Now that the Top Screens have been completed, many facilities are in the process of starting their Security Vulnerability Assessments (SVA). For most facilities this is a new process and it has a language of its own. A review of some of the term definitions will help teams at the facilities better understand what they are under taking. Most of the definitions I’ll be discussing come from the CCPS SVA Guideline Book "Guidelines for Analyzing and Managing the Security Vulnerabilities of Fixed Chemical Sites."
Differences between Safety and Security Assessments
In many respects an SVA is similar to the various safety assessments with which the chemical industry is well familiar. The main difference is that an SVA is looking at intentional efforts to cause harm to the facility and the surrounding community rather than accidental or unintentional acts evaluated for safety reviews. Since the terrorist conducting the attack is intending to do the maximum damage possible, the consequences of that attack is likely to be worse than the worst case scenario determined the normal safety assessment.
For example, when considering a worst case release scenario for a toxic chemical the facility would typically consider the rate of release as the flow rate through an open valve on a storage tank. While that would be a possible scenario in a terrorist attack, a more likely scenario would be the catastrophic failure that storage tank due to an explosive device. In that scenario the rate of release would be essentially instantaneous.
Theft or diversion of a chemical is not normally considered as a scenario in a safety review. In an SVA, on the other hand, that could well be considered as a worse case scenario. If a cylinder of chlorine were breached in a chemical facility the results would be limited to that facility where personnel would be trained to deal with that release. If that cylinder were stolenand were made part of a dirty bomb placed in a school the affects would be much more severe.
Definition of Risk
The CCPS Guidelines define risk as “an expression of the likelihood that a defined threat will exploit a specific vulnerability of a particular attractive target or combination of targets to cause a given set of consequences.” Unfortunately the ‘likelihood’ cannot be expressed quantitatively.
In a safety assessment we can discuss how often an initiating event has been seen at the facility within the last five years thus allowing for a quantitative comparison of risk. This works well for discussing equipment failures or employee errors. There have not been enough terrorist attacks, thankfully, for this to be a reasonable measure of future terrorist attacks.
Instead ‘likelihood’ in an SVA context is a consensus assessment of a comparative nature. It is made by a team of trained, highly experienced professionals in the fields of process safety and security. It is a comparison of potential adverse events and consequences at that particular facility.
Definition of Consequences
The consequences of a terrorist attack include those consequences considered in a safety review with two caveats. First the consequences are frequently of a more severe nature in a terrorist attack since that attack is predicated on doing more damage. Thus a safety review would consider the consequences mitigated by safety devices. A determined terrorist would plan to bypass those safety systems and thus negate the mitigation.
Second, in a terrorist scenario there are additional consequences that must be considered. As mentioned earlier the off-site release or weaponization of a stolen chemicalswould be considered in an SVA. Additionally the loss of production of economically critical or mission critical chemicals must be considered. Even the effects on nearby critical infrastructure such as railroads, water treatment facility or food processing plant should be included in the analysis of consequences.
Definition of Threat
When we speak of terrorist threats most people today think of Islamic extremists or Al Qaeda. The threat spectrum is much wider than that. Modern terrorist attacks have come from a wide range of backgrounds, including:
· Religious extremists
· Political extremists
· Foreign governments
Political extremists arise from both conventional political groups (communists, nationalists, etc) and increasingly from special interest groups. In the United States in particular extremists from the ecology, animal rights, white supremacy and anti-abortion movements have resorted to acts of terrorism. While none of these groups have yet targeted chemical facilities, increasing levels of violence associated with these groups may make chemical plants inviting targets.
Criminal gangs in Eastern Europe and Asia have increasingly used violence against commercial and industrial facilities as a prelude to extortion. The expansion of these groups into the United States almost insures that such attacks will happen here. Increasingly, these groups are resorting to electronic attacks on both enterprise systems and control systems. The CIA has reported successful criminal attacks on power generation control systems in Europe.
According to both the FBI and CIA there has been an increasing number of electronic attacks against government and commercial facilities in the United States. While criminal groups account for a number of these attacks, it appears that foreign governments are increasingly involved. Since some of these governments are directly involved in commercial interests in their country, they may be expected to increase their level of attacks against control systems at chemical facilities to gain commercial advantages or manipulate chemical markets.
While the terrorist acts of groups are frequently easier to detect in the planning phase (and thus easier to prevent) the individual with a personal grievance has historically been a harder terrorist to stop in advance of their attack. These individuals may be increasingly vocal in their agitation against a facility or community prior to resorting to violence, but they are frequently written off as nuts.