To Clean Up a Dirty Fight
When explosions shook the Chernobyl nuclear power station in 1986, they released enough radioactive material into the environment to kill 30 workers within a few weeks of the incident due to acute radiation poisoning, and sicken at least 100 others.
Large areas of Belarus, Ukraine and Russia had to be evacuated due to high levels of contamination, displacing roughly 335,000 people. A 30-kilometer area around the reactor was completely closed off, and a square mile of contaminated pine forest was cut down and buried.
The explosion in this case was an accident, triggered primarily by the poor training of plant workers, but it demonstrated what kind of long-term damage can result from improper use of radioactive materials.
Before the reactor explosion, 14,000 people called Chernobyl home. The surrounding villages were erected mostly to house plant workers. The City of New York, by comparison, boasts 8.4 million residents and nearly 700 skyscrapers.
The Federation of American Scientists (FAS) took a map of the radiological damage from Chernobyl and laid it over a map of New York City to demonstrate just how many properties, businesses and lives would be impacted by an explosion of radioactive material.
But the FAS scenario isn’t based on a nuclear power plant explosion; it’s based on the possibility of a terrorist “dirty bomb” attack. Dirty bombs, or radiological dispersion devices (RDDs), combine a conventional explosive with radioactive material, and concern is growing that they could be the next terrorist threat.
Research laboratories, food irradiation plants, oil drilling facilities and medical centers are just some examples of facilities that house radioactive elements like cobalt, cesium, plutonium and Americium. The small quantities that these facilities work with are protected as a commercially valuable asset, according to the FAS, but “once radioactive materials are no longer needed and costs of appropriate disposal are high, security measures become lax, and the likelihood of theft or abandonment increases.”
The FAS focused its scenario on a dirty bomb built with cobalt-60, a radioactive material used in cancer treatment, industrial radiography, sterilization and food preservation. Facilities keep cobalt-60 in the form of small metal rods that are perfectly safe when encased inside therapy units or other machinery, but emit dangerous levels of radiation if the casings and rods are broken and particles of the cobalt-60 are dispersed.
The explosion of an RDD with cobalt-60 would send a cloud of radiation over a radius of at least several miles from the blast site.
“Based on the type, size and location of the device, we predict that in an urban environment, one building will need to be demolished, eight others will need repair, and about 75 more will need cleanup or decontamination,” said Hart Brown, vice president, organizational resilience, at HUB International.
“The physical nature of the damage will be localized, and small in comparison to the contamination aspect.”
A highly radioactive and powerful bomb could reasonably result in “180 to 200 fatalities, 250 to 300 injured, 20,000 possibly contaminated, and as many as 100,000 to 200,000 that think they could be contaminated,” Brown said.
Mark Lynch, head of terrorism model development on the impact forecasting team at Aon Benfield, estimated that radiation could spread over a 32-block radius from the blast site, which would cover roughly 49 square miles.
A 2003 report titled “Radiological Weapons: How Great is the Danger?” foresaw an even larger impact. This analysis, written for the U.S Department of Energy by George Malcom Moore, a former senior analyst in the Office of Nuclear Security at the International Atomic Energy Agency (IAEA), concluded that even a very small amount of cobalt-60, if dispersed evenly, has the capacity to contaminate 137 square miles.
That would cause millions of dollars’ worth of damage, so imagine what contamination of 621 square miles could do. That’s just what the FAS predicted in its scenario. The simulation surmised that if a tube of cobalt-60, about one inch in diameter and one foot long, were detonated and the particles dispersed from a bomb in lower Manhattan, it would contaminate an area of 621 square miles, or about 300 city blocks.
By EPA standards, lingering radiation from a source of this strength could increase the risk of dying from cancer to one-in-100 for anyone living in the borough of Manhattan.
Within 30 miles of the blast site, the risk remains high at one-in-1,000. Within 75 miles, the risk reduces to one-in-10,000.
In a presentation of these risks made to the Senate Foreign Relations Committee in 2002, the FAS reported that EPA recommendations dictate decontamination or destruction within that 75-mile zone.
“Everybody agrees that not a lot of people will be killed, but not everybody agrees on the amount of property damage,” said Moore, the scientist in residence at the James Martin Center for Nonproliferation Studies. “The big hazard from a dispersion device or a dirty bomb is not killing people, but contamination of property, which is an expensive proposition. You can create an extensive amount of economic loss by doing that.”
Decontamination is no easy task. Removing the radioactive material would involve sandblasting the top layer off of everything, and repeating the process until radiation levels meet the EPA’s emergency standard, which is twice the normal background level.
(According to the EPA, low levels of radiation exist naturally in the environment at all times. Sources include cosmic radiation from space, radioactive minerals in the ground and radioactive gases like radon and thoron.)
“We’re talking taking the top layer off of sidewalks, off the outer side of buildings, off of all the furnishings inside those buildings,” HUB International’s Brown said. “It could be months to years to get everything cleaned up.”
