Крючков Фундаменталс оф Нуцлеар Материалс Пхысицал Протецтион 2011

The initial events E1...E5 may occur at the location L1, E6 at L2, E7 and E8 at LЗ, E9 at L5 and E10 at L4. By analyzing the diagram we find that for the end event (the top one in the diagram) to occur, it will be enough to have any of the following six groups of events to take place:

1.EЗ.

2.E4.

3.E5.

4.E1 and E2.

5.E6 and E7.

6.E8, E9 and E10.

To transform the tree of events into a tree of locations, one needs to identify which locations match the given events. For example, the group of events numbered 6 (E8, E9 and E10) matches the locations LЗ, L4 and L5. Therefore, the locations that match the obtained six groups of events are:

This means that acts of sabotage that may lead to the said end event may take place either at the location Ll or at L2 and LЗ (at a time) or at LЗ, L4 and L5.

Now the tree of locations is plotted. The next step is to identify the smallest possible groups of locations (smallest possible critical groups) the protection of which will prevent the said end event (hazardous consequence) from taking place. One of such groups is, say, the combination of Ll and LЗ. This group is distinctive in that it shares members with all of the earlier identified groups, the location of which may be initiated by the accomplishment of the end event, i.e. with groups:

1.Ll.

2.L2 and LЗ.

3.LЗ, L4 and L5.

An analysis shows that no radioactivity escape will occur if the attacker access to any of the following three groups of locations is excluded:

1.Ll and LЗ.

2.Ll, L2 and L4.

3.Ll, L2 and L5.

These groups are called the protection groups.

461

When choosing a particular group for taking provisions for its physical protection requires the cost of these and their influence on the NF operation to be taken into account.

Similar though simpler examples may be also given for the case of NM theft.

462

CHAPTER 8

PPS EFFICIENCY ASSESMENT*

To objectively assess a system for being fit to perform the tasks it is assigned to, one needs to possess an efficiency assessment technique for this system. Such techniques may have a quality basis but are preferably to be based on quantitative indicators which enable different system versions to be compared [1].

As a property of a particular class of systems, efficiency depends on the specific features of these systems. Thus, in particular, the following definition may be used as applied to physical protection systems.

Efficiency, as applied to a PPS, is a property of the system which consists in the PPS capability to counter the attacker acts with respect to nuclear material, nuclear facilities, other NI vulnerabilities and physically protected items given the threats and the attacker models identified in the NI vulnerability analysis. The desired PPS efficiency level is achieved through a combination of activities undertaken to monitor and analyze the PPS operations in accomplishing its tasks of ensuring physical protection and define the ways for improving the PPS efficiency or maintaining same as required.

For a unified approach to efficiency assessment, respective procedures are developed.

To be determined, the efficiency of a PPS needs its capability to suppress unauthorized attacker acts to be assessed. Terminologically, “ to suppress” means the guard force timely reaching the objecti ve (the point) for the attacker to be neutralized.

The efficiency assessment has the following objectives:

∙identification of the PPS elements by defeating which the attacker has the best capability to commit an act of sabotage or NM theft;

∙consideration and identification of the most credible scenarios of the attacker actions for committing acts of sabotage or NM theft;

∙identification of the PPS points which are vulnerable though, formally, meet regulatory requirements;

∙analysis of the causes for the PPS vulnerabilities to emerge;

∙estimate of the probability for any attacker acts to be suppressed by the guard force in response to an external or internal threat alarm;

∙selection of the best designs at the PPS creation and upgrading stages;

* A contributor to this chapter was D.A. Skvortsov.

463

∙formulation of proposals for the NI administration and guard force to perfect the PPS and its separate structural elements.

PPS efficiency assessment is mandatory at the PPS design stage in the PPS creation or perfection process. The quantitative indicator of efficiency may be used in the PPS design for comparing alternative PPS designs, including for supporting the feasibility of the PPS upgrade. To this end, the performance characteristics of the current PPS and the proposed PPS design are compared.

The efficiency of the existing PPS is assessed in full, involving a specialized organization, where no earlier PPS performance assessment data is available, including in the event that:

∙onsite changes are planned to the NI PPS;

∙the NI vulnerability analysis data requires so;

∙new NI vulnerabilities have been identified by state supervision or agency or onsite security control.

The above may have the form of both a complete PPS efficiency assessment and an update of the efficiency assessment data obtained during the PPS design.

