Jere Peltonen

Estimate of Multiple Adversary Sequence

Interruption

Jere Peltonen, CPP

linkedin.com/in/jerepeltonen

EASI

 EASI (Estimate of Adversary

Sequence Interruption)
 Sandia National Laboratories
 U.S. Department of Energy
 EASI has been used to analyze e.g.
physical security arrangements of
nuclear facilities
JERE PELTONEN

www.ysecurity.net 1
 Jere Peltonen

What is analyzed?

 Structural arrangements

 Surveillance
JERE PELTONEN

What are the results?

 probability of failure of unauthorized

entry

in other words

 probability of successful interruption

JERE PELTONEN

www.ysecurity.net 2
 Jere Peltonen

EASI

 can be used easily to analyze

arrangements that follow the
principle of concentric protection
layers
JERE PELTONEN

EASI / TUREAN

 Basic EASI does not calculate

alternative routes of entry

 TUREAN application of EASI

calculates all alternative routes
JERE PELTONEN

www.ysecurity.net 3
 Jere Peltonen

Why to use?

 To get more reliable information

JERE PELTONEN

Why to use?

 Security arrangements cost money

 On the other hand, to not use any

arrangements can be very costly mistake

 We must find the optimum solution, that

does not cost too much, but gives adequate
protection
JERE PELTONEN

www.ysecurity.net 4
 Jere Peltonen

Why to use?

 The security expert or manager needs to

make his/her case to the people that have
the money

 He/she must demonstrate the vulnerabilities

of existing arrangements

 He/she must demonstrate the effectiveness

of planned arrangements with regard to
protection of assets
JERE PELTONEN

Why to use?

 Existing or planned arrangements may

be good as such, but the chain is only
as strong as its weakest link

 TUREAN finds the weakest links

JERE PELTONEN

www.ysecurity.net 5
 Jere Peltonen

Why to use?

 To get clear numerical information

that can be used to

 find the existing weaknesses

 test the effectiveness of planned
arrangements
 justify the necessary new arrangements
JERE PELTONEN

Why to use?

 TUREAN is an excellent tool for

teaching analytical approach
JERE PELTONEN

www.ysecurity.net 6
 Jere Peltonen

How to get numerical

information?
 calculate the probability of successfull
detection and alarm

And

 calculate the probability that remaining

time will be enough to interrupt the
entry
JERE PELTONEN

How to get numerical

information?
 the probability of successful detection
and alarm is calculated using the
reliability of detection elements and
detection-to-response reliability
JERE PELTONEN

www.ysecurity.net 7
 Jere Peltonen

Detection elements

 anything that may detect the

unauthorized entry and execute the
alarm (intrusion detectors, local
guards, passers-by)
JERE PELTONEN

How to get numerical

information?
 the probability that remaining time
allows interruption is calculated by

 adding up delay values of all delay

elements, taking into account the real
world uncertainties of the values, and

 comparing it to the response time value,

taking into account the uncertainty
JERE PELTONEN

www.ysecurity.net 8
 Jere Peltonen

Delay elements

 Anything that may delay the intruder

(door, window, wall, fence, lock,
etc.)
JERE PELTONEN

3 most essential terms

 Delay
 Detection
 Response time
JERE PELTONEN

www.ysecurity.net 9
 Jere Peltonen

Other terms

 Probability  Type
 Normal distribution  Sequence of events
 Expected value  Zone
 Standard deviation  Intrusion route
JERE PELTONEN

Concentric layers of protection

SAFE
DOOR
WINDOW
DOOR GATE
WINDOW

FENCE
JERE PELTONEN

www.ysecurity.net 10
 Jere Peltonen

Intrusion route
JERE PELTONEN

Sequence of events

7 6
5
4 2
1
3
JERE PELTONEN

www.ysecurity.net 11
 Jere Peltonen

Alternative events
(=alternative routes)

