Lecture 14 Security P2 AA PDF

Summary

This document covers evaluative methods for nuclear non-proliferation and security, focusing specifically on nuclear security (Part 2). It discusses various aspects of physical protection systems (PPS).

Full Transcript

NUCE 304: Evaluative Methods for Nuclear
Non-proliferation and Security

Nuclear Security (Part 2)

Dr. Ahmed Alkaabi

1
 Four Objectives of State’s Physical
Protection Regime

1. To protect against unauthorized removal:
protecting against theft and other unlawful taking
of nuclear material.
2. To locate and recover missing nuclear material:
ensuring the implementation of rapid and
comprehensive measures to locate and, where
appropriate, recover missing or stolen nuclear
material.
3. To protect against sabotage: protecting nuclear
material and nuclear facilities against sabotage.
4. To mitigate or minimize effects of sabotage:
mitigating or minimizing the radiological
consequences of sabotage.
2
 Stakeholder Responsibilities:
Physical Protection

Physical
Protection
Regime

Physical Protection System

Physical Protection
Measures

People Procedures Equipment

3
 Stakeholder Responsibilities:
State

Establishment,
implementation,
and maintenance of
a physical protection
regime
– All nuclear material in
use and storage
– During transport
– For all nuclear facilities
Goal: Protection of nuclear material and nuclear facilities
Unauthorized removal
Sabotage

4
 Stakeholder Responsibilities:
Competent Authority

Designated by the State with clearly defined
legal status and independent from
– Applicants
– Operators
– Shippers
– Carriers
Provided adequate
– Legal authority
– Competence
– Financial resources
– Human resources
– Inspections
– Guidance
5
– Communication
 Stakeholder Responsibilities:
License Holder
Defined as operators or shipper/carriers

Compliance with regulations
Cooperation and coordination with State entities having
physical protection responsibilities
Material accountancy and control
Development of security plan and contingency plan
Optimum site selection and design
Development and implementation of means and procedures
for evaluation and maintenance of the PPS
Compensatory measures

6
 Elements: Nuclear Material Categorization
(IAEA Categorization)
Material Form Category I Category II Category IIIc
1. Plutonium Unirradiatedb 2 kg or more Less than 2 kg but 500 g or less but
more than 500 g more than 15 g

2. Uranium-235 Unirradiatedb 5 kg or more Less than 5 kg but 1 kg or less but
- Uranium enriched to 20% more than 1 kg more than 15 g
235U or more

- Uranium enriched to 10% 10 kg or more Less than 10 kg but
235U but less than 20% 235 U more than 1 kg

- Uranium enriched above 10 kg or more
natural but less than 10%
235 U

3. Uranium-233 Unirradiatedb 2 kg or more Less than 2 kg but 500 g or less but
more than 500 g more than 15 g

4. Irradiated Fuel (The Depleted or natural
categorization of uranium, thorium or
irradiated fuel in the table low-enriched fuel
is based on international (less than 10% fissile
transport considerations. content)d/e
The State may assign a
different category for
domestic use, storage,
and transportation taking
all relevant factors into
account.)

a
All plutonium except that with isotopic concentration exceeding 80% in plutonium-238.
b
Material not irradiated in a reactor or material irradiated in a reactor but with a radiation level equal to or less than 1 Gy/hr
c
Quantities not falling in Category III and natural uranium; depleted uranium and thorium should be protected at least in accordance with prudent
management practice.
d
Although this level of protection is recommended, it would be open to States, upon evaluation of the specific circumstances, to assign a different
category of physical protection.
e
Other fuel which by virtue of its original material content is classified as Category I or II before irradiation may be reduced one category level
7 while the radiation level from the fuel exceeds 1 Gy/hr (100rad/hr) at one meter unshielded.
 Elements: Sabotage Consequences –
URC and HRC

High
Identify vital areas and protect Radiological
Consequences
Consequences

Graded protection
recommendations based on
Unacceptable
level of potential consequences Radiological
Consequences

Secure and control access to
safety-related equipment

8
 Elements: Graded Approach for
Physical Protection

9
 Elements: Identification and
Assessment of Threats

Design Basis Threat (DBT) only required for
– Category I material protection
High radiological consequence facilities
Otherwise, the State should decide whether to
use a threat assessment or design basis threat
for other nuclear material and nuclear facilities
DBT is recommended for use as a common
basis for design and implementation of PPS
Threat considerations should include
– Insider threat, cyber threats, airborne threat, stand-off
attacks, theft for off-site dispersal

10
 Elements: Recommendations for High
Consequence Facilities

Extra emphasis on sabotage
Includes but not limited to Nuclear Power Plants
Requires protection measures for high
consequence facilities analogous to those for
Category I theft
Discusses protection of vital areas to prevent high
radiological consequences
Better integration with safety measures

