Year
2012
Abstract
In Revision 5 of INFCIRC/225, there is greater emphasis on addressing the insider threat, but little guidance on how to do so. In 2010, the World Institute for Nuclear Security (WINS) released a best practices document on internal threats and INMM has hosted two workshops on the subject. Tools have been developed to analyze the facility using adversary sequence diagrams developed for the external threat and modifying the process to account for insider access and authority as well as any administrative procedures used to address the insider threat. While the current analysis process is very systematic in nature, some find it very cumbersome with little benefit. A different, more direct approach may yield alternatives that could enhance not only physical protection, but also personnel security, material control and accounting, and information security processes for better overall nuclear security. This paper presents such an alternative systematic approach that is threat neutral, but consequence-based. This process takes into account different viewpoints to cover traditional aspects of physical protection and the additional aspects of nuclear security. A benefit of this approach is being able to analyze cyber-based attacks and combination physical/cyber- based attacks. This approach also provides a basis for cost-benefit analysis.