Sellafield has been nearly 80 years in the making. They are a pioneer for the UK’s nuclear industry, supporting national defence, generating electricity, and developing the ability to manage nuclear waste safely.
Sellafield is home to more than 200 nuclear facilities and has the most extensive inventory of untreated nuclear waste globally.
Their mission is nationally important, from cleaning up the country’s highest nuclear risks and hazards to safeguarding nuclear fuel, materials, and waste. Our client’s purpose is to keep Sellafield safe and secure.
In February 2021, Condatis, Sellafield, and Digital Catapult started working on a Proof of Value (PoV) to explore how decentralised identity technology could expand Sellafield’s capabilities in managing employee identity credentials.
Condatis was tasked with developing a Nuclear Staff Passport, using verifiable credentials to enable highly skilled staff to quickly move between Sellafield’s 200 nuclear facilities. The staff passport needed to allow employees to provide verified records of essential training, certifications, and proof of clearance to carry out specialised work across the different sites.
The nuclear estate has its complexities. Managing and verifying personnel identity across the nuclear estate involves multiple partners, numerous reporting and issuing authorities requiring up-to-date training and security profiles, and a complex regulatory environment. A key area of interest was finding out how Sellafield could use distributed systems technologies to create a ‘Nuclear Passport’ allowing staff across the nuclear estate to securely and efficiently share identity credentials.
The verifiable credentials passport needed to:
- Act as an irrefutable skills ledger to track information such as radiological exposure and competencies, training, and facilities access.
- Give Sellafield’s workforce control over their identity data
- Give staff the ability to self-serve and move between facilities using their staff passport by providing evidence of their identity information and access clearance.
- Demonstrate that the benefits of the research are extendable to legacy operating environments and interoperable with existing systems.
Condatis built a bespoke verifiable credentials Nuclear Staff Passport platform for Sellafield over three configurations. The focus of the main objectives of the platform was to:
- Optimise Staff On-Boarding and Movement: offering opportunities to optimise staff on-boarding and minimise friction caused by staff moving between nuclear estate sites.
- Secure Credentials: cryptographically securing verifiable credentials helps establish a trust framework, which can be used between the 17 NDA (Nuclear Decommissioning Authority) sites and other organisations.
Split into three configurations outlined below, the PoV successfully demonstrated how verifiable credentials could be used within the nuclear industry to improve and enhance existing processes and drive digitisation.
Configuration one: improving staff movement and identification with distributed ledger technology
In the first iteration, Condatis focused on setting up and configuring environments to host our Nuclear Staff Passport and gateway system and a Microsoft Azure subscription dedicated to Sellafield. The gateway enables the issuance and verification of credentials and adheres to Microsoft’s Secure Development Lifecycle (SDLC) to ensure privacy and increase software reliability throughout development.
Issuing an employee credential to an employee’s digital wallet
With this configuration, employees can present their credentials to verify their employment details elsewhere in Sellafield and other organisations. As one of only four global partners worldwide selected for Azure AD Verifiable Credentials consultancy, Condatis were given access to the closed beta version of Microsoft’s digital wallet functionality, built into Microsoft’s existing Authenticator app used for multi-factor authentication.
We developed a Staff Passport web application to allow Sellafield administration staff to locate employees and issue them with credentials by pulling employee information from Microsoft Azure Active Directory. Each employee profile contains their name, job title, email address, line manager, and a photo. The app also displays previously issued credentials as part of the employee profile.
In this first configuration, we also developed a Sellafield verifier web application that enables Sellafield’s administration staff to send a proof request, designed to require specific attributes for one or more credentials from the wallet holder, i.e., an employee. The proof request is initiated by the employee scanning a QR code with their Microsoft Authenticator app. The app then receives a request for the employee to share their credential attributes with Sellafield. The app allows employees to accept or reject proof requests. Upon accepting the request, the verifier will display all the requested credential attributes. The flow covers several user journeys within Sellafield, primarily when employees sign in to enter a building. Currently, building access is managed manually using a sign-in sheet. Verifiable credentials enable a digitised process that rapidly verifies the data source is trustworthy.
Configuration two: security, interoperability, process streamlining and ease of access
Configuration two focused on delivering additional credentials and proof request a separate Nuclear Decommissioning Authority (NDA) verifier was integrated.
We configured a new “Security Gate” proof request to require a subset of attributes from the employee training credential to address the use case of an employee arriving at a security gate. A security guard at the gate does not need to know all the employee’s information, such as their phone number; they only need to verify that the person at the gate is an employee and has clearance to access the site. Similar to wearing a clearance pass, the employee’s credential attributes are displayed to the security guard, who can then grant them access to the site.
