Publications

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Sandia National Laboratories (SNL) is providing training and consultation activities on security planning and design for the Korea Hydro and Nuclear Power Central Research Institute (KHNPCRI). As part of this effort, SNL performed a literature review on computer security requirements, guidance and best practices that are applicable to an advanced nuclear power plant. This report documents the review of reports generated by SNL and other organizations [U.S. Nuclear Regulatory Commission, Nuclear Energy Institute, and International Atomic Energy Agency] related to protection of information technology resources, primarily digital controls and computer resources and their data networks. Copies of the key documents have also been provided to KHNP-CRI.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

The current wave of small modular reactor (SMR) designs all have the goal of reducing the cost of management and operations. By optimizing the system, the goal is to make these power plants safer, cheaper to operate and maintain, and more secure. In particular, the reduction in plant staffing can result in significant cost savings. The introduction of advanced reactor designs and increased use of advanced automation technologies in existing nuclear power plants will likely change the roles, responsibilities, composition, and size of the crews required to control plant operations. Similarly, certain security staffing requirements for traditional operational nuclear power plants may not be appropriate or necessary for SMRs due to the simpler, safer and more automated design characteristics of SMRs. As a first step in a process to identify where regulatory requirements may be met with reduced staffing and therefore lower cost, this report identifies the regulatory requirements and associated guidance utilized in the licensing of existing reactors. The potential applicability of these regulations to advanced SMR designs is identified taking into account the unique features of these types of reactors.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Physical security analyses for nuclear reactors have historically sought to ensure that there is an acceptably low probability of success for a "design basis" adversary to accomplish a theft or sabotage objective, even for the adversary's most advantageous path. While some have used probabilistic risk assessment to characterize these risks, the lack of a validated attack frequency, among other things, has made this difficult. Recent work at Sandia National Laboratories (SNL) characterizes a facility's security risk for a scenario in terms of level of difficulty an adversary would encounter in order to be reasonably sure of success (the Risk Informed Management of Enterprise Security (RIMES) methodology). Scenarios with lower levels of difficulty can then be addressed through design changes or improvements to the physical protection system. This work evaluates the level of difficulty of a number of attack scenarios for Small Modular Reactors (SMRs), and provides insight to help designers optimize the protection of their facilities. The methodology and general insights are described here.

Abstract not provided.

