Nuclear 101: Technology and Institutions for Nuclear Security -- Part 1/3: Technologies

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

today our speaker is Matthew Bunn known to all of you matt has been working on these issues I guess for at least two decades since time immemorial yeah and knows more than anybody I've met about these issues and so we're in for a treat on technologies and institutions for nuclear security I would say fashion fasten your seat belt put your helmets on maybe a little bit of a scary ride at times man all right thanks very much we we just thought you know we have this nuclear 101 series the purpose of which is I'm going to stand up actually just because they're filming over there it'll probably work better purpose of which is to give people sort of a taste of things that if you're going to be a professional in nuclear policy matters you oughta at least heard a little bit about and we thought goodness you've been here the whole year and you haven't heard anything about nuclear security yet and given that the there are is this process of global summits on the subject and we are one of the main centers in the world thinking about it outside of government we thought we should correct that so I'm going to tell you most of the talk is going to be about the technologies and in fact I have more slides and I'll probably succeed in getting two so we may end up not making it to the sort of regulation and international institutions part talk a little bit about what I think are the key problems the nuclear security has to solve although if you're here to hear about the risk of nuclear terrorism I'm not going to do that because I'm sort of taking that as a given but there's lots of things that lots of publications I can point you to if you want to talk about that I can talk about that more on that given a approaches to assessing how good your security is the particular technologies physical protection material control material accounting writ national regulations and then international framework so let me start off with a couple of incidents because they highlight two problems that are I think the key the difficulties for nuclear security one is that adversaries are sometimes clever and they look at what you're doing to defend and try to figure out a way to overcome it so an earthquake doesn't pick the most vulnerable nuclear reactor to happen and the earthquake goes to that reactor but a terrorist will do that to the extent that they can figure out which one is the most vulnerable and of course the specifics of the security measures are secret so there's a limit to how much they can figure out what your security measures are but sometimes they can figure out more than you expect especially if they manage to recruit an insider in your facility know what is going on here we don't want to install any items right now okay the second problem is that your defenders are imperfect human beings they have other priorities they're distracted they're bored they every hour they spend on good security is an hour they didn't spend on something that's more likely to get them promoted or get them arrays or be interesting to do guarding a facility day after day when nobody ever attacks it is it's really hard to keep make people pay attention so this came up in the United States last summer there was an intrusion by an 82 year old nun and two of her colleagues were in their 60s they went through multiple layers of security fencing and ended up right to the wall of the building in fact they were painting with blood on the wall of the building we're literally hundreds of tons of weapons-grade highly enriched uranium metal is stored you know enough for thousands of nuclear weapons so this is obviously a problem now to be fair that building is designed in a really cool way that I'm not supposed to talk about but I have if I had a small army outside that building with explosives it's not obvious to me I can figure out how to get into that building so it wasn't like they were about to steal the a to you or anything but still it was clearly a massive security failure and it was really a problem of culture so the securities they had a new intrusion detection system and it had increased the number of false alarms by a factor of ten it was more sensitive than the old intrusion detection system and so there were false alarms happening all the time and normally what you would do is you would assess whether the alarm was caused by a bunny rabbit or the wind or an actual intruder using a camera well the cameras had been broken for six months and nobody had bothered to put them on the priority list of the things that needed to be fixed and the reason was because they assumed well we can have the guards go check out but since there were so many false alarms the guards had given up on going out and checking out it is just like this it's another false alarm think about it from the point of view of the guard 99 to a hundred percent of all of the alarms that will ever occur during his entire career our false alarms so and the one percent possibility might be that it's a test rather than it you know because that most foremost guards a real attack never happens during their entire career so the cameras were broken guards assumed that false alarms were false even though you know it was one fence and then another fence and another fence the the guards who were inside this highly secure building heard the protesters pounding with hammers outside the building and even though it was before dawn assumed gee there must be some construction going on that we haven't been told about you could have thought they would have at least checked but but no so there was it was a very profound breakdown in in security culture in terms of management in terms of tolerating that there were all these false alarms tolerating that the cameras had been broken for months and then tolerating that the guards you know weren't in fact going and checking out the false alarm but you know it's a difficult problem to keep these guards motivated so that's one lesson is you're don't assume you're different are always perfect so here's a question for you they actually did a study once of what is the probability if you have guards up in guard towers that they will notice somebody going across the fence what do you think yeah if you know up a square place with guard towers at each of the four corners watching the fences in between the guard towers what's the probability they'll notice if somebody goes across those fences good any other thoughts and the u.s. tests the probability was 30% detection probability four guards and guard towers so