Strengthening Nuclear Security With a Sustainable CPPNM Regime


June 2019
By Samantha Neakrase

In late 2015, investigators discovered chilling surveillance video in the possession of a suspected terrorist alleged to have been involved in the November 2015 attacks in Paris.1 The Islamic State took credit for those attacks, and the video footage suggested it had been watching a high-ranking Belgian nuclear official who had access to secure areas of a Belgian nuclear research facility.2

IAEA Director-General Yukiya Amano (second from left) visits the Belgian Nuclear Research Facility SCK-CEN in 2018.  The site was one of those accessible to a Belgian official who was reportedly surveilled by terrorists in 2015. (Photo: SCK-CEN/IAEA)The video’s existence raised concerns that the group was seeking to acquire materials for a primitive nuclear device or a dirty bomb. Was there a plan to abduct the official and ransom him for nuclear or radioactive materials or to bribe or coerce the official to turn him into an unwilling insider?

Other evidence gathered in the same investigation pointed to additional terrorist plans to “do something involving one of [Belgium’s] four nuclear sites,” which include two nuclear power plants, a company that produces medical isotopes, and the nuclear research facility.3 Despite these concerns, authorities had not taken additional measures to protect the facility beyond cautioning employees to “increase their vigilance,” The New York Times reported.4

The intent of the terrorist surveillance remains unclear, but the discovery served as an important reminder that nuclear facilities and materials continue to be targets of interest to terrorists. There are many other incidents tracked by organizations such as Harvard University’s Belfer Center for Science and International Affairs, the James Martin Center for Nonproliferation Studies (CNS), and the International Atomic Energy Agency (IAEA) Incident and Trafficking Database.5 The CNS Global Incidents and Trafficking Database, a tool launched in June 2013 to track incidents of theft or loss of nuclear and other radioactive materials, contains hundreds of incidents of loss, theft, and unauthorized possession of those materials in 2017 and 2018 alone. Three illicit trafficking incidents were reported in the database in 2017 involving nuclear materials, including one case involving the sale of plutonium-239 and plutonium-241.

More broadly, terrorist attacks continue across the globe, including by the Islamic State and others, and the threat is constantly evolving. New technologies, such as cyberweapons that could disrupt nuclear facility security systems, and access to greater financial resources enable terrorist groups to become more sophisticated.

These continuing threats and documented incidents show that nuclear terrorism is today’s problem. Addressing this threat is an urgent priority. Just as terrorists have not lost focus on their desire to acquire and use a nuclear or radiological bomb, neither can the international community, especially governments, lose focus on the need to prevent such a catastrophic event from happening. Protecting nuclear materials and nuclear facilities from the threats posed by terrorists and other nonstate actors is too important a mission to let slide into complacency and neglect.

The CPPNM Regime

One of the most important tools in the fight against nuclear terrorism is the Convention on the Physical Protection of Nuclear Material (CPPNM). A 2005 amendment to the convention entered into force in 2016, making it the only legally binding treaty requiring countries to protect nuclear materials and facilities.6 Opened for signature in 1980, the CPPNM today has 155 states-parties, while only 102 have ratified the amendment.

This foundational international treaty is even more important now that the nuclear security summits, the biennial gatherings of more than 50 heads of government that were held between 2010 and 2016, have ended. The summits were convened to focus attention on nuclear terrorism, encourage action and commitments to prevent nuclear theft and sabotage, and strengthen the global nuclear security architecture. Unfortunately, high-level attention has waned since the summits, but 2021 provides an opportunity to reinvigorate global nuclear security efforts at the review conference for the amended CPPNM.

Article 16 of the amended CPPNM requires the IAEA, the treaty’s depositary, to convene a review conference five years after the amendment’s entry into force. States should use the review conference to create a forum for parties to engage in regular dialogue on how the treaty is being translated into on-the-ground nuclear security progress, monitor and identify gaps in implementation, review progress, promote continuous improvement, and discuss emerging nuclear threats. Parties can turn the amended CPPNM into a living, breathing tool for dialogue and progress and demonstrate their commitment to building a strong, effective, and sustainable CPPNM regime.

Perhaps the most important outcome of the 2021 review conference would be a decision to hold regular review conferences in the future with intervals of not less than five years, as allowed by Article 16. Because the terrorist threat will continue to evolve, the treaty must also be dynamic and evolve. This will require parties to meet regularly to discuss how the treaty’s implementation must change to reflect changes in the threat environment, advances in states’ ability to protect materials and facilities, development of best practices, and emerging technologies. The treaty’s own language, that the purpose of the review conference is to review the implementation of the treaty “in the light of the then prevailing situation,” acknowledges this reality. Continuity of the review process, particularly opportunities for regular dialogue on nuclear security, will enable the treaty to maintain its long-term relevance.

