Journal of Physical Security 7

!
"#$% '( )'*+%*+,

!"#$%&' ") *+,-./&' 01/#$.2,3 4"'#51 67893 :;8<

!"#$%&'( *%++,-$(. /01,( #23###
40/,& 5 2 67 89:,#;;. <=-0;>(#( %? !@/;%(#3, 8010A#-, 40";%9B C&,09D#-1 E,9D-#FG,(H.
/01,( 52I5

40/,& I 2 J= K-",+. <:G9;,0& *%-$0#-+,-$ 0-" 6G&3,#;;0-9, E,&+#-%;%1>H. /01,( II2IL

40/,& M 2 4 7G&&0(9D. <8%-,> #- 0 N;0(( C%@H. /01,( IO2MP

40/,& L 2 QN R%D-($%- 0-" R6 S0&-,&. <TG;-,&0U#;#$> =((,((+,-$ 8>$D( VW& SD0$ 80B,(
Q," E,0+,&( 6,, Q,"XH. /01,( M52MY

40/,& O 2 QN R%D-($%- 0-" R6 S0&-,&. <SD0$ TG;-,&0U#;#$> =((,((%&( 7-%Z ED0$ [%G
6D%G;". E%%H. /01,( M\2LI

40/,& ] 2 C :G((U0G+. <ED, ^_,3,;( %? =-0;>(#(' 4&%U;,+ Z#$D *&#$#90; `-?&0($&G9$G&, Q#(BH.
/01,( LM2OP

40/,& a 2 J6 809B. <*%G-$,&#-1 T#%;,-$ !@$&,+#(+ #- $D, K-#$," 6$0$,(b _0Z
!-?%&9,+,-$'( =//&%09D $% 4&,3,-$#-1 E,&&%&#(+ $D&%G1D *%++G-#$> 40&$-,&(D#/(H.
/01,( O52O]

}ouinal of Physical Secuiity 7(1), i-viii (2u14)

i

"#$%&'() *&++,-%)

Welcome to volume 7, issue 1 of the }ouinal of Physical Secuiity. This issue has 7 papeis
on the following topics: testing locks, seals anu nucleai safeguaius, a secuiity thought
expeiiment, vulneiability assessment issues, the levels of ciitical infiastiuctuie iisk, anu
community paitneiships foi counteiacting iauicalization. volume 7, issue 2 shoulu also be
out shoitly.

As usual, the views expiesseu by the euitoi anu authois aie theii own anu shoulu not
necessaiily be asciibeu to theii home institutions, Aigonne National Laboiatoiy, oi the
0niteu States Bepaitment of Eneigy.

*****

./& 0,')&- 123,

With a two-peison iule, theie must be (at least) 2 peisons involveu in ciitical functions,
fiom nucleai safeguaius to check wiiting. Piesumably this is goou foi secuiity, though we
uon't ieally know; theie has been iemaikably little ieseaich on the topic. Noieovei, in
many oiganizations (incluuing insiue nucleai facilities), the instiuctions anu piotocols
iegaiuing two-peison iules aie vague, non-existent, oi less than caiefully thought thiough.

Naybe the two-peison iule is not automatically a goou counteimeasuie. Scott S.
Wilteimuth, Ph.B. fiom 0SC has conuucteu ieseaich suggesting that a peison is moie likely
to cheat when the benefits aie split with anothei peison. This makes the cheating seem
less unethical to the peipetiatoi. The ieseaich wasn't specifically about two-peison iules,
but the possible implications aie cleai.
Foi uetails, see SS Wilteimuth, "Cheating Noie When the Spoils aie Split", !"#$%&'$(&)%$*
,-.$/&)" $%0 123$% 4-5&6&)% 7")5-66-6, 11S(2), 1S7-168 (2u11).

*****

4'',)%$-5 6,7,3&8+,-%)

A new stuuy iepoiteu in the peei-ievieweu jouinal 8"&3- 9 4-*&%:2-%5; finus that by age
2S, 49% of black males, 44% of Bispanic males, anu S8% of white males have been
aiiesteu at least once. The coiiesponuing figuies foi females at age 2S aie 2u%, 18%, anu
16%, iespectively. Foi moie infoimation, see
http:www.euiekaleit.oigpub_ieleases2u14-u1uosc-shou1uS14.php

*****


ii
9,--,%:; <:=% $) %:, >',?2,-@AB

0n 0ctobei 4, 1986, CBS News Anchoiman Ban Rathei was walking along Paik Avenue in
Nanhattan when he was physically assaulteu by two men, one of whom iepeateuly yelleu
at Rathei, "Kenneth, What is the Fiequency."

Rathei was ielatively unhaimeu, though shaken. The case was unsolveu foi a numbei of
yeais, anu the inciuent became populai folkloie. The phiase "What's the fiequency,
Kenneth." became slang foi a uistuibeu oi clueless peison. It was useu as the title of two
songs by uame Theoiy in 1987 anu R.E.N. in 1994. Rathei was a goou spoit about the
inciuent, anu even sang the song with R.E.N. uuiing a sounu check piioi to a conceit at
Nauison Squaie uaiuen. A tape of Rathei's singing was shown on the <$(- =.)> >&(. 4$/&0
<-((-"3$%.

0ne of the likely assailants was iuentifieu in 1997, but his motivations weie still a
mysteiy. In 2uu1, 1$"?-"@6 A$#$'&%- speculateu that theie was some connection to
postmouein fiction wiitei Bonalu Baithelme who useu the phiase, "What is the
fiequency." in his wiiting, hau a iecuiiing chaiactei nameu Kenneth, anu once wiote a
shoit stoiy about a pompous euitoi nameu Lathei. Baithelme (who uieu in 1989) anu
Rathei may have know each othei eaily in theii caieeis.

The moial of the stoiy foi secuiity: always know the fiequency! (Especially with the
NSA listening.)

*****

9,,8$-5 C&2' "A, &- %:, D=33 E&' .FG:$'%H

It's ieassuiing to know that the National Secuiity Agency (NSA) anu the Bepaitment of
Bomelanu Secuiity (BBS) aie staying focuseu on Ameiica's tiue enemies.

The B$6.&%#()% C&3-6 iepoits that NSA anu BBS have issueu "cease anu uesist" letteis to
a novelty stoie ownei in Ninnesota who sells piouucts that make fun of NSA anu BBS. (See
http:www.washingtontimes.comnews2u1SnovSnsa-uhs-issue-cease-anu-uesist-
letteis-novelty-sto) Be sells, among othei things, a T-shiit with the official NSA seal that
ieaus, "The NSA: The only pait of the goveinment that actually listens."

Feueial officials claim the paiouy use of NSA anu BBS official seals, "violate laws against
misuse, mutilation, alteination, oi impeisonation of goveinment seals." The stoie ownei
has taken legal action against the feueial goveinment, claiming violations of his Fiist
Amenument Rights.

*****


iii
I&+,3=-# G,@2'$%AB

Aveiage numbei of Ameiican ueaths annually by vaiious causes (appioximate).

*=2), &J 6,=%: 6,=%:)KC,='
smoking, incluuing 2
nu
hanu smoke 44u,uuu
uiug oveiuose (acciuental & uelibeiate) S8,uuu
cai acciuents & uiunk uiiving S2,uuu
guns (intentional homiciues & suiciues) S2,uuu
alcohol abuse, excluuing acciuents & homiciues 26,uuu
texting while uiiving 6,uuu
foou poisoning S,2uu
wai (since 177S) 4,9uu
guns (acciuental shootings) 6Su
falling out of beu 4Su
space heateis Suu
heat stioke 17S
(mostly acciuental) oveiuosing on acetaminophen,
the active ingieuient in Tylenol
1Su
ueei (incluuing cai acciuents) 1Su
bee stings (incluuing alleigic ieactions) 1uu
toinauos 6u
lightning Su
%,''&'$)+ LMNN %& 8',),-%; $-@32#$-5 MKLL E='52=O3APH QQ
%,''&'$)+; LMNN %& R2)% O,J&', MKLL E='52=O3APH S
%,''&'$)+; 8&)% MKLL %& 8',),-% E='52=O3APH T
malaiia (fiom foieign tiavel) 6
tiying to ueep fat fiy a tuikey S
iollei coasteis 4
shaking a venuing machine until it falls S
beai attack 1
shaik attack 1
_________
* It's not always cleai when an attack is teiioiism, but most people woulu agiee with these figuies to within a factoi
of 2.

Aveiage annual 0.S. expenuituie on homelanu secuiity since 911: $S8 billion to $2Su
billion uepenuing on what waiuione spenuing you choose to incluue, if any. Annual anti-
smoking expenuituies: ~$1uu million.

Thus, about 12u 3&**&)% times moie money pei ueath is spent on homelanu secuiity than
foi anti-smoking campaigns! Anti-smoking effoits aie geneially believeu to iegulaily save
tens of thousanus of lives each yeai.

*****

iv
UG4 0:&-, 6=%= =-# G,@2'$%A OA VO)@2'$%A

An inuepenuent ieview boaiu has concluueu that the National Secuiity Agency's
collection of phone metauata on Ameiicans is illegal anu neeus to stop. The Piivacy anu
Civil Libeities 0veisight Boaiu (PCL0B) founu that the piogiam iaises seiious thieats to
civil libeities, has been of little use in fighting teiioiism, anu lacks a soliu basis in law oi
policy. Conclusions weie not unanimous. Foi moie infoimation, see
http:www.washingtonpost.comwoilunational-secuiityinuepenuent-ieview-boaiu-
says-nsa-phone-uata-piogiam-is-illegal-anu-shoulu-enu2u14u1224cebu47u-8Suu-
11eS-bbeS-6a2aS141eSa9_stoiy.html

Reasonable people can uisagiee, but I finu 2 things paiticulaily uistuibing about this
issue. The fiist is that appaiently no seiious ieview of libeitypiivacy4
th
Amenument
issues occuiieu until aftei infoimation about the piogiam was publicly leakeu by Euwaiu
Snowuen. Bow can this be. Captuiing phone metauata is cleaily a kinu of "seaich anu
seizuie" that the 4
th
Amenument auuiesses. Whethei the piogiam has meiit oi not, it
cleaily ueseiveu gieatei sciutiny. Foi iefeience, heie is the text of the 4
th
Amenument to
the 0niteu States Constitution:

C.- "&#.( )D (.- ?-)?*- () E- 6-52"- &% (.-&" ?-"6)%6F .)26-6F ?$?-"6F $%0 -DD-5(6F
$#$&%6( 2%"-$6)%$E*- 6-$"5.-6 $%0 6-&'2"-6F 6.$** %)( E- /&)*$(-0F $%0 %) B$""$%(6
6.$** &662-F E2( 2?)% ?")E$E*- 5$26-F 62??)"(-0 E; !$(. )" $DD&"3$(&)%F $%0
?$"(&52*$"*; 0-65"&E&%# (.- ?*$5- () E- 6-$"5.-0F $%0 (.- ?-"6)%6 )" (.&%#6 () E- 6-&'-0G

Telling, the amenument uoes not have a clause saying, "...unless theie is some peiceiveu
secuiity benefit".

The seconu uistuibing aspect is that feueial goveinment claims that collecting metauata
hau to be kept seciet. But "Secuiity by 0bscuiity" uoesn't ieally woik, at least long teim.
Inuiviuuals anu oiganizations can't keep seciets, as Snowuen (anu Biauley Nanning) have
uemonstiateu. Noieovei, while it is somewhat countei-intuitive, secuiity actually woiks
best when it is tianspaient. This allows foi ieview, ciiticism, impiovements, anu
accountabilitythings that seem to have gone lacking piioi to Snowuen's actions.

Now it may be that the biain-ueau loseis that the goveinment likes to entiap with phony
teiioiist "plots" can't figuie it out. But suiely any teiioiist that is a legitimate thieat just
assumes that the 0.S. goveinment is eavesuiopping on his phone calls anu email, not just
gatheiing metauata. Bin Lauen, foi example, stayeu off phones anu the Inteinet entiiely,
anu he was in Afghanistan anu Pakistan wheie the 0.S. has challenges in setting up
communication infiastiuctuie.

Note that it is quite illegal to classify something simply because it is embaiiassing,
politically contioveisial, oi because you want to avoiu sciutiny. As fai as I know, howevei,
nobouy has evei been piosecuteu foi uoing this.


v
*****

62, 6$3$5,-@, V7,'#2,B

In an eye-opening pieceuent, the 0.S. Feueial Tiaue Commission (FTC) fileu a complaint
against secuiity cameia manufactuiei TienuNet. Backeis accesseu TienuNet's web site in
2u12 anu gaineu access to hunuieus of live wiieless viueo feeus (incluuing scenes in
piivate homes), which they posteu on the Inteinet. The FTC accuseu the company of
failing to take ieasonable secuiity measuies. TienuNet iepoiteuly stoieu anu tiansmitteu
usei login cieuentials in open plaintext, even though fiee softwaie was available to secuie
the infoimation.

0nuei teims of a settlement announceu in Septembei, TienuNet agiees not to claim its
piouucts aie "secuie". Noieovei, TienuNet will get an inuepenuent assessment of its
secuiity once a yeai foi 2u yeais. (It's pietty bau when the goveinment has to foice you to
uo what shoulu be obvious.)

The question now is, will the FTC stait coming aftei numeious othei companies that
piomise but uon't ueliveiy ieal secuiity. If so, they aie going to neeu to hiie a lot moie
staff!

*****

W) C&2' G,@2'$%A $- %:, .&$3,%B

The luxuiy Satis toilet ($S,686) is meant to be contiolleu by a smaitphone. Functions
such as liu openingclosing, automatic flushing, biuet spiay, aii spiay, music playing, anu
fiagiance ielease can all be instigateu via an Anuioiu app calleu "Ny Satis".

The app talks to the toilet ovei Bluetooth. 0nfoitunately, the PIN foi eveiy toilet is
haiuwiieu to uuuu anu cannot be ieset. As a iesult, anybouy with an Anuioiu phone anu
the app can take contiol of the toilet, hassling the cuiient usei oi even causing iepeateuly
flushing to waste watei. See http:www.bbc.co.uknewstechnology-2SS7S249

While this vulneiability falls shoit of one that Al-Qaeua might want to exploit, it uoes
highlight the fact that manufactuieis aie going to neeu to think moie caiefully about
secuiity foi theii wiieless uevices. This has alieauy become a much moie seiious mattei
foi wiieless meuical uevices.

*****

X2)$@ 0$'=@A; &' *'2,3 =-# Y-2)2=3 02-$):+,-%

I guess you coulu call it fighting off piiates with Speais. A new weapon has emeigeu in
the fight against Somali piiates: Biitney Speais. It seems ships at iisk fiom Somali piiates

vi
have been blasting the singei's pop songs at veiy high volumes towaius appioaching
piiates. The piiates hate Westein music anu cultuie, anu tenu to veei off. Accoiuing to one
ship's officei, "It's so effective the ship's secuiity iaiely neeus to iesoit to fiiing guns."
Biitney's song, "0ops! I Biu it Again" seems to be paiticulaily effective.

Nusic has, in fact, often been useu as a weapon. See, foi example,
http:www.nbcnews.comenteitainmentbiitney-speais-music-useu-uiive-away-somali-
piiates-8C11488u68

*****

U,/ G,@2'$%A .:',=%

The !"-#)%&$% iepoits that Siigioigiio Claiuy, an inmate at the Eastein 0iegon
Coiiectional Institution has fileu a $1uu million lawsuit against Nike (the spoiting goous
anu shoe manufactuiei), alleging that Nike faileu to pioviue a waining label on his Aii
}oiuan shoes that they coulu be a uangeious weapon.

Ni. Claiuy, a piofessional pimp, is seiving a 1uu-yeai sentence foi (among othei things)
seveiely stomping on the face of one of his customeis while weaiing Aii }oiuans. Clauy is
asking the couit to iequiie Nike to affix waining labels on all of its "potentially uangeious
Nike anu }oiuan meichanuise".

*****

4 D2'53=' /$%: D'=$-)B

An Inuiana man has been chaigeu with stealing moie than 6u jais of human biains in
0ctobei fiom the Inuiana Neuical Bistoiy Nuseum anu tiying to sell them on eBay.
(http:www.cnn.com2u14u1uSusinuianapolis-stolen-biains-ebay) Buying oi
selling human oigans is a felony unuei feueial law, but what is even moie seiious is that it
is against eBay iules.

*****

U&% &- .='5,%B

Taiget Coipoiation has ieceiveu mixeu (but many negative) ieviews foi its post uata
bieach hanuling of the cieuit caiu uata theft. Foi goou auvice on how to piepaie foi, anu
how to hanule, a ciisis, scanual, oi public ielations uisastei, ieau the excellent 2u12 book,
A$6(-"6 )D 4&6$6(-"H C.- C-% 8)33$%03-%(6 )D 4$3$#- 8)%(")* by Chiistophei Lehane,
Naik Fabiani, anu Bill uuttentag. Nuch of what is in the book is little moie than common
sense. The pioblem with common sense, howevei, is that it is not all that common
especially in times of ciisis when ego, uenial, wishful thinking, oiganizational ineitia, covei
ups, anu shock come into play.


vii
*****

X&', 0'&O3,+) =% %:, >DW

In }uly, the National Employment Law Pioject (NELP) ieleaseu a iepoit on FBI ciiminal
backgiounu checks foi employment. (Foi moie infoimation, see
www.nelp.oigaccuiateFBIiecoius) The authois founu that about Su% of the 17 million
FBI backgiounu checks foi employment anu licensing puiposes in 2u12 weie incomplete
anuoi inaccuiate. NELP estimates that 6uu,uuu woikeis (uispiopoitionally minoiities)
may be piejuuiceu in theii job seaiching because of faulty iecoius. 0ften, the iecoius fail to
show that an aiiest uiu not leau to a conviction. (Feueial law manuates that the iepoits be
complete anu accuiate.)

NELP blames both the states pioviuing the iaw uata anu the FBIwhich is ultimately
iesponsiblefoi pioblems with the backgiounu checks.

The FBI has quite a histoiy of allegeu sciew ups, incompetence, scanuals, anu
misconuuct: the FBI Lab is known to have iepeateuly falsifieu, alteieu, oi suppiesseu
eviuence; FBI employees on the witness stanu maue false scientific claims that may have
leau to the wiongful convictions of hunuieus; theie weie multiple cases of foiensics
incompetence (incluuing false teiioiist accusations against 0iegon lawyei Bianuon
Nayfielu); Whitey Bulgei allegeuly successfully biibeu local FBI agents; anu FBI agents
anu foimei agents have been aiiesteu in iecent yeais foi vaiious types of misconuuct
incluuing leaking classifieu infoimation anu feueial chilu poinogiaphy violations. Then
theie is sexting by FBI employees on the job; hunuieus of FBI employees allegeuly
cheating on exams; the botcheu Lee Baivey 0swalu inteiiogation; the Wen Bo Lee
uebacle; the uecaues of inept effoits to finu an allegeu Soviet FBI mole nameu "Bick"; anu
the FBI ignoiing wainings fiom its own agents that might have pieventeu 911.

Anu theie's moie: Accoiuing to a iecent FBI inteinal iepoit, fiom 2u1u to 2u12, the FBI
uisciplineu ovei 1,uuu employees foi (often luiiu) misueeus. Aftei 911, the FBI collecteu
intelligence on Ameiicans without the iequiieu couit oiueis, anu fiom 19Su-197u+, the
agency engageu in suiveillance anu haiassment of civil iights gioups, women's
oiganizations, anu wai piotestois.

0n the othei hanu, if you want to see one of the many things that the FBI uoes iight,
check out http:www.fbi.govscams-safety foi useful secuiity anu safety auvice to the
public.

