The PRO-X program is actively supporting the design of nuclear systems by developing a framework to both optimize the fuel cycle infrastructure for advanced reactors (ARs) and minimize the potential for production of weapons-usable nuclear material. Three study topics are currently being investigated by Sandia National Laboratories (SNL) with support from Argonne National Laboratories (ANL). This multi-lab collaboration is focused on three study topics which may offer proliferation resistance opportunities or advantages in the nuclear fuel cycle. These topics are: 1) Transportation Global Landscape, 2) Transportation Avoidability, and 3) Parallel Modular Systems vs Single Large System (Crosscutting Activity).
Security engineering approaches can often focus on a particular domain—physical security, cyber security, or personnel security, for example. Yet, security systems engineering consistently faces challenges requiring socio-technical solutions to address evolving and dynamic complexity. While some drivers of this complexity stem from complex risk environments, innovative adversaries, and disruptive technologies, other drivers are endogenous and emerge from the interactions across security engineering approaches. In response, INCOSE's Systems Security Working Group identified the need to better coordinate “disparate security solutions [that] operate independently” as one of eleven key concepts in their IS21 FuSE Security Roadmap. From this perspective, this need for “security orchestration” aligns with the perspective that security is a property that emerges from interactions within complex systems. Current efforts at Sandia National Laboratories are developing a systems security engineering approach that describes high consequence facility (HCF) security as a multidomain set of interacting layers. The result is a multilayered network (MLN)-based approach that captures the interactions between infrastructure, physical components, digital components, and humans in nuclear security systems. This article will summarize the MLN-based approach to HCF security and describe two preliminary results demonstrating potential benefits from incorporating interactions across disparate security solutions. Here, leveraging the logical structure of networks, this MLN model-based approach provides an example of how security orchestration provides enhanced systems security engineering solutions.
Advances on differentiating between malicious intent and natural "organizational evolution"to explain observed anomalies in operational workplace patterns suggest benefit from evaluating collective behaviors observed in the facilities to improve insider threat detection and mitigation (ITDM). Advances in artificial neural networks (ANN) provide more robust pathways for capturing, analyzing, and collating disparate data signals into quantitative descriptions of operational workplace patterns. In response, a joint study by Sandia National Laboratories and the University of Texas at Austin explored the effectiveness of commercial artificial neural network (ANN) software to improve ITDM. This research demonstrates the benefit of learning patterns of organizational behaviors, detecting off-normal (or anomalous) deviations from these patterns, and alerting when certain types, frequencies, or quantities of deviations emerge for improving ITDM. Evaluating nearly 33,000 access control data points and over 1,600 intrusion sensor data points collected over a nearly twelve-month period, this study's results demonstrated the ANN could recognize operational patterns at the Nuclear Engineering Teaching Laboratory (NETL) and detect off-normal behaviors - suggesting that ANNs can be used to support a data-analytic approach to ITDM. Several representative experiments were conducted to further evaluate these conclusions, with the resultant insights supporting collective behavior-based analytical approaches to quantitatively describe insider threat detection and mitigation.
Security assessments support decision-makers' ability to evaluate current capabilities of high consequence facilities (HCF) to respond to possible attacks. However, increasing complexity of today's operational environment requires a critical review of traditional approaches to ensure that implemented assessments are providing relevant and timely insights into security of HCFs. Using interviews and focus groups with diverse subject matter experts (SMEs), this study evaluated the current state of security assessments and identified opportunities to achieve a more "ideal" state. The SME-based data underscored the value of a systems approach for understanding the impacts of changing operational designs and contexts (as well as cultural influences) on security to address methodological shortcomings of traditional assessment processes. These findings can be used to inform the development of new approaches to HCF security assessments that are able to more accurately reflect changing operational environments and effectively mitigate concerns arising from new adversary capabilities.
Traditional systems engineering demonstrates the importance of customer needs in scoping and defining design requirements; yet, in practice, other human stakeholders are often absent from early lifecycle phases. Human factors are often omitted in practice when evaluating and down-selecting design options due to constraints such as time, money, access to user populations, or difficulty in proving system robustness through the inclusion of human behaviors. Advances in systems engineering increasingly include non-technical influences into the design, deployment, operations, and maintenance of interacting components to achieve common performance objectives. Furthermore, such advances highlight the need to better account for the various roles of human actors to achieve desired performance outcomes in complex systems. Many of these efforts seek to infuse lessons and concepts from human factors (enhanced decision-making through Crew Resource Management), systems safety (Rasmussen's “drift toward danger”) and organization science (Giddens' recurrent human acts leading to emergent behaviors) into systems engineering to better understand how socio-technical interactions impact emergent system performance. Safety and security are examples of complex system performance outcomes that are directly impacted by varying roles of human actors. Using security performance of high consequence facilities as a representative use case, this article will outline the System Context Lenses to understand how to include various roles of human actors into systems engineering design. Several exemplar applications of this organizing lenses will be summarized and used to highlight more generalized insights for the broader systems engineering community.