11
 Elements: Additional Considerations

Risk management
Graded approach
Defence in depth
Nuclear Security Culture
Performance Testing
Greater Emphasis on
– Insider Threat
– Cyber and Information Security
– Transportation Security
– Contingency Plans

12
 Elements: Contingency Plans
versus Emergency Plans

Contingency Plan Emergency Plan
Includes measures that Consists of measures to
focus on preventing further ensure mitigation or
damage, on securing the minimization of the
nuclear facility, and on radiological consequences
protecting emergency as well as human errors,
equipment and personnel equipment failures and
natural disasters

Contingency plans and emergency plans should be comprehensive
and complementary.

13
 Introduction to Physical Protection System
(PPS)

14
 Objectives of Physical Protection System (PPS)

Protect against unauthorized removal of nuclear
materials during use, storage, and transport (theft)
Protect against sabotage of nuclear facilities and
sabotage of nuclear material during use, storage,
and transport

15
 PPS Design and Evaluation
Approaches

Approach Requirement Metric

Expert Satisfy expert Opinion

Features Include required Presence of features
features

Include required features that Presence of feature and
Component
meet specific standard performance standard
Criteria
System Prevent theft or sabotage System
Performance of nuclear material Effectiveness

INFCIRC/225/Rev. 5 - “The State should define requirements for the PPS”

16
 Expert Approach

Expert: Performs PPS design and evaluation activities
relying on personal knowledge and experience

Example: Experts design and evaluate physical
protection system based on prior personal
experience

17
 Expert Approach

Advantages
Less time (for design/evaluation)
Lower cost
Can be insightful

Disadvantages
No metric
Subjective
Inconsistent (among experts)
Can have a limited focus

18
 Features Approach

Features Approach: PPS design and evaluation
based on specification and implementation of a
required set of features

Example:
Two intrusion sensors with video assessment
Security locks on gates, doors, and containers
Central Alarm Station
24/7 response force

19
 Features Approach

Advantages
Clear requirements
Easy to regulate/inspect
Consistent among facilities

Disadvantages
No performance metric
May be inadequate
May be excessive
May provide false sense of security

20
 Component Criteria Approach

Component Criteria Approach: Standards
approach to PPS design and evaluation that uses
performance criteria for some security features

Example:
Perimeter security zone will detect intruder
running (speed), crawling (speed), or jumping
(height) with a 95% probability of detection
and a 90% confidence level.

21
 Component Criteria Approach

Advantages
Clear requirements
Consistent among facilities
Performance metric for protection elements

Disadvantages
Requires testing
More difficult to inspect
No system performance metric

22
 System Performance Approach

System Performance Approach: A systems
engineering approach to the design and
evaluation of PPS based on specifying and
achieving an overall system effectiveness against
the Design Basis Threat (DBT) for theft and
sabotage.

Example: PPS will prevent the DBT from success with
a system effectiveness against theft or sabotage.

23
 System Performance Approach

Advantages
System performance metric
Better resource allocation
Increased confidence in PPS

Disadvantages
Requires more performance testing
More difficult regulation and inspection
Requires system effectiveness policy

24
 Design and Evaluation Process
Outline (DEPO)

Final PPS
Design

Define PPS Design Evaluate
Requirements PPS PPS

Redesign
PPS

25
 Design and Evaluation Process
Outline (DEPO)

Define PPS Final PPS
Evaluate
Requirements Design
Design PPS PPS

Physical Protection Systems Evaluation of
Redesign
Introduction to DEPO PPS PPS
Facility Adversary Sequence
Characterization/ Diagrams
Target Identification Detection Delay Response
Single Path Analysis
Intro. to Intrusion Detection Access Response
Hypothetical Systems Delay
Multi Path Analysis
Facility
Entry Control
Neutralization Analysis
Threat Definition
Contraband
Scenario Analysis
Risk Management/ Detection
Regulatory
Requirements Alarm Tabletop Analysis
Assessment
Insider Analysis
Alarm Communication
and Display Transportation
Security

Performance Testing

26
 Summary

The objectives of a PPS are:
1. Protect against unauthorized removal of nuclear material (theft).
2. Protect against sabotage of nuclear facilities and material
(sabotage).
PPS design and evaluation approaches include expert,
features, component criteria, and system performance
Three basic steps of DEPO are (1) define PPS requirements, (2)
design PPS, and (3) evaluate PPS

