A technical approach for determining the importance of information in computerized alarm systems
- Lawrence Livermore National Lab., CA (United States)
- Lim and Orzechowski Associates, Alamo, CA (United States)
Computerized alarm and access control systems must be treated as special entities rather than as generic automated information systems. This distinction arises due to the real-time control and monitoring functions performed by these systems at classified facilities and the degree of centralization of a site`s safeguards system information in the associated databases. As an added requirement for these systems, DOE safeguards and security classification policy is to protect information whose dissemination has the potential for significantly increasing the probability of successful adversary action against the facility, or lowering adversary resources needed for a successful attack. Thus at issue is just how valuable would specific alarm system information be to an adversary with a higher order objective. We have developed and applied a technical approach for determining the importance of information contained in computerized alarm and access control systems. The methodology is based on vulnerability assessment rather than blanket classification rules. This method uses a system architecture diagram to guide the analysis and to develop adversary defeat methods for each node and link. These defeat methods are evaluated with respect to required adversary resources, technical difficulty, and detection capability. Then they are incorporated into site vulnerability assessments to determine the significance of alarm system information in the context of a facility attack. This methodology was successfully applied to the Argus alarm, access control, and assessment system developed at the Lawrence Livermore National Lab. Argus is software-driven, contains interrelated databases, shares host computers, and communicates with field processors and alarms through a common network. The evaluation results provided insights into the importance of alarm system information while the methodology itself provided a framework for addressing associated information protection issues.
- Research Organization:
- Lawrence Livermore National Lab., CA (United States)
- Sponsoring Organization:
- USDOE, Washington, DC (United States)
- DOE Contract Number:
- W-7405-ENG-48
- OSTI ID:
- 10196775
- Report Number(s):
- UCRL-JC-116899; CONF-9410140-2; ON: DE95004211
- Resource Relation:
- Conference: 17. national computer security conference,Baltimore, MD (United States),11-14 Oct 1994; Other Information: PBD: 10 Jun 1994
- Country of Publication:
- United States
- Language:
- English
Similar Records
Development of an advanced safeguards system as a proliferation deterrent. [Computerized control; physical protection; safeguards coordination]
Security risk assessment methodology for communities (RAM-C).