Remarks at the Global Dialogue on Nuclear Security Priorities

It’s a special honor to have each of you here, especially knowing how busy all of you are and how far many of you have had to travel.  So we promise to make the best use of your time.

The Nuclear Threat Initiative began more than a decade ago with the mission to reduce the threats of weapons of mass destruction.  We knew we faced many challenges and two, in particular.

First, most nuclear materials are under the control of governments, and we are a private organization—so we knew that success depends not just on what we could do to make the world more secure but mostly on what we could persuade others to do.

Second, we knew that improving nuclear security raises complex questions for which there are no easy answers.  As Albert Einstein said, “The release of atomic power has changed everything except our way of thinking…”

One lesson we have learned in the last 10 years is that one of the best approaches to finding solutions is to assemble the brightest, most experienced people we know. We come together at a place like this to talk and listen, and we find that by listening to each other, we can begin finding answers to our toughest problems.

This is the idea behind inviting this outstanding group to a series of meetings—to tackle some of our toughest problems in nuclear security and to stimulate discussions that can help lead to answers.  

Many of you here tonight have participated in the last two Nuclear Security Summits—both very positive and constructive events that have helped bring needed attention and focus to nuclear materials security.  We are honored to have the past and future hosts of the summit here with us—security leaders from the United States, South Korea and the Netherlands. Let’s give them a round of applause for their hard work and leadership.

Many of you are on the front lines of nuclear security, working to meet our toughest challenges.  You protect us day-in and day-out, and we thank you for it.

You are dedicated to this important work because you know that the stakes are very high.

As you well know, the consequences of a 20-kiloton bomb (small by today’s standards) detonating in a major city would be staggering—hundreds of thousands of casualties; hospitals, bridges, virtually all communications knocked out; economic losses in the hundreds of billions, an unimaginable political, social and economic catastrophe.  No matter where that bomb went off, the consequences would reverberate around the globe.

“If this can’t be prevented,” Henry Kissinger frequently asks, citizens will wonder, “What’s the use of any government?”

I believe that we must seriously consider new steps to strengthen our global nuclear security system—and with your guidance, we hope to develop recommendations to support the 2014 Nuclear Security Summit in the Netherlands—and the work that will continue beyond that important milestone.

So we hope that during your time here we can begin to develop consensus on how best to strengthen the global nuclear security system.

By now, some of you may be asking, “What do you mean by a strengthened global nuclear security system?” since there is no cohesive system in the first place.

That, of course, is a key point of this meeting. While tremendous progress has been made by many countries to ensure the security of their nuclear materials, this progress has relied largely on ad hoc and reactive measures. A comprehensive framework that can be adapted to emerging threats is still missing.

No matter what country we come from, there are key questions we should be asking ourselves and others.

• Are we comfortable leaving the fate of humanity to such an ad hoc approach to security?
• Even if our own countries have confidence that our security is sound—even perfect—do we have the same confidence about our neighbors and all other countries with nuclear materials?
• What can we do to improve our own security in a way that makes us accountable and allows us to offer assurances to our neighbors, and others, in the face of shared nuclear threats?
• And what should our neighbors and others do to build their own accountability so that we feel confident in their assurances?

All of you hear about real problems and real threats, but let’s think about a few this evening.

I’d like to describe a few scenarios for you.  Some are factual and have really occurred; some are fictional and have not occurred—but certainly could happen. I will not ask for your answers or give grades here, but I would like to get you to think through each scenario and decide in your own mind whether it is fact or fiction.  I know that for most of you experts, this will be elementary—but I think a few examples puts the importance of our work in perspective. 

Scenario Number One:  Investigators in an Eastern European nation arrest six men and seize 4 grams of 90% enriched uranium, an amount the suspected smugglers were offering for sale as a sample. The smugglers claim to have 9 kilograms more for sale—roughly one-third the amount necessary to build a nuclear weapon. 

Experts say the smaller amount of uranium could have come from a civilian research reactor.  But if the smugglers have the 9 kilograms they claim to have, then they may have gained access to larger military stocks.

The material is traced to a uranium enrichment facility in a neighboring country and matched with an earlier seizure, which could mean that both seizures are part of the same lot.

Investigators continue their search for a North African man they believe attempted to buy the uranium before fleeing the country.  Officials worry that the buyer came from a region with a history of terror cells. 