27
 Introduction to Defining PPS Requirements &
Facility Characterization

28
 Design and Evaluation Process
Outline (DEPO)
Define PPS Final PPS
Evaluate
Requirements Design
Design PPS PPS
Physical Protection Systems Evaluation of
Redesign
Introduction to DEPO PPS PPS
Facility Adversary Sequence
Characterization/ Diagrams
Target Identification Detection Delay Response
Single Path Analysis
Intro. to Intrusion Detection Access Delay Response
Hypothetical Systems
Multi Path Analysis
Facility
Entry Control
Neutralization Analysis
Threat Definition
Contraband
Scenario Analysis
Risk Management/ Detection
Regulatory
Requirements Alarm Assessment Tabletop Analysis

Insider Analysis
Alarm Communication
and Display Transportation
Security

Performance Testing

29
 Define PPS Requirements

Basic steps to define PPS requirements
are to
1. Characterize facility
2. Identify targets
Protect What?
3. Define threat
From Whom?
4. Define the risk How Well?

30
 Risk Management

Risk management is the responsibility of the State’s
government
The State makes a tradeoff between reducing the
risks and reducing the costs
Risks are potential losses due to theft or sabotage
Risk is a function of:
– Likelihood of malicious acts
– Effectiveness of physical protection system
– Consequences of malicious acts
Risk is difficult to quantify
– Attack probability is unknown
– Risk factors have some interdependence
– Consequences depend on PPS and mitigation
31
 Risk Equation

Risk, R, can be described adequately using a product model:

R=P*C
Where R = Risk
P = Likelihood or probability of an event
occurring
C = Consequences of the event

P = PA * PS
Where PA = Probability of attack
PS = Probability that the attack is successful if it is
attempted

PE + PS = 1
Where PE = Probability that physical protection system is effective
in preventing the undesired event
PS = Probability that the attack is successful if it is
attempted

32
 Security Risk Equation

Based on these concepts the security risk equation
becomes:
R =RP= *P C*C

R = RP=A PA
* P*SPS
*C*C
R = PA * (1 – PE) * C
R = PA * (1 – PE) * C

The three risk factors are interdependent
The more effective the PPS, the lower the risk

33
 Security Risk Management

Risk management: the process of identifying and
applying measures that reduce or mitigate the risk
of an undesired event

R = PA * (1 – PE) * C
According to the security risk equation, security risk
management or risk reduction can be
accomplished in three ways:
1. Reduce the likelihood of an adversary attack, PA
2. Increase the effectiveness of the physical
protection system, PE
3. Reduce the severity of the consequences, C,
should an attack succeed

34
 Regulatory Requirements

Physical protection of Other factors to
nuclear facilities and consider:
materials is the right and – State and local
responsibility of every requirements
sovereign state – Regulatory authority
State government establishes – Safety and Safeguards
laws for the State’s system of requirements
physical protection regime – Industry practice
Competent authority – Building codes
establishes regulations and is – PPS cannot violate
responsible for oversight of company legal
physical protection regulations
Facility operators implement
physical protection and are
responsible for satisfying State
requirements

35
 Facility Characterization Areas of
Investigation

Investigate anything that impacts performance
of the physical protection system
– Physical conditions
– Facility operations
– Facility policies and procedures
– Regulatory requirements
– Safety considerations
– Legal issues
– Corporate goals and objectives

Reference: The Design and Evaluation of Physical Protection Systems by Mary Lynn
Garcia, Butterworth-Heinemann Publishers 2001

36
 Physical Conditions

Site boundaries, fencing, barriers, weather, and
environment
Buildings (construction materials for walls,
ceilings and floors), rooms, and access points
Heating, ventilation, air conditioning,
communication paths and types, power
distribution system, environmentally controlled
areas, and locations of hazardous materials.
Consult drawings and then “Walk-Down” the
facility

37
 Facility Operations

Operational
activities
– Products and
processes
– Operational hours
– Number of
employees
– Visitors and
vendors
– Senior executive
location

On-site location and movement of materials
– Shipping and receiving process
– Tracking mechanisms
– Material characteristics

38
 Facility Policies and Procedures

Written policies and procedures
– Plant and corporate documents
Training policies and procedures
Other written signs of corporate culture
Unwritten policies and practices
View of security by management
– Support of management
– Determination of security culture

39
 Legal Issues

Most complex and difficult
Legal issues include:
– Security liability (provide reasonable security)
– Failure to protect (negligence liability)
– Overreaction (excessive force, invasion of
privacy, guard instructions and training)
– Labor/employment issues
(labor unions, work practices)

40
 Other Information

Political environment
Surrounding community and
neighboring relations
Perception of security by others
Facility and local law enforcement
liaison
Mutual aid agreements
Local threat information