The basis for carrying out the efficiency assessment in view of the scheduled site or NI PPS changes may be:

∙a change in the facility structure or the NI vulnerabilities and PPI array;

∙a change in the type or technique of guarding;

∙a change in the number of guard units;

∙relocation of guard forces;

∙other factors caused by a change in the guard force time of response to alarms;

∙a change in the structure or composition of engineered physical protection features.

The basis for carrying out the efficiency assessment based on vulnerability analysis data, as well as on the NI security government supervision or agency or onsite control results may be:

∙update of the attacker models;

∙update and identification of new vulnerabilities and PPIs as may be subject to unauthorized activities;

∙identification of new threats to the NI and ways for these to be realized;

∙a change in the NI processes;

∙identification of the PPS components failing to meet the requirements thereto;

464

∙identification of the PPS components the defeat of which makes it possible for the attacker to commit acts of sabotage or theft of NM or other PPIs;

∙other factors rendering NM, the NF and other PPIs more vulnerable. As mentioned above, the key PPS efficiency assessment criterion is

assumed to be the PPS capability to suppress unauthorized attacker acts. The PPS efficiency is estimated by the quantitative indicators that define the probability of unauthorized attacker acts to be suppressed by the guard force in response to the alarm.

Performance indicators depend on the threats, attacker models and vulnerabilities identified by the NI vulnerability analysis. The PPS efficiency is estimated using:

∙a differentiated efficiency indicator that takes into account the probability of the attacker act against one target to be suppressed;

∙an integrated indicator that represents the PPS efficiency indicator, as averaged given the significance of targets, for the NI as the whole.

Efficiency assessment takes into account:

∙the probability of the attacker detection by engineered physical protection features (EPPF);

∙the time of the attacker delay by physical barriers (PB);

∙the time of the guard force and attacker movements over the nuclear site;

∙the mutual arrangement of facilities (probability of determining the attacker movement direction);

∙the presence of visual surveillance systems and facilities;

∙the presence of intrusion identification facilities (exclusion zones, seals);

∙the tactics of the guard force actions;

∙the equipment used by the attacker (vehicles, tools, weapons and so

on).

Efficiency assessment is based on an event and time analysis of the conflict developments in the “guard – attacker” sys tem during an external and an internal threat.

The attacker targets are assumed to be only fixed.

The PPS efficiency shall be assessed for two types of the attacker acts:

∙a theft of NM and other physically protected items;

∙an act of sabotage against NM, the NF or an NM storage point.

465

Two steps are involved in efficiency assessment. Step 1 is a preliminary PPS efficiency assessment based on an engineering analysis. Step 2 is the final PPS efficiency assessment using dedicated software.

The work sequence is as follows:

∙formation of the work unit and a meeting of experts on the NI PPS efficiency assessment;

∙acquisition of initial data for the NI PPS efficiency assessment;

∙development of a formalized NI description;

∙NI PPS efficiency assessment as applied to an external threat;

∙NI PPS efficiency assessment as applied to an internal threat;

∙formulation and analysis of the NI PPS efficiency assessment results.

The PPS efficiency is assessed separately for external and internal threats.

For external threats, the PPS efficiency is assessed as applied to all NI vulnerabilities, given the attacker models developed in the NI vulnerability analysis and updated at the initial data acquisition and formalized site description stages.

When the efficiency indicator is estimated, it is assumed that the attacker, to defeat each PPS barrier, is free to choose one of the two following options:

∙option 1 – the external attacker, where possible, d efeats a PP barrier by stealth. This option is characterized by a low probability of detection and a long PB defeat time;

∙option 2 – the external attacker, where possible, d efeats a PP barrier rapidly, including using special force tools or explosives to destroy the PB. This option is characterized by a high probability of detection and a short PB defeat time.

For external threats, the PPS efficiency shall be assessed for both of the attacker action options.

The integrated indicator of the NI PPS efficiency for an external threat (Рext) is estimated from the expression:

where J is the number of the attacker targets within the nuclear site; j is the weight factor that reflects the significance (category) of the j–th target;

466

and Рext.j is the differentiated PPS efficiency indicator, i.e. the probability of the attacker act against the j-th target to be suppressed.

The weight factor j is determined by the work unit using the expert evaluation method.

