The document discusses EASI (Estimate of Adversary Sequence Interruption), a methodology developed by Sandia National Laboratories to analyze the security of facilities. EASI calculates the probability of successfully interrupting unauthorized entry by estimating detection probability and comparing total delay time to response time, taking into account uncertainty. It can analyze structural arrangements, surveillance, and the effectiveness of concentric protection layers. The TUREAN application of EASI additionally calculates all alternative routes of entry.
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Physical security analysis tool
1. Jere Peltonen
Estimate of Multiple Adversary Sequence
Interruption
Jere Peltonen, CPP
linkedin.com/in/jerepeltonen
EASI
EASI (Estimate of Adversary
Sequence Interruption)
Sandia National Laboratories
U.S. Department of Energy
EASI has been used to analyze e.g.
physical security arrangements of
nuclear facilities
JERE PELTONEN
www.ysecurity.net 1
2. Jere Peltonen
What is analyzed?
Structural arrangements
Surveillance
JERE PELTONEN
What are the results?
probability of failure of unauthorized
entry
in other words
probability of successful interruption
JERE PELTONEN
www.ysecurity.net 2
3. Jere Peltonen
EASI
can be used easily to analyze
arrangements that follow the
principle of concentric protection
layers
JERE PELTONEN
EASI / TUREAN
Basic EASI does not calculate
alternative routes of entry
TUREAN application of EASI
calculates all alternative routes
JERE PELTONEN
www.ysecurity.net 3
4. Jere Peltonen
Why to use?
To get more reliable information
JERE PELTONEN
Why to use?
Security arrangements cost money
On the other hand, to not use any
arrangements can be very costly mistake
We must find the optimum solution, that
does not cost too much, but gives adequate
protection
JERE PELTONEN
www.ysecurity.net 4
5. Jere Peltonen
Why to use?
The security expert or manager needs to
make his/her case to the people that have
the money
He/she must demonstrate the vulnerabilities
of existing arrangements
He/she must demonstrate the effectiveness
of planned arrangements with regard to
protection of assets
JERE PELTONEN
Why to use?
Existing or planned arrangements may
be good as such, but the chain is only
as strong as its weakest link
TUREAN finds the weakest links
JERE PELTONEN
www.ysecurity.net 5
6. Jere Peltonen
Why to use?
To get clear numerical information
that can be used to
find the existing weaknesses
test the effectiveness of planned
arrangements
justify the necessary new arrangements
JERE PELTONEN
Why to use?
TUREAN is an excellent tool for
teaching analytical approach
JERE PELTONEN
www.ysecurity.net 6
7. Jere Peltonen
How to get numerical
information?
calculate the probability of successfull
detection and alarm
And
calculate the probability that remaining
time will be enough to interrupt the
entry
JERE PELTONEN
How to get numerical
information?
the probability of successful detection
and alarm is calculated using the
reliability of detection elements and
detection-to-response reliability
JERE PELTONEN
www.ysecurity.net 7
8. Jere Peltonen
Detection elements
anything that may detect the
unauthorized entry and execute the
alarm (intrusion detectors, local
guards, passers-by)
JERE PELTONEN
How to get numerical
information?
the probability that remaining time
allows interruption is calculated by
adding up delay values of all delay
elements, taking into account the real
world uncertainties of the values, and
comparing it to the response time value,
taking into account the uncertainty
JERE PELTONEN
www.ysecurity.net 8
9. Jere Peltonen
Delay elements
Anything that may delay the intruder
(door, window, wall, fence, lock,
etc.)
JERE PELTONEN
3 most essential terms
Delay
Detection
Response time
JERE PELTONEN
www.ysecurity.net 9
10. Jere Peltonen
Other terms
Probability Type
Normal distribution Sequence of events
Expected value Zone
Standard deviation Intrusion route
JERE PELTONEN
Concentric layers of protection
SAFE
DOOR
WINDOW
DOOR GATE
WINDOW
FENCE
JERE PELTONEN
www.ysecurity.net 10
16. Jere Peltonen
Alternative events
1 3
5
1 2 3 4 6 7 8
5
1 3
7 6 1
5
5 4 3 2
1
3 3
1
JERE PELTONEN
8 Going back the same or
different route
Alternative events
1 3
5
1 2 3 4 6 7 8
5
1 3
7 6 1
5
5 4 3 2
1
3 3
1
JERE PELTONEN
18 ALTERNATIVE INTRUSION ROUTES
www.ysecurity.net 16
17. Jere Peltonen
Delay
30 s
Event 1
30 s
Total
JERE PELTONEN
Delay
30 s
Event 1
60 s
Event 2
90 s
Total
JERE PELTONEN
www.ysecurity.net 17
18. Jere Peltonen
Delay
30 s
Event 1
60 s
Event 2
45 s
Event 3
135 s
Total
JERE PELTONEN
Delay
30 s
Event 1
60 s
Event 2
45 s
Event 3
45 s
Event 4
180 s
Total
JERE PELTONEN
www.ysecurity.net 18
19. Jere Peltonen
Delay, detection
30 s
Event 1
60 s
Event 2
45 s
Event 3
45 s
Event 4
180 s
Total
1st
JERE PELTONEN
possibility of
detection
->detection
Delay, detection, response time
30 s
Event 1
60 s
Event 2
45 s
Event 3
45 s
Event 4
180 s
Total
Response
time 105 s
1st
JERE PELTONEN
possibility of
detection
->detection
www.ysecurity.net 19
20. Jere Peltonen
Delay, detection, response time
successful interruption
30 s
Event 1
60 s
Event 2
45 s
Event 3
45 s
Event 4
180 s
Total
Response
time 105 s
1st Interruption
JERE PELTONEN
possibility of
detection
->detection
Delay, detection, response time
???
