Incentivizing Good Governance Beyond Regulatory Minimums

The Civil Nuclear Sector

This article was originally published in the Journal of Critical Infrastructure Policy

Abstract

The consequences from a blended cyber-physical terrorist attack on a nuclear power plant are potentially catastrophic. Sabotage of the plant and subsequent use of radiological materials can potentially lead to blackouts, deaths, and injuries and even a release of radiological materials. This threat continues to evolve in sophistication and complexity and is outpacing the ability and resources of governments to anticipate risks and to protect their critical infrastructure and the public from harm. Policymakers are working to keep up with the rapid onset of these threats to reinforce the resilience of critical infrastructure. Cyber vulnerabilities including insider threats are also evolving, with cyberattacks on nuclear facilities the tip of the iceberg as more sophisticated advanced persistent threats develop.

This paper suggests governments look beyond regulations and policy directives to harness the power and energy of the market to incentivize operators to voluntarily adopt security measures beyond regulatory requirements. Good organizational governance is important and necessary to secure critical infrastructure including nuclear facilities and increasingly can be rewarded by the market. The definition of what is good organizational governance matters to investors, lenders, insurers, regulators, and the public. Is the organization going to be able to function effectively as an enterprise and provide a return to investors, pay back its loans, protect its workers and community, including the environment? In the nuclear field, the stakes can be high—with stakeholders depending on a stable baseload electric supply without safety or security incidents, especially of a radio-logical nature.

This article documents findings from a multi-year project to identify incentives for nuclear security beyond regulatory minimums, with a focus on nuclear power plants. We assessed the importance of standards and developed a “Good Governance Template” to support owners/managers in obtaining benefits and reducing potential liabilities. We found that market incentives are developing in areas such as insurance, credit, and other rating systems to support the development of good governance, including incentives for companies to demonstrate due care in the management of risks, especially cyber risks. Building a business case for nuclear security based on these incentives is an important step forward in securing our nuclear future, especially in terms of cyber risks.

Read the full article in the Journal of Critical Infrastructure Policy.

Recent & Related

Commentary
Allison Pytlak • Lisa Sharland

Subscription Options

* indicates required

Research Areas

Pivotal Places

Publications & Project Lists

38 North: News and Analysis on North Korea