Potassium Iodide – A Protective Measure Not a Magic Pill

Patricia Milligan
Senior Level Advisor

refresh leafOne of the protective measures that communities around nuclear power plants might use in the case of a radiological emergency is potassium iodide. But potassium iodide, often just called by its chemical symbol, KI, can be confusing for the public — exactly what does it do and when should it be taken?

So here are some facts about KI:

  • It is not an “anti radiation” pill. Potassium iodide is a salt, similar to table salt. It is routinely added to table salt to make it “iodized.” Potassium iodide, if taken within the appropriate time and at the appropriate dosage prevents the thyroid gland from taking in radioactive iodide. This can help to reduce the risk from thyroid disease, including cancer as a result of a severe reactor accident. KI doesn’t protect the thyroid gland from any other radioactive element nor does it protect the thyroid or the whole body from external exposure to radiation. Its use is very limited.
  • KI comes as a tablet, either in 65 mg or 130 mg strengths, and dose is administered according to age and/or weight. It is very important that FDA dosing guidelines be followed when taking or administering KI. Too much stable iodide in the form of KI can be harmful to small children. A tablet can be easily divided, crushed and mixed with liquid to make it easier to swallow for infants, small children and those who have difficulty swallowing.
  • It is important that KI not be taken unless directed by appropriate state or local authorities during the emergency and then, it should be taken in accordance with those directions.
  • KI is NOT the same thing as table salt, and table salt should never be ingested as a substitute.
  • The NRC provides KI – free of charge — to states that have requested it for their population within the 10-mile emergency planning zone of a nuclear power plant. Some states have distributed KI to residents of a plant’s emergency planning zone. In other states, KI is stockpiled and would be distributed if and when it is necessary.
  • In the event of a serious nuclear incident, KI could be used in addition to evacuation or sheltering in place in accordance with directions from responsible state/local officials. For more information, see Consideration of Potassium Iodide in Emergency Planning.

The FDA’s Frequently Asked Questions on KI is a very good resource if you want more information.

REFRESH is an occasional series where we revisit previous blog posts. This one originally ran in June 2012.

Protecting the NRC’s Cyber Frontier

By David McIntyre
Public Affairs Officer

 

computersec1The email was flagged urgent and screamed in capital letters: YOUR IMMEDIATE ATTENTION REQUIRED! The message said a software update was needed to avoid major system disruption, and to click a link and enter a network password. The NRC employee who received the email thought the message looked suspicious. Instead of clicking on the link, she forwarded the message as an attachment to the NRC’s Computer Security Incident Response Team.

Within minutes, a CSIRT member was analyzing the email on a computer unconnected to the NRC network. He quickly determined the message was bogus, a “phishing” attempt to gain unauthorized access to the system. He instructed the employee to delete the message and block the sender to avoid receiving any further attempted intrusions from that Internet address.

Had the employee provided her username and password, she could have exposed the NRC’s computer network and its sensitive information to compromise and possible disruption. Personal information about NRC employees would have been at risk, as well as sensitive pre-decisional information about agency policies and licensees. While Safeguards and classified information about the security and status of nuclear plants is maintained on separate higher security systems, the information we process on the NRC corporate network must also be protected.

CSIRT, part of the NRC’s Computer Security Office, is a small group of experts, all highly trained in cyber defense. Their mission is to detect and thwart attacks on the NRC’s computer networks and prevent “spills” of sensitive information. Such attacks can come through phishing attempts, such as the fictional incident described above, malware implanted in website advertisements or viruses and malware on portable data devices.

The team routinely works with other federal agencies, including the Homeland Security Department’s U.S. Computer Emergency Response Team (US-CERT) to stay up to date on the latest vulnerabilities. They even practice “white hat” hacking to test the NRC’s systems.

As a response team, CSIRT investigates suspicious emails that have already passed through the NRC’s extensive SPAM filters and Internet firewall, robust cyber security defenses mounted by the Office of Information Systems.

About 10 million emails are directed to NRC.gov addresses each month, and nearly 90 percent of them are blocked by the agency’s network security technologies as spam or for carrying viruses or suspicious attachments, says Mike Lidell, IT Specialist in the OIS Security Operations and Systems Engineering Branch. The OIS team administers the NRC’s firewalls, intrusion detection systems and spam filters.

computersec1While the percentage of blocked emails seems high, Lidell says it’s pretty much “par for the course” for any large organization or government agency. Emails that get through the initial line of defense are scanned again by the internal servers and a third time by the end-user’s individual computer. Internet data returned from the Web is scanned by NRC servers and individual workstations as well to guard against “drive-by downloads” of malicious software.

As Lidell points out, the “defense in depth” is necessary because the attacks are always evolving and changing. Thorne Graham, CSIRT’s team leader, praises a fourth line of defense against email attacks on the agency’s network: The NRC’s 4,000 employees. All NRC employees take annual online computer security training.

“Our best defense is the individual employee,” Graham says. “Security is everyone’s business.”

 

%d bloggers like this: