ABSTRACT
The basic protection question becomes, can the protection system prevent the specific threat from causing the undesired event, loss of mission? The assessment begins with a review of some of the pertinent information derived earlier in the Risk Evaluation and System Design Process:
• List of critical assets for infrastructure mission (site-specific fault tree) • DBT spectrum description
• Malevolent threat • Natural hazards • Accidents
A complete description of the DBT malevolent threat spectrum including capabilities, motivations, and tactics must be established and documented. The malevolent threat spectrum could include
• Outsiders-with collusion by an insider • An insider adversary
The DBT proposed for demonstration purposes in Chapter 3, “Threat Analysis,” includes a terrorist/ extremist group, a criminal group, a cyberattacker, and a single insider. Table 6.1 describes an example malevolent DBT for demonstration purposes.
