Vulnerability analysis is a necessary stage in creating an effective security system.
Based on its results, design options for technical security systems are developed.
The author proposes a methodology for creating engineering models and assessing vulnerability indicators and the effectiveness of a security system.
All this information will help managers solve problems of ensuring the security of facilities
A systems approach — as a tool for optimization and reducing the risk of erroneous decisions — requires that the creation of a new or modernization of an existing system be preceded by a justification of design and organizational decisions.
For security systems, the basis of such justification is an analysis of the vulnerability of the facility.
The vulnerability of an facility is understood as the degree of its vulnerability to the impact of intruders.
It is the opposite of the effectiveness of the protection (defense) of the facility, the degree of its protection from damage caused by intruders.
The vulnerability analysis of the facility is carried out in order to determine the possible consequences of the impact of intruders on the elements of the facility, assess the vulnerability indicators of the facility (security effectiveness), identify weaknesses and shortcomings of the existing security system or the design options of the system under consideration, and ultimately — select the best option for the security system for a specific facility.
Vulnerability analysis of an object includes:
• development of an intruder model;
• identification and categorization of particularly important areas of the object;
• assessment of vulnerability indicators;
• identification of weaknesses and deficiencies in the security system.
Intruder model
The intruder model defines:
• categories (types) of intruders that can affect the object;
• goals that may be pursued by violators of each category, possible quantitative composition, tools used, accessories, equipment, weapons, etc.;
• typical scenarios of possible actions of violators, describing the sequence (algorithm) of actions of groups and individual violators, methods of their actions at each stage.
It is necessary to take into account both external intruders who enter the territory, zones, buildings and premises of the facility from the outside, and internal ones, i.e. from among the regular personnel of the facility or from among the visitors who have the opportunity to legally obtain a pass or access to the facility.
Naturally, it is necessary to take into account in the model the possibility of collusion and joint actions of external and internal intruders.
The intruder model should include the most comprehensive information about the actions of intruders. It is also advisable to assess the degree of possibility or subjective probabilities of the use of each selected category of scenarios and methods of action by intruders.
To obtain the specified estimates, special models and methods are used that use expert assessment methods.
Of course, for certain objects it is entirely acceptable to exclude from consideration some categories and unlikely methods of action of violators.
But it is still better to describe and characterize in the model as fully as possible all potential violators, including hypothetical ones, and clearly indicate which categories and methods of action are excluded from consideration for a given object today and on what grounds.
At the same time, it remains possible to subsequently refine previous views and strengthen security taking into account more dangerous violators.
The violator model may have varying degrees of detail.
The content model of violators reflects the system of views adopted by the management of the facility, agency on the contingent of potential violators, the reasons and motivation for their actions, the goals pursued and the general nature of actions in the process of preparing and committing actions of influence.
Violator Impact Scenarios define classified types of actions committed by violators with specification of algorithms and stages, as well as methods of action at each stage.
Mathematical Model of Violator Impactis a formalized description of scenarios in the form of a logical-algorithmic sequence of actions of violators, quantitative values that parametrically characterize the results of actions, and functional (analytical, numerical or algorithmic) dependencies that describe the ongoing processes of interaction of violators with elements of the facility and the security system.
This type of model is used for quantitative assessments of the vulnerability of an object and the effectiveness of security.
The model of violators should be drawn up as a separate document, agreed upon with all services related to ensuring the security of the facility and approved by management.
Isolation and categorization of particularly important zones
For the facility, it is necessary to identify all zones and premises, upon penetration of which intruders can cause damage of a certain category to the facility.
These zones, buildings and premises are target zones of intruders.
These include zones of access to especially valuable materials, equipment, information carriers, as well as the use of fire or sabotage weapons, etc.
The specified zones should be divided into categories of damage.
Examples of damage categories are: unacceptable damage, when violators can cause a major accident, steal especially important documents, information, equipment; significant damage, when the consequences of theft or sabotage paralyze the operation of the facility for a certain period of time; material damage (large, medium, small), when the consequences will be material losses of the corresponding scale.
