archive-org.com » ORG » A » AMACAD.ORG

Total: 1374

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • Introduction - American Academy of Arts & Sciences
    among one s family and friends can confuse well meaning parents who want to do the best for their offspring Online forums where appeals to emotion often drown out thoughtful discussion also play a role in vaccination decisions 5 Larger social trends and policy decisions contribute to the mixed messages parents receive as well Recent public health campaigns have been less likely to focus on vaccine preventable diseases than on chronic non communicable afflictions such as heart disease and obesity related conditions that are responsible for a majority of preventable deaths Campaigns to make it easier to obtain philosophical or religious exemptions from state mandated school entry vaccination requirements have been launched across the country Finally vaccines have become victims of their own successes In the United States many young parents have never encountered diseases such as polio measles rubella and Haemophilus influenzae type b meningitis As a result growing numbers of parents believe that vaccine preventable diseases present a negligible risk History has shown this to be a dangerously false assumption to make what s more nowhere is the dictum of thinking globally and acting locally more relevant than in discussing vaccine preventable illnesses Neither infectious diseases nor attitudes about vaccines pay heed to international borders For the past several years much of Western Europe has been suffering from a measles epidemic The recent measles outbreaks in the United States are a direct result of this as deliberately unvaccinated U S citizens were infected when traveling in Europe and then spread the disease once they returned home 6 For more than forty years American and European vaccine panics have fueled each other since the advent of the Internet these unfounded fears have spread to the far reaches of the globe For all these reasons the American Academy organized a

    Original URL path: https://www.amacad.org/content/publications/pubContent.aspx?d=1456 (2016-02-13)
    Open archived version from archive

  • Key Issues - American Academy of Arts & Sciences
    vaccines but also as those who have some misgivings about vaccines a substantial number between 20 and 30 percent end up in this category 14 Today the term vaccine hesitancy has gained acceptance a shift in terminology that reflects not only this more nuanced understanding of parents positions but also the importance of engaging and supporting those whose attitudes are not on one end of the spectrum or the other Constructive dialogue between providers and parents can promote informed decision making and help public health professionals better understand the concerns underlying vaccine hesitancy 15 WHY DO PARENTS SAY NO Recent history shows the devastating effects of inaccurate information about vaccines In 1998 press coverage of British physician Andrew Wakefield s specious claims linking the MMR vaccine to bowel disease and autism caused public confidence in the vaccine to plummet In England MMR coverage rates dropped from nearly 93 percent in 1997 to 79 9 percent in 2003 2004 And once doubt is planted it is hard to uproot In a 2011 survey taken immediately after the Wakefield study was retracted and Wakefield was accused of fraud 27 9 percent of respondents said they still believed there was a link between vaccines and autism In a stark illustration of the fact that simply restating a discredited fear can cause people to believe it is true 5 6 percent of respondents said they were convinced that there was a link between vaccines and autism only after the news reports discrediting Wakefield s study as fraudulent were aired 16 What else drives the vaccine confidence gap Surveys and studies point to a myriad of reasons that parents request non medical exemptions Some are so unfamiliar with the diseases vaccines protect against that they conclude the vaccines themselves are unnecessary Others cite concerns with vaccine safety broadly or rare vaccine side effects specifically while questioning the efficacy of giving vaccines to healthy people in the first place Some believe that vaccines overload children s immune systems or that natural immunity is preferable to vaccine induced immunity others believe that their children can avoid vaccination because a high enough percentage of the population is vaccinated to keep a given disease at bay Choosing not to vaccinate for that reason was described by one popular anti vaccine doctor as hiding in the herd 17 Some parents cite their belief in alternative medicines others are distrustful of the medical system science or anything recommended by government in general 18 On a more individual level social science has shown that individuals have different styles of decision making Some parents accept social norms others are more apt to rely on doctors parents or friends for advice There are also those who scour the primary academic literature in an attempt to understand the science behind vaccines 19 It is also important to remember that decisions about vaccination are not made at a single point in time Many parents have indicated that they began mulling the issue even before deciding to

    Original URL path: https://www.amacad.org/content/publications/pubContent.aspx?d=1457 (2016-02-13)
    Open archived version from archive

