Written by Security Specialist, Paul Tonks.
Technology moves at a swift pace. Innovations emerge, often creating markets we never realised existed. The reduction of production costs also opens the market to a much wider segment of the community; for instance, small discrete camera systems, previously the remit of ‘James Bond types’, with superb playback quality, are now readily available at pocket-money prices.
In the Security World, and particularly in the Nuclear industry such innovations and availability raise concerns for those seeking to protect our assets. Security, contrary to popular conception, is actually very difficult to achieve. A Security plan needs to consider each possible vulnerability and balance the risk against the cost benefit before determining a case for agreed appropriate and proportionate mitigations to counter each threat. Sadly, adversaries have the advantage of only having to exploit a single weakness and the time of their choosing.
With the tempo of change it can be difficult to keep pace with emerging threats. In some cases, the counter-threat solutions are also impeded by a slow approval process; which in reality sees the delivery of the solution either too late (post incident) or too late (because it is already outdated upon arrival).
So what kind of threats are there? Though perhaps more importantly how can we capitalise upon technology to support our Industries Security requirements; whilst keeping one step ahead of potential adversaries?
Unmanned Aerial Systems/Vehicles (UAS/UAV)
Technology creates new threats such as concerns over the now ubiquitous nature of Unmanned Ariel Systems (UAS). Oddly, model aircraft have been around for years, yet it is the ‘out-of-the-box’ nature of UAS that raises concerns; this makes them far more widespread and a common sight in our skies. This adds two elements to the equation, complacency, as we become familiar with their presence; and ease of accessibility and deployment.
Payload capabilities are an increasing concern as is the future development of ‘swarm’ technology, whereby a number of UAVs in one UAS can be controlled by a single operator. The fairly unregulated nature of UAS is also a concern in some countries; yet there are two sides to the effectiveness of regulation; as with most regulations those with malicious intent will still act without consent; however, regulation may reduce flights in no-fly zones and therefore remove the compliancy issue around such areas.
Counter UAS Solutions
Akin to the search for Shangri-La, governments are keen to find a viable counter UAS system. There are all kinds of solutions currently fielded such as:
What do UAS offer Nuclear?
Operating Site based UAS offer alternatives for a number of non-security related issues. For instance, viewing structures at height without needing to construct scaffold provides a time and cost saving benefit during exploratory stages of routine or planned work.
Yet UAS also offer alternative support and functionality for Security related roles; these include:
Even though it is often a business enabler the human cost of security is still seen as a proportionately high sunk-cost. Many installations have a mix of armed and unarmed Security personnel both providing different roles and capabilities. It can be difficult to gauge the correct contingent required to protect an asset so in some cases a generic, one size fits all, approach is used.
It is perhaps more fitting to consider the assets being guarded; and develop the Security requirements based on the elements of threat, risk and probability. Here it is worth considering how technology can be used to support Security effectiveness; in low consequence and low risk locations this may allow a reduction in Security personnel; and offer cost savings during processes such as decommissioning or construction?
Technology considerations are endless but some examples include:
Despite the hype surrounding Cyber Security, perhaps our greatest vulnerability still sits with the people using our IT systems. Akin to other Security protections, the adversary only needs to find one weakness to exploit and gain access to our systems.
The Stuxnet incident highlights the nature of human curiosity. One methodology for the delivery of the Stuxnet program was leaving USB sticks around the facility. It was only a matter of time before someone picked one up, and what do you do when you find a USB stick?
Many everyday attacks occur via email phishing; one only need click on a link and those with malicious intent have gained access to your network.
Cyber Security is a complex area and this short article cannot do it justice; however, the key take away in this area would be to engage with your employees, ensure they understand the threats and weaknesses. Consider the following measures:
Security will remain a key concern throughout the lifecycle of nuclear material. Associated Security costs will continue to remain a major consideration during this period. As technology changes, so will the threats. If we cannot prevent these changes then at least we should consider how technology can enhance our own protective measures and rather than await innovation strive to be at the forefront of technological innovation. Countering the threat before it creates the problem.