Scripting quality of security service (QoSS) safeguard measures for the suggested INFOCON system

Guild, Jennifer A.

03 1900

Approved for public release, distribution is unlimited / The existing INFOCON system is an information warning system that the DOD maintains. It is not formally correlated to other warning systems, such as DEFCON, FPCON/THREATCON, WATCHCONs, SANS INFOCON, or the Homeland Security Advisory System Threat condition. The criteria for each INFOCON level are subjective. The INFOCON recommended actions are a mix of policy and general technical measures. The INFOCON system vaguely follows the Defense in Depth network defense methodology. This thesis examines the foundations for the existing INFOCON system and presents an evolved INFOCON system. The focus will be on the security of the DOD information infrastructure and the accomplishment of the mission, as well as the usability and the standardization of the INFOCON warning system. The end result is a prototype that is a set of predefined escalation scripts for the evolved INFOCON system's safeguard measures. / Civilian, Federal Cyber Service Corps, Naval Postgraduate School

Methodology

Computer science

DEFCON

FPCON/THREATCON

WATCHCONS

SANS INFOCON

DOD

Defense in depth

INFOCON

Information

Information assurance

Actions

Controle relacionado à segurança nas indústrias de processos: uma abordagem integrada de modelos de acidentes, defesa em profundidade e diagnosticabilidade segura. / Safety-related control system: an integrated approach of accident models, defense-in-depth and safe diagnosability.

Squillante Junior, Reinaldo

02 June 2017

A questão da segurança funcional das indústrias de processos vem recebendo uma atenção crescente pela comunidade científica mundial, uma vez que se observa a possibilidade de ocorrências de acidentes e as consequências indesejadas que estes acidentes têm provocado. Essas indústrias podem ser consideradas como parte de uma classe de sistemas denominados Sistemas Críticos, que são caracterizados pela possibilidade de ocorrência de falhas críticas, que resultam em acidentes com perdas de vidas humanas, danos ao meio ambiente e perdas financeiras envolvendo custos significativos de equipamentos e propriedades. Estes fatos justificam a necessidade de uma nova abordagem no que se refere ao design de processos, design de controle de processos, análise e controle de riscos e avaliação de riscos. Um dos desafios pertinentes à segurança funcional está associado a como vincular os cenários de acidentes aos requisitos para projetos de sistemas de controle relacionados à segurança das indústrias de processos de forma sistemática. Por sua vez, a possibilidade de ocorrência de eventos críticos e/ou eventos indesejados não observados ou ocultos, como fatores relevantes associados à evolução da sequência de eventos que culmina na ocorrência de um acidente. Neste contexto, o desafio está em aprimorar a eficácia destes sistemas de controle, que envolve o desenvolvimento de uma solução capaz de supervisionar o processo de evolução de falhas críticas, a fim de se garantir um nível de segurança funcional adequado e que esteja em conformidade com as normas internacionais aplicáveis IEC 61508 e IEC 61511. Portanto, estas considerações trazem novos requisitos para o projeto de sistemas de controle desta natureza, capaz de englobar modelos de acidentes e processos de evolução de falhas críticas. Uma solução é a consideração das abordagens de prevenção e mitigação de falhas críticas de forma integrada e interativa. Além disso é necessário abordar novas técnicas e conceitos para que se possa desenvolver um sistema de controle capaz de rastrear e atuar nos processos de evolução de falhas desta natureza. Uma possibilidade consiste em considerar o princípio de defesa em profundidade aliado à propriedade de diagnosticabilidade segura. O atendimento a este novo conjunto de requisitos não é trivial e se faz necessário integrar diferentes formalismos para o desenvolvimento de soluções adequadas. Portanto, este trabalho apresenta uma metodologia para o projeto de um sistema de controle baseado no conceito de segurança funcional para indústrias de processos, e que propõe: (i) uma arquitetura de controle para prevenção e mitigação de falhas críticas, (ii) extensão da classificação de barreiras de segurança focando na automação via sistemas instrumentados de segurança (SIS) (iii) framework para a síntese de sistemas de controle relacionados à segurança baseado em modelos de acidentes e que contempla os seguintes métodos: (a) elaboração do HAZOP, (b) construção de modelos de acidentes, (c) integração dos modelos de acidentes com o HAZOP e (d) geração dos algoritmos de defesa para a prevenção e mitigação de falhas críticas, a partir de técnicas de modelagem usando extensões da rede de Petri: Production Flow Schema (PFS) e Mark Flow Graph (MFG). A metodologia proposta foi verificada, a partir de exemplos de aplicação investigados na literatura. / The issue of the functional safety of process industries has been receiving increasing attention from the world scientific community, since it has stated the possibility of occurrences of the accidents and the related undesired consequences. These industries can be considered as part of a system class called critical systems, which are characterized by the occurrence of critical faults, which can result in accidents involving loss of life, damage to the environment, and financial losses involving equipment and property. These facts justify the need for a new approach that addresses: process design, process control design, risk analysis and control, and risk assessment. One of the challenges related to functional safety is associated with how to integrate accident scenarios to the requirements for the design of safety-related control systems of the process industries in a systematic way. Furthermore, there is the possibility of the occurrence of the unobserved or hidden undesired and / or critical events, as relevant factors associated to the evolution of the sequence of the events that corroborates in the occurrence of an accident. In this context, the challenge is to improve the effectiveness of these control systems, which involves the development of a solution capable of supervising the process of evolution of the critical and / or undesired events, in order to guarantee an adequate level of functional safety, and that complies with the applicable international standards IEC 61508 and IEC 61511. Therefore, these considerations bring new requirements for the design of control systems of this nature, capable of encompassing the accident models and the critical fault evolution processes. One solution is to consider critical fault prevention and mitigation approaches in an integrated and interactive way. In addition, it is necessary to addresses new techniques and concepts in order to develop a control system capable of tracking and acting in the evolution processes of faults of this nature. One possibility is to consider the principle of defense-in-depth coupled with the property of safe diagnosability. The fulfillment of this new set of requirements is not trivial and it is necessary to integrate different formalisms for the development of adequate solutions. Therefore, this work presents a methodology for the design of a safety-related control systems based on the concept of functional safety for the process industries, which proposes: (i) a control architecture for the prevention and mitigation of the critical faults, (ii) an extension of the classification of the safety barriers focusing on automation via safety instrumented system (SIS), (iii) a framework for the synthesis of the safety-related control systems based on accident models and which includes the following methods: (a) elaboration of the HAZOP study, (b) construction of the accident models, (c) integration of the accident models with the HAZOP study, and (d) generation of the defense algorithms for the prevention and mitigation of the critical faults, via modeling techniques using extensions of the Petri net: Production Flow Schema (PFS) and Mark Flow Graph (MFG). The proposed methodology was verified, from application examples investigated in the literature.

