DEVELOPMENT OF A RISK ASSESSMENT PROGRAM AGAINST TERRORISM IN REPUBLIC KOREA



Similar documents
SCREENING FACILITIES FOR CYBER SECURITY RISK ANALYSIS. by Paul Baybutt Primatech Inc

Security Vulnerability Assessment Methodology for the Petroleum and Petrochemical Industries. May 2003

October Security Vulnerability Assessment Methodology for the Petroleum and Petrochemical Industries, Second Edition

Security Vulnerability Assessment

CYBER SECURITY RISK ANALYSIS FOR PROCESS CONTROL SYSTEMS USING RINGS OF PROTECTION ANALYSIS (ROPA)

LNG and Petrochemical Security Risk Assessment and Management

MAJOR PROJECTS CONSTRUCTION SAFETY STANDARD HS-09 Revision 0

Oil & Gas Industry Towards Global Security. A Holistic Security Risk Management Approach.

Oil and Gas Industry A Comprehensive Security Risk Management Approach.

QUANTITATIVE RISK ASSESSMENT FOR ACCIDENTS AT WORK IN THE CHEMICAL INDUSTRY AND THE SEVESO II DIRECTIVE

Ten Tips for Completing a Site Security Plan

Cornell University PREVENTION AND MITIGATION PLAN

BUILDING DESIGN FOR HOMELAND SECURITY. Unit I Building Design for Homeland Security

AN ASSET-BASED APPROACH FOR INDUSTRIAL CYBER SECURITY VULNERABILITY ANALYSIS

REQUIREMENTS RESPECTING THE SECURITY OF OFFSHORE FACILITIES

Guidance on Process Safety Performance Indicators

Security Guidelines. for the Petroleum Industry. Third Edition. Petroleum Refineries. Liquid Petroleum Pipelines

Terrorist Protection Planning Using a Relative Risk Reduction Approach*

A Risk Assessment Methodology (RAM) for Physical Security

UF Risk IT Assessment Guidelines

A Method to Assess the Vulnerability of U.S. Chemical Facilities

Controlling Risks Risk Assessment

DASTA Guide to Business Continuity (BC) and Disaster Recovery (DR) Planning

CRITICAL INFRASTRUCTURE PROTECTION BUILDING ORGANIZATIONAL RESILIENCE

The Locomotive. Risk-Informed Fire Protection

Risk Management Handbook

A DEVELOPMENT FRAMEWORK FOR SOFTWARE SECURITY IN NUCLEAR SAFETY SYSTEMS: INTEGRATING SECURE DEVELOPMENT AND SYSTEM SECURITY ACTIVITIES

Department of Homeland Security Office for Domestic Preparedness. Campus Preparedness Assessment Process

1. Computer Security: An Introduction. Definitions Security threats and analysis Types of security controls Security services

BUSINESS IMPACT ANALYSIS.5

National Infrastructure Protection Center

Designing an Effective Risk Matrix

Unit Guide to Business Continuity/Resumption Planning

Supplemental Tool: Executing A Critical Infrastructure Risk Management Approach

Section VI Principles of Laboratory Biosecurity

Continuity of Operations Planning. A step by step guide for business

Prepared by Rod Davis, ABCP, MCSA November, 2011

Hazard Identification and Risk Assessment in Foundry

CARVER+Shock Vulnerability Assessment Tool

Subject: Critical Infrastructure Identification, Prioritization, and Protection

Assessment of natural hazards, man made hazards, technical and societal related risks and associated impact.

"DOT IN-DEPTH HAZMAT SECURITY TRAINING"

Version: 1.0 Last Edited: Guideline

3.4.4 Description of risk management plan Unofficial Translation Only the Thai version of the text is legally binding.

December 17, 2003 Homeland Security Presidential Directive/Hspd-7

Implementation Guide for Responsible Care Security Code of Management Practices Site Security & Verification

RC-17. Alejandro V. Nader National Regulatory Authority Montevideo - Uruguay

Ohio Supercomputer Center

Business Impact Analysis (BIA) and Risk Mitigation

The Integrated Physical Security Handbook

Business continuity plan

FAQ SHEET - LAYERS OF PROTECTION ANALYSIS (LOPA)

Security risk analysis approach for on-board vehicle networks

Disaster Recovery Plan (DRP) / Business Continuity Plan (BCP)

Information Security Management System. Business Continuity and Disaster Recovery Plan Policy. The Smart Cube. Description Change

Security Vulnerability Assessment (SVA) Revealed

Risk Assessment and Risk Management: Necessary Tools for Homeland Security

VULNERABILITY ASSESSMENT. Correctional Facilities Are Only as Secure as Their Weakest Point

Page Administrative Summary...3 Introduction Comprehensive Approach Conclusion

Enterprise Security Risk Assessments What are we trying to protect and why?

