Picture the following scenario: A guard at a nuclear site is notified through his AVERT software of an unidentified man approaching the front gate. He appears to be carrying a weapon. The guard has a few choices. Does he confront the man, shoot at him, or notify other officers who may have quicker access? How fast would the guard need to run in order to get close to the man? And if he shoots, what happens if he misses? This would be a random event that could send the trajectory of his choices in a new direction. Does the man fire back? That’s another trajectory. What is the guard’s skill level? Is the intruder acting alone or are others lurking?
All of these questions and thousands more have been entered into algorithms that use random number (Monte Carlo) simulation to calculate the probability of security system effectiveness, or “the probability of defending your site,” according to Christopher Guryan, chief scientist for ARES Security Corporation and the main brain behind AVERT (Automated Vulnerability Evaluation for Risks of Terrorism) software.
Developed over the course of two decades, AVERT has grown from answering the U.S. government’s call for a mathematical method that could quantify the risk of an accident to a complex modeling and simulation software that can quickly quantify the security effectiveness of a site. The software uses a physical model of reality and thousands of attack and response scenarios to analyze the probability that an intruder will be detected and stopped before achieving his objective. AVERT employs satellite photos or Geographic Information System data to visualize model locations in 3D, along with associated terrains, natural and manmade barriers, sensors, and guards. Using a trove of quantitative data, the model then simulates potential attack scenarios and assesses potential defensive counter measures against an attacker.
Twenty years ago statistical methods were not commercially available to quantify “the bad guy” risk — someone using weapons and/or trying to sabotage a site, according to Robert Scott III, senior vice president of business development and marketing for ARES Security. The focus at the time was on reactor safety to avoid nuclear radiation exposure to the population. Richard Stuart, the president and founder of ARES Corporation, which spun off ARES Security in 2012, began the development of what was to become AVERT in the late 1990s after he saw the need for a security assessment on the nuclear payload of F-15 and F-16 jets. ARES Corp. received a Phase I Small Business Innovation Research contract in 1999 to explore Stuart’s idea.
What began as a mathematical analysis of possible accidental risk morphed into a much broader consideration of security and terrorism after the September 11, 2001, attacks. A Phase II contract awarded that year through the Defense Threat Reduction Agency (DTRA), part of the U.S. Department of Defense (DoD), tasked ARES Corp. with expanding its proof of concept to production software to be used within DoD and the Department of Energy. One of AVERT’s first tasks was to quantify the likelihood of success of someone trying to steal a nuclear weapon. “We were trying to answer a very basic question, particularly after 9/11, which was ‘can we protect U.S. sites from terrorist attacks?’” Guryan said. “We came up with a rigorous mathematical approach.”
Nuclear sites were identified early as facilities that needed much greater security. “To protect against terrorism, nuclear sites went from a chain-link fence and people with sidearms checking IDs at the gate to multiple fence lines, concertina wire, bullet-resistant enclosures, and lots of automatic weapons,” Scott said. Along the way, the Departments of Defense and Energy put AVERT software through extensive verification and validation testing, and the Department of Homeland Security certified the software, providing users a broad limitation of liability against acts of terrorism when using AVERT.
Early on, ARES Security realized AVERT was also valuable to commercial nuclear sites, which are regulated by the Nuclear Regulatory Commission (NRC). Today ARES Security’s AVERT software is used to protect 65 percent of North America’s nuclear reactors, according to Scott, as well as many other critical facilities around the world. None of this would have happened had ARES Corp. not received these SBIRs, Guryan said. “The number of people who need the software is pretty small, but they really do need it. Without the government stepping in and leading the way, we wouldn’t have been able to improve the software and offer it to the private concerns that we do now.”
A key element of AVERT is its ability to provide quantitative measurement of potential cost savings; estimates are that 20 to 25 percent of the operating budget of a commercial nuclear facility is spent on security. In one scenario cited by Scott, officials considered installing an expensive $22 million ballistic fence around a nuclear site. Using AVERT, planners found that the fence would likely be used to protect adversaries from guard force fire. “We suggested an alternative chainlink fence and re-ran the simulation,” Scott said. “That resulted in a $17 million cost savings and the security of the site was actually improved.” Manpower is nearly always a key cost, Scott noted. Adding AVERT provides the analytics required to evaluate manpower reduction while retaining overall effectiveness. “A number of the commercial sites are evaluating the tradeoffs between capital improvements and security personnel,” Scott said. “For example, ‘what if I add an extra fence, increase camera detection, and take out two guards?’ The longterm manpower savings may be attractive versus the capital costs. AVERT provides the analytics to assure the right decisions are being made,” Scott explained. He said that ARES Security analysis has helped many commercial nuclear sites eliminate one to two posts; generally there are four employees per post, so the savings can amount to $500,000 to $1 million a year, and net current values of $10 million over a 25-year period. Scott said some sites have been able to use advanced AVERT software to reduce more posts while meeting the NRC’s security requirements.
Looking forward, Scott said, “ARES Security recognizes the need to prepare security forces through exercises and training for increasingly sophisticated threats. It also recognizes the need for security operation centers to leverage modeling and simulation on a real-time basis.” What began as an idea centered on using rigorous mathematics to assess accidental risk has grown into an extensive tool used by government and industry alike to provide situational awareness, evaluate risk and response, avert attacks and sabotage— and in the meantime streamline operations and save money. Most importantly, that guard at the nuclear site has the tool he needs to meet any contingency.
Modernization Priority: General Warfighting Requirements (GWR) Burlingam, CA • SBIR contract: DTRA01-01-C-0039 • Agency: DTRA • Topic: DTRA99-009, Automated Vulnerability Evaluation for Risks of Terrorism (AVERT) Software Development