  • A Proposed Research Agenda - American Academy of Arts & Sciences
    occurred in 2013 and 2011 and 2013 were the two years with the highest number of domestic measles infections since the 1990s All of the measles outbreaks in 2013 were caused by infections that originated outside of the country and the overwhelming majority of the secondary infections occurred in deliberately unvaccinated children or infants too young to be vaccinated The human and economic costs of these outbreaks are worthy of attention one recent study estimated that the public sector cost of containing a single case of measles is more than 10 000 22 As the scope of the problem has become more apparent the public health and medical communities have begun to examine the best ways to communicate with anxious or wary parents There has not however been a concerted effort to develop an evidenced based toolkit to guide these discussions The following suggested areas of research would provide the necessary data for such an effort CORE ISSUES AND RECOMMENDATIONS FOR RESEARCH 1 Parental Attitudes and Knowledge When and how are attitudes and beliefs about immunization formed How do parents learn about vaccines Where do they encounter vaccine information and how are they influenced by messages from expert and non expert sources How does the perception of the benefits to the individual versus the community shape a parent s decision to vaccinate his or her child To what extent does vaccine hesitancy result from a broader distrust in government and science When are prospective parents or parents of infants most receptive to information about vaccines e g during prenatal care visits at the first well child visit etc Answering these questions will require longitudinal studies within individual communities to assess how and when parents arrive at vaccination decisions how their attitudes and beliefs change over time and what information sources e g primary care physicians Internet television social media local social networks family and friends etc most strongly influence their decisions These studies should sample prospective parents in young adulthood expectant parents during pregnancy parents immediately after the birth of their children and parents when their children are scheduled to receive recommended vaccines 2 The Medical Encounter How can providers best determine parents attitudes about immunization How can providers best respond to parental concerns How can providers best present their science based vaccine recommendations Could a checklist for providers be developed to improve communications with parents Researchers should evaluate the effectiveness of communication strategies including negotiation used by all clinicians when discussing childhood vaccination with parents A clearinghouse of vaccination related interventions and innovations drawing on data from state and local immunization managers and from other countries and how these interventions affect uptake of childhood vaccinations would facilitate such studies 3 At Risk Communities What are the most effective ways to identify geographic communities at increased risk of vaccine preventable disease outbreaks Are there common features among these communities Do social networks play a different role in these communities than in communities at lower risk for vaccine preventable disease outbreaks

    Original URL path: https://www.amacad.org/content/publications/pubContent.aspx?d=1458 (2016-02-13)
    Open archived version from archive

  • Workshop Participants - American Academy of Arts & Sciences
    Berry Deputy Director and Chief Medical Officer Ariadne Labs Robert Blendon Senior Associate Dean Policy Translation and Leadership Development Richard L Menschel Professor of Public Health Professor of Health Policy and Political Analysis Harvard School of Public Health Emily K Brunson Assistant Professor Department of Anthropology Texas State University Joseph N Cappella Gerald R Miller Chair Annenberg School for Communication Professor of Communication University of Pennsylvania Amanda Dempsey Associate Professor of Pediatrics University of Colorado Denver Allison Fisher Epidemiologist National Center for Immunization and Respiratory Diseases Centers for Disease Control and Prevention Bruce Gellin Deputy Assistant Secretary for Health Director National Vaccine Program Office U S Department of Health and Human Services Sharon G Humiston Professor of Pediatrics Division of Emergency and Urgent Care Department of Pediatrics Children s Mercy Hospitals and Clinics Gary L Kreps University Distinguished Professor Department of Communication Director Center for Health and Risk Communication George Mason University Heidi J Larson Senior Lecturer Faculty of Epidemiology Population Health London School of Hygiene Tropical Medicine Larry Madoff Director Division of Epidemiology and Immunization Massachusetts Department of Public Health Professor of Medicine University of Massachusetts Medical School Claire McCarthy Assistant Professor of Pediatrics Harvard Medical School Primary Care Pediatrician Boston Children s Hospital Senior Editor Harvard Health Publications Official Spokesperson American Academy of Pediatrics Margaret McConnell Assistant Professor Department of Global Health Economics Harvard School of Public Health Saad B Omer Associate Professor Hubert Department of Global Health Rollins School of Public Health Associate Professor Emory Vaccine Center Emory University Douglas J Opel Assistant Professor Department of Pediatrics Adjunct Assistant Professor Department of Bioethics and Humanities University of Washington School of Medicine Pediatrician Seattle Children s Hospital and University of Washington Medical Center Walt Orenstein Professor of Medicine Pediatrics Global Health and Epidemiology Emory University Associate Director of

    Original URL path: https://www.amacad.org/content/publications/pubContent.aspx?d=1459 (2016-02-13)
    Open archived version from archive

  • Acknowledgments - American Academy of Arts & Sciences
    Login User Name Password Forgot your password Home A Worst Practices Guide to Acknowledgments A Worst Practices Guide to Insider Threats Lessons from Past Mistakes Acknowledgments The authors would like to thank all of the participants in the December 2011 American Academy of Arts and Sciences workshop on Insider Threats held at the Center for International Security and Cooperation CISAC at Stanford University In addition we thank Roger Howsley Executive Director of the World Institute of Nuclear Security WINS for inviting us to present some of our preliminary findings on this subject at WINS workshops in Vienna Austria and in Johannesburg South Africa We also express our gratitude to the participants in the CISAC Nuclear Studies Reading Group sponsored by the John D and Catherine T MacArthur Foundation at which a first draft of this paper was presented and to the International Atomic Energy Agency for hosting the conference on International Nuclear Security in July 2013 where some of these ideas were also presented Matthew Bunn thanks Nickolas Roth and Laura Dismore and Scott Sagan thanks Anna Coll and Reid Pauly for their research assistance related to this paper Both of us also thank Francesca Giovannini for her superb work