7 6 1
5
5 4 3 2
1
3 3

1
JERE PELTONEN

Alternative events
1
1
1

7 6 1
5
5 4 3 2
3 1
3

1
1 Crossing the fence
JERE PELTONEN

1 Locked gate
1 Through the fence

www.ysecurity.net 12
 Jere Peltonen

Alternative events
1
1 2
1

7 6 1
5
5 4 3 2 1
3 3

1
JERE PELTONEN

2 Moving across the yard

Alternative events
1 3
1 2 3
1 3

7 6 1
5
5 2
4 3 1
3 3

1
3 Making a hole
JERE PELTONEN

3 Window
3 Locked door

www.ysecurity.net 13
 Jere Peltonen

Alternative events
1 3
1 2 3 4
1 3

7 6 1
5
5 3 2
4 1
3 3

1
JERE PELTONEN

4 Moving inside

Alternative events
1 3
5
1 2 3 4
5
1 3

7 6 1
5
5 4 3 2
1
3 3

1
5 Making a hole
JERE PELTONEN

5 Locked door

www.ysecurity.net 14
 Jere Peltonen

Alternative events
1 3
5
1 2 3 4 6
5
1 3

7 1
6 5
5 4 3 2
1
3 3

1
JERE PELTONEN

6 Moving inside

Alternative events
1 3
5
1 2 3 4 6 7
5
1 3

7 6 1
5
5 4 3 2
1
3 3

1
JERE PELTONEN

7 Safe

www.ysecurity.net 15
 Jere Peltonen

Alternative events
1 3
5
1 2 3 4 6 7 8
5
1 3

7 6 1
5
5 4 3 2
1
3 3

1
JERE PELTONEN

8 Going back the same or

different route

Alternative events
1 3
5
1 2 3 4 6 7 8
5
1 3

7 6 1
5
5 4 3 2
1
3 3

1
JERE PELTONEN

18 ALTERNATIVE INTRUSION ROUTES

www.ysecurity.net 16
 Jere Peltonen

Delay

30 s
Event 1

30 s
Total
JERE PELTONEN

Delay

30 s
Event 1
60 s
Event 2

90 s
Total
JERE PELTONEN

www.ysecurity.net 17
 Jere Peltonen

Delay

30 s
Event 1
60 s
Event 2
45 s
Event 3

135 s
Total
JERE PELTONEN

Delay

30 s
Event 1
60 s
Event 2
45 s
Event 3
45 s
Event 4
180 s
Total
JERE PELTONEN

www.ysecurity.net 18
 Jere Peltonen

Delay, detection

30 s
Event 1
60 s
Event 2
45 s
Event 3
45 s
Event 4
180 s
Total

1st
JERE PELTONEN

possibility of
detection
->detection

Delay, detection, response time

30 s
Event 1
60 s
Event 2
45 s
Event 3
45 s
Event 4
180 s
Total

Response
time 105 s

1st
JERE PELTONEN

possibility of
detection
->detection

www.ysecurity.net 19
 Jere Peltonen

Delay, detection, response time

successful interruption
30 s
Event 1
60 s
Event 2
45 s
Event 3
45 s
Event 4
180 s
Total

Response
time 105 s

1st Interruption
JERE PELTONEN

possibility of
detection
->detection

Delay, detection, response time

???
30 s
Event 1
60 s
Event 2
45 s
Event 3
45 s
Event 4
180 s
Total

Response
time

1st
JERE PELTONEN

possibility of
detection
but NO detection

www.ysecurity.net 20
 Jere Peltonen

Delay, detection, response time

???
30 s
Event 1
60 s
Event 2
45 s
Event 3
45 s
Event 4
180 s
Total

Response
time

1st 1st
JERE PELTONEN

possibility of detection
detection
but NO detection

Delay, detection, response time

???
30 s
Event 1
60 s
Event 2
45 s
Event 3
45 s
Event 4
180 s
Total

Response
time 105 s

1st 1st
JERE PELTONEN

possibility of detection
detection
but NO detection

www.ysecurity.net 21
 Jere Peltonen

Delay, detection, response time

unsuccessful interruption
30 s
Event 1
60 s
Event 2
45 s
Event 3
45 s
Event 4
180 s
Total

