Meeting the nuclear nerds

Looking back on the IAEA Safeguards Symposium

my godson wearing his nuclear onesie from the IAEA gift shop

Last November, I presented a paper on quantum computing and post-quantum encryption at the IAEA Safeguards Summit. As part of that, I got to sit on several other sessions and take a tour of the environmental testing lab in Seibersdorf.

Time has passed, but there are sessions which I think back to often, and the recent release of the official conference report reminded me that I never did a recap post.

The IAEA has tons of events worldwide scheduled year-round. This particular event is apparently scheduled once every four years? I had an idea for a quantum computing talk, and would have sent it into a more cyber-focused event if the IAEA offered one. Instead I noticed this event had a cybersecurity topic area, which became a panel of current and retired IT experts plus me.

When I first submitted my talk, and when I was initially accepted, I was told to get an official letter from my government. I called the Vienna liaison office and left notes with and voice mails with a few people. When I was about to withdraw, the organizers said that my talk was already accepted, and if I wasn’t going on behalf of my government, it was OK for me to come in without an official letter.
Then I had to write my first formally-published academic paper. I reached out to a few quantum computing and encryption experts for their review.

The IAEA supports nuclear energy while auditing the whole pipeline of radioactive material. This system has been thwarted or manipulated many times in its short history (Iran, Iraq, South Africa, Taiwan). In the past 20 years the IAEA has added Additional Protocols in almost every country, which are voluntary agreements to allow additional inspections, video monitoring, and sampling. The IAEA’s role in this is a little interesting; it can’t be the nuclear cops, but it looks hella suspicious if you restrict their access to information, break their seals, or lose material. That makes it harder to get new nuclear material or lab equipment for your program.

different IAEA seals

If you’re at a meeting at the IAEA, you are going to hear a lot about uranium hexafluoride (Wikipedia says it is called “hex”, but I heard “U. F. Six” a lot). There is an enrichment process, there are measuring loops, there are tamper-proof seals. The seals are interesting — they tie fiber optic cable around the seal, and tightening it makes a unique break pattern. If someone tried to break the seal and reapply it, or replace it with a new cable, the pattern won’t be the same.

As inspectors go through a nuclear facility, they wipe cotton on surfaces and then seal them in baggies. Multiple labs use spectrometers and measure radioactivity, which can tell the difference between different radioactive elements, isotypes, and uranium enrichment levels (for example, if someone processed weapons-grade uranium when they weren’t supposed to). The precision is so good, that the lab techs told us about how 10 nanograms or so of groundwater uranium were in their cotton wipes, depending on which cotton fields it was sourced from (we’re talking 1/5,000,000th of a drop of water).

There’s also a process to extract chips of uranium or plutonium from the reactor directly. We were shown how the IAEA places these into sealed thermos-like containers. Uranium samples are often sent back to the IAEA lab through commercial air flights — we were told that virtually every flight in to Vienna’s airport has IAEA samples in the baggage.

I met someone who was going to a different IAEA event, tl;dr he uses infrasound to detect underground and underwater nuclear tests.

The IAEA doesn’t have access to countries’ spy satellites, but they use some publicly available satellite photos to look for telltale signs of nuclear production. North Korea, for example, doesn’t hide anti-aircraft guns around their nuclear facilities. There’s interest in machine learning and crowdsourcing in this space, check it:

The director of cyber and physical security of devices and seals was on the panel, and he was briefly intrigued by quantum computing. He had an interesting view on countries which might try to hack tamper-proof seals. No device is perfectly un-hackable, so a well-built seal must only be secure enough that a determined adversary finds it easier to subvert the process somewhere else. For example, a Lex Luthor level adversary could reverse-engineer every monitoring device and fabricate their own clone chips, but it’d be easier to hide a lab or storage facility, or just not cooperate with the IAEA at all. Any of these physical and chemical workarounds makes it more likely that suspicious activity will be noticed by inspectors.

The IAEA has high IT costs because they’ll make a custom device for inspectors, and it’ll only be manufactured in the low 100s of devices.

For the uranium lab, we got to wear lab coat and overshoes, and get scanned for radiation on the way out. No photos were allowed =’( . We were only allowed to peek into the plutonium lab.

Some of the other participants in the tour worked in the Japanese energy agency or on yellowcake mining in Niger.

There was a feeling of historical significance and commitment to unbiased science. It was good to hear about how many samples are tested blindly and checked against other labs’ results. I felt privileged to learn from the experts and see the state-of-the-art equipment used here.

All of the national labs had info sessions — as soon as I sat down for Oak Ridge, the speaker came over and asked me about the quantum computing talk. Almost everyone else in the audience was already working at Oak Ridge, so he gave an overview, invited me to ask questions, and the right person could answer. This was very cool!

I got the sense that they all assume that young people at the conference are job-hunting? If you are studying in this space (and have a degree, not like me), I would advise going to this type of conference, with the IAEA or OPCW.

The nuclear industry is far behind on diversity, but there were multiple events on the topic, sharing experiences. There are a few nuclear experts to follow on Twitter in this space, including ,, and

The “nuclear newcomers” panel gathered countries which are building their first reactors or donating knowledge and materials to them — South Korea and Russia are doing a lot of this work. “Safeguards by design” is a big deal where they build the plant in a way where the IAEA can look at everything very carefully.
There was a related discussion of micro-reactors which are kind of large, pill-shaped batteries. They can be shipped to remote islands, polar facilities, etc. for clean power, and replaced by the sponsor country when the nuclear material has decayed. Having visited the Faroe Islands and Svalbard, there are whole islands running a diesel generator non-stop for power, which might prefer this to building wind farms.

The IAEA is increasingly researching Chinese supply chains. They monitor lab and manufacturing exports from a lot of countries, but China poses a unique challenge. IAEA doesn’t have a history or contacts or language or cultural knowledge. Also, it’s notoriously difficult to find the one true source for the equipment. For example if a sketchy country is importing refrigerators from ChinaCorp, and asks them if they also sell equipment usable in centrifuges, ChinaCorp’s middlemen will go find that factory, and the import/export records won’t show any suspicious changes in who is buying from whom.

I’d read a lot about thorium reactors in pop science, but they are actually a bad option for global expansion. There were a few sessions about this in students’ poster sessions. Thorium decays to protactinium, which actually can be used to make weapons. The isotopes made in reactors, by an adversary, would be different from those made and monitored for in typical reactors used today. This means that the IAEA needs to specialize their equipment to properly monitor a thorium reactor.

There was serious research into blockchain to monitor supply chains and inspection records, by the Pacific Northwest National Lab. There are upwards of a million records filed into the bureaucracy each year. One of the criticisms of a blockchain approach, is that IAEA reports are not actually immutable — some are edited after the fact.

There was a talk about whether someone could 3D-print a reactor without importing obvious parts. Metals printing is possible for a lot of advanced products these days, but a nuclear weapon includes parts made with beryllium, and there are no 3D printers for it yet. I feel like this would be my pick for a sci-fi novel.