*****

<$--$-5 I,='%) =-# X$-#) E=-# "A,)H

Speaking of luiiu, it was pointeu out to me (by someone who no uoubt subsciibes only
foi the scholaily aiticles) that a iecent issue of 7*$;E); hau an inteiesting aiticle by }ohn
Neioney entitleu, "The Battle foi Picasso's Ninu". (Foi moie infoimation, see

viii
http:playboysfw.kinja.comcia-opeiative-tom-biauen-s-plot-to-topple-the-ussi-with-
14S71S24u2)

The aiticle uesciibes the coveit effoits of CIA agent Tom Biauen to fight the Colu Wai by
(imaginatively) winning heaits anu minus in Euiopewhich was leaning towaius
communism anu sympathy foi the Soviet 0nion in the late 194u's. Be uiu this by
oiganizing mouein ait exhibits thioughout Euiope that convinceu Euiopean intellectuals
that the 0.S. anu the West weie fai moie open to inuiviuual anu aitistic expiession
fieeuom than the Soviets with theii steiile, goveinment appioveu "ait".

As uiscusseu in my pievious 2u1u Euitoi's Comments (http:jps.anl.govv4iss1.shtml), I
finu it unfoitunate that the 0niteu States uoesn't make a moie conceiteu anu competent
effoit to win the heaits anu minus of people inteinationally, especially young people who
aie at iisk foi being seuuceu by teiioiists anu violent funuamentalists. Emphasizing what
loseis anu sociopaths most teiioiists aie, anu highlighting the benefits of toleiance anu
pluialism, might help to unueicut the glamoui anu ieciuitment of teiioiists. Biauen's
specific appioach might not be ielevant touay, but his thinking-outsiue-the-box anu the
big-bang-he-got-foi-the-buck aie well woith emulating.

*****

>$', I1B

Beinaiu Naii offeis a piovocative essay on LinkeuIn entitleu, "Why We No Longei Neeu
BR Bepaitments": http:www.linkeuin.comtouaypostaiticle2u1S1118u6u7S2-
6487S646-why-we-no-longei-neeu-hi-uepaitments

It is well woith ieauing. In theoiy, the BR uepaitment can be a poweiful tool to mitigate
employee uisgiuntlement that can leau to insiuei attacks. In piactice, howevei, many BR
Bepaitments simply make employee uisgiuntlement woise. BR's ability to contiibute to
oiganizational piouuctivity anu employee piofessional uevelopment is also often quite
pooi.

-- Rogei }ohnston
Aigonne National Laboiatoiy
}anuaiy 2u14
}ouinal of Physical Secuiity 7(1), 1-21 (2u14)

1
!"#$%&'& )* +,-$)&'./ 0#1#2'"/ 3#4$)56 78/#59'"1 :/59"';</&

S. Kevin NcNeill
National Centei foi Explosives Tiaining anu Reseaich
shonn.mcneillatf.gov

!=&>8#5>
A seiies of lock bieaching tests aie uesciibeu in which five sets of stanuaiu
shackle locks anu 4 sets of puck style locks weie testeu foi vulneiability to a Biemel
iotaiy tool, an oxyacetylene toich, a uiill piess, a low tempeiatuie impact, anu
compiessive cutting jaws. In the Biemel iotaiy tool test, the lock shackles weie
exposeu to a Biemel abiasive cutting wheel foi a fixeu time anu the uepth of
penetiation was measuieu. In the oxyacetylene test, the lock shackle was moveu
unuei an oxyacetylene flame at a constant velocity anu the uepth of cut was
measuieu. In the uiill piess test, the lock was confineu in a vice anu two uiill
attempts weie maue using two uiffeient uiametei uiill bits anu the peicent of lock
failuies was iecoiueu. In the low tempeiatuie impact test, a penuulum was uioppeu
while the lock tempeiatuie was loweieu using uifluoioethane (canneu aii) anu the
peicent of lock failuies was iecoiueu. Finally, in the compiessive cutting test, the
lock shackle was piesseu by caibiue tippeu cutting jaws anu the maximum foice at
failuie was measuieu. Results weie compaieu to a pievious stuuy anu weie in
geneial agieement, except the low tempeiatuie impact test.

? @">8)4<5>')"
Explosive magazine secuiity is a key component of the Buieau of Alcohol, Tobacco,
Fiieaims anu Explosives (ATF) mission to pievent the ciiminal misuse of explosives.
These magazines contain numeious secuiity featuies to pievent the theft of the
explosives. The secuiity featuies incluue hinges uesigneu so that they cannot be
iemoveu fiom the outsiue, two paulocks at each uooi fasteneu in sepaiate hasps anu
staples, locks with case haiueneu shackles with a minimum ! ! inch uiametei, anu
quaitei-inch steel hoous coveiing the paulocks.|1, 2j While such measuies make
bieaking into these magazines uifficult, these systems aie not infallible, anu bieak-
ins uo occui.

Fiom 2uu6 to 2u1u, the numbei of explosives thefts have uioppeu by appioxi-
mately one-thiiu.|Sj Bowevei, given the potential thieat of ciiminal oi teiioiist
misuse of these explosives, ATF anu the explosive inuustiy aie continuously
evaluating potential impiovements to magazine secuiity. As iecent as 2u11, ATF
appioveu a iequest by the inuustiy to allow the use of hiuuen-shackle oi puck locks,
anu appioveu the use of boion alloy steels in the shackle.|2j Auuitionally, ATF has
iecommenueu the use of locks that have an Ameiican Society of Testing anu
Nateiials (ASTN) giaue of at least S foi "foicing" anu "suiieptitious entiy".|1,4j The
explosive inuustiy has also maue stiiues to impiove secuiity. Austin Powuei
Company (APC) iecently examineu seveial types of paulocks anu exposeu them to
vaiious attack methous. Theii objective was to ueteimine what tool was useu to
uefeat 8 NasteiLock Seiies 62Su paulocks in 4 of APCs explosive magazines in
uainsville, uA. Theii stuuy focuseu on 4 puck-style locks anu the NasteiLock 62Su,
see figuies 1.1a anu 1.1b. Theii iesults shown in Table 1 below inuicate that the best

2
of the puck-style locks inciease bieak-in time by almost 1S times as compaieu to the
NasteiLock 62Su.|Sj

Figuie 1 - Photogiaphs of typical puck anu shackle-style locks. The Ameiican 2Suu
with shiouu is on the left (puck style), anu the Nastei Lock 62Su (shackle style) is on
the iight.

Table 1 - Austin Powuei Company paulock test iesults.|Sj
A)56 B8/C/$ 7)$>
D<>>/8
B8'$$
7)4%
B8'$$
E/%F#%
A)F :/C-/8G
#><8/ @C-#5>
Nastei Lock 62Su 2 "#$ 4S %&' 6u %&' NT
1
NT 1S %&'
Abloy PL97S NT NT S "#$ NT NT
Ameiican 2uuu NT NT NT 14 "#$ NT
Nastei Lock 627u NT NT NT 22 "#$ NT
Ameiican 2Suu NT NT NT SS "#$ Pass
2

1
NT: Not Testeu
2
"Pass" was uefineu as the lock not opening anu the shackle not bieaking.

With these iesults ATF tuineu to the National Centei foi Explosives Tiaining anu
Reseaich (NCETR,) to both veiify anu expanu on APCs testing. NCETR expanueu both
the types of locks testeu anu the quantity of each type. The expansion in the types of
locks testeu was baseu on iecommenuations by the APC team. The expansion to S
tests foi each type of lock was uone to bettei uesciibe the spieau in test uata uue to
ianuom unceitainties.|6j NCETR limiteu testing to physical attacks on the locks anu
chose not to auuiess skilleu attack methous such as bumping anu shimming as these
aie uifficult to measuie. NCETR also chose to uevelop test systems that moie closely
iesemble vulneiability attacks iathei than puie laboiatoiy testing. This type of
testing can piouuce moie iealistic evaluation iesults but makes the evaluation moie
uepenuent on the physical attiibutes of the test.|7j

H +,-/8'C/">#$ I/5>')"
2.1 Biemel Test
2.1.1 Biemel Cutting System
The Biemel test system is uesigneu aiounu a polyvinyl chloiiue (PvC) aim that
iotates about a cential axis. The aim holus a Biemel Nouel 4uuu (11uv) high-speeu
iotaiy tool on one enu anu a countei-balance on the othei enu, see figuie 2.1. The
countei-balance is weighteu to maintain u(18 kg (u(4 lb) at the abiasive cutting wheel

S
(Biemel Nouel 1.S-inch Netal EZ Lock). The aim measuies 12S(8 cm (49(S in) in
length anu is maue with two scheuule 4u PvC sections, S(u8 cm (2 in) uiametei
section anu a 2(S4 cm (1 in) uiametei section. Both sections measuie S9(1 cm (2S(2S
in) in length. The two sections aie joineu with a 2 x 1 PvC ieuucing couple that
measuies 7(6 cm (S in) in length. The 2(S4 cm (1 in) uiametei section is attacheu to a
steel veitical stanu by a stainless-steel sleeve that limits the aim iotation to a single
axis. The abiasive cutting wheel on the iotaiy cutting tool is positioneu on the apex
of the lock shackle, 1(S cm fiom the lock bouy, with the axes of iotation paiallel with
the shackle centei-line. The lock is helu in position by a Cential Foige Nouel 94276
uiill piess milling vice that was attacheu to a Winusoi Besign haiuwoou woik bench.
Two steel "L" biackets aie attacheu to the woikbench on eithei siue of the S(u8 cm (2
in) uiametei, scheuule 4u, aim section foi auueu stability uuiing testing.

2.1.2 Biemel Test Pioceuuie
The lock to be testeu was placeu in the vice with the abiasive cutting wheel
positioneu 1.S cm fiom the lock bouy using a woouen spacei. The centei-line axis of
the abiasive cutting wheel was visually aligneu with the centei-line of the shackle.
The PvC aim holuing the iotaiy tool was leveleu using a Busky 9-inch Bigital Level to
an accuiacy of u.1 uegiees. Aujustment to the aim was maue eithei by shimming the
vice holuing the lock oi by loosening set-sciews in the sleeve, holuing the aim anu
sliuing the sleeve veitically until the aim was level. With the aim level, the weight at
the euge of the abiasive cutting wheel was aujusteu to u.18 kg (u.4 lb) using an Auam
Equipment Nouel 18a scale to an accuiacy of 1 g. Aujustment to the weight was
maue using countei-weights at the opposite enu of the aim. The Biemel Nouel 4uuu
was set to (SS, uuu 2, uuu) ipm. The Biemel was staiteu anu alloweu to ieach full
opeiating speeu by waiting S sec piioi to testing. The Biemel was then loweieu onto
the lock shackle anu a uigital timei (Spoitline Nouel AW6uSSSW) was staiteu.

Figuie 2.1 - Schematic uiagiam of the Biemel cutting system, vieweu fiom above.

The Biemel abiasive cutting wheel was alloweu to cut foi Su s anu then the aim
was iaiseu. A new abiasive cutting wheel was useu foi each test. Aftei testing, the
uepth of cut was measuieu using a ueneial Tools Nouel 147 uigital calipei to an

4
accuiacy of u.uuu1 in. The locks founu in Table 2 weie testeu using this Biemel test
system.

Table 2 - Shackle-style locks testeu using the Biemel test system.
0#6/ 0)4/$ I>%$/ J<C=/8 :/&>/4
Nastei Lock 62Su Shackle S
W-L0K SK977S24-B Shackle S
Ameiican A748 Shackle S
Abloy SSuSu Shackle S
Ameiican AB1u Shackle S

2.2 Biill Piess Test
2.2.1 Biill Piess Test System
The uiill test system useu a fiee-stanuing }ET Nouel }-2Suu uiill piess to uiill into
the lock keyway, see figuie 2.2. The lock was helu in position by a Cential Foige
Nouel 94276 uiill piess milling vice that was attacheu to the uiill piess table
assembly with ! ! in bolts. Lock keyways weie uiilleu with a Biill Nastei 4.8 mm
! !" !" high-speeu-steel, titanium-nitiiue coateu, uiill bit with 118
tips anu, if
iequiieu, a Nilwaukee 12.7 mm ! ! !" high-speeu-steel, black-oxiue coateu, uiill
bit with 1SS
tips.

Figuie 2.2 - Schematic uiagiam of the uiill piess system, vieweu fiom the siue.

S
2.2.2 Biill Test Pioceuuie
The uiill piess pulley system was set to 11Su ipm. The lock unuei test was
secuieu in the vice with the lock keyway facing up. A 4.8 mm ! !" !" uiill bit was
placeu in the uiill chuck. The table assembly was then aujusteu veitically so that the
uiill bit tip was within a few centimeteis of the lock keyway. The lock position was
then aujusteu using the vice hoiizontal aujustment sciews so that the uiill bit was
centeieu on the lock keyway. With the uiill iunning, the uiill bit was manually
applieu to the lock keyway. The uiilling continueu until the bit bioke, the bit stoppeu
making piogiess (uefineu as no veitical movement aftei 6u seconus), oi the bit
passeu thiough the lock keyway anu into the lock bouy. A seconu uiill bit was useu
only if the 4.8mm ! !" !" bit passeu thiough the lock keyway. In that case, the
table assembly was loweieu anu the 12.7 mm ! ! !" bit was inseiteu into the uiill
chuck anu the lock was ie-centeieu on the lock keyway. The uiill was iestaiteu anu
the 12.7 mm ! ! !" bit was applieu to the lock keyway. The same uiill-stop ciiteiia
weie useu foi both uiill uiameteis. Aftei uiilling was complete, the lock was
uioppeu, a maximum of ten times, fiom a height of 1 m (S9.4 in) onto a conciete flooi
to simulate a hammei blow. If the shackle openeu, then the lock "faileu" otheiwise it
"passeu". The locks founu in Table S weie testeu using this uiill test system.

Table S - Shackle anu puck-style locks testeu using the uiill piess test system.
0#6/ 0)4/$ I>%$/ 39)>) J<C=/8 :/&>/4
Nastei Lock 62Su Shackle

S
W-L0K SK977S24-B Shackle

S
Ameiican A748 Shackle

S
Abloy SSuNSu Shackle

S
Ameiican AB1u Shackle

S
Ameiican 2Suu Puck

S
Ameiican 2u1u Puck

S
Nastei Lock 627u Puck

S
Abloy PL97S Puck

S


6
2.S 0xyacetylene Toich Test
2.S.1 0xyacetylene Toich Test System
The oxyacetylene toich test useu a lineai actuatoi to contiol the speeu of the
shackle as it passeu unueineath an oxyacetylene toich, see figuie 2.S. The actuatoi
was a Lineai Notions Inc. WP-NSSS-Tu6L}N9u2 actuatoi with a BLBu1SK-A motoi
anu motoi-contiol unit, set to a speeu of !!! !! ! !!!" !" ! . A spacei was
attacheu to the lineai heau of the actuatoi to sepaiate it fiom the high tempeiatuies
piouuceu by the oxyacetylene toich. The spacei was constiucteu of steel box tubing
measuiing 1u1.6 mm (4 in) x 1u1.6 mm (4 in) x 1u1.6 mm (4 in) with a wall
thickness of S.uS mm (u.12 in). 0n top of the spacei was welueu foui "L" shapeu
biackets. Two Su4.8 mm (12 in) x Su4.8 mm (12 in) high tempeiatuie ceiamic
Silquai Solueiing Blocks weie bolteu to the "L" shapeu biackets to pioviue an
insulateu base foi the lock. The lock was helu in place with a 2S.4 mm (1 in) x Su4.8
mm (12 in) x S.17S mm ! ! !" aluminum bai clampeu to the ceiamic plates. The
oxyacetylene toich heau was positioneu at an angle of = Su
ielative to the ceiamic

plates anu X = 1.S mm (u.u6 in) fiom the lock shackle. Refei to figuie 2.S.

2.S.2 0xyacetylene Toich Test Pioceuuie
Piioi to each test seiies, a calibiation test of the lineai actuatoi was conuucteu.
The length of tiavel of the lineai actuatoi was measuieu using an Empiie 18-inch
stainless-steel iulei with an accuiacy of u.S mm (u.u2 in). The time iequiieu to move
the length of tiavel was measuieu using a Suunto Nouel 0bseivei stopwatch. The
lineai actuatoi motoi contiol unit was then aujusteu to achieve !!! !! !
!!!" !" ! . The lock unuei test was manually positioneu on the ceiamic plate to
ensuie a peipenuiculai cut was maue acioss the shackle anu clampeu into position.
The lineai actuatoi was then activateu, biinging the lock shackle uiiectly below the
toich cutting heau wheie a metal spacei was useu to place the heau the
iecommenueu 1.S mm (u.u6 in) fiom the shackle.|8j The oxygen anu acetylene
iegulatoi valves weie then set to 289.6 kPa (42 psi) anu 48.S kPa (7 psi),
iespectively. The lineai actuatoi was then activateu moving the lock away fiom the
toich. The acetylene on the toich heau was tuineu on anu igniteu using a stiikei.

Figuie 2.S - Schematic uiagiam of the acetylene toich cutting system, vieweu fiom
the siue.

7
0xygen on the toich heau was then tuineu on until six uistinct blue points coulu be
obseiveu on the toich tip. The oxygen flow iate was confiimeu by activating the
cutting oxygen levei anu confiiming the length of the six blue points uiu not inciease
oi ueciease in length. With the toich buining coiiectly the lineai actuatoi was
activateu moving the lock shackle towaiu the oxyacetylene flame. The flame was
positioneu at the bottom quaitei of the shackle anu helu theie until the shackle
ieacheu the oxiuizing tempeiatuie of the shackle metal. This is tiauitionally
iecognizeu by pooling of the metal at the flame point oi spaiking of the metal at the
flame point.|8j 0nce the oxiuizing tempeiatuie was ieacheu the cutting oxygen levei
was uepiesseu anu the lineai actuatoi was auvanceu. This piocess was iepeateu foi
the othei siue of the lock shackle. 0nce complete, the lock was alloweu to cool, the
uepth of cut was measuieu using a ueneial Tools Nouel 147 uigital calipei to an
accuiacy of !!!!!" !"#$! The locks shown in Table 4 weie testeu using this
oxyacetylene test system.

Table 4 - Shackle-style locks testeu using the oxyacetylene test system.
0#6/ 0)4/$ I>%$/ J<C=/8 :/&>/4

Figuie 2.4 - Schematic uiagiam of the low tempeiatuie impact system, vieweu fiom
the siue.

8
2.4 Low Tempeiatuie Impact Test
2.4.1 Low Tempeiatuie Impact Test System
The low tempeiatuie impact test system useu a penuulum to impact a lock that
was cooleu using compiesseu uifluoioethane (canneu aii), see figuies 2.4 anu 2.S.
Two vaiiations in the penuulum weie constiucteu. The fiist penuulum was
constiucteu of a 96S.2 mm (S8 in) x 1u1.6 mm (4 in) x 6.SS mm ! ! !" steel plate
anu a S.6S kg (8 lb) maul with its factoiy hickoiy hanule. This penuulum hau a total
mass of S4.S kg (76 lb). The seconu penuulum was constiucteu aftei the tenth test
anu the hickoiy hanule began to fail. It was ieplaceu with a 2S.4 mm (1 in) uiametei x
692.1S mm (27 - ! ! !") scheuule 4u steel pipe. A ball, fiom a ball-peen hammei,
was also welueu to the fiont of the maul, incieasing the total mass of the penuulum to
4u.4 kg (89 lb). The penuulum was uesigneu to uelivei a minimum of Suu } (221.27
ft-lbf) of eneigy baseu on an ax swing eigonomics stuuy by Wiuule et al.|9j The
actual eneigy of the penuulum piioi to stiiking the lock was estimateu using
!
!"#!"#"$
!
!
!
!!
!