people are imperfect they're they're doing other things you know there's one case in United States where the guards were smoking weed and playing cards in the guard tower you know I mean it's boring up there all right yeah the other problem is that bad guys can be clever so the Antwerp diamond Center is an amazing facility 80% of all the worlds cut diamonds go through the Antwerp diamond center as you might imagine it's one of the most secure facilities in the world I and yet in 2003 thieves succeeded in breaking in to one of the key vaults of the Antwerp diamond center and stealing their varying estimates between 30 million and a hundred million dollars worth of diamonds other gems cash stocks etc this is the stuff that they left on the floor and this is probably hard to read but there were an amazing number of security measures that they managed to overcome first of all the building of course was locked and they had vehicle barriers to prevent unauthorized vehicles from approaching the building secondly there were security cameras throughout the building thirdly when you get to this vault they had a big thick steel vault door which required both a key the combination to open the vault door it had up at the top there that rid thing up toward the top of the door is a magnetic switch where if you open the door it automatically sends a signal to the local police station and so when you want to open the door for normal operations they would send a message to the police station saying you know it's okay then there's a door inside the vault door that can only be opened by a buzzer from upstairs in the vault control room there are there's a security camera observing the vault door there's a security camera inside the vault there are is a infrared sensor inside the vault there's a vibration sensor inside the vault and there's a motion detector inside the vault each of the little lock boxes is locked quite securely with it requires two separate keys one held by the Android diamond center and one held by the owner of that particular lock box and one by one the thieves figured out how to overcome every single one of these security measures so it turns out the key to the to the vault was stored in that door over on the left which was easy to break into the key was in there what the heck they were thinking I have no idea and then the combination it's still a little bit of a mystery how they got the combination one possibility is that when you put the combination in and open the door when you then close the door in normal operations you have to spin it in order to get the combination back out and essentially to lock it and it's these conceivable to guard again you know was inattentive and didn't spin it or something like that the magnetic switch to the police they actually developed a means to remove so it was it would basically send a signal if two plates were separated one of which was attached to the door and one of which was attached to the wall and they managed to separate the one attached to the wall from the wall so they were able to the door without separating the two things and a signal was sent to the police they covered over the security camera that was watching the door and the word and he wasn't anybody watching those security cameras at night they would come in in the morning to look at the security camera so after they cleaned out the vault they went and stole all the tapes of themselves you know throughout the building and so on they had they had built over the course of a number of months a special machine for breaking the locks on each of the lock boxes they put cloth and then styrofoam over the infrared detector and the motion detector and so on so it was I mean they had it's been over a year collecting intelligence on all of these security measures and triggering out how they were going to overcome them so a your defenders are imperfect and at least a few bad guys may be clever most bad guys are not clever unfortunately but a few bad guys may be clever all right so let's talk more specifically about nuclear security so first of all what are we talking about the IAEA has a very broad definition which is written here I'm not going to read it out but it's basically covering the whole spectrum preventing theft pretending sabotage preventing the Mellisa transfer of these things after they've been stolen protecting other radioactive substances protecting facilities etc the focus of this talk is going to be a subset of that which is how do we keep nuclear weapons themselves and the plutonium or the highly enriched uranium you could use to make nuclear weapons from being stolen and I'm assuming as I said that that this is an important problem that we need to worry about and if you want to talk about that there is things we can point you to all right so part 1 of this talk is about the technologies and I'm going to first talk about sort of how do you think about the problem and you really need to take a systems approach not just focus on one particular element but how the whole thing works together you've got to define what is the threat that I want to defend against is it one guy with a sidearm is it a whole bunch of really sophisticated people this was the entertainment center was carried out by a gang that sometimes known as the school of Turin and they had you know a lock-picking guy and I'm a sensors guy and a you know they had specialists for all the things that they wanted to do we have to specify what targets are going to be defended design and build a system that you think is capable of defending those targets against that threat but then once you've done that sometimes you make mistakes etc so then you assess well how well does the system work you can assess it with expert judgment with computer analyses and with realistic tests can it in fact defeat an adversary who's really thinking hmm it's got this security measure and that security measure how am I going to overcome that because there's a lot of things that actually look great on paper or in a computer analysis that collapse like a house of cards in the face of a really intelligent person thinking hmm oh I've got an idea about how to overcome that the bad guys will do things you haven't thought of that's the problem so then you once you've done the assessment and found some vulnerabilities design and you design and build fixes I have a colleague at Argonne and Roger Johnston who has a wonderful set of what it calls security Maxim's that are available on the web I encourage you to Google security Maxim's because they're both instructive and highly entertaining but one of them is the thanks for nothing Maxim which is any