Vital Area Identification – State-of-the-Art
Keywords:
Target identification, vital area identification, physical protection system, fault tree, event tree, attack tree, protection treeAbstract
When it comes to designing the effective physical protection of a critical infrastructure against malicious attacks, the knowledge of potential targets of the attack or areas in which these targets are placed is the basic presumption. Without knowing the attack targets it is impossible to plan sensibly the physical protection system or evaluate its effectiveness. That is the reason why a great deal of interest is paid to the identification of targets or vital areas, and a number of methods and procedures which might be used for the targets identification have been developed. The article brings the results of the extensive analysis of the current state in this area. It includes a brief historical development of the processes of attack targets identification and introduces methods and approaches used within these procedures. Admittedly the attention is paid mainly to the identification of vital areas at nuclear facilities, but the performed analysis did not address only this area of highest attention, but also the systematically examined current state of a critical infrastructure in general.
References
LOVECEK, T., RISTVEJ, J. and SIMAK, L. Critical Infrastructure Protection Systems Effectiveness Evaluation. Journal of Homeland Security and Emergency Management, 2010, vol. 7, issue 1, article no. 34.
IAEA. Nuclear Security Series No. 16 - Identification of Vital Areas at Nuclear Facilities. Vienna: International Atomic Energy Agency, 2012. 37 p.
Elaboration of methodology and computer tools for evaluation of importance of components of nuclear facility in relationship to physical protection and design basic threat (TARGI) [on line]. Brno: EBIS. [cited 2015-03-22]. Available from: <http://www.targi.cz>.
Evaluation of Physical Protection System Effectiveness based on its modeling (HUSFO) [on line]. Brno: EBIS. [cited 2015-03-22]. Available from: <http://www.husfo.cz>.
IAEA. Nuclear Security Series No. 13 - Nuclear Security Recommendations on Physical Protection of Nuclear Material and Nuclear Facilities. Vienna: International Atomic Energy Agency, 2011. 57 p.
VARNADO, GB. and WHITEHEAD, DW. Vital Area Identification for U.S. Nuclear Regulatory Commission Nuclear Power Reactor Licensees and New Reactor Applicants - Sandia report SAND2008-5644. Albuquerque: Sandia National Laboratories, 2008. 41 p.
WINS. An Integrated Approach to Nuclear Safety and Nuclear Security. Vienna: World Institute for Nuclear Security, 2011.
HOCKERT, J. BECK, DF. Systematic Method for Identifying Vital Areas at Complex Nuclear Facilities – Sandia report SAND2004-2866. Albuquerque: Sandia National Laboratories, 2008. 100 p.
BOTT, TF. and THOMAS, WS. Reactor Vital Equipment Determination Techniques. In: Proceedings of the 11th Water Reactor Safety Research Information Meeting. Washington: U.S. NCR, 1983, p. 51-58.
CAMERON, D. F. Vital Areas at Nuclear Plants. In Proceedings of the 7th International System Safety Conference. Unionville: International System Safety Society, 1985.
RICHARDSON, JM. Rank Ordering of Vital Areas Within Nuclear Power Plants - Sandia report SAND82-0332. Albuquerque: Sandia National Laboratories, 1982. 38 p.
U. S. NRC. Vital Equipment/Area Guidelines Study: Vital Area Committee Report (NRC report NUREG-1178). Washington: U. S. Nuclear Regulatory Commission, 1988.
U. S. NRC Regulations: Title 10, Code of Federal Regulations - § 73.55 Requirements for physical protection of licensed activities in nuclear power reactors against radiological sabotage. Washington: Nuclear Regulatory Commission, 2013.
GARCIA, ML. The design and evaluation of physical protection systems. Boston: Elsevier/Butterworth-Heinemann, 2008. 351 p.
GARCIA, ML Vulnerability assessment of physical protection systems. Boston: Elsevier Butterworth-Heinemann, 2006. 382 p.