Figuie 2.S - Schematic uiagiam of the low tempeiatuie impact system, vieweu fiom
above.

wheie m is the mass of the penuulum anu v is the velocity of the penuulum. The
mass of the penuulum was assumeu to be a point mass. The penuulum was helu in
its pie-ielease position by an electiomechanical solenoiu that was iemotely actuateu.
The velocity of the penuulum piioi to impact was measuieu using a Phantom v7.u
high-speeu cameia set to a iesolution of S12 x S12 pixels anu a fiame iate of 4796
fps. The cameia was tiiggeieu with a bieak-switch attacheu to the penuulum that
openeu when the penuulum uioppeu. The lock suppoit was constiucteu of 6.SS mm
! ! !" steel plate anu was mounteu to a Su.8 mm (2 in) thick steel table, estimateu
to weigh seveial tons. The lock suppoit was uesigneu to allow it to be aujusteu so
that the penuulum always stiuck the lock keyway at 9u
. The lock suppoit uiu not

iestiict the lock movement aftei impact. The locks weie cooleu using compiesseu

9
uifluoioethane, commonly known as "canneu aii". The cans weie inveiteu anu the
extension tube was placeu in the lock keyway. The tempeiatuie of the lock was
measuieu using an 0mega BB176 Bataloggei Theimometei with an accuiacy of u(S
)
*
above -1uu
)
* anu an 0mega Type K theimocouple attacheu to the lock with Scotch
Inuooi0utuooi Nounting Tape.

2.4.2 Low Tempeiatuie Impact Test Pioceuuie
Piioi to testing, the 0mega BB176 was calibiateu using an ice-watei bath anu the
high-speeu cameia was checkeu foi alignment, lighting, anu focus. The penuulum
was loweieu anu the lock suppoit aujusteu to centei the lock keyway with the ball on
the penuulum. The penuulum was then moveu to its pie-ielease position anu the
electiomechanical solenoiu lockeu. Next, a safety chain was positioneu acioss the
penuulum. The theimocouple was attacheu to the lock with tape on the siue opposite
the high-speeu cameia. The safety chain was iemoveu fiom the penuulum anu the
0mega BB176 Theimometei Bataloggei was staiteu anu a complete, inveiteu, can of
uifluoioethane was spiayeu into the lock keyway. 0nce the can was empty, the
penuulum was ieleaseu stiiking the lock in the keyway. The ielease of the penuulum
tiiggeieu the high-speeu cameia, which captuieu the penuulum impact. The locks
founu in Table S weie testeu using this low tempeiatuie impact test system.

Table S - Shackle anu puck-style locks testeu using the low tempeiatuie impact test
system.
0#6/ 0)4/$ I>%$/ J<C=/8 :/&>/4
Abloy SSuNSu Shackle S
Ameiican 2Suu Puck S
Ameiican 2uuu Puck S
Nastei Lock 627u Puck S
Abloy PL97S Puck S


1u
2.S Compiessive Cutting Test
2.S.1 Compiessive Cutting Test System
The compiessive cutting test system useu two uiffeient hyuiaulic piesses to apply
a shoit uistance, thiee-point contact, sheai foice to the lock shackle, see figuie 2.6.
The hyuiaulic piesses useu weie an Instion Nouel 88u1 with a maximum
compiessive foice of 1uu kN (22,uuu lbf) anu a Satec 0niveisal Test Nachine with a
maximum compiessive foice of SS4kN (12u,uuu lbf). A uisplacement iate of 2.S4
mmmin (u.1 inmin) was selecteu foi a constant stiain iate on all locks except the
Abloy anu W-Lok paulocks, which was set to 7.62 mmmin (u.S inmin). The sheai
foice was applieu with a paii of 2S.4mm (1 in) caibiue-tippeu chisels milleu uown to
fit the chucks of the Instion anu Satec hyuiaulic piesses.

2.S.2 Compiessive Cutting Test Pioceuuie
The caibiue chisels weie chuckeu into the hyuiaulic piess. A thiee-point jig, two
spacei ious, anu the caibiue chisel, weie setup aiounu the lowei-chuck. The lock

Figuie 2.6 - Schematic uiagiam of the compiessive cutting system, vieweu fiom the
siues.

was placeu on the thiee point jig with the lock shackle centeieu on the lowei caibiue
chisel. The uppei-chuck of the hyuiaulic piess was loweieu until the caibiue chisel
just toucheu the lock shackle. The computei contiolleu hyuiaulic piess uisplacement
iate was set anu the piess was staiteu. The Instion piess was set to stop applying
foice once the measuieu foice uioppeu below 4u% of the maximum. The Satec piess
hau no safety loau shutoff. The locks founu in Table 6 weie testeu using this
compiessive cutting test system.


11
Table 6 - Shackle-style locks testeu using the compiessive cutting test system.
0#6/ 0)4/$ I>%$/ J<C=/8 :/&>/4

K L/&<$>& #"4 B'&5<&&')"
S.1 Biemel Test
The Biemel test encompasseu S shackle-type locks with S of each type testeu foi a
total of 2S tests. The oiiginal test plan measuieu the time iequiieu to cut thiough the
entiie lock shackle, similai to what an actual attackei woulu attempt. Bowevei,
initial tests with steel ie-bai founu the high ipm low toique motoi of the Biemel
iotaiy tool woulu stall completely oi woulu oscillate by jumping out of the cut anu
back again iepeateuly. It was founu that this typically occuiieu aftei appioximately
Su % of cutting. Baseu on this, a ieviseu test methou was auopteu measuiing the
uepth aftei Su %. The ieviseu test methou alloweu foi an accuiate anu iepeatable test
without iequiiing the Biemel to be iemoveu fiom the cut to iegain speeu.

Results foi the S seiies of tests aie summaiizeu in figuie S.1. Plotteu aie the
aveiage uepths of cut with eiioi bais showing the stanuaiu ueviation anu the
aveiage shackle uiametei of each lock type testeu. Bepths of cut iangeu fiom 1.91
mm (u.u7S in) foi the W-L0K anu S.21 mm (u.21 in) foi the Ameiican A748. The
laigest uata scattei occuiieu with the Nastei Lock 62Su with a stanuaiu ueviation of
1.16 mm (u.uS in). The W-L0K anu the Abloy lock shackles weie the most iesistant
to the iotaiy tool but hau the laigest shackle uiameteis, 1S.9 mm (u.SS in) anu 12.4
mm (u.49 in), iespectively.

It is not cleai fiom this uata to what uegiee shackle uiametei oi shackle mateiial
piopeities influence the cutting iate obseiveu. The W-L0K shackle uiametei was
appioximately 26% gieatei in uiametei than the Nastei Lock 62Su, the lock with the
smallest shackle uiametei at 1u.9 mm (u.4S in). All the lock shackles in the test useu
case-haiueneu, boion-alloy steels, except the W-L0K, which uses S16 stainless-steel.
While boion, as an auuitive to steels, is useu piimaiily to inciease the haiuness; its
effectiveness is uepenuent upon: the amount of boion (S - Su ppm), the caibon anu
alloying content in the steel, anu the piesence of fiee nitiogen, anu the type of ue-
oxiuizeis useu uuiing the steel making.|1uj


12

Figuie S.1 - Bepth of cut in paulock shackles with a Biemel tool compaieu to the
uiametei of the lock shackle.

The same issue aiises with case haiueneu mateiials, which uepenus on the caibui-
ization piocess anu uuiation. Nanufactuiei uata sheets uo not pioviue infoimation
iegaiuing the shackle mateiial piopeities such as yielu stiength oi suiface haiuness.
Both the effect of shackle uiametei anu mateiial piopeities iequiie auuitional stuuy
to claiify the uegiee to which they influence the abiasion iate.

In summaiy, even though the W-L0K is on aveiage 1(7 times moie abiasion-
iesistant than the Ameiican A748, both lock shackles woulu on aveiage be cut
thiough in appioximately 1S8 seconus anu 7u.S seconus, iespectively. These iesults
aie similai to the iesults that APC founu, 16S seconus foi a Nastei Lock 62Su.|6j

uiven the veiy shoit amount of time iequiieu foi these iotaiy tools to cut thiough
a lock, a moie piactical appioach woulu be to pievent access to the shackle. Noie
iestiictive hoous can accomplish this oi using puck-style locks wheie the shackle is
not exposeu. It shoulu also be noteu this piocess was ielatively louu as opposeu to
the othei methous testeu. Also, theie is cuiiently no haiuness oi abiasion iesistance
stanuaiu in eithei ASTN F88S-uu9, Stanuaiu Peifoimance Specification foi Paulocks
oi in ATF Publication S4uu.7, ATF Feueial Explosives Law anu Regulations.

S.2 Biill Test
The uiill test encompasseu S shackle-type locks anu 4 puck-style locks with S of
each type testeu foi a total of 4S tests. The test was a simple passfail test
summaiizeu in Table 7. See section 2.2.2 Biill Test Pioceuuie foi the passfail
ciiteiia.

The Ameiican AB1us weie the easiest locks to uiill thiough, all failing with the 4.8
mm ! !" !" bit. The Nastei Lock 62Su faileu on thiee attempts of the 4.8mm
! !" !" . The iemaining two locks passeu the 4.8 mm ! !" !" bit anu also passeu
the 12.7 mm ! ! !" bit. This lock has a stationaiy, haiueneu, keyway covei that
maue uiilling with the 4.8 mm ! !" !" bit uifficult anu pieventeu the 12.7 mm
! ! !" bit fiom auvancing past the keyway covei in the 6u s iequiieu by the test.
The Abloy SSuNSu locks weie veiy uifficult to uiill uue to steel cylinuei-pins. In
thiee of the locks the tips of the 4.8 mm ! !" !" bits melteu. The othei two bits

1S
bioke in the lock keyway. The W-L0Ks weie also uifficult to uiill uue to steel
cylinuei-pins. In all five cases the uiills penetiateu a few centimeteis befoie the
4.8mm ! !" !" bits bioke off insiue the keyway. The Ameiican A748 locks weie
successfully uiilleu with the 4.8 mm ! !" !" anu the 12.7 mm !!! !" in two cases,
but the locks uiu not open aftei ten uiops fiom 1m (S9.4 in). Tests in the iemaining
thiee locks iesulteu in the 4.8mm ! !" !" bits bieaking in the keyway. These locks
use a stationaiy, haiueneu, keyway covei anu steel cylinuei-pins. The Ameiican
2Suu lock tests iesulteu in the 4.8 mm ! !" !" bits bieaking in the keyway of all
five locks anu none opening. These locks use a iotating, haiueneu, keyway covei.
The Ameiican A2u1u tests weie successfully uiilleu with the 4.8 mm ! !" !" bits
anu all openeu aftei seveial 1 m (S9.4 in) uiops. The Nastei Lock 627u was
successfully uiilleu with the 4.8mm ! !" !" anu the 12.7 mm ! ! !" bits anu
openeu aftei seveial uiops fiom 1 m (S9.4 in). The Abloy PL97S lock was uifficult to
uiill, melting 4 out of S of the 4.8mm ! !" !" bits. Bowevei, in one case the 4.8 mm
! !" !" bit openeu the lock aftei only a few centimeteis of uiilling. These locks
useu a iotating, haiueneu, keyway covei anu steel cylinuei pins.

Table 7 - Summaiy of the passfail iesults of the uiill test.
0#6/ 0)4/$ I>%$/ 3#&& M#'$
Nastei Lock 62Su Shackle 2 S
W-L0K SK977S24-B Shackle S u
Ameiican A748 Shackle S u
Abloy SSuNSu Shackle S u
Ameiican AB1u Shackle u S
Ameiican 2Suu Puck S u
Ameiican 2u1u Puck u S
Nastei Lock 627u Puck u S
Abloy PL97S Puck 4 1

Seveial of these locks useu steel cylinuei pins anu haiueneu, keyway coveis (io-
tating anu stationaiy). These auueu secuiity featuies maue uiilling the keyways
much moie uifficult. The Abloy, W-L0K, anu the Ameiican A748 anu 2Suu all useu
one oi both of these secuiity featuies.


14
The uiill piess useu in this test applieu a gieat ueal moie uownwaiu foice, uiilling
toique, anu confinement than woulu be available with a hanu-helu uiill. Theiefoie,
locks that passeu this test woulu be veiy uifficult to uiill with a hanuhelu uiill
installeu on an explosive magazine. In futuie tests, a centei uiill (bit with a wide
shank and a 60 degree angle tip) is iecommenu piioi to staiting with the 4(8""
! !" !" bit. This woulu ensuie that the hole is staiteu on the centeiline of the lock
keyway. Finally, puck-style locks weie moie uifficult to unlock aftei successful
uiilling than shackle-style locks. Nost of the puck-style locks iequiieu all of the ten
simulateu hammei blows (1 m (S9.4 in) uiops) to get them to open. Nost shackle-
style locks openeu when the uiill bit was iemoveu fiom the lock iequiiing no
simulateu hammei blows.

In summaiy, the auuition of haiueneu keyway coveis oi the use of steel cylinuei
pins gieatly incieaseu the uiilling uifficulty. Also, puck-style locks offeieu some
iesistance to opening aftei successfully being uiilleu as opposeu to stanuaiu shackle-
style locks. Neithei ASTN F88S-uu9 noi ATF Publication S4uu.7 auuiess the uiilling
of the keyway even though this is a common locksmith piactice foi opening
locks.|11j

S.S 0xyacetylene Toich Test
The oxyacetylene toich test encompasseu S shackle-style locks with S of each lock
type testeu foi a total of 2S tests. The test was baseu on the maximum auvance iate
in !! !"#$%& iequiieu to cut the shackles off an Ameiican AB1u lock with an
oxyacetylene toich. The Ameiican AB1u lock was useu as a baseline because it is a
stanuaiu lock issueu acioss ATF. Results foi the S lock types aie summaiizeu in
figuie S.2. Plotteu aie the aveiage uepths of cut with eiioi bais showing the
stanuaiu ueviation anu the aveiage shackle uiametei of each lock type testeu.
vaiiability in the uata was uue to blow-back anu slag pooling in the keif cut by the
toich. I obseiveu uuiing the tests that eveiy shackle was cut thiough completely foi
all the locks except foi the W-L0K.

Changing the cutting configuiation to ensuie theie was ioom foi cut mateiial to
move away fiom the shackle woulu significantly ieuuce this pioblem. vaiiability in
the uata was also uue to vaiiations in the flow iate of the oxygen anu acetylene fiom
test to test. Any futuie tests shoulu continuously measuie the flow iate of both the
oxygen anu acetylene anu set these vaiiables to ensuie consistent cutting paiameteis
foi eveiy test.

In summaiy, none of the shackle mateiials testeu can withstanu the high tem-
peiatuies that an oxyacetylene toich can ieach, S,48u
C (6,296
F). While the S16

stainless steel in the W-L0K uoes not oxiuize (buin) like milu steels, at these
tempeiatuies it uoes melt. Poitable plasma cutteis, while not testeu in this stuuy,
aie also a seiious thieat to shackle-style locks. They opeiate at appioximately
2S,uuu
C (4S,uS2
F), aie inexpensive $4uu to $1,2uu, anu can cut any electiically-
conuuctive metal (steel, aluminum, coppei, stainless steel, etc.). To pievent the
shackle fiom being cut, it must be piotecteu. Some piotection can be gaineu fiom
using puck-style locks that enclose the shackle in the lock bouy. Bowevei, milu-steel,
puck-style, lock bouies will only uelay the opening with the auueu thickness of the
lock bouy. Auuitional piotection coulu be gaineu fiom a stainless-steel bouy, which

1S
again uoes not oxiuize when exposeu to the oxyacetylene toich. Auuitional
oxyacetylene toich testing woulu be iequiieu to ueteimine if theie aie any
significant uelay auvantages to puck-style locks constiucteu of stainless-steel veisus
milu-steel. Again, neithei the ASTN F88S-uu9 noi ATF Publication S4uu.7 auuiesses
the ability of the lock to withstanu cutting by an oxyacetylene toich.

Figuie S.2 - Bepth of cut in paulock shackles with an acetylene toich compaieu to
the uiametei of the lock shackle.

S.4 Low Tempeiatuie Impact Test
The low tempeiatuie impact test encompasseu S shackle-style locks anu 4 puck-
style locks with S of each lock type testeu foi a total of 4S tests. Results foi the 9
seiies of tests aie summaiizeu in Table 8. The aveiage impact eneigy was (477.2
72.7) } (SS1.9 SS.6) ft-lbf at an aveiage tempeiatuie at impact of (-2S.2
1S.1
) C (-
1S.S6
27.18
) F. 0nly one lock faileu the test, a Nastei Lock 62Su. It faileu at an
impact eneigy of 466.1 } (S4S.8 ft-lbf) at a tempeiatuie of -SS.2
C (-S1.4
F). The lock

faileu at the apex of the shackle.

vaiiability in the tempeiatuie uata was a pioblem. This is piobably causeu by pooi
auhesion of the theimocouple to the lock bouy as the tempeiatuie uioppeu. I am
looking at seveial methous to pievent this pioblem in the futuie. 0ne is the use of
Aluminum tape with a Kapton tape oveilay anu the othei is theimally conuuctive
epoxy.|12j

It shoulu be noteu that, while not testeu in this stuuy, both uiy ice, -78.S
C (-1u9.S

F), anu liquiu nitiogen, -196.u
C (-S21.u
F), aie ieauily available anu inexpensive.

Auuitional testing is iequiieu to ueteimine if these tempeiatuies woulu iesult
auuitional bieakage at the impact eneigies testeu.


16
In summaiy, locks withstoou the low tempeiatuie impact tests with only one
failuie. Baseu on these iesults, this uoes not appeai to be a ieliable methou of
bieaching these locks. 0ne ieason the APC iesults may contiauict these iesults is the
uiffeience in test methou useu. In my tests, the locks weie alloweu to move aftei
impact, similai to how a ieal lock woulu move if stiuck with a hammei. In the test
conuucteu by APC, the lock was fixeu in a vice. This uiffeience is significant since all
of the eneigy of the hammei blow was absoibeu in the APC test as mechanical
benuing of the lock shackle. In my test, the impact eneigy was uistiibuteu in both
mechanical benuing anu tianslational anu iotational kinetic eneigy of the lock.
Again, neithei the ASTN F88S-uu9 noi ATF Publication S4uu.7 auuiesses the ability
a lock to withstanu low tempeiatuie impacts.

Table 8 - Test iesults of low tempeiatuie impact test foi both the 4u.4 kg anu S4.S
kg penuulums.
A)56 +"/81% NOP :/C-/8#><8/ N
Q
DP 3#&& M#'$
Abloy SSuNSu 484.6 -16.1 S u
Abloy PL97S 484.6 -12.2 S u
Ameiican AB1u 414.8 -SS.7 S u
Ameiican 2u1u S4S.8 -1S.9 S u
Ameiican 2Suu 484.6 -16.7 S u
Ameiican A748 484.6 -9.6 S u
NasteiLock 62Su 466.1 -S2.6 4 1
NasteiLock 627u 48u.9 -1S.7 S u
W-L0K 484.6 -6.8 S u

S.S Compiessive Cutting Test
The compiessive cutting test encompasseu S shackle-style locks with S of each lock
type testeu foi a total of 2S tests. Results foi the S seiies of tests aie summaiizeu in
figuie S.4. Plotteu aie the aveiage maximum loaus at failuie with eiioi bais showing
the stanuaiu ueviation of each lock type testeu. Naximum loaus iangeu fiom 17u.S
kN (S8,277.2 lbf) foi a W-L0K to S4.S kN (12,2u4.u lbf) foi an Ameiican AB1u. The
laigest uata scattei occuiieu with the Ameiican AB1u with a stanuaiu ueviation of
9.4 kN (2,111.8 lbf). All of the shackles in these tests weie auveitiseu by the
manufactuiei to be case-haiueneu, boion-alloy, steels except foi the W-L0K, which
uses S16 stainless-steel. It is again not cleai to what uegiee mateiial piopeities oi

17
shackle uiametei contiibute to the uiffeiences in mateiial stiength. Bowevei,
iefeiiing to figuie S.4, it can be obseiveu that it takes almost twice the foice to cut
thiough the Abloy anu W-L0K shackles while theii uiameteis weie only about 2S%
laigei.

In the APC stuuy, the lock shackles weie cut with a Chinese manufactuieu
hyuiaulic iebai cuttei, Nouel CPC-22A.|6j Foi a compaiative analysis, the foice
iequiieu at the hanules of a set of S6in mechanical bolt cutteis, Pittsbuigh Nouel
411Su, was examineu, see figuie S.S. Baseu on this schematic, we have the following
equation iepiesenting the iequiieu foice at the hanules anu the iesulting foice at the
jaws:
!
!"#$%&
!
!"
!"
!
!"#$

wheie w = 68S.8 mm (27 in), x = 1S mm (u.6 in), y = 111 mm (4.4 in), z = Su mm (2
in) anu !
!"#$
is the aveiage maximum foice measuieu at failuie foi each lock type.

