Threat characterization in vital area identification process

Abstract

The identification of a potential attacker's targets is fundamental in the design of a physical protection system for complex technological facilities such as nuclear facilities. An attack can be carried out to sabotage, or gain control of, targets that are physically represented by different parts of systems, structures and components (SSC), or their combination. Those SSCs that need to be protected in order to prevent radiological consequences in a nuclear facility are called vital and are located within vital areas. The use of attack trees in the vital area identification is an innovative approach that enables modeling of both the SSCs and the threat including their mutual interaction. Threat characteristics are described by a well-designed and scaled set of attributes. Required attacker's capabilities to disable each SSC have to be assessed. Methods of expert opinion elicitation are mostly used for the assessment of attacker's abilities to perform malevolent events on an individual SSC represented by tree leaf nodes. This paper presents the selected findings from the attack tree implementation in the vital area identification focusing on threat and supplementary attributes for the attack tree model. The protection tree is used to evaluate and identify vital area candidates. The suggested method of threat characterization in an attack tree enables time-effective, more precise and well-documented vital area identification.