When considering the security of any facility, a vulnerability assessment should be the first step. Proper attention to facility characterization, threat analysis, target analysis, and the overall vulnerability analysis can save money and prevent unintended weaknesses in the resulting system.
All too often, security problems are "solved" by using whatever security hardware is pushed by aggressive salespeople. Thus, resulting security systems often have weaknesses that can easily be exploited by an adversary. A good security system is balanced and has layered protection; putting a high security lock on the back door is worthless if one leaves the front door standing open. Only by analyzing security performance quantitatively can one adequately estimate the effectiveness of a security system.
Sandia's Contribution
Facility security, for both DOE and other federal agencies, is often assessed by Sandia. Using automated modeling tools, we characterize and model facilities; determine probabilities of detection, delay times, and guard response times; evaluate current or proposed system effectiveness; and compare alternative design or upgrade options.
Sandia originally developed the vulnerability analysis for DOE facilities to manage the risk posed by outside adversaries. With collaborators from Lawrence Livermore National Laboratory (LLNL), this analysis has now been expanded to vulnerability to insiders. Automated tools have been developed to support this effort.
Such analyses contribute directly to the security of high-value assets, which could prove catastrophic in the hands of an adversary. The scope of this work has been expanding in recent years to include other areas of security risk with national security significance. Examples of these include other government facilities, airports, and prisons.
Sandia has transferred some of its vulnerability-assessment expertise to both government agencies and private industry. However, Sandia remains a major player in this area and not only performs vulnerability assessments, but also conducts classes and serves on security review teams for the DOE.
Future Work
While DOE-related vulnerability-assessment work will continue, the expansion and application of vulnerability assessments into other arenas, such as prisons, is expected to increase as well.
For further information, contact:
Mark K. Snell
Sandia National Laboratories, MS-0759
Albuquerque, NM 87185-0759
Phone: (505) 844-9283
e-mail: mksnell@sandia.gov
or
Byron H. Gardner
Sandia National Laboratories, MS-0759
Albuquerque, NM 87185-0759
Phone: (505) 844-5300
e-mail: bhgardn@sandia.gov
Submitted October 1995 Layout design by Wanda Mar.
Submitted October 1995