Development of an “Intrinsic Security” Design and Assessment Methodology

“Intrinsic security” has recently gained recognition as an important cornerstone concept for security system solutions in a variety of domains. In the nuclear materials domain, National Nuclear Security Administration and Nuclear Regulatory Commission officials have stated that “intrinsic security” must be the basis for new security system designs. But while many agree with the general idea of intrinsic security, a lack of a common understanding of both its fundamental principles and a working-level definition of the term itself is leading to suboptimal “intrinsic security”-based solutions. These obstacles lead to approaches to “intrinsic security” design and analysis that are inconsistent across domains such as nuclear weapon design, nuclear weapon physical security, infrastructure security, cyber security, etc., and are even inconsistent across applications and projects within any one individual domain. A study has been funded by Sandia National Laboratories’ Laboratory Directed Research and Development (LDRD) Program to help remedy these inconsistencies by creating a common definition for “intrinsic security” and identifying fundamental principles. The study focused on performing a comprehensive examination of methods and core principles of security design and analysis in various domains—including physical security, cyber security, and nuclear weapon use control. This was done using Sandia’s in-depth understanding of the fields of nuclear weapons safety and nuclear reactor safety as a baseline. These safety disciplines were investigated for core principles and methods for safety design and analysis that were perhaps more mature in their use of the term “intrinsic”. The results of these examinations were then analyzed. Several concepts were identified that appear to be broadly applicable across the domains and are proposed as the principles of “intrinsic security”. This paper contains a working-level definition of “intrinsic security”, a description of the principles underlying it, and a rudimentary methodology for applying intrinsic security to security design and analysis efforts. The intention of this work is to bring consistency to usage and application of intrinsic security concepts across the entire spectrum of security domains, enable the creation of more rigorous methods and tools for designing and analyzing intrinsically secure systems, and ultimately support more cost-effective and robust security solutions.