IAEA Guidance: Overview of the Design Basis Threat (DBT) Methodology and Integration in the Nuclear Security Series M.Khaliq Division of Nuclear Security International Workshop on the Lessons Learned from DBT Workshops
Scheme Overall objective of DBT IAEA guidance on use of threat assessment and DBT approaches Threat Assessment and DBT process Sample DBTs DBT Workshop 2
Overall Objectives of State s Nuclear Security Regime The objective of a State s nuclear security regime is to protect persons, property, society, and the environment from harmful consequences of a nuclear security event. (NSS 20) (nuclear security event: An event that has potential or actual implications for nuclear security that must be addressed, NSS 20) 3
Threat Assessment(TA) and DBT Definitions taken from NSS 13 TA- An evaluation of the threats based on available intelligence, law enforcement and open source information- that describes the motivations, intentions and capabilities of these threats DBT- The attributes and characteristics of potential insider and/or external adversaries, who might attempt unauthorized removal of nuclear material or sabotage, against which a physical protection system is designed and evaluated DBT Workshop 4
Physical Protection of Nuclear Material and Nuclear Facilities- NSS13 State Physical Protection Requirements for nuclear material and nuclear facilities should be based on a design basis threat for: Unauthorized removal of Cat. 1 NM Sabotage of NM and NF that has potentially high radiological consequences The State can decide whether to use DBT or Threat assessment for other nuclear material and Nuclear facilities.
NSS 13- Physical Protection of Nuclear Material and Nuclear Facilities (INFCIRC/225/Rev-5) 6.1.1. The concept of physical protection is one which requires a designed mixture of hardware (security devices), procedures (including the organization of guards and the performance of their duties) and facility design (including layout). The level of the physical protection measures should be specifically designed to take into account the nuclear material or nuclear facility and the State's design basis threat. DBT Workshop 6
Nuclear Security Series No. 14 3.17. The State should assess its national threat for radioactive material, associated facilities and associated activities. The State should periodically review its national threat, and evaluate the implications of any changes in the threat for the design or update of its nuclear security regime. 3.18. The regulatory body should use the results of the threat assessment as a common basis for determining security requirements for radioactive material and for periodically evaluating their adequacy. The regulatory body should have access to information from other State authorities on present and foreseeable threats involving radioactive material DBT Workshop 7
Establishing the Nuclear Security Infrastructure for a Nuclear Power Programme- NSS 19 The responsible competent authority, using credible information sources, should define the threat and associated capabilities in the form of a DBT or threat assessment. DBT should be developed for unauthorized removal of category I nuclear material and sabotage of nuclear material and nuclear facilities that have potentially high radiological consequences, such as a nuclear power plant. In relation to other nuclear facilities and other radioactive material, associated facilities and associated activities, the State should decide whether to use a threat assessment or DBT DBT Workshop 8
DBT an accepted practice INFCIRC225/Rev. 4 introduced the DBT as a regulatory tool for design and evaluation of PPS DBT workshops started in 1999 Workshops increased understanding of the security issues in an international context Workshop revisions drawing on greater understanding and experience of more countries Use of threat based approach has become accepted practice in all relevant NSS documents DBT Workshop 9
Important Concepts in NSS 10 Threat based approach is key to understanding security needs It needs understanding of who, what, why, how, when, where It is the basis for decision what to protect against Joint responsibility between various stakeholders National, legislative and other differences like procedures, working environment, organizational behaviours etc need to be considered Different concerns regarding consequences different types of material, types of facilities, activities and threats may lead to different protection designs and levels DBT Workshop 10
Important Concepts Continued DBT is a means to an end (it is not the end) DBT defines the respective responsibilities of the operator and the State Need for confidentiality versus sharing on need to know basis Consistency with Fundamental Principles Guidance for responsible decision makers in establishing threat based security requirements DBT Workshop 11
Fundamentals NSS-15 NSS-14 NSS-13 Recommendations Implementing Guides Technical Guidance Development, Use and Maintenance of the Design Basis Threat (NSS10)
Threat Assessment Process: Information gathering Analysis and assessment Documentation DBT Workshop 13
Stakeholders Whichever organisation has formal responsibility for completing a threat assessment, they are likely to draw on a range of official sources including: State Intelligence Service Ministries of Interior and Foreign Affairs Department of Defence Transportation and Aviation Ministries Customs Agency and Coast Guard State and Local Law Enforcement Agencies Operators DBT Workshop 14
Design Basis Threat Input Threat assessment document Statement of unacceptable consequences Three-phase process of threat information Screening Translating data and decision making Policy modification Output DBT document Threats beyond the DBT DBT Workshop 15
Phase 1 Screening Screening threat assessment Step A: Review capabilities Step B: Review motivation and intentions If Answer is yes move forward if no set them to one side But do not discard just yet DBT Workshop 16
Phase 1 Screening Do not consider existing physical protection when considering threat capabilities Consider degree of confidence in the data of threat assessment while making decision to exclude Document rationale for any exclusion DBT Workshop 17
Phase 2: Translating the Data Translating specific threat data from Phase 1 into set of representative threat characteristics: Representative threat characteristics Comprehensive yet concise definition Sufficient description for defining requirements for PPS design and evaluation DBT Workshop 18
Phase 2: Translating the Data Address all threat characteristics that are included in the threat assessment Avoid simple combination of all worst case characteristics - doing so is not credible Consider more than one credible set of characteristics that represent the range of threat characteristics DBT Workshop 19
