Innovation In Radiological Security, Part 2 Of 2 - Insights Into Designing A Cloud‐Hosted Platform

Year
2020
Author(s)
Brandon Gorton - Pacific Northwest National Laboratory
Jaime Wise - Pacific Northwest National Laboratory
Eric Gonzalez - Pacific Northwest National Laboratory
Clay Hagler - Pacific Northwest National Laboratory
Derek Higgins - Pacific Northwest National Laboratory
Abstract

A Sentry Remote Monitoring System (Sentry-RMS) is a stand-alone security system that provides detection, assessment, and communication of priority alarms as an additional means of thwarting internal and external threats to sites that maintain radioactive material. The SEntry-RMS CommUnications and REsponse (Sentry-SECURE) platform is an optional feature of the Sentry-RMS that relays priority alarm information to the identified response stakeholders. Sentry-SECURE is hosted in a cloud environment that abstracts the data owner’s and data consumer’s platforms to allow for greater information sharing. This promotes situational awareness amongst authorized users and enables future innovation among modern response platforms. When securely architecting a cloud solution such as this, the use of design paradigms can be an effective tool to increase the accuracy and reliability of cyber- and information security-related decisions made throughout the development process. This approach also supports the categorization of design considerations into three levels: industry concepts, project approaches, and data protections for digital processes. Industry concepts consist of the notional underpinnings that guide or motivate a security process, system, or design but often lack any tangible attributes. Project approaches represent decisions made during the design and development process to prioritize a solution, method, or practice above another that may provide a comparable functional output but lacks a desired security benefit. Data protections for digital processes represent the selection, integration, and implementation of specific controls for a given asset. This paper will explore specific examples of how Sentry-SECURE has been designed to account for considerations at each of these three levels, while balancing the operational intent of the platform with the security enhancements necessary to maintain data integrity, availability, and confidentiality.