SECURITY VULNERABILITY CHECKLIST FOR ACADEMIC AND SMALL CHEMICAL LABORATORY FACILITIES

Cyber Security: Threat & The Maritime Environment Cyber Security: now byting the maritime industry

How To Write A Book On Risk Management

Threat scenario based security risk analysis using use case modeling in information systems

NIST National Institute of Standards and Technology

318 DECREE. of the State Office for Nuclear Safety of 13 June 2202,

How To Manage A Security System

Introduction. Chapter 1

Safety and security are simply good business.

Dangerous Goods Safety Guidance Note. Dangerous goods emergency plans for small businesses

QUANTITATIVE MODEL FOR INFORMATION SECURITY RISK MANAGEMENT

Business Continuity & Disaster Recovery

WMD Terrorism Risk Assessment in the Department of Homeland Security. Why Risk Assessment? Probabilistic Risk Assessment

BEST PRACTICE FOR THE DESIGN AND OPERATION OF HIGH HAZARD SITES

UFF Position Statement: Fire and Smoke as a Weapon

NCUA LETTER TO CREDIT UNIONS

Disaster Recovery Planning

Developing a Risk Management Plan. New Partners Initiative Technical Assistance Project (NuPITA)

Consequence Analysis: Comparison of Methodologies under API Standard and Commercial Software

Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary

TEXAS HOMELAND SECURITY STRATEGIC PLAN : PRIORITY ACTIONS

Interactive-Network Disaster Recovery

Threat and Hazard Identification and Risk Assessment

Rail Carrier Security Criteria

PROTECTING CRITICAL CONTROL AND SCADA SYSTEMS WITH A CYBER SECURITY MANAGEMENT SYSTEM

Risk Assessment Annex September 2011, Zoo Animal Health Network

Supplemental Tool: NPPD Resources to Support Vulnerability Assessments

Threat Management: Incident Handling. Incident Response Plan

New Project SAFE CITY

Transcription:

DEVELOPMENT OF A RISK ASSESSMENT PROGRAM AGAINST TERRORISM IN REPUBLIC KOREA Younghee Lee, Jinkyung Kim and Il Moon Department of Chemical Engineering, Yonsei University, 134 Sinchon-dong, Seodaemun-gu, Seoul, 120-749, Korea; Tel.: þ82-2-363-9375, Fax: þ82-2-312-6401, e-mail: lisma1847@yonsei.ac.kr This study focuses on assessing the chemical terrorism security risks at chemical industry facilities and public utilities. Most of the chemical facilities remain unsecured despite their clear vulnerability as terrorism and sabotage targets in Korea. Effective chemical terrorism response plans must be adopted quickly to increase the security. This study modifies conventional method for assessing the risk against terrorism. This paper introduces the chemical terrorism response technology, the prevention plan, new countermeasure to mitigate by using suggested risk and vulnerability assessment method. This study suggests an effective approach to the chemical terrorism response management. KEYWORDS: chemical terrorism, vulnerability analysis, countermeasures, terrorism response, security analysis INTRODUCTION More countries are concerned about chemical terrorism and sabotage than ever. They report the likelihood of terrorist organizations coming into possession of such unconventional materials, and the prospect of their use against the countries and their companies. South Korea is not exceptional case due to the temporary national division, the dispatch troops for Iraq and the uncomfortable situation of the labor movement by terrorists. Chemical facilities or public utilities in Korea, however, remain unsecured despite clear vulnerability from terrorism and sabotage. Strong and adequate security plan must be built for assessing the chemical risks. SECURITY VULNERABILITY ANALYSIS (SVA) METHODOLOGY The American Petroleum Institute (API) and the National Petrochemical & Refiners Association (NPRA) developed the Security vulnerability assessment methodology available to the petroleum and petrochemical industry in 2003. The SVA process is a systematic approach that combines the multiple skills and knowledge of the various participants to provide a complete security analysis of the facility and its operations. The objective of conducting a SVA is to identify security hazards, threats, and vulnerabilities facing a facility, and to evaluate the countermeasures to provide for the protection of the public, workers, national interests, the environment, and the company. SVA is a tool to assist management in making decisions on the need for countermeasures to address the threats and vulnerabilities. TERRORISM RISK ASSESSMENT PROGRAM This study results implementing software to analyze the possibility of terrorism and sabotage. This program includes five steps; asset characterization, threat assessment, vulnerability analysis, risk assessment and new countermeasures. ASSET CHARACTERIZATION The asset characterization includes analyzing the technical information on facility and public utility as required to support the analysis, identifying the potential critical assets, identifying the hazards and consequences of concern for the facility or public utility and its surroundings and supporting infrastructure, and verifying the existing layers of protection. The consideration of possible chemical terrorism threats should include internal threats, external threats, and internally assisted threats. The available threats are chosen according to reasonable local, regional, or national situation. This step results in the attractiveness of the target each asset from each adversary s perspective. THREAT ASSESSMENT This step is to identify specific classes of adversaries that may be responsible for the security-related events. This step is to identify specific classes of adversaries that may be responsible for the security-related events. Depending on the threat, we can determine the types of potential attacks and, if specific information is available on potential targets and the likelihood of an attack, specific countermeasures may be taken. The threat assessment evaluates the likelihood of adversary activity against a given asset or group of assets. It is a decision support that helps to establish and prioritize security-ranking system. The threat assessment identifies and evaluates each threat on the basis of various factors, including capability, intention, and impact of an attack. 1

