0 evaluări0% au considerat acest document util (0 voturi)
69 vizualizări87 pagini
March 2014 issue of the Journal of Physical Security, a peer-reviewed journal devoted to research, development, modeling, testing, experimentation, and analysis of physical security. Includes both technical and social science approaches.
After the standard snarky comments by the editor about security, there are 5 peer-reviewed papers discussing security evaluations of Egyptian nuclear facilities, a probabilistic model for quantifying the odds of interrupting an attack, a security evaluation for an oil refinery in Nigeria, access control for small nuclear facilities, and entropy as a driver of security failures.
For more information about JPS, to download individual papers from this or earlier issues, or to get on the email list, see http://jps.anl.gov
March 2014 issue of the Journal of Physical Security, a peer-reviewed journal devoted to research, development, modeling, testing, experimentation, and analysis of physical security. Includes both technical and social science approaches.
After the standard snarky comments by the editor about security, there are 5 peer-reviewed papers discussing security evaluations of Egyptian nuclear facilities, a probabilistic model for quantifying the odds of interrupting an attack, a security evaluation for an oil refinery in Nigeria, access control for small nuclear facilities, and entropy as a driver of security failures.
For more information about JPS, to download individual papers from this or earlier issues, or to get on the email list, see http://jps.anl.gov
Drepturi de autor:
Attribution Non-Commercial (BY-NC)
Formate disponibile
Descărcați ca PDF, TXT sau citiți online pe Scribd
March 2014 issue of the Journal of Physical Security, a peer-reviewed journal devoted to research, development, modeling, testing, experimentation, and analysis of physical security. Includes both technical and social science approaches.
After the standard snarky comments by the editor about security, there are 5 peer-reviewed papers discussing security evaluations of Egyptian nuclear facilities, a probabilistic model for quantifying the odds of interrupting an attack, a security evaluation for an oil refinery in Nigeria, access control for small nuclear facilities, and entropy as a driver of security failures.
For more information about JPS, to download individual papers from this or earlier issues, or to get on the email list, see http://jps.anl.gov
Drepturi de autor:
Attribution Non-Commercial (BY-NC)
Formate disponibile
Descărcați ca PDF, TXT sau citiți online pe Scribd
Welcome to volume 7, issue 2 of the }ouinal of Physical Secuiity. This issue has papeis about secuiity evaluations of Egyptian nucleai facilities, a piobabilistic mouel foi quantifying the ouus of inteiiupting an attack, a secuiity evaluation foi an oil iefineiy in Nigeiia, access contiol foi small nucleai facilities, anu entiopy as a uiivei of secuiity failuies.
Foi the last papei in this issue, we hau the inteiesting situation wheie the ievieweis, the euitoi, anu the authois coulun't come to an agieement on possible changes to the papei. This iesulteu in a uiscussion at the enu of the papei that you won't want to miss because of its laigei implications. I hope you finu it thought piovoking.
As usual, the views expiesseu by the euitoi anu authois aie theii own anu shoulu not necessaiily be asciibeu to theii home institutions, Aigonne National Laboiatoiy, oi the 0niteu States Bepaitment of Eneigy.
*****
./0 1 /,,' 2,3$,4
Reseaich manusciipts submitteu to this jouinal aie usually ievieweu by 2 anonymous ievieweis knowleugeable in the subject of the papei. viewpoint papeis aie ievieweu by u, 1, oi 2 ievieweis, uepenuing on the topic anu content. (Papeis that ieceive no peei ieview aie cleaily maikeu as such.)
The authois' iuentities aie known to the ievieweis, i.e., this jouinal uoes not use a uouble blinu ieview system. This is the case foi most peei ieview jouinals in othei fielus. Theie aie pios anu cons to this single blinu appioach.
We aie always veiy giateful to ievieweis foi theii (unpaiu) time. Seiving as a ieviewei is a ieal seivice to youi secuiity colleagues anu to eveiybouy's secuiity. If you aie inteiesteu in seiving as an occasional ieviewei, please contact me thiough Aigonne National Laboiatoiy oi http:jps.anl.gov.
Bi. }on Wainei of oui Aigonne vulneiability Assessment Team seives veiy capably as Associate Euitoi.
The pie chait below shows that almost of manusciipts submitteu to }PS uo not get piinteu in the jouinal. The vast majoiity of manusciipts that aie accepteu unueigo significant changes oi auuitions suggesteu by the ievieweis anu the euitoi piioi to being publisheu. I often assist with euiting papeis foi authois foi whom English is not theii fiist language, oi who aie fiom the 0K.
}ouinal of Physical Secuiity 7(2), i-ix (2u14)
ii
The stanuaiu style of this jouinal is Ameiican English. This incluues, among othei things, putting a comma befoie the last item in a list, the so-calleu "seiial comma", also iionically calleu the "0xfoiu comma". (Not all Ameiicans uo this, howevei, especially jouinalists anu young people.) Beie aie 2 examples of wheie the seiial comma can be impoitant: "!" $%&'()*+ ,%-./)01+, %(+ *2-%3 1%43 %-. 01++,+56 iefeis to S sanuwiches, wheieas "!" $%&'()*+ ,%-./)01+, %(+ *2-%3 1%4 %-. 01++,+5" is focuseu on 2. "7 8'* *1+ ).+% $('4 *%9:)-8 *' 4" ;',,3 % 0'-&)0*+. $+9'-3 %-. % .(28 %..)0*5" has quite a uiffeient meaning fiom "7 8'* *1+ ).+% $('4 *%9:)-8 *' 4" ;',,3 % 0'-&)0*+. $+9'- %-. % .(28 %..)0*." While theie aie countei-aiguments, in my minu theie aie 2 goou ieasons foi use of the seiial comma. Fiist, is consistent with the geneial iuea of paiallelism, an impoitant element of goou wiiting. uoou wiiting has ihythm anu oiganization, anu you uon't want to confuse the ieauei oi squanuei hei time by bieaking them. 0ne example of goou paiallelism is wiiting a list using only nouns oi only veibs oi only geiunus. Nixing them cieates clumsy woiuing, such as: "7 9):+ *' $),13 <%-0%:+,3 %-. *%9:)-8 *' %(* +=<+(*,." A bettei sentence might use all geiunus foi paiallelism: "7 9):+ $),1)-83 +%*)-8 <%-0%:+,3 %-. *%9:)-8 *' %(* +=<+(*,56 }ouinal of Physical Secuiity 7(2), i-ix (2u14)
iii The seconu ieason the seiial comma is useful is that it most closely mimics oial speech, which is ieally the unueilying basis of the wiitten woiu. To a consiueiable uegiee, goou wiiting sounus like goou talking. Some wiiteis claim that commas cluttei up wiiting. While commas can ceitainly be oveiuseu, I think they actually make ieauing easieianu the meaning cleaieiwhen useu to mimic the natuial pauses in oial speech. Thus, if I ieally meant S sanuwiches, the way I say this is "*2-%551%455%-.5501++,+", but if I meant 2 sanuwiches, "*2-%>>1%4 ? 01++,+. The comma can help the ieauei unueistanu wheie the pauses shoulu be.
*****
5&%$-6 7&' 0,89'$%: ;<,=%,'
I iecently obseiveu a neaily 2-houi tiaining couise foi election juuges. The couise was taught by state election officials foi a single election juiisuiction. The state anu juiisuiction shall go unnameu.
The couise was efficient, piactical, piofessionally iun, anu well tuneu to the auuience. A lot of useful infoimation was pioviueu to the election juuges.
I founu it telling that the woiu "secuiity" maue an appeaiance only once in the 2-houi piesentation, anu then only in the following context: "Election juuges shoulu follow this pioceuuie because it 8)&+, *1+ %<<+%(%-0+ of secuiity." |Italics auueu.j
Now I'm quite familiai with Secuiity Theatei. As a vulneiability assessoi, I see it all the time in uispaiate secuiity uevices, systems, anu piogiams. But usually Secuiity Theatei involves secuiity manageis oi oiganizations fooling themselves, oi it is busywoik uelibeiately uesigneu to make auuitois oi the boss happy, oi it's something meant to snow customeis oi the public. Sometimes, Secuiity Theatei is useu as a foim of bluffing, i.e., to make a taiget falsely look haiuei than it ieally is. (Bluffing, howevei, is usually effective only ovei the shoit teim.)
The pioceuuie that was being uiscusseu in the couise as neeuing the appeaiance of secuiity was not one that woulu be much noteu by voteis oi the public, so it was piobably not intenueu as a bluff. Rathei, the appaient attituue among these election officialswhich I anu otheis have fiequently obseiveu in othei contexts, states, anu election juiisuictions is that secuiity is vieweu as only being about appeaiances.
0ne of the functions of election juuges is often to compaie voteis' signatuies on election uay with the votei iegistiation iecoius. In this paiticulai state anu election juiisuiction, as in most otheis, election juuges aie given zeio useful instiuctions on how to compaie signatuies, not even the biief, iuuimentaiy tiaining often given to cashieis in ietail stoies on signatuie veiification.
In my view, the veiacity of the vote ueseives moie seiious secuiity attention. Election faiiness anu accuiacy aie funuamental piinciples of uemociacy. }ouinal of Physical Secuiity 7(2), i-ix (2u14)
iv *****
>=?$-6 $% @'%$)%$8=AA:
Counteifeit woiks of ait anu antiquities aie a huge secuiity pioblem. A new technique has been ueployeu, baseu on the anomalously high amount of iauioactive caibon-14 founu in the atmospheie since the uawn of the nucleai age. A painting attiibuteu to the Fiench cubist paintei Feinanu Lgei was cleaily pioven to be a foigeiy. Foi moie infoimation: http:www.chiomatogiaphytechniques.comnews2u14uScaibon-uating-shows- cubist-painting-was-foigeu.et_ciu=S81S889&et_iiu=S969S7192&type=heauline
*****
*&+BA$=-8, 3)C 0,89'$%:
Compliance anu Secuiity, of couise, aie not the same thing. Sometimes they aie at ouus. In my expeiience, it is typical foi at least a thiiu of compliance iules to actually make secuiity woise. This can occui when compliance wastes time, eneigy, anu iesouices; uistiacts secuiity peisonnel anu employees anu focuses them on the wiong issues; makes auuitois the enemy, insteau of the actual auveisaiies; encouiages minuless iule following iathei than caieful pioactive thinking about secuiity; institutionalizes stupiu, one-size-fits- all iules manuateu by buieauciats fai iemoveu fiom giounu level; fossilizes iules that neeu to be flexible with changing thieats, conuitions, anu technology; lets the goou guys anu the existing secuiity infiastiuctuie anu secuiity stiategies uefine the pioblem, not the bau guys (which is the ieal-woilu situation); makes secuiity the enemy of piouuctivity anu of employees; anu engenueis cynicism about secuiity.
The best (anu funniest anu most uistuibing) examples I know of compliance haiming secuiity can't be openly uiscusseu because of theii sensitivity. Beie, howevei, aie a few examples I can shaie.
uianting access to numeious auuitois, oveiseeis, micio-manageis, testeis, maintenance people foi secuiity haiuwaie, anu checkeis of the checkeis incieases the insiuei thieat. Nanuateu State of Bealth (S0B) checks on secuiity haiuwaie incieases complexity (bau foi secuiity) anu hacking oppoitunities. Nanuateu secuiity uevices get in each othei's way, oi compiomise each othei's secuiity. Specifically manuateu secuiity piouucts oi anti-malwaie softwaie piecluue the use of bettei, moie up to uate piouucts. PC secuiity iules applieu minulessly to Nacs. Compliance makes the best the enemy of the goou. Almost anybouy is consiueieu to have a "Neeu to Know" if it can help us avoiu minoi pioceuuial anu papeiwoik eiiois (oi heshe can offei some vaguely plausible stoiy }ouinal of Physical Secuiity 7(2), i-ix (2u14)
v line), thus cieating unnecessaiy checkeis anu incieasing the insiuei thieat as well as the chances of mishanuling sensitive uata. uoveinment secuiity cleaiances that iequiie self-iepoiting of piofessional counseling anu mental health tieatment, thus uiscouiaging it. uiievance, complaint iesolution, anu employee assistance piogiams that inciease uisgiuntlement anu taiget useis foi ietaliation. Foimal iules iequiiing oveily pieuictable guaiu patiols anu shift changes. Little ioom alloweu foi flexibility, inuiviuual initiative, pioactiveness, questionsconceins, hunches, iesouicefulness, obseivational skills, anu people skills. Secuiity manageis aie feaiful of installing auuitional secuiity pioceuuies anu haiuwaie (even common sense ones) that can impiove secuiity locally because they aie not calleu foi by auuitois oi the compliance uocuments. An ovei-emphasis on fences (4.S - 1S sec uelay) anu entiy points as secuiity measuies leaus to bau secuiity. The iequiieu complex multituue of secuiity layeis ("Befense in Bepth") leaus to a situation wheie nobouy takes any one layei (oi alaim) seiiously. See, foi example, the Y-12 bieak-in by an 8S-yeai olu nun: http:www.cbsnews.comnewsnun-84- gets-S-yeais-in-piison-foi-bieaking-in-nucleai-weapons-complex This is a classic, pieuictable, anu veiy common moue of failuie foi Befense in Bepth ("layeieu secuiity"). 0nfoitunately, multiple layeis of lousy secuiity iaiely auu up to goou secuiity. Anu Befense in Bepth tenus to engenuei acceptance of lousy layeis. The wiong minuset is cieateu: Secuiity = Busy Woik & Ninuless Rule-Following, leauing to the iuea that the Biass anu buieauciats aie iesponsible foi thinking about secuiity, not me.
*****
*'$+$-:D
Recent events in Ciimea aie a ieminuei that 2u14 is the 16u th anniveisaiy of the Ciimean Wai, a conflict between Russia anu an alliance of Fiance, Biitain, the 0ttoman Empiie, anu Saiuinia. It was one of the fiist "mouein" wais in a numbei of ways.
The Ciimean Wai is piobably best iemembeieu foi the incompetence anu unnecessaiy loss of life on both siues. At the time, Biitish citizens coulu buy a commission, i.e., Biitish militaiy leaueis weie not chosen by meiit, intelligence, oi expeiience but by who coulu cough up big bucks. The poem, "Chaige of the Light Biigaue" by Alfieu, Loiu Tennyson baseu on the Ciimean wai helpeu to focus attention on the incompetence of English militaiy leaueis, which eventually iesulteu in enuing the piactice of selling commissions.
Now, 16u yeais latei, many secuiity piofessionals aie all too familiai with the negative consequences of having leaueis who aie not chosen baseu on meiit, intelligence, anu expeiience.
}ouinal of Physical Secuiity 7(2), i-ix (2u14)
vi *****
E-8&++&- *&++&- 0,-),
As of this wiiting, theie is as of yet no solution to the mysteiy of missing Nalaysia Aiilines Flight S7u.
What has become cleai fiom this inciuent, howevei, is that many nations anu aiilines uo not make use of the Inteipol uatabase of stolen passpoits. This uatabase contains uata on 4u million lost oi stolen tiavel uocuments. Accoiuing to Inteipol ueneial Secietaiy Ronalu Noble, "0nly a hanuful of countiies woiluwiue aie taking caie to make suie that peisons possessing stolen passpoits aie not boaiuing inteinational flights." Even so, the uatabase gets 6u,uuu hits pei yeai. The 0niteu States, 0K, anu the 0niteu Aiab Emiiates aie some of the few countiies that uo use the uatabase extensively.
A 2u11 stuuy founu that the uatabase can be an effective tool foi countei-teiioiism. See http:ieseaich.cieate.usc.euucgiviewcontent.cgi.aiticle=1147&context=publisheu_papeis
This counteimeasuie is quick, simple, inexpensive, anu ielatively painless. Failuie to use it is suiely a bieakuown of common sense. What is it about secuiity that it is so often uivoiceu fiom common sense. 0i is the pioblem, as voltaiie thought, moie geneiic. Be maintaineu that the tiouble with common sense in geneial is that it isn't all that common.
*****
F9+G,' ;<=- %<, H='#4=',
A woulu-be buiglai in Chicago uefeateu the lock on the outsiue of a bai, but then coulun't manage to get insiue because he kept tiying to pull the uooi open. The uooi was cleaily maikeu, "P0SB". See the viueo anu stoiy at: http:www.unainfo.comchicago2u14u11Swickei-paikviueo-wickei-paik-bai-bieak- in-thwaiteu-when-man-pulls-uooi-maikeu-push
*****
I,J$8=- ;<',=% Appaiently packs of ioaming feial Chihuahua uogs aie haiassing Phoenix. The Phoenix police uepaitment iepoits moie than 6,uuu complaints. Foi moie infoimation, see http:abcnews.go.comblogsheaulines2u14u2chihuahuas-iampage-in-aiizona Seems like an excellent oppoitunity to install $1u billion of untesteu homelanu secuiity haiuwaie to monitoi the Chihuahua thieat!
}ouinal of Physical Secuiity 7(2), i-ix (2u14)
vii ***** *=-=#$=- ;<',=%
0ttawa police aie seaiching foi a man who tiieu to iob a stoie while bianuishing a hockey stick. The ownei of the stoie giabbeu the hockey stick fiom the suspect, who then fleu. See http:www.cbc.canewscanauaottawahockey-stick-wielueu-in-foileu-ottawa- stoie-iobbeiy-1.2SS9S8S.
Piesumably it wasn't a cuiling bioom because cuiling uoesn't exactly have a fieice ieputation foi bench-cleaiing biawls. (This might, howevei, inciease the fan base.)
Speaking of 0lympic spoits, the best suggestion I have evei heaiu is to iequiie that eveiy 0lympic event incluue one aveiage citizen in the competition, just foi compaiison.
*****
K=# .&?,L M&&# 0,89'$%: I&'=A
A young man on a bicycle has a bag of sanu slung ovei his shouluei. Be iiues up to the boiuei guaiu who stops him anu asks, "What's in the bag.". "Sanu," says the young man. The guaiu uoesn't believe him, so makes the young man open the bag anu the boiuei guaiu feels aiounu insiue. Suie enough, sanu. The guaiu lets the young man go on his way acioss the boiuei.
The next uay, the same thing happens, only this time, the guaiu insists the young man empty the bag of sanu on the giounu so the guaiu can moie caiefully examine its contents. Again, nothing but sanu. The young man hanu shovels the sanu back into the bag anu peuals acioss the boiuei. This happens S moie uays in a iow.
uiowing moie anu moie suspicious, the boiuei guaiu the next uay takes a sample fiom the young man's bag to be chemically analyzeu. Foi anothei week, the young man shows up eveiyuay on his bike with the bag of sanu slung ovei his shouluei, anu the guaiu lets him thiough. Finally, the chemical analysis iesults come in: 1uu% sanu.
The next uay, the guaiu stops the young man again anu says, "Look, son. I know you aie smuggling something acioss the boiuei. I'm uying to know what it is. }ust tell me, anu I sweai on my mothei's giave that I won't tuin you in. So what aie you smuggling."
"Bicycles," says the young man.
*****
}ouinal of Physical Secuiity 7(2), i-ix (2u14)
viii 0&+, N-8&-3,-$,-% ;'9%<) @G&9% 0,89'$%:
1. If you can't envision secuiity failuies, you can't pievent them.
2. If you aie not failing in testing youi secuiity, you aie not leaining anything.
S. If you automatically think of "cybei" when somebouy says "secuiity", you piobably have pooi physical secuiity %-. pooi cybei secuiity.
4. Nost secuiity uevices can be compiomiseu in as little as 1S seconus. This can be uone at the factoiy, the venuoi, while in tiansit, while sitting on loauing uocks, piioi to installation, anu aftei installation. This is why a soliu chain of custouy is neeueu, staiting iight at the factoiy, anu why secuiity uevices must iegulaily be caiefully examineu inteinally foi tampeiing oi counteifeiting. But you have to know what the uevice is supposeu to look like.
S. A chain of custouy is a <('0+,, foi secuiing impoitant assets in tiansit. It is not a piece of papei (nevei to be examineu) that aibitiaiy people sciibble theii initials oi signatuies on!
6. Nany manufactuieis anu venuois of secuiity uevices have pooi secuiity anu pooi secuiity cultuie at theii facilities.
7. A mechanical tampei switch oi a light uetectoi in a secuiity uevice is about the same thing as having no tampei uetection at all. Noieovei, uuiing the time that the uevice lacks powei (such as uuiing shipment), they pioviue zeio secuiity.
8. If you aien't secuie befoie you ueploy enciyption, you aien't secuie aftei.
9. Enciyption has no meaningful iole to play in checking piouuct authenticity. It is a ieu heiiing.
1u. Ranuom, viitual numeiic tokens aie not the same thing as seiialization foi uetecting counteifeit piouucts. The few companies that use ianuom viitual numeiic tokens usually make a numbei of eiiois in uoing so.
11. Tampei-inuicating seals uo not magically uetect oi stop tampeiing. They take a lot of haiu woik to be effective.
12. Nost oiganizations ignoie oi substantially unueiestimate the insiuei thieat.
1S. If you'ie not making an intense effoit to mitigate the uisgiuntlement of employees, contiactois, customeis, anu venuois, then you aie putting youiself at gieat iisk.
14. If the manufactuiei oi venuoi of a secuiity piouuct can't oi won't tell you the half uozen most likely ways the uevice oi system can be attackeu, you shoulun't buy it.
}ouinal of Physical Secuiity 7(2), i-ix (2u14)
ix 1S. Relatively low tech attacks woik well, even on high-tech secuiity uevices, systems, anu piogiams.
16. If you think that thieats anu vulneiabilities aie the same thing, oi you think that you know all youi vulneiabilities (oi uon't have any), oi you think a vulneiability assessment is a test you can pass, then you uon't unueistanu vulneiabilities, vulneiability assessments, oi youi secuiity.
17. Confiuence in a secuiity piogiam oi secuiity piouuct is almost always wishful thinking. 0i as the olu auage says, "Confiuence is that feeling you sometimes have befoie you ieally unueistanu the situation."
18. If you aie moie woiiieu about compliance than secuiity, you almost ceitainly have pooi secuiity.
19. If people can't question youi secuiity without you (oi youi oiganization) getting upset, you piobably have pooi secuiity.
2u. "0vei-seiiousness is a waining sign foi meuiociity anu buieauciatic thinking. People who aie seiiously committeu to masteiy anu high peifoimance aie secuie enough to lighten up." -- Nichael }. uelb
1 El Taif 0niveisity, Faculty of Science, Physics Bepaitment 2 King Abuulaziz 0niveisity, Faculty of Engineeiing, P.0. Box.8u2u4, }euuah 21S89, Sauui Aiabia, Phone: +uS671u2821, Fax: +269S2648 S Nucleai anu Rauiological Regulatoiy Authoiity, (NRRA) Caiio, Egypt *0n leave fiom NRRA-Egypt
:;31#)41
The main objective of a physical piotection system (PPS) is to pievent iauiological sabotage of the nucleai facility anu theft of nucleai mateiials. This papei uesciibes a pioceuuie foi effective physical piotection of nucleai facilities, as will as physical piotection of nucleai mateiials (NNs) in use, stoiage, anu tianspoit. The pioceuuie involves categoiizing the nucleai facility taigets anu how to piotect them. We then piopose a pieliminaiy plan foi a site visit foi the puipose of evaluating the PPS, anu ensuiing that it is in compliance with the Inteinational Atomic Eneigy Agency (IAEA) stanuaius, the Inteinational Physical Piotection Auvisoiy Seivice (IPPAS) guiuelines, anu also meets the necessaiy conuitions set out in Egyptian iegulations (licensing) of the facility. The implementation of this plan coulu stiengthen physical piotection of Egyptian nucleai facilities.
2 ?@ A(1#,=641&,( National piactices foi what is calleu "physical piotection" of nucleai mateiials vaiy wiuely. Some states have obligateu themselves to apply IAEA iecommenuations foi such piotection, but otheis have only agieeu to give consiueiation to those iecommenuations, oi have maue no commitment at all. Some have auopteu uomestic iegulations with iequiiements as high oi highei than these iecommenuations, but otheis has auopteu lowei stanuaius, incluuing none at all.|1j
Accoiuing to Aiticle III of the Non-Piolifeiation Tieaty (NPT), each non-nucleai weapon state that is paity to the tieaty agiees to accept safeguaius as set foith in an agieement to be negotiateu anu concluueu with the Inteinational Atomic Eneigy Agency (IAEA) in accoiuance with the state's statutes anu safeguaius system. The puipose of such IAEA safeguaius is to veiify the fulfillment of the state's obligations unuei the NPT to pievent uiveision of nucleai eneigy fiom peaceful uses to nucleai weapons oi othei nucleai explosive uevices. As such, IAEA "safeguaius" constitute the most impoitant example of multinational nucleai tieaty monitoiing.
By the IAEA's own uefinition, the IAEA safeguaius system compiises an extensive set of technical measuies by which the IAEA Secietaiiat inuepenuently veiifies the coiiectness anu the completeness of the ueclaiations maue by states about theii nucleai mateiial anu activities. While this uefinition goes a long way in uesciibing the safeguaius piocess fiom the point of view of the IAEA, it fails to uesciibe concisely anu substantively the intentions (anu limitations) of IAEA safeguaius. To auu to the confusion ovei the teim "safeguaius", the 0niteu States goveinment uses the woiu "safeguaius" in a iathei impiecise way, often in combination with "secuiity", to covei a wiue iange of :19%/+*# nucleai non-piolifeiation activities, fiom physical piotection anu containment to accounting foi nucleai mateiial, gioupeu unuei the heauing of "Nateiial Piotection, Contiol & Accounting" (NPC&A). It is not suipiising, theiefoie, that many obseiveis complain that a cleai, concise, anu consistent uefinition foi safeguaius is still missing.|2j
As a iesult, theie may be a iisk not only of mixing the meaning of the uiffeient safeguaius teims, but also of confusing the uistinct goals of each nucleai secuiity measuie implementeu. Theie is a long tiauition of the IAEA using uomestic (usually 0.S.) safeguaius technology anu appioaches with little oi no mouification foi use in IAEA inteinational safeguaius.
Bomestic anu inteinational safeguaiusuespite both being calleu "safeguaius"aie piofounuly uissimilai. Bomestic safeguaius aie piimaiily conceineu with nucleai mateiials piotection, contiol, anu accounting (NPC&A). This incluues piotecting nucleai weapons oi mateiials fiom sabotage, vanualism, teiioiism, espionage, theft, uiveision, oi loss. Inteinational NPT safeguaius, on the othei hanu, aie conceineu with obtaining eviuence that each state that signeu an agieement oi tieaty is inueeu complying with its obligations, ueclaiations, anu piomises. Nost of the "safeguaius" cuiiently unueitaken by the IAEA involve monitoiing unuei the NPT.|2j
}ouinal of Physical Secuiity 7(2), 1-11 (2u14)
S B@ A'9#,.$'$(1 ,+ 564%$)# C$0&3%)1&,( &( 80*91
Egypt staiteu its legal fiamewoik to contiol anu iegulate the peaceful uses of nucleai eneigy with Law No. S9 in the yeai 196u. 0n Su Naich 2u1u, the uoveinment of Egypt issueu a new compiehensive law goveining nucleai anu iauiation ielateu activities (Law No. 7 of 2u1u). This new law aims to establish a legislative fiamewoik foi nucleai installations anu activities in oiuei to piotect inuiviuuals, the enviionment anu piopeity. It iegulates iauiation piotection, nucleai safety, iauioactive waste management, tianspoit of iauioactive mateiial, emeigency piepaieuness anu iesponse, nucleai secuiity, nucleai safeguaius, impoit anu expoit contiols, anu civil liability in the case of nucleai uamage. The law also has the powei to ueal with all activities anu financing mechanisms coveiing the uecommissioning piocess foi the nucleai ieactois.|Sj
Accoiuing to the new Law, all the iauioactive anu nucleai activities aie contiolleu unuei the inuepenuent iegulatoiy bouy, the Nucleai anu Rauiological Regulatoiy Authoiity (NRRA). The NRRA is iesponsible foi issuing licenses anu peimits foi any activity involving iauioactive mateiials, anu foi contiolling anu veiifying that these activities aie peifoimeu within the NRRA iegulations. In oui view, the new law has helpeu Egypt be in compliance with inteinational safety anu secuiity stanuaius.
