Promoting Security Leadership and Best Practices Worldwide

Dr Roger Howsley, Executive Director, WINS

World Nuclear University, 3rd August 2012, Christ Church, Oxford

Security – Hardly a Strategic Issue.

Right?

Beliefs Influenced by Experience and Exposure to Ideas

Beliefs Influenced by Experience and Exposure to Ideas

DIRECT ACCESS TO THE CHAIRMAN OF THE BOARD MANAGING DIRECTORS GROUP LEGAL DIRECTOR MAIN BOARD SECRETARY GROUP ENGINEERING DIRECTOR CHIEF OPERATIONS DIRECTOR GROUP DIRECTOR, CORPORATE COMMUNICATIONS

Career Path to WINS

1976 • Life Sciences (Honours)

1980 • PhD Life Sciences

1981-

• British Nuclear Fuels Limited

• 1981-1982 Health Physicist

• 1982-1989 International Safeguards and Corporate Audit on Nuclear Materials

BNFL’s UK Sites

•Uranium Conversion •Uranium Enrichment •Fuel Fabrication •Reactors •Reprocessing •Plutonium Storage •MOX Manufacture •Waste Management •Transport:

•Road •Rail •Marine

•Radioactive Sources

Sellafield; BNFL’s Biggest and Most Complex Site

Merger of Safeguards and International Affairs with Security

Director, SSIA

Security Safeguards International

Affairs

Chairman of the UK Nuclear Police Force

International Maritime Plutonium Transport

The 1990 Unpublished Security Policy

TO MEET REGULATORY REQUIREMENTS AT MINIMUM

COST

The 1990 Unpublished Security Policy

TO MEET REGULATORY REQUIREMENTS AT MINIMUM

COST

REQUIRING MASTERLY INACTIVITY...

Is Masterly Activity the Right Strategy?

What makes the Nuclear Industry

Different?

Is Security just a Regulatory Issue?

Agenda

BACKGROUND TO WINS AND ACHIEVEMENTS

MANAGING SECURITY AS A STRATEGIC ISSUE

DISCUSSION – WHAT IT MEANS FOR YOU

Agenda

BACKGROUND TO WINS AND ACHIEVEMENTS

MANAGING SECURITY AS A STRATEGIC ISSUE

DISCUSSION – WHAT IT MEANS FOR YOU

Launch in September 2008 at the IAEA GC

“WINS fills an urgent gap in our need to strengthen the nuclear security system.”

Political Commitment to Improve Nuclear Security

The 2010 Nuclear Security Work Plan

Promote and sustain strong nuclear security culture and corporate commitment to implement robust security

practices, including regular exercises and performance testing of nuclear security features

Facilitate exchange of best practices...in nuclear security in the nuclear industry and in this respect will utilise relevant institutions to support such exchanges

The 2012 Seoul Nuclear Security Summit

“We are keen to contribute to the peaceful use of nuclear energy by leading the 2012 Seoul Nuclear Security Summit to a

success. Nuclear security, which aims to secure nuclear materials from terrorists, is a prerequisite for all nuclear

activities. I look forward to leaders from all over the world gathering in Seoul ...to reach concrete and action-oriented

agreements to guide future activities” President Lee Myung-bak

The Key Issues

HOW DO WE CONVERT POLITICAL COMMITMENT INTO A PRACTICAL AND SUSTAINABLE

REALITY?

HOW DO WE DEVELOP NUCLEAR SECURITY LEADERS

FOR THE FUTURE?

Strategic Gaps in Nuclear Security

There is a huge international need for improvement though some countries have excellent arrangements

Much of the international effort is dealing with the symptoms not the causes

There needs to be a much more strategic approach to addressing the gaps in nuclear security

Enormous differences exist between nuclear safety and security competency, oversight and organisation

Strategic Gaps in Nuclear Security

There are very strong parallels between nuclear safety and security management at all levels

Professional development needs to be provided in a cost effective way, learning the lessons from nuclear safety

There needs to be much better sharing of best practices and operating experience between organisations

Poor corporate governance is key to many of the observed failures to implement effective security

WINS’ Mission

To provide those who are accountable for nuclear security with an international forum in which to share and promote best security practice.

About Best Practices

best practice = most expensive practice

?