“Most people who deal with radiation are surprised we haven’t yet had an incident of this type.” — George Malcom Moore, former senior analyst, Office of Nuclear Security at the International Atomic Energy Agency
The FAS suggested that decontamination alone may not be enough. In cases where the risk of cancer could not be reduced to one-in-10,000, total demolition may be necessary.
If all of the buildings within a 1.2 mile area in New York City had to be demolished and rebuilt, the cost could top $50 billion, according the organization’s report, “Dirty Bombs: Response to a Threat.”
Overall, “if such an event were to take place in a city like New York, it would result in losses of potentially trillions of dollars,” the report said.
Even greater than the costs of repair and cleanup, though, is the loss from business interruption.
It’s possible that an exclusionary zone would have to be established until radiation levels fell low enough. Businesses in that zone would be unable to function.
Even companies in the surrounding area would lose a major portion of their customer base; when buildings are able to reopen, it’s likely that former residents and employees will not return, fearing the long-term health effects of any lingering radiation.
Brown referred to this as “radio-phobia,” where people treat radiation exposure as a type of virus they can catch and transmit.
“The fear,” said Aon Benfield’s Lynch, “is usually significantly higher than the actual damage.”
While very high doses can cause acute radiation poisoning and even death, most people will not be physically affected, though fear among the general public persists.
Brown estimates that BI losses could fall anywhere in the range of tens to hundreds of billions.
The likelihood of a radiological attack using a small amount of radiation occurring within the next decade “is probably greater than 50 percent,” Moore said. “Most people who deal with radiation are surprised we haven’t yet had an incident of this type.”
Many medical facilities have rods of cobalt-60 on site, and they are not always well-guarded.
Video: Authorities in Mexico recovered a stolen truck that has been transporting radioactive material, in this report from ITN News.
That leads to many of what the U.S. Nuclear Regulatory Commission (NRC) calls “orphaned sources,” or small volumes of radioactive material that are uncontrolled, lost, or in the possession of someone not licensed to own it.
The NRC reports that U.S. companies have lost track of nearly 1,500 radioactive sources within the country since 1996, and more than half were never recovered.
Incidents outside of the country have demonstrated how easily the wrong people can get their hands on a radiological device.
In 2013, in the Mexican town of Cardenas, for example, a couple of thieves stole a truck carrying iridium-192, which is used for cancer treatment, to a waste storage facility.
That source was eventually found, but not before six people were hospitalized for radiation exposure.
In the city of Goiania, Brazil, in 1985, a private radiotherapy institute relocated, but left behind some cesium-137.
Part of the institute was later demolished, which destroyed the protective casing around the cesium and led to contamination of the surrounding environment.
Ultimately, about 112,000 people were medically monitored, 249 were contaminated either internally or externally, and four died. It took three years to totally restore contaminated areas to livable conditions.
Response and Recovery
Coverage for any losses stemming from a dirty bomb attack could be difficult to find. In order for TRIA to kick in, the incident would have to be clearly defined as an act of terrorism, but “crime scene contamination makes it more difficult to collect and examine evidence,” Lynch said.
Without a declaration of terrorism by the Secretary of the Treasury and the Secretary of Homeland Security, the losses could be insurmountable for affected businesses to handle on their own.
“When you get into nuclear terrorism, there’s really no ability to predict that loss. It gets complex based on the coverage, and there are a lot of exclusions,” Brown said.
“The federal government would have to provide some economic stimulus, some funds, to prop up the city throughout this timeframe, which again could be years.”
It’s not known whether extremist groups such as ISIS are actively building RDDs, but mishaps like those in Mexico and Brazil and the growing list of orphaned sources make a dirty bomb a very real threat.
In 2012, 160 incidents of lost radioactive materials were reported to the IAEA, 17 of which involved some type of criminal activity.
The NRC and Department of Energy have since made more aggressive efforts to document and locate orphaned sources; here’s hoping they pay off.
Additional 2015 Black Swan coverage:
A 45-day superstorm floods California and dishes out economic catastrophe.
A fast-moving geomagnetic storm blasts the North American power grid, leaving a large swath of the Northeastern U.S. temporarily uninhabitable.
Cyber Insurance Uptake Still Lagging
“It is chronic that organizations are not analyzing the total cost of risk on a relative, comparative basis between tangible and intangible assets,” said Kevin Kalinich, global practice leader of network risk and cyber insurance at Aon Risk Solutions, summarizing the main takeaway from the 2015 Global Cyber Impact report, conducted by the Ponemon Institute and sponsored by Aon Risk Services.
Ponemon surveyed over 2,000 professionals involved with their companies’ cyber risk management and enterprise risk management, working in finance, risk management, compliance or general management roles. The results revealed a stark contrast between what these professionals say and do about their organizations’ cyber insurance programs.
More than half of survey respondents said they expected their companies’ cyber exposure to increase over the next two years, but fewer than one in five were carrying coverage with an average limit of $13 million.
For example, 52 percent of respondents said they expected their companies’ cyber exposure to increase over the next two years, and 72 percent feel their current cyber coverage is sufficient. Despite this confidence, only 19 percent of respondents were carrying coverage with an average limit of $13 million; meanwhile, the Ponemon Institute estimated that the probable maximum loss (PML) from stolen or destroyed information assets could reach as high as $617 million.
