Biometrics are the key to unlocking nuclear power

By Professor Fraser Sampson, former UK Biometrics & Surveillance Camera Commissioner

The world is racing towards a new nuclear future in which biometrics are going to play a key role. SMR (small modular reactors) is the acronym to watch out for and with few, if any, alternatives to meet their climate targets, the governments of at least 31 countries are planning ‘fleets’ of them. If they are to succeed, these energy solutions must come with a comprehensive, integrated response to rapidly evolving threats. Which is where biometrics and associated security technology are going to be a critical success factor.

Improvements in engineering design, manufacturing capabilities and operating practices make the new nuclear option safer to build, operate and maintain. Barriers that have added huge project cost are to be removed and the new nuclear solution envisages a world where not only towns will be powered by their own local reactors, but also data centres, factories and even commercial ships. According to the International Atomic Energy Agency, around 20 countries are already working on an estimated 80 SMR in what some are calling a nuclear renaissance. The prospect of lower capital investment and quicker payback timescales is generating hi wattage excitement if not yet any power.

From many perspectives, this is not a renaissance. Fast-built, multi-site, semi-urban proliferation is new, as is the technological capability for disruption, disinformation and destabilisation. First phase nuclear security evolved in a different era to protect a few lumbering mega-sites in remote locations. Designed for dinosaurs not dynamism, the old world security arrangements are the solution to the wrong problem.

As argued elsewhere, the risk architecture and attack vectors for the next generation of reactors will look as different from those faced in the last era of civil nuclear power as the reactors themselves. One strategic risk is complacency based on what has worked previously: we have not been here before. Ranging from attacks by hostile states and their proxies, the weaponizing of energy infrastructure, political interference, ransomware plots and coders simply chasing a new hacker’s high, the threat, risk and harm assessment for semi-urban nuclear powered SMR, data centres and shipping will be elementally different from anything that preceded it; the response must be too.

Take site risks as an example. From the moment a site is identified and approved there are risks that require early assessment and full life cycle mitigation. These risks existed before but smaller and quicker are not just political adjectives; they are exponential accelerators of risk exposure. One lesson from Salt Typhoon is that relying on detection of pervasive hi-tech threats is not enough. As one expert analysis has said, critical infrastructure is particularly vulnerable to cyberattacks and “it is vital to understand that attacks like Salt Typhoon happened over a number of years before they were discovered and eliminated.”

Neighbourhood proliferation of nuclear reactors also represents a wholly new challenge for communities. Boosting the planning process is welcome but technology has hyper-charged the capabilities available to determined disruptors; protest will look very different from the environmental campaigns of the 90’s, of Swampy & Co railing against runways and road extensions.

The effective vetting and security requirement for a significantly enlarged workforce working at speed is also new and will need a different approach to operating capability and capacity to produce categorical assurance. Know your contractor (KYC) protocols and a range of ID verification tools will be a must-have.

Non-site-specific threats will include Deepfakes being used to destabilise community support, spread disinformation or create alarm while cyber-enabled crime was not on the radar of last generation nuclear power programmes. Transportation of nuclear material will affect many more communities than just those signing up to reactors and it is worth noting the IAEA statistic that more than half of the radioactive material lost since 1993 occurred during authorised transit.

Organisation-wide vulnerabilities discovered in non-critical infrastructure entities such as we’ve seen from threat actors leveraging AI engines from DeepSeek, will be of far greater concern and potential impact within the nuclear sector, irrespective of any radiological safety assurances.

The new nuclear world needs a new armoury of capabilities to tackle everything from conceptual walk-throughs for citizen consultation to augmented reality training for first responders. Site access, area entry, movement and location detection will need AI-enabled biometrics such as face, voice and iris recognition as part of a layered system of security, layering that will also need asset tagging, geofencing and last lines of defence. Some of these new capabilities will come from multi-partner research projects such as the Identity-Attributes-Matrix (IAM), an EU funded project that held its kick-off meeting in Prague this month. Central to IAMI is a 3D construct that encompasses multimodal identity-related attributes including biometric data, non-biometric identity-related data, and analytic results. The IAM will (among other things) enable large-scale entity identification and resolution, simultaneous and rapid multi-entity identification, systematic and continuous analysis of flux probe attributes and classification of fake identities and bots/avatars.

The threat, risk and harm profile for SMRs and mini-reactors reaches far beyond the UK and will extend into every country that identifies these new technologies as a strategic contribution to its climate change obligations. The IAEA Co-President recently highlighted the importance of “comprehensive security strategies and international cooperation to mitigate risks associated with both traditional and emerging nuclear technologies”. This will need international expert forums to share First of a Kind (FOAK) learning within the biometrics community and address emerging risks as they are identified, building formal relationships between research hubs like CENTRIC and the other AIMI partners, trusted technology providers and the establishment of policy development groups across disciplinary boundaries.

If the power from nuclear multiples holds the answer to the climate crisis, it will need biometric solutions to unlock it.

About the author

Fraser Sampson, former UK Biometrics & Surveillance Camera Commissioner, is Professor of Governance and National Security at CENTRIC (Centre for Excellence in Terrorism, Resilience, Intelligence & Organised Crime Research) and a non-executive director at Facewatch.

Article Topics

access control  |  biometric identification  |  biometric identifiers  |  biometrics  |  digital identity  |  Fraser Sampson  |  Identity Attributes Matrix Initiative (IAMI)