The nuclear industry is continuously evolving to deal with emerging threats in nuclear safety and security. Saurav Jha, author and commentator on energy and security, based in New Delhi, reports on India’s activities and its emergency response capabilities.

In January 2020, India became the 35th country to join the International Atomic Energy Agency’s (IAEA’s) response and assistance network (Ranet) — a group of states that offer assistance to mitigate the consequences of nuclear or radiological emergencies.

According to the IAEA, through Ranet, states can ‘register their emergency preparedness and response capabilities, including support for radiation measurements, medical advice or treatment, and specialised equipment thereby enabling the IAEA’s Incident and Emergency Centre to promptly mobilise an assistance team upon request of a State affected by an emergency’.

Ranet includes ‘State Parties who have identified national assistance capabilities that consist of qualified experts, equipment and materials, which could be made available to assist another State’. Such States are considered by the IAEA to be ‘capable and willing to provide, upon request, specialised assistance by appropriately trained, equipped and qualified personnel with the ability to respond in a timely and effective manner to nuclear or radiological emergencies’.

India has long been a State Party with such ‘identified’ capabilities and has been willing to share its expertise with other States, as evidenced by its promotion of the Global Center for Nuclear Energy Partnership located on its soil.

India’s participation in Ranet is one of the ways in which the country is fulfilling its obligations under the Convention on Assistance in the Case of a Nuclear Accident or Radiological Emergency, which was adopted in 1986 following the Chernobyl accident. When India joined Ranet in 2020, Elena Buglova, head of the IAEA’s Incident and Emergency Centre, said: “India’s emergency preparedness and response capabilities can now be offered to countries during an emergency, if these countries ask for assistance. This shows a strong commitment by India to strengthen the international framework for nuclear and radiological emergency preparedness and response”.

India is party to the Convention on Nuclear Safety, the Convention on Physical Protection of Nuclear Materials (and its 2005 amendment) and the Convention on Early Notification of a nuclear accident. It has signed the Convention on Supplementary Compensation for Nuclear Damage and participates in the Illicit Trafficking Database.

As India has one most active civil nuclear programmes in the world, it is not surprising that India’s evolving safety and security architecture would be of significant interest to policymakers worldwide. As an aside, India’s country auditor was elected as external auditor for the IAEA at the organisation’s general conference in Vienna in September 2021 for a six-year term (2022-27).

As India joins Ranet, an overview of India’s emergency response architecture is in order. This is provided by the New Delhi-based Observer Research Foundation, in a report titled Nuclear Safety and Security in India: Emerging Threats and Response Preparedness by Rajeshwari Rajagopalan Pillai and Pulkit Mohan. This is a by-product of the discussions that took place at a virtual closed-door roundtable discussion organised by ORF in December 2020 and contains details about some less-discussed aspects of India’s nuclear emergency response programmes and practices, according to the authors, who say the report ‘identifies the importance of nuclear safety and security by analysing existing programmes, practices, and infrastructures as well as insider threat, emergency response preparedness, and emerging technology threats’.

It focuses on institutional architecture, arrangements and associated training related to the early and intermediate phases of India’s emergency response paradigm.

The report delineates the use of integrated command control and response exercises that focus on testing command and control functions, response mechanisms, and communication. They include: activation of the emergency response framework and response centres; execution of response functions by the Nuclear Power Corporation of India, Department of Atomic Energy (DAE), and district authorities; effectiveness of the liaison between onsite and offsite facilities for sharing information and making decisions; and checking the response time line for declaration, activation and initial response, as well as coordination between plant and district authorities in preparing media briefings and press releases.

The report says that ‘given the proximity of population centres to nuclear facilities, field exercises and public interactions are an important requirement of emergency management in India’. It highlights the importance of effective communication by DAE in normal times and during the onset of a nuclear emergency.

Emergency response infrastructure

The report outlines the onsite and offsite emergency response infrastructure set up by DAE and India’s inter-agency coordination on emergency response. It makes a valuable contribution by highlighting the role played by nonnuclear agencies in assisting DAE as ‘India’s national emergency response system architecture is a combination of the Indian Environmental Radiation Monitoring Network, ERC network, meteorological data network, emergency communication rooms, Crises Management Group, National Technical Research Organisation and the National Disaster Management Authority’.

While the discussion on India’s emergency response mechanisms is robust, the report only cursorily touches upon the engineered safety measures in Indian reactors.