All Sellafield employees are required to obtain security clearance from the Ministry of Defence vetting service. For the PoV, a mock “Ministry of Security” staff passport issuer was created to demonstrate how security clearance credentials can be issued to employees by a government organisation. Employees can present this credential for verification to prove to Sellafield that they have the appropriate security clearance.
Throughout their employment journey, staff gather credentials from multiple organisations and sources. This configuration demonstrates the technology’s ability to tie in credentials from verified external sources for employees to present them for verification when required. Sellafield employees can share their credential information (e.g., Employee or Security Clearance) with the NDA, allowing employees from Sellafield to visit and access NDA sites across the UK.
As part of this implementation, we created a ‘Trusted Issuer’ list so that only credentials issued by trusted organisations such as Sellafield would be accepted across the nuclear estate. This prevents bad actors from issuing credentials to themselves and gaining unpermitted access to the site.
Sellafield has around 6,000 different training qualifications, and in addition to qualifications, Sellafield needs to assess if employees are Suitably Qualified and Experienced Persons (SQEP). There are approximately 600 SQEP roles, a combination of qualifications and duties that prove that an employee can do a specific job, e.g., Electrical Engineer. Administration staff carry out annual checks to ensure that employees are sufficiently ‘SQEP’d’ to carry out their current responsibilities. This annual assessment is currently done manually and involves numerous spreadsheets and meetings to complete the evaluation. For employees, many may not know if their training qualifications are still valid, and it wasn’t easy for them to check.
We configured the credentials using the Open Badge standard (widely used for qualifications and training certificates). Each credential contains the qualification title, code, description, and expiry date and the Sellafield verifier app was able to verify each training credential individually.
So, what about expired credentials? We developed logic to display a message on the verifier when an expired credential was presented alongside the credential attributes. This informs the user carrying out the verification that the employee’s credential has expired.
Configuration three: verifying SQEP status using distributed ledger technology
In this final project iteration, we take a deeper look at SQEP verifications. The iteration included new functionality such as handling SQEP verifications, radiation dosage credentials, and credential revocation. The six training credentials added in configuration two make up the “Sellafield Fundamentals” SQEP role.
All new staff that join Sellafield are required to complete these courses via an online training system. When the employee scans the QR with their digital wallet during verification, they will receive a proof request in their app asking them to share attributes from all six credentials. If the employee does not have one of the required training credentials, they will not satisfy the proof request. Upon successful verification, the credential attributes are displayed in the verifier app.
Tracking employee radiation dosage at work
If an employee exceeds safe dosage limits, they cannot perform specific jobs or access certain parts of the site. We developed a dosage credential that contains an employee’s current dosage level in Millisieverts. Upon verification, checks are made to ensure the dosage is below 15 millisieverts. If the dosage is exceeded, an error message is displayed to the verifier.
The current process to verify SQEP status is time-consuming and expensive. The ability to verify information from multiple credentials at once is invaluable, especially since SQEP roles are often complex and need to be regularly evaluated. The key benefits realised in this iteration were security, process streamlining and ease of access.
From securely tracking and monitoring high-value assets to ensuring the safety of the workforce on site, the range of benefits that distributed ledger technologies can bring to the nuclear industry is vast.
The Nuclear Staff Passport provides Sellafield with:
- The ability to issue employee credentials
- The ability to integrate with Microsoft Authenticator digital wallet
- An irrefutable record of security clearance and training credentials
- A simpler and effective way to verify Suitably Qualified and Experienced Persons (SQEP)
The Proof of Value highlighted the following key benefits:
- Staff movement and ID – decentralised identity allows employees to present their identity credentials easily and securely.
- Security – decentralised technology offers an approximate 90% reduction in potential risk for a data breach. Sensitive personal data is cryptographically stored on the blockchain.
- Process Streamlining – issuing credentials can take anywhere between 3 weeks to 3. It is estimated that by implementing a verifiable credentials solution, Sellafield reduces time to on-board and offboard staff by approximately 80%. Enabling verification of SQEP status to happen instantly, ensuring the employee is sufficiently qualified.
- Traceability – A history of all issued credentials is maintained.
- Ease of access – A decentralised system empowers the right people in organisations to set, enforce and execute complex data sharing policies across enterprise boundaries. The system offers a reduction in the need for paper-based systems, reducing costs across the estate.