    Original URL path: https://www.amacad.org/content/publications/pubContent.aspx?d=1426 (2016-02-13)
    Open archived version from archive

  • A Worst Practices Guide to Insider Threats: Lessons from Past Mistakes - American Academy of Arts & Sciences
    responsibilities on to someone else Hasan was moving soon from Walter Reed to Fort Hood and officers at the former base knew that as long as they did nothing to raise any issues about his transfer they would not have to deal with him anymore The wonderful phrase used to describe the practice of writing positive reviews of poor performing service members so that they can be shipped to another command is packaged for export Fourth at least some officers feared that actions taken to discipline a Muslim officer for his political statements would have been perceived as discriminatory Fifth there was a severe lack of information sharing between Army security specialists and the JTTF which had responsibility for evaluating the intercepted email messages between Hasan and al Awlaki and between different JTTF offices The San Diego JTTF wanted an investigation of the email communication that it had found but the Washington office had jurisdiction and did not give Hasan as high a priority as the San Diego office thought justified Due to problems with their information systems and misunderstandings between them both the San Diego JTTF and the Washington JTTF thought the other was monitoring Hasan s continued communications when in fact neither was In the end the only investigation that the Washington JTTF performed was a review of Hasan s OERs which found only positive reports and some even sanitized his obsession with Islamic extremism as praiseworthy research 23 No one looked at Hasan s local records interviewed him or spoke to any of his colleagues or superiors Hence a junior Department of Defense official in the Washington JTTF after reviewing the positive OERs made the tragic and controversial decision that Hasan s email conversations with al Awlaki were just part of a research project he therefore did not feel the need to pass on the intelligence reports to Hasan s superior officers The lessons here are disturbing When individual and group incentives push against objective analysis of warning signals and when as often happens in compartmentalized security organizations information sharing is restricted even the reddest of red flags can be ignored Nuclear managers may assume that their systems for detecting red flags are much better that they would surely catch someone like Hasan But the case of Sharif Mobley suggests that this may not always be the case In March 2010 Mobley was arrested in Yemen for alleged involvement in al Qaeda and for shooting a guard in an attempt to escape Yet between 2002 and 2008 prior to traveling to Yemen Mobley worked at five U S nuclear power plants Salem Hope Creek Peach Bottom Limerick Calvert Cliffs and Three Mile Island where he was given unescorted access inside the plant though not in the vital areas to perform maintenance and carry supplies According to a Nuclear Regulatory Commission NRC report Mobley voiced his militant views during his work referring to non Muslim coworkers as infidels and remarking to some in his labor union We are brothers in the union but if a holy war comes look out 24 Though the rules in place at the time required individual workers to report any suspicious behavior on the part of coworkers none of Mobley s fellow union members apparently reported these statements The red flags were again invisible Cases of ignoring red flags as extreme as Hasan s or even Mobley s do not happen often But the issues raised failing to report problems because of the headaches involved passing troublesome employees off to someone else arise in smaller ways in almost every organization Indeed research suggests that indicators of insider security problems are systematically underreported 25 One study of several cases of insider information technology sabotage in critical infrastructure found that 97 percent of the insiders involved in the cases came to the attention of supervisors or coworkers for concerning behavior prior to the attack but the observed behavioral precursors were ignored by the organization 26 All managers of nuclear organizations should be asking themselves how are the incentives for reporting such issues really aligned in my organization How could I test how well such issues are reported How could I improve my organization s ability to detect and act on a potential problem before it occurs Lesson 4 Don t Assume that Insider Conspiracies are Impossible Conspiracies of multiple insiders familiar with the weaknesses of the security system and in some cases including guards or managers are among the most difficult threats for security systems to defeat Many nuclear security systems include only a single insider in the threats they are designed to protect against And many nuclear security experts do not see groups of insiders as a credible threat in a recent survey of nuclear security experts from most of the countries where HEU and separated plutonium exist most agreed that a single insider was a highly credible threat but no one rated multiple insiders as highly credible and only a few rated insider conspiracies as somewhat credible 27 Yet insider conspiracies routinely occur In one database they constituted approximately 10 percent of the crimes examined 28 In 1998 for example an insider conspiracy at one of Russia s largest nuclear weapons facilities attempted to steal 18 5 kilograms of HEU potentially enough for a bomb 29 The Northern Bank case described above is another example involving two trusted senior insiders working together both under coercion from threats to their families The Gandhi case is yet another example again involving two insiders working together both trusted enough to be personal guards to the prime minister The fact that two of the major cases selected above to illustrate other points also involved insider conspiracies is a telling indicator of how important such conspiracies are The lesson here is clear wherever possible nuclear security systems should be designed to offer substantial protection against even a small group of insiders working together Nuclear security managers should set up red team processes for identifying approaches that groups of insiders might use to steal material and for finding cost effective approaches to stop them Lesson 5 Don t Rely on Single Protection Measures Many managers have high confidence in particular elements of their security system from a particularly well trained guard force to portal monitors at every exit Many such systems however are much more vulnerable to being defeated than they first appear especially to insiders who may be among the staff who know how they work Portal monitors are one example they are essential but imperfect In discussion with Matthew Bunn a Livermore security expert described a meeting with representatives of a portal monitor production firm who had very high confidence in their product s ability to detect nuclear material The company gave the security expert a radioactive test sample that they were confident their system could detect and in three times out of five he was able to carry it through the monitor without detection Or consider the case of tamper indicating devices TIDs also known as seals widely used to indicate whether any material has been removed or tampered with Many people believe that an unbroken seal shows with high confidence that the sealed item has not been disturbed Yet a study of 120 types of seals in common commercial and government use found that all 120 could be defeated in ways that would not be detected by the seal inspection protocols in use Tampering was possible with materials available from any hardware store and with defeat times averaging about five minutes 30 The TIDs included sophisticated fiber optic seals among others some of these high tech options did not perform as well when used as people in the field actually use them as lower tech methods In short security managers should never have too much faith in any one element of their security system Seals can be defeated portal monitors can be defeated or gone around guards can fail to search employees employee reporting systems can fail to detect suspicious behavior But with a system that genuinely offers defense in depth it can be made very difficult for an insider adversary to overcome all the layers in the system Lesson 6 Don t Assume that Organizational Culture and Employee Disgruntlement Don t Matter Nuclear organizations often have an engineering culture focused more on the technology than on the people using it Managers sometimes assume that as long as the right systems and procedures are in place employees will follow the procedures and everything will be fine In most countries including the United States regulators do not require operators to take any steps to ensure a strong security culture or even to have a program to assess and improve security culture that regulators can review But the reality is that the culture of an organization and the attitudes of the employees have a major impact on security As General Eugene Habiger former Department of Energy security