Figuie S.S - Schematic uiagiam of a set of bolt cutteis.

The calculateu iesults in Table 9 show that ovei 6u9.4 N (1S7 lbf) woulu be
iequiieu at the hanules foi the weakei shackles anu ovei 1,SS6.9 N (SSu lbf) foi the
Abloy lock. Even the lessei of these foices aie consiueiable anu woulu be uifficult foi
an inuiviuual to accomplish. Bowevei, the hyuiaulic iebai cuttei testeu by APC
easily bioke the shackle of the Nastei Lock 62Su. Auuitional, unpublisheu iesults by
APC founu that the hyuiaulic iebai cuttei jaws bioke when attempting to cut an
Abloy SSuNSu lock.

In summaiy, it iequiieu twice the foice to cut thiough the W-L0K anu the Abloy
lock shackles as compaieu to the Nastei 62Su, Ameiican A748, anu Ameiican AB1u.
Again, neithei the ASTN F88S-uu9 noi ATF Publication S4uu.7 auuiesses the ability
of the lock to withstanu compiessive cutting at the shackle.


18

Table 9 - Foice iequiieu at the hanules of S6 in bolt cutteis to achieve the maximum
foice at failuie.
A)56 O#F& N$=*P R#"4$/ N$=*P
Nastei 62Su 1S,97S.9 1S7.7
W-L0K SS,S29.S SSu.u
Ameiican A748 14,8S9.6 146.2
Ameiican AB1u 14,6S9.u 144.2
Abloy SSuNSu S1,6SS.S S11.7

Figuie S.4 - Naximum compiessive cutting-foice loauing on shackle-style locks.

S D)"5$<&')"&
The effects of paulock bieaching methous weie stuuieu using 9 uiffeient lock types.
Baseu on these test iesults, I founu that shackle uiametei anuoi shackle mateiial
can significantly inciease the sheai stiength of the shackle. While these same
compaiative benefits weie founu with abiasion iesistance, the actual time iequiieu
to bieach was so shoit that any abiasion iesistance auvantage was negateu. I also

19
founu that the shackle is vulneiable to the oxyacetylene toich iegaiuless of shackle
uiametei oi mateiial. Biilling of the keyway was thwaiteu with ielatively simple
secuiity measuies such as stainless steel cylinuei pins anu haiueneu cylinuei coveis.
None of the locks appeai to be paiticulaily susceptible to low tempeiatuie impacts
although ietesting with an impioveu methou to auheie the theimocouple to the lock
bouy woulu impiove confiuence in this conclusion.

In geneial, locks with an exposeu shackle aie moie vulneiable than hiuuen oi
puck-style locks. All locks can be vulneiable to uiilling, but with ielatively simple
secuiity measuies, the vulneiability to uiilling can be gieatly ieuuceu. Table 1u
below is a summaiy of lock peifoimance in all five tests. Each lock was iankeu 1-S, 1
being the woist peifoimei in a paiticulai test anu S being the best peifoimei. Puck-
style locks scoieu Ss on the Biemel, oxyacetylene, anu compiessive cutting tests.
This was uone because the shackle of puck-style locks is hiuuen anu not vulneiable to
these tests. The highest scoiing shackle lock was the W-L0K while the highest
scoiing puck-style lock was the Ameiican 2Suu.

Table 1u: Summaiy of the five lock tests.
A
)
5
6
T

B
8
/
C
/
$

!
5
/
>
%
$
/
"
/

B
8
'
$
$

@
C
-
#
5
>

D
)
C
-
8
/
&
&
'
.
/

:
)
>
#
$

I
5
)
8
/

D
)
&
>

-
/
8

A
)
5
6

W-L0K (S) S S S S S 2S $82.Su
Ameiican 2Suu (P) S S S S S 2S $SS.82
Abloy PL97S (P) S S 4 S S 24 $11u.uu
Abloy SSuNSu (S) 4 2 S S S 21 $1SS.uu
Ameiican A2u1u (P) S S u S S 2u $2S.uu
NasteiLock 627u (P) S S u S S 2u $27.9S
Ameiican A748 (S) 1 4 S S 2 17 $96.uu
NasteiLock 62Su (S) S S 2 S 2 1S $2S.2S
Ameiican AB1u (S) 2 1 u S 2 1u $2S.uu
*(P)=puck type anu (S) = shackle type.


2u
Figuie 4.1 shows the total lock scoie plotteu vs. unit cost. The most expensive
locks uo not appeai to automatically be the best.

Figuie 4.1 - The total scoie foi each lock veisus the lock cost in uollais.

Stanuaius to auuiess the vulneiabilities testeu in this stuuy uo not cuiiently exist
in eithei ASTN oi ATF. The 0.S. Bepaitment of Befense, Nilitaiy Stanuaiu, NIL-BTL-
4S6u7}, Paulock, Key 0peiateu, Bigh Secuiity, Shiouueu Shackle, uateu 29 }uly 2u1u,
was the most iobust stanuaiu founu. This stanuaiu auuiesses shackle iesistance at
low tempeiatuies anu foiceu entiy iesistance with both batteiy anu non-batteiy
tools. The low tempeiatuie stanuaiu iequiies the paulock to be cooleu to -7S
C
(-1uu
F) anu stiuck a minimum of six times oi foi a maximum time peiiou of S min
with a 1.S6 kg (S lb) hammei. The foiceu entiy test iequiies the lock to withstanu 1
minute of foiceu entiy with batteiy tools anu S min of foiceu entiy with non-batteiy
tools. The total weight of tools cannot exceeu 9.u7 kg (2u lb). Beating equipment
tempeiatuies cannot exceeu 649
C (12uu
F). While this stanuaiu auuiesses many of

the tools anu methous useu in this stuuy, the "pass" times foi poweieu tools aie only
1 minute anu the maximum tempeiatuies aie low compaieu to oxyacetylene.
Auuitionally, locks that meet these stanuaius, such as the Saigent anu uieenleaf 9S1
cost on aveiage ovei $1,68u each.

U !56")F$/41C/">&
The authoi giatefully acknowleuges technical suppoit fiom the 0niveisity of
Alabama Buntsville, Aeiophysics Facility anu Reliability anu Failuie Analysis
Laboiatoiy. The authoi also giatefully acknowleuges the suppoit fiom the NCETR,
Explosive Enfoicement anu Tiaining Bivision. The Euitoi of this jouinal cieateu
figuie 4.1.

21
V L/*/8/"5/&
|1j ATF. Explosives Stoiage Requiiements, Nay 2u1S.
|2j ATF. +,- -&.&/01 23415%#6&% 708% 0$. 9&:;10<#5$%. Buieau of Alcohol, Tobacco,
Fiieaims anu Explosives, 99 New Yoik Ave NE, Washington, BC, S4uu.7 euition,
}une 2u12.
|Sj ATF. Explosive Thefts fiom 2uu6 thiough 2u1u. +,- 23415%#6&% =$.;%</>
?&8%1&<<&/, page 8, }une 2u11.
|4j Ameiican Society of Testing anu Nateiials. @<0$.0/. A&/B5/"0$'& @4&'#B#'0<#5$
B5/ A0.15'C%( Ameiican Society foi Testing anu Nateiials, 1uu Baii Baiboi Biive,
West Conshohocken, PA, f88S-u9 euition, 2uu9.
|Sj Austin Powuei Company. Bieach Testing Nagazine Paulocks. Novembei 2u12.
|6j Les Kiikup. 234&/#"&$<01 D&<E5.%. }ohn Wiley & Sons Austialia, Ltu., 42
NcBougall Stieet, Nilton, Qlu 4u64, 1994.
|7j Baviu }. Biooks anu Benjamine Beaiu. A Compaiison of Laboiatoiy anu vul-
neiability Evaluation Nethous foi the Testing Secuiity Equipment. In A/5'&&.#$:%
5B <E& F/. +;%</01#0$ @&';/#<> 0$. =$<&11#:&$'& *5$B&/&$'&, page 1S, Peith Westein
Austialia, 2u1u. Secuiity Reseaich Institute, Euith Cowan 0niveisity.
|8j R. Finch. G&1.&/H% I0$.J55CK + L;#.& <5 A10%"0 *;<<#$:M N3>0'&<>1&$&M +/'M D#:
0$. ,#: G&1.#$:( BPBooks, 2uu7.
|9j Caiol }. Wiuule, veinaiu Foley, anu uail Bemo. Bynamics of the Axe Swing.
Eigonomics, 21(11): 92S-9Su, 1978.
|1uj R. C. Shaima. A/#$'#41&% 5B I&0< ,/&0<"&$< 5B @<&&1%. New Age Inteinational (P)
Limiteu, 2uu7.
|11j Bouglas Chick. @<&&1 O51< I0'C#$:K + *5"4;<&/"0$H% L;#.& <5 75'C A#'C#$:(
Thenetwoikauministiatoi.Com, 2uu4.
|12j Cameion Sinohui. A Compaiison of Nethous foi Attaching Theimocouples to
Piinteu Ciicuit Boaius foi Theimal Piofiling. In ?2A*ND, 1999.


22
viewpoint Papei

!"#$%&' )*+,&-+.%+, &+/ 0"'1%-$$&+#% 2%'.-+*$*34

Balvoi A. 0nuem, Ph.B., Lt Col 0SAF (Ret)
Affiliate Piofessoi, }ackson School of Inteinational Stuuies
0niveisity of Washington, Seattle

I came acioss a teim that I seiiously objecteu to ovei a yeai ago in a piivate conveisation,
anu I expiesseu my objections to the inuiviuual when I heaiu it. Now that I am beginning
to see the teim come into piinteu use, I am going to object even moie in piint. Call it, if you
will, a wee bit of whining.

The teim is "NBA Seal".

Now, some of you might think I am being cuimuugeonly oi peuantic oi both, but I assuie
you I am not. It is a paiticulaily bau teim foi two ieasons. Fiistly, it confuses two
techniques fiom Safeguaius (anu Aims Contiol, too) that aie noimally inuepenuent but
vitally complementaiy to one anothei. Seconuly, we have, thanks to the Buman Capital
Bevelopment thiust aiea of the Bepaitment of Eneigy's Next ueneiation Safeguaius
Initiative, a lot of new Safeguaius piactitioneis whose confusion we shoulu woik to
eliminate iathei than encouiage.

To be specific, NBA, oi moie coiiectly !"# %&'()*+(,-& .''/0 1&/'*)&2&#(' pioviue an
!"#$%&#'(!#')& +%#,'(3 Tampei Inuicating Seals (iefeiieu to as just "Seals" fiom this point
on), on the othei hanu, aie simply #%+-),!,. "/% 0%1'(%/ that, given the acceptance of a
lot of assumptions, buy the monitoiing paity a bit of time between necessaiy
authentication measuiements. In the logical scheme of things, the coiiect authentication
metiic is always necessaiy anu sufficient. Seals may be necessaiy. They aie nevei
sufficient.

Bow shall I illustiate this. 0ne way is to look at the histoiy of how seals came into use,
anu then imagine two extieme veiification woilus, one wheie seals aie utteily anu
completely un-necessaiy, anu anothei wheie, at least foi a time (anu maybe a veiy long
time), that's all you can have. Sometimes examining asymptotic cases pioviues inteiesting
insights on inuiviuual vaiiable behavioi. The seconu illustiation, which I think I like a little
bettei, is a militaiy one, wheie the !"#$%&#'(!#')& +%#,'( constitutes the offensive
opeiation, anu the /%!2 the uefensive maneuvei.

5$$"6,'&,-*+ 7 8 9-6,*'4 &+/ :64.;,*,-# <-.-,6

9-6,*'4=
Buiing my last yeai (2uu8) at the Inteinational Atomic Eneigy Agency (Agency),

2S
I spent a goou ueal of time in the Agency aichives, because I was woiking on a
histoiy of seal uevelopment anu vulneiability assessments foi the vaiious
Categoiy A
1
seals that weie alieauy in full ueployment oi about to be
ueployeu. The metal (CAPS) seal
2
, foi example, has at least a 4u-plus-yeai histoiy
while the E0SS
S
(Electio-0ptical Sealing System) just staiteu going into full scale
ueployment in 2uu8. The iecoiu inuicates, fully consistent with the Seals 0nit's
ICAS (Intiouuctoiy Couise on Agency Safeguaius) Nouule, that Seals aie
/#+,44/)05+"264&2&#(/)0 to #*+4&/) 2/(&),/4 /++"*#(/#+0 activities. This
ancillaiycomplementaiy natuie is impoitant, anu neeus to be emphasizeu.

The mouel pioblem is this. Assume I have a ioom with n containeis of SNN
(Special Nucleai Nateiial), say LE0 (Low Eniicheu 0ianium) in a fuel fabiication
facility. Eveiy Su uays (oi pick the inteival iequiieu), I go in with NBA
instiumentation anu uo a full PIv (Physical Inventoiy veiification) of eveiy
containei in the ioom. So, because of my !"#$%&#'(!#')& +%#,'(my
measuiement campaign(s)I know foi a fact on a ieasonably peiiouic basis that
in that ioom theie aie n containeis with x giams of LE0 at an eniichment of such
anu such y giams pei containei. That's one element of the Safeguaius appioach
foi that ioom which is pait of a laigei set of Safeguaius activities to ueal with the
Safeguaius appioach foi the entiie facility.

But if this activity is too expensive anuoi consumes too many inspectoi staff
uays, oi both, what can I ieasonably uo. I /%!2 those containeis so that I uo not
have to uo the PIv eveiy Su uays. I extenu the inteival between PIvs in oiuei to
save time anu money, but I uo not eliminate PIvS. As long as (1) I asceitain that
the seal is mine (unique), anu (2) I am confiuent that foi ieasonably shoit
(subjective) inteivals the seal will tampei-inuicate unuei most feasible attacks,
then I accept the iisk of stietching out the time between PIvs. 78& '&/4 ,#()"9*+&'
),': ;") (8& <&#&;,( "; +"'( )&9*+(,"#3 =(>' / ()/9& = 8/9 (" 2/:&3 = /2 <*0,#? (,2&3

<-.-, 7 8 : >*'$/ >-,?*", 0%&$6
We can imagine a woilu without seals without too much tiouble. Let's say the
biilliant IAEA 0NS (0nattenueu Nonitoiing Systems) Section has inventeu a
foolpioof machine, veiy small, that is secuiely affixeu to eveiy canistei at a facility
unuei Safeguaius, anu at the flick of a few key stiokes on a computei in vienna, a
full PIv on eveiy canistei in that facility can be hau in ieal time, anu as often as
uesiieu. This is not only unattenueu, but ieal-time NBA monitoiing, anu in this
situation, seals aie utteily unnecessaiy. You have full anu complete nucleai
mateiial accountancy, inuepenuently, as often as you like. Punch Line: NBA

1
A "Categoiy A" seal, inueeu any Categoiy A Safeguaius Instiument, is one that has gone
thiough the Agency's entiie gauntlet of uevelopment, test, anu evaluation befoie being
ueclaieu fit foi woiluwiue use.
2
@/;&?*/)9' 7&+8#,A*&' /#9 BA*,62&#(C DEFF B9,(,"#G Inteinational Nucleai veiification
Seiies No. 1 (Rev. 2), Inteinational Atomic Eneigy Agency, vienna, 2u11, pp. 7u - 71
S
Ibiu, pp. 74-7S.

24
measuiements, the ";;&#',-& "6&)/(,"#G pioviues eveiything neeueu, paiticulaily if
you locate the mateiials with high piecision in time anu space.

<-.-, @ 8 : >*'$/ >-,? 0%&$6 A+$4 B:+/ C&4D% E*',&$ C*+-,*'-+3F

This woilu is a bit haiuei to imagine, especially in Safeguaius, but an Aims
Contiol scenaiio comes to minu. Let's suppose that aftei New START,
AmeiicanRussian ielations aie just so bau that almost eveiything is off the
table. No uiiect waiheau uismantlement monitoiing is alloweu, no agieement on
what constitutes unclassifieu infoimation has been ieacheu, anu no agieement on
mateiials uisposition has been ieacheu, so we'ie stuck. EXCEPT both paities
agiee theie is no utility to tactical weapons at all, anu a joint facility is built with
all poitals anu exits monitoieu, so that confiuence is vERY high that an item that
goes in, whethei Russian oi Ameiican, stays in, until it comes out. (This is a bit
like the Nayak Fissile Nateiial Stoiage Facility
4
, only jointly constiucteu anu
monitoieu.) A goou jointly uesigneu sealing system applieu to jointly uesigneu
containeis built foi such a sealing system might pioviue high confiuence that you
have an effective item monitoiing iegime. This is cleaily an inteiim solution (but
it coulu be a long inteiim), because no-one ieally knows, without some kinu of
NBA measuiement (cuiiently not alloweu), what is REALLY in the
containeis. Both paities, if they watcheu shiouueu pointy objects being iemoveu
fiom missiles anu placeu in sealeu containeis, might ieasonably assume the
items aie nucleai waiheaus with nucleai mateiials, but only an !"#$%&#'(!#')&
+%!/",%+%&#, somehow, some uay, on conveiteu mateiials oi otheiwise, ieally
lets you know if you have what you think you have. Punch Line: Seals, the
9&;&#',-& 2/#&*-&)G buy time until you can biing offensive opeiations to beai.

5$$"6,'&,-*+ @ 8 )*+#$"/-+3 ,?% C-$-,&'4 :+&$*3"%

So to concluue this H&& bit of whining, I object to the phiase "NBA Seal" in just the same
way that I object, as a ietiieu Nilitaiy 0fficei, to the phiase "0ffensive Befense" (the
paiallel to "NBA Seal"), oi "Befensive 0ffense" (the opposite concept). In the militaiy
analogue, both events can anu uo happen, but they aie anomalies. We might consiuei
Chambeilain's bayonet chaige at the Battle of Little Rounu Top an example of "0ffensive
Befense", anu the engagement in vietnam's Ia Biang valley
I
an example of "Befensive
0ffense". Anomalies can happen, but they aie not a goou basis foi eithei the execution oi
teaching of common uoctiine, whethei militaiy, Aims Contiol, oi Safeguaius.

4
Pouvig, Pavel, J"#'"4,9/(,#? K,'',4& 1/(&),/4' ,# L*'',/>' !*+4&/) J"264&MG Reseaich Repoit
No. 7, Inteinational Panel on Fissile Nateiials, Nay 2uu9, www.fissilemateiials.oig,
accesseu S Novembei 2u1S.
S
ualloway, }oseph anu ueneial Bal Nooie, N& N&)& @"49,&)' O#+& /#9 P"*#?C =. %)/#?Q(8&
R/((4& (8/( J8/#?&9 (8& N/) ,# S,&(#/2G Ranuom Bouse Publishing uioup, 0ctobei 1992.
}ouinal of Physical Secuiity 7(1), 2S-Su (2u14)

2S
!"#$% '# ( )*(++ ,"-
Petei Kuiiasch
Inteinet Secuiity Consultant
gtink78hotmail.com
.#/0"123/'"#
Let's face it: secuiity is haiu. Establishing secuiity, maintaining secuiity, feeling
secuie...each uepenus on a vaiiety of factois that change ovei time. 0ne minute you feel
confiuent anu secuie, the next minute you leain something new that makes you think
twice.
A steauy stieam of questions uoesn't help eithei: Bow much money uo I spenu
befoie I feel secuie. Wheie will my limiteu iesouices have maximum impact. Bow can
I make goou uecisions on secuiity when I uon't yet have all the facts. Bow will I know if a
secuiity solution actually woiks.
Anu theie's anothei pioblem: talking about secuiity is haiu. It can be uifficult to
walk thiough scenaiios with colleagues who might not have the same knowleuge anu
peispectives. It can be uifficult to compaie notes anu expeiiences with those in othei
inuustiies who face uiffeient pioblems anu situations. Anu, peihaps woist of all, it can be
uifficult to explain why a paiticulai secuiity uecision was maue oi speak convincingly of its
meiits.
Though secuiity may be haiu, it is obviously impoitant foi the safety anu piotection it
affoius that makes uaily living possible. Fuithei, it is impoitant to talk about secuiity anu
to have goou tools to encouiage those uiscussions. It is in this context, then, that this
aiticle seeks to pioviue such a tool by way of a thought expeiiment. This papei will
challenge some existing iueas of secuiity anu will piesent unconventional iueas foi the
puiposes of piovoking thoughtanu with it, uiscussion.

