[en] In this study, we generalized quantum digital signature scheme for three-partied[5] to the multi-partied. Also we analyzed this scheme for repudiation, forgery and colluding adversaries. (paper)

[en] The article addresses the issue of threat and adversary modelling for creating a technical information protection system. Due to the very fast development of information technologies now, the information security must also be taken into consideration. Information leakages can occur via different channels such as acoustic and vibro-acoustic channels, electromagnetic interferences and so on. Protection must be secured against all that. Protection is particularly required when quite important documents or methods that can constitute state secrecy are concerned. (paper)

[en] Unmanned Aerial System (UAS) Technology has advanced greatly over the last decade. With this advancement, the basic capabilities of UASs could be employed to gain an advantage against adversaries and enhance the security of radioactive material during shipment, storage, and use. UASs may be used for ground surveillance, provide counter surveillance against malicious UASs, add security to shipments, or to physically counter malicious UASs. The greatest limitations to UASs include power requirements, communication availability, laws and regulations, and exploitation by adversaries. With the increase in availability of UASs, adversaries can exploit this technology for nefarious means. Solutions are currently being pursued world-wide to counter UAS threats. A standard, out of the box UAS can record a HD video feed and transmit lower quality real time video to the pilot or control station on the ground. Equipped with GPS receivers, the UASs can be given a preprogrammed route to follow around a facility, be dispatched to a specific location in response to an alarm, or be told to follow a vehicle during transit. The standard UAS will have one or multiple visual spectrum cameras attached, though other optics could be used to enhance surveillance capabilities. The location and heading of the UAS is easily known and can help ground forces respond to threats at fixed locations, allow a vehicle to be monitored while stopped, or watch for adversaries during transit. With speeds up to 150 km/hr published on current UASs, they would be able to deploy from a vehicle, make observations, and dock without stopping.

[en] A physical protection system (PPS) is used for the protection of critical facilities. This paper proposes a structure analytic hierarchy approach (SAHA) for the hierarchical evaluation of the PPS effectiveness in critical infrastructure. SAHA is based on the traditional analysis methods “estimate of adversary sequence interruption, EASI”. A community algorithm is used in the building of the SAHA model. SAHA is applied to cluster the associated protection elements for the topological design of complicated PPS with graphical vertexes equivalent to protection elements

[en] The scope of the DBT in Finland encompasses nuclear facilities, nuclear materials, and other radioactive materials. Its structure evolved into a level scheme with progressive levels of threat. The level scheme reflects the severity and potential consequences of different threats with the aim to cover today’s situation as well as conservative assumptions. Each level has its own protection objectives. Physical and cyber threats as well as other information security threats are included in the DBT. While the physical threats are defined through adversary capabilities, the cyber threats, due to their rapidly changing characteristics, are mainly defined through attack vectors. The DBT is applied to different facilities and activities in accordance with the magnitude of potential consequences of unlawful acts. Experience shows that it is essential to involve a broad range of expertise throughout the process of threat assessment and DBT development. In the joint effort coordinated by the regulatory authority for radiation and nuclear security and safety other competent authorities and nuclear facility operators contributed through their expertise on the threat environment and on facility operations from the point of view of safety and security. (author)

[en] The United States Department of Homeland Security’s Domestic Nuclear Detection Office (DNDO) is charged with implementing domestic nuclear detection efforts to protect the U.S. from radiological and nuclear threats. DNDO is also responsible for coordinating the development of the Global Nuclear Detection Architecture (GNDA). DNDO is planning to utilize a unique risk analysis tool to conduct a holistic risk assessment of the GNDA known as the Radiological and Nuclear Risk Assessment Methods (RNRAM). The capabilities of this tool will be used to support DNDO risk analyses. The model uses a probabilistic risk assessment methodology and includes the ability to conduct a risk assessment of the effectiveness of layered architectures in the GNDA against an attack by an intelligent, adaptive adversary. This paper overviews the basic structure, capabilities, and use of RNRAM as used to assess different architectures and how various risk components are calculated through a series of interconnected modules. Also highlighted is the flexible structure of RNRAM which can accommodate new modules in order to examine a variety of threat detection architectures and concepts. (author)

[en] Defence-in-depth is used today in many contemporary defensive physical security designs. The term is also used in computer security but this paper will show that there are important distinctions in the way that the concept of defence-in-depth applies for the defence of networked digital technology. Physical defence-in-depth is designed such that the adversary will be delayed and detected and potentially defeated at successive boundaries, offering the defender sufficient time to respond. This paper will show that this assumption about defence-in-depth may not apply to computer security. Given that current computer security detection methods cannot reliably detect all cyber-attacks, the most sophisticated adversary is unlikely to be detected at key boundaries. Consequently, the notion of delaying the attacker has less relevance because the defender cannot rely on that time to muster his resources. Also, this paper will illustrate how the nature of a cyber-attack – particularly blended / hybrid attacks – can provide the means to attack those security boundaries in a different sequence, not necessarily starting from the outside and tackling successive defences. This paper will consider five key differences between the environments for physical security and computer security, to then develop some parameters for effective defence-in-depth for networked digital technologies in order to provide resilience against attacks, in the context of rapidly changing digital technology, threats and business drivers. The paper will conclude with observations about what this may mean for the civil nuclear sector. (author)

