Performance measures commonly used in systems security engineering tend to be static, linear, and have limited utility in addressing challenges to security performance from increasingly complex risk environments, adversary innovation, and disruptive technologies. Leveraging key concepts from resilience science offers an opportunity to advance next-generation systems security engineering to better describe the complexities, dynamism, and non-linearity observed in security performance—particularly in response to these challenges. This article introduces a multilayer network model and modified Continuous Time Markov Chain model that explicitly captures interdependencies in systems security engineering. The results and insights from a multilayer network model of security for a hypothetical nuclear power plant introduce how network-based metrics can incorporate resilience concepts into performance metrics for next generation systems security engineering.
Resilience has been defined as a priority for the US critical infrastructure. This paper presents a process for incorporating resiliency-derived metrics into security system evaluations. To support this analysis, we used a multi-layer network model (MLN) reflecting the defined security system of a hypothetical nuclear power plant to define what metrics would be useful in understanding a system's ability to absorb perturbation (i.e., system resilience). We defined measures focusing on the system's criticality, rapidity, diversity, and confidence at each network layer, simulated adversary path, and the system as a basis for understanding the system's resilience. For this hypothetical system, our metrics indicated the importance of physical infrastructure to overall system criticality, the relative confidence of physical sensors, and the lack of diversity in assessment activities (i.e., dependence on human evaluations). Refined model design and data outputs will enable more nuanced evaluations into temporal, geospatial, and human behavior considerations. Future studies can also extend these methodologies to capture respond and recover aspects of resilience, further supporting the protection of critical infrastructure.
Protecting high consequence facilities (HCF) from malicious attacks is challenged by today’s increasingly complex, multi-faceted, and interdependent operational environments and threat domains. Building on current approaches, insights from complex systems and network science can better incorporate multidomain interactions observed in HCF security operations. These observations and qualitative HCF security expert data support invoking a multilayer modeling approach for HCF security to shift from a “reactive” to a “proactive” paradigm that better explores HCF security dynamics and resilience not captured in traditional approaches. After exploring these multi-domain interactions, this paper introduces how systems theory and network science insights can be leveraged to describe HCF security as complex, interdependent multilayer directed networks. A hypothetical example then demonstrates the utility of such an approach, followed by a discussion on key insights and implications of incorporating multilayer network analytical performance measures into HCF security.
The design and construction of a nuclear power plant must include robust structures and a security boundary that is difficult to penetrate. For security considerations, the reactors would ideally be sited underground, beneath a massive solid block, which would be too thick to be penetrated by tools or explosives. Additionally, all communications and power transfer lines would also be located underground and would be fortified against any possible design basis threats. Limiting access with difficult-to-penetrate physical barriers is a key aspect for determining response and staffing requirements. Considerations considered in a graded approach to physical protection are described.
Nuclear power plants must be, by design and construction, robust structures and difficult to penetrate. Limiting access with difficult-to-penetrate physical barriers is going to be key for staffing reduction. Ideally, for security, the reactors would be sited underground, beneath a massive solid block, too thick to be penetrated by tools or explosives with all communications and power transfer lines also underground and fortified. Having the minimal possible number of access points and methods to completely block access from these points if a threat is detected will greatly help us justify staffing reduction.
Nuclear power plants must be, by design and construction, robust structures and difficult to penetrate. Ideally, for security, the reactors would be sited underground, beneath a massive solid block, too thick to be penetrated by tools or explosives with all communications and power transfer lines also underground and fortified. Limiting access with difficult-to-penetrate physical barriers is going to be key for determining response and staffing requirements.
Researchers from Sandia National Laboratories (Sandia) and the University of Texas at Austin (UT) conducted this study to explore the effectiveness of commercial artificial neural network (ANN) software to improve insider threat detection and mitigation (ITDM). This study hypothesized that ANNs could be "trainee to learn patterns of organizational behaviors, detect off-normal (or anomalous) deviations from these patterns, and alert when certain types, frequencies, or quantities of deviations emerge. The ReconaSense ANN system was installed at UT's Nuclear Engineering Teaching Laboratory (NETL) and collected 13,653 access control data points and 694 intrusion sensor data points over a three-month period. Preliminary analysis of this baseline data demonstrated regularized patterns of life in the facility, and that off-normal behaviors are detectable under certain situations -- even for a facility with anticipated highly non-routine, operational behaviors. Completion of this pilot study demonstrated how the ReconaSense ANN could be used to identify expected operational patterns and detect unexpected anomalous behaviors in support of a data-analytic approach to ITDM. While additional studies are needed to fully understand and characterize this system, the results of this initial study are overall very promising for demonstrating a new framework for ITDM utilizing ANNs and data analysis techniques.
Part of the Presidential Policy Directive 21 (PPD-21) (PPD 2013) mandate includes evaluating safety, security, and safeguards (or nonproliferation) mechanisms traditionally implemented within the nuclear reactors, materials, and waste sector of critical infrastructure—including a complex, dynamic set of risks and threats within an all-hazards approach. In response, research out of Sandia National Laboratories (Sandia) explores the ability of systems theory principles (hierarchy and emergence) and complex systems engineering concepts (multidomain interdependence) to better understand and address these risks and threats. Herein, this Sandia research explores the safety, safeguards, and security risks of three different nuclear sector-related activities—spent nuclear fuel transportation, small modular reactors, and portable nuclear power reactors—to investigate the complex and dynamic risk related to the PPD-21-mandated all-hazards approach. This research showed that a systems-theoretic approach can better identify inter-dependencies, conflicts, gaps, and leverage points across traditional safety, security, and safeguards hazard mitigation strategies in the nuclear reactors, materials, and waste sector. Resulting from this, mitigation strategies from applying systems theoretic principles and complex systems engineering concepts can be (1) designed to better capture interdependencies, (2) implemented to better align with real-world operational uncertainties, and (3) evaluated as a systems-level whole to better identify, characterize, and manage PPD-21's all hazards strategies.
Existing security models are highly linear and fail to capture the rich interactions that occur across security technology, infrastructure, cybersecurity, and human/organizational components. In this work, we will leverage insights from resilience science, complex system theory, and network theory to develop a next-generation security model based on these interactions to address challenges in complex, nonlinear risk environments and against innovative and disruptive technologies. Developing such a model is a key step forward toward a dynamic security paradigm (e.g., shifting from detection to anticipation) and establishing the foundation for designing next-generation physical security systems against evolving threats in uncontrolled or contested operational environments.