Monday, July 7, 2008

SVA – Attack Scenarios – Scenario Development

This is the next in a series of blogs concerning the Security Vulnerability Assessment (SVA) instructions recently published by DHS. This blog deals developing the attack scenarios used in the analysis. The previous blogs in this series are listed below.

For each type of attack that the facility is required to review there will be three separate steps required to develop the scenario. First the facility will select the most appropriate scenario for that attack. Next they will locate the point of attack on the facility map. Finally they will answer a few questions about the attack scenario.

Select Attack Scenario

Each of the eight modes of attack will have two or three pre-defined attack scenarios provided. There will also be the option for the facility to define their own scenario if none of the pre-defined scenarios is appropriate.

To see how this works, we will look at the Vehicle Born Improvised Explosive Device (VBIED) attack mode. For this attack mode there are three pre-defined scenarios provided (page 63, CSAT Security Vulnerability Assessment Questions).

  • "V1 Adversary places VBIED outside of the facility perimeter, but located close enough (i.e., within 340 feet) for the vehicle bomb to destroy the COI storage tank or area considered the asset.
  • "V2 The adversary cuts the facility back gate open during off hours (i.e., night or weekend operation) and drives the VBIED to a location at the end of the secondary containment closest to tank/area that is this asset.
  • "V3 The adversary accesses the facility with a VBIED by entering the plant site behind a vehicle making an authorized entry or by crashing through a controlled access gate. The adversary drives the VBIED to the storage area or process unit that represents this asset and detonates the device there."

If the asset being evaluated is not within 340 feet (the outer damage circle for the VBIED) of the boundary fence, the V1 scenario cannot be used. If there is no reasonable vehicular access to a back gate, the V2 scenario cannot be used. If there were some reason that none of the scenarios could be used, the facility would need to try to develop a scenario that would allow the VBIED to enter the facility and be placed within 340 feet of the asset.

Locate Point of Attack

For assets that have a release COI as the primary COI most of the attack scenarios will require the placement of the attack location on the facility map. For Aircraft and Assault attack scenarios, the attack location will automatically be considered to be the previously indicated location of the asset. For the Maritime, VBIED, and Standoff attack scenarios the attack location will be selected to achieve the maximum damage consistent with the scenario.

To understand ‘consistent with the scenario’ one only needs to look at the maritime attack mode as an example. The attack location must be on the waterway. If such an attack can only affect a small portion of the asset, a single storage tank for example within the 270 feet of the attack location, that will be the attack location with the maximum damage for that attack scenario.

The specific rules for ‘maximum damage’ vary with the security issue of the COI (page 65):

  • "If the primary COI of the asset being attacked is a release-toxic, identify the location of the attack that results in the greatest amount of the specific release-toxic COI released.
  • "If the primary COI of the asset being attacked is a release-flammable, identify the location of the attack that results in the greatest amount of release-flammable COI released.
  • "If the primary COI of the asset being attacked is a release-explosive, identify the location of the attack that results in the greatest amount of release-explosive COI released."

It is interesting that for release toxic COI the maximum damage relates only to the "specific release-toxic COI" released but for flammable and explosive release COI only calls for the "greatest amount of release-flammable" or "greatest amount of release-explosive" COI. This indicates that multiple COI for flammable and explosive release should be included in the determination of maximum damage.

Answering Scenario Questions

Once the attack location is indicated on the map the Preparer will be asked if any portion of the asset is within the inner damage circle (note: the Standoff attack scenarios only have a single damage circle so that would be the inner circle). Of course, the Aircraft and Assault scenario automatically have their attack location centered on the asset, so this question is not asked for those scenarios; the answer is "Yes" by definition. If no portion of the asset is within the inner damage circle (9-psig overpressure) that attack scenario is considered complete.

For attack scenarios for release COI the Preparer will be asked how many facility personnel would be within the outer damage circle (3-psig overpressure). This question is looking for the maximum number of full-time employees and resident contractors that could be within that damage circle at any given time. It would not include excess personnel that are on site for periodic events like turnarounds.

For Diversion attack scenarios the Preparer will be asked if customers are allowed to pick-up orders at this asset. The answer to that question will determine what questions will be asked later in the SVA about this scenario.

For Theft, Diversion and Sabotage attack scenarios the Preparer will be asked two questions dealing with the Quantity of COI at risk and the concentration of the COI.

Looking Forward

While the development of the scenario is about done at this point there will still be an extensive series of questions about the scenarios that will deal with the vulnerability of the facility to these attacks. Those questions will be dealt with in the next blog in this series.

No comments:

/* Use this with templates/template-twocol.html */