Figure 1. Overall security vulnerability analysis methodology (API 2003) Figure 2. Asset characterization process THREAT ASSESSMENT The vulnerability analysis includes the relative pairing of each target asset and threat to identify potential vulnerabilities related to process security events. This involves the identification of existing countermeasures and their level of effectiveness in reducing those vulnerabilities. When we determined how an event can be induced, it should determine how an adversary could make it occur. There are two kinds of methodologies: the accident scenario-based approach and the asset-based approach. Both approaches are identical in the beginning, but different in the degree of the detailed analysis of threats scenarios and specific countermeasures applied to a given scenario. RISK ASSESSMENT The next step is to determine the level of risk the adversary exploiting the asset according to the existing security countermeasures. The risk assessment determines the relative degree of risk for the facility and the public utility in terms of the expected effect on each critical asset as a Figure 3. Threat assessment process 2

Figure 4. Overall risk ranking process function of consequence and probability of occurrence. Using the assets identified during the asset characterization, the risks are prioritized based on the likelihood of a successful terrorism. Likelihood is determined after considering the attractiveness of the target assets, the degree of threats and vulnerability. COUNTERMEASURES MAKING The countermeasures analysis identifies shortfalls between the existing security and the desirable security where additional recommendations are justified to reduced risk. An appropriate enhanced countermeasure option is identified to further reduce vulnerability at the facility. The improved countermeasures present the following index: the process security doctrines of deter, detect, delay, response, mitigate and possibly prevent. IMPLEMENTATION This system is implemented in commercial software. The fields in the program are completed as follows; a. Asset: The asset under consideration is documented. User selects form the targeted list of assets and considers the scenarios for each asset in turn based on priority. b. Security Event Type: This column is used to describe the general type of malicious act under consideration. c. Threat Category: The category of adversary including terrorist and disgruntled employee. d. Undesired Act: A description of the sequence of events that would have to occur to branch the existing security measures is described in this column e. Consequences: Consequences of the event are analyzed and entered into the consequence column of Figure 5. Severity ranking of dock zone 3

IChemE SYMPOSIUM SERIES NO. 153 Figure 6. Target ranking of dock zone f. g. the worksheet. The consequences should be conservatively estimated given the intent of the adversary is to maximum their gain. Users are encouraged to understand the expected consequence of a successful attack or security breach by this column. Existing Countermeasures: The existing security countermeasures that relate to detecting, delaying, or deterring the adversaries from exploiting the vulnerabilities are listed in this column. Vulnerability: The specific countermeasures that would need to be circumvented or failed should be identified. h. i. j. Vulnerabilities Level: The degree of vulnerability to the scenario rated a scale of 1 5. Risk Ranking: The severity and likelihood rankings are combined in a relational manner to yield a risk ranking. New Countermeasures: The recommendations for improved countermeasures that are developed are recorded in the Recommendation column. CASE STUDY The case is the dock zone including a storage farm, a manufacturing plant, an electrical supply utility, a hydrotreater Figure 7. Vulnerability analysis of dock zone 4

Figure 8. New countermeasures of dock zone unit, many containers, and administration building. It is an attractive target because of environmental release, combustible liquids fire and explosion hazard, easy access, a lot of toxic hazard chemicals, possibility to shutdown if electrical supply unit were damaged, public impact, business interruption, etc. We considered these vulnerabilities of each facilities and overall zone. CONCLUSION A risk assessment is developed and it is implemented as software to analyze the possibility of terrorism and sabotage. This program is applied to case (a dock field). The result reports the following 10 index: asset, security event type, threat category (terrorist and sabotage), undesired act(a description of the sequence of events that would have to occur to breach the existing security measures), consequences, existing countermeasures, vulnerability, vulnerability ranking, degree of risk(the severity and the likelihood rankings are combined in relational manner), and new countermeasures. This paper presents a chemical terrorism response technology, a prevention plan and new countermeasure by using risk and vulnerability assessment method in the chemical industry and the public utility. This study suggests an effective approach to the chemical terrorism response management in decision making. REFERENCES 1. S. Bajpai, J.P. Gupta., 2005, Site security for chemical process industries, Journal of Loss Prevention in the Process Industries 18: 301 309 2. Dunbobbin, Brian R., Medovich, Thomas J., Murphy, Marc C., Ramsey, Annie L., 2004, Security vulnerability assessment in the chemical industry, Process safety progress: a publication of the American Institute of Chemical Engineers, v.23 no.3: 214 220 3. Paul Baybutt, 2002, Assessing Risk from Threats to Process Plants; Threat and Vulnerability Analysis, Process Safety Process, 269 275 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information