8. Target & Vital Areas

Transcription

1 8. Target & Vital Areas 7. Threat Definition RTC on Physical Protection and Security Management for RRs Serpong, Indonesia 29 th September to 3 rd October 2014 Information presented, developed and compiled in this workshop is intended for persons working professionally in the management and regulation of research reactor facilities

2 Session Objectives After completing this session, participants should be able to: 1. Define the term Design Basis Threat (DBT) 2. Distinguish between a threat assessment and a DBT 3. Describe the organizations involved in the DBT process 4. Describe the steps in developing a DBT from a threat assessment Information presented, developed and compiled in this workshop is intended for persons working professionally in the management and regulation of research reactor facilities 2

3 Introduction DBT concept was emphasized in IAEA INFCIRC/225/Rev.4(1999), The PP of NM and Nuclear Facilities Threat-based approach to PP was recognized as a fundamental principle in IAEA GOV/2001/41/Attachment, The PP Objectives and Fundamental Principles Fundamental principle on threat has been included in the 2005 Amendment to the CPPNM (INFCIRC/274) The State s physical protection should be based on the State s current evaluation of the threat (Fundamental Principle G) 3

4 DBT Description Design Basis Threat (DBT): The attributes and characteristics of potential insider and/or external adversaries, who might attempt unauthorized removal of nuclear material or sabotage, against which a physical protection system is designed and evaluated (taken from INFCIRC/225/Rev.4). Four themes: Malicious acts (theft, sabotage) and unacceptable potential consequences Threat spectrum of potential insider/external adversaries Adversary attributes and characteristics Performance basis for design and evaluation 4

5 Purpose of a DBT (1/2) Need for a DBT Why Criteria needed? We want criteria for designing PPS that provides confidence that level of protection is adequate Why DBT is appropriate Criteria? Threat intelligence information is always incomplete Adversaries and threats are ever changing 5

6 Value of a DBT Defendable: Purpose of a DBT (2/2) Provides technical basis for defining performance requirements used for the design and evaluation of physical protection systems Cost-Effective: Supports efficient and effective allocation of resources Confidence: Helps provide assurance that level of protection is adequate 6

7 Roles and Responsibilities Overall responsibility for the development, implementation, and maintenance of a DBT rests with the State The DBT process involves several different organizations: State Competent Authority Intelligence organizations License holders Other organizations Good communication and coordination among these organizations is essential for the DBT 7

8 State Roles and Responsibilities Establishes legal framework that enables the use of a DBT Includes identifying unacceptable consequences Ensures that organizations and their assigned responsibilities adequately address threats for which protection is required - Participation: Ensures the required State organizations engage in the threat assessment process Resources: Provides the necessary resources for the regulatory authority to fulfill its responsibilities Cooperation: Ensures effective integration of State organizations with Licensee resources to protect against threat 8

9 Competent Authority Roles and Responsibilities (1/2) Establishes regulatory framework that is adequate to support the DBT process Identifies the State organizations needed to participate in the DBT process Leads the DBT process Coordinates the threat assessment 9

10 Competent Authority Roles and Responsibilities (2/2) Considers the relevant technical, economic, and policy factors in deciding the DBT Coordinates required approvals of DBT Disseminates DBT to responsible organizations Oversees implementation and maintenance of DBT Ensures the sensitive DBT information is protected 10

11 Intelligence Roles and Responsibilities Coordinate among all the State s intelligence organizations Internal and international Civil and military Collect and analyze intelligence data and information on individuals and groups who may be potential threats to nuclear materials and facilities Lead analysis to ensure threat assessment is credible 11

12 Licensee Roles and Responsibilities Provide information regarding insider incidents and potential insider adversaries Provide feedback to the CA regarding the expected financial, operational and safety impacts of preliminary DBT decisions Implement effective protection measures in accordance with their DBT responsibilities 12

13 Others Roles and Responsibilities Others include State-specific organizations with DBT roles and responsibilities Law enforcement Customs and border control Military Provide feedback to the CA regarding the expected financial, operational and safety impacts of preliminary DBT decisions Implement effective protection measures in accordance with their DBT responsibilities 13

14 Performing a Threat Assessment Preliminary stage for developing a DBT Threat Assessment is a review of existing, actual threat entities Terrorists Criminals Protestors Threat assessment process has 3 parts: Input Analysis Output 14

15 Threat Assessment Input Include all reliable sources of information Include all potential adversaries Local, national, regional and international Consider potential adversaries motivations, intentions, and capabilities Consider adversaries for other high-value, high-consequences assets Include historical malicious acts, planned events, and training activities Consider level of confidence for information 15

16 Identify Categories of External and Internal Threats External threat Terrorists Protestors - Demonstrators - Activists - Extremists Criminals Internal threat Insider is anyone with authorized, unescorted access who could: Act alone or in collusion with external threat - May be passive or active - May be violent or nonviolent 16