[en] An Insider has a greater threat to the security system of radioactive material facility due to their ability to get benefit of their rights to access, authority and knowledge of a facility. Insiders may be have the capability to by-pass many detection measures, because of their access for entry or by other available ways. An insider may be in any position at a radiological facility, they may be high level employee or low level, where the factors affecting insider attempt insider opportunity and motivation. The security plan introduces the physical protection systems at a facility and depend on the regulations and best practices for protection against both the insider and external adversary. The description includes the fundamental principles that are used to establish the physical protection system at the facility and should contain a description of the principles for an effective insider mitigation program, then identifies the policies and, subsequently, defines the operations and procedures which control physical protection at the facility. This paper views measures for the preventive and protective actions against insider related to security of Radioactive Material (RM) and associated facilities where the design and evaluation of physical protection system against threats posed by outsiders and insiders, where proposed requirements include the general requirement, identification of potential insider threats, which defined the design basis threat (DBT) or the national threat assessment about insider threats so as to identify the potential insider threats for facilities, identification of target process for insider, insider characterization and measures against potential insiders comprises firstly, Preventive measures aiming to exclude potential adversaries and to reduce the likelihood of insiders trying to commit a malicious act, so for example the licensee before hiring any employee in job shall check the trustworthiness of the persons (background check ''criminal and ideological''- financial obligations- work history – alcohol testing- psychological) and during career progression who have knowledge of sensitive information. Also trustworthiness of personnel – inspect vetting procedures and records (including contractors) including pass issue and updating for this check all five years or when take place change in DBT .

[en] Nuclear facilities spend substantial and time on designing effective security systems and putting detection, delay and response measures in place. Having done this, facilities hardly ever get in the situation where they need to actively use these security measures to counter an actual threat. This results in three important questions that need to be considered: 1. How do we know that the technical security measures are in effective in detecting and withstanding a real-life, intelligent and creative adversary? 2. How do we ensure that (and train that) especially the guards – who in normal working life hardly ever encounter any adversaries – are continuously alert to detect and counter threats that surface unexpectedly? 3. How well is not only the guard force, but also the facilities as a whole prepared to withstand combined attach scenarios, including physical, social engineering and cyber scenarios? This paper discusses how the security managers of nuclear facilities in The Netherlands collaboratively addressed the questions above by developing in industry sector wide Force on Force exercises team. This team comprises members of all nuclear facilities in The Netherlands and performs as adversary test team unannounced security exercises at those facilities. (author)

[en] Terrorists continue to seek radioactive materials to cause harm and disruption. Many soft targets (e.g., hospitals and universities), which use radioactive materials for research and to treat cancer, take steps to increase the security surrounding these materials. However, any detection and delay measures at a site are meaningless if there is no timely and effective response from the local law enforcement agency. The Office of Radiological Security’s Training Academy at Y-12 provides multiple resources to bridge the gap between sites and local law enforcement so that the law enforcement is aware and prepared to respond to a site’s event involving radioactive materials. The Office of Radiological Security’s Alarm Response Training establishes a bridge between sites and local law enforcement by bringing them together to initiate a dialogue. By the end of the week long training local law enforcement understand the threat posed by the material, its location within their jurisdiction, and how to respond to an event involving the radioactive material. After training sites and local law enforcement implement facility walk downs and conduct exercises together to continue strengthening the bridge. The Office of Radiological Security also recognizes it cannot train ever single law enforcement officer in the United States at its Y-12 Training Academy. Therefore, the office developed Customized Alarm Response Training. Customized Alarm Response Training takes the course directly to the local law enforcement working with them to develop and establish their own one-day Alarm Response training program so that they can train their own responders. Customized Alarm Response Training enables the law enforcement to be ready to respond to actual events in the area while receiving valuable training specific to their jurisdiction and needs. Taking ownership of the training through Customized Alarm Response Training expands the bridge between sites and local law enforcement by ensuring all officers in a jurisdiction are aware of a site’s radioactive materials and are prepared to effectively respond. A timely and effectively response by local law enforcement is key to stopping an event involving radioactive materials. Without it a site’s security system is ineffective against an adversary. The Office of Radiological Security provides tools to build and reinforce bridges between sites and their local law enforcement agency so that responders are prepared to thwart the most determined of adversaries from obtaining radioactive materials. (author)