Workshop on Threat Assessment and Design Basis Threat (DBT) Session 6 Developing and Maintaining a DBT

Transcription

1 Workshop on Threat Assessment and Design Basis Threat (DBT) Session 6 Developing and Maintaining a DBT Based on Chapter 6 of the IAEA Nuclear Security Series No.10 Implementing Guide

2 Developing a DBT Learning Objectives: Understand and be able to apply the three-phase analysis and decision making process for developing a DBT from the threat assessment document DBT Workshop 2

3 Methodology for Developing the DBT Input Threat assessment document Statement of unacceptable consequences Three-phase process of threat information Screening Translating data and decision making Policy modification Output DBT document Threats beyond the DBT DBT Workshop 3

4 Phase 1 Screening Screening threat assessment Step A: Review capabilities Could the Adversary cause unacceptable consequences? Step B: Review motivation and intentions Is motivation and intent relevant? If the answer is no set them to one side But do not discard just yet DBT Workshop 4

5 Phase 1 Screening Do not consider existing physical protection when considering threat capabilities Consider degree of confidence in the data of threat assessment while making decision to exclude Document rationale for any exclusion DBT Workshop 5

6 Phase 2: Translating the Data Translating specific threat data from Phase 1 into set of representative threat characteristics: Representative threat characteristics Comprehensive yet concise definition Sufficient description for defining requirements for PPS design and evaluation DBT Workshop 6

7 Phase 2: Translating the Data Address all threat characteristics that are included in the threat assessment Avoid simple combination of all worst case characteristics - doing so is not credible Consider more than one credible set of characteristics that represent the range of threat characteristics DBT Workshop 7

8 Phase 2 Translating Data Creating a consolidated adversary description Threat Characteristics Terrorist 1 Terrorist 2 Criminal 1 Criminal 2 Protestor 1 Motivation Low High High Low High Intention Theft Sabotage Theft Sabotage Express concerns Numbers of adversaries Weapons Rifles & pistols Automatic weapons Rifles & pistols pistols Unarmed Explosives Simple breaching Sophisticated breaching & VBIED none Grenades No Tools Mechanical tools Power tools Mechanical tools Mechanical & power tools Transportation Technical Skills Funding Four wheel drive truck Basic individual tactics From central command Motor cycles Motor cycle Trucks Buses High technical knowledge of sophisticated cyber and breaching skills From central command Sophisticated knowledge of detection and assessment systems From central command Basic technical skills From central command Insider Collusion Yes Yes Yes Yes Nil No Basic knowledge of nuclear facilities Nil Support Structure Low - from central command High - from central command High Low Nil DBT Workshop 8

9 Phase 3 Policy Modification Policy factors should be considered and may modify the results of phase 2. Examples of policy factors: Degree of conservatism for the DBT Cost-benefit-consequence tradeoffs Political factors DBT Workshop 9

10 Phase 3: Policy Modifications State Responsibility Design Basis Threat (usually does not exceed maximum threat capability) Threat Assessment Operator Responsibility Low Threat Capabilities DBT Workshop 10

11 Phase 3: Policy modifications Some inherent protection Maximum Threat capability against which Protection will be assured Design Basis Threat (usually does not exceed maximum threat capability) Planned protection (operator and State) Threat Assessment Operator, PPS Low Threat Capabilities DBT Workshop 11

12 Phase 3 Policy Modifications Degree of conservatism of the DBT Compensate for uncertainty in data used in baseline threat assessment Create robust DBT to support protection that remains credible as threat changes Include threats without specific input from intelligence because it is prudent management Conservatism will likely result in increase in level of threat capabilities DBT Workshop 12

13 Phase 3 Policy Modifications Cost-benefit consequence tradeoff Benefit of asset to State and public Consequences to society of successful malicious acts against the asset Cost to State and citizens to reduce the risk of these malicious acts This factor will likely result in decrease in level of threat capabilities DBT Workshop 13

14 Phase 3 Policy Modifications Political factors: Impact of decisions on public confidence Relevant contribution of protection of assets to public welfare Confidence of neighbour states in State s physical protection regime Threat environment in neighbour states This factor will likely result in increase in level of threat capabilities DBT Workshop 14

15 Phase 3 Policy Modifications Be aware: Costs should not be allowed to dictate an understatement of the threat Unrealistically high threat capabilities may require unsustainable resources State must decide what level of remaining risk is acceptable Competent authority should coordinate results with other State authorities, but retain final decision authority DBT Workshop 15

16 Maintaining a DBT Lifecycle of a DBT Triggers for review Process for review Outcome of review Decision to Update DBT or not If Update DBT then change regulations and protection Compensatory measures for fast changing threats DBT Workshop 16

17 Maintaining a DBT: life cycle Operators implement the DBT Competent Authority applies an evaluation methodology Current threat is continuously monitored and information is made available Formal review DBT Workshop 17

18 Maintaining a DBT: Triggers for review Time - how many years? Threat changes Changes in policy or law? New activities involving nuclear materials or ORM Any concern from interested parties that the DBT is no longer appropriate. DBT Workshop 18

19 Maintaining a DBT: Process and Outcomes Process in principle the same as described for its development Outcomes none if the DBT remains unchanged revised physical protection if it has - Experience may also lead you to change some of the details of implementation DBT Workshop 19

20 Summary Developing a DBT from the Threat Assessment is a phased analysis and decision making process which consists of: Screening the assessment with respect to potential adversary capabilities, motivation, and intent Translating the specific threat characteristics into a set of representative threat capabilities Modifying the representative threat characteristics based on relevant State policy considerations Maintenance of DBT requires a continuing assessment of the existing threat environment DBT Workshop 20

21 Exercises No 6 Methodlogy for Developing a DBT Objective: Recalling the three phase process and its key elements DBT Workshop 21