czar and former commander of U S strategic forces put it Good security is 20 percent equipment and 80 percent culture 31 A visit by Matthew Bunn to a Russian nuclear institute in the mid 2000s provides an example of the impact of security culture on insider protection In the hallway leading to the vault where a substantial amount of weapons grade nuclear material was stored there were two portal monitors that personnel had to pass through one after the other an American machine and a Russian machine When asked why the site official conducting the tour said that the building next door made medical isotopes and on Thursdays when the chemical separations were done to get the desired isotopes from the remainder so much radiation went up the stack that it set off the American made portal monitor So on Thursdays they turned off the American made monitor and relied on the less sensitive Russian one Of course every insider was aware of this practice and would know to plan an attempted theft for a Thursday making the existence of the American portal monitor largely pointless A photograph from a 2001 U S General Accounting Office report provides a similar example it shows a wide open security door at a Russian facility What is remarkable is that the door was propped open on the very day the American auditors were there to photograph it being propped open suggesting that the staff did not see this as a problem 32 Perhaps the most spectacular recent incident caused by a breakdown of security culture was the intrusion by an 82 year old nun and two other protesters at the Y 12 facility in Tennessee in 2012 The protesters went through four layers of fences setting off multiple intrusion detectors but no one bothered to check the alarms until the protesters had spent some time hammering and pouring blood directly on the wall of a building where enough weapons grade HEU metal for thousands of nuclear weapons is stored As it turns out a new intrusion detection system had been setting off ten times as many false alarms as the previous system had yet this was tolerated cameras to allow guards to assess the cause of the alarms had been broken for months and this was also tolerated The guards apparently had gotten sick of checking out all the alarms and even the heavily armed guards inside the building did not bother to check when they heard the hammering assuming that it must have been construction work they had not been told about even though this all took place before dawn 33 To avoid such problems nuclear managers should seek to build a culture in which all employees take security seriously and count it as an important part of their mission all day every day They must also foster employees understanding that security is everyone s responsibility not something only the security team has to worry about 34 Establishing clear incentives that make employees understand that they will be rewarded for good security performance is one key element of building such a culture and of making clear the priority that management places on security 35 Employee satisfaction is another critical aspect of organizational culture Disgruntled employees are much more likely to become insiders and much less likely to proactively help to improve security by reporting odd or suspicious behavior or by creatively looking for security vulnerabilities and ways to fix them In situations ranging from retail theft to IT sabotage disgruntlement has been found to be a key driver of insider threats In the study of IT sabotage cases mentioned above the authors found that 92 percent of the cases examined occurred following a negative work related event such as termination dispute with a current or former employer demotion or transfer Well over half of the insiders in these cases were already perceived in the organization to be disgruntled 36 Fortunately organizations have found that it is not very difficult or expensive to combat employee disgruntlement Providing complaint and ombudsman processes that are perceived to result in actions to address the issues complimenting and rewarding employees for good work addressing the problem of bullying bosses these and other steps can go a long way toward reducing disgruntlement and its contribution to the insider threat 37 It is not known how much of a contribution disgruntlement makes to the probability of an insider taking more serious actions such as stealing nuclear material or sabotaging a nuclear facility Nevertheless for both safety and security reasons nuclear managers should strive to build a strong performance oriented culture in which employees believe that they are respected and treated well and in which they have avenues for their complaints and ideas to be heard Lesson 7 Don t Forget that Insiders May Know about Security Measures and How to Work Around Them Many individuals involved in the nuclear security field have backgrounds in engineering and nuclear safety where the goal is to protect against natural disasters and accidents not against reactive adversaries This can produce a compliance oriented approach to security a belief that once systems are in place that are assessed to be capable of beating the adversaries included in the design basis threat DBT on the pathways designers identified the security system will be effective But reactive adversaries will observe the security systems and the pathways they protect against and they will think of other pathways Insider threats are a particularly dangerous form of reactive adversary because insiders are well placed to understand the organization s security procedures and their weaknesses The best case to illustrate this point is that of Robert Hanssen the senior FBI analyst convicted in 2001 on fifteen counts of espionage in what the FBI has called possibly the worst intelligence disaster in U S history 38 According to the 2003 Department of Justice report on the case Hanssen s initial decision to engage in espionage arose from a complex blend of factors including low self esteem and a desire to demonstrate intellectual superiority a lack of conventional moral restraints a feeling that he was above the law a lifelong fascination with espionage and its trappings and a desire to become a player in that world the financial rewards he would receive and the lack of deterrence a conviction that he could get away with it 39 His espionage activities often raised alarm bells but his insider advantage let him avoid detection in three key ways First Hanssen was capable of being uniquely reactive to counterintelligence investigations because of his placement within the FBI counterintelligence bureaucracy Second Hanssen was able to alter his contact procedures with his Russian associates whenever he felt that he was close to being caught he was even able to search for his own name within the FBI internal database to monitor whether he was the subject of any investigation 40 Third Hanssen knew how to avoid movement within the FBI bureaucracy that would have subjected him to polygraph examinations 41 In other contexts this problem that insiders can observe and work around security measures comes up again and again In a study of insider crimes that might be analogous to insider thefts or attacks at nuclear facilities the authors repeatedly found that the success of insider crimes depended on the perpetrators observation of security vulnerabilities 42 The study of insider IT sabotage mentioned earlier noted that the insiders overwhelmingly took advantage of their knowledge of the IT security systems creating access pathways for themselves completely unknown to the organization in other words they invented ways to attack that the security planners had not known were possible 43 There are several lessons here First security managers need to find creative people with a hacker s mindset to come up with a wide range of ways that insiders might try to beat the security system and then develop security measures that will be effective against a broad range of possibilities A security system adequate to defend against the first few pathways thought of by an unimaginative committee is not likely to be good enough against the real threat Such uncreative vulnerability assessments were the target for Roger Johnston and his colleagues in the Vulnerability Assessment Team at Argonne National Laboratory in their instructive and amusing set of Security Maxims they offer the Thanks for Nothin maxim Any vulnerability assessment which finds no vulnerabilities or only a few is worthless and wrong 44 Second those with the most detailed information about how the organization protects itself against insider threats should be subject to especially strong reviews and monitoring to ensure that the organization is appropriately guarding the guardians Lesson 8 Don t Assume that Security Rules are Followed Security conscious organizations create rules and procedures to protect valuable assets But such organizations also have other often competing goals managers are often tempted to instruct employees to bend the security rules to increase productivity meet a deadline or avoid inconvenience And every hour an employee spends following the letter of security procedures is an hour not spent on activities more likely to result in a promotion or a raise 45 