Executive Summary

A nuclear weapon or a significant quantity of special nuclear material (SNM) would be of great value to a terrorist or other adversary. It might have particular value if acquired from a U.S. facility—in addition to acquiring a highly destructive tool, the adversary would demonstrate an inability of the United States to protect its nuclear assets. The United States expends considerable resources toward maintaining effective security at facilities that house its nuclear assets. However, particularly in a budget-constrained environment, it is essential that these assets are also secured efficiently, meaning at reasonable cost and imposing minimal burdens on the primary missions of the organizations that operate U.S. nuclear facilities.

It is in this context that the U.S. Congress directed the National Nuclear Security Administration (NNSA)—a semi-autonomous agency in the U.S. Department of Energy (DOE) responsible for securing nuclear weapons and significant quantities of SNM—to ask the National Academies for advice on augmenting its security approach, particularly on the applicability of quantitative and other risk-based approaches for securing its facilities. In carrying out its charge, the committee has focused on what actions NNSA could take to make its security approach more effective and efficient.

The committee concluded that the solution to balancing cost, security, and operations at facilities in the nuclear weapons complex is not to assess security risks more quantitatively or more precisely. This is primarily because there is no comprehensive analytical basis for defining the attack strategies that a malicious, creative, and deliberate adversary might employ or the probabilities associated with them. However, using structured thinking processes and techniques to characterize security risk could improve NNSA’s understanding of security vulnerabilities and guide more effective resource allocation.

Over the course of the study, the committee identified three key shortcomings in NNSA’s current security approach: (1) the interactions and dependencies among security countermeasures;2 (2) the interactions between DOE/NNSA and other organizations responsible in part for preparing for or responding to an attack on NNSA facilities; and (3) the adequacy of attack scenarios used to design, update, and test the security systems to consider all possible attack scenarios.

As a first step in addressing these shortcomings, the committee recommends that NNSA adopt what the committee termed a “total systems approach” to characterize the interactions and dependencies of security countermeasures at its facilities. Such an approach is commonly used as an initial step in assessing the risks associated with a complex technological system. However, performing such an analysis is not sufficient for implementing highly effective security. Coordination, communication, and joint exercises that include all relevant security organizations are also necessary.

In addition, it is essential to understand the adversary. This involves understanding adversary objectives, goals, and, in particular, how adversaries view the security system. The committee’s approach could help DOE to better understand a range of potentially unexpected vulnerabilities and attack scenarios.

Historically, DOE has emphasized some security countermeasures over others in protecting nuclear weapons and SNM, potentially leading to opportunity costs and hidden

2

The committee restricted its focus to cyber security directly associated with the physical protection of nuclear weapons and materials. The project sponsor agreed to this interpretation in September 2009.



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 1
Executive Summary A nuclear weapon or a significant quantity of special nuclear material (SNM) would be of great value to a terrorist or other adversary. It might have particular value if acquired from a U.S. facility—in addition to acquiring a highly destructive tool, the adversary would demonstrate an inability of the United States to protect its nuclear assets. The United States expends considerable resources toward maintaining effective security at facilities that house its nuclear assets. However, particularly in a budget-constrained environment, it is essential that these assets are also secured efficiently, meaning at reasonable cost and imposing minimal burdens on the primary missions of the organizations that operate U.S. nuclear facilities. It is in this context that the U.S. Congress directed the National Nuclear Security Administration (NNSA)—a semi-autonomous agency in the U.S. Department of Energy (DOE) responsible for securing nuclear weapons and significant quantities of SNM—to ask the National Academies for advice on augmenting its security approach, particularly on the applicability of quantitative and other risk-based approaches for securing its facilities. In carrying out its charge, the committee has focused on what actions NNSA could take to make its security approach more effective and efficient. The committee concluded that the solution to balancing cost, security, and operations at facilities in the nuclear weapons complex is not to assess security risks more quantitatively or more precisely. This is primarily because there is no comprehensive analytical basis for defining the attack strategies that a malicious, creative, and deliberate adversary might employ or the probabilities associated with them. However, using structured thinking processes and techniques to characterize security risk could improve NNSA’s understanding of security vulnerabilities and guide more effective resource allocation. Over the course of the study, the committee identified three key shortcomings in NNSA’s current security approach: (1) the interactions and dependencies among security countermeasures;2 (2) the interactions between DOE/NNSA and other organizations responsible in part for preparing for or responding to an attack on NNSA facilities; and (3) the adequacy of attack scenarios used to design, update, and test the security systems to consider all possible attack scenarios. As a first step in addressing these shortcomings, the committee recommends that NNSA adopt what the committee termed a “total systems approach” to characterize the interactions and dependencies of security countermeasures at its facilities. Such an approach is commonly used as an initial step in assessing the risks associated with a complex technological system. However, performing such an analysis is not sufficient for implementing highly effective security. Coordination, communication, and joint exercises that include all relevant security organizations are also necessary. In addition, it is essential to understand the adversary. This involves understanding adversary objectives, goals, and, in particular, how adversaries view the security system. The committee’s approach could help DOE to better understand a range of potentially unexpected vulnerabilities and attack scenarios. Historically, DOE has emphasized some security countermeasures over others in protecting nuclear weapons and SNM, potentially leading to opportunity costs and hidden 2 The committee restricted its focus to cyber security directly associated with the physical protection of nuclear weapons and materials. The project sponsor agreed to this interpretation in September 2009. 1

OCR for page 1
vulnerabilities. A total systems approach could better integrate these security elements and account for their inherent interdependencies. A total systems approach incorporating all security countermeasures could also lead to better prioritization of which security risks and vulnerabilities will be mitigated. 2