Facilities, such as corporate offices, factories, and plants, with high value assets that need to be protected use various physical protection systems to detect unauthorized intrusions and automated barriers to delay an adversaries' attempt to access their target. With the complexities of modern automation and remote monitoring/control physical protection is influenced heavily by the cyber domain (e.g., standard network connections for communication, increased interoperability between the physical protection components  and the IT  network, the use of distributed  passwords thorough siloed organizations, firewall rules set by independent 3rd parties, etc.). Because there is increasing overlap between physical and cyber domains, an adversary may use vulnerabilities in one domain to render security systems in the other domain less secure.

Scientists at PNNL have developed a computer-implemented security evaluation method to explore interactions between both physical and cyber domains to assist with identifying overall vulnerability of the system. The method gathers information about the physical and cyber architecture of a facility and builds a model of the facility containing a plurality of physical attributes of the physical protection system, a plurality of cyber protection measures of the cyber architecture, and articulates the connection points between the physical areas and the cyber areas. An adversary’s skill level is defined, and a target is identified within the facility.  The model is a Monte Carlo simulation that iterates the scenario thousands of times to thoroughly examining every possible pathway, to include both physical and electronic.  The model highlights interdependencies and system level interactions that would be overlooked given the processes, methodologies, and tools in use today. 

The model results can be used in different ways.  For example; the results may be queried to identify the combination of pathways most often used by an adversary when they achieve their goals, the sets of safeguards and security measure most often compromised (and the time it takes to compromise them), to identify relationships between physical and cyber security systems not readily apparent through existing means, and to assist with the design/redesign of physical protection and cybersecurity systems.