Ture an Presentation English

8/8/2019 Ture an Presentation English

http://slidepdf.com/reader/full/ture-an-presentation-english 1/45www.ysecurity.net 1

Jere Peltonen

Estimate of Multiple Adversary SequenceInterruption

Jere Peltonen, CPPlinkedin.com/in/jerepeltonen

J E R E

P E L T O N E N

EASI

EASI (Estimate of Adversary

Sequence Interruption) Sandia National Laboratories

U.S. Department of Energy

EASI has been used to analyze e.g.physical security arrangements of nuclear facilities

http://fi.linkedin.com/in/jerepeltonen

http://fi.linkedin.com/in/jerepeltonen



Jere Peltonen

J E R E P E L T O N E N

What is analyzed?

Structural arrangements

Surveillance

J E R E

P E L T O N E N

What are the results?

probability of failure of unauthorized

entry

in other words

probability of successful interruption



Jere Peltonen


EASI

can be used easily to analyzearrangements that follow theprinciple of concentric protectionlayers

J E R E

P E L T O N E N

EASI / TUREAN

Basic EASI does not calculate

alternative routes of entry

TUREAN application of EASIcalculates all alternative routes



Jere Peltonen


Why to use?

To get more reliable information

J E R E

P E L T O N E N

Why to use?

Security arrangements cost money

On the other hand, to not use anyarrangements can be very costly mistake

We must find the optimum solution, thatdoes not cost too much, but gives adequateprotection



Jere Peltonen


Why to use?

The security expert or manager needs tomake his/her case to the people that havethe money

He/she must demonstrate the vulnerabilitiesof existing arrangements

He/she must demonstrate the effectivenessof planned arrangements with regard toprotection of assets

J E R E

P E L T O N E N

Why to use?

Existing or planned arrangements may

be good as such, but the chain is onlyas strong as its weakest link

TUREAN finds the weakest links



Jere Peltonen


Why to use?

To get clear numerical informationthat can be used to

find the existing weaknesses

test the effectiveness of planned

arrangements

justify the necessary new arrangements

J E R E

P E L T O N E N

Why to use?

TUREAN is an excellent tool for

teaching analytical approach



Jere Peltonen


How to get numerical information?

calculate the probability of successfulldetection and alarm

And

calculate the probability that remainingtime will be enough to interrupt theentry

J E R E

P E L T O N E N


the probability of successful detection

and alarm is calculated using thereliability of detection elements anddetection-to-response reliability



Jere Peltonen


Detection elements

anything that may detect theunauthorized entry and execute thealarm (intrusion detectors, localguards, passers-by)

J E R E

P E L T O N E N


the probability that remaining timeallows interruption is calculated by

adding up delay values of all delayelements, taking into account the realworld uncertainties of the values, and

comparing it to the response time value,taking into account the uncertainty



Jere Peltonen


Delay elements

Anything that may delay the intruder(door, window, wall, fence, lock,etc.)

J E R E

P E L T O N E N

3 most essential terms

Delay

Detection Response time



Jere Peltonen


Other terms

Probability

Normal distribution

Expected value

Standard deviation

Type

Sequence of events

Zone

Intrusion route

J E R E

P E L T O N E N

Concentric layers of protection

GATEDOOR

DOORWINDOW

WINDOW

SAFE

FENCE



Jere Peltonen


Intrusion route

J E R E

P E L T O N E N

Sequence of events

12

3

45

67



Jere Peltonen


Alternative events(=alternative routes)