vulnerability assessment that finds no vulnerabilities is incompetent and wrong similarly I one of my favorite talks ever on cyber security was the chief of security for mi t--'s Network who began his talk by saying anyone who thinks that their network is secure is a anyway be that as it may so you try to fix the vulnerabilities you identify you operate the system and the key is again the human factor keeping people motivated keeping people taking security seriously when General Eugene hamburger was the security czar for de he said to me good security is 20% equipment and 80% culture unfortunately the literature on nuclear security is I would say 95% equipment and 5% culture so we need to change that some but this talk will have a lot of equipment I'm afraid all right so the first thing you do is think about the threat and this is you're typically design a system to be able to handle a particular threat and so that's because it's what it's what the system is the basis of the design it's called the design basis threat and includes things like how many people are we talking about how are they motivated how skilled are they what kind of weapons do they have what kind of equipment do they have and so on and there are a lot of threats that bad guys have demonstrated in either terrorist attacks or robberies or whatever around the world so in some cases they've managed to do large overt attacks with no warning you know lots of guys with guns showing up I actually think we probably spent too much money in the United States on the guys arriving with guns blazing threat and not enough on the sort of you know deception insiders those kinds of threats they read multiple coordinated teams it's a lot harder to defend against two teams attacking at once you know than it is to defend against one team so one team for example might be assigned to prevent the response forces from arriving mining the road picking off people as they as they come and so on covert attacks is a big problem there are often you know that the interrupt diamond Center was a covert attack they spent the whole weekend in the ball you know breaking open lock box after lock box after lock box after lock box and nobody knew they were there use of unusual vehicles is is is more frequent than you would think helicopters are not hard to feel or ramp they're frequently used in jail breaks insider threats are a major problem if you look at most of the nuclear thefts that really have happened it appears they were carried out by insiders often we don't know for sure because the first time we knew the stuff was missing was when it got seized and so we don't know how it got stolen but the circumstances and the fact that you know it was done covertly and nobody noticed suggests insiders in general but also if you look at thefts from major guarded facilities in the commercial world insiders insiders insiders and more insiders it's it's fairly rare that there isn't an insider involved in such a theft I mean it does happen but insiders are a big problem they could be motivated you know they could be desperate economically that could just be greedy that could be bribed that could be ideologically converted like the Fort Hood shooter for example that can be blackmailed so that that same cyber security talk he said you know I was visiting this company and the guy showed me the room where he kept all of the keys for all the secure areas for the company and I said so who has the key to this room and he said only I have a key to this room so it's no problem he said ok now I've just captured your family am I going to get into this room so and there was a case just as an example of that in real life the northern bank I don't know how anybody heard of the northern bank heist northern Ottawa yeah Northern Ireland yeah said the northern bank had a perfectly sensible security system were required to senior officers of the bank to turn their keys at the same time and over to open the vault door and a splinter gang associated with Veta well often an offshoot of the IRA kidnapped the families of two of the senior officers of the bank and they open the vault door and off the gang went with millions of dollars what was odd about that ah theft is that in Northern Ireland unlike in almost anywhere else in the world each bank prints its own money there's no central bank currency so the bank just cancelled all the stolen money and said if you have legitimate money from us you know come in and turn it in for new money so why why that theft occurred is a little bit of a mystery but some tactics that you need to worry about in designing these systems deception is a big one people arriving with apparently official uniforms apparently official paperwork and so on in Taliban attacks in Pakistan for example you've they frequently arrive in army uniforms with fake army IDs and get through the outer layers of the security system of a base or whatever by that means it's amazing how rapidly you can breach various barriers alright so here's an amazing fact for you a metre of reinforced concrete ok steel rebar etc what do you think is the delay time for a that in in us tests when they said ok it's suppose I'm a terrorist how would I get through this I'm going to use some explosives buh-buh-buh-buh-buh how long would it take me to get through a wall that's a meter stack of reinforced concrete anybody have a guess all right 45 seconds all right he's the closest 90 seconds is the estimated delay time for a meter of reinforced concrete so it's remarkable how fast they can blow their way through various things they can also avoid barriers so for example there are many cases of banks being robbed why people not going through the vault door by tunneling underneath and coming up into the vault from underneath and there's the problem of conspiracy with multiple insiders working together or insiders and Outsiders working together ok so the security system needs to do several things it needs to detect that something is happening and set off an alarm so you have lots of different kinds of intrusion detectors on your fences seals containers of nuclear material that will go peepee beep if then the canister is open that kind of thing then you need to assess what is it that cause the alarm is the seal just broken you know is there a rat nibbling on the seal or is there actually somebody opening up that nuclear material container then you need to communicate it's no good that somebody knows that something bad is happening if they're unable to communicate the response forces and tell them that you need to do something about it then you need to delay the bad guys so that it takes them a while to