A Game Theoretic Approach to Nuclear Security Analysis against Insider Threat

摘要

Traditionally, measures to advance nuclear safety and nuclear security have been considered as serving distinct, and often conflicting, objectives. However, recently, the Safety-Security-Safeguards (3S) interface has become a key issue within both nuclear safety and security research. Ineffective management of the safety-security interface could potentially result in unintended security vulnerabilities and unintended impacts to emergency response activities. Insider threats can affect both safety and security of a nuclear installation. As individuals with authorized access to a facility and system who use their trusted position for unauthorized purposes, insiders are able to take advantage of their access rights and knowledge of a facility to bypass dedicated security measures. They can also capitalize on their knowledge to exploit any vulnerabilities in safety-related systems, with cyber security of safety-critical information technology systems offering an important example of the 3S interface. Because insiders are capable of carrying out destructive actions not available to outsiders and have more opportunities to select the most vulnerable target and the best time to execute the malicious act, insider attacks are perhaps the key threat to the safety-security interface. This study examines a novel quantitative framework for performing nuclear security analysis against insider threat at a generic nuclear power plant. Most tools assessing the security threats focus on a limited number of attack pathways defined by the modeler and are based on probabilistic calculations. While this Probabilistic Risk Assessment (PRA) based approach is useful for preparing against fundamentally random events like component failure of a safety system, it does not capture the adversary's intentions nor accounts for adversarial response and adaptation to defensive investments. This study adopts a game theoretic approach to address such problems. The interaction between defender and adversary is modeled as a two-person Stackelberg game. The optimal strategy of both players is found from the equilibrium of this game. A defender strategy consists of a set of design modifications and/or post-construction security upgrades. An attacker strategy involves selection of a target as well as a pathway to that target. This defender-adversary interaction is demonstrated using a simplified test case problem.