12

3

45

67

3

1

3

5

1

J E R E

P E L T O N E N

Alternative events

12

345

67

3

1

3

5

1

1 Crossing the fence

1 Locked gate

1 Through the fence

1

1

1



Jere Peltonen


Alternative events

12

3

45

67

3

1

3

5

1

2 Moving across the yard

1

1

1

2

J E R E

P E L T O N E N

Alternative events

12

345

67

3

1

3

5

1

3 Making a hole

3 Window

3 Locked door

1

1

1

2

3

3

3



Jere Peltonen


Alternative events

12

3

45

67

3

1

3

5

1

4 Moving inside

1

1

1

2

3

3

3

4

J E R E

P E L T O N E N

Alternative events

12

345

67

3

1

3

5

1

5 Making a hole

5 Locked door

1

1

1

2

3

3

3

45

5



Jere Peltonen


Alternative events

12

3

4567

3

1

3

5

1

6 Moving inside

1

1

2 3

3

45

56

1 3

J E R E

P E L T O N E N

Alternative events

12

345

67

3

1

3

5

1

7 Safe

1

1

1

2

3

3

3

45

56 7



Jere Peltonen


Alternative events

12

3

45

67

3

1

3

5

1

8 Going back the same ordifferent route

1

1

1

2

3

3

3

45

56 7 8

J E R E

P E L T O N E N

Alternative events

12

345

67

3

1

3

5

1

1

1

1

2

3

3

3

45

56 7 8

18 ALTERNATIVE INTRUSION ROUTES



Jere Peltonen


Delay

30 s

30 s

Event 1

Total

J E R E

P E L T O N E N

Delay

30 s

60 s

90 s

Event 1

Event 2

Total



Jere Peltonen


Delay

30 s

45 s

60 s

135 s

Event 1

Event 2

Event 3

Total

J E R E

P E L T O N E N

Delay

30 s

45 s

60 s

45 s

180 s

Event 1

Event 2

Event 3

Event 4

Total



Jere Peltonen


Delay, detection

30 s

45 s

60 s

45 s

180 s

Event 1

Event 2

Event 3

Event 4

Total

1stpossibility of

detection->detection

J E R E

P E L T O N E N

Delay, detection, response time

30 s

45 s

60 s

45 s

180 s

105 s

Responsetime

Event 1

Event 2

Event 3

Event 4

Total

1stpossibility of

detection->detection



Jere Peltonen



successful interruption

30 s

45 s

60 s

45 s

180 s

105 sResponse

time

1stpossibility of

detection

Interruption

Event 1

Event 2

Event 3

Event 4

Total

->detection

J E R E

P E L T O N E N

Delay, detection, response time???

30 s

45 s

60 s

45 s

180 s

but NO detection

Event 1

Event 2

Event 3

Event 4

Total

Responsetime

1stpossibility of

detection



Jere Peltonen



???

30 s

45 s

60 s

45 s

180 s

1stdetection

Event 1

Event 2

Event 3

Event 4

Total

Responsetime

but NO detection

1stpossibility of

detection

J E R E

P E L T O N E N

Delay, detection, response time???

30 s

45 s

60 s

45 s

180 s

105 s

Event 1

Event 2

Event 3

Event 4

Total

Responsetime

1stdetection

but NO detection

1stpossibility of

detection



Jere Peltonen



unsuccessful interruption

30 s

45 s

60 s

45 s

180 s

105 s

Interruption

Event 1

Event 2

Event 3

Event 4

Total

Responsetime

1stdetection

but NO detection

1stpossibility of

detection

J E R E

P E L T O N E N

Delay, detection, responsetime

the example uses exact times for the

sake of concept simplicity

in the real world, there exists a levelof uncertainty that has to be takeninto account somehow



Jere Peltonen


Delay, detection, responsetime

uncertainty is modelled by assumingthat all times follow the normaldistribution (Gaussian curve)

J E R E

P E L T O N E N

Normal distribution



Jere Peltonen


Normal distribution

50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 6634 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49

= single measurement measurements 0

J E R E

P E L T O N E N

Normal distribution ??


50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 6634 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49

10

value 50 is measured 10 times



Jere Peltonen


Normal distribution= single measurement measurements 10

50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 6634 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49

10


J E R E

P E L T O N E N

Normal distribution


50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 6634 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49

2 1 1 11 1 1 2 1




Jere Peltonen


Normal distribution= single measurement measurements 41

50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 6634 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49

5 4 4 3 3 2 2 11 2 2 3 3 2 4


J E R E

P E L T O N E N

Normal distribution


50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 6634 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49

10 9 9 8 5 3 2 1 1 2 11 1 1 2 2 2 4 4 9 81




Jere Peltonen


Normal distribution

50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 6634 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49

10 9 9 8 5 3 2 1 1 2 11 1 1 2 2 2 4 4 9 81



J E R E

P E L T O N E N

Standard deviation

standard deviation is a value that

shows how much and how often realworld times vary around theexpected value



Jere Peltonen


Standard deviation

+s-s µ

standard deviation 3,8

Real world times varyquite lot and oftenfrom the expectedvalue µ

J E R E

P E L T O N E N

Standard deviation

+s-s µ

Real world times varynot so much and not sooften as in previousexample

standard deviation 2,2



Jere Peltonen


Type

when delay and detection elementsexist at the same event

type tells how much delay has beenused before detection

three types in the model

J E R E

P E L T O N E N

Type H

no delay before detection

whole delay is calculated for example: a PIR detector that

detects an intruder at the beginningof a hallway



Jere Peltonen


Type K

half of delay before detection

half of delay is calculated

for example: a PIR detector thatdetects an intruder when he hasmoved midway of a hallway