After the CPPNM entered into force in 1987, one review conference was held five years later, but the participants did not exercise their option to call for further review conferences. Repeating this history for the amended CPPNM would ignore the valuable opportunity the treaty offers to review this essential tool. Parties should instead agree at the 2021 review conference to hold review conferences regularly as a standing arrangement, instead of waiting for a request of the majority of parties to do so on an ad hoc basis. Without a decision at the 2021 review conference, there is a risk that it will be the last, as was the case with the original CPPNM.

Ideally, treaty parties would agree to hold review conferences every five years, as permitted by the treaty. It is difficult to imagine that a five-year review cycle would not be warranted given that significant changes in the threat environment, technology, and the tools to address threats are likely. In reality, allowing flexible frequency may be appropriate to account for other international conferences and events, such as the IAEA International Conference on Nuclear Security (ICONS), and to respond to developments in the global security environment. For instance, if ICONS is held every three years, it may make sense for a review conference on the amended CPPNM to be held every six years. Whether parties agree to a fixed period of five or six years, parties could agree that they would be able to adjust the date of the subsequent review conference to account for factors that would affect its timing. At a minimum, parties at the 2021 review conference should set the date for the following review conference and require that each successive review conference will set a future review conference date. In other words, states would agree to hold review conferences in perpetuity, but not on a predetermined schedule. To avoid review conferences being set too far into the future and to reflect the reality of fast-evolving threats, however, parties should agree that the time between review conferences will not exceed a set period, such as seven or eight years.

There is precedent for regularizing a treaty review process when regular review conferences are not required by the treaty. The nuclear Nonproliferation Treaty (NPT), for example, contains similar review conference language to the CPPNM and the amended version. At each of the early NPT review conferences, parties requested the convening of the next review conference in five years’ time. At the 1995 NPT Review and Extension Conference, the parties agreed to continue holding such review conferences every five years.

A Unique Forum for Sustained Dialogue

Regular review conferences are an integral part of many treaty regimes to ensure the treaty’s viability in light of changing circumstances.7 This is even more important when the treaty’s purpose is to address a threat that will continue to evolve. Review conferences can strengthen a treaty regime by developing a common understanding of key provisions and help states set goals for implementation. Given that most major treaties have regular review conferences, it would be an odd omission for a treaty as vital to global security as the amended CPPNM not to be supported by regular review conferences. When it comes to addressing one of the most dangerous threats worldwide, why should the amended CPPNM be treated differently? To the contrary, a regular, substantive review conference for the amended CPPNM will provide unique benefits not available in any other forum. Regular review conferences will have a different character and purpose from other nuclear security forums, such as ICONS or the annual amended CPPNM points of contact meetings that are convened by the IAEA.

The 2016 Nuclear Security Summit in Washington, D.C., was the last in the summit series. A regular review conference for the amended CPPNM could provide nations with a forum to discuss nuclear security issues. (Photo: Ben Solomon/U.S. State Department)First, the review conference is the only legally mandated forum for enduring nuclear security dialogue. ICONS, which is approved by IAEA member states in an annual nuclear security resolution, was first held in 2013 and is currently on a three- or four-year cycle. Although ICONS covers a range of nuclear security-related topics and informs the work of the IAEA in the area of nuclear security, it is not based on a concrete set of legal obligations. The point of contact meetings, while also useful technical meetings, are not specifically mandated under the treaty and have only been convened since 2016. The legal basis for the review conference provides a stronger mandate for sustained dialogue on nuclear security and greater durability than other conferences and meetings that rely on the continued interest and resources of IAEA member states.

Second, the amended CPPNM can offer a different level of interaction than ICONS and point of contact meetings. ICONS features a one-day ministerial session attended by relatively few actual ministers, and the bulk of ICONS is dedicated to technical sessions attended by diplomats, technical experts, academics, and representatives from nongovernmental organizations. The point of contact meetings are attended by technical experts, usually regulators. In contrast, the appropriate level of participation for the review conference would be senior officials who can go beyond technical discussions and discuss policies and priorities for nuclear security. They would be knowledgeable about nuclear security and empowered to make decisions.

