SAND No. 2010-2286C Sandia is a PowerPoint Presentation, PPT - DocSlides

SAND No.  2010-2286C Sandia is a PowerPoint Presentation, PPT - DocSlides

2018-10-28 3K 3 0 0

Description

multiprogram. laboratory operated by Sandia Corporation, a Lockheed Martin Company,. for the United States Department of Energy’s National Nuclear Security Administration. under contract DE-AC04-94AL85000.. ID: 700278

Embed code:

Download this presentation



DownloadNote - The PPT/PDF document "SAND No. 2010-2286C Sandia is a" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.

Presentations text content in SAND No. 2010-2286C Sandia is a

Slide1

SAND No.

2010-2286CSandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company,for the United States Department of Energy’s National Nuclear Security Administration under contract DE-AC04-94AL85000.

Principles of Security

Slide2

Objectives

Review the Definition and Objective of SecurityFirst Steps - Security AwarenessDescribe four Principles of Security Impart the importance of Performance-Based SecurityProvide a Model for a Systematic Approach to Security

Slide3

What is security?

Slide4

Security Definition

Security is:a combination of technical and administrative controls to deter, detect, delay, and respond to an

intentional, malevolent event

Slide5

Security intends to prevent

intentional acts which could result in unacceptable consequencesDeath/Severe InjuryChemical contaminationPeople EnvironmentPolitical InstabilityEconomic LossIndustrial capacity loss

Negative public psychological effectAdverse media coverage

Security Objective

Slide6

Process Security is Similar to Process Safety

Hazards

Cause

Deviation

Prevention

Impacts

Loss Event

Mitigation

Regain control or shut down

Mitigated

Unmitigated

Slide7

First Steps in Chemical Security: Low Cost Principles

Chemical Security AwarenessProperty-Vehicles-Information-PersonnelWork Area - ChangesBehavior - SuspiciousProcedures - Followed

Access ControlsHave (credential), Know (PIN), Are (biometric*)Manual (guards), Automated (machines)

* Can be expensive

Slide8

Work area changes

Hole in fenceSuspicious packagesInventory discrepancyDoor unlockedSymptoms of others behavior who are attempting to compromise securityElicitationSurveillanceOrdering suppliesBasic Security Awareness

Source: DHS Chemical Security Awareness Training

Security awareness is the first step to making your facility safe from malevolent acts

Slide9

Testing security – walking into, wait for discovery

Mapping, loitering, staging vehiclesTaking pictures of security systemLooking in dumpsterTrying to enter on your credentialAsking for user name over the phone or by emailAsking about plant layout – workers names – schedulesAwareness- Suspicious Behaviors

Source: DHS Chemical Security Awareness Training

Slide10

Missing badge

Leaving workstation unsecured - fire alarmLeaving sensitive documentBypassing securitySecurity Involves Systematic Diligence- even in Small Things

Know what to do - who to call

Communicate anything unusual to supervisorRemember - YOU are the first responder

Source: DHS Chemical Security Awareness Training

Slide11

HAZARD

Owner Controlled Area

Restricted Area

Vital Area

Plant locations

Administration

Control rooms

Server rooms

Switchgear

Process Units

Rail / truck yards

Stores

Access Control Integrated with Areas and People

Plant employees

Administration /Engineering

Operations

Computer specialists

Control room operator

Process interface

Shipping and receiving

Maintenance

Security / Safety

Special employees

Slide12

Integration with boundary

Cannot be bypassedBlock individuals until access authorization verifiedInterfaces with the alarm systemIntegration with the guards/response forceProtects guardArea is under surveillancePersonnel integrate with systemEasy to use for entry and exitAccommodates peak throughput (loads) Accommodates special cases

Features of a Good Entry Control System

Slide13

Types of Personnel Entry Control

Personnel Authorization Verification

Manual

(Protective Force Guards)

Have - Credential(Photo)

Automated

(Machines)

Have -

Credential

(Coded)

Know -

Memorized

Number

(PIN)

Are -

Personal

Characteristics

(Biometric)

Exchange

Credential

Slide14

What Kinds of Chemical Facilities

Need Security?Potential consequence severity will determine which facilities need to be secured Small-scale research laboratoriesMany different chemicals used in small amountsLarge-scale manufacturing plants

Limited types of chemicals used in large amounts

Slide15

Chemical Industry Security Based on Release, Theft and Sabotage

Risk to public health & safety releaseIn-situ release of toxic chemicalsIn-situ release and ignition of flammable chemicalsIn-situ release/detonation of explosives chemicalsPotential targets for theft or diversion

Chemical weapons and precursorsWeapons of mass effect (toxic inhalation hazards)

IED precursorsReactive and stored in transportation containers

Chemicals that react with water to generate toxic gasesSource: DHS Chemical Security

Slide16

Principles of Physical Security

General Principles followed to help ensure effective, appropriate securityDefense in DepthBalanced SecurityIntegrated SecurityManaged Risk

Slide17

Principle 1: Defense in Depth

LayersPhysicalAdministrative and Programmatic

Deterrence Program

Pre-Event Intelligence

Personnel Reliability

Physical Security

Mitigation of Consequences

Slide18

Principle 2: Balanced Protection

Physical LayersAdversary ScenariosAdversary paths (physical)

Protected Area

Controlled Room

Controlled Building

Target

Enclosure

Target

Path 1

Path 2

Slide19

Balanced Protection

Each Path is composed on many protection elementsWalls, fences, sensors, cameras, access controls, etc…Protection elements each possess delay and detection componentsFor example:Fence delays adversaries 20 seconds, and provides 50% likelihood that adversary is detected

Wall delays adversary 120 seconds and provides a 10% likelihood of detectionGuard delays adversary 20 seconds and provides a 30% likelihood of detectionBalanced protection objective:

for every possible adversary pathcumulative detection and delay encountered along path will be the similar regardless of adversary path

NO WEAK PATH

Slide20

Principle 3: System Integration

Detection alerts ResponseAccess Delay slows the adversary to provide time for ResponseResponse prevents the consequence

Slide21

Integrated Security

Contribution to security system of each can be reduced to its contribution to:Detection of adversary or malevolent eventDelay of adversaryResponse to adversaryIntegrated security evaluates composite contribution of all components to these three elementsAssures that overall detection is sufficient and precedes delay

Assures that adversary delay time exceeds expected response time Assures that response capability is greater than expected adversary

Slide22

Principle 4: Managed Risk

How much Security is enough ???Cost of SecurityBenefit of Security

Slide23

Managed Risk

Benefits of Security is Reduced Risk What is Risk?Risk = Consequence Severity * Probability of Consequence What is Security Risk?Probability of Consequence Occurrence Frequency of attempted event

XProbability of successful attempt

Probability of successful attempt is 1 - Probability of security system effectiveness

Slide24

Managed Risk

The benefit (risk reduction) increases with increased security investment (cost)However, there is a point where the increased benefit does not justify the increased costCost of Security

Risk

0.01.0

Slide25

Managed Risk

How much Security is enough ???Cost of Security

Level of Risk acceptable

Government Decision based on Managed Risk

Provides sufficient confidence that materials appropriately protected

Slide26

Objectives

Review the Definition and Objective of SecurityFirst Steps - Security AwarenessDescribe Four Principles of Security Impart the Importance of Performance-Based SecurityProvide a Model for a Systematic Approach to Security

Slide27

Requirements Driven

Engineering Principles used for SecurityWhat are requirements for system?What are constraints of system?Performance-Based Security

Slide28

Design Constraints

Understand Operational ConditionsDesign RequirementsConsequences to be preventedIdentify Targets to be protectedDefine Threats against which targets will be protectedRequirements-Driven Security

Slide29

Characterize the facility considering:

MissionOperationsBudgetSafetyLegal IssuesRegulatory IssuesOperational Conditions

Slide30

Target Identification

What are the unacceptable consequences to be prevented?

Death/Severe Injury Chemical contamination

People Environment

Political Instability Economic Loss Industrial capacity loss Negative public

psychological effect

Adverse media coverage

Slide31

What are possible sources of unacceptable consequences

?Dispersal Identify areas to protectTheft

Identify material to protect

Target Identification

Slide32

Characterize Types of Targets

FormStorage manner and locationFlow of chemicalsVulnerability of ChemicalsFlammableExplosiveCaustic

Target Identification

Criticality / Effect

Access / VulnerabilityRecoverability / RedundancyVulnerability

Slide33

Define the Threats

The Art of War, Sun TseIf you know neither yourself nor your enemies, you will lose most of the timeIf you know yourself, but not your enemies, you will win 50%If you know yourself and your enemies, you will win most of the time

Knowing your threats permits proper preparation

Slide34

The Physical Protection System Must Have a Basis for Design

Design Basis Threat: A policy document used to establish performance criteria for a physical protection system (PPS). It is based on the results of threat assessments as well as other policy considerationsThreat Assessment: An evaluation of the threats- based on available intelligence, law enforcement, and open source information that describes the motivations, intentions, and capabilities of these threats

Slide35

Define the Threats

In physical security:Knowing adversary permits customizing security to maximize effectivenessAs adversary not known, develop hypothetical adversary to customize securityHypothetical adversary description should be influenced by actual threat data

Slide36

A Design Basis Threat (DBT) is a formalized approach to develop a threat-based design criteria

DBT consists of the attributes and characteristics of potential adversaries. These attributes and characteristics are used as criteria to develop a customized security system design.The DBT is typically defined at a national level for a State. At the facility level, also:Consider local threatsLocal criminals, terrorists, protestorsConsider insider threatsEmployees and others with access Design Basis Threat

Slide37

Objectives

Review the Definition and Objective of SecurityFirst Steps - Security AwarenessDescribe the Principles of Security Impart the Importance of Performance-Based SecurityProvide a Model for a Systematic Approach to Security

Slide38

Model: Design and Evaluation

Process Outline (DEPO)

AcceptRisk

Evaluate

PPS

Response

Weaponry

Communications

Tactics

Backup

Forces

Training

Night

Fighting

Capability

Access

Delay

Vehicle

Barriers

Stand-Off

Protection

Fences

Target Task

Time

Intrusion Detection

Systems

Alarm

Assessment

Alarm Communication

& Display

Entry Control

Characterize PPS

Physical Protection Systems

Delay

Response

Detection

Define PPS

Requirements

Facility

Characterization

Threat Definition

DBT

Target

Identification -

Vital Areas

Evaluate

Upgrades

Evaluation of PPS

Gathering Performance Data

Scenario and

Path Analysis - LSPTs

Overpressure

Analysis

JCATS

Simulations

Process of PPS Design and Evaluation

ASSESS VA Model

Blast Simulations

Insider Analysis – Personnel Reliability

Risk Evaluation

Cost Benefit Analysis

Contraband and Explosives

Detection

Slide39

Technology

Intrusion DetectionEntry ControlContraband DetectionUnauthorized Action DetectionSupporting elementsAlarm AssessmentAlarm CommunicationAlarm Annunciation

Detect Adversary

Slide40

Delay

AdversaryDelay Definition : The element of a physical protection system designed to slow an adversary after they have been detected by use of Walls, fences

Activated delays-foams, smoke, entanglement Responders

Delay is effective only after there is first sensing that initiates a response

Slide41

Respond

to AdversaryGuard and Response ForcesGuards: A person who is entrusted with responsibility for patrolling, monitoring, assessing, escorting individuals or

transport, controlling access. Can be armed or unarmed.

Response forces: Persons, on-site or off-site who are armed and appropriately equipped and trained to counter an attempted theft or an act of sabotage.

Guards can sometimes perform as initial responders as well (both guards and response force)

41

Slide42

Summary

Security systems should attempt to prevent, but be prepared to defeat an intentional malevolent act that could result in unacceptable consequences at a chemical facilitySecurity awareness is an essential elementAn effective system depends on an appropriate integration of:DetectDelay

Respond

Slide43

Summary

Principles for security can lead to more effective security systemDefense in depthBalanced securityIntegrated securityManaged risk

Performance-based approach will yield the greatest confidence that security is adequateThreat criteria A model for systematic security design and analysis will enable application of principles and performance based approach

Slide44


About DocSlides
DocSlides allows users to easily upload and share presentations, PDF documents, and images.Share your documents with the world , watch,share and upload any time you want. How can you benefit from using DocSlides? DocSlides consists documents from individuals and organizations on topics ranging from technology and business to travel, health, and education. Find and search for what interests you, and learn from people and more. You can also download DocSlides to read or reference later.