Accident model

Acidentes (Controle)

Análise de risco

Controle de processos

Defense-in-depth

Functional safety-related control

Indústrias

Process industries

Safe diagnosability

Sistemas de controle

Controle relacionado à segurança nas indústrias de processos: uma abordagem integrada de modelos de acidentes, defesa em profundidade e diagnosticabilidade segura. / Safety-related control system: an integrated approach of accident models, defense-in-depth and safe diagnosability.

Reinaldo Squillante Junior

02 June 2017

A questão da segurança funcional das indústrias de processos vem recebendo uma atenção crescente pela comunidade científica mundial, uma vez que se observa a possibilidade de ocorrências de acidentes e as consequências indesejadas que estes acidentes têm provocado. Essas indústrias podem ser consideradas como parte de uma classe de sistemas denominados Sistemas Críticos, que são caracterizados pela possibilidade de ocorrência de falhas críticas, que resultam em acidentes com perdas de vidas humanas, danos ao meio ambiente e perdas financeiras envolvendo custos significativos de equipamentos e propriedades. Estes fatos justificam a necessidade de uma nova abordagem no que se refere ao design de processos, design de controle de processos, análise e controle de riscos e avaliação de riscos. Um dos desafios pertinentes à segurança funcional está associado a como vincular os cenários de acidentes aos requisitos para projetos de sistemas de controle relacionados à segurança das indústrias de processos de forma sistemática. Por sua vez, a possibilidade de ocorrência de eventos críticos e/ou eventos indesejados não observados ou ocultos, como fatores relevantes associados à evolução da sequência de eventos que culmina na ocorrência de um acidente. Neste contexto, o desafio está em aprimorar a eficácia destes sistemas de controle, que envolve o desenvolvimento de uma solução capaz de supervisionar o processo de evolução de falhas críticas, a fim de se garantir um nível de segurança funcional adequado e que esteja em conformidade com as normas internacionais aplicáveis IEC 61508 e IEC 61511. Portanto, estas considerações trazem novos requisitos para o projeto de sistemas de controle desta natureza, capaz de englobar modelos de acidentes e processos de evolução de falhas críticas. Uma solução é a consideração das abordagens de prevenção e mitigação de falhas críticas de forma integrada e interativa. Além disso é necessário abordar novas técnicas e conceitos para que se possa desenvolver um sistema de controle capaz de rastrear e atuar nos processos de evolução de falhas desta natureza. Uma possibilidade consiste em considerar o princípio de defesa em profundidade aliado à propriedade de diagnosticabilidade segura. O atendimento a este novo conjunto de requisitos não é trivial e se faz necessário integrar diferentes formalismos para o desenvolvimento de soluções adequadas. Portanto, este trabalho apresenta uma metodologia para o projeto de um sistema de controle baseado no conceito de segurança funcional para indústrias de processos, e que propõe: (i) uma arquitetura de controle para prevenção e mitigação de falhas críticas, (ii) extensão da classificação de barreiras de segurança focando na automação via sistemas instrumentados de segurança (SIS) (iii) framework para a síntese de sistemas de controle relacionados à segurança baseado em modelos de acidentes e que contempla os seguintes métodos: (a) elaboração do HAZOP, (b) construção de modelos de acidentes, (c) integração dos modelos de acidentes com o HAZOP e (d) geração dos algoritmos de defesa para a prevenção e mitigação de falhas críticas, a partir de técnicas de modelagem usando extensões da rede de Petri: Production Flow Schema (PFS) e Mark Flow Graph (MFG). A metodologia proposta foi verificada, a partir de exemplos de aplicação investigados na literatura. / The issue of the functional safety of process industries has been receiving increasing attention from the world scientific community, since it has stated the possibility of occurrences of the accidents and the related undesired consequences. These industries can be considered as part of a system class called critical systems, which are characterized by the occurrence of critical faults, which can result in accidents involving loss of life, damage to the environment, and financial losses involving equipment and property. These facts justify the need for a new approach that addresses: process design, process control design, risk analysis and control, and risk assessment. One of the challenges related to functional safety is associated with how to integrate accident scenarios to the requirements for the design of safety-related control systems of the process industries in a systematic way. Furthermore, there is the possibility of the occurrence of the unobserved or hidden undesired and / or critical events, as relevant factors associated to the evolution of the sequence of the events that corroborates in the occurrence of an accident. In this context, the challenge is to improve the effectiveness of these control systems, which involves the development of a solution capable of supervising the process of evolution of the critical and / or undesired events, in order to guarantee an adequate level of functional safety, and that complies with the applicable international standards IEC 61508 and IEC 61511. Therefore, these considerations bring new requirements for the design of control systems of this nature, capable of encompassing the accident models and the critical fault evolution processes. One solution is to consider critical fault prevention and mitigation approaches in an integrated and interactive way. In addition, it is necessary to addresses new techniques and concepts in order to develop a control system capable of tracking and acting in the evolution processes of faults of this nature. One possibility is to consider the principle of defense-in-depth coupled with the property of safe diagnosability. The fulfillment of this new set of requirements is not trivial and it is necessary to integrate different formalisms for the development of adequate solutions. Therefore, this work presents a methodology for the design of a safety-related control systems based on the concept of functional safety for the process industries, which proposes: (i) a control architecture for the prevention and mitigation of the critical faults, (ii) an extension of the classification of the safety barriers focusing on automation via safety instrumented system (SIS), (iii) a framework for the synthesis of the safety-related control systems based on accident models and which includes the following methods: (a) elaboration of the HAZOP study, (b) construction of the accident models, (c) integration of the accident models with the HAZOP study, and (d) generation of the defense algorithms for the prevention and mitigation of the critical faults, via modeling techniques using extensions of the Petri net: Production Flow Schema (PFS) and Mark Flow Graph (MFG). The proposed methodology was verified, from application examples investigated in the literature.