do whatever unfortunate thing it is that they want to do until you can get your response forces to arrived until as I put it on the slide the cavalry can come over the hill and then you need a response force that can actually defeat the bad guys and say they need to get there fast enough to do that and they need to be capable enough and well-armed enough to do that so this is sort of the way you might model such a thing so you have the off-site area outside your facility then you have some kind of a you know fairly basic fence say a chain-link fence or something like that that holds that is the limited area where you know in principle people aren't supposed to go unless they're employees at the facility or whatever then you have a more serious fence around the protected area then you have an actual building within the protected area within the building you might have a particular room that has other controls and then the actual highly enriched uranium would be in say a vault within that room the target enclosure okay so each of those things you would have to get through and so you model it by saying okay I've got I've got a certain number of ways I could get from area one to area two so those are elements of my path to the target and then you think about ways I can block those paths to the target so this is one very simple version there's a computer program called easy that's the most simplistic analyses of this kind of thing which is just easier to put on a slide and so they have certain the probability of detection at various points in the system and then the amount of time that it takes for the adversary to do various things and with uncertainty so you have a standard deviation and then you have the amount of time it takes the response force to arrive so that the response force doesn't get there for five minutes and a lot of things happen pretty quickly and you have no detection until they're opening the door alright so when you add all that together the but they you have very little ability to defend this facility because it's only 220 seconds in between when you first detect them and when they can commit a successful sabotage and you've got 300 seconds for your response force to arrive so there are a variety of fixes you could do you could add detection capability at the fence so that you're detecting a much earlier in their sequence you could put in stronger bolts that it would take them more time to get through the vaults etc etc and you can move the response force closer or give them better vehicles or something like that again the importance of the human tractor I've talked about this already so I will I will skip this one one interesting example in the United States they did a security a surprise security inspection at one point while the Superbowl was on sure enough guards were all in the guard shack watching the Super Bowl adversaries might think of that all right assessing vulnerability assessment so how good are our is our ability to really assess these security systems so I would argue the vulnerability assessment is a very useful tool for identifying weaknesses and so on it's not a very useful tool for thinking about what is the absolute magnitude of the probability that somebody is going to be able to defeat my system because you've got intelligent adversaries who are going to do stuff that you haven't thought of in even in probabilistic risk assessment we were talking about safety where it's just things that happen randomly even so things happen that you didn't think of so both Three Mile Island in Chernobyl were pathways that had never been included in anybody's probabilistic risk assessment up until that time and that the pathway for Fukushima was included but dismissed as being too low probability to worry that so given that we haven't done a good job on any of the major accidents that have actually happened it suggests that our ability to understand the absolute magnitude of risk is not that great our ability to identify particular things that are a problem and that need to be fixed is very good but our ability to identify the absolute magnitude of risk is not very good so that's partly why I think there's a real need for realistic tests where you have sort of people pretend to be bad guys trying to break in now there are many many issues with this as well realism is an obvious issue so you know the issue at y12 was guards assuming that alarms are being were false alarms and not bothering to check them out well if they knew that a test was happening that wouldn't happen right so that so the y-12 had done an excellent job on most of the recent security tests that have been done there because they knew that a test was happening inside the heart right but you can't really do it no no notice exercises least in the United States for safety reasons we never do no notice exercises I talked to a guy from Russia who did used to do no notice security tests they weren't you know arriving with guns blazing security tests they were deception security tests where he would have you know a fake uniform and a fake ID and see if he could you know Bluff his way into the place but still you know somebody might shoot you and I think in the United States we would be unwilling to do that that kind of testing similarly it's hard to test the insiders ability to get stuff out because everybody knows the insiders and you know it's it's so testing is important but difficult to do properly and often expensive to do properly the other thing that makes testing really important is that imagine that you're the person in charge of assigning money for say the Department of Energy which you may not realize runs the nuclear weapons complex in the United States the security guys are always going to be saying we need more money you know the security isn't good enough we need more money how do you know if they're just being security guys in wanting more money or if they really need more money what if your facilities are failing spectacularly in real test then he's like oh well maybe it's not this is just the security guys being annoying maybe they actually do need some more money and that has has been true in the United States over and over again that that failed tests have led to further investments I've talked about the importance of security culture already so I'll skip that but this is just an interesting example so this is a photograph from a Government Accountability Office report of you know a nice security door and a fence installed with US money in Russia that was propped open and what's amazing about this photo is it's propped open on the day when the American inspectors are there to see it