NRRA Licenses covei the following nucleai activities in Egypt: - Reseaich Reactois (ET-RR-1 & ET-RR-2) A: Reactoi 0peiatoi B: Fuel Fabiication Plant foi ET-RR-2 - Nucleai Powei Plant anu Relateu Activities - Acceleiatois (Cyclotion & Lineai Acceleiatoi) A. Inuustiial Iiiauiatoi - Applications of Rauioisotopes in Inuustiy, Neuicine, Agiicultuie, anu Reseaich - Rauioactive Waste Bisposal Facility anu Tieatment Plant - Tianspoitation of Rauioactive Nateiials.
The Nucleai safeguaius agieements between Egypt anu the IAEA have been concluueu puisuant to NPT. A state system of accounting foi anu contiolling of nucleai mateiial in Egypt has been establisheu unuei the title of "A National System of Nucleai Nateiial Accounting anu Safeguaius (NSNNAS)".
|4j
A physical piotection system (PPS) foi nucleai mateiials (NNs) in nucleai ieseaich ieactoi (NRR) facilities pioviues measuies foi exteinal piotection, auministiative contiol, guaius, entiy anu access contiol, safety, anu piotection foi tianspoit anu peisonnel . |Sj These measuies aie applieu uuiing the opeiation oi the uecommissioning of the facility. Since the opeiatoi is iesponsible foi opeiational safety anu the physical piotection of the nucleai facility, the opeiatoi must ensuie that all nucleai mateiials belonging to it, incluuing waste, is stoieu in specially uesigneu containeis. The opeiatoi is obligeu to establish anu apply an accounting system foi nucleai mateiials, anu to exeicise contiol in accoiuance with the iequiiements laiu uown in the safeguaius agieement. Such accounting is a pait of the physical piotection system.|6j
}ouinal of Physical Secuiity 7(2), 1-11 (2u14)
4 In this stuuy, the physical piotection system (PPS) foi one of the two ueclaieu nucleai facilities in the Anshas zone in Egypt was investigateu. The PPS unuei investigation belongs to the olu Egyptian nucleai ieactoi (ET-RR-1), which was the fiist Egyptian nucleai ieseaich ieactoi (NRR) having a mateiial balance aiea (NBA):ET-A. The ET-RR- 1 is a 2 NW ieseaich ieactoi, tank type, with uistilleu watei as a moueiatoi coolant, anu utilizing a ieflectoi. The nucleai fuel useu in this ieactoi is type EK-1u of Russian fabiication. The fuel ious aie maue of uianium uioxiue uispeiseu in magnesium matiix, eniicheu by 1u% 2SS 0 in the foim of ious clauueu by an Al jacket.|7j
DE F)3&4 G,(4$91 ,+ "2*3&4)% "#,1$41&,(
Accoiuing to the IAEA iecommenuations anu the Egyptian iegulations on the physical piotection of nucleai mateiials, PPS's must ueal with the following issues:
a- Categoiizing of nucleai mateiials b- Beteimining the piotecteu anu contiolleu aieas c- Contiolling the access of peisons anu vehicles u- Nanaging the secuiity of woikeis e- Pioviuing a uata infoimation anu analysis unit
A physical piotection plan is pait of the ievieweu uocumentation necessaiy foi issue of the license given by NRRA. The plan must take in account all iequiiements ielateu to the PPS accoiuing to the specifications of INFCIRC22SRev.4 anu also the IAEA-IPPAS guiuelines, which ueal with categoiization of the nucleai facilities, nucleai mateiials, anu iauioactive waste.|8,9j Because nucleai mateiials (NNs) can be founu in uiffeient physical, moiphological, anu chemical foims, the attiactiveness of these mateiials foi theft oi sabotage uepenus ciucially on theii specific natuie anu piopeities. Thus, the piimaiy factois foi ueteimining the physical piotection measuies against unauthoiizeu iemoval oi sabotage of NNs must be the status anu natuie of the NN itself. Table 1 shows the type of nucleai mateiial as categoiizeu by the IAEA conventions on physical piotection, specifically INFCIRC274iev.1 anu INFCIRC22Siev.S.|1u-12j
;<=< -.,/*#&$ -'1+%#+*12 1) +.% !>>
Since the nucleai mateiials containeu in the two Egyptian nucleai ieseaich ieactois aie classifieu as categoiy II anu III, both ieactois aie piotecteu by uesigneu PPSs involving baiiieis anu innei aieas, uelay components, access contiol, anu assessment systems to uefeat theft oi sabotage attempteu by one oi moie peisons fiom outsiue oi insiue the plants (NC&A). All the equipment anu nucleai mateiials of categoiy II aie locateu in the contiolleu aiea, while the equipment anu nucleai mateiials of categoiy III aie locateu in the piotecteu aiea.
}ouinal of Physical Secuiity 7(2), 1-11 (2u14)
S
Table 1: Categoiization of Nucleai Nateiial. H)1$#&)% 7,#' G)1$0,#* I G)1$0,#* IA
G)1$0,#* IAA
Plutonium 0n-iiiauiateu >2 kg >Suu g <2 kg >1S g <Suu g 0ianium-2SS 0n-iiiauiateu 0ianium eniicheu (E0) to 2u%
2SS 0 >Skg >1 kg <S kg
>1Sg <1 kg
E0 to 1u% but < 2u% 2SS 0 >1u kg >1 kg <1u kg
E0 above natuial, but < 1u% 2SS 0 >1u kg 0ianium-2SS 0n-iiiauiateu >2 kg >Suu g < 2 kg >1S g <Suu g Iiiauiateu Fuel*
uepleteu oi natuial 0, Th, oi low eniicheu fuel > 1u% fissile
JJJJJJJJJ *The categoiization of iiiauiateu fuel in the table is baseu on the inteinational tianspoit consiueiations. The state may assign a uiffeient categoiy foi uomestic use, stoiage, anu tianspoit taking all ielevant factois into account.
The fiist Egyptian Nucleai Reseaich Reactoi (ET-RR-1) has been in opeiation since 1961. Piovisions weie maue foi the facility geogiaphical location, the safety uesign, the access to vital aieas, anu the State's assessment of the thieat. The PPS was upgiaueu anu some new technical components weie intiouuceu, such as a peiimetei baiiiei: a peiipheial fence has been built aiounu the nucleai facility as a seconu baiiiei. The fiist baiiiei is the oiiginal fence of the Nucleai Reseaich Centei (NRC-EAEA), wheie authoiizeu peisonnel aie alloweu to entiy oi exit thiough the main gate.
In auuition to fences, theie aie intiusion sensois, alaims, a lightning system (in oiuei to ensuie functioning of the suiveillance 24 houis a uay), anu entiy contiol (the access of peisonnel to the NRR facility is contiolleu thiough a peisonnel entiyexit poit locateu neai a local secuiity guaiu). Authoiizeu peisonnel aie gianteu entiy to the NRR facility only aftei iegisteiing anu signing in on an iegistiation book. Theie is also viueo suiveillance to monitoi the innei aieas, anu an integiateu alaim system with ultiasonic sensois to uetect the movement of an intiuuei within the inteiioi of a specific innei aiea insiue the NRR facility. The NRR facility fence is pioviueu with a local secuiity contiol centei, guaius, communication equipment, anu is in uiiect contact with the main guaiu anu secuiity centei. Also, the fence has viueo cameias allowing complete visibility of the fence zone.|1Sj }ouinal of Physical Secuiity 7(2), 1-11 (2u14)
6 Foi ET-RR-2, the physical piotection system was installeu anu opeiational in 1997. As with ET-RR-1, the PPS is maintaineu by a technical gioup. The ET-RR-2 facility is monitoieu 24 houis a uay. Also, as pait of the upgiaues, the PPS iesponsible staff anu iegulatoiy bouy staff ieceiveu tiaining in the physical piotection of nucleai mateiials anu facilities. This was uone via the Inteinational Tiaining Couise (ITC) on the Physical Piotection of Nucleai Facilities anu Nateiials, conuucteu at Sanuia National Laboiatoiies in the 0SA unuei the umbiella of IAEA. The couise was fiist offeieu in 1978. The couise focuses on a systems engineeiing peifoimance-baseu appioach to iequiiements, uefinition, uesign, anu evaluation of physical piotection systems. In auuition to pioviuing impoitant infoimation anu expeiience, the couise is helpful in impioving the coopeiation of facility peisonnel. Buiing the fiist 21 piesentations of ITC (the yeais 1987 thiough 2u1u), 2u paiticipants fiom Egypt weie tiaineu.|14j
Ensuiing the physical piotection of NNs uuiing use, stoiage, anu tianspoitation is one of the obligatoiy iequiiements to be met in Egypt in oiuei to get licenseu foi uesign anu opeiation of nucleai facilities. A physical piotection pioceuuie foi inspection anu foi iepoiting must be submitteu. This pioceuuie contains a listing of numeious elements that neeu to be evaluateu in oiuei to impiove the existing PPS anu help to uevise new plans foi the physical piotection iequiiements. The pioceuuie that we iecommenu, which we call oui "check list", ueals mainly with the following:
- Beteimining the possible thieats to the NRR, NNs, anu the fuel manufactuiing pilot plant baseu on Besign Basis Thieat (BBT) analysis.
- Classifying the NRR anu the NNs into inuiviuual categoiies.
- Conuucting safety anu secuiity analyses, taking into consiueiation the national thieat assessment anu assumeu auveisaiy mouel to iuentify aieas that must be piotecteu@
- Iuentifying the piotecteu aieas, innei aieas, anu vital aieas foi the nucleai facility.
- Besciibing the technical equipment useu in the secuiity oi foi the monitoiing of the NRR anu NNs within the PPS.
- Checking the access contiols pioviueu foi the iuentification anu entiy authoiization of all incoming peisonal, mateiials, anu vehicles into the inuiviuual categoiizeu aieas.
- Eiecting baiiieis to pievent the entiy of unauthoiizeu incoming vehicles.
- Establishing the piesence of a contiol ioom insiue the piotecteu aiea wheie the secuiity peisonnel can monitoi the conuition anu status of all PPS equipment. (It is impoitant to mention that the opeiatoi insiue the contiol ioom must have sufficient equipment to communicate with the secuiity peisonnel anu also communicate with exteinal iesponse foices.) }ouinal of Physical Secuiity 7(2), 1-11 (2u14)
7
- Equipping the guaiu foices with sufficient equipment to caiiy out theii task, e.g., communications equipment anu weapons.
- Cieating a piogiam foi measuiing the tiaining anu piacticing of peisonnel in the implementeu physical piotection system.
- Beveloping a piogiam foi testing anu maintaining PPS equipment.
- Bocumenting the quality assuiance foi the uesign anu implementation of the PPS.
- Analyzing the implementation of the physical piotection functions uuiing the opeiation of the nucleai ieactoi anu uuiing theoietical emeigency situations.
- Evaluating PPS test iesults.
- 0puating the PPS plan when the facility is mouifieu.
The objective of the Inteinational Physical Piotection Auvisoiy Seivice (IPPAS) mission to Egypt is to assist anu help the NRR to enhance the physical piotection system anu iegulations foi the nucleai facilities in Egypt. The piouucts of the mission incluue uetaileu technical notes, with iecommenuations, suggestions, anu goou piactices foi upgiauing the PPS system thiough a uiscussion with the competent authoiity (NRRA) anu the opeiatoi's staff at the nucleai ieseaich ieactois. It is impoitant to mention that all uocuments geneiateu befoie, uuiing, anu aftei the mission aie tieateu as /&)%C"&':/ #12)*:%2+*&$ uocuments by the IAEA anu the team membeis accoiuing to the IAEA inteinationally accepteu iecommenuations (INFCIRC22S Rev. 4 (Coii.).|1Sj
It is wiuely believeu that NNs aie most vulneiable to illegal acts anu sabotage uuiing tianspoit. As a consequence, a plan foi the physical piotection of NNs uuiing tianspoitation insiue the facility must be piepaieu by the nucleai facility opeiatoi. (Exteinal tianspoitation involving "tianspoitation outsiue the facility" is beyonu the scope of oui pioposeu plan).
A peimit is neeueu foi any such inteinal tianspoit, anu the plan foi each tianspoitation stage iequiies the following:
- Beteimining the possible thieats to the NRR, NNs, anu the fuel manufactuiing pilot plant baseu on Besign Basis Thieat (BBT) analysis.
- Classifying the NRR anu the NNs into inuiviuual categoiies.
}ouinal of Physical Secuiity 7(2), 1-11 (2u14)
8
- Piepaiing a physical piotection plan. - Establishing a communication anu iepoiting system foi use uuiing tianspoitation. - Locking anu sealing the tianspoit packages. - Piotecting the confiuentiality of the physical piotection infoimation. - Establishing an emeigency iesponse system.|16j - |In the case of inteinational tianspoit, the iesponsibility foi ensuiing PPS is iegulateu by an agieement between the states conceineu.j
K@ L6# "#,9,3$= A(39$41&,(3 "%)(
To evaluate the effectiveness of the PPS plans anu pioceuuies, an inspection plan oiganizeu by the authois was ueviseu. 0ui inspection is aimeu at a moie uetaileu examination anu ueteimination of whethei the PPS elements aie functional anu woiking accoiuing to plan. This check-up of the system woulu iueally be conuucteu at least once a yeai by iepiesentatives of the NRRA, jointly with a facility opeiatoi.
The elements of oui pioposeu inspection incluue:
>1"+*2% 42/0%#+*12: The main aim of this is to assess anu evaluate the conuitions of the PPS, anu also to assess the tiaining anu qualifications of the physical piotection team (anu how they may have changeu fiom the pievious inspection.)|17j This involves a ioutine check anu veiification of the PPS elements. Routine inspection activities aie unueitaken eithei at fixeu time inteivals oi at vaiiable time inteivals in conjunction with specific tasks, e.g., pie-opeiation, nucleai mateiials tianspoit fiom oi to the nucleai facility, etc.|18j
8+*9"$&+*12 1) &2 /%#"'*+, *2#*:%2+: This is an in-seivice inspection of the physical piotection elements anu the facility's capability to uetect, communicate, anu iesponu to an intiuuei's piogiess towaius the taiget in the shoitest possible time. Specific checklists foi each type of piactice inspection help facilitate this ieview. Regaiuless of the type of inspection, the following systems iequiie checking: the exteiioi intiusion uetection system; the entiy contiol system foi peisonnel anu vehicles; the entiy contiol baiiieis (fences, peisonnel gate, vehicle gate, etc.); the inteiioi uetection system; the communication system; anu the manual iesponse of secuiity peisonnel.
D<=< -'101/%: 42/0%#+*12 >%01'+
In oui view, the inspection iepoits shoulu be uone anu submitteu by the nucleai facility opeiatoi uiiectly to the NRRA. The pioposeu inspection iepoit incluuesM
1. Name anu coue of the nucleai facility. 2. Names of inspection team membeis (peisonnel), anu theii iesponsibilities uuiing the inspection. S. Bate anu type of inspection, incluuing weathei conuitions. 4. Classification of the nucleai mateiial. }ouinal of Physical Secuiity 7(2), 1-11 (2u14)
9 S. Resouices useu foi the inspection (peisonnel, time, mateiials, equipment, etc.). 6. The inspection techniques useu (iunning the system, ievision, check anu measuie, veiification, etc.) 7. Inspection finuings anu iecommenuations. 8. Assessment of the physical facilities fiom the viewpoint of physical piotection. 9. Type(s) of analyses useu to evaluate the PPS. 1u. A list of ciucial coiiective actions. 11. A list of possible aieas foi impiovement. 12. The iesponse times foi secuiity guaius. 1S. 0veiall finuings anu test iesults. 14. Recommenuations specific to the facility opeiatoi. 1S. Recommenuations specific to the iegulatoiy oiganization.
G,(4%63&,(3 )(= -$4,''$(=)1&,(3
The nucleai mateiials in Egyptian ieseaich ieactois have been categoiizeu accoiuing to theii fuel amount, type, anu eniichment. This is impoitant infoimation foi both safety anu secuiity planning.
We believe oui pioposeu pieliminaiy inspection plan, which incluues an inspection checklist (Section S.2) anu pioposeu iepoit content (Section 4.1), coulu assist the iegulatoiy oiganization (NRRA) in evaluating the physical piotection systems at nucleai facilities. The plan might also help the NRRA systematically follow up on inspection finuings to ensuie that all aspects of legislation, incluuing the license conuitions, aie fully compliant with national anu inteinational obligations. This appioach can also help the opeiatoi of the nucleai facility impiove facility safety anu secuiity.
When oui inspection checklist was applieu to the stuuieu NRR, we came to the following majoi conclusions:
1) The PPS in the NRR shoulu be mouifieu to incoipoiate new constiuction anu iepaii.
2) It is impoitant to have a sufficient stock of spaie paits of PPS components because most of these spaie paits aie piouuceu abioau anu in the majoiity of cases, cannot be substituteu by local piouucts so as to ensuie uninteiiupteu opeiation of the PPS.
S) The peifoimance of the secuiity iesponse foice to an emeigency situation shoulu be examineu to unueistanu its iesponse time anu ieliability.
:4N(,/%$=0'$(13
We aie giateful to the euitoi anu anonymous ievieweis foi useful suggestions, anu foi assistance with euiting anu ieviewing the English.
}ouinal of Physical Secuiity 7(2), 1-11 (2u14)
1u :4#,(*'3
IAEA The Inteinational Atomic Eneigy Authoiity PPS Physical Piotection System BBT Besign Basis Thieat IPPAS Inteinational Physical Piotection Auvisoiy Seivice NPT The Tieaty on the Non-Piolifeiation of Nucleai Weapons NRR Nucleai Reseaich Reactoi NRRA Nucleai anu Rauiological Regulatoiy Authoiity NRC Nucleai Reseaich Centei NN Nucleai Nateiials E0 Eniicheu 0ianium ET-RR-1 Egyptian Fiist Reseaich Reactoi ET-RR-2 Egyptian seconu Reseaich Reactoi
-$+$#$(4$3 1. ueoige Bunn, Fitiz Steinhauslei, anu Lyuumila Zaitesva, "Stiengthening Nucleai Secuiity Against Teiioiists anu Thieves Thiough Bettei Tiaining", !120'1$*)%'&+*12 >%@*%G (FallWintei 2uu1), http:cns.miis.euunpipufs8Sbunn.puf
2. Rogei u. }ohnston anu Noiten Biemei Naeili, "Inteinational vs. Bomestic Nucleai Safeguaius: The Neeu foi Claiity in the Bebate ovei Effectiveness", E*/&'9&9%2+ E*0$19&#,, issue 69, pp 1-6 (2uuS), http:www.acionym.oig.ukuuuu6969opu1.htm
4. Ismail Bauawy, "The National System of Nucleai Nateiial Contiol, Bevelopments anu Challenges", 8*I+. J12)%'%2#% 12 !"#$%&' 8#*%2#%/ &2: 500$*#&+*12/, Caiio, Egypt, 1S-2u Naich, volume 111 (1996).
S. A. A. Bameu, Wael A. El-uammal, anu I. Bauawy, "A Pioposeu Nucleai Safeguaius System foi A Becommissioneu Nucleai Reseaich Reactoi", 42+%'2&+*12&$ 6*C.+. J12)%'%2#% 12 !"#$%&' 8#*%2#%/ K &00$*#&+*12/, volume II, Caiio, Egypt, 7-12 Febiuaiy (2uu4).
6. S. Kuisels, "Bevelopment of a Legal anu 0iganizational Basis foi Physical Piotection of Nucleai Nateiial anu Nucleai Facilities in Lithuania", 42+%'2&+*12&$ J12)%'%2#% 12 -.,/*#&$ -'1+%#+*12 1) !"#$%&' A&+%'*&$/, vienna, Austiia, 1u-14 Novembei (1997).
7. E.A. Saau, E. N. El Sheibiny, N. Sobhy, anu S. I. Nahmouu, "Spent Fuel Stoiage Expeiience at the ET-RR-1 Reactoi in Egypt", Inteinational Atomic Eneigy Agency, IAEA-TECB0C-786, 6I0%'*%2#% G*+. 80%2+ L"%$ 8+1'&C% &+ >%/%&'#. &2: F%/+ >%&#+1'/, Pioceeuings of an Auvisoiy uioup meeting helu in vienna, Austiia, S-8 }uly (199S). }ouinal of Physical Secuiity 7(2), 1-11 (2u14)
1S. I. Bauawy, "0pgiauing of Physical Piotection of Nucleai Nateiials in an 0lu Nucleai Reseaich Reactoi Facility", IAEA-CN-869, Pioceeuings, Inteinational Confeience helu in Stockholm, Sweuen, 7-11 Nay (2uu1).
14. }ohn C. Nattei, "The Inteinational Tiaining Couise on the Physical Piotection of Nucleai Facilities anu Nateiials", Topical papei, N1"'2&$ 1) !"#$%&' A&+%'*&$/ A&2&C%9%2+, vol. XXXvIII, No.4, p 4-11, (2u1u).
16. B. Kawai, B. Kuiihaia, N. Kajiyoshi, "Physical Piotection of Nucleai Nateiial in }apan", 42+%'2&+*12&$ J12)%'%2#% 12 -.,/*#&$ -'1+%#+*12 1) !"#$%&' A&+%'*&$/, vienna, Austiia, 1u-14 Novembei (1997).
17. A. Stefulova, "Evaluation of Effectiveness of Physical Piotection System at Nucleai Facilities in the Slovak Republic", 42+%'2&+*12&$ J12)%'%2#% 12 8%#"'*+, 1) A&+%'*&$3 A%&/"'%/ +1 -'%@%2+3 42+%'#%0+ &2: >%/012: +1 4$$*#*+ O/%/ 1) !"#$%&' A&+%'*&$ &2: >&:*1&#+*@% 81"'#%/, Stockholm, Sweuen 7-11 Nay 2uu1, IAEA-Cn_86-47, p84-86, (2uu1).
18. N.A. Shiniashin, Regulatoiy inspection of plane of nucleai facilities, piivate communication. }ouinal of Physical Secuiity 7(2), 12-29 (2u14)
12 ! #$%&'&()(*+(, -.+/0*(%0 %1 +2/ -!34 5%6/) Noiichika Teiao* anu Nitsutoshi Suzuki }apan Atomic Eneigy Agency * teiao.noiichikajaea.go.jp !&*+$',+ The piobability of an auveisaiy's inteiiuption, !", in a specific scenaiio can be evaluateu using a calculation coue, EASI. The puipose of this stuuy is to uevise a quantification methou foi !" by consiueiing the influence of unceitainty anu vaiiability. Specifically, we attempt to uevise a new calculation methou foi thiee components of !I: the piobability of uetection, !(B$); the piobability of successful communication to the iesponse foice, !(C$); anu the piobability of the iesponse foice aiiiving piioi to the enu of the auveisaiy's completion of the attack, !(R|A$). In auuition, we uesign a hypothetical nucleai facility anu an auveisaiy attack scenaiio, anu then assess the !" value using oui new methou. We set the peifoimance paiameteis of the facility as tempoiaiy, hypothetical values without a ieal peifoimance test. We attempt to expiess the unceitainty anu vaiiability of each element of the facility using the Nonte Cailo methou.
40+$%67,+(%0 The Septembei 11, 2uu1 attacks incieaseu oui unueistanuing of the impoitance of consiueiing auveisaiial attacks. Aftei a speech in Piague in 2uu9, Piesiuent 0bama hosteu the fiist Nucleai Secuiity Summit (NSS) in 2u1u in Washington B.C. aimeu at global nucleai teiioiism pievention. The seconu NSS was helu in Seoul in 2u12, anu the thiiu will be helu in Bague in 2u14. Regaiuing the physical piotection iegime in }apan, a ielevant ministeiial oiuinance was ieviseu in 2u12 that consiueieu both INFCIRC22SRev.S anu the lessons of the Fukushima Baiichi nucleai powei plant acciuent.|1j Because of heighteneu inteiest in nucleai secuiity, it is useful to establish an evaluation methou to calculate the iisks to a hypothetical nucleai facility.
Nucleai secuiity is founueu on a numbei of issues, but S of the most impoitant aie physical piotection (PP) |2j, illegal tiafficking |2j, anu piotection of iauioisotopes |2j. 0thei issues aie impoitant as well, such as mitigating the insiuei thieat, conuucting effect thieat assessments, pioviuing cybei secuiity, instigating mateiial contiol anu }ouinal of Physical Secuiity 7(2), 12-29 (2u14)
1S accounting (NC&A), optimizing secuiity iesouices, anu pioviuing counteimeasuies to espionage. In this stuuy, we focus on a hypothetical sabotage event in a mouel nucleai facility. We focus paiticulai attention on PP.
The iisk (%) foi PP can be uefineu as % =!&(1-!') (, wheie !& is the piobability of an auveisaiy attacking uuiing a given peiiou, !' is the piobability of PP system effectiveness, anu ( is the consequence value of a secuiity failuie.|Sj The !& value shoulu be expiesseu as the possibility of attack against the taiget facility using the uata of events uuiing the scenaiio, such as sabotage oi the theft. 0ften |4j, the value of !& is set to 1, though this may not be a piuuent choice in actual piactice.
The piobability of system effectiveness is uefineu as !' =!"!), wheie !" is the piobability of the auveisaiy being inteiiupteu, anu !) is the piobability of neutialization.
Now the uiffeience between nucleai secuiity anu nucleai safety is the existence of auveisaiies in nucleai secuiity. Nany types of auveisaiies exist foi ieasons such as politics anu ieligion. vaiious factois affect the auveisaiies' piobability of success, incluuing skills, equipment, knowleuge, anu motivation. It is necessaiy to consiuei the uetaileu chaiacteiistics of auveisaiies inuiviuually in oiuei to accuiately expiess the nucleai secuiity iisk. Beie, we incluue only one type of auveisaiy in oui scenaiios.
In geneial, iisk is ueteimineu using two factois: the magnituue of possible auveise consequences, anu the likelihoou of occuiience of each consequence. Piobabilistic iisk assessment (PRA) uses piobability uistiibutions to chaiacteiize vaiiability oi unceitainty in iisk estimates.|Sj In the nucleai safety fielu, PRA is conuucteu using factois such as the fiequency of an acciuent sequence, the piobability that sensois cease functioning, anu human eiioi.|6j The fiequencies with which an acciuent sequence oi ianuom sensoi eiiois occui aie typically expiesseu using actual measuieu values. Thus, sensoi pioblems oi human eiiois aie well quantifieu in nucleai safety. By contiast, many of the fiequencies anu piobabilities foi nucleai secuiity aie unknown oi cannot be ievealeu foi secuiity ieasons. Theiefoie, PRA foi nucleai secuiity is a moie challenging pioblem.
In this stuuy, we focus on quantifying the value of !". The !" value in a specific scenaiio can be evaluateu using an Estimate of Auveisaiy Sequence Inteiiuption (EASI), a calculation coue uevelopeu by Sanuia National Laboiatoiy (SNL) in the 0niteu }ouinal of Physical Secuiity 7(2), 12-29 (2u14)
14 States.|7j In the EASI mouel, eiiois causeu by unceitainty anu vaiiability aie ignoieu when expiessing the peifoimance of sensois anu communications. The puipose of this stuuy is to uevise a quantification methou foi !" by consiueiing the influence of unceitainty anu vaiiability. In auuition, we seek to uesign a hypothetical nucleai facility as well as an auveisaiy's attack scenaiio, anu then assess the !" value using oui new methou.
8%09/0+(%0') -.:$/**(%0 %1 !4 ;*(0< -!34 We conuuct a iisk assessment of the inteiiuption piobability !I unuei a specific scenaiio using EASI uevelopeu by SNL. EASI is a simple anu easy-to-use methou foi evaluating the peifoimance of a PP system along a specific auveisaiial path anu with specific conuitions of thieat anu system opeiation, anu is a tiauitional tool useu woiluwiue.
A simple calculation uesciibing !I in EASI when an auveisaiy intiuues into a nucleai facility is shown in figuie 1. The left siue of this figuie inuicates the simplifieu uiagiam of an event tiee foi the !I calculation at the * point baiiieis, anu the iight siue inuicates the calculation components of !I. The summation of the calculation components of !I becomes the !I value. The !I value is iepiesenteu |7j by equation (1).
wheie !(B$) is the piobability of a uetection alaim foi the facility equipment, e.g., infiaieu (IR) sensois; !(C$) is the piobability that the facility guaiu successfully unueistanus the alaim conuition using the facility's equipment anu successfully communicates it to the iesponse foice; anu !(R|A$) is the conuitional piobability that, given a iecognizeu alaim, the iesponse foice aiiives piioi to the enu of the auveisaiy's action sequence. In the calculation of !I using the EASI methou, both !(B$) anu !(C$) values aie taken as the evaluateu values without unceitainty anu vaiiability eiiois, anu the !(R|A$) value is calculateu using a noimal uistiibution.