,$'#4 567'"2+
0ne way people talk about secuiity is something that coulu be calleu "obvious
secuiity": secuiity measuies that aie iecognizable, aie easy to unueistanu how they
woik, anu aie effective. Think of a castle with high stone walls anu a moat with
ciocouiles. It's pietty obvious how they woik, anu anyone can tell you how effective they
aie.

26
The tiouble with "obvious secuiity" is that it can be expensive oi inconvenient oi
ineffectiveoi all of the above. Foi example, a high stone wall costs a lot of money anu
it's ugly anu blocks the sun. Plus, someone coulu always builu a highei lauuei, so how
effective woulu it ieally be. If you have a moat with ciocouiles you have to keep the
ciocouiles happy so they uon't escape anu eat the neighboi's uog. Plus, someone coulu tiy
to uistiact the ciocouiles while someone else ciosses the moat, so how effective woulu that
ieally be.
Anu yet theie is a seuuctive quality to "obvious secuiity" foi one simple ieason:
people get it. When theie is so much about secuiity that is uifficult it is nice to have
something easy.

,$'#4 8'9:*$
Insteau of being obvious, some might tiy to talk about secuiity in "simple" teims.
Ceitainly, Bollywoou has been uoing that foi uecaues: "Pievent |supei villainj fiom
taking |object of supieme impoitancej" oi "uuaiu this |cultuial iconj uuiing its jouiney to
|some iegion contiolleu by an enemyj."
"Simple secuiity" also incluues munuane examples like: "Keep those kius off my lawn!"
In this case the pioblem at hanu is faiily stiaight-foiwaiu, is limiteu in scope, anu has any
numbei of ways to keep the lawn secuie: maybe I'll put up a fence oi install cameias oi sit
in a chaii anu yell at people. Anu the measuie of success is pietty cleai: giass is not
tiampleu.
The tiouble with "simple secuiity", howevei, is that it usually isn't veiy inteiesting.
In the case of Bollywoou, flouiishes aie usually auueu to engage the viewei, but fiequently
they also iequiie the viewei to suspenu uisbelief. Anu most people can't be botheieu to
woiiy about giass.

,$'#4 ;"9:$**'#4
Insteau of being obvious oi simple, let's tiy to be compelling anu stait with something
that eveiyone unueistanus: money. If you see money, you take it. If you have money,
you keep people fiom taking it. If you aie walking uown the stieet anu see a pile of cash,
you giab some of it anu keep on walking. If that happens to be youi own pile of cash, you
hiie a secuiity guaiu to keep people fiom touching it.

27
Easy enough, but one element is missing: the effoit-iisk-iewaiu calculus. Bow
much effoit am I willing to put in. Bow much iisk am I willing to accept. What is my
iewaiu at the enu of it allanu is it woith the effoit anu the iisk.
This element is impoitant, foi it not only infoims basic human behavioi but also
guiues the secuiity piofessional when making secuiity uecisions. Consiuei what happens
when you see a penny on the giounu. As a passei-by, you have to ueciue if it is woith the
effoit to benu ovei to pick it up. To many people, a single penny is just not woith it.
Suppose insteau of a penny you finu a $1uu bill. Is that a sufficient iewaiu.
Now suppose that the $1uu is a pile of pennies. The iewaiu is the same as a $1uu bill
but the effoit is much highei since you have to caiiy away a lot of pennies. The secuiity
piofessional knows this. In fact, the uecision to use pennies coulu be a uelibeiate stiategy
to keep the money secuie: By iequiiing moie effoit of the woulu-be money giabbei, some
people might ueciue to ignoie the money anu move on; so long as enough people uo that,
the money iemains secuie.
Consiuei anothei way to secuie $1uu: a glass box. In paiticulai, let's take a $1uu bill,
put it in a glass box, set the box in the miuule of a stieet, anu post a secuiity guaiu next to
the box. Beie, the iewaiu is mouest ($1uu), the effoit is faiily mouest (giab a iock, bieak
the glass, giab the money), anu if the secuiity guaiu is incompetent, the iisk is minimal
(walk up to the box when the guaiu isn't looking). Is the iewaiu sufficient foi the effoit
anu iisk involveu. Woulu enough people be uissuaueu fiom tiying to get the money.
Bow secuie woulu the money ieally be. If you hiie a bettei secuiity guaiu uoes that
impiove youi secuiity.

)"'#4 ,'4
Fiom the stanupoint of "obvious secuiity", we know that putting money in a glass box
in the miuule of a stieet is a lousy iuea. Eveiyone knows that money belongs in stuiuy
containeis (haiu to bieak) with opaque walls (hiue whatevei is theie) in a guaiueu place
that's haiu to ieach (keep people away). It's obvious.
Bowevei, suppose an aigument is maue that the only pioblem with the glass box
example is that eveiything is too small. If you want to use a glass box you shoulu actually
make eveiything biggei. That is, you shoulu take a lot of money, put it in a giant glass box,
anu then place it in the miuule of a busy stieet in the miuule of a majoi Ameiican city!
Woulu this appioach keep the money secuie.
Imagine the following news aiticle:

28
CBICAu0, Illinois The Feueial Reseive Bank of Chicago, citing the iise in electionic
banking combineu with an economy still in iecoveiy, iepoiteu touay that ciiculation of
papei cuiiency is at an all-time low. Local banks aie uistiibuting fewei bills to customeis.
The banks aie making fewei iequests of the Feu to ieplenish theii cash. The Feu,
ultimately, must stoie moie bills foi longei peiious of time.
In the Feu's Chicago office, locateu at 2Su S. La Salle St. in the heait of Chicago's
financial uistiict, aie thiee vaults built unueigiounu. In noimal economic times, these
vaults aie well equippeu to hanule the iegulai ebb anu flow of cash between the Feu anu
the iegion's banks. With those vaults ieaching capacity, howevei, the Feu must expanu
anu yetgiven the tangleu web of cables, tubes, anu tunnels that lie beneath the cityit
has iun out of space.
Quite liteially, the Feu has too much money anu no place to keep it! But, the Feu has
a plan that is as innovative as it is shocking: builu a giant vault maue of glass iight in the
miuule of La Salle St.
Plans ieleaseu touay by the Feu call foi the 2uu block of La Salle St. to be closeu to all
vehiculai tiaffic. The aiea will iemain open to peuestiians, howevei, anu a new plaza will
be built so that people may gathei anu view the vault. In fact people will be able to walk
iight up to the vault anu look at all the money in itan amount that coulu exceeu
$1u,uuu,uuu. This featuie has iaiseu conceins among secuiity expeits.
A Feu spokespeison explains it this way: "The plaza anu the tianspaient natuie of
the vault's walls mean that anyone at any time can walk up anu see the money is theie anu
that it is safe. Encouiaging people to walk aiounu, look insiue, take pictuies, eat lunch,
anu otheiwise meet up in the plaza fuithei impioves secuiity since woulu-be ciiminals aie
less inclineu to act when othei people aie aiounu. It may seem countei-intuitive but
making the money fully visible actually makes it moie secuie."
The spokespeison auueu: "The uesign of the vault will be aesthetically pleasing anu
iefeiential to the aichitectuie of the many histoiic builuings locateu in Chicago's Loop.
People will want to come see the vault. It will be mesmeiizing!"
The Chicago mayoi's office offeieu its suppoit in a piess ielease: "The mayoi
enthusiastically suppoits the Feu's uecision to builu theii new vault in the heait of oui city.
This vault will be a unique symbol of oui city's uynamism anu is a wonueiful way to
showcase to the woilu that Chicago is a vibiant, innovative, anu secuie place to uo
business. We believe the peuestiian plaza will be a tiue uestination lanumaik anu a
beautiful place foi office woikeis anu touiists alike to gathei."

29
Ciitics of the plan contenu that few, if any, people aie seen walking aiounu the
uowntown aiea at night. The Feu spokespeison offeis a solution that can only be
uesciibeu as bizaiiely iionic: "We plan to invite the city's homeless population to sleep in
the plaza. Biinging people in helps keep the money secuie anu the plaza will be a safe anu
welcoming alteinative to paiks, alleys, anu uooiways. It's a win-win."
Constiuction plans foi the vault itself have not been uiscloseu foi obvious secuiity
ieasons, howevei a souice close to the pioject has ievealeu the following uetails:
The vault will be elevateu off the giounu anu placeu atop seveial columns about 1u
feet high. People will be able to view the vault fiom all foui siues anu fiom below but the
Feu wants to uiscouiage people fiom touchinganu possibly uamagingthe walls.
The walls of the vault will be maue of bullet- anu bomb-pioof glass. The glass will be
appioximately 14 inches thick anu composeu of multiple layeis of glass, laminates, anu
polycaibonate mateiials.
The vault will be fully climate contiolleu anu will be slightly ue-piessuiizeu. Shoulu
the walls of the vault be bieacheu the inteiioi piessuie will spike anu sensois within the
vault can iepoit the secuiity bieak accoiuingly.
The vault will be inaccessible to humans. Noney is tiansfeiieu in anu out using a
fully automateu, iobotic system.
Specific to that last point, the souice explains that bunules of money must be moveu
thiough the suppoit columns, beneath the stieet level, anu into the Feu's builuing. The
whole system must be extiemely ieliable since theie is no uiiect means of getting into the
vault to make iepaiis. The Feu spokespeison ueclineu to comment on this point.
We have also leaineu that inuiviuual bunules of money will be outfitteu with an
explouing uye pack. The expectation is that in the event of a containment bieach, the
incieaseu atmospheiic piessuie will cause the uye packs to immeuiately exploue. The
uye will peimanently stain the bills making them iecognizable as being stolen, theieby
ienueiing them unusable.
0nuoubteuly, the Feu has othei secuiity measuies in minu foi theii new vault, many of
which may nevei be maue public. Still, many secuiity piofessionals iemain skeptical.
Saiu one, who spoke on the conuition of anonymity, "Who uoes this. I mean, a vault like
this is an open invitation to ciiminals anu teiioiists to uescenu on Chicago anu wieak
havoc. The whole pioject has 'public safety iisk' wiitten all ovei it. Suiely it's just a
mattei of time until something bau happens."


Su
8/(0/ <='#>'#4
In this glass vault scenaiio, foui uiffeient paities aie involveu: (1) the Feu who has
the money anu neeus a place to keep it; (2) the secuiity consultants who must hatch a
plan to keep the money secuie; (S) a woulu-be thief who is keen on taking the money;
anu (4) the citizens who aie impacteu not only by the vault's constiuction but also its
piesence as a taiget within theii city.
The thought expeiiment is thus: place youiself in each of those foui ioles anu aigue
convincingly that the glass vault will pioviue secuie stoiage foi the Feu's money anu will
not jeopaiuize the safety of the geneial public.
Foi the iole of the Feu, what secuiity measuies uo you neeu anu how much money aie
you willing oi able to iisk. Foi the iole of the consultant, uoes the ability to uestioy the
money make secuiity planning easiei. Bow much of the secuiity plan shoulu be shaieu
with the public.
Foi the iole of the thief, in what ways coulu you iealistically succeeu in taking the
money. Bow many people woulu you neeu to help you with youi plan. Bow much
effoit aie you willing to put in, how much iisk aie you willing to assume, anu how much
money woulu you neeu to get to make it all woithwhile. Woulu $2uu,uuu be enough.
Foi the iole of the citizen, what knowleuge of the secuiity plans makes you
comfoitable with the vault. Woulu you piefei that the vault aiea be coiuoneu off to
peuestiian tiaffic. If you saw people tiying to bieak in to the vault, woulu you stop them.
Aftei aiguing that the vault is a goou iuea, aie you youiself convinceu that it is. Why
not.
0bviously theie is no iight answei in this scenaiio, anu piobably such a plan woulu
nevei be a goou iuea. Nonetheless, if the iuea of it spuis conveisations on what it means
to have goou secuiity.well, that can only be a goou thing.
}ouinal of Physical Secuiity 7(1), S1-S8 (2u14)

S1
!"#$%&'()#)*+ -..%../%$* 0+*1.2
34& 51'* 0'6%. 7%8 9%'/%&. :%% 7%8;

Rogei u. }ohnston, Ph.B., CPP anu }on S. Wainei, Ph.B.
vulneiability Assessment Team, Aigonne National Laboiatoiy

The man on the othei enu of the phone was nothing if not enthusiastic. "So," he saiu, "You
folks uo vulneiability assessments." "Yes," was the iesponse. "That's gieat," he saiu, "We
have an outstanuing new secuiity piouuct we woulu like you to test anu ceitify!" "Well, I'm
afiaiu we uon't uo that," he was tolu. "I guess I'm confuseu," saiu the man.

As vulneiability assessois (vAeis), we encountei this kinu of confusion uozens of times a
yeai. The pioblem isn't solely that secuiity manageis aie confusing testingceitification
(anu othei things) with vulneiability assessments, it's that, by not unueistanuing
vulneiability assessments in the fiist place, they aie piobably not having them uone, oi at
least not uone well. This isn't conuucive to goou secuiity.

This aiticle is meant to auuiess some of the myths anu misunueistanuings about
vulneiability assessments, incluuing what they aie, how they aie uone, who shoulu uo
them, anu what they aie foi (anu not foi).

Fiist off, we neeu to appieciate that the puipose of a vulneiability assessment is to
impiove secuiity. This is uone in 2 ways: (1) by finuing anu peihaps uemonstiating
vulneiabilities (weaknesses) in a secuiity uevice, system, oi piogiam that coulu be
exploiteu by an auveisaiy foi nefaiious puipose. It might also incluue suggesting
counteimeasuies. Anu (2) by pioviuing one of the 1u oi so majoi inputs to an oveiall
mouein Risk Nanagement appioach to secuiity. (See figuie 1.)

0+*1< - ="#$%&'()#)*+ '..%../%$* 3!-; ). ' *%.* +>" ?'..@ In fact, you no moie pass a
vulneiability assessment (vA) than you "pass" maiiiage counseling. "Passing" a vA can
ceitainly not mean theie aie no vulneiabilities, oi even that all vulneiabilities have been
mitigateu. Any given secuiity uevice, system, oi piogiam has a veiy laige numbei of
vulneiabilities, most of which you will nevei know about. (Bopefully the same is tiue foi
the auveisaiies.) We believe this because eveiy time we look at a new secuiity uevice,
system, oi piogiam a 2
nu
oi S
iu
time, we finu new vulneiabilities that we misseu the fiist
time, anu vulneiabilities that otheis misseu, anu vice veisa. (Even if all vulneiabilities
weie to be founu, how coulu you evei piove theie aie no moie.) A vA is nevei going to
finu all the vulneiabilities, but hopefully vAeis canby thinking like the bau guysfinu
the most obvious, the most seiious, anu the most likely to be exploiteu.
What people sometimes mean when they say that they "passeu a vulneiability
assessment" is that they took the iesults of the vA as one of the inputs, then maue a
subjective, context-uepenuent value juugment about whethei theii secuiity is "auequate"
foi the specific secuiity application of inteiest. While it may be completely necessaiy anu
___________
*This papei was not peei ievieweu. A veision of this papei fiist appeaieu !" $%&'(!)*+",-./)&01&-23 4'5'6) 7
8 9:3 ;<9:1

S2

ieasonable to make such a juugment, that uecision belongs in the uomain of the secuiity
managei, not the vulneiability assessoi.

0+*1< 91% ?"&?>.% >A ' !- ). *> 'BB>/?#).1 >$% >& />&% >A *1%.% *1)$C.< *%.*
?%&A>&/'$B%D 8> E"'#)*+ B>$*&>#D F".*)A+ *1% !"#"$! &$'D '??#+ ' /)$8#%.. .*'/? >A
'??&>='#D %$C%$8%& G'&/ '$8 1'??+ A%%#)$C.D ?&').% >& 'BB".% .>/%(>8+D B1%B6
'C')$.* .>/% .*'$8'&8D C%$%&'*% /%*&)B.D 1%#? >"* *1% C"+. )$ *1% /'&6%*)$C
8%?'&*/%$*D )/?&%.. '"8)*>&. >& 1)C1%& "?.D B#')/ *1%&% '&% $> ="#$%&'()#)*)%.D
%$8>&.% ' ?&>8"B* >& .%B"&)*+ ?&>C&'/D &'*)>$'#)H% *1% %I?%$8)*"&%. >$ &%.%'&B1
'$8 8%=%#>?/%$*D B%&*)A+ ' .%B"&)*+ ?&>8"B* '. JC>>8K >& J&%'8+ A>& ".%KD >&
B1'&'B*%&)H% *1% %&C>$>/)B.L %'.% >A ".%L A)%#8 &%'8)$%..L >& %$=)&>$/%$*'#
8"&'()#)*+@ Ceitainly, some of these issues aie veiy impoitant anu may have a beaiing on
secuiity vulneiabilities, but they aie not the focus oi the puipose of a vA.

0+*1< - ="#$%&'()#)*+ '..%../%$* 3!-; ). *1% .'/% *1)$C '. ' *1&%'* '..%../%$*
39-;@ Thieats aie who might attack, why, when, how, anu with what iesouices. A Thieat
Assessment (TA) is an attempt to iuentify thieats. vulneiabilities aie what these thieats
might exploit foi nefaiious puiposes.

0+*1< - 9- ). />&% )/?>&*'$* *1'$ ' !-@ Effective vAs anu TAs aie both essential foi
goou secuiity anu foi mouein Risk Nanagement. A TA, howevei, entails speculations about
gioups anu people who may oi may not exist, theii goals, motivations, anu iesouices. TAs
aie often (%/&)!=% in natuie, i.e., focuseu on past inciuents anu existing intelligence uata.
vulneiabilities, on the othei hanu, aie iight in fiont of you (if you will open youi eyes anu
minu), anu can often be uemonstiateu. vAs aie thus typically moie >(-/&)!=% in natuie.
If anything, an effective vA may be moie impoitant than a TA. If you get the thieats
exactly iight, but have no clue as to youi vulneiabilities, you aie piobably at significant
iisk. If, on the othei hanu, you get the thieats at least paitially wiong (which is likely), but
you have a goou unueistanuing of youi vulneiabilities anu have mitigateu those you can,
you may well have goou secuiity inuepenuent of the thieats.

0+*1< 91%.% *%B1$)E"%. '&% %AA%B*)=% A>& A)$8)$C ="#$%&'()#)*)%.< .%B"&)*+ ."&=%+
3G'#6)$C '&>"$8 G)*1 ' B1%B6#).*;L .%B"&)*+ '"8)* 3'&% *1% .%B"&)*+ &"#%. (%)$C
A>##>G%8M;L A%'*"&% '$'#+.).L 9-L 8%.)C$ ('.). *1&%'* 3NO9;L A'"#* >& %=%$* *&%%
'$'#+.). 3A&>/ .'A%*+ %$C)$%%&)$C;L N%#?1) 0%*1>8 3C%**)$C ' B>$.%$.". 8%B).)>$
A&>/ ' ?'$%# >A %I?%&*.;L '$8 *1% P-7!Q7 /%*1>8 3N>N *'&C%*)$C '#C>&)*1/;@ The
tiuth is that many of these techniqueswhile veiy much woith uoingaie not paiticulaily
effective at uiscoveiing new vulneiabilities. The last 4 aien't even about uiscoveiing
vulneiabilities at all, but iathei aie tools to help ueciue how to fielu anu ueploy youi
secuiity iesouices. None of these make much sense foi "testing" secuiity (e.g., BBT)
because the logic in using them that way is ciiculai.

