Cooperzino
  • image

    The Glorfindel Project

    Understanding Risk Through Modeling

    The Glorfindel Project was initiated by the AAEA as a methodology to systemically identify risks to nuclear and radiological material.

    The project outlines a process from which any site can systemically map out all the various security measures at a plant and then insert them into a simulated environment to see how they interact.

    From there, the process then turns to the adversary and mapping out their various intentions, motivations, and capabilities as is outlined in IAEA documentation.

    Then the Glorfindel participants can then begin to model how the adversary might interact with the various physical protection systems.

    In the test case of the Glorfindel project, the AAEA chose SNRI as the first site to undergo this process. Using their Denethor computer, the Glorfindel project was able to map out several pathways that the adversary could expose to gain unauthorized access to the sensitive areas of the site.

    The chief concern was access control to vital areas; access control into the protected area and access control into the various buildings at the site.

    To improve security and remove this vulnerability, Cooperzino used the data from the Glorfindel project to determine the best overall security measures that would remove risk while minimizing costs and infrastructure.

    Cooperzino proposed that SNRI installed the Handpunch 3000 Biometric Prox/Pin Reader made by Schlage.

    However, this was not a simple installation and required the expertise of Cooperino'z engineers to deploy effectively. The access control system is tied to the employee time card system that tracks when employees arrive at work and when they leave. In addition to reducing unauthorized access risk, SNRI requested that this system be tied to this time card system so they can track when employees are entering thier work space and when they are leaving.

    The critical issue was SNRI's network architecture and how they accounted for sensitive digital assets. Please click on the image below for a detailed look at the unique architecture and how the security system interplays with other systems


    As you can see, the access control system operates in Control Z but the time card system operates in Zone G and communication between the two systems must pass through multiple firewalls and other zones which could impact the time effectiveness of the system if the Schlage system servers were to be housed in Zone Z and still communicate with Zone G.

    To resolve this issue, the Cooperzino network engineers reworked the Schlage system. The Access control was rerouted through the time card system in Zone G. Any updates or changes to credentials to the Schlage system can be "pushed" out to the individal card readers via the time card server. The individual Handpuch Schlage systems will store access control credentials at the building until the time card system sends new information.

    The Cooperzino network engineers have effectively removed the risk of bandwidth issues in SNRI's network from slowing down the rate of employees using the Schlage system and thereby reduces the overall costs to SNRI of this new security parameter.