Some background: RP3C is a special committee created by the ANS Standards Board and chaired by Steven Krahn that provides guidance to ANS standards committees on the use of risk-informed, performance-based (RIPB) methods. The CoP is part of RP3C’s charter, which includes training and knowledge-sharing of RIPB principles to exchange ideas outside of the normal management and project processes. CoPs are used frequently by organizations to help break down barriers that impede the flow of information.
Risk-informing security: Sande is the leader of Enercon’s PRA group and has also been a member of the Joint Committee on Nuclear Risk Management (JCNRM) for the past five years. In JCNRM, Sande has worked as a member of the Physical/Cyber Risk-Informed Security Work Group (SWG), which has a mission of developing guidance (rather than standards) for risk-informing security.
SWG seeks to establish guidance that improves both the effectiveness and the efficiency of nuclear facility security programs by leveraging risk-informed methods while simultaneously working to bring safety and security considerations into a more uniform decision-making framework.
The scope of the SWG is very broad, encompassing risks from both physical and cyber attacks on all nuclear facilities—including power plants, fuel processing facilities, test reactors, and more—that could result in public health, safety, or financial consequences.
Sande explained that the work of the SWG is to create “a way to be able to compare apples-to-apples the risk from safety versus the risk from physical security versus the risk from cybersecurity and be able to make the right decisions based on that information.”
The paper: To start building this framework, the SWG began work on a white paper two years ago, “Managing Nuclear Facility Security Risks,” which was released earlier this year.
The white paper serves both external and internal purposes. Externally, it acts as a communication tool to bring to industry and regulatory stakeholders the most state-of-the-art practices in the application of risk to nuclear facility security programs.
Internally, it serves as a tool to help the SWG identify and prioritize the development of products for the most critical pieces of risk management.
The framework: Sande explained that the framework for risk-informed security that resulted from the SWG’s efforts is built on the fundamental principles of risk assessment, including the risk triplet. Defined as the quantitative definition of risk, the risk triplet contains three questions: What can go wrong? How likely is it? What are the consequences? Of these three questions, likelihood has been “a key point of contention because it has not typically been assessed as part of deterministic security assessments.”
Another fundamental principle is ensuring that evaluation approaches are realistic instead of conservative. According to Sande, while uncertainty needs to be analyzed and addressed considering our lack of complete knowledge, conservatism should be avoided because it “masks the real risk contributors.”
As he explained, “If we evaluate something realistically, we can identify what is impacting the risk significance most significantly, whereas if you use conservatism, you might see something that seems to have the most risk impact, but it may just be the area where you added the most conservatism. Another area where you added less conservatism may be the real risk driver.”
Finally, Sande said that assessments should be focused on the ultimate consequence of concern, rather than an intermediate consequence. For example, when considering public health and safety, the risk of radiological release should be the target of understanding, rather than an adversary accessing a restricted area, which—in isolation—is a more minor concern from a public health perspective.
Go deeper: Sande’s full talk, available at the above link, dives further into the nuances of the framework developed by the SWG, a case for quantifying attack likelihood, and some final key points on risk-informing for security considerations.
The American Nuclear Society’s Risk-informed, Performance-based Principles and Policy Committee (RP3C) has held another presentation in its monthly Community of Practice (CoP) series. Former RP3C chair N. Prasad Kadambi opened the June 27 meeting with brief introductory remarks about the RP3C and the need for new approaches to nuclear design that go beyond conventional and deterministic methods. He then welcomed this month’s speaker: Tim Sande, a senior manager responsible for probabilistic risk assessments (PRA) and risk-informed engineering at Enercon, who presented “A Risk-Informed Framework for Managing Nuclear Facility Security Risks.”
