Monday, November 19, 2007

Restricted areas at chemical facilities: The outer perimeter

As more and more chemical facilities start to progress through the CFATS process, more facilities are going to start looking at establishing restricted areas as part of their site security plans. Restricted areas can form the basis for the layered defense that DHS envisioned in their preamble to the final rule for 6 CFR part 27; a layered defense that is supposed to deter, detect and delay any terrorist attack long enough for an appropriate response to be made.


Every facility covered under CFATS will have at least one restricted area, the facility itself. The first Risk Base Performance Standard that all Site Security Plans must address is securing the facility perimeter {Section 27.230(1)}. Typically this will entail establishing a perimeter barrier of some sort with entrance and egress controlled through a restricted number of openings in that barrier. These are the two main keys to any restricted area; a perimeter barrier and access control.


At most chemical facilities in the United States, the perimeter barrier is a 6 foot chain link fence with barbwire strung on 18 inch outriggers along the top. It is relatively inexpensive to erect and maintain. It is also very easy to penetrate. No one with any significant military or paramilitary training will be delayed by such a barrier by more than a minute or two. Surreptitious entry may take a few minutes more.


Penetration of this type barrier is made easier by two common mistakes; failure to establish and maintain clear zones on either side of the fence and failure to monitor the fence. Brush and debris along the outside of the fence allows the intruder to approach the barrier without being observed and makes it easier to cut or climb the fence. The same type obstructions on the inside of the fence make it easier to disappear into the facility without being detected. Failure to maintain observation of the perimeter fence will allow the most incompetent intruder access without detection.


Most facilities construct their perimeter fence right inside of their property line. This may make it impossible to prepare and maintain a cleared control zone outside of the fence. The easiest way to deal with this is to construct a second fence within the property line fencing, allowing the facility easier control of the cleared zones. The property line fence can be used as all, or part of, the restricted area security fence when outside cleared zones can be maintained.


There is no requirement that the security fence be at or even near the property line. If there is a significant amount of unused land around the facility it may make economic and security sense to establish the security fence well inside of the property line to reduce the amount of fencing required.


To deter and detect the breaching of the security fence, the fence must be maintained under constant observation. In the old days that would have meant guard towers/houses around the fence or constant foot patrols by guards. Today, fortunately, there are a wide variety of electronic systems that perform the detection duty at least as well as an extensive security force. The system used at any facility will have to be tailored to the local conditions by a trained security expert but should include at a minimum some sort of closed circuit television system (CCTVS) for observation and an intrusion detection system (IDS) to alert the security personnel to watch a particular section of the barrier.


Any good IDS system will give a number of false positive alarms or it isn’t sensitive enough to detect the well trained intruder. This is the main reason for the use of a CCTVS; it allows a relatively small guard force to check out each of the IDS alarms quickly and securely. Ideally the IDS would detect a possible intruder outside of the fence, allowing the security personnel to alert responders before the penetration is made.


Yes, responders; a response of some sort will have to be made to any breach ofthe security fence. This is another reason that a good CCTVS is required; identification of the security threat presented by the intruders is going to have to be made to craft an appropriate response. The facility would respond one way to a couple of kids coming over the fence for some sort of prank and in a completely different way for a team of armed intruders. A good visual identification is key to responding appropriately.


Few but the largest, highest risk chemical facilities will be able to afford or to justify having an armed response force on-site. Since sending out anything but armed responders to deal with armed intruders is ludicrous, alternative responses will have to be crafted. While almost all responses will include notifying local police and emergency responders other actions that might be considered include (but are certainly not limited to):


1.      Shutdown of key processes and evacuation of personnel.

2.      Lockdown of key portions of the facility.

3.      Initiation of emergency response procedures for chemical storage facilities.

4.      Moving chemical processes into inherently safe modes.

5.      Initiating automated fire fighting and or response equipment.

6.      Emergency notification of surrounding facilities or the community.


None of these actions are to be taken lightly since they may include significant economic and political ramifications. They must be thought out and planned for well in advance. Clearly spelled out in a Security Response SOP, the security force and facility personnel must be trained and drilled in their implementation and appropriate advanced coordination must be made with outside agencies.


How elaborate these perimeter security measures are for any given facility will be dictated by the potential threat. A Tier 1 chemical facility will certainly require a much more elaborate response to a security breach than a Tier 4 facility. The basics will, however, remain the same; the establishment of a security barrier under constant observation and a planned/rehearsed response to the breach of that barrier consistent with the threats identified in the Security Vulnerability Assessment.

No comments:

/* Use this with templates/template-twocol.html */