A Blueprint of CBRN Security Architecture Dr. Igor Khripunov at the seminar “Toward a CBN Security Culture: Developing a Holistic Approach,” 24 April 2012, Vienna, Austria UNSCR 1977 (2011): Emphasis on Implementation • • • Encourages all states to prepare national implementation action plans on a voluntary basis. Promote the sharing of experience, lessons learned, and effective practices in areas covered by resolution 1540 (2004). Conduct a comprehensive review on the status of implementation of resolution 1540 (before May 2016), including, if necessary, recommendations or adjustments to the mandate of the 1540 Committee. The ten year extension of UNSCR 1540 (2004) is likely to turn the resolution into an institution with a unique counter-WMD terrorism mandate. However, this emerging institution risks failure without a robust and comprehensive security culture. What is CBRN Security Culture? CBRN security culture is an assembly of beliefs, attitudes, and patterns of behavior which can reinforce or complement hard (equipment) or soft (rules and regulations) tools in the process of achieving intended security goals. • As its major subset, CBRN security culture (or equivalent constructs under different names) derives its strength, or lack thereof, from organizational culture, but in certain circumstances it can have a positive impact across the board shaping organizational culture. What is CBRN Security Culture? • In all four silos, the foundation of security culture includes human support or • enforcement of common risk-based elements such as: - Deterrence - Protection - Detection - Response to: - Theft - Sabotage - Unauthorized Access - Illegal Transfer - Other malicious acts involving either materials that can be used for unconventional terrorism purposes or their associated facilities The major assumption that drives this pattern of human behavior is that the risk of CBRN terrorism is real and security is important. Four CBRN Silos • The CWC uses “general purpose criteria” to define a • • Chemical • • weapon. Global supply chains are increasingly vulnerable. A multitude of industrial chemicals could be released in massive quantities inflicting lethal effects despite their low toxicity. Less robust physical protection of sprawling petrochemical plants requires a significant input from security conscious personnel. In its recently launched project, the “OPCW as a Platform for Enhancing Security at Chemical Plants,” one of the objectives is to establish “a chemical security culture.” Four CBRN Silos • The BWC uses “general purpose criteria” to define a • • Biological • weapon. The rationale for security is much more closely intertwined with safety and material losses rather than terrorist risks. WHO documents refer to “responsible laboratory practices” defined as protection, control, and accountability for valuable biological materials to help prevent their unauthorized access, loss, theft, misuse, diversion, or intentional release. The International Federation of Biosafety Associations (IFBA) has launched a five year strategic plan wherein the mission is defined as “Safe, Secure, and Responsible Work with Biological Materials” but the term “culture” is yet to be prominently displayed in the professional parlance. Four CBRN Silos • Almost all radioactive substances can be used to commit • Radiological • • acts of radiological terrorism, including fission products, spent fuel from nuclear reactors, commercial radioactive sources, and relatively low-level waste. Radioactive sources pose a special challenge because they number in the millions worldwide, and are in use in a multitude of diverse operations. The Code of Conduct for the Safety and Security of Radioactive Sources has provisions on safety and security culture but is not a binding legal instrument. Major characteristics of this silo are too unique to merge it with the nuclear silo. Four CBRN Silos • The Washington and Seoul Nuclear Security Summits • Nuclear • • elevated the role of nuclear security culture and placed it on par with physical protection and material accountancy. The international legal framework for nuclear security (both binding and nonbinding) has specific references to security culture which may be seen reflected in a series of national laws and regulations. The IAEA adopted the concept of nuclear security culture in 2008, launched a training program, and intends to work toward a new, more diversified security culture which would cover transportation, spent nuclear fuel, and others. Given its current record and advancement in security culture, the IAEA and the nuclear sector can serve as a role model for other silos. Joint Foundation of CBRN Security Culture • • • • Only personnel empowered by a security culture that comes as second nature can continually evaluate the risk environment, and stay ahead of the threat. Among the most important shared characteristics of CBRN security culture are: accountability, reliability, professionalism, compliance, and vigilance. A CBRN security culture will motivate the workforce to meticulously comply with existing security requirements, select the correct course of action when there are options, and improvise effectively in the face of the unknown. “Insider threats” are a common CBRN concern but best practices to deal with them may differ in each silo. Joint Foundation of CBRN Security Culture • The manifestation of CBRN security culture is most important at • • the organizational and individual levels, but their goals are fully achieved only if there are adequate inputs from higher tiers, i.e. international and national levels. CBRN security culture promotion is more likely to achieve sustainability goals if its underlying standards are embedded in societal values, traditions, and best practices. It is imperative for the leaders of organizations to be driving engines for culture building/improvement and act as the role model for their employees. Joint Architecture of CBRN Security Culture • Safety culture has been an integral part of the emergence and evolution of • • science and technology, while CBRN security culture is a late-comer. In this sense, security culture often follows the footsteps of safety culture or remains an integral part of it. The complexities of the safety-security interface make it necessary to look for an innovative terminology across all CBRN silos of which “suerity” may be just one option. However, in the short-term perspective, a uniform terminology denoting security culture in all four silos seems unlikely. Jointly developed and mutually acceptable risk assessment, culture evaluation methodologies, and ways of monitoring and improving the culture on an ongoing basis are important building blocks of a common architecture for CBRN security culture. Final Observations • The CBRN threat environment makes it imperative to explore and shape an • • • appropriate culture-based response in support of the global effort against WMD proliferation and terrorism. Security cultures do exist in respective silos to safeguard sensitive materials, protect assets, and prevent acts of sabotage, but their promotion and implementation are largely isolated from each other in the absence of sufficient horizontal communication and best practice sharing. A major goal of developing a common architecture for CBRN culture is to enable countries that are lacking relevant experience to optimize the role of the human factor in dealing with CBRN risks and complying with their international obligations, including those under UNSCR 1540 (2004). If proven valuable in practice and acceptable across the board, a CBRN security culture may become an important item on the agenda of the 2016 review process for UNSCR 1540.