Nuclear Industries Security (Amendment) Regulations 2017
Baroness Buscombe
That the Grand Committee do consider the Nuclear Industries Security (Amendment) Regulations 2017.
Baroness Buscombe (Con)
My Lords, I will begin by giving some background information and explaining why we are making these amendments. The UK takes civil nuclear security issues very seriously, including with regard to regulation. Since 1980, the UK has been a signatory to the Convention on the Physical Protection of Nuclear Material—the CPPNM. The convention requires signatories to have in place a robust legislative and regulatory regime to ensure the security of civil nuclear materials stored or in transit. The UK also complies with international guidance and best practice in this field produced by international bodies, in particular the International Atomic Energy Agency.
The Nuclear Industries Security Regulations 2003—NISRs—represent the cornerstone of the United Kingdom’s regulatory regime for civil nuclear security. The NISRs place significant obligations on the operators of civil licensed nuclear sites with regard to physical security measures for facilities, nuclear material and the security of sensitive nuclear information. The NISRs also cover the movement of nuclear material by air, road and rail in the UK and globally in UK-flagged vessels. This legislation requires all civil nuclear operators to produce and implement robust nuclear site security plans, and for transporters of nuclear material to produce transport security statements.
These draft amendments would update the NISRs in four key areas. Their overarching aim is to further enhance civil nuclear security arrangements and ensure that the United Kingdom’s regulatory regime remains up to date, comprehensive and robust. This will help ensure that the United Kingdom continues to give effect to its obligations under the CPPNM. I will provide further detail on each of the amendments.
The first amendment is to Regulation 4(1) of the NISRs, which requires that a nuclear site security plan approved by the ONR is in place for each nuclear site. However, at present the NISRs do not specify on whom this obligation is placed. The amendment will make it the responsibility of the designated “responsible person” for the nuclear site, as defined in the NISRs, to ensure that there is an approved security plan in place at all times. In tandem with this, a related amendment to Regulation 25 makes it a criminal offence for the responsible person to fail to meet their obligations under Regulation 4(1) as amended. The creation of this offence underlines the security imperative that the Government place on nuclear operators maintaining up-to-date security plans that have the approval of the independent regulator. In combination, the amendments to Regulations 4(1) and 25 will add clarity to the regulatory regime by making the responsible person accountable for ensuring that their site has approved nuclear security measures in place at all times. The implications of creating a new criminal offence have been fully considered and the Ministry of Justice has approved the measure.
We are also amending Regulations 4(3)(d) and 16(3)(c). These amendments are aimed at further enhancing industry information security and preparedness for cyber-related incidents. It will be a requirement for nuclear site security plans and transport security statements to set out the steps to be taken in the event of the loss or theft of or unauthorised access to sensitive nuclear information. Requiring duty holders to outline these contingencies will help ensure that risks associated with information security and cyberattacks are identified from the outset and effectively managed using measures approved by the ONR.
We are also making amendments to Regulations 9, 17(3) and 22(7), which relate to personnel security. Ensuring robust measures are in place to combat the potential threat that insiders pose to the civil nuclear industry is, of course, a key priority for the Government and the regulator. These amendments are intended to provide the ONR with greater flexibility in determining whether nuclear premises’ relevant personnel are suitable in security terms. Instead of solely approving all relevant personnel itself, the ONR will be able to assess and approve the industry’s broader personnel security arrangements; for example, by examining the effectiveness of review and aftercare arrangements for personnel working in the sector. This will allow the ONR to approve processes to be used by duty holders to determine whether relevant personnel are suitable in security terms. This will involve consideration by the ONR of whether the measures used by duty holders are in accordance with Her Majesty’s Government’s personnel security policy. We are also making an amendment to Regulation 22(5)(a) to remove a reference to guidance published by the ONR on security classifications that has now become obsolete.
The Department for Business, Energy and Industrial Strategy conducted an industry consultation on these amendments between 24 June and 22 July 2016. In total, 19 responses were received from a range of industry stakeholders. On the basis of these responses, department economists have forecast one-off administrative costs to the civil nuclear industry of less than £100,000 arising from the changes. This assessment has been approved by the Regulatory Policy Committee. I consider the security benefits arising from these changes to far outweigh the costs.
In parallel to the amendments, the ONR intends to issue revised security guidelines to the civil nuclear industry. These guidelines, known as the security assessment principles, are closely aligned to emerging threats to nuclear security, especially in relation to cybersecurity and information assurance. The amendments that I have outlined will complement the revised guidelines. I therefore commend these draft regulations to the Committee and beg to move.