Other motivations friendships union solidarity and familial ties can also affect adherence to strict security rules The cases here are legion indeed any reader who has worked for a large organization with security rules probably has direct experience of some of those rules being violated In many cases the security rules are sufficiently complex and hard to understand that employees violate them inadvertently In some cases the deviations from the rules are more substantial In both the United States and Russia for example there have been cases of nuclear security guards sleeping on the job patrolling without any ammunition in their guns apparently because shift managers wanted to ensure that there would be no accidental firing incidents on their watch and turning off intrusion detection systems when they got tired of checking out false alarms arguably even worse than simply ignoring those alarms as appears to have occurred in the Y 12 case In one U S case prior to the 9 11 attacks an inspector found a security guard at a nuclear facility asleep on duty for more than a half hour but the incident was not considered a serious problem because no terrorists were attacking at that moment raising issues about the security culture of both the operator and the regulator 46 The U S Department of Energy s nuclear laboratories have been known for widespread violations of security rules since the dawn of the nuclear age during the Manhattan Project physicist Richard Feynman was barred from certain facilities for illicitly cracking into safes and violating other rules as pranks to reveal vulnerabilities 47 Feynman s tales of incompetence at the lab emphasize another important lesson do not assume that rules will be implemented intelligently Incentives often drive rule breaking Consider as one example the case of cheating on security tests at Y 12 years before the recent intrusion In January 2004 the U S Department of Energy inspector general found that for many years the Wackenhut Corporation which provided security for the Y 12 National Security Complex in Oak Ridge Tennessee had been cheating on its security exercises These exercises simulated attacks on the nuclear facility challenging the security guards to repel a mock assault The security tests were important to the guard force they could affect the payment the security contractor received and possibly the bonuses that security personnel themselves received Until 2003 the Wackenhut security force received scores of outstanding and a total of 2 2 million in bonuses for their performances on security exercises It was later revealed that up to three weeks in advance of the exercises Wackenhut management told Y 12 security officers which buildings and targets would be attacked the exact number of adversaries and the location where a diversion would occur The protective force thus had ample time to formulate special plans on how to counter the adversary and they were able to place trucks or other obstacles at advantageous points to be used as barricades and concealment by protective force responders for shooting during the exercises The Wackenhut management also identified the best prepared protective force personnel and substituted them for less prepared personnel and officers who would normally relieve other protective force personnel were armed and held in standby to participate in an exercise potentially adding six or seven armed responders who would not normally have been available during a shift And several participants reported that the defenders had also disabled the sensors in their laser tag gear so in the tests they were essentially invincible the system would never score them as having been shot 48 The lesson here is not that security procedures and personnel screening rules are routinely violated at nuclear power facilities They are not Nor is the lesson that nuclear security exercises like those at Y 12 are not important quite the opposite But rules are not followed universally or strictly especially when they are in tension with other goals such as continuing production meeting deadlines and maintaining collegial relations among coworkers And tests are likely to be reliable only when they are independent and uncompromised Nuclear security managers need to think carefully about the incentives employees face and work to make sure that the incentives point in the direction of good security performance rather than poor security performance One element of getting incentives pointed in the right direction is to do away with unneeded security rules rules that are overly burdensome or complex and that contribute little to the overall security of the plant When employees encounter rules they think are senseless they typically do not comply with them This can contribute to a broader culture in which people follow security rules only when they find it convenient and they come to think of security as a problem for them and not us Every high security organization has some of these unneeded or overly complex rules as more rules get added over time in response to each incident that arises By one estimate i n any large organization at least 30 of the security rules policies and procedures are pointless absurd ineffective or actually undermine security by wasting energy and resources by creating cynicism about security and or by driving behaviors that were not anticipated 49 Organizations should have regular processes to search for such rules and get rid of them Lesson 9 Don t Assume that Only Consciously Malicious Insider Actions Matter Some of the highest consequence threats that security organizations face are from malicious outsiders for intelligence agencies this means an adversary s spies for military units it is enemy forces for nuclear facilities it is thieves and saboteurs Security organizations may therefore focus on preventing attacks or theft by outsiders and to the degree that they protect against insider threats they focus on the danger that individuals inside the organization might be recruited by or become sympathetic to a malicious outsider group hence the attention paid to preventing penetration through counterintelligence and personnel screening and monitoring Yet this focus ignores the possibility that an insider threat can occur when an individual commits a dangerous act not out of malicious intent but for other complex reasons The official definitions of insider threats in the IAEA guidelines encourage this focus because they emphasize the malicious characteristic of such a threat The first definition introduced is of the term adversary which is described as any individual performing or attempting to perform a malicious act 50 The IAEA definition of insider builds on this definition of adversary The term insider is used to describe an adversary with authorized access to a nuclear facility a transport operation or sensitive information 51 Thus both definitions include a component of malice The IAEA definition of a threat also implies the presence of malicious intent The term threat is used to describe a likely cause of harm to people damage to property or harm to the environment by an individual or individuals with the motivation intention and capability to commit a malicious act 52 But individuals who plausibly had no malicious intent even though they had very faulty even horrific judgment have caused serious insider threat incidents The October 2001 U S anthrax attacks in which at least five letters containing anthrax spores were mailed to reporters and political figures provide a dramatic case in point though one where the errors of judgment were so extreme as to edge into the territory covered by the IAEA s definitions As a result of these mailings at least twenty two victims contracted anthrax five people died thirty five postal facilities were contaminated and the presence of the anthrax spores was found in seven buildings on Capitol Hill 53 But it appears that there may have been no real intent to kill or sicken anyone The best available evidence suggests that Bruce Ivins a senior scientist at the U S Army Medical Research Institute of Infectious Diseases USAMRIID mailed the envelopes along with letters declaring Death to America Allah is Great Ivins was not however sympathetic with al Qaeda and it is believed that his main motive was to renew national interest in the threat of anthrax Ronald Schouten in the Harvard Review of Psychiatry lists Ivins s motives as an effort to enhance the profile of his anthrax work to improve his own standing among colleagues and to stimulate funding for biodefense by inducing fear in the population and influencing government policy 54 Personal motives were certainly mixed up with the national security motive Ivins had been a major contributor to the development of a controversial anthrax vaccine and a terrorist anthrax attack had the potential to make his work more relevant increase the patent related fees that he was receiving and impress a woman with whom he worked 55 In retrospect Ivins was clearly a sick man with warped judgment and a reckless willingness to risk the lives of others but he did not intend to kill many people through his anthrax mailings Had he intended to do so the likely death toll would have been much larger Many other examples of nonmalicious