Year
2000
Abstract
This paper introduces a generic model for assessing facility and program vulnerabilites to the insider threat. Although emphasis is placed on the protection of nuclear materials, the methods and techniques developed can be readily adapted to other applications. Information useful to insiders and insider/outsider combinations is organized into three broad categories, namely (1) Access Control and Barrier Information, (2) Protective Force Information, and (3) Target Information and two levels, namely (A) Essential and (B) Desireable. A method for identifying facility-specific and program-specific information for each category and level as well as documentary and electronic sources for the information is presented. Analytical matrices showing (1) which information sources contain which items of information, and (2) how well information sources are protected are developed. Methods of profiling the population of entrants into Protected Areas (PAs), Material Access Areas (MAAs), and Material Balance Areas (MBAs) based on records from both automated access control systems and manual entry/exit logs are discussed. Methods for comparing the frequency and duration of individual and group accesses with (1) operational needs and (2) the time required to obtain scenario-specific information are addressed. Analytical matrices detailing the special authorities and privileges of individuals and groups are also presented.