Lord Jones (Lab)
My Lords, I thank the Minister for her clear exposition on such a serious measure and offer support for the draft instrument. There are two nuclear power stations in Wales: Trawsfynydd in the wilds of Meirionnydd and Wylfa in Môn Mam Cymru—Anglesey. Trawsfynydd may have reached the end of its productive life, but the hope is that Wylfa reactor 2 will come into being at an appropriate time. These stations in the far north-west of the lovely land of Wales are hugely important for employment, well-paid jobs and skills, and generate supporting jobs distances away from the plants.
How many people at each of those stations are engaged in security—if the Minister is allowed to give me that answer? I think it is a reasonable question. How many nuclear security police are there at each of those plants? I have read the Explanatory Memorandum and the instrument. When the stations were built, it was inevitable that road improvements would have to be made, and the rail links became ever more important—for obvious reasons when we consider nuclear waste.
In paragraph 7, headed “Policy background”, of the Explanatory Memorandum, paragraph 7.2 refers to,
“an approved nuclear site security plan be in place for each nuclear premise. The current requirement does not specify upon whom the duty is placed. These regulations clarify the position by specifying that it is the responsible person in relation to each nuclear premise who has the duty to ensure that there is an approved nuclear site security plan in place, and make it a criminal offence for the responsible person to fail to do so”.
I have mentioned two nuclear sites in Wales. What would be the rank and description of such a person referred to in paragraph 7.2?
I spent nearly 10 years on the Intelligence and Security Committee, and think I am asking responsible questions, but I would understand if the Minister could not immediately offer an answer or felt that she had to give me a reason why she could not give an answer.
Lord Grantchester (Lab)
My Lords, I thank the Minister for her introduction to the measure before the Committee. It is not contentious, and there is generally no difficulty in approving measures that seek to improve safety and security. All the necessary information has been helpfully provided in the Explanatory Memorandum. I thank my noble friend Lord Jones for his comments on the measure in relation to Wales, and look forward to Wales continuing to contribute in the development of the nuclear industry, most notably, perhaps, through the development of modular reactors.
Although we recognise that the security aspect of all operations at civil nuclear sites is under constant review and that the measure to upgrade the regulations is not in response to any particular occurrence, nevertheless, anxiety has been expressed recently about some incidents across both civil and defence aspects in the nuclear industry, most notably the straying of a test missile in the Atlantic. While the measure refers to civil nuclear sites, the regulatory triage assessment states that defence sites are exempt. I am sure the Minister will say that we must not misread the exemption but will she confirm that there are indeed specific regimes and reviews in place for all defence sites, both fixed and mobile, where analogous conditions would be covered, such as Aldermaston and Harwell? Are these subject to separate SIs?
We certainly agree that the UK has one of the most robust security frameworks. What assurances regarding this high standard can the Minister give to those of a more doubting nature, when we do not discuss lessons learned from any mishap or even recognise that mishaps and deaths have occurred? We agree with and approve the measures being implemented in the regulations, especially the upgrades necessary to improve cybersecurity, against a backdrop of reports on the activities of Russia, which we trust are not being directed at or compromising the civil nuclear industry. The protocols in the measure to cover this scenario are vital and welcome.
The Minister and the Explanatory Notes have both highlighted that each nuclear premises must have its own approved site security plan in place. While I appreciate that every site will need a distinct plan in so far as geographical layouts may differ, I wonder how far different sites may have different practices, as the Minister in the other place stated regarding this measure. Can the Minister explain whether different plans carry any implications of differing standards, which could give rise to confusion or misunderstandings between sites and practices that could compromise security? I concur that the objective of the regulations is to raise the bar on security across all sites. Is there an appraisal of the differences between sites and why there are any, so that the differences are monitored and controlled?
My final point concerns the treaty background to the regulations. I understand that being a signatory to the Convention on the Physical Protection of Nuclear Material requires the UK to have in place the legislative and regulatory regime to ensure the safety and security of civil nuclear materials stored or in transport. Furthermore, the treaty sits outside Euratom, of which the UK is also a member, and Euratom has signed up to the treaty. Without wishing to encroach on tomorrow’s proceedings on the amendments to the European Union (Notification of Withdrawal) Bill, there is some debate over whether Euratom is a separate entity from the EU, and over the UK’s membership of it. The Explanatory Memorandum to that Bill states that the UK’s departure from the EU will trigger an automatic leaving of Euratom as it is part of the same treaties. Whether or not this is the case, I ask the Minister: how will the UK find a way back into Euratom? What will this look like?