}ouinal of Physical Secuiity 7(2), 12-29 (2u14)
1S
Figuie 1 - Schematic of the EASI methou.
=/> ?7'0+(1(,'+(%0 5/+2%6 1%$ !4 In this stuuy, we uevise a new calculation methou foi the thiee components of !I: !(B$), !(C$), anu !(R|A$). Specifically, we expiess !(B$) anu !(C$) as piobability uistiibutions that incluue eiiois causeu by unceitainty anu vaiiability. 0nceitainty means incompleteness of knowleuge, such as failuie to set conuitions oi wiong opeiation pioceuuies, anu vaiiability means fluctuations in natuie, such as weathei conuitions, enviionmental conuitions, oi piesence of wilu animals. Fuitheimoie, we expiess a new calculation methou of !(R|A$) using a Beinoulli tiial.
8'),7)'+(%0 %1 #@A(B The peifoimance of sensois in a nucleai facility pioviue the value of !(B$) foi the EASI computation, which is useu as the evaluateu value without any eiiois.|7j Theie aie many types of sensois useu in the facility, such as active anu passive IR sensois, miciowave sensois, sonic sensois, vibiation sensois, anu viueo cameias. In this stuuy, we consiuei only IR anu miciowave sensois.
It is possible to expiess the influence of a sensoi's unceitainty anu vaiiability as a piobability uistiibution by examining the statistical false positive eiioi iates (type I eiioi, oi !) anu false negative eiioi iates (type II eiioi, oi "). A giaph of !(B) anu !fa of a hypothetical sensoi against the signal stiength in uB is shown in figuie 2. +,-*(%) inuicates the piobability uensity function (PBF) of a signal plus noise, anu +*(%) inuicates the PBF of noise, iespectively, as a function of signal intensity, %. The thiesholu (.T) sepaiates the sensoi's uetectable iegion anu the unuetectable iegion of }ouinal of Physical Secuiity 7(2), 12-29 (2u14)
16 +,-*(%) anu +*(%). The blue uasheu aiea, 1-", inuicates the !(B) value, anu the oiange uasheu aiea, !, inuicates the !fa value. Beteimining a piopei +,-*(%) can help us calculate the !(B) value.
Fiist, we consiuei +,-*(%) anu +*(%) foi the IR sensois. Theie aie basically two types of IR sensois, active anu passive. Active IR sensois emit infiaieu light anu uetect changes to the ieflecteu oi scatteieu infiaieu light inuicative of intiusion. Passive IR sensois uetect changes to the theimal infiaieu light emitteu by waim bouies, incluuing people. Foi simplicity, we assume that +,-*(%) foi both kinus of IR sensois is the same as +*(%).
Figuie 2 - Piobability uistiibution functions !(B) anu !fa foi a hypothetical sensoi.
ueneially, IR sensois aie easily affecteu by noise anu vaiiability. We assume that theii sensitivity to anomalies is piopoitional to theii vaiiability. Because the iisk evaluation foimula is a multiplicative function, the uistiibution of the iisk that takes only a positive value geneially uses a log-noimal uistiibution. We assume that +,-*(%) obeys a log-noimal uistiibution. If the evaluation values aie usable, a best-fit piobability uistiibution is most useful. The uetection piobability is equal to the uistiibution function of +,-*(%). ! ! !!!" ! ! !! ! ! !!! !!!!!" ! !"# ! !" !!! !!!!!" ! !! !!!!!" ! !" ! ! !"!!!" , (2) wheie .T_$_"% is the thiesholu value anu ,/$_"% anu #,/$_"% aie the mean anu stanuaiu ueviation of the signal-plus-noise peifoimance of the IR sensois, iespectively. Similaily, we assume that +*(%) obeys a log-noimal uistiibution. The false alaim piobability is equal to the uistiibution function of +*(%): }ouinal of Physical Secuiity 7(2), 12-29 (2u14)
17 ! !"!!!!" ! ! ! ! !!! !!!!!" ! !"# ! !" !!! !!!!!" ! !! !!!!!" ! !" ! ! !"!!!" , (S) wheie */$_"% anu #*/$_"% is aie the mean anu stanuaiu ueviation of the noise of the IR sensois, iespectively.
Next, we consiuei +,-*(%) anu +*(%) foi the miciowave sensois. The miciowave sensois typically uetect changes in ieflecteu oi scatteieu miciowaves, incluuing amplituue oi Bopplei fiequency shifts. Niciowaves aie electiomagnetic waves with wavelengths between 1 cm anu 1u cm. The intensity of miciowaves can be weakeneu by iain oi fog; we will assume that the vaiiability of the miciowave sensois is mainly causeu by aii conuitions. Foi miciowave sensois, some conciete statistical mouels of +,-*(%) anu +*(%) have been pioposeu.|8, 9j In this stuuy, we assume that the main souice of backgiounu noise is theimal noise. +,-*(%) obeys a Rice uistiibution |1uj, anu the uetection piobability is equal to the uistiibution function of +,-*(%). ! ! !!! ! ! !! ! ! ! !!!!! ! !"# ! ! ! !! !!!!! ! !! !!!!! ! ! ! ! !!!!! ! ! !!!!! ! ! ! !"!!! !", (4) wheie .T_$_0 is the thiesholu value, #,/$/0 is the stanuaiu ueviation of the signal plus the noise, anu #*/$/0 is the stanuaiu ueviation of the noise of the miciowave sensois. In auuition, "u(1) is a mouifieu Bessel function of the fiist kinu with oiuei zeio. If cluttei becomes uominant in the backgiounu noise, the Rice uistiibution is not useu uue to its laige eiioi; +*(%) obeys a Rayleigh uistiibution in that case. The false alaim piobability is equal to the uistiibution function of +*(%): ! !"!!!! ! ! ! ! ! !!!!! ! !"# ! ! ! ! !!!!! ! ! ! !"!!! !". (S) If the cluttei becomes uominant in the backgiounu noise, a log-noimal uistiibution |8j oi Weibull uistiibution |9j is appiopiiate insteau of a Rayleigh uistiibution.
8'),7)'+(%0 %1 #@8(B In the EASI mouel, the value of !(C$) ignoies eiiois.|7j In oui mouel, two human chaiacteis come into play: a facility guaiu anu a iesponuei fiom the iesponse foice. In this stuuy, two communication piocesses aie consiueieu foi calculating the piobability. The fiist piocess occuis when the guaiu unueistanus the anomalous signal fiom the sensois anu iecognizes the events that occuiieu in the facility. The seconu piocess is when thae guaiu coiiectly communicates infoimation to the iesponuei, who, in tuin, }ouinal of Physical Secuiity 7(2), 12-29 (2u14)
18 compiehenus the complete sequence of events fiom such infoimation. Communication effectiveness is influenceu by unceitainty anu vaiiability because of human eiiois such as failuie to act, feai, inattention, memoiy lapses, anu iule-baseu oi knowleuge baseu mistakes. In contiast, the influence of insiuei thieats such as violations oi sabotage is not consiueieu heie. ueneially, the human eiioi piobability (BEP) is quantifieu using vaiious human ieliability analysis (BRA) methous.|11, 12j In oui mouel, the !(C$) value is expiesseu using a piobability uistiibution that iepiesents human eiiois.
In the fiist communication piocess, the BEP is influenceu by both unceitainty (e.g., the guaiu's conuition anu lack of peiception) anu vaiiability (e.g., bau enviionmental conuitions). We assume that the BEP of the fiist piocess is piopoitional to the uegiee of unceitainty anu vaiiability. Because the log-noimal uistiibution is useu fiequently in safety stuuies as the epistemic uistiibution of failuie iates |1Sj, the BEP is iepiesenteu as a log-noimal uistiibution function. Fuitheimoie, we suppose that the unit of a vaiiable is expiesseu using its eiioi iate, that is, the numbei of eiiois pei commanu. The !(Ctype1_$) value inuicates the communication piobability of the fiist piocess, anu it is expiesseu in equation (6) by ueuucting the BEP fiom the whole. ! ! !"#$!!! ! ! ! ! !!! !!!! ! !"# ! !" !!! !!!! ! !! !!!! ! !" ! !!!! ! , (6) wheie the .21_$ is quantity of unceitainty anu vaiiability, anu 31_$ anu #31_$ aie the mean anu stanuaiu ueviation of the fiist communication piocess, iespectively.
In the seconu communication piocess, the BEP is influenceu by both unceitainty (e.g., the guaiu's oi the iesponuei's conuition anu lack of peiception) anu vaiiability (e.g., bau enviionmental conuitions). We assume that the BEP of the seconu piocess is piopoitional to the quantity of unceitainty anu vaiiability. The BEP is iepiesenteu as a uistiibution function of log-noimal type, as with the fiist communication piocess. The !(Ctype2_$) value inuicates the communication piobability of the seconu piocess anu is expiesseu in equation (7) by ueuucting the BEP fiom the total piobability. ! ! !"#$!!! ! ! ! ! !!! !!!! ! !"# ! !" !!! !!!! ! !! !!!! ! !" ! !!!! ! , (7) wheie the .22_$ is quantity of unceitainty anu vaiiability, anu the 32_$ anu #32_$ aie the mean anu stanuaiu ueviation of the seconu communication piocess, iespectively.
}ouinal of Physical Secuiity 7(2), 12-29 (2u14)
19 Finally, the !(C$) value is calculateu as the piouuct of the !(Ctype1_$) value anu the !(Ctype2_$) value foi each $.
8'),7)'+(%0 %1 #@CD!(B The value of !(R|A$) foi EASI is calculateu using the noimal uistiibution by incluuing both the uelay time of the baiiiei foi the facility anu the aiiival time of the iesponse foice.|7j Appioximately 99.7% of phenomena occui within S sigma foi the noimal uistiibution. Theiefoie, it is cleai whethei the iesponse foice can ieach the auveisaiy in time. Because the actions of the iesponse foice shoulu have consiueiable flexibility, a giauually uecieasing piobability uistiibution, iathei than the noimal uistiibution, neeus to be consiueieu. In this section, !(R|A$) is expiesseu using a uiffeient methou than EASI.
The !(R|A$) value is expiesseu using a Beinoulli tiial, focusing on whethei the iesponse foice can get the situation unuei contiol befoie the auveisaiy finishes the attack. The piobability uistiibution of the Beinoulli tiial is uesciibeu using a binominal anu a Poisson uistiibution. An auveisaiy attack is a majoi pioblem foi nucleai secuiity. The binominal uistiibution is assumeu to occui foi the taiget event multiple times, anu hence, the Poisson uistiibution is moie suitable than the binominal uistiibution foi iepiesenting !(R|A$).
A Poisson uistiibution is a uisciete piobability uistiibution expiesseu in equation (8). ! ! ! ! ! ! ! ! !! !! , (8) wheie 4 is natuial numbei anu $ is a positive constant. In othei woius, a Poisson uistiibution is the piobability that an event that aiises $ times on aveiage occuis 4 times uuiing a given peiiou. In this section, we assume that $$ at the $ th baiiiei is a calculateu value that inuicates the fiequency of the iesponse foice aiiiving in time befoie the auveisaiies obtain theii goal. The $$ value is given in equation (9). ! ! ! !" ! !"# ! , (9) wheie TR$ is the iesiuual time at the $ th baiiiei, anu RFT$ is the iesponse foice's aiiival time at the $ th baiiiei. If $ is gieatei than 1, the iesponse foice can ieach the event on }ouinal of Physical Secuiity 7(2), 12-29 (2u14)
2u time. By subtiacting the piobability when 4 is equal to u fiom the total piobability, 1, the value of !(R|A$) foi each baiiiei is given as: ! ! ! ! ! ! !! !! ! . (1u)
E$(') %1 C(*F !**/**G/0+ We assess the value foi !I in the case of an auveisaiy's attack against a hypothetical nucleai facility using the new quantification methou pioposeu above. An oveiview of the uesigneu hypothetical facility anu the auveisaiy's attempt aie shown in figuie S. The ciicleu numbeis in this figuie inuicate the baiiieis of the facility, anu the uasheu line inuicates the auveisaiy's attempt to sabotage the taiget nucleai mateiial. Sensois in this facility aie assumeu to be IR anu miciowave uetectois. The assumeu uelay values (Belay$) anu iesponse foice time (RFT$) of the baiiiei $ aie shown in table 1. Belay$ means the time that the auveisaiies neeu in oiuei to pass thiough each baiiiei $, anu RFT$ inuicates the time iequiieu foi the iesponse foice to aiiive at the facility in case of an attack.
Figuie S - 0veiview of the uesigneu hypothetical nucleai facility anu auveisaiy's pass.
}ouinal of Physical Secuiity 7(2), 12-29 (2u14)
21 The tempoiaiy peifoimance levels of the sensois, guaius, the auveisaiy, anu the iesponse foice aie given appioximate numeiical values in oiuei to assess the !I value, because we cannot use actual values foi secuiity ieasons. It is necessaiy to consiuei the influence of unceitainty anu vaiiability of !(B$), !(C$), anu !(R|A$). In this stuuy, the unceitainty anu vaiiability of each element of the facility aie expiesseu using a Nonte Cailo methou.
22 Fiist, !(B$) is expiesseu using the Nonte Cailo methou. The !(B$) values aie expiesseu using equation (2) anu equation (4). Foi the IR sensois, the !(B$) values aie calculateu using the .T_$_"%, the ,/$_"%, anu the #,/$_"% values. Foi the miciowave sensois, the !(B$) values aie calculateu using the .T_$_0, the #,/$_0, anu the #*/$_0 values. These values aie set fieely anu shown in table 2 togethei with the calculateu !(B$) values.
If the opeiational peifoimance of the sensois is uiiectly influenceu by eiiois causeu by unceitainty anu vaiiability, a focus on the fluctuations of the vaiiables #,/$_"%, #,/$_0, anu #*/$_0 is waiianteu. We assume that these values aie ianuomly affecteu by unceitainty anu vaiiability, anu that they aie expiesseu using a noimal ianuom numbei. We geneiateu a noimal ianuom numbei using the following two piocesses: A unifoim ianuom numbei sequence between u-1 was geneiateu using the RANB function of Niciosoft Excel anu was then tianslateu into a noimal ianuom numbei, N(u, 1j, using the Box-Nullei tiansfoim.|14j
The tiial iun was iepeateu S,uuu times using a ianuom numbei sequence. The same ianuom numbei sequence was useu foi all baiiieis, $. Foi the IR sensois, the vaiiation of #,/$_"% was assumeu to fluctuate by u.u1 fiom the value set in table 2. Similaily, foi the miciowave sensois, we assumeu that the vaiiation of #,/$_0 anu #*/$_0 fluctuate by u.uuS anu u.u1, iespectively, fiom the values set in table 2. The histogiams of the S,uuu calculateu !(B$) values aie shown in figuie 4 foi eveiy !(B$) value. The uata inteival of the !(B$) values was u.uu1.
Figuie 4 - Piobability uistiibution of !(B$) using S,uuu noimal ianuom numbeis.
Next, !(C$) was expiesseu using the Nonte Cailo methou. The !(C$) values weie calculateu by multiplying equation (6) by equation (7). In the fiist communication }ouinal of Physical Secuiity 7(2), 12-29 (2u14)
2S piocess, the !(Ctype1_$) values aie calculateu fiom the .21_$, 31_$, anu #31_$ values. Similaily, in the seconu communication piocess, the !(Ctype2_$) values aie calculateu using the .22_$, 32_$, anu #32_$ values. These values aie set fieely anu shown in table S, togethei with the calculateu !(Ctype1_$), !(Ctype2_$), anu !(C$) values.
If !(Ctype1_$) anu !(Ctype2_$) aie uiiectly influenceu by eiiois causeu by unceitainty anu vaiiability, a focus on the fluctuations of the vaiiables .21_$ anu .22_$ is waiianteu. We thus assume that these values aie ianuomly affecteu by both unceitainty anu vaiiability. These values weie expiesseu using a noimal ianuom numbei, N(u, 1j. The sequence of the S,uuu noimal ianuom numbeis was geneiateu using the same methou as that of !(B$). A uiffeient ianuom numbei sequence was useu in the !(Ctype1_$) anu !(Ctype2_$) calculation.
The tiial iun was iepeateu S,uuu times using a uiffeient ianuom numbei sequence. The same ianuom numbei sequence, $, was useu foi all baiiieis. We assumeu that the vaiiations of both .21_$, anu .22_$ fluctuate by u.u1 fiom the value set in table S. The histogiams of the S,uuu calculateu !(Ctype1_$) anu !(Ctype2_$) values aie shown in figuie S. The uata inteival of the !(Ctype1_$) anu !(Ctype2_$) values aie u.uu1 anu u.uuuS, iespectively. The histogiams of the S,uuu calculateu !(C$) values aie shown in figuie 6. The uata inteival of the !(C$) values was u.uu1.
}ouinal of Physical Secuiity 7(2), 12-29 (2u14)
24 Finally, !(R|A$) was ueteimineu using the Nonte Cailo methou. The !(R|A$) values come fiom equation (1u) as a function of the vaiiable $$. The $$ values weie calculateu using the TR$ anu RFT$ values, similai to what was uone foi equation (9). The TR$ values can be calculateu fiom the uelay values shown in table 1. The RFT$ values aie also shown in table 1. The stanuaiu ueviation values of TR$ anu $$ can be calculateu using the piopagation of eiiois technique. These values aie shown in table 4 along with the calculateu !(R|A$) values.
If !(R|A$) is influenceu by eiiois causeu by unceitainty anu vaiiability uiiectly, focusing on the fluctuations of the $$ vaiiables is waiianteu. We assume that these values aie affecteu by unceitainty anu vaiiability at ianuom. These values weie expiesseu using a noimal ianuom numbei, N(u, 1j. The sequence of S,uuu noimal ianuom numbeis is geneiateu in the same mannei in !(B$) anu !(C$).
Figuie S - (a) Piobability uistiibution of !(Ctype1_$) using S,uuu noimal ianuom numbeis. (b) Piobability uistiibution of !(Ctype2_$) using S,uuu noimal ianuom numbeis. }ouinal of Physical Secuiity 7(2), 12-29 (2u14)
2S
Figuie 6 - Piobability uistiibution of !(C$) using S,uuu noimal ianuom numbeis.
The tiial iun was iepeateu S,uuu times using the ianuom numbei sequence. The same ianuom numbei sequence was useu foi all baiiieis, $. We assumeu that the vaiiations of $$ fluctuate by the stanuaiu ueviation values set in table 4. The histogiams of the S,uuu calculateu !(R|A$) values aie shown in figuie 7. The uata inteival of the !(R|A$) values is u.u1.
}ouinal of Physical Secuiity 7(2), 12-29 (2u14)
26
Figuie 7 - Piobability uistiibution of !(R|A$) using S,uuu noimal ianuom numbeis.
Finally, values of !I consiueiing unceitainty oi vaiiability can be calculateu using equation (1). The values of !(B$), !(C$), anu !(R|A$) allowing foi unceitainty oi vaiiability aie shown in figuies 4, 6, anu 7, iespectively. By using the S,uuu tempoiaiy uata points of !(B$), !(C$), anu !(R|A$) geneiateu using the Nonte Cailo methou, the S,uuu uata points of the !I weie calculateu. The histogiam of the S,uuu calculateu !I values is shown in figuie 8. The uata inteival of the !I values was u.uuS, anu the mean anu stanuaiu ueviation value of !I weie u.81 anu u.u2, iespectively.
Figuie 8 - Piobability uistiibution of !I calculateu fiom a piobability uistiibution of !(B$), !(C$), anu !(R|A$).
We can assess the piobabilistic !I values using a tempoiaiy value set when an auveisaiy attacks a hypothetical nucleai facility. Because the ianuom numbeis useu in this papei aie inuepenuent of the ieal peifoimance of sensois, guaius, auveisaiy, anu }ouinal of Physical Secuiity 7(2), 12-29 (2u14)
27 iesponse foice, the assessment iesult uoes not ieveal the ieal fluctuations causeu by unceitainty oi vaiiability. If the ianuom numbeis aie iepiesenteu by ieal peifoimance uata, the ieal-woilu !I values can be calculateu.
8%0,)7*(%0* The !" value in a specific scenaiio can be calculateu using a methou such as EASI uevelopeu by SNL in the 0niteu States. In the EASI calculation, eiiois causeu by unceitainty anu vaiiability aie not consiueieu in expiessing the peifoimance of sensois anu communication.
We attempteu to uevise a new calculation methou foi thiee components of !I: !(B$), !(C$), anu !(R|A$). Specifically, the new calculation methou foi !(B$) anu !(C$) is expiesseu as a piobability uistiibution that incluues eiiois causeu by unceitainty anu vaiiability. We assumeu that +,-*(%) obeys a log-noimal uistiibution in the case of IR sensois, anu a Rice uistiibution in the case of miciowave sensois. The !(B$) values aie equal to the uistiibution function of +,-*(%). Noieovei, two communication piocesses aie consiueieu to calculate the !(C$) value. We assumeu that the BEP of these piocesses is iepiesenteu as a long-noimal uistiibution function. The communication piobability foi the fiist anu seconu piocesses, !(Ctype1_$) anu !(Ctype2_$), iespectively, aie expiesseu by ueuucting the BEP fiom the total piobability. In contiast, the new calculation methou of !(R|A$) is expiesseu using a Beinoulli tiial, specifically a Poisson uistiibution. We assumeu that $$ at the $ th baiiiei is the fiequency at which the iesponse foice can aiiive in time befoie the auveisaiies obtain theii goal. By subtiacting the piobability when 4 is equal to u fiom the total piobability, 1, the !(R|A$) value foi each baiiiei is expiesseu as an exponential foim.
We calculateu the !I value using the new quantification methou in the case of an auveisaiy's attack against a hypothetical nucleai facility. The tempoiaiy peifoimance of sensois, guaius, auveisaiy, anu the iesponse foice weie assigneu numeiical values in oiuei to assess the !I value, because ieal values cannot be useu foi secuiity ieasons. The influence of unceitainty anu vaiiability aie expiesseu using a Nonte Cailo methou.
If the sensoi's opeiational peifoimance is uiiectly influenceu by eiiois causeu by unceitainty anu vaiiability, focusing on the fluctuations of the vaiiables #,/$_"%, #,/$_0, anu #*/$_0 in the case of !(B$), that of .21_$ anu .22_$ in the case of !(C$), anu that of $$ in the case of !(R|A$) is waiianteu. We assumeu that these values aie affecteu by unceitainty }ouinal of Physical Secuiity 7(2), 12-29 (2u14)
28 anu vaiiability at ianuom. Theiefoie, we expiesseu these values using a noimal ianuom numbei, N(u, 1j. By using S,uuu tempoiaiy peifoimance uata points of !(B$), !(C$), anu !(R|A$) geneiateu by the Nonte Cailo methou, the S,uuu peifoimance uata points of !I weie calculateu. The mean anu stanuaiu ueviation value of !I weie founu to be u.81 anu u.u2, iespectively.
We can assess the piobabilistic !I value by using a tempoiaiy value set when an auveisaiy attacks a hypothetical nucleai facility. Because the ianuom numbeis of this stuuy aie inuepenuent to the ieal-woilu peifoimance of the sensois, guaius, auveisaiy, anu iesponse foice, the assessment iesult uoes not ieveal the actual fluctuations causeu by unceitainty oi vaiiability. If the ianuom numbeis weie iepiesenteu by ieal peifoimance uata, the ieal !I value can be calculateu.
C/1/$/0,/* 1. The Sasakawa Peace Founuation, 567 2848,6$9: )83;7:< &33$=7*> :*= (<$,$, 0:*:?797*>, pp 6S-8u, (2u12). 2. Kazutomo Iiie, %7=7+$*$*? "*>7<<7;:>$@*,6$A B7>C77* )83;7:< D:+7>EF )83;7:< D738<$>E :*= D:+7?8:<=,, }ouinal of Powei anu Eneigy Systems H(2), 1u9-117, (2u12). S. Naiy Lynn uaicia, '&D" 0@=7;, The Besign anu Evaluation of PBYSICAL PR0TECTI0N SYSTENS 2 nu euition, Butteiwoith-Beinemann, p. 9-1u, (2uu7). 4. Naiy Lynn uaicia, '&D" 0@=7;, The Besign anu Evaluation of PBYSICAL PR0TECTI0N SYSTENS 2 nu euition, Butteiwoith-Beinemann, p. 292, (2uu7). S. 6u FR 42622, G,7 @+ !<@B:B$;$,>$3 %$,4 &,,7,,97*> 07>6@=, $* )83;7:< &3>$H$>$7,I 2$*:; !@;$3E D>:>797*>, Washington, BC, (199S). 6. INSAu-12, Basic Safety Piinciples foi Nucleai Powei Plants, JKL")D&MLN Rev. 1, IAEA, (1999). 7. Naiy Lynn uaicia, '&D" 0@=7;, The Besign anu Evaluation of PBYSICAL PR0TECTI0N SYSTENS 2 nu euition, Butteiwoith-Beinemann, pp S19-S2S, (2uu7). 8. u. R. valenzuela anu N. B. Laing, O* >67 D>:>$,>$3, @+ D7: (;8>>7<F )%P %'!O%5 JNQRS 9. B. A. Shniuman, M7*7<:;$T7= <:=:< 3;8>>7< 9@=7;, IEEE Tians., Aeiospace anu Electionic Systems, IJ(S), 8S7-86S, (1999). 1u. S. 0. Rice, 0:>679:>$3:; &*:;E,$, @+ %:*=@9 )@$,7, Bell System Tech. }., KI, 282-SS2, (1994), anu KL, 46-1S6, (194S). 11. A. B. Swain, & B. E. uuttman, Banubook of Buman Reliability Analysis with Emphasis on Nucleai Powei Plant Applications, (198S). }ouinal of Physical Secuiity 7(2), 12-29 (2u14)
29 12. E. Bollnagel, Cognitive Reliability anu Eiioi Analysis Nethou - CREAN, 0xfoiu: Elseviei Science, (1998). 1S. Nichael Stamatelatos, anu Bomayoon Bezfuli, !<@B:B$;$,>$3 %$,4 &,,7,,97*> !<@37=8<7, M8$=7 +@< )&D& 0:*:?7<, :*= !<:3>$>$@*7<,, 2 nu euition, pp. 6-8 to 6-11, (2u11). 14. u. E. P. Box anu Neivin E. Nullei, & )@>7 @* >67 M7*7<:>$@* @+ %:*=@9 )@<9:; U7H$:>7,, The Annals of Nathematical Statistics, KM(2), 61u-611, (19S8). }ouinal of Physical Secuiity 7(2), Su-41 (2u14)
Su !!" $%&'(&)*+, +- ., /*' 01-*,123 45*,6 !"#$ 7+81' N.C. Echeta 1 , L.A. Bim 2 , 0.B. 0yeyinka 1 , anu A.0. Kuye 1 1. Centie foi Nucleai Eneigy Stuuies, 0niveisity of Poit-Baicouit, P.N.B SS2S, Poit Baicouit, Nigeiia
2. Centie foi Eneigy Reseaich anu Tiaining, Ahmauu Bello 0niveisity, Zaiia, Nigeiia
.95)2&:) This papei attempts to quantitatively analyze the effectiveness of a Physical Piotection System (PPS) uesigneu foi an oil iefineiy using the Estimate of Auveisaiy Sequence Inteiiuption (EASI) mouel. The output fiom the mouel is the Piobability of Inteiiuption (P1) of a potential attack scenaiio along a specific path. The effectiveness of a secuiity system is uepenuent on the value of the Piobability of Inteiiuption. Results obtaineu show that the values of the piobability of inteiiuption of the auveisaiies foi the most likely auveisaiy paths aie veiy low. But by upgiauing the piotection elements, the values of piobability of inteiiuption inciease fiom u to a iange of u.66 to u.89, stiengthening oveiall secuiity.
