No abstract available

[en] In this paper we investigate a cybersecurity model: An attacker can launch multiple attacks against a target with a termination strategy that says that the attacker will stop after observing a number of successful attacks or when the attacker is out of attack resources. However, the attacker's observation of the attack outcomes (i.e., random variables indicating whether the target is compromised or not) has an observation error that is specified by both a false-negative and a false-positive probability. The novelty of the model we study is the accommodation of the dependence between the attack outcomes, because the dependence was assumed away in the literature. In this model, we characterize the monotonicity and bounds of the compromise probability (i.e., the probability that the target is compromised). In addition to extensively showing the impact of dependence on quantities such as compromise probability and attack cost, we give methods for finding the optimal strategy that leads to maximum compromise probability or minimum attack cost. This study highlights that the dependence between random variables cannot be assumed away, because the results will be misleading. - Highlights: • A novel cybersecurity model is proposed to accommodate the dependence among attack outcomes. • The monotonicity and bounds of the compromise probability are studied. • The dependence effect on the compromise probability and attack cost is discussed via simulation. • The optimal strategy that leads to maximum compromise probability or minimum attack cost is presented.

[en] The article contains analyzed provisions on categorization of radioactive substances and radiation sources according to the extent of their potential danger. Above provisions are used in the IAEA documents and in Russian regulatory documents for differentiation of regulatory requirements to physical security. It is demonstrated that with the account of possible threats of violators, rules of physical protection of radiation sources and radioactive substances should be amended as regards the approaches to assign their categories and security levels

[en] Few decades back most of the I and C systems are Hardwired based. With the developments in digital electronics, micro processors and micro controllers, the I and C systems are becoming more and more Computer based. Though it brought convenience to the designer, comfort to the operator in the form of better GUI, it also brought many challenges in the form of information security. The talk covers the typical I and C design using SCADA systems, the challenges, typical problems faced and the need for information security. The talk illustrates various security measures to be implemented in the design, development and testing stages. These security measures have to be taken both in the development environment and deployment environment. Verification and validation of computer based system is very important. Configuration change management is very essential for smooth running of the plant. The talk illustrates the various measures need to be taken. (author)

[en] Full text: The ITWG was first formed in 1995 for the purpose of fostering international cooperation for combating illicit trafficking of nuclear materials. The initial focus for the ITWG was on the development of nuclear forensics to help answer attribution questions regarding nuclear materials of unknown origin. More recently, the ITWG has also expanded its focus to include detection of nuclear materials during transit. This paper presents some of the key developments by this group and their potential impact for combating nuclear smuggling. The initial focus of the ITWG was to write a status report on international cooperation on nuclear smuggling forensic analysis. This 26-page report summarized previous work on nuclear forensics and gave an initial analysis on prioritizing techniques and methods for forensic analysis regarding source and route attribution. This report was submitted to the G-8 countries, and shortly thereafter, nuclear forensics was endorsed at the Moscow Summit in April, 1996, as part of an illicit trafficking program. The work of the ITWG has also been noted at subsequent summit declarations, e.g. Cologne. The ITWG's primary goal is to develop a preferred approach to nuclear forensic investigations that is widely understood and accepted as credible. The technical elements include: 1) development of protocols for a) collection and preservation of evidence and b) for laboratory investigation, 2) prioritizing of techniques for forensic analysis, 3) development of forensic databanks to assist in interpretation, 4) executing inter-laboratory exercises, and 5) facilitating technical assistance to countries upon request. The development of protocols has been conducted jointly by law enforcement officials and laboratory scientists. A major focus during much of the past six years has been the development of a model action plan for nuclear forensics. This action plan lays out the elements that are needed in the instance that illicit nuclear material is uncovered, e.g. incident response, crime scene analysis, collection of evidence (both radioactive and 'traditional' forensics, transportation to a nuclear facility, subsequent laboratory analysis, and then development of the case. The action plan recommends categorizing the SNM material (i.e. weapons-grade, weapons useable, or reactor-grade) in the field when possible. The ITWG meetings also include reports on scientific studies that help to advance nuclear forensics. For example, at our meeting two years ago (ITWG-6 held in Vienna) the following topics were presented: age-dating and source attribution for Pu production, verification of assumptions in age-dating of nuclear materials, a follow-up study on the Pu sample that was used in a round-robin experiment, the initial results of an investigation of the material characteristics of nuclear materials that might be used to identify the location of fabrication plants, and the ITRAP study by the IAEA on detection at border crossings. Many potential forensic clues cannot currently be interpreted due to the lack of appropriate databases. Several years ago, this need led to a joint effort by Russian and the European Commission (at ITU) to develop a forensics databank. They have developed a structure for the database that naturally complements the questions that are raised during an investigation. Some of the data in the databank are jointly shared, while other data entries are accessible by only the one party with the appropriate authorization. In addition to such a formal databank, the ITWG recognizes a future need to develop a network of experts with appropriate access to databases in order to assist others in interpreting the results from a nuclear forensics investigation. International exercises have been instrumental in helping the ITWG to assess the value of various experimental techniques for answering attribution questions. Our first exercise involved a sample of Pu, and the second one (which should be completed by the time of this Conference) focuses on a HEU sample. These exercises give a concrete focus to discussions of the pros and cons of various forensics measurements and their interpretation. The goal is to learn together how to better do nuclear forensics, rather than serve as a competition between laboratories. Numerous examples can be cited for how work by the ITWG has provided assistance to countries that are developing programs for combating illicit trafficking. Again using the ITWG-6 meeting as an example, reports were given at that meeting by Latvia, Hungary, and Ukraine on recent progress that specifically drew upon earlier work by the ITWG. In the latter two countries, exercises were held that included a test and demonstration of the ITWG's model action plan for nuclear forensics. In another talk, Bulgaria reported on a case of intercepted HEU that was subsequently analyzed by another country with the necessary specialized laboratory facilities. The results of that forensic investigation will be presented at ITWG-7 (June, 2002). Several years ago the ITWG began to address the issue of detection of SNM during transit. This topic frequently arises due to the technical linkage between nuclear forensics and radiation detection, plus many of the ITWG participants are directly involved in detecting transit of nuclear materials. One product was an evaluation of a survey of border detection systems. This evaluation helped to summarize the information provided, plus recommendations were made for possible future improvements. Because the ITWG is a highly informal group, the annual meetings are the principle means of communication. Increasingly, however, it is using task groups to continue work between meetings. Examples of the subjects of recently formed task groups are: Pu isotopics of reactors, HEU detection research needs, identification of databases and knowledge experts for nuclear forensics, and IAEA/ITWG cooperation. (author)

