Publications

Abstract not provided.

The charter for adversarial delay is to hinder access to critical resources through the use of physical systems increasing an adversarys task time. The traditional method for characterizing access delay has been a simple model focused on accumulating times required to complete each task with little regard to uncertainty, complexity, or decreased efficiency associated with multiple sequential tasks or stress. The delay associated with any given barrier or path is further discounted to worst-case, and often unrealistic, times based on a high-level adversary, resulting in a highly conservative calculation of total delay. This leads to delay systems that require significant funding and personnel resources in order to defend against the assumed threat, which for many sites and applications becomes cost prohibitive. A new methodology has been developed that considers the uncertainties inherent in the problem to develop a realistic timeline distribution for a given adversary path. This new methodology incorporates advanced Bayesian statistical theory and methodologies, taking into account small sample size, expert judgment, human factors and threat uncertainty. The result is an algorithm that can calculate a probability distribution function of delay times directly related to system risk. Through further analysis, the access delay analyst or end user can use the results in making informed decisions while weighing benefits against risks, ultimately resulting in greater system effectiveness with lower cost.

Abstract not provided.

Physical security analyses for nuclear reactors have historically sought to ensure that there is an acceptably low probability of success for a "design basis" adversary to accomplish a theft or sabotage objective, even for the adversary's most advantageous path. While some have used probabilistic risk assessment to characterize these risks, the lack of a validated attack frequency, among other things, has made this difficult. Recent work at Sandia National Laboratories (SNL) characterizes a facility's security risk for a scenario in terms of level of difficulty an adversary would encounter in order to be reasonably sure of success (the Risk Informed Management of Enterprise Security (RIMES) methodology). Scenarios with lower levels of difficulty can then be addressed through design changes or improvements to the physical protection system. This work evaluates the level of difficulty of a number of attack scenarios for Small Modular Reactors (SMRs), and provides insight to help designers optimize the protection of their facilities. The methodology and general insights are described here.

Abstract not provided.

Abstract not provided.

Abstract not provided.

This report presents the answers that an informal and unfunded group at SNL provided for questions concerning computer security posed by Jim Gosler, Sandia Fellow (00002). The primary purpose of this report is to record our current answers; hopefully those answers will turn out to be answers indeed. The group was formed in November 2010. In November 2010 Jim Gosler, Sandia Fellow, asked several of us several pointed questions about computer security metrics. Never mind that some of the best minds in the field have been trying to crack this nut without success for decades. Jim asked Campbell to lead an informal and unfunded group to answer the questions. With time Jim invited several more Sandians to join in. We met a number of times both with Jim and without him. At Jim's direction we contacted a number of people outside Sandia who Jim thought could help. For example, we interacted with IBM's T.J. Watson Research Center and held a one-day, videoconference workshop with them on the questions.

Abstract not provided.

Given the uncertain future of the proposed Yucca Mountain Repository for final disposal of used light water reactor fuel, the tactical strategy is to store used nuclear fuel (UNF) at utility sites in either pool or dry cask storage systems. Although no time threshold has been defined, the current recommendation for long-term management of UNF is 300 years. This presents possible regulatory and technical issues for both storage safety and security. This paper discusses ongoing work in address security for long-term storage of UNF. Previous work focused on an assessment of security requirements for the U.S. Nuclear Regulatory Commission and the U.S. Department of Energy. In addition, it has been determined that the dose rates for UNF will fall below the current 100 rem/hour self-protection threshold after 70 to 120 years. Work continues to address issues associated with maintaining security for long-term storage of UNF. Extending the self-protection concept and plans for performing assessments of the long-term security risk will be discussed. This work is part of a larger effort to develop concepts for a demonstration UNF storage site and to develop a technical basis for long-term storage of UNF and the associated transportation.