I understand that the Government recognise the importance of Euratom and wish to have the closest possible relationship with it and its members. I thought that the Minister in the other place was rather splitting hairs—if I may use the word “splitting” in this context—when he stated that Euratom,
“does not have a role in setting security standards, regulation or inspection of UK civil nuclear security arrangements”.—[Official Report, Commons, Fourth Delegated Legislation Committee, 21/2/17; col. 7.]
While this measure is implemented discretely in the UK, it is vital that the UK continues to participate in Euratom; JET, which is based in the UK and employs many EU nationals; and the International Atomic Energy Agency—IAEA—an organisation set up under the auspices of the United Nations and based in Vienna. Having said all that, I am content to approve the regulations before the Committee.
Baroness Buscombe
I thank all noble Lords who have contributed to the debate on this Motion. First, I turn to the noble Lord, Lord Jones, although it is with some trepidation because I am a little afraid of trying to pronounce the names of the stations he referenced: Wylfa and Trawsfynydd—that is my attempt.
Baroness Buscombe
I thank the noble Lord for that. I welcome what he said about supporting jobs on those sites. He asked a number of questions, including about the number of people on those sites. I am not at liberty to say exactly how many people are employed. However, for example, the rank and description of the person described in paragraph 7.2 of the Explanatory Memorandum will be the holder of the nuclear site licence and this will vary by establishment.
The noble Lord also asked about personnel security. Nuclear sites must comply with personnel security vetting requirements and all workers in the sector must be cleared to a level commensurate to their required access to nuclear material and sensitive nuclear information. Given the noble Lord’s past experience in this area, he will appreciate that it is very difficult for me to give much detail on each site.
Lord Jones
If, on further thought, the Minister may be able with the assistance of her officials to write to me, I would not object to that.
Baroness Buscombe
Of course I would be happy to write, if I fail to provide the noble Lord with sufficient reassurance.
All staff have responsibility for ensuring effective security at civil nuclear sites. Having an effective security culture is, of course, very important. There will be a number of security-specific roles at civil nuclear establishments, and these vary depending on the site. All sites are subject to the same requirements and standards. In line with the graded approach, the level of security at each site will be determined by the nature of materials and equipment and the information held.
I welcome the very positive response from the noble Lord, Lord Grantchester, to the measure and agree that it is non-contentious. He asked a number of questions, and I will deal first with Euratom. If he will allow me, I want to spend a few moments on this because it is important to be as clear as I can. Leaving Euratom is a result of the decision to leave the EU, as they are uniquely legally joined. However, the UK supports Euratom and will want to see continuity of co-operation and standards. We remain absolutely committed to the highest standards of nuclear safety, safeguards and support for the industry. Our aim is clear: we want to maintain our mutually successful civil nuclear co-operation with Euratom. The statutory regime for civil nuclear security is based solely on UK legislation. There are no Euratom or EU directives relating to nuclear security that the UK is required to comply with. In fact, the EU has no competence in relation to nuclear security. Euratom has no role in setting security standards, regulations or the inspection of security arrangements in the UK civil nuclear sector.
The Government do not comment on specific security or intelligence arrangements at individual sites. The most sensitive commissioned civil nuclear sites and transportations of nuclear materials in the UK are protected by the Civil Nuclear Constabulary. The CNC is a specialised, dedicated elite firearms force, with a Royal College of Policing firearms licence, charged with the protection of the most sensitive civil nuclear sites and nuclear materials in England, Scotland and Wales.
The noble Lord, Lord Grantchester, asked one other question about defence sites such as Aldermaston; indeed, it is a question I asked officials last week. The answer is categorically no, they are not subject to this SI and are not a part of these regulations. There is a separate regulatory regime that applies to defence sites. I hope I have been able to respond sufficiently fully.
Lord Grantchester
I wonder if I can tempt the Minister with one further question I was concerned about: each site having a specific plan and whether differences between sites meant that there were different practices that could lead to a misalignment of security standards.
Lord Grantchester
If the Minister wants to write to me at a later date, I will understand.
Baroness Buscombe
I apologise to the noble Lord. Apparently I have been given the answer to his question but it seems to have chosen to disappear. Ah, it is under the folder. Good. All sites are subject to the same requirements and standards. In line with the graded approach, the level of security at each site will be determined by the nature of materials, equipment and information held.
On that note, I hope I have sufficiently responded to the noble Lords. I thank them for their helpful remarks, and I hope they will agree that the responses I have given have provided the necessary assurances for them to approve this straightforward statutory instrument. As I said in my opening remarks, the overarching aim of these updates is to further enhance civil nuclear security by ensuring that the UK’s regulatory regime remains up to date, comprehensive and robust.