>,)2+8(:)*+, A Physical Piotection System (PPS) integiates people, pioceuuies, anuoi equipment foi the piotection of assets oi facilities against theft, sabotage, anu othei malevolent human acts. A PPS can be applieu to eithei fixeu oi moving assets. The ultimate objective of a PPS is to pievent the accomplishment of oveit oi coveit malevolent actions. A PPS accomplishes its objectives by eithei ueteiience oi a combination of uetection, uelay, anu iesponse (uaicia, 2uu1). Foi these objectives to be achieveu, the PPS must be evaluateu oi analyzeu to ueteimine its effectiveness. Foi a system to be effective, theie must be awaieness of an attack (uetection) anu the slowing of auveisaiy piogiess to the taigets (uelay), thus allowing a iesponse foice enough time to inteiiupt oi stop the auveisaiy (iesponse).
In the uesign, evaluation, anu selection of secuiity systems, Boyon (1981) piesents a piobabilistic netwoik mouel foi a system consisting of guaius, sensois, anu baiiieis. Be ueteimines analytic iepiesentations foi ueteimining piobabilities of intiuuei appiehension in uiffeient zones between site entiy anu a taiget object. Schneiuei anu uiassie (1989) anu uiassie et al. (199u) piesent a methouology in which counteimeasuies }ouinal of Physical Secuiity 7(2), Su-41 (2u14)
S1 aie uevelopeu in iesponse to asset-specific vulneiabilities. They uiscuss issues ielating to cost-effectiveness tiaueoffs foi inuiviuual counteimeasuies, but fail to give an oveiall secuiity system evaluation scheme. They uo allow foi a "system level impiession of oveiall cost anu effectiveness" cieateu by consiueiing the inteiaction of the selecteu counteimeasuies.
uaicia (2uu1) gives an integiateu appioach to uesigning physical secuiity systems, evaluation anu analysis of piotective systems as well as iisk assessment. A cost- effectiveness appioach is piesenteu, anu the measuie of effectiveness employeu foi a physical piotection system is the piobability of inteiiuption, which is uefineu as "the cumulative piobability of uetection fiom the stait of an auveisaiy path to the point ueteimineu by the time available foi iesponse". Whiteheau et al. (2uu7) suggest that a quantitative analysis is iequiieu foi the piotection of assets with unacceptably high consequence of loss, even if the piobability of an auveisaiy attack is low.
A PPS can be evaluateu foi its effectiveness using available softwaie tools anu techniques. A numbei of softwaie tools aie available foi evaluating the effectiveness of a PPS. These incluue EASI, SNAP, SAvI, anu SAFE.
Besciibing these softwaie tools, Swinule (1979) iefeis to Safeguaiu Netwoik Analysis Pioceuuie (SNAP) as an NRC-sponsoieu methouology uevelopeu by Piiskei anu Associates, Inc., thiough subcontiact to Sanuia National Laboiatoiies, foi evaluating the effectiveness of the physical secuiity measuies of a safeguaius system? Be emphasizes that SNAP employs the netwoik moueling appioach to pioblem solving. uaicia (2uu1) also states that SNAP employs the netwoik moueling appioach to pioblem-solving. It iequiies the analyst to mouel the facility, the guaiu foice, anu the auveisaiy foice. SNAP is highly scenaiio- uepenuent anu uses an assumeu attiibute methou to give a measuie of the PPS effectiveness within a ceitain scenaiio. Foi applications in which foice-on-foice battles aie not expecteu, EASI is the piefeiieu analysis tool.
uaicia (2uu1) opines that the System Analysis of vulneiability to Intiusion (SAvI) mouel pioviues a compiehensive analysis of all auveisaiy paths into a facility. This was uevelopeu in 198u (Sanuia National Laboiatoiies, 1989). 0nce uata on the thieat, taiget, facility, site-specific PPS elements, anu iesponse foice time aie enteieu, the SAvI coue computes anu ianks the ten most vulneiable paths foi up to ten iesponse foice times. This mouel uses the EASI algoiithm to pieuict system peifoimance anu also uses Auveisaiy Sequence Biagiam (ASB) Nouel foi multi-path analysis (}ang et al. 2uu9).
Engi anu Bailan (1981) anu Chapman et al. (1978) uesciibe Safeguaius Automateu Facility Evaluation Nethouology (SAFE) as a Sanuia-uevelopeu, NRC-sponsoieu methouology foi evaluating the effectiveness of the physical secuiity aspects of a safeguaius system. SAFE consists of a collection of functional mouules foi facility iepiesentation, component selection, auveisaiy path analysis, anu effectiveness evaluation. The technique has been implementeu on an inteiactive computei time-shaiing system anu makes use of computei giaphics foi the piocessing anu piesentation of infoimation. }ouinal of Physical Secuiity 7(2), Su-41 (2u14)
S2 Foi the puipose of this woik, Estimate of Auveisaiy Sequence Inteiiuption (EASI) is the piefeiieu analysis tool. This is because the mouel is simple to use, easy to change, anu it quantitatively illustiates the effect of changing physical piotection paiameteis. This papei is focuseu on using EASI foi the evaluation of the effectiveness of the cuiient physical piotection system of an oil iefineiy.
71)@+8+'+63 .A $."> 7+81' EASI is a faiily simple calculation tool uevelopeu by Sanuia National Laboiatoiies, 0SA. It quantitatively illustiates the effect of changing physical piotection paiameteis along a specific path. It uses uetection, uelay, iesponse, anu communication values to compute the piobability of inteiiuption P1. Since EASI is a path-level mouel, it can only analyze one auveisaiy path oi scenaiio at a time. It can also peifoim sensitivity analyses anu analyze physical piotection system inteiactions anu time tiaue-offs along that path.
In this mouel, input paiameteis iepiesenting the physical piotection functions of uetection, uelay, anu iesponse aie iequiieu. Communication likelihoou of the alaim signal is also iequiieu foi the mouel. Betection anu communication inputs aie in foim of piobabilities (PB anu PC iespectively) that each of these total functions will be peifoimeu successfully. Belay anu iesponse inputs aie in foim of mean times (Tuelay anu RFT iespectively) anu stanuaiu ueviation foi each element. All inputs iefei to a specific auveisaiy path (uaicia, 2uu1). The output is P1, the piobability of inteiiupting the auveisaiy befoie any theft oi sabotage occuis. Aftei obtaining the output, any pait of the input uata can be changeu to ueteimine the effect on the output. If theie is one sensoi on the path, this piobability is calculateu as:
P1 = PC PB (1) Wheie, PC is piobability of guaiu communication, anu PB is piobability of sensoi uetection. 0ne of the input paiameteis of this mouel was changeu to suit the ielevant enviionment. This paiametei was the piobability of guaiu communication, PC. Evaluation of many systems uesigneu anu implementeu by Sanuia National Laboiatoiies inuicates that most systems opeiate with a PC of at least u.9S. This numbei can be useu as a woiking value uuiing the analysis of a facility, unless theie is ieason to believe that this assumption is not valiu. If actual testing at a facility yielus a uiffeient PC, this numbei shoulu be useu; if guaiu communication appeais to be less uepenuable, a lowei value can be substituteu in the mouel. Factois that may influence PC incluue lack of tiaining in use of communication equipment, pooi maintenance, ueau spots in iauio communication, oi the stiess expeiienceu uuiing an actual attack. This flexibility allows the analyst to vaiy Pc as neeueu to coiiectly iepiesent the function. Baseu on expeit juugement, the piobability of guaiu }ouinal of Physical Secuiity 7(2), Su-41 (2u14)
SS communication of u.9 was useu as the input value in this woik to fit oui own specific enviionment. This is because the guaiu iesponse foices uo not ieceive auequate tiaining in the use of communication gaugets, anu these gaugets aie not piopeily maintaineu, theieby passing incomplete infoimation oi instituting uelay in uisseminating infoimation. The values of piobability of uetection aie baseu on the availabilitynon-availability of sensoi(s) on the auveisaiy paths. Belay anu iesponse values, in foim of mean times anu stanuaiu ueviation foi each element aie puiely expeit opinion baseu on secuiity guaius' uiills. To use EASI in this woik, we followeu the steps listeu below.
BA C2*)*:&' .551) DE&261)F &,8 "*)1 .55155G1,) The iefineiy complex consists of two iefineiies anu it occupies an aiea of 9uu hectaies. It is bounueu on the south by muuuy vegetation anu sea, anu on the noith, east, anu west by uiy giounu. Theie aie many stieams, cieeks, iesiuential builuings, anu shops neai the complex. These two iefineiies have combineu piocessing capacity of 21u,uuu baiiels of ciuue oil pei uay. This iefineiy complex houses uiffeient assets such as the auministiative anu technical builuings, oil pipelines, iefineu petioleum piouucts stoiage tanks, iefining piocessing units, anu powei plants. 0f all these assets, the most ciitical asset is the 7V km iefineu petioleum piouucts pipelines that iun fiom the insiue of the iefineiy to the jetty wheie ships anu fuel tankeis loauoffloau piouucts foi impoit anu expoit. Some paits of these pipelines iun on top of the giounu, on top of saline watei, anu unueineath iesiuential builuings.
The iefineiy complex is uoubleu fenceu in some aieas while otheis aie singleu-fenceu. The complex has 8 entiance anu exit gates, but only foui majoi gates leau uiiectly into the oil facilities. uate 1 is an entiance gate foi employees anu visitois, gate 2 is foi vehicles enteiing the facility complex, gate S is the exit foi vehicles anu peisons, while gate S leaus to the iestiicteu aiea (which houses the ciuue oil iefining facilities). These gates aie constantly lockeu except when vehicles anu human movements aie iequiieu. The plant layout of the oil facility is shown in figuie 1.
The heights of the conciete anu electiic fences aie ioughly 4-S meteis anu theie aie 2 closeu-ciicuit televisions (CCTvs) at gates 2 anu S. The viueos iecoiueu by these CCTvs aie sent to anu monitoieu by the contiol ioom. Theie aie secuiity opeiatives' posts at the entiance anu exit gates of the iefineiy complex anu at some uistances along the 7V km iefineu petioleum piouucts pipelines. Theie aie no sensois on the fences, gates, oi pipelines. The 7V km pipelines aie paitly exposeu without any exteinal fence piotecting the pait of the pipelines on lanu. Theie is also no fencing oi othei piotective measuies foi the unueigiounu paits of the pipelines, oi the paits in saline watei.
}ouinal of Physical Secuiity 7(2), Su-41 (2u14)
S4 H*6(21 I A E@1 J'&,) '&3+() +- )@1 +*' 21-*,123 <*)@ *)5 G+5) '*K1'3 &8%125&23 J&)@5 &,8 )&261)?
The !"#$%& ()#$# *+,")- foi ciitical assets must consiuei the attiibutes, chaiacteiistics, anu motivations of potential insiuei anuoi exteinal auveisaiies who might attempt to uamage oi seek unauthoiizeu iemoval of iefineu petioleum piouucts, against which the PPS is uesigneu anu evaluateu. This papei is limiteu to attack fiom exteinal auveisaiies because EASI mouel uoes not hanule insiuei attacks. Past hostilities that have occuiieu on the oil pipelines weie all believeu to be fiom the outsiue. Piesently, theie is no iecoiu of inteinal attacks on the oil pipelines. The possibility of an insiuei attack is not being iuleu out completely, howevei.
The most likely auveisaiies of the oil facility aie militants anu local vanuals. 0thei kinus of outsiue auveisaiies iepiesent a lowei piobability of attack. In the past, auveisaiies have attackeu the facility fiom outsiue of the iefineiy complex using equipment such as plasma cutteis, weluing machines, plieis, valves, anu iubbei pipes. Fiom the infoimation gatheieu, they appeaieu to be intent on oil pipeline sabotage anu theft of iefineu petioleum piouucts fiom the pipelines. The auveisaiies aie motivateu by the financial gain fiom the sale of iefineu petioleum piouucts, oi by theii uesiie foi iesouice contiol foi theii communities.
}ouinal of Physical Secuiity 7(2), Su-41 (2u14)
SS CA !+55*9'1 &8%125&23 J&)@5 &,8 &:)*+, 51L(1,:15 The most likely auveisaiy paths to the ciitical asset aie shown in figuie 1. Auveisaiy path 1 is fiom the shop on top of the 7V km oil pipelines. Auveisaiy path 2 iuns fiom the iesiuential builuings to the pipelines. Auveisaiy path S iuns thiough the watei-ways, cieek anu on lanu to the oil pipelines. The possible auveisaiy action sequences coiiesponuing to the paths aie shown in Fig. 2.
!&)@ I !&)@ M
!&)@ N
H*6(21 M A !+55*9'1 &8%125&23 &:)*+, 51L(1,:15? Connect iubbei pipes to the pipelines Penetiate pipelines to inseit valves "#$%& '% ($%)*$+ ,$&('-$./ ,('+.0&1 Penetiate pipelines to inseit valves Connect iubbei pipes to the pipelines Theft of iefineu petioleum piouucts Entei the boat(s) Tiavel thiough the watei ways to cieek(s) Run to the pipelines Penetiate pipelines to inseit valves Connect iubbei pipes to the pipelines Run back to the cieek(s) Theft of iefineu petioleum piouucts Big up the giounu Run to the pipelines }ouinal of Physical Secuiity 7(2), Su-41 (2u14)
S6 015(')5 &,8 O*5:(55*+, B&51'*,1 J&)@5 A computeiizeu EASI mouel was useu to calculate the piobability of inteiiuption (P1) of all the most likely auveisaiy paths using the input values obtaineu fiom the expeits at the iefineiy site. Figuie S shows the iesult of the EASI analysis of auveisaiy path S. The iesults of EASI analyses of auveisaiy paths 1 anu 2 piouuceu the same output as path S.
O1'&35 D"1:+,85F= E&5K O15:2*J)*+, ! DO1)1:)*+,F Q+:&)*+, 71&, ")&,8&28 O1%*&)*+, 1 Entei Boat u B 6 1.8 2 Tiavel to the Cieek u B 48u 144 S Run to Pipelines u B 1u S 4 Penetiate Pipelines u B 6uu 18u S Connect Rubbei Pipes u B 1Su 4S 6 Run back to the Cieek u B 1u S 7 Theft Taiget u B 12u S6
!2+9&9*'*)3 +- >,)122(J)*+,= u.uuu
H*6(21 N A 015(')5 +- $."> &,&'35*5 -+2 &8%125&23 J&)@ N?
The iesults of the EASI analysis of the entiie common auveisaiy paths show the piobability of inteiiuption to be u.uuu. This shows that the auveisaiy cannot be inteiiupteu until the iefineu petioleum piouucts have been stolen fiom the pipelines oi if an acciuent occuis uuiing pipeline vanualism.
!2+J+518R>GJ2+%18 !!" In ie-uesigning the secuiity system at the oil facility, new secuiity measuies anu equipment weie pioposeu to impiove the thiee key functions (uetection, uelay, anu iesponse) of PPS. The suggesteu upgiaues have the ability to achieve uesiieu secuiity piinciples. These incluue uetection eaily in the path anu piioi to uelay; effectiveness of uelay at the asset; the ielationship among uetection, uelay, anu iesponse functions; timely }ouinal of Physical Secuiity 7(2), Su-41 (2u14)
S7 uetection; anu the piinciples of piotection-in-uepth anu balanceu piotection. The upgiaues aie as follows: 0pgiaues foi auveisaiy path 1 A. Bemolition of shops on top of the pipelines, eiecting an exteinal fence with a fence sensoi system, anu ensuiing that builuings aie eiecteu beyonu a manuatoiy uistance of 2S m fiom one siue of the pipelines;
B. Installation of sensois on oil pipelines;
C. Relocation of guaius closei to the pipelines;
B. Enclosing the pipelines in a moie haiueneu case with a stiongei alloy.
0pgiaues foi auveisaiy path 2 A. Eiection of exteinal fence with a fence sensoi system anu ensuiing that builuings aie eiecteu beyonu a manuatoiy uistance of 2S m fiom one siue of the pipelines;
B. Installation of sensois on oil pipelines;
C. Relocation of guaius closei to the pipelines;
B. Enclosing the pipelines in a moie haiueneu case with a stiongei alloy.
0pgiaues foi auveisaiy path S A. Bestiuction of cieeks, anu mounting of seawatei suiveillance equipment;
B. Installation of sensois on oil pipelines;
C. Relocation of guaius closei to the pipelines;
B. Enclosing the pipelines in a moie haiueneu case with a stiongei alloy.
We assigneu values to the piobability of uetection of the pioposeu upgiaues on each auveisaiy path in oiuei to see the effects of these upgiaues on the output, i.e., piobability of inteiiuption. The effects of these upgiaues weie analyzeu using the EASI mouel to show the new values of output, P1. The iesults of some selecteu EASI analysis of the upgiaues on each of the auveisaiy paths 1, 2 anu S aie shown below. The iesult of EASI analysis of upgiaue A on auveisaiy path 1 is shown in figuie 4.
H*6(21 T A 015(') +- $."> &,&'35*5 +- (J62&81 B +, &8%125&23 J&)@ M?
The iesult of EASI analysis of upgiaue C on auveisaiy path S aftei upgiaues A anu B have been caiiieu out is shown in figuie 6. }ouinal of Physical Secuiity 7(2), Su-41 (2u14)
O1'&35 D"1:+,85F= E&5K O15:2*J)*+, ! DO1)1:)*+,F Q+:&)*+, 71&, ")&,8&28 O1%*&)*+, 1 Entei Boat u B 6 1.8 2 Tiavel to the Cieek u.7S B 48u 144 S Run to Pipelines u B 1u S 4 Penetiate Pipelines u.9 B 6uu 18u S Connect Rubbei Pipes u B 1Su 4S 6 Run back to the Cieek u B 1u S 7 Theft Taiget u B 12u S6
!2+9&9*'*)3 +- >,)122(J)*+,= u.84S
H*6(21 U A 015(') +- $."> &,&'35*5 +- (J62&81 C +, &8%125&23 J&)@ N?
Table 1 shows the summaiy of the values of the output, i.e., the piobability of inteiiuption (P1) aftei the all pioposeu secuiity upgiaues have been implementeu.
E&9'1 I A "(GG&23 +- %&'(15 +- !2+9&9*'*)3 +- *,)122(J)*+, D!IF &-)12 !2+J+518 (J62&815?
!&)@5 "(6615)18 4J62&815 !&)@ I !&)@ M !&)@ N A u.789 u.699 u.66u B u.8Su u.768 u.8uS C u.886 u.874 u.84S B u.89u u.877 u.874 }ouinal of Physical Secuiity 7(2), Su-41 (2u14)
4u Fiom table 1 it can be seen that the values of the output (the piobability of inteiiuption) incieaseu aftei each pioposeu upgiaue was applieu to the auveisaiy paths. The table shows that the final value of P1 at the enu of the entiie upgiaue (Suggesteu 0pgiaue B) on each auveisaiy path is appioximately u.9. When the P1's along all paths aie appioximately equal aftei the upgiaues, the physical piotection system is saiu to be "balanceu", i.e., all paths aie equally uifficult foi the auveisaiy to achieve theii goal. Note that balance is achieveu by mixing uetection, uelay, anu iesponse components, anu that theie aie a numbei of possible combinations that will iesult in acceptable system peifoimance. This pioviues the oppoitunity to select combinations that meet cost anu opeiational iequiiements without compiomising system effectiveness.
C+,:'(5*+,5 This woik involveu evaluating the effectiveness of the cuiient physical piotection system foi an oil iefineiy using the Computeiizeu EASI mouel. Results obtaineu fiom the analysis of the most likely auveisaiy paths showeu that the values of piobability of inteiiupting the auveisaiies (P1) weie veiy low. But by upgiauing the physical secuiity systems with ceitain measuies anu equipment, the values of P1 incieaseu significantly, impioving secuiity.
.:K,+<'186G1,)5 The authois aie giateful to the Nigeiia Atomic Eneigy Commission (NAEC) foi sponsoiing this ieseaich woik.
Boyon, L.R., (1981): "Stochastic Noueling of Facility Secuiity-Systems foi analytical solutions," Computeis & Inuustiial Engineeiing, vol. S, no. 2, pp. 127-1S8.
Engi, B. anu Bailan, C.P., (1981): "Biief Auveisaiy Thieat Loss Estimatoi (BATLE) 0sei's uuiue," Sanuia National Laboiatoiies iepoit SANB 78-11S6, N0REuCR-14S2.
uaicia, N.L., (2uu1): "The Besign & Evaluation of Physical Piotection Systems", Butteiwoith-Beinemann, pp. 2S1-2S9.
}ouinal of Physical Secuiity 7(2), Su-41 (2u14)
41 uiassie, R.P., }ohnson, A.}. anu Schneiuei, W.}., (199u): "Counteimeasuies Selection anu Integiation: A uelicate balancing act foi the secuiity uesignei," in Pioceeuings IEEE 199u Inteinational Cainahan Confeience on Secuiity Technology: Ciime Counteimeasuies, Lexington, Kentucky, pp. 116-12S.
Schneiuei, W.} anu uiassie, R.P., (1989): "Counteimeasuies Bevelopment in the Physical Secuiity uesign piocess: An Anti-teiioiist peispective," Pioceeuings of 1989 Inteinational Cainahan Confeience of IEEE on Secuiity Technology, Zuiich, Switzeilanu, pp. 297-Su2.
}ang, S.S., Kwak, S., Yoo, B., Kim, } anu Yoon, W.K., (2uu9); "Bevelopment of a vulneiability Assessment coue foi a Physical Piotection System", }ouinal of Nucleai Engineeiing anu Technology, vol. 41, No. S, pp. 747-7S2.
SAvI, (1989): Systematic Analysis of vulneiability to Intiusion, v1, SANB89-u926, Sanuia National Laboiatoiies, pp. 1-8. Swinule, B.W., (1979): "The 0se of Effectiveness Evaluation in the Besign of a Physical Piotection System foi the Consoliuateu Fuel Repiocessing Piogiam's Bot Expeiimental Facility," 2uth Annual Neeting of the Institute of Nucleai Nateiials Nanagement, Albuqueiaue, NN; Nucleai Nateiials Nanagement vIII, 761, pp. 1-2u.
Whiteheau, B.W., Pottei, C.S anu 0'Connoi, S.L (2uu7): "Nucleai Powei Plant Secuiity Assessment Technical Nanual", SANB2uu7-SS91, Sanuia National Laboiatoiy, pp. 1-6S.
}ouinal of Physical Secuiity 7(2), 42-49 (2u14)
42
"#$%&' () *' +,,#$$ -('./(0 12$.#34 + 5*/*6%&3 )(/ 13*00 78,0#*/ 9*,%0%.%#$ B. Nkom 1 , I.I. Funtua 2 , anu L.A. Bim S
Centie foi Eneigy Reseaich anu Tiaining (CERT), Ahmauu Bello 0niveisity, P. N. B. 1u14, Zaiia, Nigeiia 1 b.nkomieee.oig; 2 iifuntuayahoo.com; S lawienceanikweuimyahoo.com
:; :7<=>"?-<:>7 Since 2u11, lingeiing teiioiist thieats have iequiieu the global nucleai inuustiy to constantly ieaffiim its commitment to ensuiing nucleai secuiity.|1-2j By factoiing in the piesent globalization tienus, nucleai secuiity has evolveu into an issue that positive-thinking inuiviuuals, oiganizations, anu goveinments woiluwiue now iealize conceins anu affects them, uue to the potential foi huge consequences foi eveiyone if a laige scale bieach occuis in any pait of the woilu.|Sj Physical piotection is an integial pait of nucleai secuiity. uuiuance note u1u1 of |4j states the neeu foi a physical piotection system anu points out that a system baseu on a combination of peisonnel, haiuwaie, pioceuuies, anu facility uesign shoulu be establisheu to achieve the uesiieu piotection, beaiing in minu the oveiall safety of the facility. This papei is conceineu with piotection using haiuwaie, specifically electionic haiuwaie. The teim "facility" useu heie may be vieweu in bioau teims to incluue fixeu facilities such as ieactois anu spent fuel iepositoiies, as well as in- tiansit facilities that iefei to special facilities useu in tianspoiting nucleai mateiial, (e.g., tiucks oi iailcais) which aie sometimes not piopeily secuieu.|2j The access contiolanti-intiuuei system uesciibeu in this papei is piimaiily meant to supplement existing fixeu facility piotection, specifically at univeisity-baseu ieseaich ieactois. The teims "asset" anu "thieat" useu heie may also be vieweu in bioau teims. An asset iefeis to anything that is being piotecteu (peisonnel, equipment, nucleai anu non-nucleai mateiial) that aius nucleai secuiity. A thieat iefeis to anything that compiomises the secuiity of a nucleai mateiial oi facility (natuial uisasteis, auveisaiies). This papei is conceineu with the means of piotection against auveisaiies, which incluue piotestois (uemonstiatois, activists, anu extiemists), teiioiists, anu ciiminals fiom outsiue; as well as inteinal employees, iegulai visitois, anu contiactoissupplieis with giuuges, ciiminal tenuencies, oi psychologicaluiug-ielateu issues.|S,18j 0niveisity-baseu ieseaich ieactois aie mostly locateu in faiily uense locations, sometimes insiue campuses, anu thus may be peiceiveu as easy taigets by auveisaiies. A lot of ieactois expeiience a laige influx of stuuents, visitois, anu clients on a uaily basis, which may cause laxity in secuiity piotocols when juxtaposeu with long peiious of absence of secuiity- ielateu inciuences. Long shutuown peiious as a iesult of school calenuais anu national holiuays aie also common. In auuition, most of these ieactois aie useu foi non-piofit, non-commeicial puiposes that offei little financial gains to justify elaboiate physical piotection schemes, giving iise to a high iisk scenaiio.|6j Fuitheimoie, such ieactois that aie locateu in politically unstable, technologically unpiepaieu, anu economically uisauvantageu countiies aie at gieatei iisk uue to lean buugets, financial incentives to engage in ciiminal activities, anu lack of unueistanuing of physical piotection technology.|7j This papei seeks to show that with the auvancement of physical piotection technology in geneial, anu electionics technology in paiticulai, acquiiing electionic physical piotection systems uoes not necessaiily iequiie big buugets. In auuition, we will tiy to show that manageis of such facilities can be actively involveu in the iuuimentaiy uesign piocess in oiuei to tailoi the electionic systems to suit theii inuiviuual ciicumstances, taking national, iegional, anu
}ouinal of Physical Secuiity 7(2), 42-49 (2u14)
4S inteinational iegulations anu auvice into consiueiation. This is actually expecteu in physical piotection consiueiations, as expiessly inuicateu in guiuance note u427 of |4j. The iest of this papei is oiganizeu as follows: Section Two gives an oveiview of a few mouein electionic uevices that function in accoiuance with the piimaiy iequiiements foi physical piotection systems, anu also pioviues a biief uesciiption of miciocontiolleis. Section Thiee mentions a few haiuwaie consiueiations necessaiy foi successful electionic physical piotection system uesign anu outlines the uesign piocess foi the contiol anu uata piocessing centie foi oui system. Section Foui coveis final system implementation anu veiification consiueiations, incluuing a few factois to consiuei when actually caiiying out secuiity system installations. Concluuing statements aie given in Section Five.
