Vulnerability Analysis Process for Evaluating Protection Against Design-basis Threats

The Department of Energy (DOE) requires vulnerability analyses (VAs) to be performed in support of three Safeguards and Security programs: Computer Security Program, Operations Security (OPSEC) Program and Special Nuclear Material (SNM) Protection Program. The three types of VAs used to support these requirements will be described briefly and compared. The type of VA used to evaluate SNM protection will be described in more detail as a general six-step process. This general VA process has wide applicability; it has been used to evaluate the protection of nuclear and nonnuclear assets, civilian and military assets when designbasis threats are specified. The applicability of the VA process to evaluation of SNM protection and information protection against design-basis threats will be described.