security vulnerability analyses of chemical & process facilities · 2019-04-15 · facility or...
TRANSCRIPT
©Copyright AcuTech 2002
Security Vulnerability Analyses Security Vulnerability Analyses of Chemical & Process Facilitiesof Chemical & Process Facilities
Presented by:
David A. Moore, PE, CSPPresident & CEOAcuTech Consulting Group88 Kearny Street, Suite 1630San Francisco, CA 94108www.acutech-consulting.com
Canadian Society of Chemical Engineers2002 ConferenceVancouver, B.C.
October 21, 2002
©Copyright AcuTech 2002
TopicsTopics
The new security risk imperativeThe new security risk imperative
Overview of Security Vulnerability Overview of Security Vulnerability Analysis TechniquesAnalysis Techniques
Security vulnerability analysis (SVA) Security vulnerability analysis (SVA) criteriacriteria
SVA approachesSVA approaches
Recommended path forwardRecommended path forward
©Copyright AcuTech 2002
A New Risk ImperativeA New Risk Imperative
Generalized concern at all levels of public and private Generalized concern at all levels of public and private industry of terrorismindustry of terrorism–– Is it founded? Yes, but not universallyIs it founded? Yes, but not universally
An apparent trend of more aggressive and frequent An apparent trend of more aggressive and frequent domestic and foreign terrorismdomestic and foreign terrorism–– Long term problem Long term problem –– more diverse than terrorismmore diverse than terrorism–– Look beyond 9Look beyond 9--11 11 –– new era of securitynew era of security–– Generalized international problemGeneralized international problem
Intentional acts have mostly been ignored in process Intentional acts have mostly been ignored in process risk managementrisk management–– The threat has been considered to be lowThe threat has been considered to be low
©Copyright AcuTech 2002
Premise #1: The Threat is Now Premise #1: The Threat is Now CredibleCredible
AP Photo
©Copyright AcuTech 2002
Pi Pi GlilotGlilot Fuel Depot, Israel, May 23, 2002Fuel Depot, Israel, May 23, 2002
A bomb attached to a tanker truck exploded at IsraelA bomb attached to a tanker truck exploded at Israel’’s largest s largest fuel depot near densely populated Tel Aviv. There were no fuel depot near densely populated Tel Aviv. There were no injuries. injuries. The bomb was planted under the truck as it was parked The bomb was planted under the truck as it was parked overnight in front of the driver's home and security officers overnight in front of the driver's home and security officers failed to spot it at the perimeter. failed to spot it at the perimeter. The blast set fire to diesel fuel that leaked from the tanker anThe blast set fire to diesel fuel that leaked from the tanker and d burned the cab onlyburned the cab onlyFirefighters were able to control the incident before it spread Firefighters were able to control the incident before it spread to to aboveabove--ground tanks of hydrocarbon fuels and gases. ground tanks of hydrocarbon fuels and gases. "The terror organizations moved today to a new phase of "The terror organizations moved today to a new phase of attacks attacks -- strategic targets," said a former Israeli security official.strategic targets," said a former Israeli security official.
©Copyright AcuTech 2002
Pi Pi GlilotGlilot Fuel Depot, Israel, May 23, 2002Fuel Depot, Israel, May 23, 2002
©Copyright AcuTech 2002
Pi Pi GlilotGlilot Fuel Depot, Israel, May 23, 2002Fuel Depot, Israel, May 23, 2002
©Copyright AcuTech 2002
Premise #2: The Enemy is Determined Premise #2: The Enemy is Determined and Capableand Capable
©Copyright AcuTech 2002
Premise #3: Attack/Theft/Misuse of Premise #3: Attack/Theft/Misuse of Chemicals or Asset Degradation Must Be Chemicals or Asset Degradation Must Be
EvaluatedEvaluated
©Copyright AcuTech 2002
Key Security Issues of ConcernKey Security Issues of Concern
Damage to infrastructure or the Damage to infrastructure or the business function or value of the business function or value of the facility or the entire company through facility or the entire company through intentional acts.intentional acts.
Degradation of assets
Intentional cross contamination or Intentional cross contamination or spoilage of plant products to cause spoilage of plant products to cause worker or public harm on or offsiteworker or public harm on or offsite
Contamination or spoilage
Theft, diversion, or misuse of a Theft, diversion, or misuse of a chemical with the intent to cause chemical with the intent to cause severe harm at the facility or offsitesevere harm at the facility or offsite
Chemical theft or misuse
Intentional damage of equipment or Intentional damage of equipment or the malicious release of chemicalsthe malicious release of chemicals
Loss of containment of hazardous chemicals
ScopeScopeIssueIssue
©Copyright AcuTech 2002
Premise #4: Vulnerabilities Need to be Premise #4: Vulnerabilities Need to be Identified and AnalyzedIdentified and Analyzed
©Copyright AcuTech 2002
Premise #5: Countermeasures May Need Premise #5: Countermeasures May Need to be Enhancedto be Enhanced
Assess whether current security measures Assess whether current security measures effectively address these new and unforeseen effectively address these new and unforeseen threatsthreatsMake enhancements as required to ensure Make enhancements as required to ensure adequate safety of the public, workers, and adequate safety of the public, workers, and the environment and the protection of the environment and the protection of corporate assets.corporate assets.