::; >@A=@:AB >9 ACA-<=>7:- 5DE1:-+C 5=><A-<:>7 "A@:-A1 An effective physical piotection system shoulu peifoim the following piimaiy functions: Betei, Betect, Assess, Belay, anu Responu.|4j u1uS states that the physical piotection sub-system fiist encounteieu by auveisaiies in any facility shoulu seive as a huge ueteiient by piesenting a uifficult obstacle to penetiate. These obstacles aie usually non-electionic systems such as steel gates, but in iecent times theie have been incieaseu use of electiifieu fences anu aimoieu flooulights as the fiist line of uefense.|8j Attempts to bieach a piotecteu aiea aie to be uetecteu by a physical piotection system, anu this is mostly achieveu by the use of electionic sensois. These aie typically uevices that uetect changes in a physical quantity (heat, motion, vibiation) anu conveit them to electiical signals. These signals aie then maue ieauily available foi inuication anuoi annunciation at the cential alaim station via tiansmission sub-systems. Pioviuing a supplementaiy means of inuication at the point of uetection may also seive as a ueteiient. Notion sensois aie useu in the system uesciibeu in this papei; the type anu specifications cannot be stateu heie as iequiieu by confiuentiality clauses in sections 4.S.1 anu 4.S.2 of |9j, anu u444 anu 44S of |4j. If a fixeu nucleai facility has been well uesigneu, its vital aieas will have a small numbei of entiancesexits, winuows, anu othei vulneiable access points as iecommenueu by u61u of |4j, which will ieuuce the numbei of such uevices to be useu at each point, anu hence lowei costs. Best piactice highly iecommenus that assessment shoulu go hanu in hanu with uetection, so that confiimation of an intiusion may be uone at the cential alaim station when uetection occuis. This is best achieveu by visual means via CCTv systems |8j in conjunction with guaius, as iecommenueu in u1u8 anu u61S of |4j. This is alieauy in auequate use in the facility wheie the access contiolanti-intiuuei system is to be installeu. In oiuei to uelay an auveisaiy, the entiance anu peiimetei to the vital oi innei aiea of the facility shoulu be uifficult to bieach, even by the use of foice, anu this is a function of the facility uesign. uoou access contiol systems shoulu also be capable of contiolling the physical baiiiei at the entianceexit point automatically by pieventing access to the vital aiea until authoiization is gianteu, thus contiibuting to the uelay function. This is mostly achieveu by electiomechanical sub-systems such as uooi stiikes anu iotating uoois. A well-uesigneu physical piotection system shoulu always assume a thieat of sabotage, as stateu in 7.1.1 of |9j anu u1u4 anu u11u of |4j, thus a iapiu human inteivention to an intiusion may be achieveu by the access contiolanti-intiuuei system's ability to iesponu quickly anu effectively by piomptly aleiting iesponse teams thiough communications sub-systems, by the use of auial anu visual alaim inuicatois such as siiens anu stiobes. Auuitional iesponse measuies such as initiating a lock-uown by electiomechanical means may also be caiiieu out by the system. Assuming categoiy I nucleai mateiial as classifieu in |9j, in the case of piotection against iemoval of nucleai mateiial, oi piotection against sabotage of nucleai powei ieactois, access to the piotecteu aiea will be only by positive iuentification thiough photo bauge IB's. Since a moie stiingent anu ieliable access contiol measuie is iequiieu foi the vital aiea, electionic access contiol systems that use one oi moie means of iuentification aie iecommenueu, as stateu in 6.2.2 anu 7.2.S of |9j, anu u6u1 of |4j. At system uesign stage, these means of iuentification come as electionic uevice mouules that aie auueu unto a contiol anu powei sub-system to make them functional. A few of such iuentification mouules aie numeiic keypau mouules, biometiic fingeipiint mouules, anu biometiic iiis mouules. RFIB is the iuentification scheme foi the system uesciibeu in this papei. Bue to its wiue availability anu susceptibility foi spoofing anu counteifeiting, infiaieu uetectois anu pioximity switches weie also incoipoiateu in the implementation as extia bieach uetection baiiieis. Placing a combination of the uevices uesciibeu above in a physical piotection system, baseu on piimaiy function anu piinciples of opeiation, is necessaiy to obtain an acceptable level of piotection. Thus, a way to cooiuinate the functions of all these uevices is neeueu. Tiauitionally, pie-manufactuieu off- the-shelf alaim contiol panels, typically costing between $8u anu $S6u, uepenuing on level of sophistication, iobustness, anu communications technology employeu, aie useu.|1uj The access contiolanti-intiuuei system uesciibeu in this papei uses a miciocontiollei chip to achieve the cooiuination function. These, togethei with theii piogiamming kits, typically cost between $S anu $24u |11j uepenuing on manufactuiei, numbei anu type of on-boaiu mouules, anu semiconuuctoi technology useu. Choosing anu
}ouinal of Physical Secuiity 7(2), 42-49 (2u14)
44 using a suitable one sensibly will uiastically ieuuce the cost associateu with the contiol function. The miciocontiollei is a hanuy uevice that continues to gain populaiity amongst electionic systems uevelopeis. It is a computei on a chip that emphasizes self-sufficiency anu cost effectiveness; anu as the name implies, it is optimizeu foi contiolling othei uevicescomponents via on-boaiu mouules such as ABC's, counteis, CCP's, analog compaiatois, anu communications. In iecent times, miciocontiolleis have become vital components in viitually all electiicalelectionic equipment anu systems, such as home enteitainment systems anu venuing machines; wheie they aie useu in contiolling the functions of these equipment, anu in piocessing anu tiansfeiiing uata into anu out of exteinal units connecteu to them . |12-14j Electionic access contiol systems aie ceitainly not left out. Niciocontiolleis have the auvantage of being softwaie configuiable anu softwaie uiiven, thus a caiefully uesigneu piogiam will ieuuce the neeu foi exteinal suppoit chips such as uigital clockcalenuais, theieby offeiing a low component count. They offei a high level of veisatility in uesign since changing a uesign paiametei mostly just iequiies changing an aspect of the piogiam. This is vital foi physical piotection systems, wheie conuitions aie highly uynamic. Also, a miciocontiollei may be uiiectly inteifaceu with a suitable uisplay, theieby pioviuing a means of cieating a menu-baseu usei inteiface foi the system; which will make it moie usei-fiienuly. veiy impoitantly also, a miciocontiollei can be inteifaceu with a PC foi the puipose of uata tiansfei, which is vital foi any access contiol system. No less impoitantly, a typical miciocontiollei is a small-sizeu, lightweight, low-powei uevice, theieby offeiing the auvantage of a small, eneigy-efficient contiol panel. In auuition, theie aie vaiious oppoitunities pioviueu by the uevelopment platfoims of these miciocontiolleis to simulate, uebug, emulate, anu geneially tioubleshoot youi application even befoie the miciocontiollei is piogiammeu. This is obviously a time saving tool. The uevelopment platfoims themselves aie ueployeu on iegulai PC systems, theieby pioviuing the most impoitant auvantage of executing piojects completely in-house. The choice of which miciocontiollei to use is influenceu by populaiity of the geneial family anu paiticulai uevice, suitability foi intenueu application as iegaius numbei of inputoutput poits anu on-boaiu peiipheials, availability in locality, cost, uevice aichitectuie, anu the uevice manufactuiei, which also has a beaiing on its ease of use.|1Sj By taking these factois into consiueiation, we naiioweu uown to the PIC18F4SSu miciocontiollei fiom Niciochip <F . This is a 4u-pin 16-bit nanoWatt uevice with S2 kilobytes of self-piogiammable flash piogiam memoiy, 2S6 bytes of flash EEPR0N memoiy, S4 inputoutput pins with inuiviuual uiiection contiol, foui 16-bit timeicountei peiipheials, 0SBE0SARTI 2 C communications, 12 inteiiupt souices incluuing inteiiupt on poit change foi RB<4:7>, multiple selectable oscillatoi peiipheials, foui auuiessing moues, 8-level ueep haiuwaie stack, anu a laige geneial puipose iegistei pool. It employs an auvanceu Baivaiu RISC aichitectuie, featuiing 76 single-woiu instiuctions foi wiiting assembly coue foi 18xxx uevices. It iequiies 2 to S v BC anu consumes less than 2uu A unuei any conuition, with coie speeus of zeio to 2u NBz valiu foi opeiation.|19j
:::; 1E1<AF "A1:G7 ->71:"A=+<:>71 System Besign iefeis to the piocess of planning a system so that it functions in accoiuance with a pieueteimineu concept. This concept will only be successfully actualizeu by consiueiing numeious factois (page 2, paiagiaph 4 of |1Sj), some of which aie uesciibeu below: !" $%&'&()*'+,)+(, -. /%0,+(&1 /'-)*()+-2 30,)*4,5 These aie outlineu in u 112 to u118 of |4j, the ones that concein us most aie: 1. Befense in Bepth: This iefeis to the piactice of placing multiple levels of piotection sub- systems in sequence along all the piobable paths that auveisaiies will follow in the facility to get to the asset. As pieviously mentioneu, the access contiolanti-intiuuei system uesciibeu in this papei is to seive as a sub- system in an alieauy existing physical piotection system, so it helps the laigei system to achieve this iequiiement. Bowevei, uefense in uepth can be incoipoiateu into the sub- system itself, as will be shown subsequently. 2. Ninimum Consequence of Component Failuie: This iefeis to the iequiiement that the entiie physical piotection system at the facility shoulu not fail as a iesult of the failuie of a component oi sub-system. Neasuies will be taken to ensuie that the failuie of the system uesciibeu in this papei will not ciipple the entiie physical piotection system at a facility by making it entiiely inuepenuent so that it can seive as a ieuunuant system. Bowevei, it will be shown that a goou choice of haiuwaie components anu uesign concepts foi the access contiolanti-intiuuei system can ieuuce the ouus of total failuie going unnoticeu. S. Balance with 0thei Consiueiations: An oveiall balance must be achieveu between the physical piotection system anu othei consiueiations such as safety of peisonnel at the facility, cost of the system, anu stiuctuial integiity of the facility itself. These thiee factois in paiticulai have been positively auuiesseu in the piocess of uesigning the system. 6" 782()+-2&1 $-2.-'4+)05 A physical piotection system must be uesigneu with basic functional logic so that it is effective, efficient, anu easy to use but not necessaiily easy to
}ouinal of Physical Secuiity 7(2), 42-49 (2u14)
4S figuie out. In the case of electionic systems, the functions of the usei inteifaces shoulu be stiaightfoiwaiu, to ieuuce any confusion peitaining to the opeiation of the system anu thus instill confiuence in it. Bowevei, the paiticulai mannei in which the sensois anu actuatois inteiact with the contiol system shoulu be kept confiuential. The entiie system shoulu be as eneigy-efficient as possible, because it shoulu be able to function foi a ieasonable length of time on batteiy powei, in case the mains supply is unavailable foi any ieason. All the components that make up the system shoulu be easy to tioubleshoot anu maintain, so as to ieuuce uown time in case of bieakuowns. 9" :812*'&;+1+)0 &,,*,,4*2),5 All physical piotection systems must be subjecteu to vulneiability tests, to juuge how effective they will be in waiuing off attacks fiom auveisaiies. Some of the types of attacks that shoulu be consiueieu when uesigning such systems aie as follows.|16j 1. False Alaiming: This iefeis to the situation wheie the auveisaiy inuuces ianuom, multiple false alaims in a system in oiuei to unueimine its usefulness anu the confiuence placeu in it. 2. Fault analysis: This iefeis to the situation wheie an auveisaiy, mostly with technically savvy, makes a system function in an abnoimal mannei by alteiing its opeiational paiameteis, in oiuei to obtain useful infoimation that can be exploiteu. An example is changing the ambient tempeiatuie aiounu a sensoi. S. "Poke the System": This iefeis to the situation wheie an auveisaiy piobes the system without tampeiing with it anu obseives its iesponses, in oiuei to obtain useful infoimation. An example is taking note of how neai one can get to a motion sensoi befoie it uetects a piesence. <" 7-'4, -. =>?*',&'+*,5 A few examples of auveisaiies weie given in the intiouuction, but the point of inteiest heie is the fact that auveisaiies can come fiom within the facility oiganization itself, oi at least be aiueu by people within it. Thus a physical piotection system shoulu be uesigneu with the possibility that a legitimate membei of the facility may become an auveisaiy at any time. |16-18j 0ui concept in this case is an electionics system that will caiiy out the following geneial functions: 1. Sense the movement of an animate object alieauy in a piotecteu aiea towaius possible access points to a vital aiea such as entiancesexits, uucts, anu winuows, anu ielay this infoimation to the cential alaim station, i.e., Betect. This will be achieveu by using motion uetectois. 2. Sense the piolongeu piesence of an animate object in close pioximity to an access point to the vital aiea, anu set off a soft alaim capable of being heaiu at that point, i.e., Betei. This will be achieveu by enabling a false alaim time peiiou once an animate object is uetecteu, uuiing which a mini piezo-electiic sounuei is activateu. S. Nonitoi all possible access points to the vital aiea, incluuing uesignateu entiancesexits, to ueteimine when an intiusion occuis oi is attempteu, anu set off a geneial alaim. This will be achieveu by the use of vibiationultiasonic tiansuuceis to uetect attempteu foiceu entiy, non-magnetic pioximity switches to ueteimine uooi position foi likely intiusion, high-intensity siiens to pioviue a geneial alaim, anu Etheinet communications to ielay the situation to the cential alaim station. 4. Nonitoi uesignateu entiancesexits to authoiize unhinueieu access to peisons beaiing valiu RFIB tags, anu to keep iecoius of instances of entiances anu exits foi iefeience anu analysis puiposes. The uesiieu system functions stateu above seiveu as the main guiuelines in cieating a flowchait, which completely uesciibes the functions of the access contiolanti-intiuuei system in ielation to the sensois anu actuatois to be useu in the system. This is shown in figuie 1. It seives as the basis of the fiimwaie to be implementeu in oui miciocontiollei of choice, which was uevelopeu by tianslating the stiuctuie, instiuctions, anu vaiiables specifieu in the flowchait into a computei piogiam wiitten in Niciochip NPLAB assembly language to influence uesignateu outputs in iesponse to signals fiom uesignateu inputs, on-boaiu peiipheials, anu changes in inteinal iegisteis. The pieuominant ieasons foi choosing the PIC 18F4SSu miciocontiollei weie its piogiam memoiy space, on- boaiu peiipheial uevices, anu numbei of inputoutput pins; howevei, this was uone aftei some pieliminaiy uesign consiueiations. The fiimwaie uevelopment piocess actually staiteu with the iuentification anu piocuiement of a motion uetectoi, a vibiation uetectoi, an Avago BCNS 297S seiial input 8-chaiactei uot- matiix LEB uisplay |22j, anu an RFIB mouule. The best fiimwaie ioutines neeueu to iun these uevices hau to be fiist establisheu by initially woiking with each of them sepaiately, befoie integiating the ioutines in the fiimwaie. The Niciochip NPLAB Integiateu Bevelopment Enviionment veision 7.S2 was useu to uesign, uebug, anu simulate the fiimwaie, anu theieaftei inseit it into the PIC 18F4SSu miciocontiollei via a PICStait Plus Bevice piogiammei in oiuei to make it a functional piece of haiuwaie, which is specifically the contiol anu uata piocessing centei foi all the uevices that constitute the access contiolanti-intiuuei system. A stuuy of the miciocontiollei's uata sheet will show that its peiipheial iesouices aie moie than auequate to suppoit a fully confoimal implementation of the system flowchait.|19j To ensuie a low component count foi
}ouinal of Physical Secuiity 7(2), 42-49 (2u14)
46 the system, the fiimwaie was uevelopeu to also iun a clockcalenuai ioutine in concoiuance with the multiple functions uesiieu of the access contiolanti- intiuuei system, which placeu laige constiaints on loop timing in oiuei to ensuie accuiacy. This was effectively iesolveu by using flags foi all uesiieu actions, with the actions actually being manageu within the main fiimwaie loop containing the clockcalenuai ioutine. Auuitional flags may in tuin be geneiateu within the main loop to influence actions within the inteiiupt seivice ioutine. It can be obseiveu fiom the flowchait that a ieasonable level of uefense in uepth has been achieveu by the piovision of ioutines foi motion uetectois anu vibiationpioximity sensois in the fiimwaie. Connecting anu mounting these uevices coiiectly will inciease the ouus that auveisaiies will have to uefeat the piotection pioviueu by them in sequence, staiting with the uetection of motion towaius an access point, followeu by the uetection of attempteu foiceu entiy, anu then the foiceu entiy. The uetection of motion itself tiiggeis a soft alaim at the point of uetection as well as at the cential alaim station (CAS) to seive as a ueteiient to the auveisaiies by inuicating that theii piesence at that location has been obseiveu. Since at this time the auveisaiies aie not yet at the access point, a visual confiimation of the piesence of auveisaiies will allow the iesponse teams ample time to take action, hopefully befoie any significant uamage is uone. Auuitional uefense in uepth has been maue available by the inclusion of a ioutine foi an electiic uooi stiike, lock, iotating bai oi uooi, which will noimally pievent access to the vital aiea until authoiization is gianteu via the RFIB mouule. The access contiolanti-intiuuei system, even if useu without ieuunuancy, will have low consequence of component failuie because piovision has been maue foi iegulai tiansmission of the status of the system to the CAS via state of health (S0B) uata, which will incluue uata about the powei situation of the system. In auuition, all uevices connecteu to the system pioviue a uefinite electiical signal when opeiational, thus the absence of such signals will be inteipieteu by the system as an alaim conuition. Piovisions foi minimizing the impact of false alaims have also been pioviueu in the flowchait. The CAS is aleiteu when motion uetection occuis in oiuei foi an assessment of the situation to be maue. Even when vibiation uetection occuis, the geneial alaim, which may consist of a numbei of actuatois (stiobes, siiens) is activateu inteimittently in accoiuance with the uetectoisensoi signal. A pieueteimineu numbei of "false" alaims within a fixeu time peiiou will be inteipieteu by the system as a "poke" anu thus the geneial alaim will be fully activateu. This time peiiou shoulu be auequate foi guaius to caiiy out a thoiough investigation of the situation to asceitain if auveisaiies may be iesponsible foi it. Bata peitaining to loginlogout attempts, whethei successful oi not, aie ielayeu to the CAS foi iefeience anu analysis puiposes. This may aiu in iuentifying potential insiuei thieats in a timely mannei.
:@; 1E1<AF :F5CAFA7<+<:>7 ->71:"A=+<:>71 System Implementation iefeis to actual constiuction, veiification, installation, anu commissioning of the system. The constiuction of the system iequiieu the consiueiation of a numbei of issues in geneial haiuwaie uesign anu implementation that weie necessaiy to ensuie functional haimony between the piogiammeu miciocontiollei anu all othei haiuwaie components specifieu foi the uata loggei on integiation; fiist on a bieauboaiu foi haiuwaie tioubleshooting puiposes, anu then onto a PCB. A few of these consiueiations, in tuin, iequiieu the use of auuitional haiuwaie components, foi oveiall system effectiveness anu efficiency. Even though we opteu to use one of the available inteinal oscillatoi speeus foi the miciocontiollei, we chose to also use the ciystal clock option with a speeu of S2.768 KBz foi the timei 1 mouule, which was configuieu to iun as a ieal-time clock foi oui clockcalenuai ioutine. This necessitateu the auuition of a ciystal of like specification anu two Su picoFaiau ceiamic capacitois necessaiy to foim a ciystal oscillatoi, to oui haiuwaie. We also opteu foi noimally open, spiing-loaueu PCB button switches as oui usei input inteifaces foi exit iequest by iegulai useis anu menu-baseu system opeiation foi the auministiatoi of the system. To avoiu inteifeience fiom electiical noise uue to floating inputs at noimally open switch contacts, a simple buffeiing aiiangement using TTL inveitei gates was useu. This calleu foi the auuition of a 74Lu4 IC to oui haiuwaie.|2uj A batteiy backeu-up powei souice was ueemeu an iueal choice foi the uata loggei because the miciocontiollei's volatile memoiy, in the foim of its geneial puipose iegisteis, is useu foi keeping all timing counts. In auuition, the access contiolanti-intiuuei functions must withstanu fault analysis attacks fiom auveisaiies, anu uisiupting powei to a facility falls unuei this categoiy; thus, the miciocontiollei must be kept poweieu when the system is in use. This necessitateu the acquisition of a switch-moue batteiy- backeu powei supply mouule costing $124. Bowevei, a tiansfoimei powei supply with similai specifications may be built foi fai less. The only components vital to the contiol anu uata piocessing function of the access contiolanti-intiuuei system aie the miciocontiollei anu RFIB mouule. This is uesiiable because a low component count impioves the systems ieliability anu eneigy-efficiency, anu keeps the complexity of the system, anu hence its maintenance costs, low; which in tuin will ensuie that the system stays in faiily iegulai seivice. The access contiolanti-intiuuei system went
}ouinal of Physical Secuiity 7(2), 42-49 (2u14)
47 thiough some basic tests foi functionality, uuiability, powei consumption, anu safety. Powei consumption was founu to be S8 mA while iunning. Beat uissipation was baiely noticeable, thus no heat sink anuoi fan is iequiieu foi the system; howevei, vent slots aie necessaiy in any casing consiueieu foi the system if a tiansfoimei powei supply is useu, to ensuie it is auequately cooleu by aii convection. At this stage, the uata loggei was consiueieu to be veiifieu.|1Sj The installation anu commissioning of any physical piotection system is subject to iatification anu appioval by the iegulatoiy bouy of the state in question (4.2.4.2. of |9j anu u424 of |4j, thus the access contiolanti-intiuuei system uesciibeu in this papei has not yet been installeu. Bowevei, a few factois to consiuei when caiiying out an installation of this kinu aie |21j: 1. Integiation with existing system: In oui case, the system was uesigneu to be inuepenuent of any existing access contiolanti-intiuuei system anu thus iequiies no extensive integiation with existing systems at the facility wheie it is to be installeu, save foi powei souices. Stiuctuially the system's contiol unit is iathei small to constitute much of a pioblem. Bowevei, safety analysis, especially in ielation to emeigency pioceuuies will be caiiieu out in uue couise. 2. Location of system uevices: In oui case, the system is meant to be installeu at a pie- existing facility as a ieuunuant electionic physical piotection system, anu thus the final positions of all uevices that make up the system will be easy to locate since the vital aiea, piotecteu aiea, anu possible access points aie alieauy known. The unit housing the miciocontiollei anu RFIB mouule, anu batteiy backeu-up powei supply shoulu natuially be installeu in the vital aiea (u 6u1 of |4j). S. Secuiity of Installation: Paits of the system that will be locateu outsiue the vital aiea such as the motion uetectois, RFIB antenna, anu the tiansmission sub-system in oui case, neeu to be piotecteu. In-wall conuuits oi aimoieu suiface tiunking aie necessaiy foi cables, with uummy cables auueu as fuithei piecaution (6.2.16 anu 7.2.16 of |9j). 4. Inclusion of uummy uevices: It is a goou secuiity system installation piactice to install a numbei of uummy uevices togethei with the actual ones, as a iuse to intiuueis.
@; ->7-C?1:>7 The uesign, implementation, anu use of any physical piotection system oi sub-system involve piocesses that auuiess the question of how to effectively piotect assets fiom thieats. This is highly multiuimensional anu thus makes physical piotection a bit uifficult because, while an auveisaiy only neeus to finu anu exploit one vulneiability in a physical piotection system to succeeu, uesigneis of such systems must iuentify, unueistanu, anu factoi-in all possible vulneiabilities. Also, auveisaiies mostly neeu to attack fiom just one point, while secuiity manageis must piotect entiie facilities. Anothei seiious challenge foi physical secuiity is the fact that success is equateu with non-inciuences, which uoes not peimit effective costbenefit analysis anu often iesults in inauequate iesouices being allocateu. Thus, secuiity buugets uecay ovei time as long as theie aie no inciuences, theieby affecting the secuiity level, mostly uue to ieuuceu quality anu quantity of paiu secuiity peisonnel anu lack of upgiaues to systems to keep up with technological auvancements. Peisonnel factois also contiibute a lot to geneial secuiity, thus it is not auvisable to iely solely on guaius to piotect access points that aie meiely lockeu.|16j Since no two facilities aie the same, in oiuei to piopeily uesign an effective physical piotection system, uesigneis anu manageis must woik closely togethei, anu this is easiest when the uesigneis aie an integial pait of the facility, paiticulaily its engineeiing wing. Thus, the main objective of this papei is to piomote the methou of system uevelopment suggesteu heiein, which may be useu in acquiiing an effective electionic physical piotection system of a ieasonable level of sophistication foi oiganizations that aie hampeieu by low buugets.|1Sj The miciocontiollei, uisplay, RFIB mouule anu tags, motion uetectoi, vibiation sensoi, anu all sunuiy items auueu subsequently, cost a total of $22u (powei supply excluueu). Laboi time was appioximately 1SS man-houis. Theie may exist pie- manufactuieu access contiolanti-intiuuei systems that cost less, but a high level of customization is inheient in uesigning anu implementing in-house, which offeis bettei contiol of all ciicumstances that may aiise subsequently. This methou is highly iecommenueu, especially in cieating electionic physical piotection system ieuunuancy. The two main constiaints iuentifieu aie the ieauy availability of embeuueu system haiuwaie piogiammeis within the facility, anu the availability of the uevelopment kits to effect the uesigns; howevei, making these available wheie they may be lacking is an investment in the engineeiing capabilities anu infiastiuctuie of that facility, anu is highly encouiageu.
}ouinal of Physical Secuiity 7(2), 42-49 (2u14)
48 Start 1. Initialize Device 2. Initialize I/O ports 3. Testrun 4. Clear timer register 1 minute elapsed? 1. Clear timer register 2. Send SOH data to CAS 3. Increment clock/ calendar No Interrupt encountered? No 1. Process flags 2. Place Device in sleep mode with timer running RFID? Exit Button? Vibration sensors? Motion detector? Determine Zone 1. Set flag bit for motion 2. Start false alarm timer for zone 3. Send status to CAS Enable soft alarm for zone False alarm period up? Detector still active? Enable general alarm intermittently Increment false trigger counter False trigger counter=03h? 1. Set flag bit for possible system fault 2. Send status to CAS Poke counter=0? 1. Enable general alarm continuously for fixed period 2. Send status to CAS 1. Set flag bit for door/ window vibration 2. Send status to CAS Poke period up? Detector/ sensor still active? Initialize false alarm timer Decrement poke counter No No No No No RFID flag set? Entrance Exit Zone? Display time Invalid code? 1. Set flag bit for RFID 2. Send status to CAS 1. Disable Door Strike 2. Enable buzzer 3. Start door timer 1 4. Send status to CAS Door open? Door timer 1 period up? 1. Enable door strike 2. Disable buzzer 1. Initialize door timer 1 2. Disable buzzer 3. Start door timer 2 Door closed? Door timer 2 period up? 1. Send message via display 2. Send status to CAS 1. Send message via display 2. Set or Clear login flag bit for the user 3. Send status & data to CAS Send status to CAS Door closed? Enable buzzer 1. Disable buzzer 2. Send status to CAS Enable door strike No No No No No No No No No No No No No Proximity sensors? No Set flag bit for door/window intrusion Poke period up? 1. Start poke timer for zone 2. Initialize poke counter No
Figuie 1 - Flowchait foi the access contiolanti-intiuuei system.
}ouinal of Physical Secuiity 7(2), 42-49 (2u14)
49 =A9A=A7-A1
1. @8(1*&' A*''-'+,4B Repoit by the Biiectoi- ueneial to the 46 th Regulai Session of the ueneial Confeience of the IAEA (Items 2,S, 21, 28 anu 29 of the Activity Aieas); vienna, Austiia, 12 th August 2uu2. 2. =,044*)'+(&1 3&;-)&C* A&()+(,B @8(1*&' 7&(+1+)+*,DE&)*'+&1, &2> :812*'&;+1+)0 &2&10,+,B }. B. Ballaiu, N0NAT Confeience Pioceeuings; Salzbuig, Austiia, u8 - 1S Septembei 2uu2. S. @8(1*&' 3*(8'+)0 F*G-') 6HHI J E*&,8'*, )- /'-)*() &C&+2,) @8(1*&' A*''-'+,4B Repoit by the Biiectoi-ueneial to the S2 nu IAEA Boaiu of uoveinois ueneial Confeience (Items 1 anu 18); vienna, Austiia, 22 nu August 2uu8. 4. IAEA-TECB0C-967 (Rev. 1).uuiuance anu Consiueiations foi Implementation of INFCIRC22SRev.S, The Physical Piotection of Nucleai Nateiials anu Facilities S. K2)*'2&)+-2&1 3)&2>&'> .-' L*,+C2 M&,+, A%'*&) NLMA"B }. Blankenship, N0NAT Confeience Pioceeuings; Salzbuig, Austiia, u8 - 1S Septembei 2uu2. 6. @8(1*&' A*''-'+,4 /-)*2)+&15 F*,*&'(% F*&()-', ?, /-O*' F*&()-',P (Page 7 Paiagiaph 4)B u. Bunn et al, N0NAT Confeience Pioceeuings; Salzbuig, Austiia, u8 - 1S Septembei 2uu2. 7. K2)*'2&)+-2&1 A*''-'+,), A%'*&) )- @8(1*&' 7&(+1+)+*, (Page 7)B C. Biaun et al, N0NAT Confeience Pioceeuings; Salzbuig, Austiia, u8 - 1S Septembei 2uu2. 8. Q2%&2(*> /%0,+(&1 /'-)*()+-2 E*&,8'*, &2> )%* =C*2(0R, /1&2 -. =()+-2 .-' /'-)*()+-2 &C&+2,) @8(1*&' A*''-'+,4B T. Rauf, piesenteu at the 2uuS NPT PiepCom, 6 th
School of Computei anu Secuiity Science, Euith Cowan 0niveisity m.cooleecu.euu.au anu u.biooksecu.euu.au
81$9:8;9 Secuiity is implementeu to mitigate an oiganisation's iuentifieu iisks, linking layeieu elements into a !"!#$% to pioviue counteimeasuie by the functions of uetei, uetect, uelay, iesponse anu iecoveiy. Foi a system to maintain its effectiveness these functions must be efficaciously peifoimeu in oiuei; howevei, such systems may be pione to uecay leauing to secuiity failuies. This stuuy useu a thiee-phase qualitative methouology to uevelop an entiopic theoietical founuation anu to piesent a mouel of entiopic secuiity uecay.
