Embed Size (px)
Citation preview
Joint Security WorkshopBudapest, 28 – 29 April 05
Industrial Safety & Security Issues: Are we going beyond Seveso?
Safety & Security Industrial Safety Security
R/H-Assessment-Internal sources
-Human -Technical-Technological
-External sources-Other establ.-Transport-Infrastructure-human
MAPPSR + SMS + IEP________________EEPLUP, Inspection
Vulnerability assessment- threats......Human factor: -Employees-Subcontractors-Unauthorized personnel-Visitors-Clients-„intruders“-Terrorists______________?
Current status of Seveso:
OperatorRisk/hazard assessment:• Internal sources:
– Technical:• construction & operation of installations
– Technological:• storage & use of DSs• (chemical) processes• commissioning, shut down, maintenance
– Human factor:• Including own personnel & subcontractors• Organization & management (incl m of change)• Instruction & training
Current status of Seveso II / 2
• External sources:– Other (Seveso) establishments– Transport– Infrastructure– Natural hazards
• Earthquakes• Flooding• Avalanches• Landslides• storms
Current status of Seveso II / 3
– Human factor• Visitors• Clients• Other unauthorized persons• „adversaries“:
– Thieves, „intruders“, protesters, terrorists (???)
Current status of Seveso II / 3
MAPP• „safety policy“SR, SMS, (IEP)• Documentation and demonstration of
„safety performance“ (incl internal planning for emergencies)
Current status of Seveso II / 4
„Seveso & related Authorities“• Assessment of safety documentation• External emergency planning• Land use planning• Inspection• Prohibition of use / operation
Current status of Seveso II / 5
The tasks both of the operator and the „Seveso“ & related Authorities is to aim at industrial safety under the regime of the current „Seveso II“ Directive. Safety is considered in relation to (properties of) dangerous substances. The „human factor“ mainly is taken into account in relation to non intentional (= accidental) actions („human failure“).
So far, „security issues“ have not been part of these tasks.
Do we have to go beyond?
„Security issues“
Elements to be considered in addition to „classical Industrial safety assessment“
• „vulnerability assessment“ : how vulnerable are onsite assets, such as people, information and properties (installations & buildings) to potential threats?
• Potential threats other than considered in a r/h assessment under the „Seveso regime“ can be:
„Security issues“ /2
• Sabotage• Cyber attack• Workplace violence• Theft (different
motivations)• Fraud• Product contamination• Infiltration by
adversaries• Attack on a chemical
plant as part of chemical and biological terrorism
• assault
• Trespassers committing vandalism or setting fire for fun
• Protesters intruding into the plant
• Bomb threats• Workplace drug
crime• Theft of confidential
information• „computer hacking“
„Security issues“ /3
• Product tampering• „hands off“ threats such
as cutting electricity, telephone etc
• Disruption of cooling systems
• Creation of destructive or hazardous conditions through modification of fail-safe mechanisms, etc.
• Other......
„Security issues“ /4
Measures and Consequences• Prevention strategies: See „sample..“
„Security issues“ /5
• Management issues, such as– „security policy“, – internal and external collaboration,– incident reporting and analysis,– employee and contractor training and
security awareness, – investigations of suspicious incidents and
security breaches,– Emergency response and crisis
management– Periodic reassessment
„Security issues“ /6
• Physical security– Access control– Perimeter protection („keeping
intruders offsite“)– Security officers– Backup systems– Other measures, such as entering post control etc
„Security issues“ /7
• Employee and Contractor Security Issues:– Hiring and employment termination
practices– Workplace violence prevention and
response
„Security issues“ /8
• Information, Computer and network security:– Operations security– Spoken information security– Computer and network security– Audits and investigation
„Security issues“ /9
The tasks of the operator concerning „Security issues“ aim mainly at assessing the vulnerability of his assets and to take preventative measures against intentional actions performed by „adversaries“ both onsite, such as own personnel & contractors and offsite, such as thieves, demonstrators & other intruders, lunatics, terrorists etc. The „human factor“ mainly is taken into account in relation to intentional adversary actions. Collaboration with Security Authorities on local, regional and national level will be necessary (police forces, home-affairs authorities, intelligence services etc)
Security issues / 10
Taking Security issues into account may be already „good management practice“ to a certain extent.
There are many open questions, especially with respect to „terrorism“ (e.g. can we develop a „typology of terrorists“ or a „typology of terroristic acts“ related to chemical substances?)
These tasks go far beyond the current „Seveso regime“.
Current status in Austria... Beyond Seveso II....
RTD:
• 2005: high-level study on Austrian status and needs for security research (Austrian Academy of Sciences, Austrian Research Centers ARC, eds): Industrial Safety & Security („Seveso-type“) is no priority
There may be a special need for this research type in Austria
Current status in Austria /2... Beyond Seveso II...
Operators:• Awareness of operators: many
operators have security control measures in place, such as access control, fences, video-control of the premises, etc– Protection against „adversaries“– Protection against „terrorist attacks“
in most cases is not considered– mostly international companies
enhancing awareness??
Current status in Austria /3... Beyond Seveso II...
Authorities:• Security Authorities have special
requirements in place to protect certain „vulnerable“ properties (including industrial establishments & infrastructures)
• In Styria: cooperation between Regional „Security Authority“ (= Police) and Regional „Seveso-Authority“ agreed upon recently
joint workshop with operators intended
Literature & other sources
• Dir 96/82/EC – Seveso II Directive• Amendment Directive 2003/105/EC• Wettig J. and S. Porter, The Seveso II
Directive, Feb 1999• „Seveso and Security“, EC-DG Env, 12th
CCA Amsterdam• EC Communication 12 Dec 03, A Secure
Europe in a Better World• EC Doc EUR 21110, Research for a
Secure Europe
Literature & other sources 2
• American Chemistry Council, Chlorine Institute Inc., Synthetic Organic Chemical Manufacturers Ass. (eds) Site Security Guidelines for the US Chemical Industry, 2001
• Chemical Security Preparedness Seminar, Atlanta, 2001:– Richards Stephen, Security Issues
& Stratgies, BP Chemicals– Rosera Richard S. Small Chemical Plant Site
Security Case Study– Tonetti Rob, Chemical Securtiy Seminar,
Ashland
Literature & other sources 3
• EU Workshop onSimulation Exercises on Chemical Terrorism Events, Luxembourg, 7-8 Feb 2005– Coleman Gary, The Development of Generic
Scenarios and Chemical Lists for Terrorist Chemical Attack (GSCT, EU Proj. No 2003217):The development of Generic Scenarios
– Leeuw, M.W., Assessment of the vulnerabilities of societies to terrorist acts employing RBC agents to assist in developing crisis management studies (EU Project IMPACT)
– Russel D., A matrix for prioritizing chemicals and public health actionsa for the prevention, preparedness, response and recovery related to terrorist events
Literature & other sources 4
• Österreichische Akademie der Wissenschaften – Austrian Research Centers (ARC) (eds): Sicherheitsforschung: Begriffsfassung und Vorgangsweise für Österreich, Wien, 2005(Austrian Academy for Sciences – Austrian Research Centers (ARC) (eds): Security Research: Definition and procedures in Austria, Vienna, 2005)
The End:
• Thank you for your attention.• Questions and Answers??
