Protecting Material Control and Accounting Systems from Falsification by Insiders

Over the past several years, DOE facilities handling special nuclear material have been upgrading their material control and accounting (MC&A) systems to protect against insiders. Most of the systems analyzed were found to be relatively secure, but they did contain some insider vulnerabilities. The process of creating the information flow models used to analyze these systems has provided insight into general design features which can eliminate these vulnerabilities. Two of the major features characterizing secure MC&A systems are data independence and data verification. In this paper, these features are illustrated by means of typical, vulnerable MC&A procedures and by the steps needed to correct those vulnerabilities. For example, lack of independence for accountability data is shown explicitly in an information flow model.