Gregory Dane Wyss

Risk-Based Cost-Benefit Analysis for Security Assessment Problems

Decision-makers want to perform risk-based cost-benefit prioritization of security investments. However, strong nonlinearities in the most common physical security performance metric make it difficult to use for cost-benefit analysis. This paper extends the definition of risk for security applications and embodies this definition in a new but related security risk metric based on the degree of difficulty an adversary will encounter to successfully execute the most advantageous attack scenario. This metric is compatible with traditional cost-benefit optimization algorithms, and can lead to an objective risk-based cost-benefit method for security investment option prioritization. It also enables decision-makers to more effectively communicate the justification for their investment decisions with stakeholders and funding authorities.

Risk-based cost-benefit analysis for security assessment problems

Decision-makers want to perform risk-based cost-benefit prioritization of security investments. However, strong nonlinearities in the most common physical security performance metric make it difficult to use for cost-benefit analysis. This paper extends the definition of risk for security applications and embodies this definition in a new but related security risk metric based on the degree of difficulty an adversary will encounter to successfully execute the most advantageous attack scenario. This metric is compatible with traditional cost-benefit optimization algorithms, and can lead to an objective risk-based cost-benefit method for security investment option prioritization. It also enables decision-makers to more effectively communicate the justification for their investment decisions with stakeholders and funding authorities.

An Object-Oriented Approach to Risk and Reliability Analysis: Methodology and Aviation Safety Applications

This article describes how features of event tree analysis and Monte Carlo–based discrete event simulation can be combined with concepts from object-oriented analysis to develop a new risk assessment methodology, with some of the best features of each. The resultant object-based event scenario tree (OBEST) methodology enables an analyst to rapidly construct realistic models for scenarios for which an a priori discovery of event ordering is either cumbersome or impossible. Each scenario produced by OBEST is automatically associated with a likelihood estimate because probabilistic branching is integral to the object model definition. The OBEST methodology is then applied to an aviation safety problem that considers mechanisms by which an aircraft might become involved in a runway incursion incident. The resulting OBEST model demonstrates how a close link between human reliability analysis and probabilistic risk assessment methods can provide important insights into aviation safety phenomenology.

OBEST: The Object-Based Event Scenario Tree Methodology

Event tree analysis and Monte Carlo-based discrete event simulation have been used in risk assessment studies for many years. This report details how features of these two methods can be combined with concepts from object-oriented analysis to develop a new risk assessment methodology with some of the best features of each. The resultant Object-Based Event Scenarios Tree (OBEST) methodology enables an analyst to rapidly construct realistic models for scenarios for which an a priori discovery of event ordering is either cumbersome or impossible (especially those that exhibit inconsistent or variable event ordering, which are difficult to represent in an event tree analysis). Each scenario produced by OBEST is automatically associated with a likelihood estimate because probabilistic branching is integral to the object model definition. The OBEST method uses a recursive algorithm to solve the object model and identify all possible scenarios and their associated probabilities. Since scenario likelihoods are developed directly by the solution algorithm, they need not be computed by statistical inference based on Monte Carlo observations (as required by some discrete event simulation methods). Thus, OBEST is not only much more computationally efficient than these simulation methods, but it also discovers scenarios that have extremely low probabilities as a natural analytical result--scenarios that would likely be missed by a Monte Carlo-based method. This report documents the OBEST methodology, the demonstration software that implements it, and provides example OBEST models for several different application domains, including interactions among failing interdependent infrastructure systems, circuit analysis for fire risk evaluation in nuclear power plants, and aviation safety studies.

Evidence-Based Techniques for Evaluating Cyber Protection Systems for Critical Infrastructures

Assessing the risk of malevolent attacks against large-scale critical infrastructures requires modifications to existing methodologies. Existing risk assessment methodologies consider physical security and cyber security separately. As such, they do not accurately model attacks that involve defeating both physical protection and cyber protection elements (e.g., hackers turning off alarm systems prior to forced entry). Previous research has developed a risk assessment methodology that accounts for both physical and cyber security, while preserving the traditional security paradigm of detect, delay and respond and accounting for the possibility that a facility may be able to recover from or mitigate the results of a successful attack before serious consequences occur. This research is focused on evidence-based techniques (which are a generalization of probability theory) for evaluating the security posture of the cyber protection systems typically found in critical infrastructure facilities. It presents category-based approaches to characterizing both cyber threats and security primitives such as authentication and network access control. A path-based approach is then used wherein various security primitives protect each link (e.g., attack step) in a given path. The end goal is to evaluate the conditional risk that a given adversary category can traverse an attack path and thereby cause a given consequence of concern. This papers examples focus on cyber-based attack paths

Supply Chain Lifecycle Decision Analytics.

