Background
An incident resulting from the inadequate or negligent management of radioactive sources would likely affect normal business operations and the reputation of an organisation. Ultimately, financial losses (loss of the use of facilities, lost business, lost wages, recovery costs, replacement costs, clean-up costs, and medical costs for employees and members of the public) and loss of reputation could constitute a serious crisis for the organisation.
As the threat from terrorism has grown in the last decades, the awareness that radioactive sources could potentially pose a serious security risk has also grown. As a result, States and regulatory bodies have instituted new regulations and end users developed and implemented security arrangements to mitigate this risk. Radioactive sources can be attractive to both external adversaries as well as insiders who wish to cause harm, in particular by the theft of the radioactive sources for further malicious use (e.g. in a “dirty bomb” or through deliberate exposure to people).
Radioactive sources have certain inherent characteristics that may increase their attractiveness for use in malicious acts by adversaries. Thousands of sources are used for teletherapy and brachytherapy in the medical sector, over 10,000 industrial sources are being supplied annually for radiography, and more than 300 gamma irradiators are in operation.
Groups and individuals with malicious intent may try to use radioactive sources for achieving their nefarious objectives. These adversaries can either come from outside the organisation (outsiders or external threats) or from within it (insiders or insider threats). Insiders are individuals (such as employees, contractors and suppliers) who have authorised access to a facility, transport operation, sensitive information, or computer and communications system who use their trusted position in support of a malicious act.
Building on its series of events and activities supporting the development of robust and comprehensive arrangements for the security of all radioactive sources worldwide, WINS organised a workshop focusing on mitigating internal threats to Categories 2 and 3 radioactive sources.
Categories 2 and 3 radioactive sources are essential for many medical, industrial, and research applications. Category 2 sources are typically used in industrial gamma radiography, high- and medium-dose rate brachytherapy, and radiography. Category 3 sources are typically used in fixed industrial gauges such as level gauges, dredger gauges, conveyor gauges, spinning pipe gauges, and well-logging gauges. If not properly managed, such sources could cause permanent injury to a person who handled them or was otherwise in contact with them for hours or even few minutes for certain Category 2 sources.
While Category 1 sources are often placed in a heavy, difficult-to-transport devices, many Categories 2 or 3 sources are contained in portable containers or even in capsules that are so small they could be hidden in a pocket or suitcase. Some categories 2 or 3 radioactive sources are also frequently transported as part of their use and might be vulnerable to theft during transport or when located outside of their home base.
Insider threats are particularly dangerous because they can use their access, authority and knowledge to bypass dedicated physical protection, safety measures and operating procedures. They also might have more time to select targets, identify vulnerabilities and plan and carry out a malicious act. For example, they could tamper with security equipment to reduce the risk of detection or falsify inventory records to steal small amounts of radioactive material, undetected, over time.
Objectives
The overall objective of this workshop was to exchange experience and lessons learned by various stakeholders when developing and implementing security measures for Categories 2 and 3 radioactive sources and trying to address the internal threats to these sources. In particular, this workshop was an opportunity to:
- Identify practices using Categories 2 and 3 radioactive sources. Explore how their prevalence and how their particular characteristics can influence their security needs.
- Explore Specific Threats. Delve into the unique challenges and risks associated with Categories 2 and 3 radioactive sources, providing a nuanced understanding of potential internal threats within these contexts.
- Share Best Operational Security Practices. Offer a platform for end-users to share experiences, case studies, and best practices in mitigating internal threats related to Categories 2 and 3 radioactive sources.
- Share examples of theft or loss of Categories 2 and 3 radioactive sources. Learn from these real-life experiences and suggest improvements to current practices.
- Understand the role of regulations. Discuss how regulations can and should include requirements to mitigate insider threats.
- Highlight the importance of a robust security culture. Better understand how organisational culture matters and the importance of engaging all staff in security matters.
- Support stakeholder engagement. Facilitate collaboration and knowledge-sharing among diverse stakeholders, including regulatory bodies, industry professionals, and government officials, fostering a cohesive global approach to security.
Audience
This event was open to all interested individuals involved in the security of radioactive sources. The workshop targeted the following stakeholders:
- End-users
- Regulators
- Law enforcement agencies
- Government officials
- Academia
- International organisations
Female participants were strongly encouraged to apply. At least 40 % has been set up as target for female speakers and female participants.
Process
The workshop was conducted online (Zoom) on 23 April 2024 from 14:00 to 17:30, Vienna time. It was held in English.
The workshop was divided into two sessions with a 15-minute break between sessions.
In line with WINS` approach to international workshops, this online event was interactive and professionally facilitated.
The workshop was built around a number of presentations from invited speakers representing the various stakeholders involved in radiological security matters (end users, regulatory bodies and law enforcement agencies), as well as case studies and structured discussions that will enable participants to further explore the topic and share their experience and lesson learned.
An online voting system will also allow participants to provide their views on questions put to the workshop by anonymously registering their opinions.
The workshop was recorded, and the recordings will be made available in the Knowledge Centre of the WINS website.