FACT or FICTION?  Did this really happen—or is it a figment of my imagination?

Answer—FACT:   Officials in Moldova announced the arrests in June of 2011.  After extensive questioning of the suspects, a government spokesperson said they believed the smuggling ring had at least 1 kilogram of highly enriched uranium.  Neither the presumed ringleader in the smuggling operation nor the North African man was apprehended.  No further HEU was recovered.

Scenario Number Two:  On an Air Force base of one of the original five nuclear powers, 12 advanced cruise missiles with no warheads are scheduled to be flown from one air base to another, to be decommissioned.  Instead, because of serious procedural violations, six nuclear warheads—each with ten times the power of the Hiroshima bomb—are strapped onto one of the wings of a bomber not certified to carry nuclear weapons. 

Then, without appropriate security and without the knowledge or authorization of anyone in the Air Force, they are flown across the nation to an airbase that does not know nuclear weapons are coming by pilots who did not know they were on board.

Six nuclear warheads go missing—and no alarms sound. 

A former head of the nation’s strategic command comments that: “I have been in the nuclear business since 1966 and am not aware of any incident more disturbing.”

FACT OR FICTION?  Did this really happen—or is it a figment of my imagination?

Answer—FACT.   On August 29, 2007, at Minot Air Force Base in the United States, a ground crew loaded six advanced cruise missiles armed with nuclear warheads on the wing of a B52 aircraft.  The bomber sat on the tarmac for several hours with no added security and then flew over national airspace for 3 hours.  These missiles—the equivalent of 60 Hiroshimas—were out of authorized command and control for more than 24 hours. 

The Air Force fired the squadron commander, saying: “The Air Force has lost all confidence in his ability to handle nuclear weapons.”  Seventy others were disciplined for their roles. 

Scenario Number Three: Based on solid intelligence, troops along the border of a nuclear-armed country seize a cache of 8 kilograms of highly enriched uranium and capture two suspects. After hours of intense interrogation, the suspects tell authorities that the HEU was intended to be delivered to another nuclear-armed state. They say that more nuclear material is headed there.

Meanwhile, Navy forces from the state where the seized material is headed intercept a ship in the Mediterranean Sea and discover an additional 8 kilograms of HEU, with the same destination.

The governments communicate and go on high alert. Police and military take steps to tighten security along borders and elsewhere; intelligence officials comb through recent reports; and political leaders worry that if news of the seizures leaks to the media, panic will spread across the globe.

Faced with the dire threat, leaders from both governments vow to work together, urgently, to determine the source of the materials, how much had been stolen and whether there was more in the hands of terrorists—and whether there was enough to build a bomb.

FACT OR FICTION?  Did this really happen—or is it a figment of my imagination?

Answer—FICTION. The scenario I have just described—which began with Russian forces seizing HEU that smugglers claimed was headed for the United States—was the basis for a table-top exercise last year in Moscow. Current and former high-level officials from Russia and the U.S., as well as other specialists gathered to think together about how they would handle such a critical situation.

Vladimir Kuchinov, who is in our audience today, had an advantage in answering this question. Vladimir participated in the tabletop, which was sponsored by NTI and Igor Ivanov, Russia’s former minister of foreign affairs.

The results were at once unsettling and hopeful.

On the upside, there was a clear understanding, by both countries, of the critical need for cooperation to quickly address the threat. But officials in both countries were hampered by a lack of structures in place, both legal and operational, to make that cooperation timely.

We learned that there are few operational procedures for enhanced cooperation between Russia and the U.S. in a time of crisis. There is little clarity of rules governing information sharing between governments or sample sharing needed for nuclear forensics.

Each country had different approaches to information-sharing and what constituted an emergency.  These shortcomings caused critical delays in responding to the rapidly developing situation and made potential global repercussions more likely. Correcting those flaws is a cooperative work in progress.

Scenario Number Four:   A young computer hacker reads a newspaper story quoting a government official saying there’s no reason to be concerned about cyber attacks against critical infrastructure and no threat to public safety.

But the hacker knows better, and he’s determined to prove it.

He has studied the flaws of industrial control computers—the systems that automate power grids and other infrastructure. To prove his point, he programs his own computer to search the Internet for a specific industrial control computer located at a nuclear plant.

Unfortunately, it’s easier than it sounds.