“Organizations seem to have a different operating philosophy on assets they insure,” said Larry Ponemon, chairman and founder of the Ponemon Institute. “Both [tangible and information assets] are viewed as very valuable, but insurance for tangible assets was at 51 percent of replacement value, versus just 12 percent for information assets.”
Kalinich said the discrepancy comes from senior management’s lack of understanding of their information assets’ impact on financial statements. Companies are investing more and more in technology to streamline their processes and improve the way they do business, which helps to reduce their PML for tangible assets. But they fail to take into account the total value that the new technology offers and how that changes their cyber exposure.
“They aren’t comparing the relative value of the assets, the relative exposures, and relative insurance spend of tangible and intangible assets,” Kalinich said. “If they do that, I think they’ll come to the conclusion that they are under-insuring on a relative basis.”
Many respondents also do not disclose material losses to uninsured information assets in financial statements (32 percent) or do so only as a footnote disclosure (36 percent). Not viewing technology as a “balance sheet asset” could contribute to management’s tendency to overlook its value, Ponemon said.
According to the report, only 26 percent of respondents said their company had conducted a formal, third-party assessment of cyber risk. Most had either no assessment (20 percent), or a very informal one (39 percent).
However, part of the problem lies on the insurance provider side as well. Many respondents said they chose not to purchase cyber insurance because coverage was insufficient, came with too many exclusions or restrictions, or executive management did not see the value, among other reasons.
They have a point.
According to Kalinich, broad and comprehensive coverage with large limits does exist for PII exposure, but not for non-PII cyber exposures such as supply chain or manufacturing disruption, or “tangible damage resulting from an intangible peril.” Those solutions will continue to evolve as the industry gathers more actuarial benchmarking data, he said.
Risk & Insurance Wins Four National AZBEES
At an awards banquet in New York on July 24, The American Society of Business Publication Editors awarded Risk & Insurance® four 2015 National Azbee Awards, which recognize trade publications for superior editorial content.
The awards were garnered for cover illustrations, work from our United Kingdom-based columnist and a special section reporting on emerging cyber threats across a spectrum of industries.
Designer and illustrator Kristian Rodriguez earned a silver and a bronze award for cover illustrations.
National silver winner for best cover
Silver went to his ominous depiction of dark feathers floating down to a cracked pavement against a dreary gray background, the cover art for the magazine’s August 2014 Black Swan issue. The magazine’s Black Swan coverage details risks that strike infrequently but with catastrophic severity.
A bronze was awarded for Rodriguez’s Oct. 15, 2014 cover art for a story about the role of robotics in transforming the U.S. workplace.
Echoing the article’s headline, “Helping Hands,” Rodriguez created a nimble robot hand plucking letters out of the Risk & Insurance® masthead topping the page.
National bronze winner for best cover
Roger Crombie, author of the regular Risk & Insurance® print column “Roger’s Soapbox,” won national silver in the category of Regular Column, Contributed, for two discourses that featured his ready wit.
The first, “The Dawn of De-Evolution” published in April 2014, chastises mankind for allowing the distraction of cell phones to result in hunched backs and accidental injuries and deaths, and causing headaches for insurers.
Crombie, it should be noted, foregoes carrying a cell phone “because I am neither the Queen of England nor a brain surgeon.”
The second Crombie column, “A Frightening Fish Story,” that ran in May 2014, asks what policy might cover a haunted house that faces a lawsuit after hosting a fish-swallowing contest. One contestant was hospitalized for four days after attempting to down a live bluegill whole, and sued the attraction for negligence, liability, emotional distress and fraud.
Just proof, Crombie argues, that the insurance news world is not nearly as dull as some perceive it to be. His column appears in every issue, delivering his keen observations with unsparing candor.
Risk & Insurance® also won a national bronze in the Special Section category. The award-winning coverage focused on emerging cyber risks.
The package of stories was published in April 2014. The lead story, “Cyber: the New CAT,” by Michelle Kerr and Joel Berg, made the case that cyber risk is a foundation-level risk across all industries, and must be approached as aggressively as any other CAT-level exposure.
“Critical Condition,” by Michelle Kerr, delved into how interconnected medical devices present huge dangers for the health care industry.
“Disabled Autos,” by Gregory DL Morris, explored the cyber risks associated with driverless cars.
“Unmanned Risk,” by Janet Aschkenasy, discussed the possibility of terrorist groups hacking drones to use as weapons or for intelligence gathering.
In “An Electrifying Threat,” Anne Freedman and Gregory DL Morris outlined cyber risks looming for the energy sector.
This isn’t the first time Risk & Insurance® won a national award for its emerging risks coverage. In 2013, Risk & Insurance® won national gold in the Special Section category for its 2012 coverage of the most dangerous emerging risks.
“Winning awards is not something we focus on, but it’s exciting to be recognized by our peers on a national level,” said Matthew Kahn, publisher and executive editor of Risk & Insurance®.