Categories of damage are ordered by their danger.
In general, the category of buildings and objects is determined by the most dangerous category of damage to especially important zones in the building and at the object.
For each category of zone, building, object, the required degree of protection or standard indicators of vulnerability (efficiency) should be determined.
As an alternative, it is possible to set general requirements for the construction of a security system and the characteristics of its elements.
Work on standardization of object categories, definition of standard vulnerability (efficiency) indicators or general requirements for security systems of typical object categories is still of an intradepartmental nature.
Existing documents that set requirements for equipping objects with technical security equipment (Ministry of Internal Affairs, other departments) are, mainly, in the nature of general practical recommendations that do not allow for a direct assessment of the final effect of their implementation at a specific object.
Assessments of vulnerability indicators
The vulnerability indicators of an object and its particularly important zones are the degree of vulnerabilityin an ordinal scale of assessments (example of degrees: very high, high, average, below average, low) or the probability of successful impact of intruders Pв in a probability scale. The inverse indicator in relation to the vulnerability indicator is the security effectiveness indicator — the degree of protection of an object (zone) or the probability of neutralizing intruders Po before damage is caused to the object. These indicators are related by the ratio Po = 1 — Pв, therefore any of them can be used in the analysis.
To assess vulnerability (effectiveness) indicators, mathematical modeling methods are used, for which special models and methods are developed. The assessment model is a formalized algorithm for calculating the specified indicators.
The methodology determines the procedure for preparing and entering initial data, obtaining and presenting assessment results.
Modern assessment models are implemented in the form of computer application programs.
Today, models and methods for assessing vulnerability (effectiveness) indicators are known, developed in the USA and other countries.
Such models exist in a number of Russian departments, but the latter are of an intradepartmental nature and have not yet found wide application and recognition.
The disadvantages of the simplest models are the need to create separate schemes for each possible route of violators.
Since the number of routes can be quite large, it is necessary to limit the choice to typical or the most dangerous routes.
At the same time, the role of the subjective factor in conducting assessments is too great
Analysis of these models allows us to identify the general principles of their construction and the approaches and methods used. The actions of intruders determine the route (routes) of movement at the facility and the methods of action when overcoming physical barriers, technical security equipment and when interacting with security forces, as well as the facility's personnel.
The first models were created to assess vulnerability indicators for individual routes of intruders.
The route is conventionally displayed as straight line segments with protection boundaries between the segments (example in Fig. 1).
In the figure:
Р1 — perimeter protection boundary of the facility's territory;
Р2 — perimeter protection boundary of the facility's local zone;
РЗ — building penetration boundary;
Р4 — building penetration boundary;
Y1…Y4 — sections of movement of intruders between the boundaries of protection and to the target.
The time of movement of intruders to the target is the sum of the time of overcoming the boundaries of protection and movement between the boundaries.
The time of movement along the section is determined by the speed of movement of intruders and the length of the section.
The speed of movement is usually taken as average or maximum possible, but can also be modeled as a random variable with a certain distribution law.
The time it takes to overcome a security boundary is a function of the method used by intruders to overcome it, the equipment of the intruders, and the characteristics of the physical barriers at the boundary.
The latter depend on the type of each barrier at the boundary or the structure of several barriers, as well as the technical means of protection at the boundary.
The protection boundary is characterized by the probability of generating a signal (signals) for triggering the boundary detection means and the ability to assess the situation in the triggering area by the security system operator using remote monitoring means or an alarm group sent to the area in the absence of monitoring means in the system.
The probability of neutralizing intruders is calculated as the product of the probability of intercepting intruders by the alarm group and the probability of neutralizing intruders if the latter resist.
The probability of interception is calculated by modeling the movement of intruders along the route and security forces in response to alarm signals. To calculate the probability of neutralization, a neutralization (battle) model is used — usually a separate program module.