The globalization of todays supply chains (e.g., information and communication technologies, military systems, etc.) has created an emerging security threat that could degrade the integrity and availability of sensitive and critical government data, control systems, and infrastructures. Commercial-off-the-shelf (COTS) and even government-off-the-self (GOTS) products often are designed, developed, and manufactured overseas. Counterfeit items, from individual chips to entire systems, have been found in commercial and government sectors. Supply chain attacks can be initiated at any point during the product or system lifecycle, and can have detrimental effects to mission success. To date, there is a lack of analytics and decision support tools used to analyze supply chain security holistically, and to perform tradeoff analyses to determine how to invest in or deploy possible mitigation options for supply chain security such that the return on investment is optimal with respect to cost, efficiency, and security. This paper discusses the development of a supply chain decision analytics framework that will assist decision makers and stakeholders in performing risk-based cost-benefit prioritization of security investments to manage supply chain risk. Key aspects of our framework include the hierarchical supply chain representation, vulnerability and mitigation modeling, risk assessment and optimization. This work is a part of a long term research effort on supply chain decision analytics for trusted systems and communications research challenge.

Nuclear-Powered Payload Safety

This chapter introduces the concepts of Space Nuclear Power Systems (SNPSs), describes the history and nature of these ingenious energy-generating machines. The basic principles of the Radioisotope Thermoelectric Generator (RTG) and the recently developed Stirling Radioisotope Generator (SRG) are explored and an account of their application in several extra-terrestrial missions is presented. Nuclear fission power as a promising alternative for future outer planet and extra-solar explorations is discussed. The flight safety review and launch approval processes for U.S., as well as the failures and accidents for U.S. and U.S.S.R. (Russian) nuclear powered space missions since 1961 are presented chronologically. A comprehensive probabilistic consequence analysis of all conceivable potential hazards associated with nuclear powered space flights is set out. The chapter concludes with how SNPSs must be designed with the built-in safety features to minimize accidents and to prevent radiation exposure.

Human Reliability-Based MC&A Methods for Evaluating the Effectiveness of Protecting Nuclear Material

Material control and accountability (MC&A) operations that track and account for critical assets at nuclear facilities provide a key protection approach for defeating insider adversaries. MC&A activities, from monitoring to inventory measurements, provide critical information about target materials and define security elements that are useful against insider threats. However, these activities have been difficult to characterize in ways that are compatible with the path analysis methods that are used to systematically evaluate the effectiveness of a site’s protection system. The path analysis methodology focuses on a systematic, quantitative evaluation of the physical protection component of the system for potential external threats, and often calculates the probability that the physical protection system (PPS) is effective (PE ) in defeating an adversary who uses that attack pathway. In previous work, Dawson and Hester observed that many MC&A activities can be considered a type of sensor system with alarm and assessment capabilities that provide reccurring opportunities for “detecting” the status of critical items. This work has extended that characterization of MC&A activities as probabilistic sensors that are interwoven within each protection layer of the PPS. In addition, MC&A activities have similar characteristics to operator tasks performed in a nuclear power plant (NPP) in that the reliability of these activities depends significantly on human performance. Many of the procedures involve human performance in checking for anomalous conditions. Further characterization of MC&A activities as operational procedures that check the status of critical assets provides a basis for applying human reliability analysis (HRA) models and methods to determine probabilities of detection for MC&A protection elements. This paper will discuss the application of HRA methods used in nuclear power plant probabilistic risk assessments to define detection probabilities and to formulate “timely detection” for MC&A operations. This work has enabled the development of an integrated path analysis methodology in which MC&A operations can be combined with traditional sensor data in the calculation of PPS effectiveness. Explicitly incorporating MC&A operations into the existing evaluation methodology provides the basis for an effectiveness measure for insider threats, and the resulting PE calculations will provide an integrated effectiveness measure that addresses both external and insider threats. The extended path analysis methodology is being further investigated as the basis for including the PPS and MC&A activities in an integrated safeguards and security system for advanced fuel cycle facilities.Copyright