Title: Protection of Multiple Assets to Intentional Attacks: A Methodological Framework
Authors: CONTINI SergioFABBRI LucianoMATUZAS VaidasCOJAZZI Giacomo
Citation: PSAM11 & ESREL 2012
Publisher: IPSAM & ESRA
Publication Year: 2012
JRC N°: JRC71858
ISBN: 978-1-62276-436-5
URI: https://www.psam11.org/www/fi/papers/index.php
http://publications.jrc.ec.europa.eu/repository/handle/JRC71858
Type: Articles in periodicals and books
Abstract: Security risk analysis is the term used to describe the analysis of critical facilities in which the initiating events of possible accident sequences are human actions intentionally carried out with the objective of causing harm and/or damage. Several methodologies are available for security risk assessment, which are applicable to different domains. In general, they are characterised by the following phases: 1) Identification of possible adversaries; 2) Identification of possible targets (assets); 3) Vulnerability analysis of the infrastructure; 4) Security Risk Analysis; and 5) Improvement of the protection measures. Generally an installation contains multiple assets that need to be protected. A sequence of attack to a given asset describes the paths the adversary has to follow to reach the target. Protection systems are in place to detect the presence of non-authorised people and to trigger alarms to security forces. Parts of these systems protect different assets. The vulnerability analysis of the installation aims at identifying the weakest point of the protection system that could be exploited by the attackers. This paper describes a methodological approach to implement in particular steps 3-5 of the aforementioned process. Attack scenarios to each asset of interest are identified and modelled by means of event trees and attack trees, which contain different types of events: choice, actions, and protection. At the same time, response trees model the different actions of the security forces to interrupt the attacks. Finally, the concurrent analysis of all attack scenarios is presented, to provide an overall picture of the probability of successful attack and, in turn, the suitability of the security system. Concurrent Importance and Sensitivity Analysis is also performed in order to identify the most critical events and the best cost-effective actions to be implemented to improve the security system performances.
JRC Directorate:Nuclear Safety and Security

Files in This Item:
There are no files associated with this item.


Items in repository are protected by copyright, with all rights reserved, unless otherwise indicated.