being propped up and which means that the people there really didn't have the idea that it was an issue for it to be propped open so some of the technologies the obvious thing to do is put a fence around your site a typical thing to do is have two fences with a clear zone in between and intrusion detectors of various kinds so that you would notice if somebody was going through that clear zone that's called a perimeter intrusion detection and assessment system or Pettis they're doing it properly is expensive it's a bat I did this several years ago so it's probably more now but at the time I did this is about $3,000 a meter so if you're building a kilometer fence that's going to cost you some money at about 10% a year for operations and maintenance as well and also this is one that was installed with the u.s. assistance at our Russian nuclear facility you can see there's snow on the ground some of the places in Russia also some of the places in North Dakota it's cold I mean it's really cold and the the equipment tends to break more often so you need equipment that can withstand whatever the temperatures are you know I would have guessed that u.s. provided equipment if it was used in India or someplace like that would probably break as well cause it's too hot and too moist and so on intrusion detectors is a bunch of different kinds you can have what's called a taut wire detector where there's literally just a taut wire on the fence and as you're trying to climb the fence or get under the fence or whatever it disturbs the wire and that ends up sending a signal microwave detectors infrared detectors each or have different problems and issues so usually you have two independent kinds of detectors and then you usually have cameras as well so that when the guards sitting in the central guard station hears an alarm he looks to the camera pointing at that sector and says what's there unfortunately there are a variety of techniques for you know briefly blinding the camera or dazzling the camera and there are natural events that do that like lightning and stuff like that but you can maybe mimic and so again the the probability he's going to see people going through the defense this is not a hundred percent at y12 in the recent incident what kind of intrusion detector was defeated they weren't defeated at all they just set him off they set him off they were sitting off every alarm in the book and the cameras weren't you know the cameras were broken so their guard at the central guard station said I got a lot of arms going off oh boy he's got a lot of alarms going off oh well so no that was not a sophisticated attack at all it was like I'm going to defense attention I'm going through the vents so cameras as I mentioned you can see the little Eagle on this one this is a camera at our Russian nuclear weapons storage facility installed with US assistance again adversaries their variety of ways you might be able to blind the camera exploit spots with broken cameras I remember when I was frequently in Moscow in the 90s we installed about pretty serious fence with intrusion detectors and cameras and stuff around the u.s. embassy literally for I think three years there was one of the cameras that was just yeah it's supposed to be pointing this way to wear them you know next camera is and he'd go all the way around like that and it was just obviously pointing straight down at the ground I was like everybody at the Embassy is walking past the same camera every day and nobody fixes it before this equipment is you can see right and you can think about how you can fake ending ending there's other there are other equipment that's not of them that you don't observe right indeed and it ended in D although it's harder to put the hidden equipment on the fence line usually the hidden equipment is more in the building so barriers there's lots of ways to delay people fences walls vaults this is a new bottom right there's a metal tie down where you you know it's just steel bars that you'd have to cut through or use explosives to get through and so on and there are newer technologies that offer more delay anybody heard of sticky foam sticky foam is as the name implies so it's a foam that is extraordinarily sticky and you know it sprays up from the ceiling in a vault or whatever when somebody intrudes in the wall you can't go anywhere and it's not obvious you know how to get yourself out of that situation cold smoke is another one if you have night-vision goggles if you have this cold smoke you can't use you still can't see through it and so it becomes very difficult to do whatever you're doing because you can't see where you're going so you know what's what's the big problem in that top picture you can see them there they're standing right by the stop sign they would be shot in the opening moments of any actual attack there there are possibly a useful deterrent to give people the idea that they're security there but they're not at all useful in actual defense whereas on the bottom picture that's an armored fighting position where you know you poke your gun out from one of those little holes that's going to be a lot more useful for you so you're going to have protective forces with the numbers the armament the training etc to be able to defeat the adversaries and it's remarkable there's there are still nuclear facilities in the world today with highly enriched uranium or plutonium that have no armed guards on-site at all and that rely on guard forces you know that are maybe ten minutes away but they're ten minutes away if nobody's trying to prevent them from getting there access control is another important set of technology so you want to limit who gets in to the authorized personnel that have you know permission to go into those places to only the people that you've already screened for trustworthiness and this is usually based on either something you have like a key something you know like a password or something you are like a photo of your face a fingerprint a retina scan something like that turns out the guards checking photo IDs are really not very effective IDs are easily faked and the guards attention wanders but it's pretty easy to do for example a you know magnetic passcode combined with a password but then you know can you capture somebody and you know force them to to get there to give you their password etc personnel screening is a key element of security typically you do a background check before hiring somebody look whether they have a criminal record where they have any terrorist links what they're you know if they're in desperate financial trouble or you know variety of things you might look at some