Publications

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

International nuclear safeguards are technical measures implemented by the International Atomic Energy Agency (IAEA) to verify the correctness and completeness of declarations made by States about their nuclear activities. The systems used to verify such activities include electronic and digital hardware and software components capable of data collection, processing, analysis, storage and transmission. Despite increasing efforts to protect digital systems against unauthorized access or attack through cybersecurity measures, these systems are not immune to cyber exploitation that could compromise their integrity or reliability. Previous versions of these systems did not include capabilities that exist today, such as BluetoothTM and GPS. The inclusion of these new capabilities, as well as new data processing and storage mechanisms, adds new attack vectors and opportunities for adversaries to exploit the devices that did not previously exist. As mentioned in the above referenced Cybersecurity for Safeguards study, cyber-domain vulnerabilities present risks to the equipment used to perform the international nuclear safeguards mission. The IAEA has produced guidance on the protection of nuclear facilities and their computer systems against cyber threats, but these documents do not specifically address the risks to safeguards or safeguards equipment. In response, the U.S. Department of Energy National Nuclear Security Administration (DOE/NNSA) Office of International Nuclear Safeguards/Safeguards Technology Development (NA-241) sponsored Sandia National Laboratories (Sandia, SNL) and the Idaho National Laboratory (Idaho, INL) to conduct a one-year study to evaluate cyber related vulnerabilities in safeguards equipment and develop recommendations for the mitigation of any identified risks.

Sandia National Laboratories has funded the research and development of a new capability to interactively explore the effects of cyber exploits on the performance of physical protection systems. This informal, interim report of progress summarizes the project’s basis and year one (of two) accomplishments. It includes descriptions of confirmed cyber exploits against a representative testbed protection system and details the development of an emulytics capability to support live, virtual, and constructive experiments. This work will support stakeholders to better engineer, operate, and maintain reliable protection systems.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Decision-makers want to perform risk-based cost-benefit prioritization of security investments. However, strong nonlinearities in the most common physical security performance metric make it difficult to use for cost-benefit analysis. This paper extends the definition of risk for security applications and embodies this definition in a new but related security risk metric based on the degree of difficulty an adversary will encounter to successfully execute the most advantageous attack scenario. This metric is compatible with traditional cost-benefit optimization algorithms, and can lead to an objective risk-based cost-benefit method for security investment option prioritization. It also enables decision-makers to more effectively communicate the justification for their investment decisions with stakeholders and funding authorities. ©2010 IEEE.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.