Vulnerability Analysis


GEM has extensive experience in the conduct of detailed vulnerability analyses (VA) and risk assessments in determining the effectiveness of facility/site personnel security measures, physical security systems, material control and accountability, and protective force response in the protection against the theft of special nuclear material and weapons; creation of an improvised nuclear device, potential malevolent acts associated with the disruption of mission critical facilities/ assets; and sabotage that could affect the health and safety of the public, work force, and environment.

Prior to beginning an actual VA, GEM will develop a Program Plan that details the scope, approach, threat and baseline protection posture and assumptions, any memorandums of agreement, and schedule and milestones for the completion of the VA. This plan takes into full consideration the schedule and milestones associated with the development of any site/facility safeguards and security plan. GEM subject matter experts performing the VA scope of work first review past facility/site VAs, Design Basis Threat Implementation Plans, computer simulation modeling, performance testing results, and results from oversight reviews (surveys, self-assessments, inspections, audits, etc.).  They ensure that the proper “homework” has been completed to assure full knowledge of the state of the protection at customer installations at the beginning of the VA process.


Facility Characterization/Target Identification
GEM VA staff have experience in the conduct of facility characterization reviews to identify and prioritize critical targets/assets, facilities, and critical sensitive elements for evaluation and testing.  We analyze all customer facilities/sites and targets/assets based on their importance to the mission, nuclear material holdings, potential for nuclear theft, and/or possible creation of a radiological or improvised nuclear event. Each is compared with and prioritized based on the threat categories set forth in applicable threat policy.


Threat Characterization
GEM has characterized the specific outsider and insider threat(s) applicable to each target/asset or facility identified in the facility characterization phase based on their criticality and attractiveness level. In determining the appropriate threats, GEM uses a mission analysis process that considers the likelihood of certain threat types and the possible impacts of their success. Using defined local threat information and threat policy, GEM conducts an outsider analysis to identify potential adversary objectives (theft, sabotage, disruption of mission, etc.) and threat type(s) (terrorists, criminals, psychotics, etc.) and their associated characteristics and potential capabilities against the facility and its associated targets/assets.  We recognize the potential for insider adversary involvement as either passive or active with or without outsider involvement.  As such, GEM develops or updates as appropriate an insider analysis to identity and prioritize customer personnel and others with the requisite knowledge, access, and control capabilities over the facilities and targets/assets or the safeguards protecting them.


Scenario Attack Plan Formulation
GEM deploys a systematic approach for analyzing and validating overall system effectiveness by compiling data from Tabletop exercises, computer simulation/facility modeling, and appropriate performance testing. We make use of Special Operations staff (DELTA, Army Rangers, Navy Seals, Special Forces, etc.) as an adversary team to complete a detailed mission analysis and to develop realistic and credible scenario attack plans to assess the system effectiveness of the site/facility protection posture.

GEM conducts explosives analyses (blast effects) and radiological and chemical sabotage analysis against applicable threats.  These analyses are conducted by GEM subject matter experts in parallel with the development of scenario attack plans.


Tabletop Exercises
A Tabletop Evaluation Team comprised of GEM subject matter experts and customer staff assesses the effectiveness of the facility protection posture through the conduct of Tabletop exercises using the scenario attack plans.

The Tabletop Evaluation Team is briefed by the adversary team of the scenario attack plan (mission, concept of operations, equipment/weapons/ammunition, command and control, communications, and detailed attack timeline).  After which, the customer protective force puts in place on a  map or model of the facility their response posture at the beginning of the attack (positions, vehicles, weapons) and brief their overall protection strategy.  Once this has been completed and all questions have been addressed relative to the scenario attack plan and the proposed customer response, the Tabletop exercise begins with the adversary team walking through their attack plan timeline and the customer protective force representatives implementing their protection strategy and response. This process continues until the adversary team has been neutralized or prevented from accomplishing its mission or has been deemed successful in accomplishing its goals.  The results are computer tracked and documented by GEM.


Computer Simulation Modeling
The GEM staff is highly trained in the use of the Government-approved Analytical System and Software for Evaluating Safeguards and Security (ASSESS) and Adversary Time-Line Analysis System (ATLAS) computer models to identify adversary paths to the target(s), characterize delay and detection capability, and document adversary time on target.  GEM analyzes each file against the worst-case threat types to develop “worst case adversary paths” for the Insider and Outsider threat categories. Our analysts input a range of response force times for each set of analysis in coordination with the customer protective force to determine an acceptable Probability of Interruption (Pi) before finalizing the adversary path for input into the Joint Combat and Tactical Simulation (JCATS) model for determining Probability of Neutralization (Pn).  We use JCATS to test the baseline protection postures for each scenario attack plan and proposed upgrade case as well as performance tests (force-on-force, limited scope performance testing, etc.), in determining neutralization factors and overall system effectiveness against postulated Tabletop scenario/attack plans consistent with applicable threat parameters.


Documentation
Upon completion of the above VA process (Tabletop exercises, modeling, upgrades analysis, and performance testing), GEM uses its first hand experience to develop separate evidence file documentation for each process, determines overall system effectiveness consistent with the Federal/customer guidelines, and documents the results in the vulnerability assessment report.  In addition, GEM has the experience to update and revise the customer Design Basis Threat Implementation Plan, as appropriate, and assure that the facility/site resource plan is current.

back to Safeguards & Security main page