About Best Practices

best practice = most expensive practice

About Best Practices

Impact/

Effectiveness Efficiency

Sustainability Collaboration/

Integration

Facilitated Workshops using Innovative Techniques

Practical exercises including simulated Force on Force

International Best Practice Guides

All Guides have a Self Assessment Section

THE “RIGHT” ANSWER IS

ALWAYS “YES”

We Provide a Security Management “Maturity Scale”

1 INEFFECTIVE

2 DEVELOPING

3 GOOD

4 HIGHLY EFFECTIVE

5 WORLD CLASS

Constantly Updated Website

2008 2009

2010 2011

Interactive Member’s Area 2012

Publication of “Special” Reports; Fukushima

INTEGRATING NUCLEAR SAFETY, SECURITY AND EMERGENCY ARRANGEMENTS

A COMMON ASSESSMENT OF RISK AND SHARED NUCLEAR LIABILITY

IMPROVED CORPORATE GOVERNANCE

PEER REVIEW AND SHARING BEST PRACTICES – BUILDING CONFIDENCE

PROFESSIONAL DEVELOPMENT– BUILDING CAPACITY

Market Mechanisms to Improve Security

NUCLEAR SAFETY PERFORMANCE IN US POWER PLANTS AS DETERMINED BY INPO INFLUENCES THE INSURANCE PREMIUM PAID, BUT THERE IS CURRENTLY NO SUCH LINKAGE WITH NUCLEAR SECURITY PERFORMANCE

OTHER MARKET SECTORS, E.G. MARITIME, IT SYSTEMS, ARE EXPLORING THE USE OF MARKET INCENTIVES TO IMPROVE SECURITY PERFORMANCE

WINS’ Achievements

25

International Best Practice Guides published

31

International Best Practice Workshops

8

Published languages

Best Practice Guides; All Operationally Based

1 NUCLEAR SECURITY FOR SCIENTISTS AND ENGINEERS

2 LEARNING FROM OPERATING EXPERIENCE

3 HUMAN RELIABILITY

4 EFFECTIVE SECURITY REGULATION AND IMPLEMENTATION

5 TRACKING TRANSPORT OF NUCLEAR MATERIAL

6 SECURITY OF HIGH ACTIVITY RADIOACTIVE SOURCES

7 MAKING SECURITY EFFICIENT

8 MODELLING AND SIMULATION IN NUCLEAR SECURITY

9 WORKING EFFECTIVELY WITH EXTERNAL RESPONSE FORCES

10 GUARD FORCE TRAINING AND MOTIVATION

11 SECURITY EXERCISES

12 MATERIAL CONTROL AND ACCOUNTANCY IN SUPPORT OF

NUCLEAR SECURITY

Best Practice Guides; All Operationally Based

13 NUCLEAR SECURITY CULTURE 14 SECURITY EQUIPMENT MAINTENANCE 15 MANAGING INTERNAL THREATS 16 THREAT ASSESSMENT 17 SECURITY GOVERNANCE

18 ACCOUNTABILITY AND LIABILITY FOR NUCLEAR SECURITY

INCIDENTS 19 INTEGRATED APPROACH TO NUCLEAR SAFETY AND SECURITY 20 SECURITY BY DESIGN

21 MANAGEMENT AND DEPLOYMENT OF ARMED GUARD

FORCES 22 NUCLEAR SECURITY GUARD SELECTION AND RECRUITMENT 23 SECURITY OF WELL LOGGING RADIOACTIVE SOURCES 24 SECURITY OF IT & IC SYSTEMS AT NUCLEAR FACILITIES 25 COMMUNICATING NUCLEAR SECURITY INFORMATION

Compendium Of Best Practices Launched

Compendium Of Best Practices Launched

ANNUAL REPORT 2011

WINS Membership Growth

1100 members

Annual Membership Questionnaire

MEMBERSHIP QUESTIONNAIRE

said WINS is a valuable forum 99%

85% have modified their approach to nuclear security management as a result of their interactions with WINS

