Felicia Angelica Duran

Building A System For Insider Security

Current protection strategies against insider adversaries are expensive, intrusive, not systematically implemented, and operated independently; too often, such strategies are defeated. The authors provide a systems-based framework and model for understanding important elements, their interactions, interdependencies, and gaps for insider security.

Modeling and design of integrated safeguards and security for an electrochemical reprocessing facility.

Electrochemical reprocessing of spent nuclear fuel may be an alternative to aqueous processing and is considered more attractive for fast reactor fuel cycles. Molten salt processing of the fuel may simplify the number of processing steps, but the nuclear industry worldwide has much less operational experience with this technology, including safeguards and security. As interest in electrochemical processing grows in the U.S. and other countries, it is important to understand how to address materials accountancy and security in this unique environment. For this work, a model of a commercial-scale electrochemical plant was developed in Matlab Simulink for design and analysis of integrated safeguards and security systems. The model tracks the mass flow rates of the fuel and salt through the various unit operations and simulates materials accountancy, process monitoring measurements, and physical protection. These measurements are then used to calculate inventory balances during normal operation and diversion scenarios. The model analysis enables one to identify various strategies and options for safeguarding nuclear material, contingent upon the feasibility of the measurement technology. This paper describes the model development, measurement options and strategies, and performance under diversion scenarios.

An Object-Oriented Approach to Risk and Reliability Analysis: Methodology and Aviation Safety Applications

This article describes how features of event tree analysis and Monte Carlo–based discrete event simulation can be combined with concepts from object-oriented analysis to develop a new risk assessment methodology, with some of the best features of each. The resultant object-based event scenario tree (OBEST) methodology enables an analyst to rapidly construct realistic models for scenarios for which an a priori discovery of event ordering is either cumbersome or impossible. Each scenario produced by OBEST is automatically associated with a likelihood estimate because probabilistic branching is integral to the object model definition. The OBEST methodology is then applied to an aviation safety problem that considers mechanisms by which an aircraft might become involved in a runway incursion incident. The resulting OBEST model demonstrates how a close link between human reliability analysis and probabilistic risk assessment methods can provide important insights into aviation safety phenomenology.

OBEST: The Object-Based Event Scenario Tree Methodology

Event tree analysis and Monte Carlo-based discrete event simulation have been used in risk assessment studies for many years. This report details how features of these two methods can be combined with concepts from object-oriented analysis to develop a new risk assessment methodology with some of the best features of each. The resultant Object-Based Event Scenarios Tree (OBEST) methodology enables an analyst to rapidly construct realistic models for scenarios for which an a priori discovery of event ordering is either cumbersome or impossible (especially those that exhibit inconsistent or variable event ordering, which are difficult to represent in an event tree analysis). Each scenario produced by OBEST is automatically associated with a likelihood estimate because probabilistic branching is integral to the object model definition. The OBEST method uses a recursive algorithm to solve the object model and identify all possible scenarios and their associated probabilities. Since scenario likelihoods are developed directly by the solution algorithm, they need not be computed by statistical inference based on Monte Carlo observations (as required by some discrete event simulation methods). Thus, OBEST is not only much more computationally efficient than these simulation methods, but it also discovers scenarios that have extremely low probabilities as a natural analytical result--scenarios that would likely be missed by a Monte Carlo-based method. This report documents the OBEST methodology, the demonstration software that implements it, and provides example OBEST models for several different application domains, including interactions among failing interdependent infrastructure systems, circuit analysis for fire risk evaluation in nuclear power plants, and aviation safety studies.

