Risk-informed nuclear security regulation in the United States

The commercial nuclear industry in the United States has had regulations governing security at high-risk facilities like nuclear reactors and fuel processing plants since 1979, primarily to protect against terrorist attacks. Two factors drove the evolution of those initial regulations: changes in the external terror threats and the shift from deterministic to risk-informed regulations. The chapter looks at the evolution of the regulatory framework. Starting with the initial development of the design basis threat (DBT) in 1979, the chapter discusses the basic approach to nuclear security that dominated the industry until the terrorist attacks of 11 September 2001. Following the attacks, new threats emerged: aircraft impacts and radiological dispersal devices (RDDs; also known as 'dirty bombs'). These challenges added significant new nuclear security requirements for nuclear power facilities and producers of radioactive materials. The chapter closes with a look at the emerging threats of cyber-attacks and an examination of the challenges of developing security regulations in a publicly transparent process.