41
 Summary

PPS data: “Protect what? From whom? How well?”
What data is required for the DEPO Process:
– Facility information
– Target information
– Threat information
– Legal/regulatory information
Characterize your facility using
– Physical conditions
– Facility operations
– Policies
– Procedures
– Requirements
– Safety issues
– Legal issues
– Corporate goals and objectives

42
 Target Identification

43
 Targets – What are They?

Target: something that is subject to danger, risk of harm, or loss

Theft Targets
– Nuclear or radioactive materials
Sabotage Targets
– Nuclear or radioactive materials
– Process or support equipment needed to prevent
unacceptable radiological consequences
Other potential targets
– Facility may have other assets it chooses to protect
– Design and evaluation process applies to any type of target
– GNEII focuses on prevention of theft or sabotage of nuclear or
radioactive materials

44
 Target Identification Process

1. Determine regulatory or policy requirements
2. Determine whether facility contains items that
must be protected (potential targets)
3. Categorize theft targets
4. Identify vital areas (sabotage targets)
5. Develop target location information
6. Protect areas

45
 IAEA Significant Quantities

Significant quantity (SQ): The approximate amount
of nuclear material for which the possibility of
manufacturing a nuclear explosive device cannot
be excluded.

46
 IAEA Categorization of Nuclear
Materials
Material Form Category I Category II Category III

1. Plutoniuma Unirradiatedb 2 kg or more Less than 2 kg but more 500 g or less but more than
than 500 g 15 g

Uranium 235 Unirradiatedb 5 kg or more Less than 5 kg but more 1 kg or less but more than
-Uranium enriched to 10% than 1 kg 15 g
235U or more

-Uranium enriched to 10% 10 kg or more Less than 10 kg but more
235U but less than 20% 235U than 1 kg

-Uranium enriched above 10 kg or more
natural but less than 10%
235U

Uranium 233 Unirradiatedb 2 kg or more Less than 2 kg but more 500 g or less but more than
than 500 g 15 g

Irradiated Fuel (The Depleted or natural
categorization of irradiated uranium, thorium or low
fuel in the table is based on enriched fuel (less than 10%
international transport fissile content)d/e
considerations. The State
may assign a different
category for domestic use,
storage and transportation
taking all relevant factors
into account

a
All plutonium except that with isotopic concentration exceeding 80% in plutonium-238.
b
Material not irradiated in a reactor or material irradiated in a reactor but with a radiation level equal to or less than 1
Gy/hr
c
Quantities not falling in Category III and natural uranium, depleted uranium and thorium should be protected at least in
accordance with prudent management practice.
d
Although this level of protection is recommended, it would be open to States, upon evaluation of the specific
circumstances, to assign a different category of physical protection.
e
Other fuel which by virtue of its original material content is classified as Category I or II before irradiation may be reduced
one category level while the radiation level from the fuel exceeds 1 Gy/hr (100rad/hr) at one meter unshielded.
47
 Characterize Different Targets at
Facilities

Identify HRC criteria (sabotage targets)
– State of facility
Core damage, etc.
– Release or dose
potential
– Direct or indirect release
– Hybrid criteria

Chernobyl accident provides illustration
of potential sabotage consequences

48
 Elements: Sabotage Consequences –
URC and HRC

High
Identify vital areas and protect Radiological
as specified in INFCIRC/225. Consequences
Consequences

Graded protection
recommendations based on
Unacceptable
level of potential consequences Radiological
Consequences

Secure and control access to
safety-related equipment

49
 Two Ways Sabotage May Occur

Directly
– Adversary applies energy directly to the nuclear / radioactive
material to cause dispersal
– Adversary must gain access to area in which material is located
– Example: Explosive or incendiary device used to disperse the
material
Indirectly
– Adversary uses energy present in the material or process system
to cause dispersal
– Requires initiating a process upset condition and disabling the
systems designed to mitigate the upset
– Example: Disable primary cooling system (initiating event),
backup cooling capability (mitigating systems), and allow
material to overheat

50
 Sabotage Prevention

Vital Area: An area inside a protected area
containing equipment, systems or devices, or
nuclear material, the sabotage of which
could directly or indirectly lead to
unacceptable radiological consequences
INFCIRC/225/Rev. 5: Protect vital areas that
contain:
– Inventories of nuclear or radioactive
material with potential to exceed HRC if
dispersed (direct scenarios)
– A minimum set of equipment needed to
prevent indirect sabotage scenarios

51
 Summary

Target identification process steps
– Determine regulatory requirements
– Identify types and quantities of materials at facility
– Identify theft target categories
– Identify vital areas
– Determine target locations
IAEA-sponsored INFCIRC/225 defines quantities and
categories of nuclear material
Radiological sabotage is categorized according to
URC levels and its prevention relates to the
protection of defined vital areas

52