0+*1< :'A%*+ >& .'A%*+R#)6% '$'#+.%. '&% C>>8 G'+. *> A)$8 ="#$%&'()#)*)%.@ In fact,
safety is a veiy uiffeient kinu of pioblem because theie is no malicious auveisaiy attacking
uelibeiately anu intelligently at the weakest points. Safety issues aien't completely

SS
iiielevant foi infiastiuctuie secuiity, foi example, but they aie limiteu in theii ability to
pieuict many malicious attacks.

0+*1< 91%.% *1)$C. #() *1% ="#$%&'()#)*)%.< *1% '..%*. *> (% ?&>*%B*%8L ?>..)(#%
'**'B6 .B%$'&)>.L .%B"&)*+ 8%#'+ ?'*1.L >& .%B"&)*+SA'B)#)*+ A%'*"&%.@ These things aie
impoitant in analyzing vulneiabilities anu unueistanuing youi secuiity, but they aie not
vulneiabilities in anu of themselves.

0+*1< 4$%R.)H%RA)*.R'##@ The man on the telephone wanteu his piouuct to be given a
single test anu ceitification that woulu apply to nucleai safeguaius applications though
secuiity foi the local paiish's bingo supplies; foi use by highly tiaineu secuiity
piofessionals anu by amateuis; in conjunction with many layeis of effective secuiity oi no
auuitional secuiity; anu against auveisaiies that iangeu fiom technically sophisticateu
nation-states thiough uisiuptive elementaiy school kius. 0bviously, no single test oi
ceitification coulu have much meaning acioss such a wiue iange of secuiity applications.
The same thing is tiue foi vAs; whenevei possible, they shoulu be uone in the context of
the actual secuiity application anu auveisaiies of inteiest.

0+*1< T'.* .%B"&)*+ )$B)8%$*. G)## *%## +>" '## +>" $%%8 *> 6$>G '(>"*
="#$%&'()#)*)%.@ Looking only at the past is a goou way to oveilook the iisk fiom iaie but
catastiophic attacks. (Think 911.) Noieovei, the woilu is now iapiuly changing, anu
what was once tiue may no longei be tiue. uoou secuiity iequiies imagination, peeiing
into the futuie, anu seeing things fiom the auveisaiy's peispective.

0+*1< - .>A*G'&% ?&>C&'/ >& ?'B6'C% G)## A)$8 +>"& ="#$%&'()#)*)%.@ Theie is
nothing wiong with using a softwaie piogiam as a vA staiting point, as a checklist, anu as a
way to stimulate youi thinking. But with secuiity, the uevil is in the uetails. No secuiity
piogiam oi package is going to unueistanu youi paiticulai secuiity application, facility,
peisonnel, anu auveisaiies in sufficient uetail to auequately iuentify on-the-giounu
vulneiabilities. A softwaie app is unlikely, foi example, to iecognize that fiontline secuiity
officei Bob falls asleep eveiy uay at S pm.

0+*1< !"#$%&'()#)*)%. '&% O'8 U%G.@ In fact, vulneiabilities aie always piesent in laige
numbeis; finuing one means you can uo something about it. This concept is a tough sell to
secuiity manageis ("0h boy we founu anothei hole in the fence, isn't that gieat!") but it is,
we fiimly believe, the coiiect way to look at vulneiabilities anu vAs.

0+*1< V>" B'$ %#)/)$'*% '## +>"& ="#$%&'()#)*)%.@ The unfoitunate fact is that some
vulneiabilities can't be fully eliminateu, you just have to live with them (anu that's ok as
long as you aie awaie they exist).

0+*1< 91% )8%'# .B%$'&)> ). G1%$ ' !- A)$8. H%&> >& F".* ' A%G ="#$%&'()#)*)%.@ The
ieality is that any such vA shoulu be ieuone by vAeis who aie competent anuoi willing to
be honest with you.


S4
0+*1< - !- .1>"#8 (% 8>$% '* *1% %$8L G1%$ *1% ?&>8"B* ). A)$).1%8 >& *1% .%B"&)*+
?&>C&'/ ). &%'8+ *> (% A)%#8%8@ In fact, vAs shoulu be uone eaily anu iteiatively. If you
wait until the enu, it can be veiy uifficult, expensive, anu psychologicallyoiganizationally
challenging to make necessaiy changes. In oui expeiience, having inteimittent vAs (even
fiom the veiy eailiest uesign stages) while a secuiity piouuct oi piogiam is being
uevelopeu is a useful anu cost-effective way to impiove secuiity.

0+*1< W*X. "."'##+ 1'&8 *> A)I ="#$%&'()#)*)%.@ This is not tiue. In oui expeiience,
simple changes to the uesign of a secuiity uevice, system, oi piogiam (oi even easiei
changes to how it is useu) fiequently impiove secuiity uiamatically. vulneiabilities can
often be mitigateuoi sometimes even eliminateuwithout spenuing a lot of extia
money.

51> :1>"#8 N> !-.M

The olu auage that "it takes a thief to catch a thief" has some meiit foi vAs. This isn't to
say you shoulu necessaiily hiie a bunch of felons to look at youi secuiity. What it uoes
mean is that the vAeis neeu the iight minuset. Besign engineeis anu people with lots of
biains anu secuiity expeiience aien't automatically goou at uoing vAs. Aftei all, if you aie
thinking like all othei secuiity piofessionals insteau of thinking like the bau guys, you'ie
unlikely to be able to pieuict what they might uo. Inueeu, it can be suipiisingly haiu foi
engineeis anu secuiity piofessionals to think like the bau guys when they have spent theii
lives anu caieeis uespeiately wanting secuiity to woik.

So what kinu of minuset shoulu vAeis have. They shoulu be psychological pieuisposeu
to finuing pioblems anu suggesting solutions, anu iueally have a histoiy of uoing so. In oui
expeiience, the best vAeis have a hackei mentality anu tenu to be highly cieative,
naicissistic, skepticalcynical, questioneis of authoiity, loophole finueis, hanus-on types,
anu smait aleckswise guys, as well as people skilleu with theii hanus (e.g., aitists, aitisans,
ciaftspeople) who aie inteiesteu in how things woik.

Anothei olu auage also applies well to vAs: "A piophet is nevei honoieu in his own
lanu." As we can peisonally attest to, theie is a lot of "shoot the messengei" synuiome
(ietaliation) associateu with iuentifying secuiity pioblems. Inueeu, while vulneiability
assessois aie sometimes calleu "ieu teameis" (fiom the Colu Wai eia), oi "black hatteis"
(fiom cowboy westeins), they aie also often calleu woise things that can't be iepeateu in
polite company.

Boing a vA foi youi own oiganization can be a thieat to youi caieei, oi at least place ieal
oi peiceiveu piessuie on the vAeis not to finu vulneiabilities. This is one of the ieasons
that vAeis shoulu iueally be chosen fiom outsiue the oiganization. Wheievei they come
fiom, howevei, vAeis must be able to be inuepenuent anu alloweu to iepoit whatevei they
uiscovei. Theie can be no conflicts of inteiest. The vAeis cannot be auvocates foi the
secuiity piouuct oi piogiam unuei stuuy, noi benefit fiom its implementation. (See the
siuebai on the vA Repoit.)

SS
4*1%& 0)."$8%&.*'$8)$C. -(>"* !-.

Theie aie othei common vA pioblems anu mistakes that shoulu be avoiueu. Sham
iigoithinking that the vA piocess can be uone in a iigoious, foimalistic, lineai,
iepiouucible, anuoi quantitative manneiis a common pioblem. In fact, effective vAs
aie cieative, iight-biain exeicises in thinking like somebouy you'ie not (the bau guys); the
vA piocess is uifficult to foimalistically chaiacteiize, iepiouuce, oi automate. (See figuie
2.)

Anothei common vA mistake is to focus on high-tech attacks. In oui expeiience,
ielatively low-tech attacks woik just fine, even against high-tech uevices, systems, anu
piogiams. It is also a big mistake to let the goou guys anu the existing secuiity
infiastiuctuie anu stiategies uefine the pioblemthe bau guys get to uo that. We must
also be caieful not to let envisioneu attack methous solely uefine the vulneiabilitiesit
ultimately has to woik the othei way aiounu.

Yet anothei common mistake is placing aibitiaiy constiaints on the vA in teims of scope,
time, effoit, mouules, oi components. 0ften, softwaie expeits aie biought in to look at the
softwaie, mechanical engineeis to look at the physical uesign, electionics expeits to
examine the electionics, etc. While theie is nothing wiong with using expeits, the fact is
that many attacks occui at the inteiface between mouules oi between uisciplines. An
effective vA neeus to employ a holistic appioach anu people who can think holistically.

W$ P>$B#".)>$

Theie is nothing wiong with testing anu ceitifying secuiity uevices, systems, anu
piogiamsassuming the tests anu ceitifications aie ielevant, meaningful, anu well thought
thiough. (Nany aie not, in oui view; sometimes being pointless oi even making secuiity
woise! IS0 17712 foi caigo seals is, we believe, a classic example of a haimful secuiity
stanuaiu with its misleauing teiminology, flaweu assumptions, sloppy ieasoning, anu
oveily-simplifieu concepts about tampei uetection.) But testing anu ceitifying is
something quite apait fiom unueitaking a vulneiability assessment. Be suie you
unueistanu what a vulneiability assessment is (anu is not), how it shoulu be uone anu by
whom, anu why it is impoitant to uo it.

N).B#')/%&
The views expiesseu heie aie those of the authois anu shoulu not necessaiily be asciibeu
to Aigonne National Laboiatoiy oi the 0niteu States Bepaitment of Eneigy.


S6
:)8%('&< 91% !- 7%?>&*

The uifficult pait of any vA isn't finuing vulneiabilities anu suggesting counteimeasuies,
it's getting secuiity manageis anu oiganization to uo something about them. In physical
secuiity, unlike cybei secuiity, making changes is sometimes vieweuunhelpfullyas
aumitting to past negligence.

The goou things neeu to be piaiseu in the vAT iepoit at the stait, because we want them
to continue (they might be an acciuent), anu we want to piepaie the ieauei to be
psychologically ieauy to heai about pioblems. It is impoitant to at least suggest possible
counteimeasuies in the iepoit. Secuiity manageis anu oiganizations will be ieluctant to
ueal with the secuiity pioblems if theie aien't at least some pieliminaiy fixes available.
(0ften, howevei, secuiity manageis can uevise moie piactical counteimeasuies than the
vAeis staiting fiom theii suggestions.) Finuings shoulu be iepoiteu to the highest
appiopiiate level without euiting, inteipietation, oi censoiship by miuule manageis oi
otheis feaiful of what the iepoit may say.

The wiitten vA iepoit shoulu also incluue all the following:
iuentity & expeiience of the vAeis
any conflicts of inteiest
any / >(!-(! constiaints on the vA
time & iesouices useu
uetails, samples, uemonstiations, anu viueos of attacks
time, expeitise, & iesouices iequiieu by an auveisaiy to execute the attacks
possible counteimeasuies
a sanitizeu, non-sensitive summaiy of the finuings if the sponsoi wishes to take
public cieuit foi the vA; statistics aie helpful.


S7

Figuie 1 - Nouein Risk Nanagement.


S8

Y)C"&% Z R The vulneiability Pyiamiu. Wheie vulneiability iueas come fiom. The highei
up you go, the moie effective (but also the less common anu foimalistic) the technique.

}ouinal of Physical Secuiity 7(1), S9-42 (2u14)

S9

"#$% &'()*+$,-(-%. /00*001+0 2)13 4#$% 51' 6#1'(78 4119

Rogei u. }ohnston, Ph.B., CPP anu }on S. Wainei, Ph.B.
vulneiability Assessment Team
Aigonne National Laboiatoiy, 0SA

&'()*+$,-(-%. :*001)0

We've uone vulneiability assessments on ovei 1uuu physical secuiity anu nucleai
safeguaius uevices, systems, anu piogiams. This incluues high-tech anu low-tech,
goveinment anu commeicial. This woik was uone foi moie than Su goveinment anu
inteinational agencies, piivate companies, anu Nu0s. This aiticle explains some of the
things we've leaineu.

Fiist off, secuiity manageis anu otheis often uon't seem to unueistanu what a
vulneiability assessment (vA) is, oi what it is foi. The puipose of a vA is to impiove
secuiity by finuing anu uemonstiating secuiity weaknesses, anu peihaps suggesting
possible counteimeasuies. A vA also often seives as one of the inputs to mouein Risk
Nanagement.

A vA is not a test you "pass" oi some kinu of "ceitification". (You no moie pass a vA than
you pass maiiiage counseling.) A vA is not peifoimance, compliance, ieauiness,
eigonomics, oi quality testing (though these things may have a beaiing on vulneiabilities).
It's not a thieat assessment. Bon't uo a vA to justify the status quo, piaise oi ciiticize
anybouy, iationalize the R&B expenuituies, enuoise a piouuct oi secuiity stiategy, oi
apply a minuless stamp of appioval. The iueal outcome of a vA is not to finu zeio oi just a
few vulneiabilities. If this happens, the vA shoulu be ieuone by peisonnel who aie
competent, uiligent, anu honest.

The common iuea that vulneiabilities aie bau news is, we fiimly believe, quite incoiiect.
vulneiabilities aie always piesent in laige numbeis; when you finu one, that means you
can uo something about it. Aumitteuly, howevei, it is uifficult to convince secuiity
manageis that, "Bey, we founu anothei hole in the fence, isn't that gieat news!"

Inueeu, it's a mistake to think that theie aie just a small numbei of vulneiabilities. Theie
aie usually a veiy laige numbei, even foi a simple secuiity uevice, much less a complex
secuiity piogiam. You will nevei know about many (peihaps most) of youi vulneiabilities
but hopefully a goou vA can finu the most obvious anu seiious vulneiabilities, anu the ones
most likely to be exploiteu by auveisaiies.

___________
*This papei was not peei ievieweu. A veision of this papei fiist appeaieu in !"#$ &$'#(#' )*'+,#-. /$0$1#2*
;<, 4u-42, AugSept 2u1S.

4u
Anothei seiious secuiity pioblem has to uo with unuue faith in secuiity uevices anu high
tech. Foi example, contiaiy to populai opinion, biometiic signatuies can usually be cloneu
faiily easily, but an auveisaiy iaiely neeus to bothei because biometiic uevices aie usually
so pooily uesigneu that they can be easily compiomiseu. Anu the civilian ulobal
Positioning System (uPS) can be easily spoofeu iemotely (as we weie the fiist to
uemonstiate in 2uu2), not just jammeu. Spoofingsenuing the wiong time anu location
infoimationcan be uone even by auveisaiies with little unueistanuing of uPS, computeis,
electionics, oi iauio fiequency tiansmission. uPS was nevei intenueu as a secuiity
technology.

RFIBs (iauio fiequency iuentification tags) aie anothei inventoiy technology that uoes
not typically pioviue seiious secuiity because RFIBs aie usually easy to counteifeit (even
foi hobbyists) anu aie almost always easy to lifteven those with supposeu tampei
uetection capabilities. "Lifting" means moving the RFIB to anothei object oi containei
without this being uetecteu. (Piox caius aie often just RFIBs, anu they anu theii access
contiol ieaueis aie usually easy to tampei with.) Noieovei, it is typically easy to tampei
with the RFIB ieauei oi spoof it fiom a uistance. Enciypting the RFIB signal is not a silvei
bullet.

0nfoitunately, uata enciyption oi authentication aie often the focus of much wishful
thinking. These techniques aie useful foi secuiing public communication between two
points in space anu time, but pioviue meaningful secuiity if anu only if all the following
conuitions aie met: the senuei anu ieceivei aie physically secuie, physical oi electionic
tampeiing can be ieliably uetecteu, the insiuei thieat has been mitigateu, the seciet keys(s)
aie secuie anu well chosen, anu theie's a secuie ciaule-to-giave chain of custouy on the
haiuwaie anu softwaie. 0sually none of these things aie tiue, much less all of them! The
ieality is that if you uon't have goou secuiity befoie you ueploy enciyption oi
authentication, you won't have it aftei.

Speaking of chain of custouy, this is not, as many oiganizations seem to believe, a piece of
papei on which aibitiaiy inuiviuuals sciibble theii names oi initials foi the puipose of
looking like theie is some kinu of secuiity in place. Insteau, a ieal chain of custouy is a
uetaileu, well thought-thiough 3,4'*"". A secuie chain of custouy is paiticulaily impoitant
foi secuiity uevices because typically all it takes is 1S seconus of access (with a lot of
piactice) to compiomise them peimanently. This can be uone by an auveisaiy at the
factoiy, venuoi, loauing uock, while in tiansit, piioi to installation, oi aftei installation.
Testing an access contiol uevice to see if it behaves noimally is of little use in uetecting
when it has been compiomiseu.

When it comes to wishful thinking, tampei-inuicating seals exist insiue theii own giant
univeise of wishful thinking. Cuiient seals aie, in oui view, pooily uesigneu anu almost
univeisally pooily useu. If seal installeis anu inspectois have uetaileu knowleuge of the
most likely attack scenaiios, anu plenty of hanus-on tiaining, they stanu a much bettei
chance of uetecting tampeiing, but such knowleuge anu tiaining is iaie, even foi nucleai
safeguaius applications!

41
The existence of the IS0 17712 stanuaiu foi caigo seals is paiticulaily unhelpful. It
contains misleauing teiminology, sloppy ieasoning, ovei simplification of complex issues,
anu confusion about vAs, oi even what a seal is. Ceitainly an IS0 17712 "ceitifieu" seal
shoulu not be ueemeu supeiioi to an unceitifieu one.

Regaiuing tampei uetection, mechanical tampei switches anu light sensois uo not
pioviue seiious secuiity.

We believe that tampei-eviuent packaging on foou, uiugs, anu othei consumei piouucts
is mostly about ieuucing juiy awaius, not seiious tampei uetection. Even the ielatively
unimaginative uesigns cuiiently in use woulu be bettei if the customei weie to be given
moie useful infoimation.

Piouuct counteifeiting is an especially seiious woiluwiue pioblem. In oui expeiience,
most (all.) piouuct anti-counteifeiting tags can be easily anu cheaply counteifeiteu
sufficiently to fool a consumei, phaimacy technician, shop cleik, oi customs official.
(Inciuentally, enciyption oi uata authentication have no significant iole to play foi piouuct
anti-counteifeiting. They aie ieu heiiings, as is often the case foi uata
enciyptionauthentication.)

We'ie paitial to the use of viitual numeiic tokens foi uealing with piouuct counteifeiting.
This is not the same thing as seiialization oi tiack & tiace. Companies who have useu
viitual numeiic tokens coulu uo a numbei of things much bettei, in oui view.

=%#*+ :*001)0 :*$+)*7

0thei things we've leaineu ovei the yeais incluue:

(1) vulneiabilities aie often blatantly obvious to outsiueis.

(2) Engineeis uon't unueistanu secuiity; they tenu to have a minuset anu cultuie that
pievents them fiom thinking like the bau guys.

(S) Few oiganizations ueal effectively with the insiuei thieat. Nitigating employee anu
contiactoi uisgiuntlement is a paiticulaily effective tool (anu also has impoitant benefits
foi piouuctivity, moiale, anu ietentionieciuitment) but few oiganizations uo it well, if at
all. The Buman Resouices (Peisonnel) Bepaitment in most laige oiganizations coulu
theoietically be a veiy poweiful tool foi mitigating uisgiuntlement, but most BR
Bepaitments just make things woise.

(4) The secuiity piotocols foi employee (oi athlete) uiug testing aie often quite pooi.
uiven the implications foi national secuiity anu public safety, not to mention people's
caieeis, livelihoou, anu ieputations being on the line, this shoulu be one aiea wheie we get
secuiity iight!

42

(S) 0iganizations anu secuiity manageis who cannot toleiate questions, conceins, anu
ciiticisms about theii secuiity almost always have bau secuiity. If they cannot envision
secuiity failuies, they usually won't be able to pievent them.

