The Global Nuclear Security Grand Challenge

 

Motivation: The global community needs a robust solution to prevent nuclear weapons or fissile material from getting in the wrong hands. Preventing nuclear terrorism requires securing fissile materials, used in a range of applications around the globe. A terrorist who explodes one atom bomb could claim to have additional bombs and the world’s governments would have no good way to verify that. We need an updated, 21st century reference architecture based on the best, open-source standards that nations can voluntarily adopt to verify that their fissile materials and nuclear weapons remain within their control at all times - and yet remain confidential only to those who have a need to know.

 

The Challenge: Design the world’s best reference architecture for a national-level system that enables nations to account for, control, and keep track of 100% of their fissile materials (and nuclear weapons) at all times. Requirements include that it cannot be targeted by location whether it is in storage, during transport, or during routine processing steps and if lost, it can be easily recovered. Sensitive information that could compromise security, including its location, needs to be kept secret from all but the absolute minimum number of insiders necessary. During normal operation its location remains secret at all times to within a predefined geofence (which could be as small as a military base or as large as the country itself). The moment fissile materials are either lost unexpectedly or otherwise move outside the predetermined geofence, the top leadership of the government can use a secret key to reveal the last known location to rapid response forces in order to recover it. Critical design considerations include system efficacy, global applicability, and long-term viability.

 

Prizes: Submissions are encouraged from anyone, anywhere. There will be a bronze, silver, and gold prize awarded to the top three submissions: GOLD: $1 million; SILVER: $500,000; BRONZE: $250,000.

 

Judges: The winning entries will be selected by an all star judging panel of experts among the defense, science, technology, policy, and investment communities.

 

Submission: a specification (document) for the system definition and architecture that openly specifies all details in terms of well-understood technologies with the supporting physics and mathematical proofs if necessary. Expected length of submission will be 40-50 pages but teams should use as much or as little as necessary while focusing on the most critical ideas and minimizing redundant details.     

 

Draft timeline (subject to change):

  1. Announcement: Soft launch the week of March 28, 2016, with the competition announced in parallel with Nuclear Security Summit on March 31. The hard launch of the competition will take place in Silicon Valley on April 7.

  2. Submissions due: March 28, 2017. All submissions due. Teams can make their submissions public (or decide not to) until the date of submission, at which time they will become public for peer-review.

  3. Winners announced: August 1, 2017.

 

Conferences: To facilitate collaboration and team formation, one or more conferences will be held between the date of the announcement and date of submission.

 

Nominate judges and send feedback anonymously: https://www.surveymonkey.com/r/FPHLQSK

Background

 

We as an international community need to develop the world's best (peer-reviewed) system for verifying a nation's possession of its fissile materials and nuclear weapons. Inspired by Des Browne’s essay “The 85%,” and Sig Hecker’s essay on Comprehensive Safeguards [4], we are sponsoring the first ever Nuclear Security Grand Challenge to develop an open-source blueprint to prevent fissile materials and nuclear weapons from getting in the wrong hands.

 

Global Nuclear Security is broken. The global nuclear security system was designed after WWII, to prevent nuclear war between two countries (at a time in history prior to the Internet and technological developments that permit non-state actors to command significant power, influence, or money). Malicious non-state actors were not considered a likely, serious threat in comparison. At present, centralized governments are steadily revealing their inability to respond to the decentralized threat of non-state actors while the process of enacting and enforcing functional non-proliferation protocols is becoming more difficult by the day.

 

What hasn’t changed since WWII is the ease with which an inefficient, but effective nuclear bomb can be created from stolen fissile materials (especially highly enriched uranium) and transported to be used on any city in the world. Fissile materials and nuclear weapons can be stolen. A critical mass of highly enriched uranium (50 kg) is approximately the size of a soccer ball. It may explode (fizzle) if it is stored “on the shelf” in supercritical quantities, so therefore must be stored in sub-critical quantities. The design of the gun-type weapon for uranium simply improves the efficiency of that basic explosive process, the details of which are published openly. The fissile material to develop over 20,000 nuclear bombs is stored in government warehouses, nuclear reactors, and on military bases, and the possibility of its theft remains. Fissile materials are routinely shipped via convoys and other means yet the governments cannot always know if they are safe at all times. Traditional approaches to securing nuclear weapons based on presumed loyalty of personnel and individual responsibility (e.g. 3-man rule) may not continue to work indefinitely and can be enhanced with modern technology.