Given the uncertain future of the proposed Yucca Mountain Repository for final disposal of used light water reactor fuel, the tactical strategy is to store used nuclear fuel (UNF) at utility sites in either pool or dry cask storage systems. Although no time threshold has been defined, the current recommendation for long-term management of UNF is 300 years. This presents possible regulatory and technical issues for both storage safety and security. This paper discusses ongoing work in address security for long-term storage of UNF. Previous work focused on an assessment of security requirements for the U.S. Nuclear Regulatory Commission and the U.S. Department of Energy. In addition, it has been determined that the dose rates for UNF will fall below the current 100 rem/hour self-protection threshold after 70 to 120 years. Work continues to address issues associated with maintaining security for long-term storage of UNF. Extending the self-protection concept and plans for performing assessments of the long-term security risk will be discussed. This work is part of a larger effort to develop concepts for a demonstration UNF storage site and to develop a technical basis for long-term storage of UNF and the associated transportation.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Material control and accountability (MC&A) operations that track and account for critical assets at nuclear facilities provide a key protection approach for defeating insider adversaries. MC&A activities, from monitoring to inventory measurements, provide critical information about target materials and define security elements that are useful against insider threats. However, these activities have been difficult to characterize in ways that are compatible with the path analysis methods that are used to systematically evaluate the effectiveness of a site's protection system. The path analysis methodology focuses on a systematic, quantitative evaluation of the physical protection component of the system for potential external threats, and often calculates the probability that the physical protection system (PPS) is effective (PE) in defeating an adversary who uses that attack pathway. In previous work, Dawson and Hester observed that many MC&A activities can be considered a type of sensor system with alarm and assessment capabilities that provide reccurring opportunities for "detecting" the status of critical items. This work has extended that characterization of MC&A activities as probabilistic sensors that are interwoven within each protection layer of the PPS. In addition, MC&A activities have similar characteristics to operator tasks performed in a nuclear power plant (NPP) in that the reliability of these activities depends significantly on human performance. Many of the procedures involve human performance in checking for anomalous conditions. Further characterization of MC&A activities as operational procedures that check the status of critical assets provides a basis for applying human reliability analysis (HRA) models and methods to determine probabilities of detection for MC&A protection elements. This paper will discuss the application of HRA methods used in nuclear power plant probabilistic risk assessments to define detection probabilities and to formulate "timely detection" for MC&A operations. This work has enabled the development of an integrated path analysis methodology in which MC&A operations can be combined with traditional sensor data in the calculation of PPS effectiveness. Explicitly incorporating MC&A operations into the existing evaluation methodology provides the basis for an effectiveness measure for insider threats, and the resulting PE calculations will provide an integrated effectiveness measure that addresses both external and insider threats. The extended path analysis methodology is being further investigated as the basis for including the PPS and MC&A activities in an integrated safeguards and security system for advanced fuel cycle facilities. Copyright © 2011 by ASME.

Abstract not provided.

Decision-makers want to perform risk-based cost-benefit prioritization of security investments. However, strong nonlinearities in the most common physical security performance metric make it difficult to use for cost-benefit analysis. This paper extends the definition of risk for security applications and embodies this definition in a new but related security risk metric based on the degree of difficulty an adversary will encounter to successfully execute the most advantageous attack scenario. This metric is compatible with traditional cost-benefit optimization algorithms, and can lead to an objective risk-based cost-benefit method for security investment option prioritization. It also enables decision-makers to more effectively communicate the justification for their investment decisions with stakeholders and funding authorities. ©2010 IEEE.

Material control and accounting (MC&A) safeguards operations that track and account for critical assets at nuclear facilities provide a key protection approach for defeating insider adversaries. These activities, however, have been difficult to characterize in ways that are compatible with the probabilistic path analysis methods that are used to systematically evaluate the effectiveness of a site's physical protection (security) system (PPS). MC&A activities have many similar characteristics to operator procedures performed in a nuclear power plant (NPP) to check for anomalous conditions. This work applies human reliability analysis (HRA) methods and models for human performance of NPP operations to develop detection probabilities for MC&A activities. This has enabled the development of an extended probabilistic path analysis methodology in which MC&A protections can be combined with traditional sensor data in the calculation of PPS effectiveness. The extended path analysis methodology provides an integrated evaluation of a safeguards and security system that addresses its effectiveness for attacks by both outside and inside adversaries.

Abstract not provided.