Comparing physical protection strategies against insider threats using probabilistic risk assessment

Abstract

Insiders pose a unique challenge to the safety and security of a nuclear facility. They can take advantage of their access rights and knowledge of the plant to bypass, e.g., physical protection elements. In this paper, we present a risk-informed approach to analyze the most plausible ways for an intelligent insider to cause an unwanted outcome (e.g., plant disturbance) by accessing critical locations and preventing the functioning of critical systems. The strength of different protection strategies can be compared using security risk metrics. The starting point of the method is the logical model of a probabilistic risk assessment. The logic model, in the form of minimal cut sets, identifies critical failure combinations that need to be prevented. The case study we performed demonstrated that the approach is usable and should be applicable to realistic facilities. In the analyses, the unwanted outcome to be protected can be basically any outcome that can be represented by minimal cut sets.