©Copyright AcuTech 2002
Countermeasures Countermeasures –– Integrated Process and Integrated Process and Security Strategies and SystemsSecurity Strategies and Systems
Security MeasuresSecurity MeasuresPhysical SecurityPhysical SecurityTechnical SecurityTechnical SecurityCyber SecurityCyber SecurityOperational Operational SecuritySecurity
Sandia Photo
©Copyright AcuTech 2002
Countermeasures Countermeasures –– Integrated Process and Integrated Process and Security Strategies and SystemsSecurity Strategies and Systems
Process Safety Process Safety MeasuresMeasures
InherentInherentPassivePassiveActiveActiveProceduralProcedural
©Copyright AcuTech 2002
Acceptable Risk Acceptable Risk -- How Secure is How Secure is Secure Enough?Secure Enough?
Facilities cannot prevent or protect against all Facilities cannot prevent or protect against all known or suspected threats, known or suspected threats, There are reasonable measures and There are reasonable measures and approaches that can be taken for certain approaches that can be taken for certain threats, but... threats, but... Beyond that upper limit, facilities need to Beyond that upper limit, facilities need to seek out assistance and coordinate efforts seek out assistance and coordinate efforts with federal, state, and local law enforcement with federal, state, and local law enforcement agencies for adversary intervention. agencies for adversary intervention. Today the threshold of security is low at most Today the threshold of security is low at most locationslocations
©Copyright AcuTech 2002
Security Limits?Security Limits?
Reuters Photo
©Copyright AcuTech 2002
At What Cost? At What Cost? –– Analysis is Not the Analysis is Not the ProblemProblem
The vulnerability analyses should take far less The vulnerability analyses should take far less time than PHAs time than PHAs –– 88--10 days for a major refinery for onsite time and 10 days for a major refinery for onsite time and
team analysisteam analysis
But, may result in extraordinary costs for But, may result in extraordinary costs for enhanced countermeasures that are expected enhanced countermeasures that are expected to be available right awayto be available right away–– Physical security upgrades $1Physical security upgrades $1--3 mm/plant?3 mm/plant?–– Operational security costs?Operational security costs?
©Copyright AcuTech 2002
Uncertain FutureUncertain Future
AP Photo
©Copyright AcuTech 2002
CCPS Security Project BackgroundCCPS Security Project Background
Large Collaborative EffortLarge Collaborative Effort37 people, 21 companies, 4 organizations (EPA, 37 people, 21 companies, 4 organizations (EPA, CCPS, SOCMA, ACC)CCPS, SOCMA, ACC)
One of CCPS fastest projects ever and the One of CCPS fastest projects ever and the
fastest book CCPS ever producedfastest book CCPS ever produced
Start November 2001; Final Document Start November 2001; Final Document –– July July
20022002
AcuTech Consulting was primary authorAcuTech Consulting was primary author
©Copyright AcuTech 2002
Ch 1 Ch 1 –– IntroductionIntroduction
Ch 2 Ch 2 –– SVA ConceptsSVA Concepts
Ch 3 Ch 3 –– SVA MethodologySVA Methodology
Ch 4 Ch 4 –– Managing Chemical Managing Chemical
Facility SecurityFacility Security
AppendicesAppendices
A A –– CriteriaCriteria
B B –– Screening ToolScreening Tool
C C –– Worksheets and checklistsWorksheets and checklists
Guidelines forAnalyzing andManaging the
Security Vulnerabilities
Of Fixed Chemical
Sites
©Copyright AcuTech 2002
Project Planning
Facility Characterization
ThreatIdentification
VulnerabilityAnalysis
SelectCountermeasures
Followup
CCPS Security Vulnerability Assessment
CCPS
©Copyright AcuTech 2002
Step 1: Project PlanningStep 1: Project Planning
Organize a teamOrganize a team
Define objectivesDefine objectives
Determine scope Determine scope
and boundariesand boundaries
©Copyright AcuTech 2002
Step 2: Facility CharacterizationStep 2: Facility Characterization
Identify materials/assetsIdentify materials/assets
Asset locations/operating systemsAsset locations/operating systems
Target attractiveness determination Target attractiveness determination
Review layers of protection and existing Review layers of protection and existing
integrated security programintegrated security program
Consequence analysisConsequence analysis
©Copyright AcuTech 2002
Where are Critical Assets?Where are Critical Assets?