The differentiated PPS efficiency indicator is estimated from the expression:

k =1

where K is the total number of separate response force groups (the perimeter alarm group and others) involved in the conflict developments when the nuclear site is intruded; and Рext.jk is the probability of the external attacker act against the j-th target to be suppressed by the k–th response force group.

Where several scenarios of the attacker actions against the j–th target are considered, the differentiated indicator of its protection efficiency is assumed to be equal to the minimum value for all considered scenarios.

The attacker action scenario that matches the value of the minimum probability of the action against the j-th target to be suppressed is assumed as critical.

The probability of the external attacker act against the j-th target to be suppressed by the k–th response force group is in a general case the function of:

where L is the total number of the PPS lines to be defeated by the outside attacker to reach the j–th target; Рdjl is the probability of the attacker act against the j–th target at the l–th PPS layer to be detected; and Рseiz.jkl is the probability of the attacker committing an act against the j-th target to be seized by the k–th response force group acting in response to sign als starting with the l–th PPS layer.

The probabilities of detection are assumed to be equal to the values of performance characteristic for the respective EPPFs as shown in specifications.

The probabilities of the attacker to be seized are determined from the following condition:

467

The PPS efficiency for an internal threat is assessed as applied to all NI vulnerabilities, given the powers of different site personnel groups. A personnel group shall be understood as a group of the nuclear site staff members having similar rights of access.

Efficiency should be estimated separately for each personnel group. When the efficiency indicator is calculated, it is assumed that the

insider, to defeat each PPS layer, may choose any of the following two options:

option 1 – the insider clears a PP layer by virtue of his/her capacity using authorized access routes. In doing this, for a lower probability of the act suppression, the insider may attempt to throw prohibited items out of/into the PP area via channels not accessible to humans (piping, upperstory windows, mesh holes and so on);

option 2 – the insider defeats a PP layer “by force ” using the same unauthorized intrusion channels as the external intruder. It is assumed that the attacker defeats the subsequent PP layers also “by force”.

The PPS efficiency is assessed for an internal threat assuming that the attacker action scenario consists of two steps: he/she first enters a PP area by virtue of his/her capacity and then breaks through “by force”. Sometimes, the attacker action scenario may not include step 2.

Different combinations of tools and materials the attacker may carry into the site and use to break through to the target or to commit an act are considered during the assessment.

It is assumed during the assessment that the attacker, to commit an unauthorized action, may employ tools and materials present at the site for production or other purpose.

For each of the targets, the integrated indicator of the NI PPS efficiency as applied to an internal threat (Рint.) is estimated from the expression:

where I is the number of the onsite personnel groups attached to the target under consideration; γi is the weight factor equal to the relation of the number of the persons in the i–th group to the total number of the site personnel; Рint.i is the differentiated indicator of the PPS efficiency as applied to an internal threat, i.e. the probability of an act by anyone in the i- th access group against the target under consideration to be prevented.

469

The differentiated NI PPS efficiency indicator is estimated from the expression:

where L is the number of the PP layers cleared by the insider by virtue of his/her capacity; Рint.il is the probability of the insider carrying prohibited or stolen items on him/her to be detained at the access control point of the l–th PP layer; and Рli is the probability of the insider acting “by force” from a sector beyond the l–th PP layer to be detained.

Where more than one scenario of the insider acts against the j–th target are considered, the differentiated indicator of its protection efficiency is assumed to be equal to the minimum value for all considered scenarios.

The probability of the insider carrying prohibited items or materials to be detained at an access control point is estimated, in a general case, from the expression:

where Р*sear is the probability of the insider to be searched; Рsear is the probability of prohibited items to be detected by search; Р*met is the probability of the insider to be searched with the aid of a metal detector; Рmet is the probability of metallic items to be detected with the aid of a metal detector during the search; Р*exp is the probability of the insider to be searched with the aid of an explosive detector; Рexp is the probability of explosives to be detected with the aid of an explosive detector; Р*NM is the probability of the insider to be searched with the aid of an NM detector; and РNM is the probability of NM to be detected with the aid of an NM detector.

Note. If the insider does not have a prohibited material or item on or with him/her, the probability of detection for the respective detector is assumed to be equal to “0”.

The probabilities of the insider acting “by force” to be seized (Рli) are found in the same way as the probabilities of seizing the outside intruder. This does not take into account the PP layers cleared by the insider

470