Originally Published 2016-01-06 09:40:47 Published on Jan 06, 2016
India's Nuclear Security

Situated in a difficult neighborhood, New Delhi has laid strong emphasis on both nuclear safety and security for a couple of decades now. Almost three decades of state-sponsored terrorism and insurgencies of varying scale and proportion within India have meant that security of nuclear materials and installations has been a great worry to India’s security and atomic energy establishments. India’s concerns even predate the Western focus on WMD terrorism, which gained prominence only after the 9/11 terrorist attacks in the United States.  Unfortunately, India’s excessive caution and secrecy in the nuclear arena has led the world to assume that India does not pay much attention to this issue or that it has inadequate security, which is far from the truth.

India has in fact utilized policy, regulation and technology to develop an effective approach to securing its nuclear materials and facilities. Even as it considers an attack on its nuclear facilities a remote possibility, the high impact nature of such an attack has made India implement measures that have been reasonably tough. Nuclear security has therefore been a priority for India.

Nevertheless, India has fared quite poorly in global reportage, such as the Nuclear Threat Initiative’s Nuclear Security Index. There have been other recent reports that have also portrayed India’s nuclear security in a negative light. Such portrayal may be the result of the method used in the assessment. First, these are quantitative assessments of a country’s nuclear security practices, which do not always capture the full picture of what a country is doing. Indeed, the analytic approach of checking boxes instead of seeing how a policy is implemented leads to erroneous conclusions.

Regarding the concerns raised in recent articles, the Observer Research Foundation (ORF) undertook a study last year where an ORF team visited Indian civil nuclear power plant sites, and held extensive discussions with both India’s atomic energy agencies as well as security services. The field-based study that we undertook came to drastically different conclusions on the subject. This is possibly the first time that the Indian atomic energy establishment opened up to any think tank doing such a study and this, along with our site visits to assess facts and claims on the ground, made our study fundamentally different and much more thorough.

In the area of physical protection, Indian facilities have adopted the principle of defence in depth, which translates into having a multi-layered security system that is capable of detecting and delaying physical attack on a facility, while augmenting access control measures. India has put into place physical access controls like spike strips and cement/ steel barriers and technology-aided measures such as biometric systems. These access control measures, for one, delay penetration to the core of the facility and provide security agencies with additional time to respond or to call on other security agencies, depending on the scale of the attack.

While physical protection of nuclear materials has been accorded a high priority by the Indian nuclear establishment and these measures have so far prevented nuclear materials from falling into the hands of hostile elements, security measures could be made even more stringent. India might consider strengthening its nuclear security for three reasons. First, additional measures are not very difficult to implement. Second, additional nuclear security steps taken by India will only strengthen its case for integration with global non-proliferation regimes, including the Nuclear Suppliers Group (NSG). Third, such measures will further reduce the risk that nuclear material could be stolen. As is the case with nuclear safety, nuclear security requires continuous improvement.

By taking more proactive steps, India will help to convince other states in the global nuclear community that it takes nuclear security matters seriously. For instance, it could offer a ‘gift basket’ at the next Nuclear Security Summit or join the 35 countries that pledged in 2014 to adhere to International Atomic Energy Agency standards for nuclear security. ‘Gift baskets’ or pledges taken by countries at the Nuclear Security Summit are more like confidence building measures. India’s pledge in 2012 to offer Global Center for Nuclear Energy Partnership (GCNEP) (which has been done) went a long way in strengthening India’s credentials in this area.

While physical protection of nuclear facilities from external threats cannot be ignored, the threat to nuclear facilities is increasingly ‘insider threats’. Protection against insiders is a critical element in any country’s nuclear security because the insider has access to sensitive information, knows the facilities’ vulnerabilities that can be exploited, knows the drill in case of a penetration, which can thus be subverted. How does one verify that one of your own is not a threat for ideological or even personal reasons?

Insider threats bring into focus the importance of security culture. One can put into place the best technology, legal and, institutional architecture, but it is up to individuals to comply with rules in ensuring security. A security culture needs to permeate to all levels, from the scientists and managers to the guards protecting the premises so that there is a general consciousness of the threats, vulnerabilities, and the need to remain alert. An Indian workshop report on nuclear security states, “every person, from a custodian to a technician to a scientist to a guard in the protective force, needs to believe in and support the nuclear security program for it to succeed.” As former U.S. Department of Energy security official, Eugene Habiger said, “good security is 20 percent equipment and 80 percent culture.”

The danger of insider threats also highlights the importance of personnel reliability programs (PRPs). When employed properly, such programs can be an effective way of mitigating potential insider threats.  Our study found that in India’s case, PRPs are quite inclusive and extensive. They are undertaken on all staff employed at various facilities and include a series of stringent background vetting, checks, and verification. The screening consists of vetting a person’s identity, family background, criminal history, general reputation, as well as medical history.

Again, as with any system, this one can be improved.  Any good PRP should not end with initial checks but should also include periodic follow up reviews to study the employee’s social interactions and behavioral patterns. Currently, in the Indian case, only if an employee is shifted to a more sensitive facility or cleared for handling more sensitive information or materials, is there another round of verification and vetting done by the security agencies. Measures undertaken by India in this regard have ensured strict vigil and nothing suggests that the integrity of the programs has ever been compromised. Also, increasingly, the security agencies need to be alert to a person’s cyber interactions.  This is obviously a sensitive area for governments to handle given issues around privacy and personal freedom but the increasing threat of radicalization taking place in the virtual realm makes additional attention unavoidable.

While India has successfully managed insider threats, it could consider a few additional measures. One, India could consider implementing a two-person rule while handling sensitive materials in both civilian and military facilities. This is important in the context of an insider threat. Also information sharing within a facility should be made more stringent and be done on ‘Need-to-know’ basis alone, although information sharing about potential threats and ways to strengthen security should be shared. Agencies could also consider measures that further limit access within a facility. Periodic appraisals of trustworthiness needs to be undertaken – ideally this should be done in consultation with the particular facility’s security division. Nuclear material accounting and control needs to be approached more seriously. There could be surprise checks and inspections as well as periodic inventory checks to verify the veracity of information. Being alert and reporting of unusual behavior, even by friends and colleagues, needs to be encouraged given the dangers involved.

Even as it has instituted strong security measures, India must remain alert to rapidly changing threat scenarios. This is not unique to India, but this necessitates engagement and conversations between the Indian government and the international community, including other governments and multilateral organizations to review threat scenarios, understand or develop ways of tackling new threats and vulnerabilities, and learn from best practices. It is important for India to have some confidence in its capabilities, but also be willing to talk to others and learn from their experience.

In a nutshell, India has done a fairly good job in securing nuclear materials and installations but the excessive secrecy around the subject has harmed India’s reputation. India must do a better job of cooperating with others and making its achievements more transparent.

This article originally appeared in Harvard University's Belfer Center blog, Nuclear Security Matters.

The views expressed above belong to the author(s). ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews.


Rajeswari Pillai Rajagopalan

Rajeswari Pillai Rajagopalan

Dr Rajeswari (Raji) Pillai Rajagopalan is the Director of the Centre for Security, Strategy and Technology (CSST) at the Observer Research Foundation, New Delhi.  Dr ...

Read More +