“We are improving security at our nuclear facilities,” President Obama told the 2012 Seoul Nuclear Security Summit. Four months later, an 82-year-old nun and two other senior citizens broke into the complex at Oak Ridge, Tennessee, where the United States stores most of its weapons-grade uranium.

They cut through four fences, set off sensors and alarms, hammered on the outside of the storage building, and defaced it with paint and human blood. They remained on the site for over an hour before a guard finally arrested them.

The security failures revealed by Sister Megan Rice at the Y-12 National Security Complex were legion, rooted in complacency and poor training. Management tolerated high false-alarm rates, leading guards to ignore the warnings. Workers dismissed the pounding on the building as unscheduled maintenance. Guards violated communications and weapons-handling procedures when making the arrests.

Norman Augustine, who reviewed the incident for the Secretary of Energy, found “a pervasive culture of tolerating the intolerable and accepting the unacceptable.” Worst of all, government managers in Washington had no idea how bad things had become, and only later realized that the incident raised “important questions about the security of Category I [nuclear weapons-usable] material across the Department of Energy complex” (emphasis added).

The failures at Y-12 have been corrected, but the complacency that caused them persists. There is no reason to believe that it is limited to one facility or one country. Every state or facility housing nuclear material is vulnerable to security complacency.

It's natural. Most guards will never see a real nuclear security incident in their professional lifetimes, let alone a terrorist attack. Realistic exercises are difficult to stage without risking deaths. Absent intervention, this can lead to continual dis-improvement in the security culture.

As one official explained, “We have been running a system a certain way for such a long time and not really thinking about whether it was working or not.”

How can we defeat complacency? First, we must have a culture committed to continuous improvement, instead of tolerating continuous dis-improvement. Responsibility for security should not be limited to the guard force. Every person working in a facility with nuclear material must be committed to ensuring it is invulnerable to theft. General Eugene Habiger, who headed security for the Department of Energy, said, “Good security is 20% equipment and 80% people.”

Second, if people are to create an excellent security culture, they must be trained and certified as competent. At the 2014 Nuclear Security Summit, 35 leaders pledged to “ensure that management and personnel with accountability for nuclear security are demonstrably competent.” All the attending industry leaders also committed to “ensuring that all personnel with accountabilities for security are demonstrably competent by establishing appropriate standards for selection, training, and certification of staff.”

Unfortunately, while more than 200,000 people around the world have some accountability for the security of nuclear or radiological material, only about half of them report having an opportunity for professional development.

To fill this gap, in 2015 the World Institute for Nuclear Security (WINS) launched a virtual academy offering online training and proctored tests leading to certification of professional competency. The academy provides strategic approaches to security management, not site-specific security measures that would need to be kept secret. To date, 650 participants from over 70 countries have taken courses, with 167 graduates earning 277 certificates related to their specific areas of responsibility. These include radioactive materials management or security for scientists, engineers and technicians.

The WINS Academy supplements the courses with workshops and best-practice guides that WINS also produces, and together these efforts are making a difference. In surveys over the past five years, over 95% of WINS members and workshop participants reported they had modified their approaches to security because of WINS. Applied to the thousands of members and participants, this represents a significant and tangible improvement in security.

Moreover, these efforts encourage and support a growing international program to develop training through the International Atomic Energy Agency and national nuclear security training centers.

At the upcoming and likely final Nuclear Security Summit in Washington at the end of this month, world leaders will be looking for ways to consolidate the good work they have done over the past six years. One important way is to commit to sustaining and expanding professional training and certification for those accountable for the security of nuclear material. Only well-trained and competent people can defeat complacency.

This post is part of a series published by Carnegie Corporation of New York about issues related to the 2016 Nuclear Security Summit in Washington, D.C., on March 31-April 1 to address the threat of nuclear terrorism. Visit Carnegie.org and join the conversation on Twitter at @CarnegieCorp, #NGOsummit, and #NSS2016. The views expressed above are the author’s own.