 

The nuclear weapons and energy industries spread across dozens of countries, based on the work of many thousands of hard-working, loyal people. Yet all it takes is one weak link, a disloyal insider, to proliferate nuclear weapons. The history of nuclear weapons is that a handful of insiders illegally shared nuclear knowledge and secrets with other nations for some combination of profit and sympathy for a cause, starting with Hall and Fuchs on the US Manhattan Project divulging secret atomic bomb designs to the Soviet Union. AQ Khan spread Pakistan’s nuclear weapons technology to multiple countries around the world. Now that the knowledge of how to construct a nuclear weapon from fissile materials is widespread, what if the access to these fissile materials is compromised by such weak links in the international system?

 

If such a crude nuclear weapon were assembled and exploded in a major city like Manhattan, Mumbai, or Moscow, it would result in hundreds of thousands of fatalities. There would not be enough water supply to put out the resulting fires. The radioactive plume would poison millions of people miles downwind of the blast.

 

In light of these realities, it becomes particularly worrisome that no modern country has fully secured its nuclear weapons.  As recently as 2007, the US Air Force lost track of six thermonuclear weapons for 36 hours. Also in 2007, multiple groups of unidentified attackers cut through 10,000-volt electrified fences at a military base at Pelindaba, South Africa where 25 bombs worth of highly enriched uranium was under storage. Credible reports indicate that the 10,000 volt electric fence surrounding the facility was temporarily deactivated that night at the request of the electric utility, suggesting the attackers had received insider knowledge before planning their attack. In 2012, a group of unarmed peace activists demonstrated how they could walk through several layers of security at Y-12, the “Fort Knox of Uranium” where 900,000 pounds of highly enriched uranium are stored. Nuclear security breaches such as those occur far too frequently throughout the globe.

 

If terrorists found these security loopholes, the effects would be disastrous. The greatest risk of a loose nuclear weapon is from insiders in the nuclear establishment cooperating with outsiders. Non-state actors could gain the capability to actively wipe out cities using simple, widely-available bomb designs, or hold onto their stores to blackmail the international community. Nuclear Security needs to be redesigned to ensure that government insiders do not inadvertently enable or intentionally cooperate with non-state actors to put nuclear weapons or fissile materials in their hands.

 

Finally, if a nuclear terrorism incident were to occur, it is possible that the terrorists could claim to have additional weapons. In such a situation, it is necessary for governments around the world to account for how much fissile material or how many nuclear weapons have been stolen in order to verify the terrorists’ claim.

 

Russia's actions “don't pose the No. 1 national-security threat to the United States,” Obama said in the Hague, the Netherlands. “I continue to be much more concerned, when it comes to our security, with the prospect of a nuclear weapon going off in Manhattan.”

 

"If there was ever a detonation in New York City, or London, or Johannesburg, the ramifications economically, politically and from a security perspective would be devastating," Obama said before meeting with South African President Jacob Zuma.

 

The Challenge

 

We as an international community need to design a comprehensive, robust system that will enable nations to verify the storage, security, and movement of fissile materials while keeping its location secret at all times. The system needs to have the best possible design in order to be adopted voluntarily by all nations across the international system in order to enable effective Global Nuclear Security. Innovative solutions need to be contributed from across the international community and it needs to be open-source. Critical design considerations include system efficacy, global applicability, and long-term viability.

 

Central nuclear security issues to be addressed:

  • Insiders trusted with storing or transporting the fissile material need to know where it is at all times, but this also leaves the fissile material vulnerable to theft by the very same insiders trusted to store and transport it. The number of individuals with access to this privileged information should be minimized in order to prevent inadvertent disclosure of the location of the weapons.

  • Fissile material is reportedly moved around in unmarked trucks without obvious armed escorts to avoid attention. Therefore another group of insiders need to monitor and verify that those trusted insiders who store or transport the material not diverted the weapons or material without necessarily knowing its location.

  • Should any unexpected diversion occur, the national leadership needs to be able to divulge the location rapid-reaction security forces who can be deployed to recover the stolen materials.

  • Leadership should be able to account for 100% of nuclear weapons and fissile materials at all times.

 

During routine use, storage, and transport of nuclear weapons or fissile materials there are a number of possible interception points for a non-state actor to steal them. The following list of these junctures or opportunities at which controlled materials are at risk is not necessarily exhaustive:

  1. Planning Stage

    1. Locating theft point

      1. Static (in storage)

      2. In transit (en route)

    2. Identifying an insider

    3. Corrupting an insider by threat or inducement

    4. Organizing & equipping the team

    5. Operational Planning

  2. Theft Stage

    1. Static (in storage)

      1. Type of facility

      2. Location

      3. Security

      4. Command & Control

    2. In Transit

      1. Land

        1. Large or Small Convoys

        2. Trains

      2. Sea

        1. Boats

        2. Shipping containers

        3. Nuclear subs

      3. Air

        1. Bombers

        2. Transport Planes

  3. Transportation stage

    1. Trucks

    2. Airplanes

    3. Boats

      1. Shipping containers

  4. Maintenance stage

    1. Alterations, upgrades, & improvements

    2. Device packaging

  5. Delivery stage

    1. Target location

    2. Transportation medium

    3. Method of detonation

  6. The communications systems that are used above

    1. Active

    2. Passive

    3. Comm-by-exception

 

Technologies to verify the control of fissile materials:

 

System Requirements. The amount of highly enriched uranium (HEU) required for a nuclear weapon is less than 25 kilograms -- or around the size of a soccer ball. According to the International Panel on Fissile Materials, 1370 metric tons of HEU and 505 metric tons of Plutonium is stored in warehouses at military bases and nuclear energy facilities around the world, and routinely transferred between the two. It is critical to ensure that this fissile material is secure during storage and transportation. The material’s location may need to be concealed from the outside and knowledge of the material’s presence may need to be limited to an absolute minimum number of individuals.

 

HEU needs to be guarded as heavily as possible, yet as few individuals as possible should know of its existence and location. How do we track fissile materials in transport and provide end-to-end security while minimizing the possibility of a compromised insider?

 

Nuclear (or Radiation) Detection. Many technologies have been developed to detect the presence of fissile materials at national borders using phenomenon such as x-rays, gamma rays, neutrons, and muons. Can these technologies be repurposed to measure and verify the amount and presence of fissile materials present during storage and transport? How could tampering with the system be detected?

 

Secure Communication. When fissile material is tracked in a particular storage facility or transport vehicle, the information needs to be continuously communicated to a monitoring authority who monitors the whether the materials have been diverted or not.. If that message is intercepted, it could be used by adversaries. This concern brings up two key questions:

  1. What encryption mechanisms and communications protocols should be used to secure this information?

  2. Who holds the key for the exact location -- the leader of the nation/their delegated representatives? Should it use public key cryptography? Should keys from multiple parties be required to decrypt the location?

  3. How else can these transmissions be securely relayed? (i.e., spread spectrum communications, obscurity in densely populated areas, novel antennas that utilize multipath fading to avoid triangulation, steganography over public cellular networks, etc.)

 

Access Control. ow much information should relevant personnel have regarding the security and transport of materials? What protocols should balance command & control needs with the risk of intercept? (i.e., predetermined geofences, tampering alerts, etc.)

 

Robotics. Manipulation of fissile materials and nuclear bombs may require many steps for routine use, research, and transport. How can automation reduce vulnerability, and how should this be accomplished?

 

Off-the-Grid Communications. Insiders who handle or transport fissile materials and nuclear weapons need to communicate routinely with each other in a manner that evades interception by outsiders. How can their routine communications be secured (i.e., text messages, phone calls, wireless communications, mesh networks, avoiding reliance on the Internet, etc.)?