[en] Security and safety have been key priorities at facilities that manufacture, store, use, or handle hazardous chemicals, after the terrorist attacks on the United States of September 11, 2001. Security improvements may be needed, especially at sites that pose a more attractive target to terrorists due to their economic importance, perceived level of consequences, and other factors. The first step in the process of managing security risks is to identify and analyze the threats and the vulnerabilities facing a facility by conducting a Security Vulnerability Analysis (SVA). The SVA is a systematic process that evaluates the likelihood that a threat against a facility will be successful. It considers the potential severity of consequences to the facility itself, to the surrounding community and on the energy supply chain. The objective of conducting a SVA is to identify security hazards, threats, and vulnerabilities facing a facility, and to evaluate the countermeasures to provide for the protection of the public, workers, national interests, the environment, and the company. With this information security risks can be assessed and strategies can be formed to reduce vulnerabilities as required. SVA is a tool to assist management in making decisions on the need for countermeasures to address the threats and vulnerabilities. The paper provides an overview of fundamental steps of SVA for stationary industrial installations. (author)

[en] Issues of nuclear security and operational nuclear safety at nuclear and radiation facilities is discussed. The special attention is given to the problem of methodical support of an estimation of physical protection systems efficiency and establishing the minimal acceptable value of efficiency criteria. Some features of nuclear security regulation regarding to introduction of regulating requirements and inspection of its implementation are considered

No abstract available

[en] One of the important problems of the existence and development of safe nuclear energy is physical protection. Besides the fact that the capture and illicit traffic of nuclear materials can bear danger of uncontrolled proliferation, and thereby pose a threat to human health and safety of society, they can also be used to make nuclear explosive devices. The understanding by the States the importance, severity and urgency of the problem has caused the creation of a number of international legal norms and rules

[en] The paper of Hsieh, Luo, and Brun (HLB) [Phys. Rev. A 78, 042306 (2008)] contains several issues with the capacity theorem presented there, one of which is the suggestion that a sender and receiver can achieve entanglement-assisted classical capacity without any entanglement at all, and another of which is a violation of the Holevo bound. There is also an issue with the converse proof of the capacity theorem. In this comment, I point out these issues and provide revisions of the capacity theorem and the converse proof.