Protecting Material Control and Accounting Systems from falsification by insiders

Over the past several years, DOE facilities handling special nuclear material have been upgrading their material control and accounting (MCandA) systems to protect against insiders. Most of the systems analyzed were found to be relatively secure, but they did contain some insider vulnerabilities. The process of creating the information flow models used to analyze these systems has provided insight into general design features which can eliminate these vulnerabilities. Two of the major features characterizing secure MCandA systems are data independence and data verification. In this paper, these features are illustrated by means of typical, vulnerable MCandA procedures and by the steps needed to correct those vulnerabilities. Based on their assessment experience, the authors provide design guidance which could eliminate many insider vulnerabilities.