Secuiity uecay is uefineu as uegiauation of the micioscopic constituents piopagating thiough the secuiity system as a iesult of knowleuge, cultuial oi economic factois. Secuiity management shoulu be piimaiily conceineu with managing the entiopic piocesses against commissioneu secuiity system levels; howevei, when uecay occuis it is as a bottom-up factoi. This stuuy suggests secuiity contiols shoulu be measuiable anu be uesigneu, applieu, anu manageu to maintain secuiity system efficacy.
<=9:>"?;9<>= Secuiity iisk management may be implementeu in an open system appioach, using the stiategy of uefence-in-uepth (BiB). Neveitheless, it is pioposeu that BiB stiategies can be impeueu by the chaiacteiistics of uisoiganization anu uecay unueipinning entiopy. Foi an oiganisation to maintain a sounu secuiity piofile, all BiB elements anu theii constituents must be maintaineu at theii optimum level of commissioning peifoimance. This stuuy aigues that the scholaily aiea of Secuiity Science shoulu uiaw on the concept of entiopy to establish the concept of secuiity uecay. Secuiity uecay iesults in a ieuuction in oveiall system peifoimance, which coulu be avoiueu thiough effective iisk iuentification at the uesign stage, anu the active monitoiing anu ieviewing of tieatment stiategies.
1/&@A(#'4B #2 *C% ,*'B+ 0nueiwoou stateu that "the piovision of effective secuiity is paiauoxically the fiist step towaius uecay, as an effective system will not only iepel successful attacks, but also pievent the attacks being maue . an illusion is then cieateu that the establisheu secuiity is unnecessaiy suggesting uecay will follow until the uegiee of secuiity falls to the point wheie an attack will succeeu" (1984, pp. 249-2Su). ________________ *Euitoi's Note: Be suie to see the ievieweis' comments at the enu of the iefeiences. }ouinal of Physical Secuiity 7(2), Su-76 (2u14)
S1 Eaily liteiatuie on the concept of secuiity uecay suggesteu that the cause was the attituue of apathy, which leu to pooi compliance to secuiity pioceuuies (NcCluie, 1997). Neveitheless, uecay is a fai bioauei concept, anu has to encompass the whole secuiity system anu its inteiielateu constituents. In auuition, exteinal factois such as the enviionment anu uynamic thieats also affect the secuiity system. Each of these inteinal anu exteinal constituents is pione to some uegiee of uecay. Foi example, if. the opeiatoi ieceives many false intiusion alaims, theii tiust in the system will uiminish to a point wheie they will be unlikely to assessuisciiminate an actual tiue alaim event. a uetectoi fails, physical uelay is significantly ieuuceu oi eliminateu as an effective measuie. an attackei gains access to fiieaims, the ability to countei-iesponu by the guaiu foice will be significantly ieuuceu. a secuiity inciuent occuis, then iesouices aie likely to be uiiecteu towaius that latest bieach, taking the focus away fiom othei paits of the secuiity system (Smith & Biooks, 2u1S, p. 47) which may iequiie gieatei attention. theie is a cultuial view that the oiganisation is not exposeu to a given thieat, then it won't be piepaieu foi that thieat. the secuiity managei uoes not unueistanu the secuiity system anu how small changes may affect the gieatei system, seiious secuiity inciuents may occui.
Secuiity uecay is often misunueistoou so that aftei an inciuent, the immeuiate ieaction is often to inciease the establisheu secuiity iesouices. Bowevei, this ieaction is not usually necessaiy, as all that may be iequiieu is the ie-establishment of the uesigneu oi commissioneu level of piotection. Responuing to uecay in this fashion iesults in secuiity becoming ieactive, iathei than being pioactive. Thus, iesouices aie useu ineffectively to pioviue au-hock oi a piece-meal secuiity mitigation stiategies (Smith & Biooks, 2u1S, p. 47). Conceptually this view was suppoiteu in the woiks of uaicia, who wiote "it is unlikely that a complex system will evei be uevelopeu anu opeiateu that uoes not expeiience some component failuie ... it is impoitant to know the cause of component failuie to iestoie the system to noimal opeiations" (2uu1, p. S9). Theiefoie, unueistanuing the secuiity system as a !"!#$% anu its likely uecay factois will leau to impioveu secuiity.
$*'B+ >DE%&*)F%, The objectives of this stuuy weie to piesent a mouel that uevelops the concept of $+#,-.2( !$(5,2#" /$()", establishing wheie secuiity uecay integiates into the secuiity iisk management cycle anu stimulating acauemic uiscouise into the concept of secuiity uecay. To achieve these objectives, a uisciete Reseaich Question was put foiwaiu, namely: '- !$(5,2#" $7.$,#! !5..-,# #3$ #3$-,$#2()4 8)42/2#" -0 $+#,-.2( /$()" #3$-,"* 932(3 !#)#$! #3)# !$(5,2#" /$()" 2! ,$.,$!$+#$/ :" #3$ /$6,)/)#2-+ -0 #3$ %2(,-!(-.2( ;5)+#2#2$! <(-+!#2#5$+#!=* )+/* -,* #3$ 6,)/5)4 /$6,)/)#2-+ 2+ #3$ ,$4)#2-+!32. :$#9$$+ #3$ %2(,-!(-.2( )+/ %)(,-!(-.2( ;5)+#2#2$! 92#32+ ) !$(5,2#" !"!#$%>
In auuition to the piimaiy Reseaich Question, a numbei sub-questions weie auuiesseu. These sub-questions consiueieu whethei secuiity expeits suppoit the systems appioach to implementing effective secuiity contiols, whethei secuiity systems suffei fiom uecay, anu if expeits suppoit the view that secuiity uecay lies within the }ouinal of Physical Secuiity 7(2), Su-76 (2u14)
S2 system constituents anu theii inteiielationship. Finally, a secuiity management system was put foiwaiu to allow the uevelopment of system metiics that can moie ieauily measuie the peifoimance level of secuiity systems.
$9?"G "3$<H= A thiee-phase qualitative appioach incoipoiating a Belphic poll was auopteu to exploie the concept of secuiity uecay fiom a systems appioach (figuie 1), making iefeience to ielevant theoiies anu laws. Such an innovative appioach was consiueieu the most appiopiiate ovei moie tiauitional methouologies, as at this stage the bouy of knowleuge encompassing the concept of secuiity uecay is still ielatively new.
Phase-one Literature Critique Develop the foundation of Security Decay Phase-two Expert Interviews Test the studys foundation using Delphi iterations with experts Phase-three Interpretation Validate the previous Phases
Figuie 1 - Stuuy uesign, using a thiee-phase uevelopmental appioach
Phase-one involveu ueveloping a conceptual liteiatuie benchmaik foi fiaming secuiity uecay by uiawing on theoiies, incluuing the stiategy of uefence-in-uepth (BiB) anu ueneial Systems Theoiy (uST). Phase-two useu semi-stiuctuieu expeit inteiviews using the Belphi technique to obtain the paiticipant's thoughts anu unueistanuing of secuiity uecay within a systems appioach to implementing effective physical secuiity, wheie tiansciipts weie analyseu foi unueilying themes. The Belphi technique is a stiuctuieu communication appioach, uevelopeu as a systematic anu inteiactive foiecast methou that uses a panel of expeits who answei questionnaiies in two oi moie iounus. Aftei each iounu, the ieseaichei pioviues an anonymous summaiy of the expeits' foiecasts fiom the pievious iounu to encouiage ievision to theii eailiei answeis. Finally, Phase-thiee pioviueu a iesponse to the poseu Reseaich Question baseu, in-pait, on the pioceeuing phases. Themes weie iuentifieu by uiawing on key woius anu phiases in paiticipants' iesponses.
Secuiity expeits weie soliciteu to paiticipate in the stuuy, foiming a non-piobability sample (N=9) that incluueu a pilot panel anu two ieseaich panels. As highlighteu by Biooks (2u1u), expeit paiticipants weie selecteu baseu on the ciiteiia that they weie }ouinal of Physical Secuiity 7(2), Su-76 (2u14)
SS employeu oi soliciteu to pioviue secuiity knowleuge auvice acioss the vaiieu secuiity ielateu occupations. In auuition, selection was baseu on theii extensive knowleuge, expeiience, occupation, euucation, tiaining, anu that otheis peei ieveieu theii piofessional opinion within the multi-uisciplineu secuiity inuustiy.
:%0)/D)0)*+ /4B F/0)B)*+ This stuuy useu a numbei of contiols to ensuie ieliability anu valiuity. These contiols incluueu the piinciple of tiiangulation, with uata inputs fiom multiple paiticipant souices. Expeit paiticipants foimeu ieseaich panels, wheie consistent views weie ieflecteu anu consensus achieveu to uemonstiate a high level of confiuence to infei suppoit of the coie themes anu piinciples.
Tiiangulation was also useu to establish consensus suppoit to each sepaiate panel of expeits. Nembei checking was incoipoiateu into the panel uesign, wheie uuiing the seconu iounu feeuback piocess, each paiticipant was piesenteu with a tiansciipt of theii inteiview iesponses. Fuitheimoie, each panel paiticipant was askeu whethei they suppoiteu the inteipietations uiawn fiom the uata, anu weie pioviueu with the oppoitunity to iesponu to these inteipietations. This appioach aimeu to establish a level of tiust towaius the inuuctive analysis piioi to moving foiwaiu to the ueuuctive analysis phase.
8 9I3>:39<;8J .>?="89<>= 9> "3K3J>L $3;?:<9G "3;8G Phase-one exploieu the liteiatuie in oiuei to uevelop a theoietical founuation of secuiity uecay fiom the peispectives of uefence-in-uepth (BiB) anu ueneial Systems Theoiy (uST) (Beitalanffy, 19Su). The concept of secuiity uecay is a significant iisk to any secuiity piogiam (0nueiwoou, 1984); howevei, theie has been iestiicteu ieseaich conuucteu into this aiea anu this pioviues limiteu insight. Neveitheless, 0nueiwoou (1984, p. xi) states that it is "impoitant that secuiity is seen as a whole, both uesigneu anu opeiateu as a system". As uaicia (2uu1, p. 6) stateu, BiB shoulu be implementeu in secuiity management using a systems appioach. Such views inuicate that secuiity shoulu be uesigneu, implementeu, anu manageu as a system.
The systems appioach in management anu a lessei uegiee, secuiity, is a well suppoiteu concept. Theiefoie, it is ieasonable to aigue that any uiscussion in ielation to a holistic appioach to secuiity uecay must consiuei a systems appioach. That is, a holistic appioach to secuiity uecay must encompass both the piocesses in establishing the system anu the ongoing management piocesses that aim to ensuie the system ieliably ueliveis, ovei time, the output foi which it was commissioneu. This stuuy suppoits the concept of secuiity uecay; howevei, we aiegue that the concept of secuiity uecay must be consiueieu, uefineu, anu applieu congiuous with the systems appioach useu to employ the stiategy of BiB.
BiB has been applieu to the piotection of assets foi centuiies, baseu on the aigument that a piotecteu asset shoulu be encloseu by a succession of baiiieis that iestiicts penetiation of unauthoiiseu access to pioviue time foi an appiopiiate iesponse (Smith, 2uuS, p. 8). Such baiiieis must encompass the physical, technological, anu human element. The pieventative functions of BiB may be consiueieu as uetei, uetect, uelay, iesponse (B S R) anu iecoveiy, implementeu systematically to achieve a uesiieu level of }ouinal of Physical Secuiity 7(2), Su-76 (2u14)
S4 secuiity. As such, ueneial Systems Theoiy (uST) pioviues a salient suppoiting stiategy to BiB.
H%4%(/0 $+,*%-, 9C%#(+ ueneial Systems Theoiy (uST) is the inteiuisciplinaiy stuuy of a system, with the foimulation anu ueuuction of piinciples. These piinciples "apply to systems in geneial, whatevei the natuie of theii component elements, oi of the ielations oi foices between them" (Beitalanffy, 19Su, p. 1S9). In applying a system appioach to BiB, uaicia (2uu1, p. 6) uefines a system as an "integiateu collection of components oi elements uesigneu to achieve an objective accoiuing to plan". Bowevei, theie aie many uiffeient types of systems (Niugley, 2uuS, p. xix) with a numbei of uictomies, each uiawing attention to paiticulai aspects of systems thinking (Baiton & Baslett, 2uu7, p. 1S1) The most significant uevelopment in scientific methou towaius systems thinking has aiisen fiom the open veisus closeu uictomy.
Closeu systems aie those consiueieu isolateu fiom theii enviionment, meaning conciete systems (Niugley, 2uuS, p. 182). Foi a closeu system, whatevei mattei-eneigy happens to be within that system is finite anu ovei time, that eneigy giauually becomes uisoiueieu. Closeu systems theoiy theiefoie emphasises the tenuency towaius equilibiium (Keien, 1979, p. S12), wheie accoiuing to the laws of theimouynamics, closeu systems attain a time-inuepenuent equilibiium state, with maximum entiopy anu minimum fiee eneigy (Beitallanffy, 19Su, p. 2S).
In contiast, othei systems aie not isolateu fiom theii enviionment. Accoiuing to Bittel (1978, p. 11Su), open systems theoiy consiueis the system's inteiaction with its enviionment as ciucial to the auoption anu evolution of complex systems. Keien (1979, p. S16) explains that open systems uepenu on theii enviionment foi iesouices anu aie constiaineu by its influence. Foi an open system, the ability to change in iesponse to enviionmental piessuies ensuies the system's long-teim viability. In contiast to closeu systems that eventually attain a time-inuepenuent equilibiium state, an open system may attain (ceitain conuitions piesumeu) a stationaiy state wheie the system iemains constant as a "whole", iefeiieu to as a steauy state conuition (figuie 2) (Beitalanffy, 19Su, p. 2S).
Figuie 2 - Example of a steauy state system (aveiage conuition) ovei time (Piuwiiny, 2uu6).
While in a closeu system, the final state uepenus on the components given at the beginning of the piocess, steauy state systems (open systems) show equifinality (figuie S), wheie the initial state can change as eneigy inputs change. As such, if a steauy state is ieacheu in an open system, it is inuepenuent of the initial conuitions anu ueteimineu by the system's paiameteis (Beitalanffy, 19Su, p. 1S8). Foi example in figuie S, path A commences with a high eneigy input ieaching a high point; howevei, as the system's }ouinal of Physical Secuiity 7(2), Su-76 (2u14)
SS eneigy inputs aie ieuuceu, that is, constituent paiameteis ieuuceu, its level of output is also ieuuceu ieaching a steauy state conuition baseu on the mean eneigy inputs. In contiast, paths B anu C commence with lowei oi negative eneigy inputs.
Foi a BiB system, as the inuiviuual constituent paiameteis that achieve the elements of uetect, uelay anu iesponse inciease, the systems macio-state output inciease. As constituent levels ueciease, so uoes the macio-output of the system. Change, accoiuant with the piovision oi ieuuction of iesouices makes open systems, anu specifically physical piotection systems, scalable. Theiefoie accoiuant with the piinciple of equifinality, the system may be tuneu to uelivei a highei oi lowei output, oi maintaineu at a pieueteimineu level accoiuant with the peiceiveu thieat uiiving the system.
Figuie S - System equifinality (Beitalanffy, 1968, p. 14S). Theie aie uiffeient possible paths to the same state.
Accoiuing to Checklanu (1981, p. 8S), the steauy state in an open system may cieate anuoi maintain a high uegiee of oiuei. Steauy states in open systems aie not uefineu by maximum entiopy, but by the appioach of minimum entiopy piouuction. Entiopy is a concept ueiiveu fiom a metiic, uefineu as a measuie of uisoiuei in a system anu a piocess chaiacteiiseu with uecay, uisintegiation, iunning uown anu becoming uisoiueieu (Bohm & Peat, 2uuu, p. 1S7; Beiman, 1999, p. 86; Beitalanffy, 1968, p. 42). In all iiieveisible piocesses, entiopy must inciease (Beitalanffy, 1968, pp. 41-42). Foi a system, as entiopy incieases its (entiopy level) capability uecieases, baseu on the aigument that systems iely on oiuei anu cohesion.
9C% ),#-#(5C),- #2 %4*(#5+ Entiopy as a concept is a state function of a system (Roos, 1997, p. S), a uesciiption of the system in teims of its piopeities at any instant of time. When a system changes fiom one state to anothei, the uiffeience in piopeities uepenu solely on the states anu not on the mannei oi pathway by which the change occuiieu. Accoiuing to Niugley (2uuS, p. S9), tiauitional physics only ueals with closeu systems, anu as such, physicists }ouinal of Physical Secuiity 7(2), Su-76 (2u14)
S6 aigue the laws of theimouynamics only apply to closeu systems, in paiticulai, the seconu law (Entiopy law) (Beitalanffy, 1968, p. S9). Foi example, as a closeu system moves towaius equilibiium, eneigy is conveiteu to woik; howevei, as it appioaches equilibiium the available eneigy uecieases, eventually iemoving the systems capability until the system is ieeneigizeu.
The concept of entiopy has been seen as a founuational concept in contempoiaiy systems theoiy. Although the teim oiiginateu in the fielu of theimouynamics, it has both theoietical anu mathematical inteipietations, as well as wiuespieau applications in othei uisciplines (Byeon, 2uuS, p. 224). Accoiuing to Byeon (2uuS, p. 224), a laige numbei of useful teims anu concepts have been tianspoiteu into othei uisciplines fiom theii oiiginal uiscipline. Since its oiiginal inception by Clausius in classical theimouynamics, entiopy has witnesseu a seiies of subsequent incainations. As such, the teim "entiopy" can be useu as long as it is qualifieu by a piefix, as in "social entiopy" (Bailey, 199u citeu in Byeon, 2uuS, p. 224). This piefix enables vaiious isomoiphic applications of entiopy to be uiffeientiateu fiom Clausius' entiopy, oi Boltzmann's' entiopy, oi biological entiopy, oi any othei concept which lacks a ceitain piefix.
The concept of entiopy is becoming incieasingly populai anu useu to uiscuss the state of vaiious systems. Foi example, the seconu law of theimouynamics has been applieu to many uomains incluuing infoimation secuiity (King, 2uu8), oiganisational systems (Lovey & Naukaini, 2uu7), combat systems (Beiman, 1999), communications, biology, economics, sociology, psychology, political science anu ait (Rifkin, 1982, p. 26S). Entiopy is a concept conceiveu to uiscuss the uegiauation anu uisoiuei within a system ielating to a systems ability to caiiy out woik.
"%F%0#5)4A %4*(#5)& ,%&'()*+ B%&/+ Accoiuing to King (2uu8, p. 1), "secuiity system uegiauation is the iesult of such systems suffeiing fiom natuial entiopy". Bonkasalo (1998, p. 1S6) explains that uegiauation measuies the iiieveisible inciease of entiopy, which is the amount of usefulness lost. That is, a secuiity system is only as effective as its paits; when a single pait fails, this failuie can cause uegiauation within the total system (Konicek & Little, 1997, p. 184: King, 2uu8, p. 1). uaicia (2uu6) concuis, suggesting that system effectiveness can become uegiaueu thiough the ieuuction in effectiveness of inuiviuual components. As entiopy incieases, capability uecieases as systems iely on oiuei anu cohesion (Smith & Biooks, 2u1S, p. 47), anu a secuiity system is no uiffeient.
Even the most effective systems will ueteiioiate ovei time anu with use (Bowlet, 199S, p. 222). The isomoiphic application of entiopy to BiB oi a Physical Piotection System (PPS) is suppoiteu by Lovey anu Nanohai (2uu7, p. 99), who asseit that vaiious systems suffei fiom entiopy. The application of the seconu law of theimouynamics, specifically the concept of entiopy to a PPS, ieintiouuces the concepts of uegiauation anu uecay into secuiity. System uegiauation iesults fiom entiopy piouuction, which ieuuces the efficiency anu effectiveness within a system that impeues its output goal (Bohm & Peat, 2uuu, p. 1S7).
In contiast to closeu systems, open systems that have the appiopiiate feeuback oi eneigy input will have uecieasing entiopy. Such systems, with minimum entiopy piouuction, aie geneially stable anu pioviue a consistent output piouuct. Neveitheless, }ouinal of Physical Secuiity 7(2), Su-76 (2u14)
S7 if one of the system's vaiiables is negatively alteieu, the system manifests coiielating changes in the opposite uiiection (Beitalanffy, 19Su, p. 26). This piopeity of open systems is in-line with Loienz's (196S) finuings anu the "Butteifly" metaphoi.
Theiefoie, it is aigueu that the macio state of a BiB system is iecogniseu as an expiession of the aveiage of the miciostate vaiiables collectively, wheie changes in miciostates (constituent elements) uiiectly affect the macio state. Such a piocess is baseu on the uefinition of entiopy offeieu by Bohm anu Peat (2uuu, p. 1S7), wheie uisoiuei within anu between elements incieases, uecay incieases, anu capability uecieases, uemonstiateu by the !"!#$%! $00$(#28$+$!! equation (1):
System effectiveness = capability (1) entiopy
(Coole & Biooks, 2uu9, p. 22).
Foi example if the uegiee of iisk mitigation uecieases, that is, the inuiviuual constituents which combine to achieve specific outputs of the piotection system uecay, then the ability of the physical piotection oi iesponse constituents to countei its commissioneu thieat level is uegiaueu. Foi the system to maintain its commissioning levels of effectiveness (countei the thieats which pose a iisk), it must be pioviueu with the appiopiiate feeuback (eneigy inputs) to ensuie the level of output capability foi the system is equal to oi exceeus the effects of natuial entiopy at the constituent level.
M%/,'()4A B%&/+ )4 5C+,)&/0 ,%&'()*+ ,+,*%-, In applying a systems appioach to physical secuiity, entiopy is an iuea boin fiom classical theimouynamics. As such, entiopy is a quantitative entity iathei than something intuitive anu shoulu theiefoie be uefineu thiough an equation. To apply a quantitative appioach to physical secuiity, this stuuy uiew on the woiks of uaicia (2uu1, p. 246) who explaineu that the effectiveness measuie of a Physical Piotection System (PPS) is the piinciple of timely uetection. Theiefoie, the macio-state of a PPS can be iepiesenteu as its piobability of inteiiuption (Pi), wheie Pi is the piobability of inteiiuption oi the cumulative piobability of uetection when theie is enough time iemaining foi the iesponse foice to inteiiupt the auveisaiies.
Entiopy can be quantitatively measuieu foi a BiB system using the Estimateu Auveisaiy Sequence Inteiiuption (EASI) equation (2) to quantitatively iepiesent a systems commissioning oi opeiational macio-state level (uaicia, 2uu1). Accoiuant with the piemises of systems theoiy, EASI quantitatively piesents the vaiious ielationships among the constituents anu elements peifoimance measuies within PPS.
EASI mathematically uemonstiates the ielationship among the peifoimance measuies of the PPS constituents (table 1). Foi a PPS, the highei the piobability of inteiiuption (Pi), the lowei the chances of a successful penetiation; wheieas, the lowei the Pi, the highei the chances of penetiation (uaicia, 2uu1, p. 246).
}ouinal of Physical Secuiity 7(2), Su-76 (2u14)
S8 EASI measuies aie the cumulative sum of the vaiious sub-systems within a PPS, wheie accoiuant with the piinciples of system theoiy any changes in these inputs have an oveiall effect on the output of the piobability of inteiiuption. Theiefoie, congiuous with the piinciples of ueneial Systems Theoiy, changes in the vaiious sub-system's miciostates have a uiiect effect on the PPS's macio-state.
Table 1 - The Estimateu Auveisaiy Sequence Inteiiuption (EASI) components. Component Besciiptoi Ps Piobability that inuiviuual uetection constituents will sense abnoimal oi unauthoiiseu activities Pt Piobability that the alaim inuication will be tiansmitteu to an evaluation oi assessment point Pa Piobability of accuiate assessment PB 1 Piouuct of the piobability that the uetection constituents will sense abnoimal oi unauthoiiseu activities, Pu iepiesents the element of uetection
P(C) Piobability of guaiu communication P(A) Piobability of alaim Nean anu stanuaiu ueviation of uelay time Nean anu stanuaiu ueviation of iesponse time P(R | A) Piobability of iesponse foice aiiival piioi to enu of auveisaiy's action sequence, given alaim 1 To account foi an auveisaiy getting to the next layei along theii path, EASI uiaws on the piobability of non-uetection (PI) with a vaiiation wheie the sensoi is locateu ielative to path uelay measuies, with PI = 1-PNB.
8&C)%F)4A / ,*%/B+ ,*/*% 5C+,)&/0 5(#*%&*)#4 ,+,*%- The application of the Estimateu Auveisaiy Sequence Inteiiuption (EASI) mouel within an open systems facilitates the measuiement of a physical secuiity piogiam, wheie the combineu elements of uetect, uelay, anu iesponse pioviue a secuiity system's macio-state measuie. That is, EASI pioviues the means of measuiing the system's stable conuition stemming fiom the systematic piocess which combines people, equipment, anu pioceuuies. Bowevei, accoiuing to 0lzak (2uu6, p. 1), "which secuiity layeis to implement anu to what extent is a iisk management uecision". That is, the total cost of the secuiity system is ueteimineu within the stiategy of BiB. The uegiee of secuiity contiol iequiieu to achieve the amount of time uelay juugeu necessaiy aftei uetection to facilitate an appiopiiate iesponse in ielation to the iisk of the asset being piotecteu (Post, Kingsbuiy & Schachtsiek, 1991, p. 89; uaicia, 2uu1, p. 272), which must be implementeu in a mannei which achieves a steauy state (stable) iisk ieuuction system.
NcCluie (1997, p. 4) consiueieu that an effective secuiity state exists when the level of iisk exposuie is ieuuceu, thiough vaiious means, to a level that is acceptable to the oiganization. Such iisk mitigation can be achieveu thiough a secuiity iisk management stiategy. Secuiity iisk management can be iepiesenteu in many ways, although one such methou is with the use of thieat, vulneiability, anu ciiticality components (S) (Stanuaius Austialia, 2uu6). This appioach establishes the secuiity iisk management
}ouinal of Physical Secuiity 7(2), Su-76 (2u14)
S9
context as a combination of a thieat assessment, vulneiability ieview, anu ciiticality iegistei.
Risk = thieat x vulneiability x ciiticality (S)
Fuitheimoie, uaicia (2uu1, p. 272) consiueis iisk may be uefineu thiough equation (4). Likelihoou consiueis the piobability of an attack, the cuiient level of vulneiability within the secuiity system, the effectiveness of the iesponse foice to countei the attackei in a timely mannei, anu the consequence of the attackei achieving theii goal.
Risk = PA |1-(PI)j C (4) Wheie: PA = Likelihoou (thieat) of an auveisaiy attack measuieu between u anu 1. 1 = vulneiability measuieu between u to1. PI = Piobability of inteiiuption measuieu between u anu 1. C = Consequences (ciiticality) value measuieu between u anu 1.
This stuuy aigues that in a quantitative appioach to secuiity the ielationship can be summaiiseu with the sum (2) of uetei, uetect, uelay anu iesponu (B S R) ovei iisk (S) to piouuce the final equation foi secuiity (Sj. Foi an effective state of secuiity to be achieveu, a secuiity system must uemonstiate effectiveness in iesponse to a facility's analyseu iisk level accoiuant to its uefineu thieat (uaicia, 2uu6, p. Su).
