May 04, 2005
Detecting nukes in transit: What can the newly-established DNDO do?
Just finished writing a paper with Sri and Tom Tisch - it's titled 'Nuclear Detection: Portals, fixed detectors, and NEST teams won't work on a national scale, so what's next?'. We analyze the *use* of nuclear detectors to help prevent terrorist nuclear attacks, and we conclude that fixed detector approaches (such as those currently being implemented) are unlikely to be that effective. Here's the executive summary of the paper:
Recognizing the need for detecting terrorist attempts to transport or use fissile nuclear materials, President Bush’s FY 2006 budget request includes $246 million to form a Domestic Nuclear Detection Office (DNDO) within the Department of Homeland Security (DHS).  “The DNDO will provide a single accountable organization with dedicated responsibilities to develop the global nuclear detection architecture, and acquire, and support the deployment of the domestic detection system…”  How can DNDO planners deliver a global nuclear detection architecture that works?
Nuclear detection systems, as architected and deployed today, leave loopholes in the transportation network that terrorists can easily exploit by making use of light road vehicles to private jets to oil tankers . Progress can be made if we face up to three fundamental facts:
1. Terrorists will most likely try to use highly enriched uranium (HEU), not plutonium: assembly of a HEU bomb does not involve technically complex detonation as with a plutonium bomb.
2. Terrorists can circumvent a network of fixed detectors: fixed detectors not only lack sufficient proximity and exposure to the vehicle in transit but also do not screen many types of vehicles.
3. R&D breakthroughs cannot change the physics of detection: passive detection of HEU will always be limited by its natural rate of radioactivity, and the attenuation of radioactivity is very sharp with distance . The gamma rays and neutrons useful for detecting shielded HEU permit detection only at short distances (2-4 feet or less) and require that there is sufficient time to count a sufficient number of particles (several minutes to hours).
Recommendation: Due to fundamental physical limits, the current trend toward a fixed detector infrastructure is a dead-end. The only way shielded HEU can be effectively detected is if commercially-available detector technology, rather than being kept at fixed locations, are directly integrated into vehicles themselves. Detectors would travel with vehicles and have enough time to record radioactivity before reporting their readings to a network of check-points (in the same way E-Z pass collects highway tolls).
Our paper, 'Nuclear Detection: Portals, fixed detectors, and NEST teams won't work on a national scale, so what's next?' explores tradeoffs in detecting HEU in transit, and analyzes its technical, operational, and economic feasibility.
 “R&D in the Department of Homeland Security”, AAAS, http://www.aaas.org/spp/rd/06pch12.htm
 “Fact Sheet: Domestic Nuclear Detection Office,” http://www.dhs.gov/dhspublic/display?content=4474
 Medalia, J., 2005, “Nuclear Terrorism: A Brief Review of Threats and Responses,” CRS Report for Congress, The Library of Congress http://fpc.state.gov/documents/organization/43399.pdf
 attenuation of radioactivity with distance is subject to an inverse-square law in free-space and is exponential with shielding
April 18, 2005
The NYT has an article on millimeter-wave imaging technologies applied to the detection of concealed weapons. The human body has a high emissivity and emits a great deal of millimeter-wave energy (between 30 and 300 GHz)- it shows up as hot on a millimeter imaging system. By contrast, a concealed gun, for instance, has a low emissivity and a high reflectivity - it reflects the ambient energy (at the temperature of the surroundings) and shows up as cold on the scan. The temperature differential with respect to the surroundings allows for the discrimination of the weapon being carried.
The article profiles three companies (Brijot Imaging Systems, Millivision Technologies and Trex Enterprises) that appear to have working imaging systems integrated with video surveillance and software that accomplishes detection and classification in a device that's about $50K.
Interestingly, these passive detection systems have an active counterpart (involving bouncing millimeter waves off the subject in a manner analogous to radar). Understandably, there are health and privacy concerns around the active imaging systems as a result of which the passive systems are likely to get better traction.
Millivision has a nice whitepaper on the technology on their website.
Radiation detectors on buoys
The Lawrence Livermore National Labs site has an interesting write-up on trials of radiation detectors aboard buoys off the coast. The idea is to detect nuclear materials that might be carried on board boats and other vessels before they get close enough to land to be dangerous. The detectors are powered by wind- and solar-powered generators and are outfitted with wireless communications links.
