Year
2011
Abstract
The security of safeguards data generated by unattended systems is only as strong as the weakest link of the physical protection of the system and the protocols used for transmitting and handling that data. It is often assumed that modern, standardized cryptographic mechanisms can alleviate all potential points of attack. However, this should never be taken for granted; in order to effectively protect safeguards systems it is important not to lose sight of the \"big picture\". An incorrect assessment of vulnerabilities can lead to protecting the wrong assets and/or underestimating threats. All effective solutions must therefore be based upon an accurate threat model. In this paper, data security-related aspects of safeguards equipment are examined. Following a simple risk management approach, threats are analyzed and categorized among incentives, assets, threat sources, and threat actions. Vulnerabilities are identified, as are the conditions and situations under which they arise, and their impact and probability of occurring estimated. This disciplined approach allows one to determine precise risks and assess how to efficiently mitigate them. Generalized examples of security systems are provided, showing how designs can fail when they are based on incorrect threat models. Finally, this paper describes how the IAEA is harmonizing the security protocols of instrument families using a coherent design, which will reduce development costs and facilitate rapid security diagnosis and response.