Performance measures commonly used in systems security engineering tend to be static, linear, and have limited utility in addressing challenges to security performance from increasingly complex risk environments, adversary innovation, and disruptive technologies. Leveraging key concepts from resilience science offers an opportunity to advance next-generation systems security engineering to better describe the complexities, dynamism, and non-linearity observed in security performance—particularly in response to these challenges. This article introduces a multilayer network model and modified Continuous Time Markov Chain model that explicitly captures interdependencies in systems security engineering. The results and insights from a multilayer network model of security for a hypothetical nuclear power plant introduce how network-based metrics can incorporate resilience concepts into performance metrics for next generation systems security engineering.
Vital Area Identification (VAI) is an important element in securing nuclear facilities, including the range of recently proposed advanced reactors (AR). As ARs continue to develop and progress to licensure status, it will be necessary to ensure that safety analysis methods are compatible with the new reactor designs. These reactors tout inherently passive safety systems that drastically reduce the number of active components whose failures need to be considered as basic events in a Level 1 probabilistic risk assessment (PRA). Instead, ARs rely on natural processes for their safety, which may be difficult to capture through the use of fault trees (FTs) and subsequently difficult to determine the effects of lost equipment when completing a traditional VAI analysis. Traditional VAI methodology incorporates FTs from Level 1 PRA as a substantial portion of the effort to identify candidate vital area sets. The outcome of VAI is a selected set of areas deemed vital which must be protected in order to prevent radiological sabotage. An alternative methodology is proposed to inform the VAI process and selection of vital areas: Systems-Theoretic Process Analysis (STPA). STPA is a systems-based, top-down approach which analyzes a system as a hierarchical control structure composed of components (both those that are controlled and their controllers) and controlled actions taken by/acted upon those components. The control structure is then analyzed based on several situational parameters, including a time component, to produce a list of scenarios which may lead to system losses. A case study is presented to demonstrate how STPA can be used to inform VAI for ARs.
Multilayered networks (MLN), when integrated with traditional task analyses, offer a model-based approach to describe human performance in nuclear power plant security. MLNs demonstrate the interconnected links between security-related roles, security operating procedures, and technical components within a security system. However, when used in isolation, MLNs and task analyses may not fully reveal the impacts humans have within a security system. Thus, the Systems Context Lenses were developed to enhance design for and analysis of desired complex system behaviors, like security at Nuclear Power Plants (NPPs). The System Context Lenses integrate systems engineering concepts and human factors considerations to describe how human actors interact within (and across) the system design, operational environment, and sociotechnical context. Through application of the Systems Context Lenses, critical Performance Shaping Factors (PSFs) influencing human performance can be identified and used to analytically connect human actions with technical and environmental resources in an MLN. This paper summarizes the benefit of a tiered-lens approach on a use case of a multilayered network model of NPP security, including demonstrating how NPP security performance can be improved by more robustly incorporating varying human, institutional, and broader socio-technical interactions.
The design and construction of a nuclear power plant must include robust structures and a security boundary that is difficult to penetrate. For security considerations, the reactors would ideally be sited underground, beneath a massive solid block, which would be too thick to be penetrated by tools or explosives. Additionally, all communications and power transfer lines would also be located underground and would be fortified against any possible design basis threats. Limiting access with difficult-to-penetrate physical barriers is a key aspect for determining response and staffing requirements. Considerations considered in a graded approach to physical protection are described.
Nuclear power plants must be, by design and construction, robust structures and difficult to penetrate. Limiting access with difficult-to-penetrate physical barriers is going to be key for staffing reduction. Ideally, for security, the reactors would be sited underground, beneath a massive solid block, too thick to be penetrated by tools or explosives with all communications and power transfer lines also underground and fortified. Having the minimal possible number of access points and methods to completely block access from these points if a threat is detected will greatly help us justify staffing reduction.
Nuclear power plants must be, by design and construction, robust structures and difficult to penetrate. Ideally, for security, the reactors would be sited underground, beneath a massive solid block, too thick to be penetrated by tools or explosives with all communications and power transfer lines also underground and fortified. Limiting access with difficult-to-penetrate physical barriers is going to be key for determining response and staffing requirements.
Researchers from Sandia National Laboratories (Sandia) and the University of Texas at Austin (UT) conducted this study to explore the effectiveness of commercial artificial neural network (ANN) software to improve insider threat detection and mitigation (ITDM). This study hypothesized that ANNs could be "trainee to learn patterns of organizational behaviors, detect off-normal (or anomalous) deviations from these patterns, and alert when certain types, frequencies, or quantities of deviations emerge. The ReconaSense ANN system was installed at UT's Nuclear Engineering Teaching Laboratory (NETL) and collected 13,653 access control data points and 694 intrusion sensor data points over a three-month period. Preliminary analysis of this baseline data demonstrated regularized patterns of life in the facility, and that off-normal behaviors are detectable under certain situations -- even for a facility with anticipated highly non-routine, operational behaviors. Completion of this pilot study demonstrated how the ReconaSense ANN could be used to identify expected operational patterns and detect unexpected anomalous behaviors in support of a data-analytic approach to ITDM. While additional studies are needed to fully understand and characterize this system, the results of this initial study are overall very promising for demonstrating a new framework for ITDM utilizing ANNs and data analysis techniques.