organizations also use polygraphs polygraphs are sort of mumbo jumbo they don't actually succeed very often in detecting lies but they do scare people and so there they have some deterrent value in that respect there's a bunch of things that you do for ongoing monitoring re-inspect reinvestigating people every few years sort of well and I were joking the other together the other day that some of the ridiculously ineffective procedures used for that purpose in the United States in general this stuff in the u.s. experience often doesn't find the spies the spies are found by other means so whether it would find the thieves you don't know but you certainly should do it the question is how much you should rely on it material control so now we're getting talking about the insiders personnel screening material control so this means trying to be aware of where the material is all the time so you have security cameras at all the nuclear material areas variety of other sensors you might have for example a rack of canisters with nuclear material and you might have a sensor on that rack that if the weight changes it will set off an alarm so if somebody opens one of the canisters and pulls out the plutonium that would set off an alone you can have tags and seals a lot of tags and seals are passive so you would have to wait till somebody came and check the seal but you can also have active radio frequency seals that send an instant radio report if they're tampered with or even report on their health regularly and so if they stop reporting you would know that there was a problem you can have material detection it doors I'll show you some pictures of that in a moment vaults access control to man rules very important or two-person rule I should say in this day and age although it's again not as effective as people think so the idea of two-person rule is nobody's allowed to be alone with a nuclear weapon or plutonium or highly enriched uranium and each person keeps an eye on the other person etc but typically person has a job to do and they're focused on doing their job so they're not actually watching the other person as much as you might think although you can there are situations where you make it's a one person's job is only to watch the other person so when they're disassembling nuclear weapons at pants acts for example there's a guy you know they have a list of the steps they have to take and there's a guy who does a step and there's another guy watching him do the step and then they each sign off that that step has been done and then they do the next step you obviously don't mess around with nuclear weapons when you're working with that tags and seals are extremely important widely used in international safeguards as well as in security so basically they're intended to reveal if something's been tampered with and they've existed for millennia in various forms until fairly recently I'll show you a picture in a moment the Russians we're still using wax seals which is the same technology louis xiv was using to seal his letters but it's ideally what you want to have is uniquely identifiable seal so that somebody can't just you know put the same seal on after breaking the seal and seals that are difficult to defeat unfortunately again there are clever people and there's a this guy Roger Johnston in particular his team has come up with amazing ways to defeat almost every known seal using in matters of minutes using equipment from any hardware store he says it's getting better now that that's some of them are harder to defeat than they used to be but in particular one recent idea is combining the seal with continuous video monitoring so that's in the bottom right there you have a basically a video camera that's watching the seal continuously so that makes it trickier to defeat so then you have to defeat the communication from the video camera to we're right how many people saw Ocean's eleven all right you remember how they how they defeated the video camera in the vault and they play a video of the bulb they made up a fake vault took a video of that and fed it into the system and and that's how remember the casino manager eventually realizes wait a minute it doesn't have the thing with that we just put down on the floor three days ago on that video it's not actually a picture of my vault all right so these are this is a from the mid-90s so the padlock on the left you can see you can break that with have a bolt cutter from any hardware store reside in return rhenium in that room and there's one of the wax seals I had another picture that they never let me use in unclassified talks that had a wax seal like that and then on the floor there's a little pile of broken wax hills this particular facility is very cold and so the wax seals flake off and when they flaked off they just slapped another one on without bothering to go in and check whether now to be fair in Russia now that those things have been fixed in particular you don't see doors like that anymore material control portal monitors is a big thing so these are things that if you're walking out of a nuclear facility and you've got plutonium in your pocket you it sets off an alarm so you literally could put plutonium in your pocket this is uh this is not plutonium but this is from a facility called the Institute physics and power engineering and odd Minsk they have 80,000 of these that are made of either weapons-grade plutonium or a weapon grade highly enriched uranium you can see they're pretty small you could put a better dozen of them in your pocket in the case of plutonium or something of the order of 100 of them would be enough for a bomb when we started working with them they had no they weren't had no individual identification on each one and there's a bunch of fake ones that are just aluminum or whatever so it would have been easy to swap fake ones for the real ones there was no detector no portal monitor at the door to set off an alarm they weren't in a vault bah-bah-bah now they're all evolved you know there's portal monitors there security cameras etc and each have engraved on them via laser and individual barcode with their particular number so if number twenty thousand eight hundred and forty one is missing you know the money we've spent on this stuff has has been worth something it really there's certain nuclear facilities in Russia that just wants the cockles of my heart when I go there because I saw the way it was in the 90s and I see the way it is now I'm just like yeah that's different it's not perfect but it's way better so portal monitors work pretty well for individuals you know a person walking through they're way more problematic