S. Chirayath, M.A. Hawila, “Methodology for Combined Nuclear Security and Safety Risk Analysis”, 57th Annual Meeting of the Institute for Nuclear Materials Management (INMM), Atlanta, Georgia, 24-28 July 2016.
Security executives need to know how much security risk reduction can be “purchased” by adding capability to an existing physical protection system (PPS). The security risk (RSEC) associated with an attack on critical infrastructure and/or SNM theft is usually evaluated using a three-term risk equation (1). RSEC = PA * PS * C1 (1) PA is the probability of attack, PS is the probability of adversary success, which is in another words the vulnerability of the security system = 1 – PI PN , ( PI being the probability of interruption which accounts for the probabilities of detection of all timely detection elements along an adversary path by using the non-detection probabilities for each detection point, PN being the probability of neutralization: the result of engagement of the response force with the adversaries after the interruption has occurred) and C1 is the consequence magnitude from a successful attack . Note that the two probabilities specified in this equation do not describe random, independent events. In the case of nuclear safety risk (RSAF) evaluation, a two term risk equation (2) is employed. RSAF = PF * C2 (2) PF is the probability of safety system failure . The Consequence (C) terms in the risk equations (1) and (2) have the same definition. Contrary to the security risk equation, PF does describe the probability of a random, independent event. Authors recently quantified the effect of insider threats at a research reactor and concluded that insiders can play a major role in increasing PS and hence the security risk. In the evaluation of RSAF, the PF term does not commonly include a sabotage event. However, this mode of attack, using an insider or other means to disable critical safety systems, seems important now, given the current enhanced threat situation. As a result, because of the differences in the randomness and independence of the respective probabilities in equations (1) and (2), the security and the safety risks are currently calculated separately. Authors present a methodology to calculate the combined risk considering the initiating events of safety and security. These additional initiating event analysis will include probable safety and security sabotage. The objective of this study is to determine the double accounting of frequency of failure, risk and allocated resources in the scenario of a non-random security initiating event leading to a safety random event chain.