17 Threat Assessment Analysis Analyze and document in detail each potential adversary: Motivation Political, ideological, financial, personal Willingness to die Intention Nuclear related: theft, sabotage Other: stop operations, social disruption, political instability, economic harm Capabilities 17

18 Threat Assessment Analysis Adversary capabilities are key to protection performance requirements: Group size, including insider assistance Tactics Weapons Attack equipment Transportation Personal protection equipment Knowledge, skills, and training Funding and infrastructure support 18

19 Threat Assessment Output Threat assessment document All known threats Detailed description Credibility of information Adversary 1 Adversary 2 Adversary 3 Adversary 4 Motivation: Intention: Capabilities: 19

20 Developing a DBT Input Threat assessment document State-defined unacceptable consequences Process 1. Screening of threat assessment 2. Transforming specific adversary characteristics to consolidated 3. Modifying generic adversary characteristics Output Design Basis Threat statement Other threats requiring protection by State Thorough documentation of reasons for all decisions 20

21 1. Screening of Threat Assessment Review of adversary capabilities Determine if capabilities are sufficient to perform and complete malicious act - Ignore existing physical protection Discard if capabilities are not sufficient Review of motivation and intention Discard if neither motivation nor intention exists - Consider keeping most capable threats, regardless 21

22 2. Transforming Specific Adversary Characteristics Transform description of specific adversary groups and their associated motivation, intentions, and capabilities into composite set(s) of adversary characteristics Not a simple combination of the worst characteristics of each threat group One or more credible adversary descriptions 22

23 3. Modifying Generic Adversary Characteristics (1/2) Consider and modify based on other factors: Degree of conservatism for the DBT - Intelligence uncertainty, - Robustness over time, - Prudent management 23

24 3. Modifying Generic Adversary Characteristics (2/2) Consider and modify based on other factors: Cost-benefit-consequence tradeoffs - Assets societal benefits, - Potential adverse consequences, - Protection costs, - Alternatives to use of assets Political conditions and realities - Public confidence, - Public welfare, - Confidence of neighboring states, - Threat situation in neighboring states 24

25 DBT Decision Impact Change in level of DBT adversary capabilities will likely Increase with degree of conservatism Decrease with cost-benefit analysis Increase with political factors Resource implications are important but should not be allowed to understate the threat State authorities must decide what is an acceptable risk as compared to available resources for protection Targets of similar consequence should be afforded similar protection Assess resource implications CA should coordinate content of DBT with other State authorities before final decision 25

26 DBT Space EXTREME THREAT CAPABILITIES Accepted Risk Outside the DBT Protection by state resources Inside the DBT PPS by state resources (e.g., pursuit offsite and external response) Operator PPS responsibility LOW LEVEL THREAT CAPABILITIES 26

27 Using a DBT to Develop Effective Physical Protection CA uses the DBT as a regulatory tool for physical protection in accordance with State legal requirements and organizational responsibilities Options for implementing a DBT are CA gives DBT to licensees, who use it to define performance requirements CA uses DBT to define performance requirements for licensees CA uses DBT to define prescriptive requirements for licensees Due to its sensitivity, dissemination of DBT or its elements should be limited to those with a need-toknow 27

28 Maintaining a DBT Formal review process should be used to ensure validity of DBT Triggers for DBT review include: Event that indicates unexpected threat Change in government policy Change in nuclear program Request by interested party Periodic review Same process is used as for developing a DBT Review may or may not result in change to DBT 28

29 Alternative Threat-based Approach DBT approach: Recommended whenever high confidence of adequate protection is needed Should not be avoided due to limited capability and resources Alternative approach to PP requirements, design, and evaluation should have threat basis Steps very similar to DBT development - Conduct threat assessment - Develop composite threat description from threat assessment output - Modify composite threat description based on policy decisions Scope of effort, involvement of organizations, and level of coordination may be less than for DBT development 29

30 DBT Life Cycle Threat Competent Authority Government Organizations Operator(s) Assumptions Outside the DBT Develop DBT Perform Threat Assessment Threat Assessment Document Develop DBT National Organizations with PPS Responsibilities Design Basis Threat (DBT) Design and Implement PPS Implement DBT Security Plan (must be approved by Competent Authority) Evaluate PPS License to Operate/Transport Maintain DBT 30

31 Summary DBT process is a tool for a threat-based approach for the requirements, design, and evaluation of PPS Potential adversary motivation, intentions, and capabilities are the main drivers for this performance-based approach to PPS CA has the primary responsibility for developing and maintaining a DBT that includes a periodic or event-triggered review Operators have the primary responsibility for implementing protection measures against the DBT 31

32 32