Facilities that store, handle, transport or use nuclear material are facing numerous emerging security requirements and threats. Nuclear material risk concerns cover everything from low-level radioisotopes to highly enriched uranium, while the threats range from untrained activists and natural events to acts of intent from state actors. The impact can range from a nuisance event, with minor impact on security or operations, to a very serious consequence such as a radiological release to the environment or even core damage. Since nuclear generation facilities produce and store significant hazardous materials at the higher end of the risk curve, and potentially face more advanced threats, they will be the focus of this article.

Security is typically viewed as a cost without measurable return that affects operating budgets, and as an inconvenience to day-to-day operations. Inadequate security can be disastrous. However, the alternative may be to spend too much on security, to the point that continued operation of the facility is not affordable. Security costs are second only to fuel at several US commercial nuclear sites. Disastrous events around the world have necessitated this increasing focus on physical security, but are the results effective and how can that be measured? Historically it has been done with assessments by subject- matter experts using various methodologies, and periodic stress- testing of the system by exercises or drills.

Security systems at nuclear facilities are challenging and complex. These multifaceted systems comprise technologies such as sensors and control systems, physical barriers, policies and procedures, response forces, weapons systems, communications, etc. Since there are humans in the loop, there must also be a human reliability element that screens, monitors and evaluates people involved in the security systems and process. Maintaining humans in the loop is an important feature, but it also creates the potential for insider threats.

There are well-known processes in place to evaluate and determine the potential ‘targets’ that have to be protected. The targets may evolve over time, and other security elements are more dynamic and often less well-defined, such as the specific threat capabilities. Although defined by regulators the design-basis threat changes, sometimes rapidly, as the threat and its capabilities evolve. In most cases, detailed threat specifications are not known. They are estimated based on expert information, open source information and intelligence data.

How can a site measure the effectiveness of its security systems against a spectrum of possibilities, when they face multiple uncertainties in a complex dynamic environment? Given this complexity and the large range of possibilities, it is difficult to evaluate the system’s effectiveness through live exercises alone. In addition, exercises have inherent artificialities: advanced notifications to the participants (for safety reasons); the inability to use live ammunition; equipment that cannot be damaged; and the difficulty of simulating the ‘fog of war’ and its stress on humans. Exercises are valuable, and will remain an essential component of the training and system evaluation process, but modelling and simulation tools to provide for risk-informed decisions are increasingly important.

Simulation tools

Modelling and simulation tools provide a more in-depth analysis of a site’s security effectiveness, by running thousands of scenarios, testing a wide range of possibilities and collecting statistical data on the outcomes. These tools typically model the security system, adversaries and key parameters, and then simulate enough attacks (many thousands) to evaluate security system metrics. The outcomes are used to determine defence-in-depth capabilities, the impact of security plan changes on effectiveness, the sensitivity of the systems to changes in its or the adversary’s capacities, and evaluation of a wider range of threats. More detailed studies can also be conducted to evaluate changes to site plans or equipment, as well as scenarios such as changing response forces, or systems for cost savings. A model can be changed – such as repositioning response forces, changing weapons, or building a barrier – very quickly, and quantitative results are produced in less than a day in modern systems. Modelling and simulation tools allow rigorous, unbiased, and consistent assessments of a physical security system, saving time and money. A quantitative approach provides a means to assess many different aspects of the system rapidly and without human bias. It is invaluable to be able to model and run many different scenarios to look across the spectrum of variables and their interrelationships when determining the optimum security system, from a performance and cost viewpoint.

Some commercial technologies can now provide this modelling and simulation capability to the nuclear industry. These tools must be used with a repeatable, auditable process and meet the desired standard of quantifiable, repeatable results. At a minimum this must include data collection and validation, model building and verification, specification of the analysis methodology, analysis of the results (including agreed results metrics), and secondary analysis such as sensitivity or margin analysis.

The standard approach with a quantitative assessment tool is first to model the physical geometry of a site. This can include building interiors (if the desire is to analyse combat inside key facilities) as well as all the external items such as fences, gates, barriers, physical terrain and structures. Once the physical environment of the site is modelled it is characterised with security systems, targets and the desired threat capabilities.

Most tools include a library of performance data for each component. For example, weapon system performance includes maximum range, rates of fire and effectiveness as a function of range. Sensors, vehicles, people and the like are included in the data library. More advanced tools include statistical characteristics.

CARVER or Adversary Mission Analysis are often used as inputs to determining the ‘targets’. Other considerations modelled include rules of engagement, weapon types and load out, patrol routes, response models, etc. The adversary is also modelled, and strategies such as ‘fastest approach to the objective’, ‘remain covert until detected’, ‘avoid fire power’ or some weighted combination of these are assigned. Once the model is completed and results obtained, exercise data can be used to assist in validating a subset of the results using previously measured drill data. When completed and validated the model can run any number of scenarios to evaluate items such as security-post individual effectiveness, or the cost-effectiveness of compensatory measures, additional sensors, or other upgrades to increase effectiveness and reduce cost. For example, some sites determined that eliminating certain compensatory measures did not affect performance and reduced cost.

Whether the desire is to reduce cost, avoid cost or optimise resource use, modelling and simulation tools provide a means to examine the changes, determine where the margins in the system are, evaluate defence-in-depth or determine what elements are critical. By using software in addition to table-tops, limited-scope drills and exercises, a site can evaluate a multitude of situations to ensure that any change has been thoroughly and objectively analysed.

More advanced quantitative assessment tools can perform an exhaustive pathway analysis that determines, based on the model parameters, the optimum pathway for the adversary to take to achieve their objective. The tools perform this using an adaptive adversary in a Monte Carlo simulation. Outcomes in the simulation cause the adversary to re-path to the target. Because pathways can change depending on the evolution of a scenario, a risk-assessment tool should measure and evaluate the adversaries’ ability to exploit new opportunities and paths in the simulation.

The challenge of determining the appropriate level of security to meet an identified threat in today’s world can be daunting. Using a performance-based modelling and simulation tool provide a means to evaluate a multitude of scenarios with different threats, security systems and critical targets, so that decisions can be truly informed. 

References: Halsema, John. “Modeling And Simulation For Quantifying Security Effectiveness.” INMM 2016 Conference.

About the authors: John A Halsema is chief technology officer, ARES Security Corporation and Robert H Scott III, P.E, is senior vice president business development and marketing, ARES Security Corporation.