for you know a big shipping container a train a car because you know there's lots of metal objects in there and you know things are going through relatively quickly what's more it's the problem of what do you do if you get a detection so what happens for the screening of big trucks with a shipping container on them in the United States you know you get a detection on one of these radiation detectors so then you send the thing what's called secondary inspection where you try to figure out okay what caused that alarm to go off all right now think about if you're a customs guy right supposed to do the secondary inspection are you going to seriously open that container no you're not going to open that container but of a nuclear bomb in that container it might be you know will be trapped or something who knows what's in that container right or might have something nasty radioactive okay so they never open the container so what they do is they take a more sensitive detector and they sort of go like this on the side of the of the container and then they don't get any signal so then they do it again and then are getting signal then they do it again and by that time the detector has accumulated enough hits from the naturally occurring radioactive material that's lying all around this that it says you know Oh looks like naturally rate occurring radioactive material and they send a container on so whether there was any purpose and that it in the first place is about a hundred percent obvious to me alright securing transports this is inevitably harder than securing a fixed site because you haven't got you know the opportunity to have lots of fences boulder fields things to slow people down you know they're right at your vehicle before you're able to do anything about it so you have to have sort of all your response and delay sort of right there in the vehicle or in neighboring vehicle so you put things in heavily armoured casks you have specially designed stuff inside the trucks which I can't talk about exactly what it is inside the trucks but among other things the driver is able to immobilize the truck right away so I can't go anywhere you know there are obviously signals that the driver can send to call for help their escort cars etc the EC twenty bums thing is when green green piece used to fairly routinely sees trucks in France laden with plutonium from the French reprocessing plant which is hundreds of kilometers from the French plutonium fuel fabrication plant so they spray-painted on the wall of the truck that they had seized that there were twenty bombs worth of plutonium in there now the French to be fair site well you know we react one way with that screen pace we would react a different way if it was actual bad guys but could the actual bad guys pretend to be Greenpeace you don't cetera they've improved security for transport in France significantly since that picture was taken what what's the big round thing the big round thing that circle so you see the hand and there's a little red circle there on the big circle so that round thing is a section of an armored cask and the little red part is painted around the hole that an armored pentamer penetrating rocket-propelled grenade made right through it and then you can see the splatter on the on the other side of it so you can have a lot of Steel at an armored penetrating rocket-propelled grenade is still going to go through it unfortunately so you have in some cases what some people describe as inherently secure systems so on the upper right these are concrete blocks that are installed over in the floor there there are these little middle boxes and inside each box is a little can about the size of a milk canister with four kilograms of plutonium oxide in it and these concrete blocks are held together with you see the bottom of each block there's sort of a black thing that's a hole and there's a steel rebar that goes through the hole and connects all the blocks so once the blocks are in place great very difficult to get at those cans of plutonium so bfr is an acronym for big rock excuse my french but that's often let's use so the bottom is Pantex where the nuclear weapons are assembled and disassembled in the United States and you have a you have a big concrete block in front of the security door where the nuclear weapons are and it can only be lifted by a special you know block lifter that's kept outside the security fence and you can't see it there but at least when I was there the block lifter was only brought in with an armored personnel carrier and a machine gun pointing at the head of the poor guy driving the block lifter and then once you move the blocks away there's a huge steel door which has two locks one held by the security people and one held by the operations people so a lot of these things they don't cost a lot of money and they're reasonably effective material accounting is extremely important you need to figure out is material missing so material accounting alone won't prevent the material from going missing it just tells you that it did go missing it might conceivably deter insiders from removing it in the first place if they knew that the system would detect that the material was removed and would know who had access at those times but basically it tells you whether the material has been removed before and so that the quote that accounting people often use is protective forces fight the fight but material control mechanic tells you who one tells you whether we lost any material or not so you this is the standard muff equation how I see my Sigma squared that didn't fix it should be in a case just be Sigma fluff not Sigma squared the standard deviation of muff is that muff is material unaccounted for and there's always some uncertainty so the standard deviation is the measurement perfect precision and then if the muff is bigger than some threshold level you know bigger than if there's more material unaccounted for than there ought to be based on the accuracy of your system then you assume that maybe some material is missing and you start investigating in more detail and if all you have is items like fuel assemblies and principal your muff should be zero there should if you've got 20 nuclear weapons and you arrive one day and only 19 you know you have a problem so you can have destructive analysis where you take an actual chemical sample that's very accurate but quite expensive and so mostly what's done I mean destructive analysis is done but a lot of what's done day-to-day is non-destructive analysis where you have various machines that measure some property mass heat Briss radioactive emissions etc etc all right so let