Homeland security experts are evaluating a wide range of possible threats from terrorists. One of the more troubling scenarios is a small and crude nuclear device transported in and detonated from a boat located near a naval military base or a civilian shipping terminal. Thanks to a Livermore design, buoys outfitted with commercially available radiation detectors could soon play an important role by warning of the presence of nuclear materials in marine environments.
9/11 showed us that we needed to secure civilian transportation modalities (a shift away from the cold-war thinking of building missile shields, etc.). If the trials are successful, these detector systems might be deployed around busy ports to interdict and deter marine transport of nuclear materials and weapons. Apparently, proposals have already been submitted to deploy buoys with radiation detectors in the Oakland harbor.
Curious to see what the specs are on the detector system: how well detection at a distance works, how high the false positive rate is and how closely the buoys need to be spaced in order to be effective. As with any RF system, radiation has a power-law falloff (inverse-square law in this instance) with distance...
March 16, 2005
National Planning Scenarios
A DHS document titled 'National Planning Scenarios' has apparently been inadvertently leaked (executive summary available here, but I've not been able to find the full report yet). The document reportedly contains a prioritized list of threats and is intended to guide investment in terror deterrence and mitigation programs. Scenarios developed include blowing up a chlorine tank in a metro area as well as terrorist deployment of a nuclear weapon. This sort of risk management approach makes a lot of sense and is long overdue.
By identifying possible attacks and specifying what government agencies should do to prevent, respond to and recover from them, Homeland Security is trying for the first time to define what "prepared" means, officials said.
The goal of the document's planners was not to identify every type of possible terrorist attack. It does not include an airplane hijacking, for example, because "there are well developed and tested response plans" for such an incident. Planners included the threats they considered the most plausible or devastating, and that represented a range of the calamities that communities might need to prepare for, said Marc Short, a department spokesman. "Each scenario generally reflects suspected terrorist capabilities and known tradecraft," the document says.
The article also quotes Michael Chertoff, the new secretary of homeland security, who makes a lot of sense:
Michael Chertoff, the new secretary of homeland security, has made it clear that this risk-based planning will be a central theme of his tenure, saying that the nation must do a better job of identifying the greatest threats and then move aggressively to deal with them.
"There's risk everywhere; risk is a part of life," Mr. Chertoff said in testimony before the Senate last week. "I think one thing I've tried to be clear in saying is we will not eliminate every risk."
It seems like this might also bring some sanity to the homeland security spending allocation process:
To prioritize spending nationwide, communities or regions will be ranked by population, population density and an inventory of critical infrastructure in the region.
The communities in the first tier, the largest jurisdictions with the highest-value targets, will be expected to prepare more comprehensively than other communities, so they would be eligible for more federal money.
"We can't spend equal amounts of money everywhere," said Mr. Mayer, of the Homeland Security Department.
Secrecy and security
Bruce Shneier points to interesting testimony from the Director of the National Security Archive regarding rising levels of secrecy within the government, using the war on terror as a justification. The testimony highlights the observation that secrecy often doesn't contribute to security (a point that Shneier has made elsewhere)
The lesson of 9/11 is that we are losing protection by too much secrecy. The risk is that by keeping information secret, we make ourselves vulnerable. The risk is that when we keep our vulnerabilities secret, we avoid fixing them. In an open society, it is only by exposure that problems get fixed. In a distributed information networked world, secrecy creates risk -- risk of inefficiency, ignorance, inaction, as in 9/11. As the saying goes in the computer security world, when the bug is secret, then only the vendor and the hacker know -- and the larger community can neither protect itself nor offer fixes.
The testimony offers some great examples of instances where exposing secrets actually contributed to averting attacks or catching criminals and argues that one of the lessons of 9/11 was the need for greater openness, rather than increased secrecy:
The number one lesson of 9/11 is that the "relevant players" include the public, front and center. As the staff director of the Congressional Joint Inquiry on 9/11 found, "The record suggests that, prior to September 11th, the U.S. intelligence and law enforcement communities were fighting a war against terrorism largely without the benefit of what some would call their most potent weapon in that effort: an alert and informed American public. One need look no further for proof of the latter point than the heroics of the passengers on Flight 93 or the quick action of the flight attendant who identified shoe bomber Richard Reid." After all, the only part of our national security apparatus that actually prevented casualties on 9/11 was the citizenry - those brave passengers on Flight 93 who figured out what was going on before the Pentagon or the CIA did, and brought their plane down before it could take out the White House or the Capitol.