30 s
Event 1
60 s
Event 2
45 s
Event 3
45 s
Event 4
180 s
Total
Response
time
1st
JERE PELTONEN
possibility of
detection
but NO detection
www.ysecurity.net 20
21. Jere Peltonen
Delay, detection, response time
???
30 s
Event 1
60 s
Event 2
45 s
Event 3
45 s
Event 4
180 s
Total
Response
time
1st 1st
JERE PELTONEN
possibility of detection
detection
but NO detection
Delay, detection, response time
???
30 s
Event 1
60 s
Event 2
45 s
Event 3
45 s
Event 4
180 s
Total
Response
time 105 s
1st 1st
JERE PELTONEN
possibility of detection
detection
but NO detection
www.ysecurity.net 21
22. Jere Peltonen
Delay, detection, response time
unsuccessful interruption
30 s
Event 1
60 s
Event 2
45 s
Event 3
45 s
Event 4
180 s
Total
Response
time 105 s
1st 1st Interruption
JERE PELTONEN
possibility of detection
detection
but NO detection
Delay, detection, response
time
the example uses exact times for the
sake of concept simplicity
in the real world, there exists a level
of uncertainty that has to be taken
into account somehow
JERE PELTONEN
www.ysecurity.net 22
23. Jere Peltonen
Delay, detection, response
time
uncertainty is modelled by assuming
that all times follow the normal
distribution (Gaussian curve)
JERE PELTONEN
Normal distribution
JERE PELTONEN
www.ysecurity.net 23
27. Jere Peltonen
Normal distribution
= single measurement measurements 86
34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66
1 1 1 1 2 2 2 4 4 9 8 10 9 9 8 5 3 2 1 1 2 1
JERE PELTONEN
value 50 is measured 10 times
Standard deviation
standard deviation is a value that
shows how much and how often real
world times vary around the
expected value
JERE PELTONEN
www.ysecurity.net 27
28. Jere Peltonen
Standard deviation
Real world times vary
quite lot and often
from the expected
value µ
-s µ +s
standard deviation 3,8
JERE PELTONEN
Standard deviation
Real world times vary
not so much and not so
often as in previous
example
-s µ +s
standard deviation 2,2
JERE PELTONEN
www.ysecurity.net 28
29. Jere Peltonen
Type
when delay and detection elements
exist at the same event
type tells how much delay has been
used before detection
three types in the model
JERE PELTONEN
Type H
no delay before detection
whole delay is calculated
for example: a PIR detector that
detects an intruder at the beginning
of a hallway
JERE PELTONEN
www.ysecurity.net 29
30. Jere Peltonen
Type K
half of delay before detection
half of delay is calculated
for example: a PIR detector that
detects an intruder when he has
moved midway of a hallway
JERE PELTONEN
Type J
all delay before detection
no delay of particular delay element
is taken into accounct in calculation
for example: magnetic contacts at a
door, which give detection only after
the lock has been picked and door
opens
JERE PELTONEN
www.ysecurity.net 30
31. Jere Peltonen
Example
Window
95%/H/30s/10s
Wall
Safe Door
0%/7200s/3000s 95%/J/300s/100s
95%/H/7200s/3000s
JERE PELTONEN
Example
Door
95%/J/300s/100s
Please note that the terminology in TUREAN
JERE PELTONEN
screenshots used in this presentation is in Finnish.
The TUREAN tool is available in English also.
Check www.yhteisturvallisuus.net or
www.ysecurity.net
www.ysecurity.net 31
32. Jere Peltonen
Example
Window
95%/H/30s/10s
JERE PELTONEN
Example
Wall
0%/7200s/3000s
JERE PELTONEN
www.ysecurity.net 32
33. Jere Peltonen
Example
Safe
!
95%/H/7200s/3000s
JERE PELTONEN
Example
Going back
!
95%/H/60s/20s
JERE PELTONEN
www.ysecurity.net 33
34. Jere Peltonen
Example
JERE PELTONEN
Example
Report
JERE PELTONEN
www.ysecurity.net 34
35. Jere Peltonen
Example
JERE PELTONEN
Example
The worst probability of interruption is with
the route that goes through the wall!!
WHY??
JERE PELTONEN
www.ysecurity.net 35
41. Jere Peltonen
Other values
response time 900 s / standard
deviation 300 s
reliability 95%
JERE PELTONEN
First results
JERE PELTONEN
www.ysecurity.net 41
42. Jere Peltonen
Sorted and colored result list
JERE PELTONEN
JERE PELTONEN
www.ysecurity.net 42
43. Jere Peltonen
EXERCISE
the safe is open
delay 0 s, standard deviation 0 s
JERE PELTONEN
Results
JERE PELTONEN
www.ysecurity.net 43