J E R E

P E L T O N E N

Type J

all delay before detection

no delay of particular delay elementis taken into accounct in calculation

for example: magnetic contacts at adoor, which give detection only afterthe lock has been picked and dooropens



Jere Peltonen


Example

Door

Window

WallSafe

95%/H/7200s/3000s

95%/H/30s/10s

95%/J/300s/100s0%/7200s/3000s

J E R E

P E L T O N E N

Example

Door

95%/J/300s/100s

Please note that the terminology in TUREANscreenshots used in this presentation is in Finnish.

The TUREAN tool is available in English also.

Check www.yhteisturvallisuus.net orwww.ysecurity.net

http://www.yhteisturvallisuus.net/

http://www.ysecurity.net/





Jere Peltonen


Example

Window

95%/H/30s/10s

J E R E

P E L T O N E N

Example

Wall

0%/7200s/3000s



Jere Peltonen


Example

Safe

95%/H/7200s/3000s!

J E R E

P E L T O N E N

Example

Going back

95%/H/60s/20s!



Jere Peltonen


Example

J E R E

P E L T O N E N

Example

Report



Jere Peltonen


Example

J E R E

P E L T O N E N

Example

The worst probability of interruption is withthe route that goes through the wall!!

WHY??



Jere Peltonen


EXERCISE

analyze using the following values

J E R E

P E L T O N E N

Alternative events

2

345

67

3

0%/600s/200s

3

50%/60s/20s

0%/120s/20s

1

1

1

1 Crossing fence

1 Locked gate

1 Going through

0% / 600s / 200s 0% / 60s / 20s 0% / 120s / 20s



Jere Peltonen


J E R E

P E L T O N E N

Alternative events

13

45

67

3

1

3

5

1

2 Moving accross the yard

1

1

1

2

0%/60s/10s

0% / 60s / 10s



Jere Peltonen


Alternative events

124

567

1

5

1

3 Going through

3 Window

3 Locked door

1

1

1

2

3

3

3

0%/7200s/3000s

95%/J/300s/100s

95%/H/30s/10s

0% / 7200s / 3000s 95% / H / 30s / 10s 95% / J / 300s / 100s

J E R E

P E L T O N E N

Alternative events

12

3

567

3

1

3

5

1

4 Moving inside

1

1

1

2

3

3

3

4

95%/H/60s/10s

95% / H / 60s / 10s



Jere Peltonen


Alternative events

12

3

4

67

3

1

3

1

5 Going through

5 Locked door

1

1

1

2

3

3

3

45

5

0%/3600s/1000s95%/J/300s/100s

0% / 3600s / 1000s 95% / J / 300s / 100s

J E R E

P E L T O N E N

Alternative events

12

345

7

3

1

3

5

1

6 Moving inside

1

1

2 3

3

45

56

1 3

95%/H/20s/5s

95% / H / 20s / 5s



Jere Peltonen


Alternative events

12

3

45

6

3

1

3

5

1

7 Safe

1

1

1

2

3

3

3

45

56 7

95%/H/7200s/3000s

95% / H / 7200s / 3000s

J E R E

P E L T O N E N

Alternative events

12

345

67

3

1

3

5

1

8 Going back

1

1

1

2

3

3

3

45

56 7 8

95%/H/300s/100s

95% / H / 300s / 100s



Jere Peltonen


Other values

response time 900 s / standarddeviation 300 s

reliability 95%

J E R E

P E L T O N E N

First results



Jere Peltonen


Sorted and colored result list

J E R E

P E L T O N E N



Jere Peltonen


EXERCISE

the safe is open

delay 0 s, standard deviation 0 s

J E R E

P E L T O N E N

Results



Jere Peltonen


Results

{

J E R E

P E L T O N E N


http://slidepdf.com/reader/full/ture-an-presentation-english 45/45

Jere Peltonen


Questions?

TUREAN tool is available for freeat

www.yhteisturvallisuus.netor

www.ysecurity.net





Documents

Ture an Presentation English