 

Tamper Detection, Resistance, and Secure Code. What kind of tamper resistance, detection, notification, and source code security is required for every device used in a system intended for nuclear detection, secure communication, access control, or off the grid communications?

 

Anonymous Reporting. f an insider or outsider notices something unusual with respect to fissile material or nuclear weapons security, how can they communicate it anonymously to the right authorities to protect their own security as well as that of others? Further, how could this process be made both easy and effective via education and access to notification mechanisms?

 

The global community is invited to submit proposals that reduce the risk of national fissile materials and nuclear weapons being lost to nonstate actors, such as terrorists. These solutions could leverage any technological sector, including new smartphone applications, the Internet of things, nuclear detection technologies, distributed systems, big data and public key cryptography, social ingenuity, and design thinking.

 

Revision History:

September 20, 2015

Initial draft

Devabhaktuni Srikrishna, Mike McNerney, Les Dewitt (Tech4GS)

September 25, 2015

Incorporated reference from Sig Hecker (CISAC/LANL) on Comprehensive Safeguards

Devabhaktuni Srikrishna, Tech4GS

September 29, 2015

Incorporated reference for SALT treaty verification as an example of a system that is conceptually similar – from Page Stoutland (NTI/LLNL)

Devabhaktuni Srikrishna, Tech4GS

October 7, 2015

Edits to streamline and clarify the problem statement. “We sought to clarify a precise problem statement and separate that from supporting information, thereby opening up the document to a broader range of background knowledge and solution sets. We also worked with the excellent supporting information, guiding the tone to inspire brainstorming and invite creative responses. The biggest question we have right now, is how are we defining fissile materials? Do we need to define this term?”

Ryan Mayfield, BMNT

October 29, 2015

Merged edits from BMNT (Ryan Mayfield, Jared Dunnmon) and reincorporated the references. “Thank you for the excellent edits that clarify and streamline the problem statement.

 

1. I have merged them into the updated draft attached, and added several more edits accumulated over the the past several weeks.

 

2. I also moved the references to the end notes instead of footnotes to make it easier to read.

 

3. I added a revision history at the end of the document to show and acknowledge who all has been involved in coming up with this challenge.

 

You ask a great question about how we should define fissile materials. This is well addressed by the link to fissilematerials.org. Since it has been well addressed elsewhere, I think we should simply keep the reference rather than elaborate on it in the problem statement. I think these carefully chosen references ought to stay because

 

1. There are a lot of complex topics that we are simplifying for a broader audience, and we don't want to oversimplify them so that's why we have carefully chosen references.

2. In general it's also considered good scholarship to include references.

3. Apart from being "very hard to find" on the web and providing essential technical/motivational background to give a head start to the reader on where to look, the references validate the problem statement and remove doubt about the importance of the problem.

4. The references paint a picture and resolve doubts that the reader may have using independently validated sources. For example, not everyone agrees that nuclear terrorism is worth worrying about and some people dismiss it as fear mongering. For example, see this recent piece which calls nuclear terrorism "a vehicle for fear-mongering unjustified by available data"  http://thebulletin.org/2015/march/fear-and-nuclear-terrorism8072”

Devabhaktuni Srikrishna, Tech4GS

December 11, 2015

Incorporated short, two-sentence summary based on discussion with Martin Hellman and Les Dewitt

Devabhaktuni Srikrishna, Tech4GS

December 15, 2015

Incorporated edits to the problem statement from Nuclear Threat Initiative.  Incorporated reference on Zero-knowledge proofs from Deborah Gordon.

Devabhaktuni Srikrishna, Tech4GS

December 23, 2015

Revised challenge format based on discussion with Peter Newell (BMNT), Les Dewitt, and Philip Reiner

Devabhaktuni Srikrishna, Tech4GS

March 29, 2014

Incorporated feedback from Phillip Yun (Ploughshares), Debra Decker (Stimson), Bethany Goldblum (Berkeley)

Devabhaktuni Srikrishna, Tech4GS