©Copyright AcuTech 2002
AssetsAssets
Chemical
PeopleOperational
Financial Information
©Copyright AcuTech 2002
Certain Targets are More Certain Targets are More AttractiveAttractive
©Copyright AcuTech 2002
Cyber AssetsCyber Assets
©Copyright AcuTech 2002
Critical Infrastructure Critical Infrastructure and Collateral Impactsand Collateral Impacts
AP Photo
©Copyright AcuTech 2002
Determine ConsequencesDetermine Consequences
AP Photo
©Copyright AcuTech 2002
Highest Priority - Could There Be An Impact on the Public?
©Copyright AcuTech 2002
Existing Layers of Protection (Process Existing Layers of Protection (Process Safety and Security)Safety and Security)
CCPS
©Copyright AcuTech 2002
Step 3: Threat IdentificationStep 3: Threat Identification
Determine adversaries Determine adversaries
(insiders/outsiders/ collusion)(insiders/outsiders/ collusion)
Adversary characterizationAdversary characterization
-- Capabilities?Capabilities?
-- Characteristics?Characteristics?
Make use of available intelligenceMake use of available intelligence
©Copyright AcuTech 2002
Threat = Threat = f f (Capabilities + Intent + (Capabilities + Intent + Motivation)Motivation)
Threat
Capabilities Intent Motivation
©Copyright AcuTech 2002
Threat Assessment Threat Assessment -- CapabilitiesCapabilities
AP Photo
©Copyright AcuTech 2002
Step 4: Vulnerability AnalysisStep 4: Vulnerability Analysis
Asset/Threat PairingAsset/Threat Pairing
Brainstorm Issues Brainstorm Issues
Analyze Possible VulnerabilitiesAnalyze Possible Vulnerabilities
AssetAsset--based approachbased approach
ScenarioScenario--based approachbased approach
Assess RiskAssess Risk
©Copyright AcuTech 2002
ScenarioScenario--Based AnalysisBased Analysis
551TOF- Background checks performed on ll l
Complete loss of contents; major release of chlorine
h
INSInsider with explosives sets charge at
k
Loss of containment
1. Provide an additional fence line barrier at the entrance past the initial guard entry point to delay any vehicle from driving away while IDs are verified.2. Provide vehicle barriers at other site gates.
441TOF- Vehicle search procedure in place at the site- Vehicle barriers installed at front gate that prevents trucks and cars from ramming gate at high speed- Site ERP addresses large-scale Cl2 releases
Complete loss of contents; major release of chlorine to atmosphere; downwind exposure to community
EXTVehicle with explosives breachesmain gate and detonates at tank
Loss of containment
IMPROVED COUNTERMEASURESRLSCAT BEXISTING
COUNTERMEASURESCONSEQUENCESCAT AUNDESIRED EVENTTYPE OF ACT
Mode of Operation:Node/System:Asset:
___ of ___/ /
Sheet:DateLocation:Facility Name:Project Name:Project Number:
©Copyright AcuTech 2002
Step 5: Select CountermeasuresStep 5: Select Countermeasures
Address vulnerabilities identified in Address vulnerabilities identified in vulnerability analysisvulnerability analysisReassess risk considering value of Reassess risk considering value of proposed countermeasuresproposed countermeasuresPrioritize recommendationsPrioritize recommendationsCost benefit analysisCost benefit analysis
©Copyright AcuTech 2002
FollowupFollowup (Outside SVA Process)(Outside SVA Process)
Recommendations to management Recommendations to management and track decisionand track decision--process and process and implementationimplementation
Evaluate recommendations to ensure Evaluate recommendations to ensure new vulnerabilities are not introducednew vulnerabilities are not introduced
Revalidation of SVA as requiredRevalidation of SVA as requiredMajor changeMajor changeNew facilityNew facilityChange in threat Change in threat Periodic reviewPeriodic review
©Copyright AcuTech 2002
Future of Security Future of Security in the Chemical Industryin the Chemical Industry
Possibility of Regulations for SVA and to specify Possibility of Regulations for SVA and to specify security (S.1602/Homeland Security/EPA?).security (S.1602/Homeland Security/EPA?).
Need to complete SVAs to analyze risks as first Need to complete SVAs to analyze risks as first priority.priority.
Facing issues of acceptable risk without a clear Facing issues of acceptable risk without a clear threat.threat.
Going beyond physical security inherent Going beyond physical security inherent safety.safety.
Likely to be changes in public acceptance of risk of Likely to be changes in public acceptance of risk of operations, especially if the industry is attacked.operations, especially if the industry is attacked.
Need to prepare for these realities.Need to prepare for these realities.
©Copyright AcuTech 2002
Path ForwardPath Forward
AP Photo