Third, the purpose of the review conference and its agenda should be different from ICONS and point of contact meetings, neither of which provide for a high-level, multiday dialogue on forward-looking policies and priorities for nuclear security. At the ICONS ministerial, senior officials make national statements and issue high-level principles for nuclear security, but the meeting is quite limited in scope. At the technical sessions, experts give presentations on a range of nuclear and radiological topics. The point of contact meetings similarly are much more limited in scope. These one- or two-day meetings focus on the technical aspects of implementation of the amended CPPNM, but do not assess nuclear security progress or set priorities for the future and are not aimed at taking forward-looking action to strengthen the CPPNM regime. In contrast, the review conference provision is broad and flexible enough to provide for a multiday, substantive, policy-level discussion of a range of themes and topics relevant to the treaty, such as the threat environment, nuclear security progress, gaps and challenges to implementation, and priorities for future progress.

Finally, the review conference can be a forum for countries to commit to nuclear security progress and further strengthen implementation of their treaty obligations. Just as nuclear security is never finished and requires continuous improvement, implementation of the treaty requires constant attention and committed action. Parties could pledge to host peer reviews, participate in international workshops and trainings, implement IAEA nuclear security guidance, and share best practices and lessons learned. Commitments made at the review conference would be more specific and tailored to each country’s own circumstances than the broad commitments made in the ICONS ministerial declaration; the point of contact meetings have no decision-making or commitment-making component.

A Vision for the Review Conference

The amended CPPNM provides almost no guidance for the review conference, only stating that it will “review the implementation of this Convention and its adequacy as concerns the preamble, the whole of the operative part and the annexes in light of the then prevailing situation.” This minimal guidance allows parties to design a review conference with outcomes that are most likely to achieve the objectives of a strong, effective, and sustainable treaty regime. States should be ambitious and take advantage of this singular opportunity.

The review conference should have a robust, substantive agenda designed to allow for an in-depth dialogue on themes or topics derived from the treaty’s operative text and preamble, a more effective approach than taking a narrower provision-by-provision approach. These themes could be incorporated into a plenary agenda and supported by additional breakout sessions to facilitate in-depth discussions about topics relevant to subsets of countries or specific regions.

One theme could cover the IAEA’s role in nuclear security. Such a dialogue would be productive and appropriate given the agency’s role as the treaty depositary and convener of the review conference. The discussion could build awareness of and promote significant IAEA nuclear security resources, including its Integrated Nuclear Security Support Plans and its peer reviews such as the International Physical Protection Advisory Services, which support member states’ implementation of the treaty’s provisions. Promoting implementation of IAEA nuclear security guidance would also be a positive step toward building common, international nuclear security standards and would be consistent with the treaty’s reference to “internationally formulated recommendations” in the preamble and the fundamental principles in the operative text. Countries could also share success stories of IAEA assistance in implementing nuclear security, which could encourage additional financial and political support for the IAEA’s important nuclear security mission.

Emerging technology is ripe for discussion, including offensive use of technology that could lead to theft or sabotage and defensive use of new technology to protect materials and facilities. As technology evolves, so must the assessment of those technologies as potential security assets and risks. Cybertools, for example, can be used to enhance security as technology becomes more sophisticated and reliable, but they can also be used to defeat digital security systems designed to protect nuclear materials and facilities.8 Building awareness of cyber capabilities and the need to develop measures to prevent or mitigate cyber-mediated theft and sabotage would be a significant contribution to nuclear security.

In another thematic discussion, countries could consider whether physical protection includes protection against cyberattacks. There are strong arguments for doing so. Cyberweapons are just one of many types of weapons or tools, such as guns, bombs, or other traditional weapons, that could be deployed to defeat physical security measures, and efforts to defend against cybertools link directly to physical protection. A flexible definition of physical protection means the CPPNM regime will remain relevant as the threat evolves and as adversaries adapt their tools to defeat security.

The review conference should devote time to discuss the risk environment. Review conferences should not occur in a vacuum but in light of current, evolving, and predicted future threats. Consistent with Article 16’s reference to reviewing implementation “in light of the then prevailing situation,” a discussion of the risk environment would be an opportunity to assess how implementation and interpretation of the treaty need to adapt to reflect contemporary and emerging threats and to maintain the treaty’s relevance as a long-term tool for nuclear security.

