Mark Barbaric, PMP, is a security project manager at Convergint Technologies. Barbaric specializes in P&L management, program management, project management, procurement, legal review, and negotiation of contracts. He also has expertise and experience in the petrochemical industry. Below is an article written by Barbaric, featured in World Security Report, that looks at some of the US regulatory issues around the protection of radioactive materials within the oil and gas industry.
Due to the terrorist attacks in New York City on September 11, 2001, several orders and regulatory measures were put into place by the US Nuclear Regulatory Commission to safeguard nuclear materials from home-grown or international terrorism.
One of those regulations, 10 CFR Part 37, went into effect May 20, 2013 “to provide a reasonable assurance of preventing the theft or diversion of Category 1 and Category 2 quantities of radioactive materials” in use by licensed civilian organizations. The regulation requires that licensees meeting the outlined criteria of certain aggregated nuclear sources must have a physical protection program in place to safeguard these sources.
Oil and gas exploration companies must apply to the Nuclear Regulatory Commission (NRC) for licenses to use nuclear sources for well exploration. Various types of sources can be used for a process called wire-line well logging: the use of radioactive material to determine the geological nature of a well by dropping a radioactive source down the borehole. Common sources for well-logging include a neutron source (which is used to help determine hydrogen-based compounds such as oil, gas, and water) and a gamma source (which is used to measure both density and porosity of the surrounding material). Backscattered gamma emissions or neutrons are then interpreted on charts and logs to determine the well’s ability to produce oil or gas.
Wire-line trucks, used for the specific task of well-logging, travel from various oil and gas field locations to and from vaults located in regional security zone depots, where the source materials are kept when not in active use.
How do the regulations affect the oil and gas Industry?
Regulation requires the licensee of nuclear source material to “establish, implement, and maintain a security program that is designated to monitor and, without delay, detect, assess, and respond to an actual or attempted unauthorized access to Category 1 or Category 2 quantities of radioactive material.” While 10 CFR Part 37 covers the requirements of the overall security program, typically security integrators are tasked with providing a turnkey solution to their oil and gas customers to meet requirements for permanent regional source storage depots, referred in sub-section 37.47 as “Security Zones.”
As a minimum, security zones are defined in one or a combination of three ways. First, they may be surrounded by physical barriers, either natural (rock or solid earth) or man-made (fencing, walls, and other physical barriers), and allow for unescorted access by only authorized individuals, through an established and controlled access point. Second, they may be under direct control by authorized individuals at all times, a practical solution for temporary security zones more so than permanent security zones. Third is to maintain a combination of physical barriers and direct control.
In permanent security zones, the higher degree of physical control through electronic card access reduces the potential for human error in overseeing the controlled access point. It may also provide for significant cost reduction in manpower since authorized access points can be monitored remotely and electronically.
For these reasons, best practices learned through our years of experience include establishing these controlled access points through fencing and leveraging electronic access control card readers and electromagnetic locks.
While the licensee has the option of direct surveillance and control, meeting this requirement requires a full-time physical presence of an authorized person with constant direct surveillance of the security zone. The introduction of an access-controlled door or a gate integrated with cameras provides the licensee with accountability logs and recorded video to be made available to local law enforcement and NRC compliance inspection.
Adding an access control reader also assists the licensee with the rule requirement to prevent circumvention of the security program background check and documented approval process, reducing the chances of permitting high-risk individuals from becoming authorized personnel.
Licensees of nuclear source materials are required to establish and maintain the capability to monitor and detect any unauthorized individuals entering into the security zone and the unauthorized removal, sabotage, or diversion of source material, even in the event of power failure.
Monitoring and detection can achieved in a number of ways, including intrusion detection systems linked to an offsite 24/7 central monitoring facility, electronic devices that can detect intrusion and alert nearby facility personnel, monitored video surveillance systems, direct visual surveillance by authorized personnel within the security zone, or direct visual surveillance by an individual designated by the licensee from outside of the security zone.
Prudence dictates having a documented process for monitoring and detecting through one or more of these requirements to ensure that there are no gaps in security.
As with control of the security zone, monitoring a permanent security zone with full-time authorized personnel can be cost-prohibitive and high risk, as it relies on human compliance. Our experienced subject matter experts have found that intrusion detection through a centrally monitored access control system can eliminate the reoccurring monthly cost of a 3rd party alarm monitoring contract as it leverages the equipment already designed to control access.
A well-designed security system also integrates video with both local and remote intrusion, as well as access control alarms, to ensure compliance with the 10 CFR Part 37 requirement. Video surveillance may also be used on occasion to remotely monitor unauthorized personnel in the security zone, provided there is direct surveillance at all times. In addition, for Category 1 materials, the zone must also have immediate detection of any attempted unauthorized removal of source material through electronic sensors, video surveillance, or direct surveillance.
Licensees must also implement a maintenance and testing program for assurance that intrusion alarms, communication systems, and other critical physical components of the permanent security one remain in operable condition and performing as intended. Annual contracts with licensee’s security integrator can cover the requirement to document periodic inspection and testing, performed as per manufacture’s requirements, or at most every 12 months.
Two years following the implementation of the final rule, a program review team was formed to evaluate the regulation’s effectiveness and reported their findings to the US Congress on December 14, 2016. The committee found that the program was indeed effective in achieving its original objective to “provide reasonable assurance of the security of Category 1 or Category 2 quantities of radioactive material by protecting these materials from theft or diversion.” It also recommended its indefinite continuance along wit outreach efforts to stakeholders to provide additional guidance.