but highly misguided insiders could be cited Wen Ho Lee who if his version of events is correct took highly classified information home as a backup system to make consulting work easier after leaving the Los Alamos Laboratory Oleg Savchuk who allegedly placed a virus into the computer control system at the Ignalina Nuclear Power Plant in order to call attention to the need for improved security and to be rewarded for his diligence or John Deutch the CIA director who handled highly sensitive classified information on an insecure computer connected to the Internet 56 Indeed security problems arising through inadvertence conflicting incentives and poor judgment are so pervasive that one U S security expert concluded The insider threat from careless or complacent employees and contractors exceeds the threat from malicious insiders though the latter is not negligible This is partially though not totally due to the fact that careless or complacent insiders often unintentionally help nefarious outsiders 57 The lesson that should be learned from these incidents is that efforts to prevent insider threats primarily through screening for loyalty or conversely monitoring for ties to malicious terrorist or criminal organizations are insufficient Such methods will not detect or deter individuals who make poor judgments even radically poor judgments in the name of a private interest or even in pursuit of a distorted vision of the public good Nuclear security managers need to focus on the nonmalicious sources of insecurity as well Building a strong security culture and making good security convenient are two places to start Lesson 10 Don t Focus Only on Prevention and Miss Opportunities for Mitigation The IAEA s best practices guide for insider threats clearly recognizes the need to maintain both rigorous prevention programs and serious mitigation preparations as part of any nuclear security program Indeed even the title of the guide Preventive and Protective Measures against Insider Threats highlights that need Yet there can be a strong temptation to favor prevention efforts over mitigation efforts especially when dealing with exercises in which the public is involved in order to avoid public fears that security incidents are likely Although the 2011 Fukushima accident is clearly a safety not security incident it highlights the dangers that can be created when operators and officials avoid practicing mitigation and emergency response preparations in order to enhance public support for nuclear power and prevent panic Yoichi Funabashi and Kay Kitazawa have compellingly identified a dangerous myth of absolute safety that was used to promote confidence in accident prevention measures rather than conduct nuclear emergency response activities in Japan prior to the March 2011 accident As Funabashi and Kitazawa explain This myth of absolute safety has been propagated by interest groups seeking to gain broad acceptance for nuclear power A public relations effort on behalf of the absolute safety of nuclear power was deemed necessary to overcome the strong anti nuclear sentiments connected to the atomic bombings of Hiroshima and Nagasaki One example of the power of the safety myth involves disaster drills In 2010 the Niigata Prefecture where the 2007 Chuetsu offshore earthquake temporarily shut down the Kashiwazaki Kariwa Nuclear Power Plant made plans to conduct a joint earthquake and nuclear disaster drill But NISA the Nuclear and Industrial Safety Agency advised that a nuclear accident drill premised on an earthquake would cause unnecessary anxiety and misunderstanding among residents The prefecture instead conducted a joint drill premised on heavy snow 58 The myth that the facilities were absolutely safe was repeated so often that it affected operators thinking about emergency response The accident response plan for the Fukushima Daiichi site reportedly said The possibility of a severe accident occurring is so small that from an engineering standpoint it is practically unthinkable If that is what you believe you are not likely to put much effort into preparing to mitigate severe accidents and they did not 59 Fortunately important steps can be taken to mitigate both sabotage and theft at nuclear facilities The key steps to mitigate severe sabotage are largely the same as the key steps to mitigate severe accidents making sure that electric power can be rapidly restored that the reactor core and the fuel in the spent fuel pool can always be kept under water and that if radioactivity is released from the core the amount released to the environment can be limited With respect to nuclear material theft mitigation steps are less effective for once nuclear material has left the site where it is supposed to be it could be anywhere the subsequent lines of defense are largely variations on looking for a needle in a haystack Nevertheless relatively simple steps toward mitigation should not be neglected In recent years for example the U S government has been pressing for countries to ship plutonium and HEU in forms that would require some chemical processing before they could be used in a bomb rather than in pure form Various elements of the effort to interdict nuclear smuggling can also be thought of as mitigation steps should nuclear theft prevention efforts fail But the Fukushima case makes clear that it is important to avoid in both public presentations and private beliefs the myth of absolute security The belief that a facility is already completely secure is never correct and will lead to complacency that is the enemy of preparedness for either prevention or mitigation Prevention of insider threats is a high priority but leaders and operators should never succumb to the temptation to minimize emergency response and mitigation efforts in order to maintain the illusion that there is nothing to be afraid of THE PATH FORWARD Even this brief comparative look at insider threats illustrates that such threats come in diverse and complex forms that the individuals involved can have multiple complex motives and that common though understandable organizational imperfections make insider threats a difficult problem to address adequately Most nuclear organizations appear to underestimate both the scale of the insider threat and the difficulty of addressing it Serious insider threats may well be rare in nuclear security but given the scale of the potential consequences it is crucial to do everything reasonably practical to address them The main lesson of all these cases is do not assume always assess and assess and test as realistically as possible Unfortunately realistic testing of how well insider protections work in practice is very difficult genuinely realistic tests could compromise safety or put testers at risk while tests that security personnel and other staff know are taking place do not genuinely test the performance of the system Nevertheless nuclear security managers need to establish programs for assessment and testing that are as creative and realistic as practicable and to reward the employees involved for finding vulnerabilities and proposing ways to fix them rather than marginalizing people who complain about security vulnerabilities Ensuring that all operators handling nuclear weapons weapons usable nuclear materials or nuclear facilities whose sabotage could have catastrophic consequences have genuinely effective measures in place to cope with insider threats should be a major focus of the nuclear security summit process of the IAEA s nuclear security efforts of WINS s nuclear security program and of regulatory and industry efforts around the world Complacency the belief that the threat is modest and the measures already in place are adequate is the principal enemy of action Hence a better understanding of the reality of the threat is critical to getting countries around the world to put stronger protections in place To foster such an understanding we recommend that countries work together to establish shared analyses of incidents and lessons learned In the world of nuclear safety when an incident occurs the plant performs a root cause analysis and develops lessons learned to prevent similar incidents from occurring again These incident reports and lessons learned are then shared with other reactor operators through organizations such as WANO and national groups such as the U S Institute of Nuclear Power Operations INPO These organizations can then assess trends among the incidents INPO not only distributes lessons learned to U S reactor operators it carries out inspections to assess how well reactor operators are implementing lessons learned Nothing remotely resembling this approach exists in the nuclear security world It is time to begin such an effort assessing security related incidents in depth exploring lessons learned and distributing as much of this information among nuclear security operators as necessary secrecy will allow As we have done in this paper the analyses should include non nuclear incidents that reveal types of problems that arise and types of tactics against which nuclear materials and facilities should be protected Information about incidents and how to protect against them could be a major driver of nuclear security improvement as it has been in

