According to the Objective and Essential Elements of a State's Nuclear Security Regime (NSS No. 20) and other publications in the IAEA Nuclear Security Series, including Nuclear Security Recommendations on Radioactive Material and Associated Facilities (NSS No. 14) Nuclear Security Recommendations on Physical Protection of Nuclear Material and Nuclear Facilities (INFCIRC/225/Revision 5) (NSS No. 13), States should define nuclear security requirements for nuclear or other radioactive material and associated facilities based on a threat assessment or a Design Basis Threat (DBT).
Design Basis Threat (DBT)
A DBT describes the capabilities of potential insider and external adversaries who might attempt unauthorized removal of nuclear and other radioactive material or sabotage. The operator’s physical protection system is designed and evaluated on the basis of the DBT.
Potential external adversaries include terrorists and other criminals who might seek to use nuclear or other radioactive material for malicious purposes, or to sabotage a facility. Insiders are individuals with authorized access to facilities, activities or sensitive information who could commit malicious acts or help external adversaries to do so.
The State defines the roles and responsibilities of the regulatory body, other competent authorities and operators in the development of DBTs.
To conduct a national nuclear security threat assessment, the competent authorities collect and analyse intelligence and other threat information from open sources, past nuclear security events, other security events and other sources. They evaluate the credibility of the threat information, identify potential adversaries and their attributes and characteristics, as well as the likelihood of possible adversary actions. The analysis should consider whether specific adversary capabilities are relevant to potential targets.
The national nuclear security threat assessment result is used to develop material-, facility- or activity-specific DBTs.
Competent authorities can disseminate such DBTs to relevant operators, who then use it to develop facility-specific attack scenarios and to design nuclear security systems to meet the nuclear security objectives established in the State’s legal framework.
In a different approach, competent authorities can develop prescriptive regulatory requirements and ensure that operators implement nuclear security systems and measures in compliance with these and with the nuclear security objectives established in the State’s legal framework.
The competent authorities should regularly review the national threat assessment and the DBTs and revise them as needed. New or emerging threats may require immediate consideration and actions before DBTs can be revised.