LOGIC EVOLVED DECISION (LED): THE APPROXIMATE REASONING (AR)-BASED METHOD FOR INFORMATION LOSS PATH ANALYSIS (ILPA)

The Department of Energy (DOE) is investing in a computer-based tool designed to quickly analyze the risk of an adversary gaining access to protected information that can help in carrying out SNM theft attacks on secure facilities. A joint D-11 (Probabilistic Risk Analysis) and S-1 (Security Plans and Programs) pilot study at Los Alamos National Laboratory (LANL), demonstrated the utility of this methodology. This pilot study showed that adversaries significantly increase their risk of being detected and interdicted when they attempt to acquire very specific information about a secure facility. Thus, assuming that adversaries have very detailed and specific knowledge can be misleading and cause resources to be expended preparing for scenarios that actually pose a low risk. This suggests that a careful analysis of proposed theft scenarios would help focus security resources on scenarios that pose the highest risk. The LED Information Security (LED InfoSec) computer code is a tool that analyzes the risk posed by information compromise scenarios in a rational, traceable and systematic manner. The methodology uses detailed logic modeling to identify possible information collection scenarios for a piece of information of interest. An Approximate Reasoning (AR) inference model is used to evaluate the risk from each of the information collection scenarios utilizing linguistic variables. Uncertainty is characterized by treating the linguistic variables as fuzzy sets. LED InfoSec evaluates the adversary’s risk, cost (effort), and likelihood of gathering the information used in a nuclear material theft attempt. LED InfoSec can be used to analyze a variety of agents, locations and highly valued targets. The code can be used to rapidly generate a qualitative overview of path acceptability to the adversary, and conversely, risk to the DOE site facility. Results produced in the pilot study confirmed that LED InfoSec provides a valuable tool for examining all proposed scenarios in a consistent context. This will allow security personnel to focus their attention on the truly higher risk scenarios.