JAEJOO, H., JUNG, WS. and PARK CK. The Application of PSA Techniques To The Vital Area Identification Of Nuclear Power Plants. Nuclear Engineering and Technology, 2005, vol. 37, no. 3, pp. 259-264.
LEE, YH., JUNG, WS. and LEE, JH. Importance of location dependencies such as cable and pipe runs when identifying the vital areas. Nuclear Engineering and Design, 2012, no. 242, pp. 458-467.
VINTR, Z., MALACH, J. and VINTR, M. Does Appropriate Software Support for Target Identification exist? In 45th annual IEEE International Carnahan Conference on Security Technology. New York: IEEE, 2011, p. 133-137.
IEC 61025:2006, Fault tree analysis.
VESELY, W. E. et al. Fault tree handbook (NRC report NUREG-0492). Washington: U.S. Nuclear Regulatory commission, 1981. 208 p.
IEC 62502:2006, Analysis techniques from dependability - Event tree analysis.
VINTR, Z., VINTR, M. and MALACH, J. Evaluation of physical protection system effectiveness. In: Proceedings - 46th Annual IEEE International Carnahan Conference on Security Technology. Piscataway: IEEE, 2012, pp. 15-21.
INGOLDSBY, T. Attack Tree-based Threat Risk Analysis. Calgary: Amenaza Technologies, 2010. p 36. [cited 2015-03-22] Available from: <http://www.amenaza.com/downloads/docs/AttackTree ThreatRiskAnalysis.pdf>
WEISS, JD. A System Security Engineering Process. In Proceedings 14th National Computer Security Conference. Washington: National Institute of Standards and Technology, 1991, p. 572-581.
AMOROSO, E. Fundamentals of computer security technology. Upper Saddle River: Prentice-Hall, 1994, 432 p.
SCHNEIER, B. Attack Trees. Dr. Dobbs Journal of Software Tools, 1999, vol. 24, no. 12, p. 21-29.
MAUW, S. and OOSTDIJK, M. Foundations of Attack Trees. In Information Security and Cryptology - ICISC 2005. New York: Springer, 2006, p. 186-198.
JÜRGENSON, A. and WILLEMSON, J. Computing Exact Outcomes of Multi-parameter Attack Trees In: On the Move to Meaningful Internet Systems: OTM. Heidelberg: Springer-Verlag, 2008, p. 1036-1051.
BULDAS, A, LAUD, P., PRIISALU, J., SAAREPERA, M. and WILLEMSON, J. Rational Choice of Security Measures Via Multi-parameter Attack Trees. In: CRITIS'06 - Proceedings of the First international conference on Critical Information Infrastructures Security. Heidelberg: Springer-Verlag, 2006, p. 235-248.
FOVINO, IN., MASERA, M. and DE CIAN A. Integrating cyber attacks within fault trees. Reliability Engineering and System Safety, 2009, vol. 94, issue 9, p. 1394-1402.
VINTR, Z., VALIŠ, D. and MALACH, J. Attack tree-based evaluation of physical protection systems vulnerability. In: Proceedings - 46th Annual IEEE International Carnahan Conference on Security Technology. Piscataway: IEEE, 2012, p. 59-65.
KORDY, B., PIÈTRE-CAMBACÉDÈS, L. and SCHWEITZER, P. DAG-Based Attack and Defense Modeling: Don’t Miss the Forest for the Attack Trees. Computer Science Review, 2014, vol. 13-14, p. 1-38.
OPDAHL, AL. and SINDRE, G. Experimental comparison of attack trees and misuse cases for security threat identification. Information and Software Technology, 2009, vol. 51, issue 5, p. 916-932.
YAGER, RR. OWA trees and their role in security modeling using attack trees. Information Sciences, 2006, vol. 176, issue 20, p. 2933–2959.
OPEL, A. Design and Implementation of a Support Tool for Attack Trees. [Internship thesis]. Magdeburg: Otto-von-Guericke Universitat, 2005.