Safeguards and security systems for nuclear facilities include material control and accounting (MC&A) and a physical protection system (PPS) to protect against theft, sabotage and other malevolent human acts. The insider threat is most often addressed as part of the evaluation of a facility's PPS. A PPS is evaluated using probabilistic analysis of adversary paths on the basis of detection, delay, and response timelines to determine timely detection. Because insider adversaries have access to, knowledge of, and authority for facility operations, the PPS actually provides minimal protection against the insider threat. By monitoring and tracking critical materials, MC&A activities are an important protection element against inside adversaries. Timely detection for MC&A activities, however, has been difficult to determine so that for the most part, the effectiveness of these activities has not been explicitly incorporated in the insider threat evaluation of a PPS. This paper presents research on a new approach to incorporate MC&A protection elements explicitly within the existing probabilistic path analysis methodology. MC&A activities, from monitoring to inventory measurements, provide many, often recurring opportunities to determine the status of critical items, including detection of missing materials. Human reliability analysis methods for nuclear power plant operations are used to determine human error probabilities to characterize the detection capabilities of MC&A activities. An object-based state machine paradigm was developed to characterize the path elements and timing of an insider theft scenario as a race against MC&A detection that can move a facility from a normal state to an alert state having additional detection opportunities. Event sequence diagrams describe insider paths through the PPS and also incorporate MC&A activities as path elements. To address the insider threat, this work establishes a probabilistic basis for timely MC&A detection and methods to evaluate the effectiveness of MC&A activities explicitly within the existing path analysis methodology. © 2012 IEEE.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Nuclear fuel reprocessing plants contain a wealth of plant monitoring data including material measurements, process monitoring, administrative procedures, and physical protection elements. Future facilities are moving in the direction of highly-integrated plant monitoring systems that make efficient use of the plant data to improve monitoring and reduce costs. The Separations and Safeguards Performance Model (SSPM) is an analysis tool that is used for modeling advanced monitoring systems and to determine system response under diversion scenarios. This report both describes the architecture for such a future monitoring system and present results under various diversion scenarios. Improvements made in the past year include the development of statistical tests for detecting material loss, the integration of material balance alarms to improve physical protection, and the integration of administrative procedures. The SSPM has been used to demonstrate how advanced instrumentation (as developed in the Material Protection, Accounting, and Control Technologies campaign) can benefit the overall safeguards system as well as how all instrumentation is tied into the physical protection system. This concept has the potential to greatly improve the probability of detection for both abrupt and protracted diversion of nuclear material.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Given the uncertain future of the proposed Yucca Mountain Repository for final disposal of used light water reactor fuel, the tactical strategy is to store used nuclear fuel (UNF) at utility sites in either pool or dry cask storage systems. Although no time threshold has been defined, the current recommendation for long-term management of UNF is 300 years. This presents possible regulatory and technical issues for both storage safety and security. This paper discusses ongoing work in address security for long-term storage of UNF. Previous work focused on an assessment of security requirements for the U.S. Nuclear Regulatory Commission and the U.S. Department of Energy. In addition, it has been determined that the dose rates for UNF will fall below the current 100 rem/hour self-protection threshold after 70 to 120 years. Work continues to address issues associated with maintaining security for long-term storage of UNF. Extending the self-protection concept and plans for performing assessments of the long-term security risk will be discussed. This work is part of a larger effort to develop concepts for a demonstration UNF storage site and to develop a technical basis for long-term storage of UNF and the associated transportation.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Material control and accountability (MC&A) operations that track and account for critical assets at nuclear facilities provide a key protection approach for defeating insider adversaries. MC&A activities, from monitoring to inventory measurements, provide critical information about target materials and define security elements that are useful against insider threats. However, these activities have been difficult to characterize in ways that are compatible with the path analysis methods that are used to systematically evaluate the effectiveness of a site's protection system. The path analysis methodology focuses on a systematic, quantitative evaluation of the physical protection component of the system for potential external threats, and often calculates the probability that the physical protection system (PPS) is effective (PE) in defeating an adversary who uses that attack pathway. In previous work, Dawson and Hester observed that many MC&A activities can be considered a type of sensor system with alarm and assessment capabilities that provide reccurring opportunities for "detecting" the status of critical items. This work has extended that characterization of MC&A activities as probabilistic sensors that are interwoven within each protection layer of the PPS. In addition, MC&A activities have similar characteristics to operator tasks performed in a nuclear power plant (NPP) in that the reliability of these activities depends significantly on human performance. Many of the procedures involve human performance in checking for anomalous conditions. Further characterization of MC&A activities as operational procedures that check the status of critical assets provides a basis for applying human reliability analysis (HRA) models and methods to determine probabilities of detection for MC&A protection elements. This paper will discuss the application of HRA methods used in nuclear power plant probabilistic risk assessments to define detection probabilities and to formulate "timely detection" for MC&A operations. This work has enabled the development of an integrated path analysis methodology in which MC&A operations can be combined with traditional sensor data in the calculation of PPS effectiveness. Explicitly incorporating MC&A operations into the existing evaluation methodology provides the basis for an effectiveness measure for insider threats, and the resulting PE calculations will provide an integrated effectiveness measure that addresses both external and insider threats. The extended path analysis methodology is being further investigated as the basis for including the PPS and MC&A activities in an integrated safeguards and security system for advanced fuel cycle facilities. Copyright © 2011 by ASME.

Material control and accounting (MC&A) safeguards operations that track and account for critical assets at nuclear facilities provide a key protection approach for defeating insider adversaries. These activities, however, have been difficult to characterize in ways that are compatible with the probabilistic path analysis methods that are used to systematically evaluate the effectiveness of a site's physical protection (security) system (PPS). MC&A activities have many similar characteristics to operator procedures performed in a nuclear power plant (NPP) to check for anomalous conditions. This work applies human reliability analysis (HRA) methods and models for human performance of NPP operations to develop detection probabilities for MC&A activities. This has enabled the development of an extended probabilistic path analysis methodology in which MC&A protections can be combined with traditional sensor data in the calculation of PPS effectiveness. The extended path analysis methodology provides an integrated evaluation of a safeguards and security system that addresses its effectiveness for attacks by both outside and inside adversaries.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Material control and accounting (MC&A) safeguards operations that track and account for critical assets at nuclear facilities provide a key protection approach for defeating insider adversaries. These activities, however, have been difficult to characterize in ways that are compatible with the probabilistic path analysis methods that are used to systematically evaluate the effectiveness of a site's physical protection (security) system (PPS). MC&A activities have many similar characteristics to operator procedures performed in a nuclear power plant (NPP) to check for anomalous conditions. This work applies human reliability analysis (HRA) methods and models for human performance of NPP operations to develop detection probabilities for MC&A activities. This has enabled the development of an extended probabilistic path analysis methodology in which MC&A protections can be combined with traditional sensor data in the calculation of PPS effectiveness. The extended path analysis methodology provides an integrated evaluation of a safeguards and security system that addresses its effectiveness for attacks by both outside and inside adversaries.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Traditional safeguards and security design for fuel cycle facilities is done separately and after the facility design is near completion. This can result in higher costs due to retrofits and redundant use of data. Future facilities will incorporate safeguards and security early in the design process and integrate the systems to make better use of plant data and strengthen both systems. The purpose of this project was to evaluate the integration of materials control and accounting (MC&A) measurements with physical security design for a nuclear reprocessing plant. Locations throughout the plant where data overlap occurs or where MC&A data could be a benefit were identified. This mapping is presented along with the methodology for including the additional data in existing probabilistic assessments to evaluate safeguards and security systems designs.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Next generation nuclear fuel cycle facilities will face strict requirements on security and safeguards of nuclear material. These requirements can result in expensive facilities. The purpose of this project was to investigate how to incorporate safeguards and security into one plant monitoring system early in the design process to take better advantage of all plant process data, to improve confidence in the operation of the plant, and to optimize costs. An existing reprocessing plant materials accountancy model was examined for use in evaluating integration of safeguards (both domestic and international) and security. International safeguards require independent, secure, and authenticated measurements for materials accountability--it may be best to design stand-alone systems in addition to domestic safeguards instrumentation to minimize impact on operations. In some cases, joint-use equipment may be appropriate. Existing domestic materials accountancy instrumentation can be used in conjunction with other monitoring equipment for plant security as well as through the use of material assurance indicators, a new metric for material control that is under development. Future efforts will take the results of this work to demonstrate integration on the reprocessing plant model.

