A recent edition of the Infrastructure Resilience Research Group Journal featured an article written by Pacific Northwest National Laboratory (PNNL) researchers Rob Siefken and Jake Burns about “Design Basis Threat and the Low Threat Environment.”
A Design Basis Threat (DBT) consists of the attributes and characteristics of potential insider and/or external adversaries, who might attempt unauthorized removal or sabotage of high-consequence assets, against which a physical protection system is designed and evaluated.
The article, co-authored with Ross Johnson of Bridgehead Security Consulting of Canada, provides an overview of a DBT and then examines environments that have little or no known threats.
“You figure out a design basis threat by using all available information from law enforcement, the intelligence community, and local threat assessments, and you can come up with a threat or what the adversary looks like,” said Siefken, a national security specialist.
This includes their motivations, capabilities, and intentions. A DBT can be critical, even for sites that have no history of threats or no known adversaries.
“By having designed your system where there is little or no perceived threat, the DBT process may leave you very vulnerable,” said Siefken. “Artificially creating an asset protection level that considers a notional adversary attempting to achieve an unacceptable consequence allows you to restore the full range of flexibility to your physical protection system and model more destructive attacks than the threat level may support at the time.”
Siefken and Johnson both serve on the Physical Security Advisory Group (PSAG) of the North American Electricity Reliability Corporation (NERC). The PSAG provides seasoned expertise to advise the electricity sector about physical security threats and threat mitigation strategies to enhance the bulk electric system physical security and reliability.
“This was a great opportunity to co-author an article and show that PNNL is a subject matter expert in the field of DBT and vulnerability analysis, when it comes to assessing critical energy infrastructure,” said Siefken.