Response
time 105 s

1st 1st Interruption

JERE PELTONEN

possibility of detection
detection
but NO detection

Delay, detection, response

time
 the example uses exact times for the
sake of concept simplicity

 in the real world, there exists a level

of uncertainty that has to be taken
into account somehow
JERE PELTONEN

www.ysecurity.net 22
 Jere Peltonen

Delay, detection, response

time
 uncertainty is modelled by assuming
that all times follow the normal
distribution (Gaussian curve)
JERE PELTONEN

Normal distribution
JERE PELTONEN

www.ysecurity.net 23
 Jere Peltonen

Normal distribution
= single measurement measurements 0

34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66
JERE PELTONEN

Normal distribution ??
= single measurement measurements 10

34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66

10
JERE PELTONEN

value 50 is measured 10 times

www.ysecurity.net 24
 Jere Peltonen

Normal distribution
= single measurement measurements 10

34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66

10
JERE PELTONEN

value 50 is measured 10 times

Normal distribution
= single measurement measurements 11

34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66

1 1 1 2 1 2 1 1 1
JERE PELTONEN

value 50 is measured 2 times

www.ysecurity.net 25
 Jere Peltonen

Normal distribution
= single measurement measurements 41

34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66

1 2 2 3 3 2 4 5 4 4 3 3 2 2 1
JERE PELTONEN

value 50 is measured 5 times

Normal distribution
= single measurement measurements 86

34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66

1 1 1 1 2 2 2 4 4 9 8 10 9 9 8 5 3 2 1 1 2 1
JERE PELTONEN

value 50 is measured 10 times

www.ysecurity.net 26
 Jere Peltonen

Normal distribution
= single measurement measurements 86

34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66

1 1 1 1 2 2 2 4 4 9 8 10 9 9 8 5 3 2 1 1 2 1
JERE PELTONEN

value 50 is measured 10 times

Standard deviation

 standard deviation is a value that

shows how much and how often real
world times vary around the
expected value
JERE PELTONEN

www.ysecurity.net 27
 Jere Peltonen

Standard deviation
Real world times vary
quite lot and often
from the expected
value µ

-s µ +s
standard deviation 3,8
JERE PELTONEN

Standard deviation
Real world times vary
not so much and not so
often as in previous
example

-s µ +s
standard deviation 2,2
JERE PELTONEN

www.ysecurity.net 28
 Jere Peltonen

Type

 when delay and detection elements

exist at the same event
 type tells how much delay has been
used before detection
 three types in the model
JERE PELTONEN

Type H

 no delay before detection

 whole delay is calculated
 for example: a PIR detector that
detects an intruder at the beginning
of a hallway
JERE PELTONEN

www.ysecurity.net 29
 Jere Peltonen

Type K

 half of delay before detection

 half of delay is calculated
 for example: a PIR detector that
detects an intruder when he has
moved midway of a hallway
JERE PELTONEN

Type J

 all delay before detection

 no delay of particular delay element
is taken into accounct in calculation
 for example: magnetic contacts at a
door, which give detection only after
the lock has been picked and door
opens
JERE PELTONEN

www.ysecurity.net 30
 Jere Peltonen

Example

Window
95%/H/30s/10s

Wall
Safe Door
0%/7200s/3000s 95%/J/300s/100s
95%/H/7200s/3000s
JERE PELTONEN

Example

Door
95%/J/300s/100s

Please note that the terminology in TUREAN

JERE PELTONEN

screenshots used in this presentation is in Finnish.