ISO Certification in 2012

Interface Between Nuclear Safety and Security

SAFETY SECURITY

Interface Between Nuclear Safety and Security

SAFETY SECURITY

ALL HAZARDS APPROACH

WANO/WINS Collaboration Launched

WORKING GROUP

Corporate Governance and Security Strategy

ANNUAL REPORT ANNUAL

REPORT

Corporate Governance and Security Strategy

NUCLEAR OPERATORS

REGULATORS

ANNUAL REPORT

ANNUAL REPORT

Corporate Governance and Security Strategy

Professional Development

NUCLEAR SECURITY NUCLEAR SAFETY

UNEQUAL OPPORTUNITIES

Professional Development and Certification

MEDICINE NURSING

LAW DENTISTRY TEACHING

ACCOUNTING VETERINARY MEDICINE

PHARMACY PSYCHOLOGY ENGINEERING

ARCHITECTURE

Certified Protection Professional (CPP®) Since 1977 Preeminent designation awarded to individuals whose primary responsibilities are in security management and who have demonstrated advanced knowledge in security solutions and best business practices. Professional Certified Investigator (PCI®) Introduced in 2002 Technical designation award to those individuals whose primary responsibilities are to conduct investigations and who have demonstrated in-depth operational knowledge and competence in this area. Physical Security Professional (PSP®) Introduced in 2002 Technical designation awarded to those individuals whose primary responsibilities are to conduct physical security surveys, design integrated security systems, or install, operate or maintain those systems and who have demonstrated in-depth operational knowledge and competence in this area.

ASIS International: Certified Programmes

Wharton/ASIS Program for Security Executives

Right intentions; ineffective outcomes

What are the most common metrics for all the money spent on security training

“courses” around the world?

Right intentions; ineffective outcomes

What are the most common metrics for all the money spent on security training

“courses” around the world?

“We had 37 attendees from 11 countries”

and a Group Photo...

WINS is proud to

introduce….

The WINS Academy Launched

WINS Academy Strategy Published

The WINS Academy Launched

THE WINS ACADEMY MISSION

To provide world-class, accredited, competency- based training materials for those managers with

nuclear security responsibilities.

The WINS Academy materials will be available for use by Institutes and Centres of

Excellence around the world, and should save everyone

a considerable amount of money

The WINS Academy Launched

What are the Advantages?

COST EFFECTIVENESS

BUSINESS EFFICENCY

PUBLIC CONFIDENCE

What are the Advantages of Accreditation?

PROFESSIONAL STANDING

TRANSPARENCY OF STANDARDS

INDEPENDENT ACCREDITATION

The Forward Programme

BUILD THE NUCLEAR SECURITY COMPETENCY FRAMEWORK

AUGUST 2012

CONDUCT AN INTERNATIONAL CAPABILITY AND CAPACITY REVIEW

JANUARY 2013

PRODUCE THE WINS ACADEMY PD MATERIALS

JANUARY 2013

SELECT CENTRES OF EXCELLENCE AND INSTITUTES FOR WINS ACCREDITATION

MAY 2013

The Forward Programme

ACHIEVE ISO 9001 ACCREDITATION

DECEMBER 2012

ESTABLISH GOVERNANCE ARRANGEMENTS FOR THE WINS ACADEMY

DECEMBER 2012

EXAMINE THE FEASBILITY AND COSTS OF PROVIDING E-LEARNING

DECEMBER 2012

IMPLEMENT WINS ACADEMY PD COURSES

JUNE 2013

Key Roles for Job-Task Analysis

Board Members /Secretary to the Board

Senior Management – CEOs/Chief Operating Officers

Nuclear Security Directors/Managers

Engineers (and Designers) and Scientists engaged in nuclear-security related activities or with nuclear security interfaces

Nuclear Safety and Emergency Planning Managers

Off-Site Response Force Management

Regulators

Agenda

BACKGROUND TO WINS AND ACHIEVEMENTS

MANAGING SECURITY AS A STRATEGIC ISSUE

DISCUSSION – WHAT IT MEANS FOR YOU

Security as a Strategic Issue

• WHY SECURITY NEEDS TO BE INCLUDED IN THE OVERALL STRATGEY OF THE ORGANISATION

• THE ACCOUNTABILITIES FOR NUCLEAR SECURITY PROGRAMME MANAGEMENT

• HOW TO DEVELOP A NUCLEAR SECURITY PROGRAMME FOR YOUR ORGANISATION

Strategy

What do we mean by Strategy?

Strategy

What do we mean by Strategy?

• The overall scope and direction of a corporation and the way in which its various business operations work together to achieve particular goals

Strategy

Why does Security need to be aligned to Strategy?

Strategy

Why does Security need to be aligned to Strategy?

• If it isn’t it will be seen as an obstacle to business; “shock and awe” don’t work

• Think about the positive linkages between security and the corporation’s objectives

• Think about what makes “Nuclear” different

Policy

How is Strategy Communicated?

What does a good published policy statement include?

What does a good nuclear security policy look like?