Therefore, the next step was to create models that reflect the structure of the facility as a whole and allow for the enumeration of all possible routes, the identification of the most poorly protected routes and security elements on these routes, solutions for strengthening security, etc.
The diagram of the facility with a security system in such models is a set of zones (sections) and security elements (PE) between these zones (example in Fig. 2).
| The diagram shows the security elements located between adjacent zones. Examples of security element types are: perimeter fence with a set of technical security equipment (EZ-1, EZ-4), checkpoint (EZ-2), transport gates (EZ-3), people's passage gateway with access control and management equipment (ACM) (EZ-5, EZ-8), transport gateway with ACM equipment (EZ-6), door (EZ-9, EZ-12), window (EZ-10, EZ-13), building wall (EZ-11), internal wall of a room (EZ-14), external wall of a room (EZ-7 — the case when the room faces the facade of a building), safes (EZ-15). After creating the actual diagram of the facility, the parameters characterizing them are entered for the zones and security elements. In addition, parameters are set that determine the model of actions of violators. |
|
The vulnerability indicator assessment algorithm usually implements a sorting through all possible routes of intruders, calculating the indicator values for each route, determining the most vulnerable routes, and interception points for intruders.
Often, the model implements processes for determining weak security elements that intruders overcome without significant delay or with low probabilities of detection and assessment of the situation, a targeted sorting through options for strengthening these elements with the issuance of recommendations on methods for strengthening them, etc.
The main problem in creating such models is the formation of a database of similar data on the values of parameters characterizing zones, security elements, violators and security forces.
Obtaining such data experimentally requires a lot of time and resources, and is often difficult, especially when taking into account the different methods of action of violators and security forces (examples of difficult-to-determine data: the probability of a person passing through with a fake pass, the probability of a security system malfunctioning without issuing failure signals, etc.).
To obtain this data, it is often necessary to develop special private models.
But such problems are quite solvable.
The practice of using such models has shown that they are very convenient and useful in substantiating design decisions.
The very process of creating and using evaluation models, analyzing the results obtained provides exceptionally rich information for specialists.
Perhaps the most important thing in using models is the formalization of assessment and analysis procedures, reduction of subjectivity in assessments, and a clear presentation of the effect of implementing a specific security system.
The directions for developing vulnerability assessment models are the implementation of a graphical representation of an object close to reality, interactive control of the actions of violators, security forces, etc. (game models).
It is best to have a set of assessment models that use various methods of calculation and modeling, levels of detail and presentation of the structure of the object and the initial data.
Based on the results of the vulnerability analysis of the facility, design versions of the security system are developed, for which the vulnerability indicator assessments are repeated.
Ultimately, taking into account cost and resource constraints, a choice is made of the security system to be implemented.
The vulnerability analysis clearly determines from which intruders and with what effectiveness the facility is protected, what other measures will need to be taken in the future if there is a need to strengthen protection.
Thus, vulnerability analysis is a necessary step in creating an effective security system.
Development of vulnerability analysis methodology and creation of engineering models and methods for assessing vulnerability and efficiency indicators is an important area of work to solve problems of ensuring the security of facilities.
Glossary of terms
Facility vulnerability— the degree of its vulnerability to the influence of intruders. It is opposite to the effectiveness of the facility's security, the degree of its protection from damage caused by intruders.
Intruder model — the most comprehensive information about the actions of intruders.
Intruder impact scenarios define classified types of actions committed by intruders with specification of algorithms and stages, as well as methods of action at each stage.
Intruder target zones are those, upon penetration of which intruders can cause damage to an object of a certain category.
Unacceptable damage — when intruders can cause a major accident, steal especially important documents, information, equipment.
Significant damage — when the consequences of theft or sabotage paralyze the operation of the facility for a certain period of time.
Material damage (large, medium, small) — when the consequences of the damage will be material losses of the corresponding scale.
The time it takes for the intruders to reach the target is the sum of the time it takes to overcome the defense lines and move between the lines.