Acidentes (Controle)

Análise de risco

Controle de processos

Indústrias

Sistemas de controle

Accident model

Defense-in-depth

Functional safety-related control

Process industries

Safe diagnosability

Safeguards for Uranium Extraction (UREX) +1a Process

Feener, Jessica S.

2010 May 1900

As nuclear energy grows in the United States and around the world, the expansion of the nuclear fuel cycle is inevitable. All currently deployed commercial reprocessing plants are based on the Plutonium - Uranium Extraction (PUREX) process. However, this process is not implemented in the U.S. for a variety of reasons, one being that it is considered by some as a proliferation risk. The 2001 Nuclear Energy Policy report recommended that the U.S. "develop reprocessing and treatment technologies that are cleaner, more efficient, less waste-intensive, and more proliferation-resistant." The Uranium Extraction (UREX+) reprocessing technique has been developed to reach these goals. However, in order for UREX+ to be considered for commercial implementation, a safeguards approach is needed to show that a commercially sized UREX+ facility can be safeguarded to current international standards. A detailed safeguards approach for a UREX+1a reprocessing facility has been developed. The approach includes the use of nuclear material accountancy (MA), containment and surveillance (C/S) and solution monitoring (SM). Facility information was developed for a hypothesized UREX+1a plant with a throughput of 1000 Metric Tons Heavy Metal (MTHM) per year. Safeguard goals and safeguard measures to be implemented were established. Diversion and acquisition pathways were considered; however, the analysis focuses mainly on diversion paths. The detection systems used in the design have the ability to provide near real-time measurement of special fissionable material in feed, process and product streams. Advanced front-end techniques for the quantification of fissile material in spent nuclear fuel were also considered. The economic and operator costs of these systems were not considered. The analysis shows that the implementation of these techniques result in significant improvements in the ability of the safeguards system to achieve the objective of timely detection of the diversion of a significant quantity of nuclear material from the UREX+1a reprocessing facility and to provide deterrence against such diversion by early detection.

nuclear material safeguards

UREX

UREX+1a

Uranium Extraction

proliferation resistant

proliferation resistance

reprocessing

PUREX

Plutonium

Uranium

IAEA

TMFD

Tension Metastable Fluid Detector

detection probability

nondetection probability

non-detection probability

nuclear material accountancy

containment and surveillance

solution monitoring

process monitoring

false alarm probability

real-time measurement

material balance area

material balance period

key measurement point

significant quantity

timely detection

defense in depth

detector

non-destructive assay

NDA

front-end measurement

material unaccounted for

CCD-PEG

TRUEX

TALSPEAK