Another item to be addressed at the review conference could be Article 14, which requires states to submit information to the IAEA on “the laws and regulations which give effect to” the convention. An important outcome for the 2021 review conference would be for all states to submit their reports at or before the meeting and to discuss best practices in reporting, including a possible reporting template. States could go beyond their Article 14 obligation by making nonsensitive portions of their reports public, as some countries have done already. They also voluntarily could provide broader information on their nuclear security programs and the steps they are taking to continuously improve security.9 In fact, Article 5 encourages information sharing among parties for the purpose of “obtaining guidance on the design, maintenance, and improvement of its national system of physical protection of nuclear material.” Sharing information on nuclear security practices, while protecting sensitive information, provides valuable opportunities for states to learn from one another and build confidence in the security of their nuclear materials. Releasing information to the public also helps to build confidence in nuclear security, which “may contribute to the positive perception, at a national level, of peaceful nuclear activities, globally,” according to the resolution on nuclear security adopted by the 2018 IAEA General Conference.10

2021 and a Unique Opportunity

The amended CPPNM invites states to be ambitious by providing a broad, flexible basis on which to design a robust agenda for nuclear security dialogue. This is vital for building on significant nuclear security achievements and preventing international complacency over nuclear terrorism. This can be achieved with a robust and meaningful, outcome-oriented review conference in 2021. The 2021 review conference will be an important, and perhaps the only, opportunity to establish the building blocks for a strong, effective, and sustainable CPPNM regime for combating nuclear threats, now and in the future. Seizing this opportunity requires vision, ambition, and strong leadership. This is too great a chance to squander when the collective mission to prevent nuclear terrorism is so consequential.

 

ENDNOTES

1. Alissa J. Rubin and Milan Schreuer, “Belgium Fears Nuclear Plants Are Vulnerable,” The New York Times, March 26, 2016, p. A1; Milan Schreuer and Alissa J. Rubin, “Video Found in Belgium of Nuclear Official May Point to Bigger Plot,” The New York Times, February 18, 2016.

2. Milan Schreuer and Alissa J. Rubin, “Video Found in Belgium May Point to Bigger Plot,” The New York Times, February 19, 2016, p. A4.

3. Ibid.

4. Ibid.

5. For a list of other incidents, see Matthew Bunn, Nickolas Roth, and William H. Tobey, “Combating Complacency About Nuclear Terrorism,” Project on Managing the Atom Policy Brief, March 2019, https://www.belfercenter.org/sites/default/files/2019-03/NuclearSecurityPolicyBrief_2.pdf?fbclid=IwAR3OcJ37tRb4y-Qpk1PCtFChMXE8lWrzrhLTT9VA1_3-IWh1Sg6ZK8EvEj8. For the database, see “CNS Global Incidents and Trafficking Database,” April 25, 2019, https://www.nti.org/analysis/articles/cns-global-incidents-and-trafficking-database/.

6. The CPPNM covers only physical protection of nuclear materials in international transport, but the 2005 amendment significantly expands the treaty’s scope to require protection of all nuclear materials against theft and of nuclear facilities against sabotage. See Convention on the Physical Protection of Nuclear Material (CPPNM), October 26, 1979, 1456 U.N.T.S. 24631, art. 2. Compare this to article 2A of the 2005 amendment to the CPPNM. See International Atomic Energy Agency (IAEA), “Nuclear Security - Measures to Protect Against Nuclear Terrorism: Amendment to the Convention on the Physical Protection of Nuclear Material,” GOV/INF/2005/10-GC(49)/INF/6, September 6, 2005. There are two other international legal instruments relevant to fighting nuclear terrorism: the International Convention for the Suppression of Acts of Nuclear Terrorism, which requires states to criminalize and cooperate in the prosecution of acts of terrorism, and UN Security Council Resolution 1540.

7. Jonathan Herbach and Samantha Pitts-Kiefer, “More Work to Do: A Pathway for Future Progress on Strengthening Nuclear Security,” October 2015, Arms Control Today.

8. Another example is drones, which have the potential to enhance security by providing additional eyes and ears to supplement guard force capabilities at facilities and in transport convoys. They can also be used by bad actors to carry out surveillance or attacks.

9. For states that already feel a heavy reporting burden, the Consolidated National Nuclear Security Report offered as a template by the Dutch government at the 2016 nuclear security summit can be a useful tool. See “Consolidated National Nuclear Security Report,” n.d., https://static1.squarespace.com/static/568be36505f8e2af8023adf7/t/570511498259b5e516e16689/1459949897436/Joint+Statement+on+Consolidated+Reporting+Appendix.pdf; Nuclear Security Summit, “Joint Statement on Consolidated Reporting,” April 5, 2016, http://www.nss2016.org/document-center-docs/2016/4/1/joint-statement-on-consolidated-reporting.

10. IAEA General Conference, “Nuclear Security: Resolution Adopted on 20 September 2018 During the Seventh Plenary Meeting,” GC(62)/RES/7, September 2018.

 


Samantha Neakrase (formerly Pitts-Kiefer) is senior director for materials risk management at the Nuclear Threat Initiative. She has been writing and presenting on the Convention on the Physical Protection of Nuclear Material regime for several years, including for the 2016 International Atomic Energy Agency International Conference on Nuclear Security.