Protecting high consequence facilities (HCF) from malicious attacks is challenged by today’s increasingly complex, multi-faceted, and interdependent operational environments and threat domains. Building on current approaches, insights from complex systems and network science can better incorporate multidomain interactions observed in HCF security operations. These observations and qualitative HCF security expert data support invoking a multilayer modeling approach for HCF security to shift from a “reactive” to a “proactive” paradigm that better explores HCF security dynamics and resilience not captured in traditional approaches. After exploring these multi-domain interactions, this paper introduces how systems theory and network science insights can be leveraged to describe HCF security as complex, interdependent multilayer directed networks. A hypothetical example then demonstrates the utility of such an approach, followed by a discussion on key insights and implications of incorporating multilayer network analytical performance measures into HCF security.
The design and construction of a nuclear power plant must include robust structures and a security boundary that is difficult to penetrate. For security considerations, the reactors would ideally be sited underground, beneath a massive solid block, which would be too thick to be penetrated by tools or explosives. Additionally, all communications and power transfer lines would also be located underground and would be fortified against any possible design basis threats. Limiting access with difficult-to-penetrate physical barriers is a key aspect for determining response and staffing requirements. Considerations considered in a graded approach to physical protection are described.
Nuclear power plants must be, by design and construction, robust structures and difficult to penetrate. Limiting access with difficult-to-penetrate physical barriers is going to be key for staffing reduction. Ideally, for security, the reactors would be sited underground, beneath a massive solid block, too thick to be penetrated by tools or explosives with all communications and power transfer lines also underground and fortified. Having the minimal possible number of access points and methods to completely block access from these points if a threat is detected will greatly help us justify staffing reduction.
Nuclear power plants must be, by design and construction, robust structures and difficult to penetrate. Ideally, for security, the reactors would be sited underground, beneath a massive solid block, too thick to be penetrated by tools or explosives with all communications and power transfer lines also underground and fortified. Limiting access with difficult-to-penetrate physical barriers is going to be key for determining response and staffing requirements.
Part of the Presidential Policy Directive 21 (PPD-21) (PPD 2013) mandate includes evaluating safety, security, and safeguards (or nonproliferation) mechanisms traditionally implemented within the nuclear reactors, materials, and waste sector of critical infrastructure—including a complex, dynamic set of risks and threats within an all-hazards approach. In response, research out of Sandia National Laboratories (Sandia) explores the ability of systems theory principles (hierarchy and emergence) and complex systems engineering concepts (multidomain interdependence) to better understand and address these risks and threats. Herein, this Sandia research explores the safety, safeguards, and security risks of three different nuclear sector-related activities—spent nuclear fuel transportation, small modular reactors, and portable nuclear power reactors—to investigate the complex and dynamic risk related to the PPD-21-mandated all-hazards approach. This research showed that a systems-theoretic approach can better identify inter-dependencies, conflicts, gaps, and leverage points across traditional safety, security, and safeguards hazard mitigation strategies in the nuclear reactors, materials, and waste sector. Resulting from this, mitigation strategies from applying systems theoretic principles and complex systems engineering concepts can be (1) designed to better capture interdependencies, (2) implemented to better align with real-world operational uncertainties, and (3) evaluated as a systems-level whole to better identify, characterize, and manage PPD-21's all hazards strategies.
Existing security models are highly linear and fail to capture the rich interactions that occur across security technology, infrastructure, cybersecurity, and human/organizational components. In this work, we will leverage insights from resilience science, complex system theory, and network theory to develop a next-generation security model based on these interactions to address challenges in complex, nonlinear risk environments and against innovative and disruptive technologies. Developing such a model is a key step forward toward a dynamic security paradigm (e.g., shifting from detection to anticipation) and establishing the foundation for designing next-generation physical security systems against evolving threats in uncontrolled or contested operational environments.