Discussing the indigenous risk mitigation measures in Indian reactors the report says:

‘Newer reactors in India are equipped with built-in safety measures that are designed to minimise risks. For example, new light water and heavy water reactors at nuclear plants such as Tarapur nuclear power plant in the state of Maharashtra and the Kudankulam Nuclear Power Plant in Tamil Nadu have double containment to ensure that nuclear material is confined in case of a nuclear emergency.’

However, this is not new. Indian PHWRs have featured double containment from the time of MAPS 1&2, which were commissioned in the 1980s. There have been far more important developments in the realm of post-Fukushima upgrades. For example, in Tarapur 3 an indigenously developed containment filtered venting system, which operates on the wet-scrubbing principle, has been operational for some time and is set to see fleet-wide deployment. NPCIL is also deploying iodine scrubbing through a containment spray system on which tests using different aerosols have been conducted and removal rate measurements recorded. Even the Tarapur 1&2 BWRs, which are older than Fukushima Daichi I and had been upgraded prior to 2011 to ensure continuous cooling during site blackouts, were modified in the last decade to allow nitrogen injection into the containment in the event of a hydrogen build-up.

The new IPHWR-700 features a range of important new safety measures such as interleaving of primary heat transport system feeders, regional over-power protection, a mobile fuel transfer machine, a steel liner on the inner containment wall and a passive decay heat removal system.

To be fair, the report’s thrust is not on the engineering aspects related to nuclear safety and security but on the institutional arrangements and evolving threats such as insider activity, cyberattacks and a melding of the two.

Nuclear security

The second half of the report goes deeper into the issue of nuclear security, marked out under the IAEA’s definition as distinct from the issue of nuclear safety. On the human aspects of nuclear security, the report also makes a distinction between nuclear safety culture and nuclear security culture. On the latter, the report says complacency is the biggest threat and it identifies some of pillars of a positive nuclear security culture.

Flagging the rare danger of insider attacks, the report makes a few suggestions about what could be done to reduce the threat. It moves onto issues related to cybersecurity, including the September 2019 cyberattack on Kudankulam. A subsequent security audit of the attempted breach by DAE’s Computer & Information Security Advisory Group and the Indian Computer Emergency Response Team concluded that the malware infection was limited to the administrative network. It did not have much chance of compromising the control and instrumentation, which naturally does not have any connections to the plant intranet, much less to administrative networks connected to the internet.

It must be said that was probably not the intention anyway. Insiders who have spoken to this writer believe that it was a Stage-I attack aimed at gathering information about the cyber structure of the plant, details about project allocations and information on the purchase details, updates and maintenance contracts of the SCADA software used by the plant. The aim may have been to re-engineer any updates of the software used and then send that to the plant, possibly via an insider.

Some progress seems to also have been made with respect to attribution, with insiders saying that the attack may have a Chinese origin with the supposed North Korean attacker ‘Kim Jon Hyak’ a mere cutout. The report agrees with other recommendations: in respect of further strengthening of Information Security in administrative networks, various measures have been taken viz. hardening of internet and administrative intranet connectivity, restriction on removable media, blocking of websites & IPs which have been identified with malicious activity.

The report says “India would do well to draw lessons from the experiences of other countries like the US, UK and Japan, which have advanced cyber systems to strengthen cyber protection of their nuclear infrastructure” and that “India could also engage in multilateral dialogues, and collaborate with the private sector in order to build a robust cyber security system for its nuclear architecture.” Unfortunately, this is easier said than done, not least because as the report says: “The paradox is that nations are faced with the dilemma of what level of information should be shared in the interest of nuclear security.”

At an international level, nations discuss their achievements more than the shortcomings and subsequent lessons learned and international cooperation is hampered by ongoing geopolitical issues. This is why a peer review mechanism was explicitly excluded during the negotiations of the CPPNM 2005 Amendment, as the report mentions. In any case, India too is employing advanced systems to enhance cyber protection systems. For example, a new version of ‘ANU NISHTA’ with enhanced hardware features for ensuring cyber security of instrumentation and control systems has been recently rolled out by DAE. The enhancements include modifications to the power supply circuit of the board, tamper-detection enclosure, provision for terminal contacts for remote diagnostics and observation of non-secure behaviour of the local network. ANU NISHTA’s new version has been extensively tested.

At the end of the day, nuclear safety and security cannot be seen in silos. Defence in depth engineering remains the nuclear industry’s best bet in ensuring that adverse events, whatever their origin, do not cascade. Obviously, approaches need to be combined with pure engineering solutons and a holistic approach must be adopted.

This article first appeared in Nuclear Engineering International magazine.