address Insider Threat Mitigation. This paper highlights the insider threat globally, assesses how INFCIRC/908 has contributed to mitigating that threat, considers applications for this work at nuclear and radiological facilities, and considers INFCIRC/908’s adaptability in the future when faced with today’s evolving threat landscape. The INFCIRC/908 International Working Group was formed to build a community of practice dedicated to mitigating the insider threat in nuclear security. Upon its founding, several events were planned in support of this effort. The first International Symposium for Mitigating Insider Threats was held in 2019, where five areas were identified for further investigation. These topical areas developed into the five focus groups which have drafted a series of guidelines and exercises to evaluate radiological and nuclear facilities preparedness to mitigate insider threats. The second event was the International Practitioners Workshop for Insider Threat Mitigation at Nuclear and Radiological Facilities, held in September 2023 at Sandia National Laboratories. Practitioners addressed topics related to trustworthiness and reliability across the employment cycle, physical protection and technical measures, cybersecurity, and sustainability.   In March 2024, the Second International Symposium showcased how meeting commitments of the Joint Statement are advancing our state-of-practice for insider threat mitigation for nuclear and radiological security. Success stories were featured by presenters from around the world Participants exchanged ideas, perspectives, and challenges to detect, deter, mitigate, and respond to insider risks and discussed continuous vetting, implementing security culture, and considerations for mitigating insider threats at advanced and small modular reactors. The impact of emerging technologies in insider threat mitigation capabilities and policies were explored and participants engaged with experts from industry and academia on crossdisciplinary good practices. The Second International Symposium demonstrated that insider threat mitigation must be adaptable to future challenges and unforeseen complexities at radiological and nuclear facilities. Sharing best practices among facilities and industries will be key to mitigating threats in an ever-changing global threat landscape and continuously developing technologies. Utilizing researchers at universities, laboratories, and thinktanks will bring different perspectives and data-driven solutions to the insider threat mitigation arena. Subscribers to INFCIRC/908 will continue to work together to address the security of nuclear and radiological facilities.