Look at the case of the Unabomber, the Harvard-educated terrorist who blew up random scientists with letter bombs. Years of secret investigation turned up nothing but rambling screeds against modernity and the machine, and only after the madman threatened more violence unless his words were published, did the FBI relent and give the crank letter file to the newspapers. The Washington Post and the New York Times went in together on a special section to carry the 35,000 words in 1995, but the key paper was the Chicago Tribune, read at the breakfast table in a Chicago suburb by the bomber's brother, who said, sounds like crazy Ted, guess I'd better call the cops.
How did we catch the Washington sniper? The police had been chasing a white van for weeks with no luck, and finally changed the description to a blue sedan based on an eyewitness report. They refused to give out the license plate number (because the sniper would then change the plates, of course); but finally an unnamed police official took it upon herself to leak the license number at midnight, local radio and TV picked it up, and a trucker was listening who saw a blue sedan in a rest area in western Maryland. He checked the plate number, and bingo, within three hours of the leak they arrested the sniper. Openness empowers citizens.
False positives in radiation detection
Robert Bonner, commissioner of U.S. Customs and Border Protection, told a Senate subcommittee on homeland security that since the first such devices were installed in May 2000, they had picked up over 10,000 radiation hits in vehicles or cargo shipments entering the country. All proved harmless.
As an example of how the system was working, Bonner said on Jan. 26, 2005, a machines got a hit from a South Korean vessel at the Los Angeles seaport. The radiation turned out to be emanating from the ship's fire extinguishing system and was no threat to safety.
I tracked down Bonner's testimony which has this to say:
Our investment in WMD Detection technology is paying off as demonstrated by the following recent event. On January 26, 2005, at the Los Angeles seaport a PRD activated in proximity to a vessel from Kwan Yang, South Korea. A search of the vessel revealed that the source of the radiation was located in the ship’s engine room. Subsequent screening with a Radiation Isotope Identifier and analysis by CBP Laboratory and Scientific Services Personnel stationed at the NTC revealed that the material was Cobalt 60, a material used in industrial and medical applications. Following coordination with the Science and Technology Directorate’s Secondary Reachback Program, scientists were dispatched from the Department of Energy Radiation Assistance Program and it was confirmed that the radiation levels posed no threat to safety and that it was emanating from a gauge in the ship’s fire extinguishing system. Although this alarm proved to be benign, the event demonstrates CBP’s improving ability to detect sources of radiation in conveyances arriving at our borders and quickly take appropriate action to resolve any potential threats. Indeed, since CBP installed the first RPMs in May 2002, we have resolved over 10,000 radiation hits of vehicles or cargo shipments crossing our borders.
Shneier is rightfully amazed that the large number of false positives generated by the system are actually cited as an example of how well the system is working. I remember coming across this article and registering a similar reaction: high numbers of false positives should not be used as evidence for a system that is functioning well.
False positives in radiation detection can occur due to a variety of causes including (1) fluctuations in the natural radioactive background, (2) presence of other radioactive isotopes whose radiation cannot be distinguished from that being detected, (3) equipment malfunction. A good system design should seek to minimize the frequency of false positives, since they impose a cost: each positive needs to be investigated and the total cost of dealing with false positives is the frequency of false positives times the average cost of conducting an inspection. There are ways to reduce the false positive rate including adequate link budget in the detector system design so that the radiation signature can be effectively discriminated from the background as well as use of detectors with sufficient resolution to be able to distinguish between, say, Cobalt-60 and highly-enriched uranium (HEU).
How well is the system actually working? We need to look at the number of false positives (10,000 in this case) as a fraction of the system throughput (number of containers inspected). We also need to look at the number of false negatives: cases where the detection system failed to recognize radioactive materials. Both false positives and false negatives should be minimized and either category of error represents a failing of the system.
February 14, 2005
The allure of big VC rounds
A lot of good discusson in the blogosphere about Webroot's recent $108 Million round. Arun Natarajan blogs about it and provides a couple of different thoughts on the financing from Robert Cringely and Fred Wilson.
I don't buy Robert's argument that its the fear of losing management fees that drove the Webroot financing. I don't know any of the details of the financing and have no secret source. However the people who did the financing (Accel, Mayfield, and TCV) are some of the smartest folks around and really understand the security space (full disclosure: Robin Vasan was on the board of Trigo Technologies - A company I co-founded). I suspect that unlike traditional VC financings in which VC's invest their money in the company, a part of this transaction was done to buy secondary interest from the founders. This is way for the founders to get some liquidity without necessarily selling the company. This provides some risk mitigation for them and allows them to shoot for a big outcome. The founders and investors probably believe that they can build a huge security company starting with the base of spyware/virusware and then expanding into IDS/IPS/etc.