me give you some problems so that situation I mentioned you've got you're supposed to have twenty you do account there is twenty are you done oh come on somebody must have an idea what else right okay that's one problem what's a nut what's another possibility you also have to make sure there's twenty functioning lemons another possibility is that the paper that says there's supposed to be 20 has been faked up so you're going to check records to make sure they haven't been tampered with check the seals and identifiers to make sure that dummy warheads haven't been switched etc etc alright here's another one minimizing the measurement uncertainties so here we have in batch one at this facility date it put ten units of material in but they only got one unit of material out basically the stuff didn't dissolve properly so it's still inside the system so the material unaccounted for for that batch is nine out of ten of ninety percent of the material is unaccounted for so then they add more more stuff with that more acid with that anymore inputted material they get another three units out so now the material unaccounted for for that batch is minus three so you have extra material you should't out because you put in zero and got out three right and similarly for the next batch so that's not the way you want to do accounting right so the material unaccounted for you should do one unit for this entire thing because you only put in one batch of material because if you have a muff that a muff of over fifty percent of the material you'll never be able to notice when material is actually missing this is a real case from a u.s. facility although the specifics of the data has been modified to not reveal any details another great one so a facility measures input to a ssyn they measure output from the process and then they say what is still in process inventory is the difference between the output and the input so that make sense or is there a problem davidís being very very good about not not jumping in when he knows the answer yeah so you're just looking at numbers that's just a superficial page well yeah but let's assume that you know you've got plutonium and plutonium out and it's it's the same plutonium exactly you're defining away the very possibility of theft right so the Russians used to actually do this they defined the difference between output and input as losses to waste right so that means they defined away the possibility that something might have gotten stolen and they're still there were accounting by difference has been observed at us facilities in very recent years like within the last decade so it's amazing what people will do for convenience all right let me just mention that accounting for international safeguards ain't the same thing it's related but it's not the same thing as accounting and control for theft prevention so at a reprocessing plant for example it may be very difficult for inspectors to be sure that the state with all the resources of the state and the operator isn't diverting a little bit of stuff within the uncertainties of the measurements and so on and so on but it may not be that difficult for the state to convince itself that two or three people at the plant aren't removing material without the state knowing about it right so there's there's so you may have accounting that's not good enough for safeguards but is good enough for theft purposes partly because you have more control measures you have inspection of everything entering and leaving the operator knows you know which pipes are going where etc on the other hand there are security measures that international inspectors don't really care about that you want to have for theft prevention so you could have a system that was good enough for international accounting but not good enough for prevention so for example you know if people are leaving the nuclear material out on the table every night when they go home and it's just sitting there for anybody to take that doesn't really matter from the point of view of IAEA inspection because they're going to come once a month and check to make sure all the material is still there but from the point of view of theft prevention care of whether it's lying out on the table every night or whether it's in a vault so all of your braids really a good problem because of the holdup or what oh right material and for countries involved in really one-day growth no gravity and the same gut system is based reading about calculation put in our bread you can really easily divert material from the facility and to declare that this kind of order folding right right and I have a whole separate talk on those kinds of things but so let me just give you a good example which is a new putt it's only a pilot system in one small area at a Russian facility called Elektra stall which is a big ATU and low enriched uranium fuel fabrication facility where they did have several thefts in the 90s so in this system when you bring material into the area where you're going to be processing it the processing is going to be done in glove boxes the material comes in in a sealed canister the only way you can open the canister is by sliding your personal electronic card and then putting in your passcode right onto the canister and the canister only opens into the glove box okay and then it's wood it's weed when it goes into the canister and then it's weed when it goes into the glove box automatically by the system and so the system knows what person at what time open that canister and put what amount of material into that glove box and then you can only get the stuff out of the glove box by putting it into another one of these sealed canisters that you have to do by swiping your card and putting in pass code and sell it and then there's security cameras watching this whole operation all the time so the system basically knows where the material is and who's got access to it in real time all the time and that's actually better than anything I'm aware of that we have it at us facilities all right so there's a wide range of technologies you can apply to the problem because employees may be lazy and adversaries may be clever view eyes have difficult prompts and they're you always have to be thinking about ways to improve

Info

Channel: Belfer Center

Views: 57,957

Rating: 4.7525773 out of 5

Keywords: Atomic, Weapons, Nuclear Weapon (Invention), Destruction, Destroy, Computer Security (Industry), nuclear, technology, belfer center, matthew bunn, atom, managing the atom, theft, nuclear security, cyber security

Id: 2bw1xoO1DAk

Channel Id: undefined

Length: 62min 38sec (3758 seconds)

Published: Tue May 21 2013