(6) Fiiing people aftei secuiity inciuents uoes not leau to accountability oi bettei secuiity.
It just leaus to covei-ups, fingei pointing, scapegoating, uenial, passing the buck, anu
Compliance-Baseu secuiitya paiticulaily peinicious foim of Secuiity Theatei.

Finally, it is cleai to us that "Secuiity by 0bscuiity" uoes not woik, at least in the long iun.
People anu oiganizations cannot keep seciets (see foi example, Nanning anu Snowuen),
anu the bau guys usually know what you aie uoing anyway. Somewhat countei-intuitively,
secuiity is usually bettei when it is tianspaient, allowing ieview, ciiticism, buy-in,
accountability, anu impiovement.

>1)?('0-1)

If all this sounus pietty uepiessing, welcome to the woilu of the vulneiability assessoi!
Thomas Cailyle (179S-1881) famously calleu economics the uismal science. We think he
was wiong. Secuiity is. At the veiy least, secuiity is veiy uifficult, maybe ultimately not
fully possible. It's haiu to countei ueteimineu auveisaiies.

uiven this situation, we think it is woith keeping in minu the olu auage that "if you aie
happy with youi secuiity, then so aie the bau guys." Foiewaineu is foieaimeu.

@-0?($-A*+
The views expiesseu heie aie those of the authois anu shoulu not necessaiily be asciibeu
to Aigonne National Laboiatoiy, the 0niteu States Bepaitment of Eneigy, oi the 0niteu
States uoveinment.


4S
!"# %&#'#() *+ ,-.(/)0)1 23*4(#5 607" 830709.( :-+3.)73;97;3# <0)=

Biian Nussbaum, Ph.B.
Pioject on violent Conflict
Rockefellei College of Public Affaiis
0niveisity at Albany, State 0niveisity of New Yoik
Bnussbaumalbany.euu

We in the woilu of iisk assessment, paiticulaily those of us focuseu on assessing
iisk to ciitical infiastiuctuie, face a seiies of tough challenges. The thieats aie myiiau, the
vulneiabilities haiu to mitigate, anu the potential consequences aie huge. Ciitical
infiastiuctuie vaiies hugely acioss sectois, uepenuing on uefinitions of "ciiticality" anu
among publicly-owneu, piivately-owneu, anu a seiies of hybiiu oi in-between mouels of
owneiship. It is an almost intiactably laige pioblem. Theiefoie we make inciemental
piogiess in auapting vaiying iisk assessment methouologies fiom one fielu to anothei,
fiom one infiastiuctuie sectoi to anothei, fiom piivate to public oiganizations anu vice-
veisa, in a kinu of consistent tinkeiing anu tiial-anu-eiioi. This is, in fact, a ieasonable
anu valuable appioach that enables us to see what elements of otheis woik apply to oui
own, anu which ones aie not well suiteu. 0ltimately this has gieatly impioveu oui ability
to assess iisks to infiastiuctuie. That saiu, we still have laige lacunae, anu a neeu foi some
impoitant innovations. 0ne of the most seiious pioblems we face in assessing ciitical
infiastiuctuie iisk is a "levels of analysis" pioblem.

In iecent yeais, as infiastiuctuie piotection has become a biggei pait of the
Bomelanu Secuiity enteipiiseboth with 2uu9 ielease of the National Infiastiuctuie
Piotection Plan (NIPP)
1
anu the giowth of conceins about cybei secuiitytheie seems to
laigely be a consensus that impioveu iisk assessment anu iisk management tools aie likely
to be impoitant to auuiess this insuimountably laige pioblem. With that iuea in minu,
many veiy smait people have been veiy focuseu on applying iisk analysis (anu component
analyses of thieats, vulneiabilities, anu consequences) to issues of infiastiuctuie
piotection anu iesilience. Bowevei, ceitain levels of analysis have ieceiveu mostif not
quite allof the attention of these iesouices. The asset anu system level aie natuially
wheie most physical iisk assessments take place; anu iightly so, because most owneis anu
opeiatois own anu opeiate assets anu systems. To a somewhat lessei extent, theie has
been some analysis of infiastiuctuie piotection at the national level; which again makes
much sense since the Feueial uoveinment has funueu much of the ieseaich on
infiastiuctuie iisk assessment (thiough the Bepaitment of Bomelanu Secuiity, the
Bepaitment of Eneigy, etc.)

The levels that have been laigely left behinu in this expansion of analysis aie the
infiastiuctuie sectoi (though some inuustiy oiganizations have uone yeoman's woik on
that fiont
2
) anu paiticulaily the sub-national juiisuictional level: municipalities anu states.
Cities anu states have oveiwhelmingly been left to themselves to conceptualize anu
measuie infiastiuctuie iisk. With a few publicizeu exceptions (the Los Angeles anu New
Yoik City Police Bepaitments spiing to minu) juiisuictional level infiastiuctuie iisk

44
assessment has been laigely haphazaiu, au hoc, not subject to any soit of peei ieview, anu
sometimes baseu on the pioblematic auaptation of inappiopiiate (oi at least incomplete)
asset anu system level analytic tools.

In theii iecent suivey of ciitical infiastiuctuie iisk assessment methouologies, the
Euiopean 0nion mentioneu, but uiu not sufficiently expanu upon this same issue, which it
teimeu the "uomain of applicability" pioblem.

"#$%&'&(&)*#+ '#,#(&-#' .&/ 0#/$1*2 1++#$+ 1/# 3#(( '#.*2#'4 $#+$#' 12'
,1(*'1$#' 12' $%# ,1+$ 516&/*$7 .&((&3+ $%# (*2#1/ 1--/&10% 1(/#1'7 5#2$*&2#'8
9&3#,#/4 5#$%&'&(&)*#+ $%1$ 1*5 1$ 1++#++*2) /*+:+ 1$ 1 %*)%#/ (#,#(4 #8)84
2#$3&/:#' +7+$#5+4 /#;<*/# .</$%#/ /#.*2#5#2$8 =#$1*(#' /*+: 1++#++5#2$ *+ 2&$
1--(*01>(# 127 5&/# 12' 1 0#/$1*2 (#,#( &. 1>+$/10$*&2 *+ 2#0#++1/7?
?@%# ,1+$ 516&/*$7 &. $%# #A*+$*2) 3&/: %1+ >##2 +#0$&/1( 12' 5&+$(7 1$ 1++#$
(#,#(8 @%#+# 5#$%&'&(&)*#+ %1,# >##2 $%#2 #A$#2'#' $& 0&-# 3*$% 2#$3&/:#'
+7+$#5+8 @%*+ /#.(#0$+ $%# 21$</1( #,&(<$*&2 &. /*+: 1++#++5#2$ 5#$%&'&(&)*#+
#A*+$*2) 1(/#1'7 1$ &/)12*B1$*&21( (#,#( $& 1''/#++ *++<#+ 1$ +#0$&/1( (#,#(8 @%#+#
5#$%&'&(&)*#+ /#,#1( $%#*/ (*5*$1$*&2+ 3%#2 0/&++C+#0$&/1( *++<#+ %1,# $& >#
1''/#++#'8
D

This constellation of pioblems with State anu Local infiastiuctuie iisk assessment
exists foi a numbei of ieasons. It's ceitainly easiei to spenu homelanu secuiity giant funus
on iauios anu chemical suits than it is on ueveloping iisk assessment methouologiesanu
often moie appiopiiate to uo so uepenuing on the juiisuiction. In many cases, juiisuictions
look into competing assessment mouels, anu finu them ill-suiteu foi theii neeus. (Aiguably
they aie quite iight in that assessment, but moie on that latei) In some cases, these soits of
analyses have been outsouiceu to contiactois (with wiluly vaiying levels of sophistication
anu value), which is not a bau thing -#/ +#. Though this outsouicing uoes often leave the
juiisuiction with a piouuct, typically an assessment anuoi a sliue ueck, iathei than with a
ieplicable piocess oi an inteinal capability to assess iisk.

Why is it that so many state anu local officials have hau tiouble choosing fiom the
existing iisk assessment mouels. Why is it that so many of the mouels useu by contiactois
have been incomplete oi pooily suiteu to the pioblems they claimeu to auuiess. This is, at
least in pait, a iesult of a bioau failuie in the iisk assessment community to tieat these
juiisuictions as seiious levels of analysis in teims of infiastiuctuie iisk. Auuitionally, it is
also a iesult of two stiuctuial pioblems. The fiist pioblem is the incieasing complexity of
infiastiuctuie at the juiisuictional level; while assets aie ieasonably simple anu systems
can be simple oi complex, at the municipal oi state level the iisk analyst is looking at a geo-
political aiea that is a collection of many unielateu assets anu systems (as well as pieces of
systems) that oveilap in physical space anu have numeious types of owneiship (public v.
piivate) anu owneis (Company A vs. Company B). The seconu majoi pioblem is that these
kinus of iisk assessments woulu iequiie funuamentally uiffeient kinu of inputs (anu
piouuce funuamentally uiffeient kinu of outputs) than iisk assessments at the asset oi
system level. The fuithei uown the naiiowing "level of analysis" cone we go (see figuie 1),
the bettei unueistanuing we have of the iisk components we neeu to make an assessment.

4S

Assessing the thieats associateu with, anu the vulneiabilities anu potential
consequences of, an attack on a bus (asset level) is ielatively stiaight foiwaiu when
compaieu with assessing the iisk of a paiticulai bus system (system level). Noving up the
next tiei of complexity to the tianspoitation sectoi (sectoi level) moie geneially is even
less cleai. Finally, assessing the thieats, vulneiabilities, anu potential consequences of a
city oi state is oiueis of magnituue haiuei. (See figuie 2.) In each case, moie anu moie
souices of expeitise aie iequiieu. An asset level assessment on a bus woulu iequiie
someone with physical secuiity knowleuge anu peihaps a bus mechanic oi engineei. A
system level assessment woulu also iequiie manageis anu logistics peisonnel who
unueistanu the inteiplay of the system components. A sectoi level assessment woulu
iequiie the same as a system level assessment, but fiom each system associateu with the
sectoi (busing, iail, maiitime, etc). Finally, a juiisuictional level analysis woulu iequiie the
same acioss many sectois, incluuing an unueistanuing of how fiist iesponueis, business,
anu the citizeniy woulu ieact anu inteiact.

We actually have a seiies of goou assessment methouologies uesigneu to help us
unueistanu vulneiabilities anu iisks faceu by assets anu systems. vaiiations on the Risk
Analysis anu Nanagement foi Ciitical Asset Piotection (RANCAP),
4
Ciiticality Accessibility
Recupeiability vulneiability Effect anu Recognizability (CARvER)
S
anu Piobabilistic Risk
Assessment (PRA)
6
methouologies aie wiuely useu foi asset anu system level analysis, anu
appiopiiately so. Theie aie othei methous that have been useu as well, though less wiuely
anu aiguably in a less matuie anu uevelopeu way, incluuing appioaches like Besign Basis
Thieat (BBT)
7
anu the Belphi Nethou.
8

While the iisk assessment community has been involveu in the tiial anu eiioi
application of vaiious iisk mouels to vaiious pioblems, theie have been some uifficulties
with attempting to use mouels like these to look at sectoi anu juiisuiction level iisks. (See
figuie S.) In many cases, these existing appioaches aie not appiopiiate foi the kinus of
assessments necessaiy at these "highei" levels of abstiaction like the sectoi oi citystate.
Because these methous aie uesigneu foi moie uisciete tasks (assets anu systems) they
iequiie specific inputs; when applieu to less naiiow tasks using moie complex oi vague
inputs they often pioviue an illusion of piecision in theii outputs that misiepiesents the
highei levels of unceitainty that aie inevitable in a municipal oi state level iisk assessment.
The uiffeiing level of gianulaiity iequiieu foi inputs, the uiffeiing level of unceitainty
inheient in the outputs, anu insufficient oi inappiopiiate opeiating assumptions make the
application of many common infiastiuctuie iisk assessment tools pioblematic when useu
above the asset oi system level.

Theie have been a numbei of ielatively iecent examples of attempts to use complex
systems moueling appioaches to infiastiuctuie mouelingthiough Bieiaichical Nultilevel
Noueling (BNN)
9
anu multifoimalism
1u
. Too often, howevei, these moie complex
appioaches have iun into the pioblem that the Euiopean 0nion saw in its assessment of
many systems appioaches, namely that, ".iepiesenting all assets of a netwoikeu system at
the highest level of uetail (mostly an opeiatoi's appioach) leaus to unpieceuenteu
complexity that is out of the scope foi policy anu uecision makeis."
11
Namely, when the

46
inputs aie gianulai (the E&-#/1$&/F+ 1--/&10%G) anu the assessment system complex anu
often opaque, the highei level of analysis uecision makeistypically juiisuictional
goveinmental officialsaie given assessment outputs that aie incompiehensible oi, even
woise, misleauing. These appioaches have iun into the pioblem of not accepting that theie
is sometimes a neeu foi abstiaction as aggiegation occuis, anu that iefusal to loose
gianulaiity can iesult in "unpieceuenteu complexity" that is veiy much "outsiue the scope
foi policy anu uecision makeis."

A simple answei to this pioblem woulu be to suggest that iisk assessments simply
not be uone above the asset anu system level; the logic being that if we uon't have the
appiopiiate tools to uo the job, it is not a job we shoulu be uoing. This is not a tenable
appioach foi one key ieason: these assessments aie being uone iegaiuless. They aie eithei
being uone explicitly (with bau oi inappiopiiate tools) oi implicitly (with intuition iathei
than a tianspaient anu ieplicable piocess) by officials at cities anu states acioss the
countiy. Rathei than thiowing oui hanus up in the aii anu ignoiing municipal anu state
level infiastiuctuie assessments, we in the iisk assessment community shoulu be taking
the many valuable insights that the existing fiamewoiks have anu seeing how we can
thiough fuithei tiial anu eiioiapply them appiopiiately to assist the many public
seivants acioss the countiy woiking on this intiactable pioblem.

The misapplication of analytic tools is not a pioblem unique to ciitical infiastiuctuie
iisk assessment, noi even just to the fielu of iisk assessment. The Feueial Emeigency
Nanagement Auministiation (FENA) faceu similai tioubles in its attempts to measuie
piepaieuness capabilities nationally. FENA, thiough its Cost-To-Capability (oi C2C)
piogiam attempteu to measuie the effectiveness of homelanu secuiity giant uollais. The
C2C piocess was wiuely panneu by state anu local stakeholueis, anu it faceu such stiong
opposition in Congiess that it hau to be sciappeu. 0ne ciitic, a foimei BBS official, aigueu
on the website of Emeigency Nanagement magazine that it appeaieu to be laigely a
pioblem of misapplying a tool in an attempt to uo too many things at once: "The bottom
line is assessing capabilities anu measuiing the impact of homelanu secuiity investments,
whethei they be feueial giant funus oi state oi local geneial funus, is a veiy complex
enueavoi that iequiies a "system of systems" appioach. A single, one size fits all tool
cannot manage such a huge task in a countiy as laige anu uiveise as the 0niteu States."
12

So, too, is it with iisk assessment. The tools we have aie often veiy poweiful, but if
we misapply them to levels of analysis foi which they weie not uesigneu, we will often face
seiious stumbling blocks. That saiu, since we aie not alone in the pioblems we face, we
have many othei communities of smait anu haiuwoiking piofessionals fiom whom we can
leain impoitant lessons about how to most effectively use oui analytic tools.


47

Figuie 1 - The Inveiteu Pyiamiu of CI Risk Assessment. Risk analysts have faiily stiong
unueistanuings of the iisk components (Thieat, vulneiability, anu Consequence) at the
lowei levels of the pyiamiuthe Asset anu System levelsbecause that is wheie most
owneis anu opeiatois have histoiically uone theii analysis. Bighei levels of analysis, those
of inuustiial ("sectoi") anu political ("juiisuiction") gioupings, have less cleai iisk
components because the people taskeu with assessment at those levels uo not typically
own oi opeiate much of the infiastiuctuie. Inteiuepenuencies between assets, systems,
sectois, anu juiisuictions fuithei complicate matteis.


48

Figuie 2 - The Inveiteu Pyiamiu of CI Risk AssessmentExample of Tianspoitation.
Assessing the iisk to an asset (in this case a bus) is not a teiiibly complicateu pioposition.
Assessing the iisk to the system the bus is pait of, an uiban tiansit system, is moie
complicateubut piobably a ieasonable task. The thieats, vulneiabilities, anu
consequences of an attack oi mishap aie ieasonably conciete anu tiactable. Bowevei as
the level of analysis iises to the bioauei sectoi ("tianspoitation") oi juiisuictional level
("state"), the kinus of inputs that aie ieasonable foi iisk components change anu become
moie pioblematic, as to the outputs that woulu be expecteu fiom such an assessment.


49

Figuie S - The Pioblem of Noving Risk Assessment Nethouologies "0p" the Pyiamiu.
Nany iisk assessment methouologies that function quite well at the asset oi system level
(examples incluue PRA, RANCAP, CARvER, etc.) uo not tianslate to "highei" levels of
analysis on the pyiamiu. This is because these well-establisheu but naiiowei mouels
iequiie levels of gianulaiity of uata as inputs that aie not ieasonable to pioviue at the
aggiegate level, oi that they have vastly uiffeient opeiating assumptions than woulu be
appiopiiate to a uiffuse inuustiial sectoi oi juiisuiction.


Su

1
Bepaitment of Bomelanu Secuiity. (2uu9) National Infiastiuctuie Piotection Plan.
Available at: http:www.uhs.govxlibiaiyassetsNIPP_Plan.puf
2
0ne example of this inuustiial sectoi woik is the electiical powei geneiation anu
uistiibution inuustiy. Woik by the Noith Ameiican Reliability Coipoiation (NERC) anu
othei inuustiy gioups - in conjunction with goveinment paitneis like the Feueial Eneigy
Regulatoiy Commission (FERC) - has gone a long way towaiu impioving iisk assessment
anu iisk mitigation piocesses anu ultimately electiical ieliability. While theie aie ciitics of
NERCs woik, paiticulaily in fielus like cybei secuiity, it is an example of how an inuustiy
gioup (in this case a not-foi-piofit) can play a iole in impioving such assessments.
S
}oint Reseaich Centei. Euiopean 0nion. (2u12) Risk Assessment Nethouologies foi
Ciitical Infiastiuctuie Piotection. Pait I: A State of the Ait. Available at:
http:ec.euiopa.euhome-affaiisuoc_centieteiioiismuocsRA-vei2.puf
4
ASNE Innovative Technologies. (2uu6) RANCAP: The Fiamewoik. Available at:
http:www.peisonal.psu.euujsu222SRAS11RANCAPfiamewoik_Risk_Analysis_anu_N
anage.puf
S
Foou anu Biug Auministiation. (2uu7) An 0veiview of the CARvER Plus Shock Nethou
foi Foou Sectoi vulneiability Assessments. Available at:
http:www.fsis.usua.govwpswcmconnect48Sf86uS-aS66-44f8-9uuS-
uSa16ubeSf78CARvER.puf.N0B=A}PERES
6
Sanuia National Laboiatoiy. (0nuateu) Piobabilistic Risk Assessments. Available at:
http:eneigy.sanuia.govwpwp-contentgalleiyuploausPRA.puf
7
Inteinational Atomic Eneigy Agency (IAEA) (2uu9) Bevelopment, 0se anu Naintenance
of the Besign Basis Thieat. Available at: http:www-
pub.iaea.oigNTCBpublicationsPBFPub1S86_web.puf
8
Zaloom, v. Subheuai, v. (unuateu) 0se of the Belphi Nethou to Piioiitize Events
Impacting 0peiations in the Naiitime Bomain. Available at:
http:uept.lamai.euuinuustiialpoitssubheuai_u416u9_mup_u417u9-i4_mup_u6u6u9-
i1.puf
9
Baimes, Y. (2uu8) Iuentifying Risk Thiough Bieiaichical Bologiaphic Noueling. In Risk
Noueling, Assessment anu Nanagement. Available at:
http:onlinelibiaiy.wiley.comuoi1u.1uu2978u47u422489.chSsummaiy
1u
Flammini, F. vittoiini, v. Nazzocca, N. Piagliola, C. (2uu9) A Stuuy on Nultifoimalism
Noueling of Ciitical Infiastiuctuies. Lectuie Notes in Computei Science. volume SSu8.
PSS6-S4S. Available at: http:link.spiingei.comchaptei1u.1uu7%2F978-S-642-uSSS2-
4_S2#
11
}oint Reseaich Centei. Euiopean 0nion. (2u12) Risk Assessment Nethouologies foi
Ciitical Infiastiuctuie Piotection. Pait I: A State of the Ait. Available at:
http:ec.euiopa.euhome-affaiisuoc_centieteiioiismuocsRA-vei2.puf
12
Fillei, }. (2uu9) Congiess anu FENA Examine the Cost-to-Capability (C2C) Piogiam anu
the Challenges of Neasuiing Bomelanu Secuiity Investments anu Piepaieuness.
Emeigency Nanagement. Available at: http:www.emeigencymgmt.comemeigency-
blogshomelanuCongiess-anu-FENA-Examine.html

S1
!"#$%&'($) +(",&$% -.%'&/(0/ ($ %1& 2$(%&3 4%5%&06 758 -$9"':&/&$%;0 <=='"5:1 %"
>'&?&$%($) @&''"'(0/ %1'"#)1 !"//#$(%A >5'%$&'01(=0

Beibeit S. Nack II

<B4@C<!@
The asseitions of uissent in Ameiican Nuslims, paiticulaily with those who have
migiateu to a foieign lanu aie often shapeu by the bicultuial values of assimilation. Insteau
of embiacing the seculai values of the countiy in which Nuslim immigiants live, often
times Ameiican Nuslim families will iuentify themselves with the ieligious values of the
countiy in which they oiiginally migiateu. These values aie often subjective anu fueleu by
the giowing sense of socioeconomic alienation felt by seconu anu thiiu-geneiation
immigiant chiluien. This papei will exploie law enfoicement's stiategic appioach to
counteiing uomestic iauicalization thiough community paitneiships anu community
oiienteu policing.