Abstract not provided.

Abstract not provided.

This article describes how features of event tree analysis and Monte Carlo-based discrete event simulation can be combined with concepts from object-oriented analysis to develop a new risk assessment methodology, with some of the best features of each. The resultant object-based event scenario tree (OBEST) methodology enables an analyst to rapidly construct realistic models for scenarios for which an a priori discovery of event ordering is either cumbersome or impossible. Each scenario produced by OBEST is automatically associated with a likelihood estimate because probabilistic branching is integral to the object model definition. The OBEST methodology is then applied to an aviation safety problem that considers mechanisms by which an aircraft might become involved in a runway incursion incident. The resulting OBEST model demonstrates how a close link between human reliability analysis and probabilistic risk assessment methods can provide important insights into aviation safety phenomenology.

Event tree analysis and Monte Carlo-based discrete event simulation have been used in risk assessment studies for many years. This report details how features of these two methods can be combined with concepts from object-oriented analysis to develop a new risk assessment methodology with some of the best features of each. The resultant Object-Based Event Scenarios Tree (OBEST) methodology enables an analyst to rapidly construct realistic models for scenarios for which an a priori discovery of event ordering is either cumbersome or impossible (especially those that exhibit inconsistent or variable event ordering, which are difficult to represent in an event tree analysis). Each scenario produced by OBEST is automatically associated with a likelihood estimate because probabilistic branching is integral to the object model definition. The OBEST method uses a recursive algorithm to solve the object model and identify all possible scenarios and their associated probabilities. Since scenario likelihoods are developed directly by the solution algorithm, they need not be computed by statistical inference based on Monte Carlo observations (as required by some discrete event simulation methods). Thus, OBEST is not only much more computationally efficient than these simulation methods, but it also discovers scenarios that have extremely low probabilities as a natural analytical result--scenarios that would likely be missed by a Monte Carlo-based method. This report documents the OBEST methodology, the demonstration software that implements it, and provides example OBEST models for several different application domains, including interactions among failing interdependent infrastructure systems, circuit analysis for fire risk evaluation in nuclear power plants, and aviation safety studies.

Abstract not provided.

The objectives for the ASP large early release frequency (LERF) model development work is to build a Level 2 containment response model that would capture all of the events necessary to define LERF as outlined in Regulatory Guide 1.174, can be directly interfaced with the existing Level 1 models, is technically correct, can be readily modified to incorporate new information or to represent another plant, and can be executed in SAPHIRE. The ASP LERF models being developed will meet these objectives while providing the NRC with the capability to independently assess the risk impact of plant-specific changes proposed by the utilities that change the nuclear power plants' licensing basis. Together with the ASP Level 1 models, the ASP LERF models provide the NRC with the capability of performing equipment and event assessments to determine their impact on a plant's LERF for internal events during power operation. In addition, the ASP LERF models are capable of being updated to reflect changes in information regarding the system operations and phenomenological events, and of being updated to assess the potential for early fatalities for each LERF sequence. As the ASP Level 1 models evolve to include more analysis capabilities, the LERF models will also be refined to reflect the appropriate level of detail needed to demonstrate the new capabilities. An approach was formulated for the development of detailed LERF models using the NUREG-1150 APET models as a guide. The modifications to the SAPHIRE computer code have allowed the development of these detailed models and the ability to analyze these models in a reasonable time. Ten reference LERF plant models, including six PWR models and four BWR models, which cover a wide variety of containment and nuclear steam supply systems designs, will be complete in 1999. These reference models will be used as the starting point for developing the LERF models for the remaining nuclear power plants.