Part of the Presidential Policy Directive 21 (PPD-21) (PPD 2013) mandate includes evaluating safety, security, and safeguards (or nonproliferation) mechanisms traditionally implemented within the nuclear reactors, materials, and waste sector of critical infrastructure—including a complex, dynamic set of risks and threats within an all-hazards approach. In response, research out of Sandia National Laboratories (Sandia) explores the ability of systems theory principles (hierarchy and emergence) and complex systems engineering concepts (multidomain interdependence) to better understand and address these risks and threats. Herein, this Sandia research explores the safety, safeguards, and security risks of three different nuclear sector-related activities—spent nuclear fuel transportation, small modular reactors, and portable nuclear power reactors—to investigate the complex and dynamic risk related to the PPD-21-mandated all-hazards approach. This research showed that a systems-theoretic approach can better identify inter-dependencies, conflicts, gaps, and leverage points across traditional safety, security, and safeguards hazard mitigation strategies in the nuclear reactors, materials, and waste sector. Resulting from this, mitigation strategies from applying systems theoretic principles and complex systems engineering concepts can be (1) designed to better capture interdependencies, (2) implemented to better align with real-world operational uncertainties, and (3) evaluated as a systems-level whole to better identify, characterize, and manage PPD-21's all hazards strategies.
Existing security models are highly linear and fail to capture the rich interactions that occur across security technology, infrastructure, cybersecurity, and human/organizational components. In this work, we will leverage insights from resilience science, complex system theory, and network theory to develop a next-generation security model based on these interactions to address challenges in complex, nonlinear risk environments and against innovative and disruptive technologies. Developing such a model is a key step forward toward a dynamic security paradigm (e.g., shifting from detection to anticipation) and establishing the foundation for designing next-generation physical security systems against evolving threats in uncontrolled or contested operational environments.
Growing interest in compact, easily transportable sources of baseload electricity has manifested in the proposal and early deployment of portable nuclear reactors (PNRs). PNRs are sought because they are scalable, efficient, and cost-effective for meeting energy demands in unique, remote, or contested areas. For example, Russia's KLT-40S Akademik Lomonosov is a floating nuclear power plant (FNPP) that successfully reached the Arctic coastal city of Pevek. It began providing power to the local grid in December 2019. While providing such key advantages as having a highly flexible power generation mechanism, FNPPs appear to directly challenge international norms and conventions for nuclear safety, safeguards, and security. FNPPs are neither a purely fixed nuclear fuel cycle activity nor a purely transportation-based nuclear fuel cycle activity. In response, Sandia's Mitigating International Nuclear Enogy Risks (MINER) research perspective frames this discussion in terms of risk complexity and the interdependencies between safety, safeguards, and security in FNPPs, and PNRs more generally. This systems study is a technically rigorous analysis of the safety, safeguards, and security risks of FNPP technologies. This research's aims are three-fold. The first aim is to provide analytical evidence to support safety, safeguards, and security claims related to PNRs and FNPPs (Study Report Volume I). Second, this study aims to introduce a systems- theoretic approach for exploring interdependencies between the technical evaluations (Study Report Volume II). The third aim is to show Sandia's ability for prompt, rigorous, and technical analysis to support emerging complex MINER mission objectives.
The Gulf Nuclear Energy Infrastructure Institute (GNEII) at Khalifa University of Science and Technology was created as a regional institute offering education, research and technical services to support nuclear energy safety, security and safeguards (3S) objectives. A mixed methods approach—using the (1) Course Evaluation, (2) GNEH Alumni Survey, (3) Capstone Project and, (4) GNEII-Related Literature data sets—was used to evaluate the effect of implementing this multidisciplinary `3S' educational program and the broader impact of the associated `3S' multidisciplinary institute on nuclear energy human resource development. Data sets (1), (2) and (3) illustrate how well GNEII implemented this novel 3S curriculum and resulted in successful knowledge transfer. Data sets (2), (3) and (4) illustrate how well GNEII's impact has positively influenced professional workplace behaviors and the institute's broader reputation to support responsible nuclear energy program education. Furthermore, GNEII demonstrates one option for successfully providing a multidisciplinary, 3S curriculum to support broader nuclear infrastructure and human resource development aims.
This chapter first describes the traditional view of “context” in systems engineering and identifies challenges to this view related to “the Fourth Industrial Revolution”. It then explores gaps in traditional views, introduces nontraditional approaches to context for systems, and provides more detail on the “context of use” concept for advanced systems engineering. In response to technological evolution(s), advanced systems engineering should seek to more clearly and comprehensively describe operating environments - to include accounting for contextual descriptions consisting of the interrelated human behavior, social, and organizational factors that impact system performance and success. Three academic literatures - systems theory, organization science, and engineering systems - offer insights to better understand and incorporate context into advanced systems engineering. To further make the case for including the context of use in advanced systems engineering, the chapter explores improving systems engineering approaches for security at high consequence facilities.
The Gulf Nuclear Energy Infrastructure Institute (GNEII—pronounced "genie") seeks to develop expertise among future leaders of Gulf-region nuclear power programs in global standards, norms and best practices in nuclear energy programs. More specifically, the institute aims to contribute to the enhancement of nuclear security, safety, and safeguards (the so-called nuclear "3S") by providing an avenue for regional nuclear interaction, technical collaboration, lessons-learned discussions, and best-practices sharing. It is a multidisciplinary human capacity development institute offering education, research and technical services to support responsible nuclear energy programs in the Gulf and Middle East regions. In this Joint Report, Chapter 2 discusses GNEII's origins (including drivers, milestones, and design principles), Chapter 3 discusses GNEII's objectives (including goals, mission, and vision), Chapter 4 discusses GNEII's operations (including education, research, and technical service pillars), Chapter 5 discusses major insights and next steps, and Chapter 6 provides a list of publications offering additional depictions and details of GNEII's evolution. Though only one piece of a multi-faceted, multi-national effort to develop human infrastructure needs for nascent nuclear energy programs, GNEII offers a model that addresses the socio-technical attributes of nuclear 3S that can be replicated globally.