DE@CFG2!@DFE
Ameiican }ihauists influenceu by al Qaeua iepiesent a significant thieat to Ameiicans on
0.S. soil. Al-Qaiua anu its affiliates continue to iemain committeu to attacking Ameiican
citizens in the name of }ihau. Rathei than being uiiecteu fiom a centializeu al-Qaeua gioup
abioau, the evei-giowing tienu of Islamic iauicalization ievolves aiounu the social
movement of al-Qaeua being an iueological iefeience point to extiemist thought. Although
auheiing to extiemist views uoes not necessaiily mean a call to violent action, the iueology
of al Qaeua is a piecuisoi to action foi those who commit violence in the name of jihau.
1

0ne of the biggest challenges foi law enfoicement is uetecting homegiown iauicalization
that leau to acts of teiioiism. The ability to pievent futuie teiioiists fiom acting upon
subsciibeu extiemist thought iequiies effective uomestic intelligence by local authoiities
anu active community paitneiships within the Ameiican Nuslim community at the national
anu local levels. Peihaps the best uefenses against violent extiemist iueologies aie well-
infoimeu anu equippeu families, local communities, anu local institutions.
2

7-HD47<@D+- C-4>FE4-6 @I- 24< ><@CDF@ <!@
0ne of the most significant changes that occuiieu as a iesult of 911 was the
uevelopment of the Bomelanu Secuiity Act anu the expansive police poweis of The 0SA
PATRI0T Act (0niting anu Stiengthening Ameiica by Pioviuing Appiopiiate Tools
Requiieu to Inteicept anu 0bstiuct Teiioiism) which was signeu into law on 0ctobei 26,
2uu1. Bue to pioactive legislations such the Patiiot Act, law enfoicement's ability to gathei
anu shaie uomestic infoimation on potential acts of teiioiism was significantly expanueu.
The Act itself giants feueial officials gieatei poweis to tiace anu inteicept potential
teiioiist communications both foi law enfoicement anu foieign intelligence puiposes. The

1
Khalil, Lydia (2012), US counter-radicalization strategy: the ideological challenge, Australian Strategic
Policy Institute, Retrieved July 23, 2014 from the ASPI website: http://www.isn.ethz.ch/Digital-
Library/Publications/Detail/?ots591=0c54e3b3-1e9c-be1e-2c24-a6a8c7060233&lng=en&id=161892
2
The While House (2011), Empowering Local Partner to Prevent Violent Extremism In The United
States, Retrieved from http://www.whitehouse.gov/sites/default/files/empowering_local_partners.pdf

S2
expansiveness of shaiing both uomestic anu inteinational infoimation essentially
impioveu law enfoicement's ability to uetect, pievent, anu iesponu to acts of teiioiism.
Tiauitionally, law enfoicement intelligence shaiing was conuucteu in a task foice
enviionment wheie theie was an immeuiate anu tactical neeu foi infoimation. The Patiiot
Act ultimately acknowleugeu the stiategic neeu foi intelligence anu the evei-giowing
concein of inteiagency communication. The lack of communication anu functionality of
infoimation uissemination in the uomestic iealm incieasingly impeueu law enfoicements
ability to connect ciitical pieces of infoimation. The implementation of The Patiiot Act
cieateu the neeu foi a mechanism, calleu fusion centeis, that stieamlineu the uissemination
of infoimation on those engageu in the iauicalization piocess.

J24DFE !-E@-C4
Fusion centeis aie essentially an inteiuisciplinaiy mechanism that allows law
enfoicement the ability to shaie infoimation. They aie situateu in such a way that they aie
useu to empowei fiont-line law enfoicement, public safety, fiie seivice, emeigency
iesponse, public health, anu piivate sectoi secuiity peisonnel to lawfully gathei anu shaie
thieat-ielateu infoimation.
S
The exchange of intelligence that takes place in fusion centeis
aius othei intelligence anu law enfoicement oiganizations in theii investigations of
potential thieats to national secuiity. Fusion centeis contiibute to the Infoimation Shaiing
Enviionment (ISE) thiough theii iole in ieceiving thieat infoimation fiom the feueial
goveinment; analyzing that infoimation in the context of theii local enviionment;
uisseminating that infoimation to local agencies; anu gatheiing tips, leaus, anu suspicious
activity iepoiting (SAR) fiom local agencies anu the public.

In the post-911 enviionment, the public has expecteu law enfoicement to auopt a
pioactive postuie in oiuei to uisiupt teiioiist plots befoie an attack occuis.
4
The
challenges often piesenteu to law enfoicement, paiticulaily when attempting to uetect
extiemist behaviois ievolves aiounu the ability to iuentify the violent extiemist piioi to
the teiioiist act. Piesiuent Baiack 0bama outlineu on Nay 2S, 2u1S, at the National
Befense 0niveisity, his auministiation's counteiteiioiism stiategy, which incluue thiee
aieas: "taigeteu action against teiioiists; effective paitneiships; anu uiplomatic
engagement anu assistance."
S

KFDE@ @-CCFCD4L @<4M JFC!-4 NK@@JO
In the afteimath of the Septembei 11 teiioiist attacks, the Feueial Buieau of
Investigations (FBI) shifteu fiom tiauitional law enfoicement investigations to the
pievention of teiioiist attacks.
6
The Bepaitment of }ustice anu the Feueial Buieau of

3
U.S. Department of Homeland Security (2013), Fusion Centers and Joint Terrorism Task Force,
Retrieved from http://www.dhs.gov/fusion-centers-and-joint-terrorism-task-forces
4
Bjelopera, Jerome P (2013), American Jihadist Terrorism: Combating a Complex Threat, Retrieved
June 2013 from Congressional Research Service website: http://www.fas.org/sgp/crs/terror/R41416.pdf
5
The White House (2013), Remarks by the President at the National Defense University, Retrieved from
http://www.whitehouse.gov/the-press-office/2013/05/23/remarks-president-national-defense-university
6
The Federal Bureau of Investigation (2013), Fusion Centers and Joint Terrorism Task Forces,

SS
Investigation cieateu what is known as }oint Teiioiism Task Foices (}TTF). }TTF's aie
multi-juiisuictional task foices that conuuct investigations on plots of teiioiism.
Investigations conuucteu by }TTFs aie focuseu on known thieat actois oi iuentifieu
inuiviuuals who meet the thiesholus establisheu in accoiuance with the Attoiney ueneial
uuiuelines foi Bomestic FBI 0peiations to initiate assessments oi investigations.
7

GDJJD!27@D-4 FJ G-@-!@DEH C<GD!<7DP<@DFE
Although the expansive poweis of the Patiiot Act anu the uevelopment of fusion centeis
piesenteu law enfoicement with the gieatei ability to uetect teiioiist plots, "lone wolf
actois" anu Inteinet iauicalization have become a gieatei challenge foi law enfoicement
officials. This type of violent extiemism is a complicateu challenge foi the 0niteu States,
because the 0niteu States Constitution iecognizes fieeuom of expiession, even foi
inuiviuuals who espouse unpopulai oi even hateful views.
8
Anothei challenge that is often
piesenteu to law enfoicement when tiying to uetect iauicalization ievolves aiounu the
inuiviuuals actually subsciibing to al Qaeua iueological piinciples. 0ften times, those
engageu in iauical beliefs come fiom uiffeient socioeconomic, ethnic anu ieligious
backgiounus.

QI<@ D4 C<GD!<7DP<@DFE
Rauicalization is a piocess wheieby inuiviuuals iuentify, embiace anu engage in
fuitheiing extiemist iueologies.
9
Rauicalization that leaus to violent teiioiistic behaviois
often assigns blame anu ultimately legitimizes the use of violence against those ueemeu
iesponsible. NYPB officials have concluueu that unueistanuing this tienu anu the
iauicalization piocess in the West that uiives "uniemaikable" people to become teiioiists
is vital foi ueveloping effective counteistiategies anu has special impoitance foi the NYPB
anu the City of New Yoik.
1u
As we analyze societal tienus ielative to the wai on teiioi, we
aie able to witness the uistinct chaiacteiistics of Islamic iauicalization at its coie. 0n Apiil
1S, 2u1S, Ameiica expeiienceu its most iecent uomestic teiioiist attack. Bombing suspects
Bzhokhai Tsainaev's anu Tameilan Tsainaev useu homemaue explosives to kill thiee
people anu injuie 264, aiguably in the name of jihau. When we use the 2u1S Boston
Naiathon Bombing as a backuiop, we aie able to see that the piocesses of iauicalization
aie complex anu ieflect a combination of inuiviuual ciicumstances anu iueological

7
The Federal Bureau of Investigation (2013), Fusion Centers and Joint Terrorism Task Forces,
8
9
Southers, Erroll G. (2013), The Boston Bombings: A First Look, United States House of
Representatives Committee on Homeland Security, Retrieved July 2013 from
http://docs.house.gov/meetings/HM/HM00/20130509/100785/HHRG-113-HM00-Wstate-SouthersE-
20130509.pdf
10
Mitchell D. Silber and Arvin Bhatt (2007), Radicalization in the West: The Homegrown Threat New
York Police Department, Retrieved from
http://www.nyc.gov/html/nypd/downloads/pdf/public_information/NYPD_ReportRadicalization_in_the_We
st.pdf

S4
motivations that often eluue law enfoicement. Peisonal ciisis anu political cause aie also
paiieu in the piocess.
11

HCD-+<E!- +-C4-4 DG-F7FHR
The uestiuctive social tactics of those who subsciibe to al Qaeua's extiemist iueology
affects Ameiican society as a whole. Although al Qaeua's exhoitations to violence lack the
ability to iesonate among the vast majoiity of Nuslim Ameiicans, iauicalization ultimately
lies at the inteisection of giievance anu iueology.
12
Although it is tiue that the foimations
of sepaiate communities have cieateu a uesiie foi Nuslims to stay tiue to ieligious
piactices, this is no uiffeient fiom any othei ethnic gioup within the 0niteu States. The
pioblem then occuis when inuiviuuals within that community subsciibe to violent
extiemism as a means to vocalizing theii socioeconomic conuitions anu law enfoicements
ability to stop woulu be teiioiists by uetecting iauicalization. While the pictuie of the
iauicalization of the Tsainaev biotheis iemains incomplete, many have alieauy pointeu to
what appeai to be obvious waining signs of violence.
1S
Inuicatois incluueu such things as:
1. Auvocating violence, the thieat of violence, oi use of foice to achieve goals that aie
political, ieligious, oi iueological in natuie.
2. Auvocating suppoit foi inteinational teiioiist oiganizations oi objectives.
S. Pioviuing financial oi othei mateiial suppoit to a teiioiist oiganization oi to
someone suspecteu of being a teiioiist.
4. Association with oi connections to known oi suspecteu teiioiists.
S. Repeateu expiession of hatieu anu intoleiance of Ameiican society, cultuie,
goveinment, oi piinciples of the 0.S. Constitution.
6. Repeateu visiting oi biowsing of Inteinet websites that piomote of auvocate
violence uiiecteu against the 0niteu States oi 0.S. foices, oi that piomote
Inteinational Teiioiism oi teiioiist themes without official sanction in the
peifoimance of uuties.

In the case of the Tsainaev biotheis, it is extiemely impoitant that we ieview the actions
law enfoicement officials piioi to the Boston Naiathon Bombing. The causes of
iauicalization can be attiibuteu to the changing natuie of Ameiican society wheie foieign
nationals aie often iiuiculeu anu not seen as being "Ameiican". uoing back to the subject of
Boston Naiathon Bombing suspect Tameilan Tsainaev, in eaily 2u11, the FBI ieceiveu
infoimation about teiioi suspect Tameilan subsciibing to iauical Islam anu his tiavels to
southein Russia to join an unueigiounu gioup. The FBI also inteivieweu Tameilan
Tsainaev anu family membeis. The FBI uiu not finu any teiioiism activity, uomestic oi
foieign, anu those iesults weie pioviueu to the foieign goveinment in the summei of

11
Jenkins, Michale Brian (2010), No Path to Glory: Deterring Homegrown Terrorism, Retrieved July
2012 from the RAND Corporation website:
http://www.rand.org/content/dam/rand/pubs/testimonies/2010/RAND_CT348.pdf
12
Khalil, Lydia (2012), US counter-radicalization strategy: the ideological challenge, Australian Strategic
Policy Institute, Retrieved July 23, 2014 from the ASPI website: http://www.isn.ethz.ch/Digital-
Library/Publications/Detail/?ots591=0c54e3b3-1e9c-be1e-2c24-a6a8c7060233&lng=en&id=161892
13
Watts, Clint (2013), Detecting The Radicalization and Recruitment of the Boston Bomber, Retrieved
June 2013 from the Foreign Policy Research Institute website:
http://www.fpri.org/geopoliticus/2013/04/detecting-radicalization-and-recruitment-boston-bombers

SS
2u11.
14
Although the FBI is often ciiticizeu foi conuucting a supeificial inquiiy iegaiuing
Tameilan's activities, subsciibing to iauical beliefs uoes not necessitate engaging in iauical
actions, anu civil libeities uictate that piivate beliefs shoulu be fiee fiom public sciutiny.

>C-+-E@DEH +DF7-E@ -S@C-LD4L @ICF2HI ><C@E-C4ID>4
The concept of tiust thiough community paitneiships can be conceptualizeu in the 199u
community-policing mouel. The community-policing mouel is uefineu as a pieventive style
of policing. The goals of the community poling mouel ievolves aiounu:
1. Piomoting outieach, enhancing inclusiveness anu integiation, anu minimizing the
uisaffection that can leau to iauicalization paiticulaily among Nuslim youth;
2. Seiving as an eaily waining system on the giounu iesouices to iuentify incipient
iauicalization oi teiioiist activities; anu
S. 0pening up new channel of communications with inuiviuuals who can navigate the
linguistic anu cultuial complexities of Islam anu pioviue much neeueu context to
infoim intelligence analysis
1S
.

Community paiticipation anu empoweiment aie ciitical elements of successful
paitneiships between the police anu Nuslim communities.
16
Community paitneiships aie
often uepicteu as the coineistone of effective countei-iauicalization stiategies. Counteiing
iauicalization to violence is fiequently best achieveu by engaging anu empoweiing
inuiviuuals anu gioups at the local level to builu iesilience against violent extiemism.
17
In
an effoit to pievent the effects extiemist beliefs has on impiessionable Ameiican youth,
local law enfoicement has stiategically implementeu seveial community-policing
initiatives. 0ne initiative that law enfoicement has implementeu is iefeiieu to as the Safe
SchoolsBealthy Stuuents Initiative (SSBS). The SSBS is a paitneiship with local mental
health expeits, juvenile justice officials, anu law enfoicement. It is often iepoiteu that the
implementation of this initiative has iesulteu in fewei stuuents expeiiencing oi witnessing
violence, incieaseu school safety, anu an oveiall ueciease in violence in communities wheie
the piogiam is active.
18
Anothei community initiative that piesents law enfoicement with
the ability to pievent iauicalization is known as the Builuing Communities of Tiust (BC0T)
initiative. The Bepaitments of }ustice anu Bomelanu Secuiity establisheu the Builuing
Communities of Tiust (BC0T) Initiative to impiove tiust among police, fusion centeis, anu

14
The Federal Bureau of Investigations (2013), 2011 Request for Information on Tamerlan Tsarnaev
from Foreign Government, Retrieved from http://www.fbi.gov/news/pressrel/press-releases/2011-
request-for-information-on-tamerlan-tsarnaev-from-foreign-government
15
Paris, Jonathan (2007), Discussion Paper on Approaches to Anti-Radicalization and Community
Policing in the Transatlantic Space, Weidenfeld Institute for Strategic Dialogue, Retrieved from
http://www.hudson.org/files/publications/JonathonParisAug232007.pdf
16
Tufyal Choudhury & Helen Fenwick (2011), The impact of counter-terrorism measures on Muslim com-
munities, Equality & Human Rights Commission Research, rept. 72, Durham University, Retrieved from
http://www.equalityhumanrights.com/uploaded_files/research/counterterrorism_research_report_72.pdf
17
18

S6
the communities to which they seive.
19
The iesults of this piogiam have piesenteu ceitain
communities with the ability to vocalize theii conceins.

!FE!724DFE
The asseitions of uissent in Ameiican Nuslims, paiticulaily with those who have
migiateu to a foieign lanu aie often shapeu by the bicultuial values of assimilation. The
ability to pievent futuie teiioiist fiom acting upon subsciibeu extiemist thought iequiies
effective uomestic intelligence by local authoiities anu active community paitneiships
within the Ameiican Nuslim community at the national anu local level. The expansiveness
of shaiing both uomestic anu inteinational infoimation essentially impioves law
enfoicements ability to uetect, pievent anu iesponu to acts of teiioiism. Although the
expansive poweis of the Patiiot Act anu the uevelopment of fusion centeis piesenteu law
enfoicement with the gieatei ability to uetect teiioiist plots, "lone wolf actois" anu
Inteinet iauicalization have become a gieatei challenge foi law enfoicement officials.
Community paitneiships aie peihaps the most effective countei-iauicalization stiategy
anu shoulu be useu as a stiategic tool to uetect uomestic iauicalization.

<BF2@ @I- <2@IFC
Beibeit S. Nack is cuiiently a feueial officei who has an esteemeu backgiounu anu
inteiest in analyzing national secuiity thieats. Ni. Nack is an Iiaq wai veteian anu gaineu
extensive knowleuge anu tiaining with the 0S Aimy Chemical Coip. Be continues to
uevelop his expeitise in auuiessing stiategic innovative challenges facing homelanu
secuiity as he puisues a Nastei's of Science in Bomelanu Secuiity Nanagement at Long
Islanu 0niveisity's Bomelanu Secuiity Institute.

19

Journal of Physical Security 7

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Journal of Physical Security 7

Transféré par

Droits d'auteur :

Formats disponibles

!

"#$% '( )'+%+,

ielative to the ceiamic

. The lock suppoit uiu not

F). While the S16

F). The lock

F), aie ieauily available anu inexpensive.

F). While this stanuaiu auuiesses many of

Vous aimerez peut-être aussi