Skip to main content

Currently Skimming:

5 Security Risk Assessment
Pages 114-131

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.


From page 114...
... Event trees and other representational formalisms can be used to systematically explore terrorist attack scenarios, responses, and potential consequences. Expert elicitation can be used to rank sce narios; develop likelihood estimates; and characterize adaptive adver sary responses to various preventive, protective, or deterrence actions.
From page 115...
... explore the benefits of risk assessment for enhancing security at U.S. nuclear plants.
From page 116...
... emphasize the importance of identifying and understanding uncertainties for achieving technical acceptability in a PRA. 5.2  APPLICATION OF RISK ASSESSMENT TO SECURITY The identification of terrorist threats against reactors and spent fuel pools is a necessary part of security planning at all nuclear plants (Sidebar 5.2)
From page 117...
... that there are technical challenges associated with identifying terrorist attack scenarios and quantifying their likelihoods. Nevertheless, the committee judges that the risks of terrorist attacks on nuclear plants and spent fuel storage facilities can be characterized by adapting well-established risk assessment methods.
From page 118...
... In fact, risk assessment can provide useful security insights that are analogous to the insights derived from safety risk assessments. Risk assessment allows for the orderly development of conclusions that reflect the totality of information available about a system's performance in particular circumstances.
From page 119...
... can have substantial uncertainties.3 The adaptation of PRA to security would establish a common framework for assessing risks at nuclear plants. This would provide a consistent basis for operational and regulatory decision making about risks, including at the safety-security interface; it could provide further opportunities to risk-inform security regulations; and it could help improve cost-benefit analyses associated with the backfit rule (see Chapter 5 in NRC [2014]
From page 120...
... (2004) use the risk triplet as the organizing principle for conducting a security risk assessment for terrorist attacks that could have catastrophic consequences.
From page 121...
... nuclear plant including reactors, spent fuel pools, and dry cask storage. Tabletop assessments were conducted for a spectrum of postulated security threats.
From page 122...
... Attack probabilities are widely acknowledged to be the most challenging to estimate because they require knowledge, data, or modeling of the motivations, capabilities, and intentions of terrorists. All such estimates will benefit from guidance from knowledgeable experts, for example, members of the intelligence community who have the appropriate personnel security clearances to access sensitive national security information on terrorist threats.
From page 123...
... The committee argued that terrorist threats, unlike natural hazards and engineered systems, are intelligent, goal-oriented, resourceful, and adaptive adversaries. Consequently, PRA methods that rely on static event trees and associated probabilities are not appropriate for modeling adversary strategy sets.
From page 124...
... This finding is intended to encourage the nascent efforts by the USNRC and nuclear industry to develop security risk assessments -- and also to encourage their further development and application by the broader risk assessment community. The present committee recognizes that additional work will be required to further develop security risk assessment methodologies.
From page 125...
... arguments about the usefulness of PRA for security assessments. One can construct event trees and assign probabilities based on expert judgement with the full understanding that base probabilities can change when different types of preventive, protective, or deterrence actions are considered.
From page 126...
... Quantitative evaluations, however crude, could help the nuclear industry and its regulator develop strategies for preventing and/or mitigating terrorist attacks. The continued expression of terrorist threats in society, including cyber and insider threats, underscores the need to develop improved approaches for understanding, preventing, and mitigating them, particularly threats directed against civilian nuclear facilities.
From page 127...
... . More formal structured expert elicitation methods have been developed to overcome the limitations of informal methods (Budnitz et al., 1998; K ­ eeney and von Winterfeldt, 1991; Morgan, 2014)
From page 128...
... As a consequence, the probability distributions produced using formal expert elicitation can produce an accurate representation of the level of uncertainty associated with particular likelihood assessments.
From page 129...
... Decision trees, attack trees, and game-theoretic formulations are other examples of models and tools that can provide structure for eliciting, representing, and exploring the consequences of interaction among multiple intelligent agents that include adversaries and defenders. Game-playing exercises (e.g., red teams and cyber hacking teams)
From page 130...
... It can also be used as a qualitative vulnerability analysis tool. This methodology is referred to as the CARVER Vulnerability Assessment Methodology.
From page 131...
... SECURITY RISK ASSESSMENT 131 destroy a critical component is compared with the attacking force's operational capabilities and weaponry. • Effect: An attack on a target may have desirable as well as undesir able military, political, economic, psychological, and sociological impacts.


This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.