!"#$%&'( ! !!" !"#$ !!!"#$ !!"#$%&'()#)*+ !!"#$#%&'#$( (S)
uaicia (2uu1, p. 277) explains the iisk equation (4) anu Piobability of Inteiiuption (Pi) enables effective cost-benefit uecisions to be maue towaius implementing secuiity contiols, which ieuuces an oiganisation's iisk to an acceptable level. Foi example, figuie 4 piesents an open system with the level of implementeu secuiity baseu on the iisk equation anu PPS system peifoimance measuies, whilst being cognizant of maintaining a ueteiient value uuiing uaily system fluctuations. Congiuent with the objectives of open systems (Bonkasalo, 1998, p. 1SS), the oveiall aim of a PPS is to ieach a steauy state conuition wheie the flow of eneigy is constant anu the inciease of entiopy is minimal. Such a steauy state conuition implies an exchange of eithei mattei oi eneigy within the enviionment (Roos, 1997, p. 6), which is a balance of inputs, outputs anu inteinal piocesses, anu the system is stable to piouuce what it was commissioneu to achieve.
In contiast to an effectively maintaineu steauy-state secuiity system (figuie 4) consistent with the piinciple of equifinality (figuie S), figuie S inuicates the effects entiopy has within the BiB system. Entiopy effect the systems macio-steauy state conuition in ielation to its commissioneu iisk ieuuction level. In figuie S, the level of implementeu piotection has uecieaseu baseu on contiol constituent ieuuctions at the micio level ieuucing total system efficacy as a system, yet the system still intuitively piesents a steauy state conuition.
Figuie S - The effects of uecay on the systems commissioning level of effective secuiity when using the Pi anu Risk Equation. (Aujusteu fiom 0nueiwoou 1984; Naitin, 2uuu, p. 21u; uaicia, 2uu1, 2uu6; Piuwiiny, 2uu6; Stanuaius Austialia BB167 Secuiity Risk Nanagement, 2uu6).
}ouinal of Physical Secuiity 7(2), Su-76 (2u14)
61 We aigue that this !5:#4$ uegiauation iesults in the system peifoiming below the level of iisk contiol consiueieu necessaiy foi a specific secuiity iisk context (figuie S). In auuition, as the system is peiceiveu to be uegiaueu by potential auveisaiies, the ueteiience element of BiB is also uegiaueu, leauing to the peiception by oppoitunistic offenueis that the benefits outweigh the costs leauing to a uecision within the iational choice fiamewoik to attempt penetiation.
34*(#5)& ,%&'()*+ B%&/+ &%5*'/00+ B%2)4%B The meaning of entiopy is uifficult to conceptualise anu not well unueistoou outsiue of acauemic uisciplines, leauing to ubiquitous usage anu iestiicteu unueistanuing. Whilst vaiious uefinitions anu unueistanuings aie applieu to entiopy, a cential theme is how vaiious components of a system ielate to one anothei towaius piouucing a coheient whole. As such, this stuuy has aigueu that the concept of entiopy pioviues a mouel towaius measuiing the giauual uegiauation of a physical piotection system aftei its commissioning.
The auoption of !$(5,2#" /$()" pioviues a functional uefinition anu theiefoie, appeal to both secuiity acauemics anu piactitioneis alike. Stuuy Phase-one, the theoietical founuation of secuiity uecay, leu to the pioposition that secuiity uecay can be uefineu as: The giauual uegiauation of the micioscopic quantities (constituents) oi the ielationship between the micioscopic anu macioscopic quantities within a secuiity system.
K8J<"89<=H 3=9:>L<; $3;?:<9G "3;8G Phase-two valiuateu the theoietical founuation of secuiity uecay using the Belphi appioach. A total of thiee expeit panels weie useu, wheie expeits weie inteivieweu inuiviuually anu the sum of theii views pioviueu to the othei panel expeits. Expeits weie heteiogeneous piactitioneis fiom acioss the coipoiate oi commeicial secuiity inuustiy (table 2). Buiing the inteiviews themes weie iuentifieu by uiawing on key- woius anu phiases in the expeits' comments, allowing a iesponse to the poseu ieseaich sub-questions.
NC/* ), *C% %O5%(*,P F)%Q #2 %4*(#5)& ,%&'()*+ B%&/+6 The systems appioach to implementing effective secuiity fiameu the stuuy's appioach in unueistanuing secuiity uecay. Consiueiing this view, ieseaich sub- question one askeu whethei ?$(5,2#" $7.$,#! !5..-,# #3$ !"!#$%! )..,-)(3 #- 2%.4$%$+#2+6 $00$(#28$ !$(5,2#" (-+#,-4!>
Congiuous with the past authois (0nueiwoou, 1984; Bowlet, 199S; NcCluie, 1997; King, 2uu8) all the paiticipants suppoiteu a systems appioach to secuiity. As one of the paiticipant's stateu ") !"!#$% 2! ) (-%:2+)#2-+ -0 $4$%$+#)4 2+.5#! @ 8$," %5(3 /$.$+/)+# -+ #3$ (-,,$(# -.$,)#2-+ -0 #3$ $00$(#28$+$!! -0 $)(3 -0 #3$!$ $4$%$+#! .$,0-,%2+6 #3$2, 05+(#2-+ )+/ !5..-,#2+6 05+(#2-+! -0 -#3$, $4$%$+#!A B3$,$0-,$* !%)44 (3)+6$! 2+ #3$ $4$%$+#!* .),#2(54),4" 93$,$ #32! -((5,! )(,-!! %)+"C)44 $4$%$+#! ()+ 3)8$ ) %)D-, 2%.)(# -+ !"!#$% -5#.5# )# #3$ %)(,- 4$8$4E. Such a view was suppoiteu by anothei paiticipant, who suggesteu that a "!"!#$% #2$! #-6$#3$, ) 6,-5. -0 $4$%$+#! )+/
Table 2 - Expeit paiticipants. 3O5%(* "%,&()5*)#4 #2 ,%&'()*+ %O5%(* R 2u yeais expeiience woiking with physical piotection systems (PPS) in the coiiectional enviionment, pioviuing auvice on the opeiational effectiveness of PPS. Qualification: Bachelois Begiee in Secuiity. S 1S yeais coiiectional secuiity expeiience, monitoiing anu ieviewing opeiational effectiveness of PPS. Qualification: Bachelois Begiee in Secuiity. T 2u yeais expeiience in vaiious secuiity ioles in customs anu coiiectional enviionments, pioviuing auvice ielating to uaily management of staff opeiating anu maintaining PPS. Qualification: Bachelois Begiee in Business Nanagement. U 2u yeais expeiience in secuiity ielateu piojects as a client ielations managei foi a laige secuiity engineeiing oiganisation. Facilitates secuiity iisk management anu leaus the uesign of technical, physical anu pioceuuial secuiity contiols. Qualification: Biploma of Applieu Science. V 21 yeais expeiience in secuiity opeiations, incluuing the Austialian Befence Foice, customs anu coiiections. Cooiuinates capital woiks piojects focusing on secuiity aspects. Qualification: Bachelois Begiee in Secuiity. W 2S yeais expeiience in coiiectional secuiity anu emeigency management. Secuiity managei within coiiections, cooiuinating physical anu pioceuuial secuiity. X 2u yeais expeiience in special foices, with five yeais in oil anu gas secuiity. Pioviues secuiity compliance auvice to Naiitime Tianspoit anu 0ffshoie Facilities Secuiity Act (2uuS) anu piepaies secuiity anu emeigency plans. Qualifications: Bachelois Begiee in Secuiity, uiauuate Ceitificate in 0peiations Nanagement. Y 2u yeais expeiience in policing anu secuiity auvisoiy ioles. Piinciple secuiity consultant, conuucting secuiity iisk assessments anu auuits. Qualifications: Bachelois Begiee in Secuiity (Bonouis), Auvanceu Biploma in Business Nanagement, Biploma in Ciiminal Investigations. Z SS yeais secuiity inuustiy expeiience as a senioi consultant to high level secuiity piojects. Publisheu ovei 6u papeis on secuiity issues anu has piofessional qualifications in electiical engineeiing, builuing seivices engineeiing anu holus Ceitifieu Piotection Piofessional (CPP) ceitification.
In geneial, theie was paiticipant acknowleugment that the components of a Physical Piotection System (PPS) aie inteiielateu anu inteiuepenuent, with each sub-system being a system of systems. Accoiuing to paiticipants, each aspect of a secuiity system has a uefineu iole, wheie constituents aie implementeu in a mannei wheie theii inteiielationships complement anu influence each othei to ieuuce secuiity iisks. This appioach was highlighteu by one paiticipant who stateu that "9$ !$4$(# 2+/282/5)4 }ouinal of Physical Secuiity 7(2), Su-76 (2u14)
In iesponuing to ieseaich sub-question one, iesults inuicateu that all paiticipants suppoiteu the systems appioach to achieving effective secuiity. In auuition, theii views ielating to the implementation of such contiols aie accoiuant with the vaiious unueipinning piinciples of ueneial Systems Theoiy.
"# ,%&'()*+ ,+,*%-, ,'22%( 2(#- B%&/+6 Reseaich sub-question two ielateu to the piemises of 0nueiwoou (1984) anu NcCluie (1997), asking, '- !$(5,2#" $7.$,#! !5..-,# #3$ ),65%$+# #3)# !$(5,2#" !"!#$%! ()+ !500$, 0,-% /$()". All ieseaich panels iepoiteu in the affiimative that they believeu secuiity systems suffei fiom uecay. Foi example, one membei stateu, "G /- :$42$8$ #3)# !$(5,2#" !"!#$%! ()+ )+/ /- $7.$,2$+($ /$()"", with anothei stating that, ""$!* @ G :$42$8$ !$(5,2#" !"!#$%! ()#$6-,2()44" /$()"E.
In iesponse to the ieseaich sub-question iegaiuing secuiity systems uecay, the eviuence suppoiteu that such uecay ielates to a failuie to maintain secuiity "systems" at theii commissioneu opeiating levels of effectiveness, uiminishing theii ability to uelivei the iequiieu output goal (iisk ieuuction). As one paiticipant stateu "u$()" ,$4)#$! #- #3$ /$(42+$ 2+ #3$ $002()(" )+/ $002(2$+(" -0 #3$ !$(5,2#" 05+(#2-+* )+/ 2#! (-,,$4)#2+6 2+(,$)!$ 2+ ,2!FE. Anothei paiticipant summaiiseu uecay as when "p$-.4$ 93- 3)8$ !"!#$%! 2+!#)44$/ /- +-# 5+/$,!#)+/ 93)# 5+/$,.2+! #3$%* !"!#$%! ),$ /$!26+$/ 92#3 .),)%$#$,! #- 0)(242#)#$ 0-, /$()"* ) 4)(F 2+ .,-0$!!2-+)4 !"!#$% %)+)6$%$+#* #3)# 2!* ) 4)(F -0 F+-94$/6$ #- %)+)6$ #3$!$ .),)%$#$,!* ) 4)(F 2+ $/5()#2-+* 2+ 0-,%)4 #,)2+2+6 4$)/! #- /$()" 92#32+ .3"!2()4 .,-#$(#2-+ !"!#$%!E.
Congiuous with this viewpoint, one paiticipant stateu, I#3$ $00$(#! -0 /$()" ),$ /2,$(#4" .,-.-,#2-+)4 #- #3$ 4-!! -0 ,2!F %)+)6$%$+# AAA '$()" -((5,! 2+ )44 )!.$(#!J %)+)6$%$+#* #$(3+-4-6" )+/ .3"!2()4 $+62+$$,2+6". This iuea was suppoiteu by anothei who suggesteu that, "!%)44 (3)+6$! ()+ 4$)/ #- 4),6$ !$(5,2#" 2%.42()#2-+!* %5(3 42F$ ) (3)2+A K (3)2+ 2! -+4" )! 6--/ )! 2#! 9$)F$!# 42+F -, .-2+#A L3$+ #3$ 9$)F$!# 42+F :,$)F! #3$ ,$!54#! ()+ :$ 4),6$". }ouinal of Physical Secuiity 7(2), Su-76 (2u14)
64 Baseu on the paiticipants' iesponses, we aigue that secuiity uecay lies within the systems elements, constituents, anu theii inteiielationships. That is, uecay within a secuiity system occuis at the constituent level, manifests anu then expanus to incoipoiate anu affect specific sub-system key peifoimance inuicatois. Such expansion then affects the specific BiB element within the uefence in uepth stiategy foi which it is locateu.
3=9:>L<; $3;?:<9G "3;8G Phase-thiee alloweu inteipietation to be maue in iesponse to the poseu Reseaich Question, namely '- !$(5,2#" $7.$,#! !5..-,# #3$ #3$-,$#2()4 8)42/2#" -0 $+#,-.2( /$()" #3$-,"* 932(3 ),65$! #3)# !$(5,2#" /$()" 2! ,$.,$!$+#$/ :" #3$ 6,)/5)4 /$6,)/)#2-+ -0 #3$ %2(,-!(-.2( ;5)+#2#2$! <(-+!#2#5$+#!=* )+/C-, #3$ 6,)/5)4 /$6,)/)#2-+ 2+ #3$ ,$4)#2-+!32. :$#9$$+ #3$ %2(,-!(-.2( )+/ %)(,-!(-.2( ;5)+#2#2$! 92#32+ ) !$(5,2#" !"!#$%> To suppoit the concept of entiopic secuiity uecay, a numbei of factois aie put foiwaiu. An item bank was uevelopeu fiom the expeit inteiviews to consiuei the components of Physical Piotections Systems (PPS). The isomoiphic piinciples of science consiueieu the use of entiopy within othei systems anu how this suppoits secuiity systems. A secuiity management system appioach is shown, uetailing how entiopic uecay can assist in uefining piocess metiic system inuicatois. Finally, we pioviue a uefinition foi entiopic secuiity uecay, concluuing the conceptual uevelopment of this concept.
34*(#5)& ,%&'()*+ B%&/+ )*%- D/4@ Within a systems appioach to physical secuiity, theie is a complex inteiielationship between the built enviionment, physical contiols, technology, people, anu management piocesses as they achieve the elements of uepth-in-uepth (BiB). Foi example, table S piesents the stuuy's secuiity expeit's pool of vaiiables anu factois (item bank) associateu with the concept of secuiity uecay. The item bank is uiviueu into uisciete PPS components of technical, people anu physical, uemonstiating uecay conuitions, the phenomena anu iesulting consequence. Such an item bank is unueipinneu by the expeit panel's thoughts, feelings, anu expeiience with uegiauation within PPS. This stuuy founu that within this inteiielationship, uecay occuis at the constituent level anu if left unuetecteu, expanus to affect the local sub-system anu eventually, the BiB system.
Table S - Secuiity uecay pieliminaiy item bank foi technical, people anu physical components. LL$ ;#-5#4%4* , "%&/+ ;/*%A#()%, Conuition Phenomenon Consequence Technical Pooi uetection system maintenance
Incieaseu nuisance alaim iates
Alaims ignoieu, ieuucing piobability of accuiate assessment KPI. Incoiiect technical maintenance Causes high nuisance alaim iates.
Blinu acceptance of alaims, uiminishing accuiate assessment as a KPI. }ouinal of Physical Secuiity 7(2), Su-76 (2u14)
6S Begiauation of lighting system Light lamp failuie affects the peifoimance of CCTv systems. Biminisheu ability to assess (uisciiminate) alaim souices. People Lack of piofessional management of the secuiity function, as a system.
System uecays acioss all aspects of the management tiiangle, technological, physical anu pioceuuial. Secuiity events occui uue to uiminisheu iisk ieuuction piogiam.
Pooi, oi lack of system testing, oi, bieaches of system testing pioceuuies. Accuiate steauy state conuition not known. Sub-system vulneiabilities.
Pooi foimal tiaining foi new staff, wheie tiaining occuis thiough hanueu uown piocesses. Incoiiect pioceuuies oi bau habits passeu on to new staff.
Cultuial uecay within human aspect of the system.
Lack of qualifieu staff continuation tiaining.
Becay in iesponse piocesses foi non- ioutine events. Staff iesponses uecay. System enviionment enviionment changeu to suit peisonal iequiiements. Changes paiameteis, uiscoiuant with theii uesign specifications.
Tiiggeis small changes in which aie not unueistoou until a secuiity event. Fluctuations in staff competencies Reuuces sub-system KPI's ielateu to competency ieuuction. Staff may not ieact accoiuant with system uesign iequiiements. Pooi physical attiibute (lighting anu aii conuitioning) within CCR. Pioviue inappiopiiate output conuitions.
Staff concentiation anu focus uegiauing within CCR. 0peiating pioceuuies mouifieu without iefeience to holistic system iequiiements. Begiaues the peifoimance of the opeiating system as a "whole". System may not peifoim accoiuant with uesign specifications. Pooi communication between CCR, anu opeiational staff. Begiauation in efficacy acioss "whole" system. System may not peifoim efficiently against uefineu thieat. }ouinal of Physical Secuiity 7(2), Su-76 (2u14)
66 Physical Lack of maintenance of PPS enviionments (weeus anu feial giowth). Tiiggeis incieaseu nuisance alaim iates
Alaim acceptance ieuucing piobability of accuiate assessment KPI. Beteiioiation of uelay physical elements.
Baiiiei time uelay uegiaues against uefineu thieat. Belay time along an auveisaiy's path is changeu alteiing commissioning Pi. Physical components uesigneu without consiueiing physical enviionment impact. Leaus to piematuie physical uecay. Physical components may not withstanu uefineu thieat stiess. (Aujusteu fiom uillham, 2uuu, p. 68)
<,#-#(5C)& 5()4&)50%, *# ,'55#(* %4*(#5)& ,%&'()*+ B%&/+ Confoiming to the isomoiphic piinciples of science (see Beitalanffy, 19Su; 1968), this stuuy consiueieu the laws of theimouynamics (Entiopy law) to explain the natuial uecay occuiiing in systems of all types, iegaiuless of make-up. We consiueieu this necessaiy given the vaiiety of uiffeient sciences that make a PPS possible, wheie the one science binus all vaiious sciences to achieve the systems output goal is uST (Beitalanffy, 19Su; 1968). As with any physical open oi closeu system, it will uecay oveitime if theie is iestiicteu oi inappiopiiate input. Entiopy is associateu with a system's inability to caiiy out woik, tiansfei useful eneigy, oi maintain oiueis of activity, anu all systems stiive towaius uisoiuei that when achieveu aie in a state of equilibiium oi ueath. Theiefoie, secuiity systems ieuuce in theii efficiency anu effectiveness when they, theii component elements, oi constituents become uisoiueieu, iun-uown, uegiaueu, oi uecayeu.
In investigating the concept of secuiity uecay fiom a systems appioach, contiaiy to NcCluie's (1997) woik, this stuuy aigues that apathy is not the salient factoi uiiving uecay. Apathy can be a piouuct of uecay manifesteu fiom anothei constituent within the system that has been alloweu to piopagate. Foi example, one paiticipant stateu, ")44 #$(3+-4-6" /$()"!* )! #$(3+-4-6" /$()"! 2# (-+!#)+#4" 0)4!$ )4),%!* #3$+ !#)00 26+-,$ #3$%* 93$,$ 54#2%)#$4" #3$" 4-!$ (-+02/$+($ 2+ #3$ !"!#$% )+/ #3$2, 9-,F /$()"!". Such a view was also iepoiteu by Bowlet:
Even the best system will ueteiioiate with time anu use . fiom the time of taking a system into use it will stait to ueteiioiate. No system, howevei well uesigneu, can be completely ieliable without piopei maintenance. If left without attention it will become unseiviceable. A pooily maintaineu secuiity system will have many unexplaineu alaims, leauing to the guaiu foice losing confiuence in the system anu eventually ignoiing a tiue alaim as just anothei false alaim. Bowevei, the opeiatoi may not be awaie of it, but the system will not peifoim as intenueu (199S, p. 22u).
}ouinal of Physical Secuiity 7(2), Su-76 (2u14)
67 8 ,%&'()*+ -/4/A%-%4* ,+,*%-, /55(#/&C As a iesult of the heteiogeneous natuie of a PPS, ieuuceu functionality in one specific aiea (point uistuibance) will iesult in uecay piopagating thioughout the iemainuei of the PPS uue to inteiielationships. Foi example, a PPS is maue fiom many components that pioviue the functions of uetection, uelay anu iesponse. If a uetection component uoes not peifoim to its uesign paiametiic, this puts gieatei stiess in the uelay component oi incieaseu ieliance on the following uetection components in a layeieu system. Such piopagation ultimately changes the peifoimance (macio-state) of the whole system.
The secuiity management system (figuie 6) commences with a top-uown appioach, wheie, baseu on uefineu oi peiceiveu thieats, vulneiabilities, anuoi ciiticalities (system puipose), the systems objectives anu paiameteis aie establisheu as a uesiieu level of secuiity. 0peiational ueliveiables being physical, technological, oi pioceuuial aie implementeu anu manageu to ensuie the system maintains its commissioneu measuies of peifoimance oi key peifoimance inuicatois ovei time. Bowevei as figuie 6 highlights, if the system constituents aie alloweu to uecay, the affect of this uecay piopagates back up the pyiamiu in a bottom-up appioach. Conceptual uecay cuives aie iepiesenteu within the constituents. Such piopagation of uecay constituents uiminishes the iisk ieuuction effoits, incieasing oiganisational iisk exposuie.
Figuie 6 - A secuiity management systems appioach, highlighting the uecay constitutes cuives within the opeiational ueliveiables.
}ouinal of Physical Secuiity 7(2), Su-76 (2u14)
68
NcCluie highlighteu the "complex inteiielationship between technology, people, anu management piocesses within a secuiity function" (1997, p. 1). Consistent with such a view, it is the inteiielations which integiate the system towaius achieving an output goal, iathei than a collection oi juxtaposition of contiols. Coole anu Biooks (2uu9, p. 22) highlighteu such a complex ielationship within a PPS, aiguing that an oiueily ielationship exists wheie the space anu time uistiibution of the BiB elements cieates a compiehensive state of oiuei in ielation to a PPS's macio level of effectiveness.
"%2)4)4A %4*(#5)& ,%&'()*+ B%&/+ In consiueiing the systems appioach to achieving BiB, the concept of $+#,-.2( !$(5,2#" /$()" has been piesenteu. BiB is the sum of vaiious elements, namely ueteiience, uetection, uelay, iesponse anu iecoveiy. The concept of entiopy suppoiteu the aigument that any change in the efficiency oi effectiveness of any of the BiB elements constituents ieuuces the system's effectiveness. The sum of these concepts collectively foim anu weie iefeiieu to as !$(5,2#" /$()", being uefineu as:
The giauual uegiauation of the micioscopic quantities (constituents) oi the giauual uegiauation in the ielationship between the micioscopic anu macioscopic quantities within a secuiity system.
Such a uefinition pioviues iigoi anu genuine conceptual substance that can be integiateu into a PPS peifoimance measuies. In auuition, such an appioach may also be applieu to peisonnel anu infoimation secuiity fiamewoiks to encompass the secuiity management functions, ultimately leauing to the ability to uevelop anu uefine system metiics oi key peifoimance inuicatois.
:3;>MM3="89<>=$ Secuiity uecay has been uiscusseu by pievious authois (Coole & Biooks, 2uu9; NcCluie, 1997; Smith & Biooks, 2u1S; 0nueiwoou, 1984) but has not been exploieu within systems theoiy. Theiefoie, theie aie a numbei of iecommenuations iesulting fiom this stuuy. These incluue a gieatei use of applieu metiics to measuie anu iecoiu the secuiity constituents, anu enhanceu effoits to unueistanu anu maintain a secuiity system at its commissioneu level. 0thei iecommenuations incluue iecognizing the uynamic enviionment that a secuiity system has to opeiate within, the benefits of a system appioach to secuiity, anu the neeu foi fuithei ieseaich in oiuei to unueistanu the concept of secuiity uecay.
+'",-"' .)" &/ )"0.'1-# 2"-'10) In applying a systems appioach to secuiity, theie has to be the ability to measuie constituents effectiveness, inuiviuually anu as ielationships. Entiopy can be quantitatively measuieu foi a BiB system, using the Estimateu Auveisaiy Sequence Inteiiuption (EASI) to quantitatively iepiesent a systems commissioning oi opeiational macio-state level (uaicia, 2uu1). In accoiuance with the piemises of systems theoiy, EASI quantitatively piesents the vaiious ielationships among the constituents anu elements peifoimance measuies within PPS.
}ouinal of Physical Secuiity 7(2), Su-76 (2u14)
69 Secuiity uecay is a quantitative entity, iathei than being intuitive. Bowevei, all elements oi constituents neeu to be bettei unueistoou anu capable of having metiics applieu anu iecoiueu.
34" 0&221))1&5"( 6"7"6 &/ )"0.'1-# Secuiity systems aie often installeu as a ieactive action, eithei ovei- oi unuei- engineeieu to mitigate a single iisk (Biooks & Smith, In piint) anu opeiating as an open system in a uynamic thieat enviionment. Neveitheless, a secuiity system shoulu be unueistoou anu maintaineu at its commissioneu level.
89"',-15: %1-4 (#5,210 -4'",- The uynamic enviionment shoulu be monitoieu to allow the secuiity system's steauy state to be aujusteu to suit the thieat, foi example the secuiity system shoulu be scalable. As the thieat incieases, the secuiity system shoulu iaise to countei such an inciease anu, in contiast, lowei when thieat ieuuces, thus showing equifinality. The ability to achieve such a uynamic secuiity system iequiies auuitional ieseaich to gain bettei unueistanuing of the inteiielationship between the functional constituents of secuiity.
;(&9-1&5 &/ , )"0.'1-# )#)-"2 ,99'&,04 The auoption of a secuiity systems appioach to secuiity management shoulu: Befine a common lexicon anu unueistanuing among stakeholueis. Act as an aiu to uefining the secuiity piogiam aichitectuie. ueneiate awaieness of system uesign piinciples to senioi management. Pioviue the basis foi conscious uiveigence fiom a common philosophy. Assist communication acioss functional management bounuaiies. Piomote the iegaiu foi secuiity management thiough auoption of matuie concepts. Pioviue flexibility within what might be iegaiueu as an otheiwise iigiu fiamewoik. Pioviue ieliability, maintainability, anu the ability to be upgiaueu. Be flexibility anu iesilience. Suppoit peifoimance anu effective iesouice allocation. Pioviues explicit senioi management suppoit (Smith & Biooks, 2u1S, pp. 26-27).
A secuiity system shoulu ieuuce iisks consistent with the business appetite. It is secuiity's iole to ensuie that secuiity is effective, uoes not waste iesouices, anu uses components to theii full potential. The piovision of sounu secuiity analysis anu management allows the business to consiuei anu appiove a balanceu secuiity plan. Such balance piomotes efficient spenuing to ieuuce 'unuei' oi 'ovei' investment in the secuiity system, anu pioviue appioveu secuiity to countei iisks that can impact on the company's ieputation, intellectual anu physical assets, anu to iecovei fiom ciisis (Cubbage & Biooks, 2u12).
<.'-4"' '")",'04 15 )"0.'1-# ("0,# This stuuy has pioposeu the mouel of entiopic secuiity uecay, pioviuing a theoietical founuation, examples of uecay in a physical piotection systems, anu a concept uefinition. Past authois have pieviously uiscusseu secuiity uecay (Coole & Biooks, 2uu9; NcCluie, 1997; Smith & Biooks, 2u1S). Bowevei, theie is still fuithei ieseaich }ouinal of Physical Secuiity 7(2), Su-76 (2u14)
7u neeueu to suppoit this pieliminaiy uiscussion of entiopic secuiity uecay. Such ieseaich shoulu seek to bettei unueistanu not only the physical oi engineeiing natuie of uecay, but also how uecay is uiiven thiough concepts such as a lack of knowleuge, economic piessuies, anu oiganisational cultuial. Foi example, can uecay cuives be uevelopeu that consiuei all constituents, anu aie these tiansfeiable within uiffeient contexts. Bow uo uiffeient uomain expeits view secuiity uecay within uiffeient systems. Becay is not only applicable to physical anu technical constituents, but also peisonnel, management, anu coipoiate constituents.
;>=;J?$<>= This stuuy sought to exploie entiopic secuiity uecay within a systems appioach, ueveloping a mouel of entiopic secuiity uecay. The initial concept was built fiom ievieweu liteiatuie suggesting that all physical systems, if left anu with no feeuback, will uecay. The concept was testeu against secuiity expeit's views anu expeiience with secuiity systems, suppoiting the mouel of entiopic secuiity uecay.