Policy

“The Board of XX believes that effective nuclear security performance is central to our business success and reputation, and we are committed as an organisation to ensure that our security programme is comprehensive, properly resourced, performance based, regularly tested and subject to Board oversight. We are committed to working in partnership with other organisations that can contribute to the effectiveness of our security programme and to seek continuous improvement in our processes and procedures. We will publish an annual, unclassified report that provides details of our oversight arrangements for the security programme.”

Governance and Culture

• Who is accountable for nuclear security?

Governance and Culture

• Who is accountable for nuclear security?

• What role does the Board take?

Governance and Culture

• Who is accountable for nuclear security?

• What role does the Board take?

• What distinguishes the Board and the CEO?

Governance and Culture

• Who is accountable for nuclear security?

• What role does the Board take?

• What distinguishes the Board and the CEO?

• What influences the organisation’s culture

Governance and Culture

• Who is accountable for nuclear security?

• What role does the Board take?

• What distinguishes the Board and the CEO?

• What influences the organisation’s culture

• Can we measure an organisation’s culture?

Governance and Culture

• Who is accountable for nuclear security?

• What role does the Board take?

• What distinguishes the Board and the CEO?

• What influences the organisation’s culture

• Can we measure an organisation’s culture?

• What practical steps can improve culture?

Cross Functional Oversight

Cross Functional Oversight

Cross Functional Oversight

What Terms of Reference would the Executive Security Committee have?

Cross Functional Oversight

To meet quarterly to review the Security Programme, its effectiveness and efficiency

To agree Security Performance metrics

To agree the security exercise and testing programme

To review and approve Security Policies and major procedures

To promote security culture in each of their departments/directorates

To appoint Business Partners in each of their departments for security; Security Liaison Managers

Cross Functional Oversight

What Annual Cycle of Agenda items would the Committee have?

What factors are important?

Cross Functional Oversight

What Annual Cycle of Agenda items would the Committee have?

What factors are important?

Alignment with processes in the rest of the business; budgetary cycles, reporting

requirements, CSR, Policy reviews, QMS, meeting the needs of other departments

The Security Programme

What do we mean by the “Security Programme”?

How does this differ from the “Security Plan” that might be necessary for the

Security Regulator?

The Security Programme

What matters to each of these departments from a security perspective?

The Security Programme

HUMAN RESOURCES

VETTING AND RECRUITMENT COMPETENCY BASED TRAINING PROFESSIONAL DEVELOPMENT

SAFETY

DESIGN BASIS THREAT DECONFLICTING SAFETY AND

SECURITY EMERGENCY EVACUATION

SAFETY TRAINING FOR SECURITY PERSONNEL

OPERATIONS

ACCESS CONTROL INSIDER THREATS EMERGENCY RESPONSE

PLANT MODIFICATION PROPOSALS

THEFT AND MALICIOUS ACTIONS

Security Metrics

What are the differences between leading and lagging indicators?

What constitutes good security metrics?

How can Security learn from Operating Experience?

Security Metrics

The Security Programme

OPERATIONS

ACCESS CONTROL

INSIDER THREATS

EMERGENCY RESPONSE

PLANT MODIFICATION

PROPOSALS

THEFT AND MALICIOUS

ACTIONS

Use the Departmental priorities to map out the metrics

Think about what makes good leading and lagging indicators

The Security Programme

Organise the metrics according to strategic importance; Corporate, Departmental,

Team/Individual

Develop a Balanced Scorecard of Security Metrics

See if you can include a measure of risk assessment; the “Confidence Level”

Summary; Establishing the Security Programme

ESTABLISH AND PUBLISH THE CORPORATE STRATEGY

ESTABLISH THE GOVERNANCE ARRANGEMENTS AND SET THE CULTURE

ESTABLISH CROSS-FUNCTIONAL OVERSIGHT

ESTABLISH A COMPREHENSIVE SECURITY PROGRAMME

ESTABLISH SECURITY METRICS WITH LEADING AND LAGGING INDICATORS

The 1990 Unpublished Security Policy

TO MEET REGULATORY REQUIREMENTS AT MINIMUM

COST

REQUIRING MASTERLY INACTIVITY...

The Revised Policy

The Board believes that effective management of nuclear security performance at operational, regulatory and

international level is central to business success

The Revised Policy

The Board believes that effective management of nuclear security performance at operational, regulatory and

international level is central to business success

Agenda

BACKGROUND TO WINS AND ACHIEVEMENTS

MANAGING SECURITY AS A STRATEGIC ISSUE

DISCUSSION – WHAT IT MEANS FOR YOU

Thank you for your attention and join WINS!

www.wins.org