Professional Documents
Culture Documents
Department of Energy
National Nuclear Security Administration
International Nuclear Security
• Pattern analysis
• Audible • Infrared
• Cyber security • LIDAR
Sensors • Door access • Motion
• Guards • Video
• Doors • Materials
Layout • Fences • Walls
• Human • Operations
Procedures Resources • Training
Security System Design and Evaluation
Identification of
critical assets
Probabilistic
Identification of
Ranking of
Deficiencies
Threats
Creation of
Assessment of Operating
Security Posture Procedures
Design Basis Threat
• Design Basis Threat (DBT) describes the capabilities of potential adversaries
who might attempt removal of material or sabotage
• Includes external and internal adversaries
◦ Terrorists, criminals
◦ Authorized individuals who commit or aid malicious acts
• Developed by regulatory bodies, competent authorities and operators
• DBT provides the basis for security evaluation
◦ Effectiveness of security is measured against ability to protect against DBT
https://www.iaea.org/topics/security-of-nuclear-and-other-radioactive-material/design-basis-threat
Design Basis Threat
Discussion:
How does DBT get defined?
◦ What goes into process?
External Physical Threat, Insider Threat
Theft, sabotage
New technologies, e.g., drones, cyber
How does DBT evolve?
◦ What type data is used?
◦ Use of Open Source Intelligence (OSI)?
Design Basis Threat Development
• Collect and analyze threat information
◦ Intelligence
◦ Past security events at facility
◦ Past security events as similar facilities
• Evaluated credibility of threat information
• Identify potential adversaries
◦ Characteristics, capabilities and attributes
◦ Relevance of capabilities to specific targets
https://www.iaea.org/topics/security-of-nuclear-and-other-radioactive-material/design-basis-threat
Evaluation of Security
• Administrative ($) Low Value, Wide Coverage
• Tabletop Exercises $
• Live-Action Drills
Pathway Analysis
• Quantitative analysis of adversary
actions, also known as Adversary Physical Area: Off Site
Sequence Diagrams (ASD) Physical Area: Site Security Area
◦ Compliments expert evaluations in TTX
◦ Used to determine the most vulnerable
path for a given threat Physical Area:
◦ Variations of ML can perform these tasks Controlled Building
RhinoCorps Simajin
ASD Tools
• Vanguard (Commercial - Rhinocorps)
◦ Build and run TTXs in a video
game-like environment
◦ Automated simulation of attack,
response and outcomes
◦ Built on top of Simajin
◦ Includes support for decision tree
analysis
◦ Significant amounts of data provide
for an AI/ML analysis to
extend capabilities in near term
RhinoCorps Vanguard
AI-Augmented Security Assessments
• AI: Method that approximate human behavior:
◦ ML: Algorithms that use data to learn patterns that are not explicitly programmed and
improve through experience (improves Pd)
• Intelligent automation reduces time on routine tasks
◦ Access control: Facial recognition speeds up identification
Authorized access can be more efficiently managed
◦ Alarm adjudication: Reduce nuisance alarms at Central Alarm Station (CAS)
CAS operator can better focus on alarms from actual threats
• Intelligent automation allows for larger threat spaces to be explored
◦ Attack simulation: All possible vectors can be considered
AI Physical Security: Offensive Testing
• Complex attack surfaces
• AI red teaming
◦ Model of physical system,
• Exhaustive with fewer logistics
◦ Through AI millions of attack simulations can
be automated to virtually test all possible
attack vectors
◦ Results on attack vectors or novel methods
easily aggregated for analysts
AI Physical Security: Offensive Testing
• Integrated cyber/physical attacks
◦ Multi-agent simulations can include cyber attack vectors
◦ Logistically difficult to simulate in traditional Red Team exercise
• Insider threat assessment
◦ Agent positioning and prior knowledge can represent insider capabilities
◦ Collusion of one or more insiders in real time aiding external threat
• Evaluation of new sensors
◦ Sensor capabilities directly added to physical model prior to deployment
Reinforcement Learning (RL)
• Goal: Agent to learn to interact with environment in
ways that result in a higher reward signal
• Agent is knowledgeable of and fully able to control
its behavior
◦ May not be fully knowledgeable of, or able to control, the
environment
• Example: Agent may know that it is able to breach a
metal fence and execute that behavior.
◦ It does not know optimal place to make breach or result of
breach (e.g., presence of intrusion alarms)
RL Navigation Paths
P. Mirowski, et al.arXiv:1611.03673
Reinforcement Learning
• The agent’s interaction with the environment is defined by:
◦ Actions: The choices made by the agent; ◦ Rewards: The basis for evaluating the
◦ States: Environmental and internal feedback agent’s choices, where the agent learns to
basis for the agent making the choices. make choices that increase the overall
For example, a state defined by the portion of reward received
a fence line is currently visible to the agent ◦ Policy: A rule, or set of rules, by which the
(environmental), and that the agent is agent selects actions as a function of states.
currently walking (internal)
4. Polling Question
What type of reward might be useful in this Off Site
case? Site Security Area
Controlled Building
- Reward only at end
- Continuous reward with increased time
- Continuous reward with unexplored areas
- Number of layers accessed Adversary Target
RL Example: Hide and Seek
• Environment
◦ Multiple competitive agents trained via RL: Hiders (blue) and Seekers (red)
◦ Open area with walls, boxes and ramps
◦ Hiders given time to move objects and hide before Seekers begin
• Actions:
◦ Move around area
◦ See each other and objects
◦ Grab and move objects: boxes and ramps
Lock objects in place so that they cannot be moved
• Rewards:
◦ Hiders receive +1 if all are hidden, -1 if seen
◦ Seekers receive +1 if any hider is found, -1
if none are found
B. Baker, et al. https://arxiv.org/abs/1909.07528
RL Example: Hide and Seek
• Various strategies emerged
◦ Chasing
◦ Shelter construction
◦ Seekers learn to use ramps to jump walls and defenses
◦ Hiders learn to steal ramps as defense
◦ Seekers using boxes to jump off of (exploiting simulation mechanics) Novel Vector
Transfer Learning
• A technique where a model trained on one
task is re-purposed on a second related task Allowed Solutions
◦ Teach an old AI new tricks
• Progressive complexity training All Solutions
◦ Simple: Learn to walk through opening
◦ Complex: Learn to open door
◦ More complex: Learn to open door with a key Search
◦ Very complex: Learn to breach fortified door
• Reduces search space using prior knowledge
Allowed Solutions
All Solutions
Transfer Learning, Lisa Torrey and Jude Shavlik
Transfer Learning
• Reusing agent trained on simple, generic tasks leads to faster training on
facility-specific, complex tasks
Agent first learns to find a key and Prior learning jumpstarts ability to find a key and
unlock a door in a single room. unlock a door in a larger office layout.
Reinforcement Learning Challenges
• Strategy of reward is key aspect of successful RL application
• Environment is unknown
◦ Agent does not necessarily have knowledge of layout or limitations of security
◦ Agent can only exploit knowledge of environment after enough experience is
collected via exploration
◦ Computation time for adequate timing may be prohibitive
• Achieving generalization of model is key
• Adaptation of model to real work may not be perfect
◦ Human in the loop analysis still critical
Machine Learning
Discussion:
What intelligent security systems do you currently use?
◦ What security applications?
◦ What type of data is used?
AI Physical Security: Offensive Testing