Phase 2 Translating Data Creating a consolidated adversary description Threat Characteristics Terrorist 1 Terrorist 2 Criminal 1 Criminal 2 Protestor 1 Motivation Low High High Low High Intention Theft Sabotage Theft Sabotage Express concerns Numbers of adversaries 3 15 2 10 150 Weapons Rifles & pistols Automatic weapons Rifles & pistols pistols Unarmed Explosives Simple breaching Sophisticated breaching & VBIED none Grenades No Tools Mechanical tools Power tools Mechanical tools Mechanical & power tools Transportation Technical Skills Funding Four wheel drive truck Basic individual tactics From central command Motor cycles Motor cycle Trucks Buses High technical knowledge of sophisticated cyber and breaching skills From central command Sophisticated knowledge of detection and assessment systems From central command Basic technical skills From central command Insider Collusion Yes Yes Yes Yes Nil No Basic knowledge of nuclear facilities Nil Support Structure Low - from central command High - from central command High Low Nil DBT Workshop 20
Phase 3 Policy Modification Policy factors should be considered and may modify the results of phase 2. Examples of policy factors: Degree of conservatism for the DBT Cost-benefit-consequence tradeoffs Political factors DBT Workshop 21
Phase 3 Policy Modifications Degree of conservatism of the DBT Compensate for uncertainty in data used in baseline threat assessment Create robust DBT to support protection that remains credible as threat changes Include threats without specific input from intelligence because it is prudent management Conservatism will likely result in increase in level of threat capabilities DBT Workshop 22
Phase 3 Policy Modifications Cost-benefit consequence tradeoff Benefit of asset to State and public Consequences to society of successful malicious acts against the asset Cost to State and citizens to reduce the risk of these malicious acts This factor will likely result in decrease in level of threat capabilities DBT Workshop 23
Phase 3 Policy Modifications Political factors: Impact of decisions on public confidence Relevant contribution of protection of assets to public welfare Confidence of neighbour states in State s physical protection regime Threat environment in neighbour states This factor will likely result in increase in level of threat capabilities DBT Workshop 24
Phase 3 Policy Modifications Be aware: Costs should not be allowed to dictate an understatement of the threat Unrealistically high threat capabilities may require unsustainable resources State must decide what level of remaining risk is acceptable Competent authority should coordinate results with other State authorities, but retain final decision authority DBT Workshop 25
Phase 3: Policy modifications Some inherent protection Maximum Threat capability against which Protection will be assured Design Basis Threat (usually does not exceed maximum threat capability) Planned protection (operator and State) Threat Assessment Operator, PPS Low Threat Capabilities DBT Workshop 26
Basic principles Describes mainly the characteristics and attributes of potential adversaries Is used as basis for technical specifications to the design of PPS or of design of new facilities Considers the intentions/objectives ( e.g. abrupt or protracted theft, and sabotage) Does not included motivations (ideological, financial ) Includes Outsiders, Insiders, Cyber threats and Collusion Connects threats with unacceptable consequences (targets) May assign responsibilities between Operators and State agencies DBT Workshop 27
Sample DBT Table DBT Workshop 28
Examples Possible Threat Statements DBT for category II NM: A group of 2 outsiders equipped with hand-tools commercially available. They have a comprehensive knowledge of the facility and associated PP measures. Not Willing to die or to kill. No collusion with insider. DBT for category II NM: Insider equipped with any device that can be introduced into or obtained on site. Not Willing to die or to kill. No collusion with other insiders. DBT for category I NM: A group of 6 outsiders equipped with 10 Kg TNT explosive, automatic weapons and specific commercially available intrusion tools. They have a comprehensive knowledge of the facility and associated PP measures. Willing to die or to kill. No collusion with insider. DBT Workshop 29
Sample DBT THEFT OR DIVERSION i. Theft or diversion of quantities of nuclear material (Category ) by a determined, violent external assault or attack by stealth or deceptive actions which could lead to the construction of a nuclear explosive device by a technically competent group. The following capabilities, numbers, equipment and assistance apply: adversary personnel who are determined and violent during daylight conditions. adversary personnel who are determined and violent during night time conditions. Adversary personnel are well trained to include advanced military training and skills with the ability to operate in two or more teams. Inside assistance which may include a knowledgeable individual who attempts to participate in a passive role (e.g. facilitate entrance and exit, disable alarms and communications, participate in violent attack or both. Weapons to include pistols, hand held automatic rifles with or without silencers, automatic support weapons up to caliber, hand held anti-tank weapons to include, hand grenades and precision (sniper) weapons up to caliber. Weapons mounted night sites and night vision goggles (will or will not) be available to the adversaries during night time conditions. Irritating (e.g. tear gas, pepper spray, riot control agents) and incapacitating (lethal and non-lethal agents) chemical agents. Adversaries will have protective equipment. (Military, commercial, improvised) grade explosives, sophisticated explosive and breaching charges and tools for use in breaching barriers, facilitating entry or for otherwise destroying reactor, facility, transporter or container integrity features of the safety system or other vital equipment for features of the facility. A land or sea vehicle for transporting personnel and their equipment to the site and to the proximity of vital areas. ii. An internal threat from an individual, including an employee (in any position) iii. A conspiracy between individuals in any position who may have: (A) Access to and detailed knowledge of nuclear power plants or other nuclear facilities and/or (B) Items that could facilitate theft of nuclear materials (e.g. small tools, false documents, facility keys and pass codes, substitute nuclear material). 30
Conclusion Risk Based Assessment is Key to: Understand the risks associated with the activity Analyze the risk vs benefits Optimize the resources Convincing tool for the senior management A strategic approach to deal with the complex issues
Thank you for your attention 32 32