    Original URL path: https://www.amacad.org/content/publications/pubContent.aspx?d=1427 (2016-02-13)
    Open archived version from archive

  • Contributors - American Academy of Arts & Sciences
    Monographs and Project Publications Meetings Overview Induction 2015 Upcoming Meetings and Events Friday Forum 2015 2016 Schedule Past Meetings and Events Fellowships Overview Visiting Scholars Program Hellman Fellowship in Science and Technology Policy Policy Fellowship in the Humanities Education and the Arts Policy Fellowship in Global Security and International Affairs The Exploratory Fund Member Login User Name Password Forgot your password Home A Worst Practices Guide to Contributors A Worst Practices Guide to Insider Threats Lessons from Past Mistakes Contributors Matthew Bunn is Professor of Practice at the Harvard Kennedy School His research interests include nuclear theft and terrorism nuclear proliferation and measures to control it the future of nuclear energy and its fuel cycle and innovation in energy technologies Before coming to Harvard he served as an adviser to the White House Office of Science and Technology Policy as a study director at the National Academy of Sciences and as editor of Arms Control Today He is the author or coauthor of more than 20 books or major technical reports most recently Transforming U S Energy Innovation and over a hundred articles in publications ranging from Science to The Washington Post Scott D Sagan is the Caroline S G