MALACHOVÁ, T., VINTR, Z. and MALACH, J. Threat Characterization in Vital Area Identification. In: Proceedings - 47th Annual IEEE International Carnahan Conference on Security Technology. Piscataway: IEEE, 2013, p. 79-84.
MALACHOVA, T., MALACH, J, VINTR, Z. TARGI – A Novel Tool and Method for Target Identification. In Proceedings of 48th Annual IEEE International Carnahan Conference on Security Technology. Piscataway: IEEE, 2014, p. 1-5.
BAGNATO, A., KORDY B., MELAND, PH. and SCHWEITZER, P. Attribute Decoration of Attack-Defense Trees. International Journal of Secure Software Engineering, 2012, vol. 3, issue 2, p. 1-35.
KORDY, B., MAUW, S., RADOMIROVIĆ, S. and SCHWEITZER, P. Foundations of attack-defense trees. In: FAST'10 - Proceedings of the 7th International conference on Formal aspects of security and trust. Heidelberg: Springer-Verlag, 2011, p. 80-95.
KORDY, B., KORDY, P. MAUW, S. and SCHWEITZER, P. ADTool: Security Analysis with Attack-Defense Trees. In: The Proceedings of the 10th International Conference on Quantitative Evaluation of Systems (QEST'13). Heidelberg: Springer-Verlag, 2013, p. 173-176..
KORDY, B., MAUW, S. and SCHWEITZER, P. Quantitative Questions on Attack-Defense Trees. In: Information Security and Cryptology – ICISC 2012. Heidelberg: Springer-Verlag, 2013, p. 49-64.
ROY, A., KIM, DS. and TRIVEDI, KS. ACT: Towards unifying the constructs of attack and defense trees. Security and communication networks, 2012, vol. 5, issue 8, p. 929-943.
EDGE, KS., DALTON, GC. RAINES, RA. and MILLS, RF. Using Attack and Protection Trees to Analyse Threats and Defenses to Homeland Security. In: Military Communications Conference, Piscataway: IEEE, 2006, pp. 1-7.
EDGE, KS. A Framework for Analysing and Mitigating the Vulnerabilities of Complex Systems via Attack and Protection Trees. [Dissertation thesis] Wright-Patterson Air Force Base: Air Force Institute of Technology, 2007. 195 p.
DUGGAN, DO. and MICHALSKI, JT. Threat Analysis Framework - Sandia report SAND2007-5792. Albuquerque: Sandia National Laboratories, 2007. 31 p.
BYRES, EJ., FRANZ, M. and MILLER, D. The Use of Attack Trees in Assessing Vulnerabilities in SCADA Systems. In: International Infrastructure Survivability Workshop. Piscataway: IEEE, 2004. 9 p.
HENNIGER, O., APVRILLE, A., FUCHS, A., ROUDIER, Y. RUDDLE, A. and WEYL, B. Security requirements for automotive on-board networks. In 9th International Conference on Intelligent Transport Systems Telecommunications (ITST 2009). Piscataway: IEEE, 2009, p. 641 – 646.
MATESKI, M., TREVINO, C., VEITCH, C., MICHALSKI, VJ. HARRIS, M., MARUOKA, S. and FRYE, J. Cyber Threat Metrics – Sandia report SAND2012-2427. Albuquerque: Sandia National Laboratories, 2012. 38 p.
PLUM, MM. et al. Novel Threat-Risk Index Using Probabilistic Risk Assessment and Human Reliability Analysis. Idaho Falls: Idaho National Engineering and Environmental Laboratory, 2004. 39 p.
WHITLEY, JN., PHAN, RCW., WANG, J. and PARISH, DJ. Attribution of attack trees. Computers and Electrical Engineering, 2011, vol. 37, issue 4, p. 624–628.
Downloads
Published
License
Copyright (c) 2015 Advances in Military Technology
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.
Users can use, reuse and build upon the material published in the journal for any purpose, even commercially.