The TUREAN tool is available in English also.
Check www.yhteisturvallisuus.net or
www.ysecurity.net

www.ysecurity.net 31
 Jere Peltonen

Example

Window
95%/H/30s/10s
JERE PELTONEN

Example

Wall
0%/7200s/3000s
JERE PELTONEN

www.ysecurity.net 32
 Jere Peltonen

Example

Safe
!
95%/H/7200s/3000s
JERE PELTONEN

Example

Going back
!
95%/H/60s/20s
JERE PELTONEN

www.ysecurity.net 33
 Jere Peltonen

Example
JERE PELTONEN

Example

Report
JERE PELTONEN

www.ysecurity.net 34
 Jere Peltonen

Example
JERE PELTONEN

Example

The worst probability of interruption is with

the route that goes through the wall!!

WHY??
JERE PELTONEN

www.ysecurity.net 35
 Jere Peltonen

EXERCISE

 analyze using the following values

JERE PELTONEN

0% / 600s / 200s 0% / 60s / 20s 0% / 120s / 20s

Alternative events
1
1
1

7 6 0%/120s/20s
5
5 4 3 2
0%/60s/20s
3 3

0%/600s/200s
1 Crossing fence
JERE PELTONEN

1 Locked gate
1 Going through

www.ysecurity.net 36
 Jere Peltonen

JERE PELTONEN

0% / 60s / 10s

Alternative events
1
1 2
1

7 6 1
5
5 4 3
0%/60s/10s
1
3 3

1
JERE PELTONEN

2 Moving accross the yard

www.ysecurity.net 37
 Jere Peltonen

0% / 7200s / 3000s 95% / H / 30s / 10s 95% / J / 300s / 100s

Alternative events
1 3
1 2 3
1 3

7 6 1
5
5 4 2
95%/J/300s/100s
1
0%/7200s/3000s 95%/H/30s/10s

1
3 Going through
JERE PELTONEN

3 Window
3 Locked door

95% / H / 60s / 10s

Alternative events
1 3
1 2 3 4
1 3

7 6 1
5
5 3 2
95%/H/60s/10s 1
3 3

1
JERE PELTONEN

4 Moving inside

www.ysecurity.net 38
 Jere Peltonen

0% / 3600s / 1000s 95% / J / 300s / 100s

Alternative events
1 3
5
1 2 3 4
5
1 3

7 6 1
95%/J/300s/100s
0%/3600s/1000s
4 3 2
1
3 3

1
5 Going through
JERE PELTONEN

5 Locked door

95% / H / 20s / 5s

Alternative events
1 3
5
1 2 3 4 6
5
1 3

7
95%/H/20s/5s
1
5
5 4 3 2
1
3 3

1
JERE PELTONEN

6 Moving inside

www.ysecurity.net 39
 Jere Peltonen

95% / H / 7200s / 3000s

Alternative events
1 3
5
1 2 3 4 6 7
5
1 3

95%/H/7200s/3000s
6 1
5
5 4 3 2
1
3 3

1
JERE PELTONEN

7 Safe

95% / H / 300s / 100s

Alternative events
1 3
5
1 2 3 4 6 7 8
5
1 3

7 6 1
5
5 4 3 2
1
3 3

95%/H/300s/100s
1
JERE PELTONEN

8 Going back

www.ysecurity.net 40
 Jere Peltonen

Other values

 response time 900 s / standard

deviation 300 s
 reliability 95%
JERE PELTONEN

First results
JERE PELTONEN

www.ysecurity.net 41
 Jere Peltonen

Sorted and colored result list

JERE PELTONEN
JERE PELTONEN

www.ysecurity.net 42
 Jere Peltonen

EXERCISE

 the safe is open

 delay 0 s, standard deviation 0 s
JERE PELTONEN

Results
JERE PELTONEN

www.ysecurity.net 43
 Jere Peltonen

Results

{
JERE PELTONEN
JERE PELTONEN

www.ysecurity.net 44
 Jere Peltonen

Questions?

TUREAN tool is available for free

at
www.yhteisturvallisuus.net
or
www.ysecurity.net
JERE PELTONEN

www.ysecurity.net 45