Can this company fight off Symantec /McAfee/Microsoft in this space? We will have to wait and see.
On a side note Brad Burnham has a post on private companies that have raised over $100 Million in venture capital and its not a pretty history. Hopefully this one will have a better outcome
February 04, 2005
Bypassing security systems
Sometimes a picture is worth a few hundred words (via Bruce Shneier):
January 25, 2005
Radiation detection portals
Some of you might have seen the CBP (Customs and Border Patrol) announcement today re: the deployment of radiation detection portals at borders. The idea is to interdict trafficking of nuclear materials (among others) across US borders. If these are effective, border patrol have the ability to intercept nuclear weapons as they are brought across the borders. This would obviously be a good thing.
How might such a detection system work? I'm going to discuss this in very general terms because I have some misgivings on revealing potentially sensitive information. Consider a uranium bomb with, say, 12 kg of weapons-grade uranium and tungsten "tamper" that acts as a radiation shield. In a sense, this is a conservative weapons model (derived from Fetter, et al) - it is more likely that a terrorist group would use a gun-type bomb which would require about 50kg or more of highly-enriched uranium.
Such a bomb would emit neutrons and gamma rays, but the number of emissions observable at a detector may be smaller than the background rate of neutrons/gamma rays coming from cosmic rays, natural radioactivity, etc. So this presents an interesting problem of resolving signal from noise.
How can you make this detection problem easier? One obvious way is to move the detectors closer to the sources. Another is to increase the exposure time. To explain the latter point, consider a source that generates 20 neutrons/sec at the detector. The neutron background is 50/second with a standard deviation of 7/second (assuming a Poisson process with standard deviation equal to half the mean). Now if you see counts per second of 70, 75, 68, 75, 70..., you might notice a trend of 2-sigma events and conclude that there is a neutron source in your field emitting about 20 neutrons/sec. Well, the same goes for 1-sigma events, over a larger number of intervals, since the probabilities are multiplicative: a string of counts such as 59, 61, 64, 60, 59, 63, 56, 58, 60,... for instance, might lead you to conclude that what you're seeing is a smaller but still definite number of counts (perhaps 8-9 neutrons/second) above the background. So, given longer exposure times, it is possible to definitively detect weaker sources of radiation.
The truck or vehicle pulls up to or passes through the portal (a few meters wide) at pedestrian speeds (say 5 mph). This provides proximity and exposure time, aiding detection. Even so, this is a tricky problem, as noted earlier. Further, maximizing detection time is at odds with the goal of increasing throughput by reducing delays.
The above remarks primarily apply to passive detection, which consists of passively measuring gamma/neutron counts and registering counts that exceed a specified threshold. There is also active detection which involves actively probing the contents of a truck or car using gamma rays or x-rays and using the results to infer the presence of nuclear materials (this is conceptually similar to taking an x-ray image). This works quite a bit better, but obviously, since this is an invasive procedure that could affect any humans within the vehicle, this technique is not as popular as passive detection. However, this technique might be feasible at border checkpoints, where it might be feasible to require the passengers to step out of the vehicle for the duration of the inspection.
November 16, 2004
Photoluminescence spectroscopy for explosives detectionUniversity of Florida researchers have discovered a way to use photoluminescence spectroscopy to detect explosives from a distance. The basic idea is to shine a laser at the object and look at the spectrum of radiation emitted by the object. TNT and other explosives (including plastic explosives and nitroglycerin) have a common and specific well-defined signature corresponding to the presence of two nitro groups.
The development provides instantaneous results, gives no false positives, can be used remotely and is portable -- attributes [Professor Hummel] says will make it indispensable at all levels of law enforcement, from local police to homeland security. “ If I see a ship approaching, I’d like to know if it’s packed with explosives,” Schau said. It’s in the field of remote detection that this is exciting. This really looks like it may give us a leg up on that.” Sample collection for explosives is familiar to anyone who has recently passed through an airport: a swab brushed across an object, such as a suitcase, clothing or even a person, or puffs of air blasted across a filter that can trap tiny amounts of airborne explosives. The advantage of photoluminescence-based explosive detection is that it can be remotely applied, and requires neither time-consuming and expensive machines nor trained dogs, said Hummel, who has applied for a patent on the technique.