Skip navigation
Nuclear Safeguards Education Portal

Threat-Informed Security

The information covered in the previous sections can be organized into a threat definition.  This is the information product at the base of designing a nuclear security system. It consists of information about the potential malicious acts, motivations, and capabilities of an adversary.  A brief explanation follows, but for an elaborate explanation of threat definitions view the Physical Protection Systems Course.

The process for constructing a threat definition has three main components:

  1. Listing the information needed: The designers must decide on what information is needed for the threat definition, so collection can be targeted effectively.  Necessary adversary information can include: motivations, potential goals based upon targets, tactics, groups size, and capabilities.    
  2. Collecting information: Threat information can be collected from a multitude of sources such as crime statistics, professional organizations, published literature, intelligence information, government directives, etc.  This information could incorporate facility specific considerations such as condition inside and outside the facility. This should also include the likelihood of insider involvement in the threat.
  3. Organizing the information into a usable format: The collected information is arranged into a usable product that allows designer to easily view and assess critical adversary information such as a group's motivation, capabilities, target, etc..

The organized information can be filled into an adversary threat spectrum, such as the one pictured below, that designers use to compare the motivations, potential targets, and capabilities of adversaries.  The information in the threat spectrum is used by designers to determine the likelihood a facility will be attacked and by whom, as well as to identify the highest consequence target of interest.  Anticipating the likelihood of an adversary attacking is problematic, so designers may choose to be conservative by assuming all adversaries will attack the facility or may choose to distill the threat information into a single threat definition to use in the design (called a Design Basis Threat).  Designers then construct a security system to counter the highest consequence of an attack on the facility.

  Threat 1 Threat 2 Threat 3
Targets of Interest
Likely Malicious Act
Willingness to Die
Group Size
Intelligence Gathering Means
Equipment and Tools
Modes of Transportation
Technical Skills
Cyber Skills
Other Knowledge
Support Structure
Insider assistance

From IAEA Nuclear Security Series No. 10, "Development, Use, and Maintenance of the Design Basis Threat," IAEA (2009)  (for mobile devices, it may be necessary to scroll or swipe to see all data on this table, or click here to view large version of the full table).

Page 10 / 11