If a physical piotection system is not piofessionally manageu as a system, that is, pioviueu the appiopiiate feeuback, it will uecay. In consiueiing such an outcome anu consistent with the unueipinnings of ueneial Systems Theoiy (uST), we have aigueu that, in contiast to 0nueiwoou's (1984) anu NcCluie (1997) wiitings, secuiity uecay is piimaiily conceineu with managing the natuial entiopic piocesses occuiiing against commissioneu levels of effectiveness within the complex secuiity constitutional ielationships. Fuitheimoie, these piocesses aie alloweu to manifest uue to a lack of piofessional management of the secuiity function as a !"!#$%. As one of the paiticipating expeits stateu, "a significant cause of uecay is a lack of piofessional management of the system ... we install systems, but people uo not unueistanu what unueipins them ... we uesign in paiameteis to facilitate foi uecay; howevei, a lack of (piofessional) knowleuge anu management of these paiameteis leaus to secuiity uecay".
Entiopic secuiity uecay is the uegiauation of secuiity mitigation stiategies within the gieatei secuiity management system, uue to inteinal oi exteinal factois. Secuiity uecay is a suppoitable concept that can be uefineu as #3$ 6,)/5)4 /$6,)/)#2-+ -0 #3$ %2(,-!(-.2( ;5)+#2#2$! <(-+!#2#5$+#!= -, #3$ 6,)/5)4 /$6,)/)#2-+ 2+ #3$ ,$4)#2-+!32. :$#9$$+ #3$ %2(,-!(-.2( )+/ %)(,-!(-.2( ;5)+#2#2$! 92#32+ ) !$(5,2#" !"!#$%. To effectively manage a secuiity system iequiies the uesign, application, anu management of secuiity consistent with a secuiity management systems appioach. Such an appioach allows a system to be applieu, with metiic opeiational ueliveiables ensuiing compliance to the secuiity systems objectives. Bowevei, fuithei ieseaich is iequiieu to uevelop anu uefine this pieliminaiy uiscussion of secuiity uecay anu fuithei exploie a usable mouel that suppoits the geneial secuiity piactitionei.
:3.3:3=;3$ Baiton, }., & Baslet, T. (2uu7). Analysis, synthesis, systems thinking anu scientific methou: ieuiscoveiing the impoitance of open systems. ?"!#$%! M$!$),(3 )+/ N$3)82-5,)4 ?(2$+($, OP, 14S-1SS. }ouinal of Physical Secuiity 7(2), Su-76 (2u14)
71 Beitalanffy, L., v. (19Su). An outline of geneial systems theoiy. B3$ N,2#2!3 ?-(2$#" 0-, #3$ H324-!-.3" -0 ?(2$+($* Q(2), 1S4-16S. Beitalanffy, L., v. (19Su). The theoiy of open systems in physics anu biology. ?(2$+($* R$9 ?$,2$!* QQQ(2872), 2S-29. Beitalanffy, L., v. (1968). S$+$,)4 !"!#$%! #3$-,": founuations, uevelopment, application. New Yoik: ueoige Biazillei, Inc. Bittel, L., R. (1978). T+("(4-.)$/2) -0 .,-0$!!2-+)4 %)+)6$%$+#: an authoiitative guiue to the piofitable piactice of management. New Yoik: Ncuiaw-Bill. Boigsuoif, B., & Pliszka, B. (1999). Nanagement youi iisk oi iisk youi management. H5:42( U)+)6$%$+#, VQ(11), 6-1u. Boiouzicz, E., & uibson, S. B. (2uu6). Coipoiate secuiity euucation: towaius meeting the challenge. ?$(5,2#" W-5,+)4* QX, 18u-19S. Biouei, }. F. (2uu6). M2!F )+)4"!2! )+/ #3$ !$(5,2#" !5,8$" (Siu eu.). 0xfoiu: Butteiwoith- Beinemann. Biooks, B. }. (2u1u). What is secuiity: Befinition thiough knowleuge categoiisation. ?$(5,2#" W-5,+)4* OY, 22S-2S9. uoi: 1u1uS7sj.2uu8.18. Biooks, B. }. (2u11). Secuiity iisk management: A psychometiic map of expeit knowleuge stiuctuie. G+#$,+)#2-+)4 W-5,+)4 -0 M2!F U)+)6$%$+#, QY(12), 17-41. uoi: 1u.1uS7im.2u1u.7. Biooks, B. }., & Smith, C. L. (In piint). Engineeiing Piinciples in the Piotection of Assets. In N.uill (Eu.), Z)+/:--F -0 ?$(5,2#" (2nu eu.): Palgiave NcNillian. Bohm, B., & Peat, B. (2uuu). ?(2$+($* -,/$,* )+/ (,$)#282#" (2nu eu.). New Yoik: Routleuge. Byeon, }., B. (2uuS). A systems appioach to entiopy change in political systems. ?"!#$%! M$!$),(3 )+/ N$3)82-5,)4 ?(2$+($A OO, 22S-2S1. Callistei, W. B. (1997). U)#$,2)4! !(2$+($ )+/ $+62+$$,2+6J K+ 2+#,-/5(#2-+ (4th eu.). New Yoik: }ohn Wiley & Sons. Checklanu, P. (1981). Systems thinking, systems piactice. Salisbuiy: }ohn Wiley & Sons. Claike, R. v., & Coinish, B. B. (1987). 0nueistanuing ciime uisplacement: An application of iational choice theoiy. [,2%2+-4-6", \](4), 9SS-947. Collins Austialian Pocket Bictionaiy of English Language. (1994). Nelbouine: Baipei Collins Publisheis. Coole, N., & Biooks, B. }. (2uu9). Secuiity Becay: An entiopic appioach to uefinition anu unueistanuing. H,-($$/2+6! -0 #3$ O+/ K5!#,)42)+ ?$(5,2#" )+/ G+#$4426$+($ [-+0$,$+($, Peith. Ciaigheau, u. (2uuS). Z2631M2!$ ?$(5,2#" )+/ 02,$ 420$ !)0$#" (2 nu eu.). Boston: Butteiwoith Beinemann. Cubbage, C., & Biooks, B. }. (2u12). [-,.-,)#$ ?$(5,2#" 2+ #3$ K!2) H)(202( M$62-+J [,2!2!* [,2%$* ^,)5/ )+/ U2!(-+/5(# Boca Raton: Tayloi anu Fiancis. Benbigh, K. u. (2uu9). R-#$ -+ $+#,-."* /2!-,/$, )+/ /2!-,6)+2_)#2-+. Retiieveu Apiil S, 2uu9 fiom http:www.enueav.oigevoluttextuenbig1uenbig1e.htm Euith Cowan 0niveisity, (2uu4). H3"!2()4 !$(5,2#": ?#5/" 652/$ ?[` QQ]Q. Peith: Authoi. Feluei, u. (2uu1). B32+6! 0)44 ).),#J K+ 2+#,-/5(#2-+ #- $+#,-.". Retiieveu }uly 1S, 2u11 fiom http:www4.ncsu.euuunitylockeisuseisffelueipublickennypapeisent iopy.html Fennelly, I. }. (1997). T00$(#28$ .3"!2()4 !$(5,2#" (2nu eu.). Amsteiuam; Boston. Butteiwoith-Beinemann. }ouinal of Physical Secuiity 7(2), Su-76 (2u14)
72 uaicia, N. L. (2uu1). B3$ /$!26+ )+/ $8)45)#2-+ -0 .3"!2()4 .,-#$(#2-+ !"!#$%!. Boston: Butteiwoith-Beinemann. uaicia, N. L. (2uu6). a54+$,):242#" )!!$!!%$+# -0 .3"!2()4 .,-#$(#2-+ !"!#$%!. Boston: Butteiwoith-Beinemann. Batfielu, A. }., & Bipel, K. W. (2uu2). Risk anu systems theoiy. M2!F K+)4"!2!, OO(6), 1u4S- 1uS7. Beiman, N. (1999). T+#,-." :)!$/ 9),0),$J U-/$442+6 #3$ ,$8-45#2-+ 2+ %242#)," )00)2,!A Retiieveu Apiil 18, 2u1u fiom http:2u9.8S.17S.1S2seaich.q=cache:7Rigu4CTvaA}:www.au.af.milauawca wcgatejfq162u.puf+heiman+entiopy+baseu+waifaie&cu=1&hl=en&ct=clnk& gl=au Bonkasalo, A. (1998). Entiopy, eneigy anu steauy-state economy. ?5!#)2+):4$ '$8$4-.%$+#A b, 1Su-142. Bowlet, }., F. (199S). Naintenance: The pacifiei's influence. H,-($$/2+6 -0 #3$ QXXc G+#$,+)#2-+)4 [),+)3)+ [-+0$,$+($ -+ ?$(5,2#" B$(3+-4-6", Institute of Electionic Engineeis. pp. 219-224. Keien, N. (1979). Iueological implications of the use of open systems theoiy in political science. N$3)82-5,)4 ?(2$+($* OP, S11-S24. King, S. (2uu8). ?$(5,2#" $+#,-.". Computei Weekly. Retiieveu }uly S, 2u11 fiom http:www.computeiweekly.comblogsstuait_king2uu8u9secuiity- entiopy.html Konicek, }., & Little, K. (1997). ?$(5,2#"* G' !"!#$%! )+/ 4-(F!J B3$ :--F -+ $4$(#,-+2( )(($!! (-+#,-4. New Yoik: Butteiwoith-Beinemann. Liamputtong, P. & Ezzy, B. (2uu6). d5)42#)#28$ ,$!$),(3 %$#3-/! (2 nu eu.). 0xfoiu: 0niveisity Piess. Lovey, I., & Naukaini, N., S. (2uu7). Z-9 3$)4#3" 2! "-5, -,6)+2!)#2-+. Westpoit, Connecticut: Piaegei Publishing. Nanunta, u. (1999). What is secuiity. ?$(5,2#" W-5,+)4. QO, S7-66. Nanunta, u. (2uu7). The management of secuiity: Bow iobust is the justification piocess. ?$(5,2#" W-5,+)4. O], 41-4S. Naitin, B., W. (2uuu). '-2+6 .!"(3-4-6" $7.$,2%$+#! (S th eu.). Wauswoith. NcCluie, S. A. (1997). ?$(5,2#" /$()"J B3$ $,-!2-+ -0 $00$(#28$ !$(5,2#". 0npublisheu honouis thesis, Euith Cowan 0niveisity, Peith, Westein Austialia. Niugley, u. (2uuS). ?"!#$%! #32+F2+6J 6$+$,)4 !"!#$%! #3$-,"* (":$,+$#2(! )+/ (-%.4$72#". Lonuon: SAuE Publications. Noiales-Natamoios, 0., Tejeiua-Pauilla, R., & Bauillo-Pina, I (2u1u). Fiactal Behavioui of Complex Systems. ?"!#$%! M$!$),(3 )+/ N$3)82-5,)4 ?(2$+($* Oc, 71-86. Notz, L., & Weavei, }. B. (1989). B3$ !#-," -0 .3"!2(!. New Yoik: Plenum Piess. 0 Block, R. L., Bonneimeyei, }., F., & Boeien, S., E. (1991). ?$(5,2#" )+/ (,2%$ .,$8$+#2-+ (2 nu eu.). Boston: Butteiwoith-Beinemann. 0lzac, T. (2uu6). }ust enough secuiity. ?$(5,2#", PY(9), 114. Post, R. S., Kingsbuiy, A. A., & Schachtsick, B. A. (1991). ?$(5,2#" )/%2+2!#,)#2-+J K+ 2+#,-/5(#2-+ #- #3$ .,-#$(#28$ !$,82($! (4th eu.). Boston: Butteiwoith-Beinemann. Piuwiiny, N. (2uu6). "Equilibiium Concepts anu Feeubacks". ^5+/)%$+#)4! -0 H3"!2()4 S$-6,).3"* <O+/ $/A=A Febiuaiy S, 2u1u, fiom: http:www.physicalgeogiaphy.netfunuamentals4f.html Pitzei, K., S. (199S). B3$,%-/"+)%2(!. New Yoik: Ncuiaw-Bill. Piigogine (1987). Exploiing complexity. T5,-.$)+ W-5,+)4 -0 e.$,)#2-+)4 M$!$),(3* Su, 97-1uS. }ouinal of Physical Secuiity 7(2), Su-76 (2u14)
7S Rifkin, }., & Bowaiu, T. (1982). T+#,-.": a new woilu view. New Yoik: The viking Piess. Roos, I. (1997). The Bebt of Systems Theoiy to Theimouynamics. Nonash 0niveisity Faculty of Business & Economics. Woiking papei seiies S497. Singh, A. N. (2uuS). Piivate secuiity anu ciime contiol. B3$-,$#2()4 [,2%2+-4-6", X, 1SS- 174. Smith, C. L. (2uuS). f+/$,!#)+/2+6 (-+($.#! 2+ #3$ /$0$+($ 2+ /$.#3 !#,)#$6", School of Engineeiing anu Nathematics. Euith Cowan 0niveisity, Peith, Westein Austialia. Smith, S. (1992). ulobal uumbing: the politics of entiopy. H,-6,$!!28$ M$82$9. Retiieveu Apiil 22, 2uu9 fiom http:pioiev.comuumbing.htm Smith, C. L., & Biooks, B. }. (2u1S). ?$(5,2#" ?(2$+($J B3$ B3$-," )+/ H,)(#2($ -0 ?$(5,2#" Waltham, NA: Elseviei. Someison, I., S. (2uu9). B3$ ),# )+/ !(2$+($ -0 ,2!F !$(5,2#" ,2!F )!!$!!%$+#A Alexanuiia, vA: ASIS Inteinational. Stanuaius Austialia. (2uu4). K?CRg?PYb]JO]]P M2!F %)+)6$%$+#A Syuney: Stanuaius Austialia. Stanuaius Austialia. (2uu6). ZN QbcJO]]b ?$(5,2#" ,2!F %)+)6$%$+#. Syuney: Stanuaius Austialia. Styei, B. F. (2uuu). Insight into entiopy. K%$,2()+ W-5,+)4 -0 H3"!2(!, bV(12), 1u9u-1u96. The New 0xfoiu School Bictionaiy (1991). Nelbouine: Baipei Collins Publisheis. Tiusteu Infoimation Shaiing Netwoik foi Ciitical infiastiuctuie Piotection, (2uu8). '$0$+($ 2+ /$.#3. Retiieveu }uly 1S, 2u11 fiom http:www.ubcue.gov.au__uataassetspuf_fileuuu688SS9BiB-CI0-1S_0ct- 2uu8.puf 0nueiwoou, u. (1984). B3$ !$(5,2#" -0 :524/2+6!. Lonuon: Butteiwoiths. vannini, A. (2uuS). Entiopy anu Syntiopy: fiom mechanical to life science. R$5,-d5)+#-4-6" (2), 88-11u.
1he auLhors are Lo be congraLulaLed for provlded us a fasclnaLlng and lnnovaLlve model for Lhlnklng abouL securlLy. unforLunaLely, we have problems wlLh Lhe cholce and phraslng of quesLlons Lo Lhe experLs panels, wlLh Lhe degree Lo whlch Lhe model was valldaLed", and wlLh Lhe wrlLlng lLself. MosL lmporLanLly of all, we belleve Lhe auLhors are perpeLuaLlng a number of myLhs and overslmpllflcaLlons abouL securlLy. 1hese are boLh unnecessary for Lhelr Lhesls, and a dlsservlce Lo readers.
1he experLs chosen for Lhls sLudy were clearly very quallfled. Whlle Lhe auLhors were no doubL slmply Lrylng Lo be Lhorough and careful, many of Lhe quesLlons posed Lo Lhe experLs were raLher mundane and pedanLlc. ls lL really necessary Lo essenLlally check wheLher Lhe experLs belleve ln Lhe 2 nd Law of 1hermodynamlcs? More Lroublesome, Lhe quesLlons Lo Lhe experLs seemed Lo be framed ln a way LhaL dld noL lnvlLe Lhem Lo flnd any problems wlLh Lhe model. 1hey don'L seem Lo have been parLlcularly encouraged Lo Lhlnk abouL or ralse any ob[ecLlons. ln oLher words, Loo many sofLball quesLlons resulLed ln a mlssed opporLunlLy Lo crlLlcally examlne Lhe model.
}ouinal of Physical Secuiity 7(2), Su-76 (2u14)
74 Cne of us (buL noL so much Lhe oLher) Lhlnks LhaL Lhe auLhors' clalm LhaL Lhe uelphl exerclse valldaLed" Lhelr model may be overreachlng, and LhaL perhaps examlnlng lLs valldlLy" mlghL be a beLLer way Lo Lhlnk abouL Lhls sLudy.
1he auLhors aLLempL-and we Lhlnk wlLh some success-Lo argue LhaL decay can cause securlLy fallure. unforLunaLely, Lhey largely lgnore oLher fallure mechanlsms LhaL should be dlscussed as alLernaLlve or compeLlng mechanlsms, e.g., securlLy may have been poorly deslgned rlghL from Lhe sLarL, securlLy resources may slmply be lnadequaLe, securlLy hardware/sofLware producLs deployed may noL be very good or adversarles may have compromlsed Lhem before deploymenL, Lhe faclllLy may be badly deslgned, changlng LhreaLs and exLernal Lechnology developmenL may make exlsLlng securlLy mooL or lneffecLlve, Lhe organlzaLlon's mlsslon or fundlng may have been modlfled by exLernal auLhorlLles, eLc.
AnoLher problem wlLh Lhe paper, and someLhlng LhaL lmpedes Lhe reader's undersLandlng and en[oymenL, are Lhe prevalenL grammaLlcal errors, pedanLlc language, clumsy wordlng, and (especlally) Lhe excesslve use of Lhe passlve volce ln much of Lhe wrlLlng. lf wrlLlng lsn'L Lhe auLhors' sLrong sulL, perhaps Lhey should seek Lhe asslsLance of a proflclenL Lechnlcal wrlLer ln Lhe fuLure.
1he blggesL lssue we have wlLh Lhe paper ls LhaL Lhe auLhors seem overly obsessed wlLh uefense ln uepLh" (ulu), and Lhe ofLen mlndless manLra ueLerrence, ueLecLlon, uelay, 8esponse, and 8ecovery" (3u28). 1he laLLer ls more LradlLlonally LhoughL of as Lhe 3us: ueLer, ueLecL, ueny, uelay and uefend". (ulu ls someLlmes also called layered securlLy".) 1he auLhors do noL need Lo lnvoke Lhese concepLs Lo dlscuss securlLy decay, Lhey would have a more general model (and mlslead Lhe reader less) wlLhouL Lhem, or lf Lhey aL leasL used Lhem only LangenLlally.
lL ls nC1 Lrue, as sLaLed ln Lhe absLracL, LhaL ...Lhese funcLlons [ueLer, ueLecL, uelay, 8esponse, and 8ecover] musL be ...performed ln order". ln facL, 3u28 and 3us, whlch Lend Lo be used somewhaL lnLerchangeably, aren'L even ln agreemenL over Lhe order! More lmporLanLly, lL's deluslonal Lhlnklng Lo belleve LhaL securlLy managers can force a LlghLly ordered sequence (or a small number of pre-deflned aLLack paLhs) on an lnLelllgenL and prepared adversary, especlally lnslde aLLackers. lL ls also worLh noLlng LhaL ln some complex ulu securlLy plans, Lhe varlous funcLlons (or aL leasL some of Lhem) are meanL Lo go lnLo acLlon slmulLaneously.
lor many securlLy appllcaLlons, all of Lhe varlous funcLlons ln 3u28 (or 3us) aren'L relevanL. 1amper-evldenL packaglng on drugs, for example, lnvolve deLecLlon, buL Lhere ls llLLle deLer, delay, or recovery. When Lhe resldenL of Lhe unlLed SLaLes vlslLs a clLy, SecreL Servlce AgenLs someLlmes babyslL" menLally unbalanced clLlzens who have made LhreaLs ln Lhe pasL as a prevenLlve measure durlng Lhe vlslL. 1hls ls pure prevenLlon, wlLhouL 3u28 or 3us. As anoLher example, [ueLer, ueLecL, uelay, 8esponse, 8ecover] are ofLen wholly or parLlally lrrelevanL for lnslde aLLackers.
8y lnslsLlng LhaL securlLy can only be LhoughL of ln Lerms of ulu and 3u28 or 3us, Lhe auLhors are perpeLuaLlng common, buL dangerous myLhs. 8y lnslsLlng LhaL Lhelr model can only be abouL ulu and 3u28 or 3us, Lhey are llmlLed lLs generallLy and usefulness. }ouinal of Physical Secuiity 7(2), Su-76 (2u14)
7S #2%-*"(' )*++#,-'
l agree wlLh Lhe revlewers LhaL Lhls ls a welcome and lnLeresLlng paper, and LhaL Lhe auLhors should be Lhanked for Lhelr dlllgenL efforLs and for sharlng Lhem wlLh us.
l was surprlsed aL Lhe vehemence wlLh whlch boLh !"#$"%"!& re[ecLed Lhe efflcacy and orLhodoxy of uefense ln uepLh and 3u28 (or 3u). l LhoughL LhaL was my shLlck. l was also surprlsed aL Lhe vehemence wlLh whlch Lhe '()*+!& lnslsLed LhaL Lhe only way Lo Lhlnk abouL securlLy or securlLy decay ls vla uefense ln uepLh and 3u28 (or 3u).
l cerLalnly have seen many examples of bad ulu securlLy-Lhe securlLy fallure aL ?-12 wlLh Lhe Lrespasslng 83-year old nun belng a classlc example of how (sLupldly) ulu usually falls. (See Lhe mlddle of page v aL Lhe beglnnlng of Lhls lssue for more lnformaLlon abouL Lhe ?-12 securlLy breach.) l have also frequenLly seen examples of where an obsesslon wlLh 3u28 (or 3u) leads Lo an over-emphasls on unlmaglnaLlve force-on-force aLLacks aL Lhe expense of noL properly defendlng agalnsL more probable, subLle, lnLelllgenL, and effecLlve aLLack scenarlos. 1hese lnclude, for example, lnslder aLLacks, and Lamperlng wlLh or lnsLalllng backdoors ln securlLy hardware, sofLware, or Lhe faclllLy belng defended. ln my vlew, Lhe concepLs of ulu and 3u28 (or 3u)-and ln parLlcular Lhelr mlndless" use (borrowlng one revlewer's lncendlary Lerm)-have probably caused almosL as much harm Lo securlLy as good.
As a vulnerablllLy assessor, l ofLen ask abouL Lhe sLraLegy behlnd Lhe securlLy devlce, sysLem, or program we are analyzlng. lf Lhe flrsL Lhlng LhaL Lhe developer, manufacLurer, or securlLy manager says ls uefense ln uepLh", Lhen l know ln advance we are golng Lo flnd a loL of amaLeurlsh and egreglous vulnerablllLles because Lhe securlLy has been lncompleLely LhoughL Lhrough. lf, on Lhe oLher hand, Lhere acLually ls a securlLy sLraLegy, wlLh ulu merely belng parL of LhaL sLraLegy, Lhen we wlll cerLalnly flnd vulnerablllLles buL Lhey won'L be as numerous or embarrasslng.
l have Lo agree wlLh Lhe revlewers LhaL nelLher ulu nor 3u28 (or 3u) are necessary ln Lhe auLhors' model, and are lndeed someLhlng of a red herrlng. Cn Lhe oLher hand, decay ls no doubL a blgger problem for complex sysLems, and ulu ls almosL always an (overly) complex sysLem. Moreover, ulu and 3u28 (or 3u) are hlghly relevanL Lo real world securlLy because Lhese are approaches and paradlgms commonly used ln securlLy-for good or lll. 1o furLher slde wlLh Lhe auLhors (aL leasL a llLLle), lL ls probably unfalr for Lhe revlewers and me Lo gang up on Lhem over Lhe lssue of ulu and 3u28 (or 3u). 1he auLhors cerLalnly dld noL lnvenL Lhese concepLs nor are Lhey responslble for Lhelr ofLen mlndless", knee-[erk lmplemenL- LaLlon. lurLhermore, Lhe second and Lhlrd papers ln Lhls lssue dlscuss applylng and exLendlng Lhe LASl model, yeL nelLher l nor Lhe (dlfferenL) revlewers of Lhose papers crlLlclzed Lhe auLhors over Lhelr use of LASl, ulu, and 3u28 (or 3u).
1hough Lhe revlewers dld noL ralse Lhls polnL, l was dlsappolnLed LhaL Lhe auLhors- havlng lnvoked a loL of sclence-dldn'L much use Lhelr model ln a sclenLlflc way: Lo make predlcLlons. Soclal sclenLlsLs Lend Lo use models Lo organlze ldeas, asslsL ln lnLerpreLlng Lhe real world, and provlde a consLrucL for Lhlnklng abouL Lhe relevanL lssues. SclenLlsLs, ln }ouinal of Physical Secuiity 7(2), Su-76 (2u14)
76 conLrasL, Lyplcally vlew Lhe purpose of models as maklng predlcLlons LhaL can be LesLed. Cne predlcLlon LhaL Lhe auLhors' model would seem Lo make LhaL Lhe auLhors dld noL much pursue ls Lhe ldea LhaL when securlLy programs are noL closed, l.e., when Lhere ls a loL of lnpuL of fresh energy" (e.g., money, new ldeas, new personnel, lmproved hardware and sofLware, fresh analysls of LhreaLs/vulnerablllLles/consequences/sLraLegles), Lhen Lhe sysLem's enLropy can decrease. l also whole-hearLedly agree wlLh Lhe revlewers' condemnaLlon of Lhe exLenslve use of passlve volce by Lhe auLhors. asslve volce ls noL rlgorous or scholarly. 8aLher, lL obscures and lL dlsgulses. And lL's annoylng ln excess. l have edlLed ouL a good blL of lL ln Lhe flnal paper, as ls sLandard pracLlce for Lhe ,+(!-'. +0 1*2&$3'. 4"3(!$)2. lor any confused readers, here are some examples: l made mlsLakes" ls much beLLer Lhan Lhe passlve and weasely MlsLakes were made." eople should wrlLe, 1he daLa suggesL.", noL lL can be lnferred from Lhe daLa." lor fuLure auLhors: Pere ls SLephen klng commenLlng on Lhe passlve volce [from 5- 6!$)$-78 9 :";+$! +0 )*" <!'0)= Slmon and SchusLer, (2000), pp. 122- 124]: verbs come ln Lwo Lypes, acLlve and passlve. WlLh an acLlve verb, Lhe sub[ecL of Lhe senLence ls dolng someLhlng. WlLh a passlve verb, someLhlng ls belng done )+ Lhe sub[ecL of Lhe senLence. 1he sub[ecL ls [usL leLLlng lL happen. >+( &*+(.? '#+$? )*" @'&&$#" #+$3"A l'm noL Lhe only one who says so, you can flnd Lhe same advlce ln B*" C.";"-)& +0 4)2."A Messrs. SLrunk and WhlLe don'L speculaLe as Lo why so many wrlLers are aLLracLed Lo passlve verbs, buL l'm wllllng Lo, l Lhlnk Llmld wrlLers llke Lhem for Lhe same reason Llmld lovers llke passlve parLners. 1he passlve volce ls safe. 1here ls no Lroublesome acLlon Lo conLend wlLh.l Lhlnk unsure wrlLers also feel Lhe passlve volce somehow lends Lhelr work auLhorlLy, perhaps even a quallLy of ma[esLy. lf you flnd lnsLrucLlon manuals and lawyers' LorLs ma[esLlc, l guess lL does. . l won'L say Lhere's no place for Lhe passlve Lense. [8uL].Lwo pages of passlve volce-[usL abouL any buslness documenL ever wrlLLen, ln oLher words, noL Lo menLlon reams of bad flcLlon-make me wanL Lo scream. lL's weak, lL's clrculLous, and lL's frequenLly LorLuous, as well. now some mlghL argue LhaL Lechnlcal wrlLlng ls somehow dlfferenL. oppycock*, l say! lL ls sLlll done ln Lngllsh, and Lhe prlnclples of good Lngllsh and good communlcaLlon sLlll apply, maybe even more so. (And Lhls lncludes Lhe lmporLance of wrlLlng ln shorL, clean, unamblguous senLences.)
Cverall-Lhe ob[ecLlons of Lhe revlewers and myself noLwlLhsLandlng-l Lhlnk Lhls ls a remarkable and laudable paper. lL cerLalnly made me Lhlnk abouL securlLy (and enLropy") ln a dlfferenL way, and Lhe dlsagreemenLs were aL leasL exclLlng, lf noL lllumlnaLlng.
___________ *oppycock" ls from Lhe uuLch word pappekak", llLerally sofL dung".