Probabilistic basis and assessment methodology for effectiveness of protecting nuclear materials

Safeguards and security systems for nuclear facilities include material control and accounting (MC&A) and a physical protection system (PPS) to protect against theft, sabotage and other malevolent human acts. The insider threat is most often addressed as part of the evaluation of a facilitys PPS. A PPS is evaluated using probabilistic analysis of adversary paths on the basis of detection, delay, and response timelines to determine timely detection. Because insider adversaries have access to, knowledge of, and authority for facility operations, the PPS actually provides minimal protection against the insider threat. By monitoring and tracking critical materials, MC&A activities are an important protection element against inside adversaries. Timely detection for MC&A activities, however, has been difficult to determine so that for the most part, the effectiveness of these activities has not been explicitly incorporated in the insider threat evaluation of a PPS. This paper presents research on a new approach to incorporate MC&A protection elements explicitly within the existing probabilistic path analysis methodology. MC&A activities, from monitoring to inventory measurements, provide many, often recurring opportunities to determine the status of critical items, including detection of missing materials. Human reliability analysis methods for nuclear power plant operations are used to determine human error probabilities to characterize the detection capabilities of MC&A activities. An object-based state machine paradigm was developed to characterize the path elements and timing of an insider theft scenario as a race against MC&A detection that can move a facility from a normal state to an alert state having additional detection opportunities. Event sequence diagrams describe insider paths through the PPS and also incorporate MC&A activities as path elements. To address the insider threat, this work establishes a probabilistic basis for timely MC&A detection and methods to evaluate the effectiveness of MC&A activities explicitly within the existing path analysis methodology.

Evaluation of the Applicability of Existing Nuclear Power Plant Regulatory Requirements in the U.S. to Advanced Small Modular Reactors

The current wave of small modular reactor (SMR) designs all have the goal of reducing the cost of management and operations. By optimizing the system, the goal is to make these power plants safer, cheaper to operate and maintain, and more secure. In particular, the reduction in plant staffing can result in significant cost savings. The introduction of advanced reactor designs and increased use of advanced automation technologies in existing nuclear power plants will likely change the roles, responsibilities, composition, and size of the crews required to control plant operations. Similarly, certain security staffing requirements for traditional operational nuclear power plants may not be appropriate or necessary for SMRs due to the simpler, safer and more automated design characteristics of SMRs. As a first step in a process to identify where regulatory requirements may be met with reduced staffing and therefore lower cost, this report identifies the regulatory requirements and associated guidance utilized in the licensing of existing reactors. The potential applicability of these regulations to advanced SMR designs is identified taking into account the unique features of these types of reactors.

Human Reliability-Based MC&A Methods for Evaluating the Effectiveness of Protecting Nuclear Material

Material control and accountability (MC&A) operations that track and account for critical assets at nuclear facilities provide a key protection approach for defeating insider adversaries. MC&A activities, from monitoring to inventory measurements, provide critical information about target materials and define security elements that are useful against insider threats. However, these activities have been difficult to characterize in ways that are compatible with the path analysis methods that are used to systematically evaluate the effectiveness of a site’s protection system. The path analysis methodology focuses on a systematic, quantitative evaluation of the physical protection component of the system for potential external threats, and often calculates the probability that the physical protection system (PPS) is effective (PE ) in defeating an adversary who uses that attack pathway. In previous work, Dawson and Hester observed that many MC&A activities can be considered a type of sensor system with alarm and assessment capabilities that provide reccurring opportunities for “detecting” the status of critical items. This work has extended that characterization of MC&A activities as probabilistic sensors that are interwoven within each protection layer of the PPS. In addition, MC&A activities have similar characteristics to operator tasks performed in a nuclear power plant (NPP) in that the reliability of these activities depends significantly on human performance. Many of the procedures involve human performance in checking for anomalous conditions. Further characterization of MC&A activities as operational procedures that check the status of critical assets provides a basis for applying human reliability analysis (HRA) models and methods to determine probabilities of detection for MC&A protection elements. This paper will discuss the application of HRA methods used in nuclear power plant probabilistic risk assessments to define detection probabilities and to formulate “timely detection” for MC&A operations. This work has enabled the development of an integrated path analysis methodology in which MC&A operations can be combined with traditional sensor data in the calculation of PPS effectiveness. Explicitly incorporating MC&A operations into the existing evaluation methodology provides the basis for an effectiveness measure for insider threats, and the resulting PE calculations will provide an integrated effectiveness measure that addresses both external and insider threats. The extended path analysis methodology is being further investigated as the basis for including the PPS and MC&A activities in an integrated safeguards and security system for advanced fuel cycle facilities.Copyright