    Original URL path: https://www.amacad.org/content/publications/pubContent.aspx?d=1428 (2016-02-13)
    Open archived version from archive

  • Acknowledgments - American Academy of Arts & Sciences
    Humanities Education and the Arts Policy Fellowship in Global Security and International Affairs The Exploratory Fund Member Login User Name Password Forgot your password Home The Back End of the Nuclea Acknowledgments The Back End of the Nuclear Fuel Cycle Establishing a Viable Roadmap for a Multilateral Interim Storage Facility Acknowledgments There is growing interest worldwide in using civilian nuclear power to meet our increasing energy demands But the spread of nuclear technology in the absence of rigorous safety and security regimes presents unique risks from the potential proliferation of weapons capabilities to new states and subnational and terrorist groups to catastrophic accidents As we have learned from incidents such as the accident at Japan s Fukushima Daiichi nuclear power site a nuclear incident anywhere affects the prospects of nuclear power everywhere The Academy s Global Nuclear Future GNF Initiative is working to prevent such incidents by identifying and advocating for measures that promote strong safety cultures and limit the security and proliferation risks raised by the growing global appetite for nuclear energy The GNF Initiative has created an interdisciplinary and international network of experts who are working together to devise and implement nuclear policy for the twenty first century To help reduce the risks resulting from the global expansion of nuclear energy the GNF Initiative addresses the following key policy areas the international dimension of the nonproliferation regime the entirety of the fuel cycle the physical protection of nuclear facilities and materials and the interaction of the nuclear industry with the nonproliferation community and national regulatory structures Each of these areas presents specific challenges and opportunities and each requires informed and thoughtful policies if we are to reach a comprehensive response to the risks posed by the spread of nuclear technology We would like to acknowledge the contributions of

    Original URL path: https://www.amacad.org/content/publications/pubContent.aspx?d=21696 (2016-02-13)
    Open archived version from archive



  •