To get into the nuclear plant’s computer system, he uses a sophisticated but publicly available search engine that can search for computers linked to the web.  Once he gets the machine’s internet address, he is able to find a digital back-door that allows him to read the device’s internal memory, including its password.

He is amazed to find that he is now in control of the spent fuel pools for the nuclear reactors. Without a constant stream of water into the pools, the heat in the spent rods would boil the water away, the uranium rods would be exposed to the air, melt, and release radioactive particles and explosive hydrogen, creating a Fukushima-like event.

The hacker briefly shuts off the supply of water to the spent fuel pools and then turns it back on.  To illustrate what he’s done, he takes screen shots of the plant’s control panels, and sends them to plant and government officials—all part of a dangerous demonstration to make his point about the lack of nuclear security.  The officials keep the incident quiet for fear of public panic. 

FACT OR FICTION?  Did this really happen—or is it a figment of my imagination?

Answer—PART FICTION; PART FACT.  As far as we know, thankfully, there has been no successful effort like this one to hack into the computers that control a nuclear power plant.  Everything else in the scenario is true.  There is a website called Shodan that searches 24 hours a day for computers accessible through the Internet. It identifies industrial control computers that run power plants, water-treatment facilities and other critical systems. 

One researcher using Shodan was able to find a nuclear particle accelerator at the University of California at Berkeley linked to the Internet with basically no security. 

It’s also true that a young hacker was incensed by public officials who dismissed the risk of cyber attacks, and he wanted to prove them wrong.  He gained access not to a nuclear power plant, but to a water treatment plant near Houston, Texas.  Once inside the computer, he did no damage, but instead took screen shots, and posted them on the Internet as a warning. 

Scenario Number Five:  Two teams of gunmen break into a nuclear facility housing substantial amounts of weapons-usable nuclear materials.  One team is chased off, but the other team deactivates several layers of security, enters the facility without sounding an alarm, and breaks into the emergency control center.  Once there, they shoot a guard in the chest and seize a computer.  When an alarm is triggered, they flee.  The team spends 45 minutes inside the facility and is never captured or seen on surveillance cameras.  Three individuals are arrested, but they are later released without being charged. 

The national government did not release details of its investigation.

FACT or FICTION?  Did this really happen—or is it a figment of my imagination?

Answer—FACT:  The attack occurred early in the morning of November 8, 2007 at the Pelindaba nuclear facility in South Africa.  The government said very little about who was behind the break-in, how they broke in or why, though officials later suggested the break-in was an inside job.  It is still not known if the intruders were seeking access to the uranium storage vault, which has enough weapons-grade uranium to make a large number of nuclear bombs.

Just last month, troubling reports surfaced of a new security breach at Pelindaba, which occurred in April of this year. Details have not been made public.

OK—the quiz is over, but our challenges are not.

Each one of these five scenarios is actual or plausible and in either case, should be deeply disturbing to all of us. 

Those who are complacent about nuclear security argue that nuclear catastrophe won’t happen because it hasn’t happened. They rationalize that whatever we’ve done so far has been enough to prevent catastrophic nuclear terrorism, so we might as well just keep doing what we’ve been doing. 

Their reasoning may seem logical. But it is not wise, and that’s because it is only right until the terrible day when it is wrong.  
We understand that it’s human nature to fear and resist change.  That’s why most people prefer the status quo.  The status quo feels safer than change.  But the status quo is a mirage.  Actually, there is no nuclear security status quo.  The threats are constantly changing. And the nuclear threat is either going to get worse or better—depending on what we do. 

In 2012, the IAEA cited three key risks to nuclear security:

1. The state that does not recognize the threat of nuclear terrorism
2. The state that does not take protective action
3. The state that is complacent

This last one—complacency, or the belief that we are already doing enough—is the most dangerous.  Consider this sobering remark from IAEA director Mohamed ElBaradei, while he was in office: “A large percentage of the materials reported as lost or stolen are never recovered,” he says, and perhaps worse, “a large percentage of materials which are recovered have not been previously reported as missing.” This should give us all a renewed sense of mission.

So I would ask you again to consider over the course of this meeting:

What changes would it take to make your country more secure?

What changes would it take to make every country more secure?

Two questions for all of us: If we do nothing, and a nuclear disaster occurs—what would we wish we had done to stop it?  Why don’t we do it now?

Scientists often explain the decline of species with the words “too slow to adapt to a changing environment.” Mankind must avoid this epitaph.

# # #