NMIOTC LNG-David Incertis

7/25/2019 NMIOTC LNG-David Incertis

1/30

6thNMIOTCAnnual Conference 2015

4thJune 2015

Risks and

Interdependencies

in the LNG Supply

ChainA methodology for Risk Assessment


2/30

LNG compresses 1/600 of its volume


3/30


4/30

NATURAL GAS FIELD

CHONGQING(CHINA), 23 DECEMBER2003, 234KILLED, 500 INJURED

PIPELINE

GHISLENGHIEN (BELGIUM), 30 JULY2004, 24KILLED, 150 INJURED

PROCESSING PLANT

VARANUSISLAND(AUSTRALIA), 0 KILLED, 0 INJURED, AUSTRALIANGASCRISIS

STORAGE TANK

EAST

OHIO

GAS

COMPANY

(USA), 20 OCTOBER

1944, 128KILLED

, 400INJURED

LOADING PORT

SKIKDALNG PLANT(ALGERIA), 19 JANUARY2004 , 30KILLED, 72 INJURED


5/30

STORAGE TANK


6/30

STORAGE TANK


7/30

STORAGE TANK


8/30

LIQUEFCTION PLANT (LOADING PORT)


9/30

LIQUEFCTION PLANT (LOADING PORT)


10/30

PROCESSING PLANT


11/30

PIPELINE


12/30

GAS FIELD


13/30

NEVERWHY?

LNG TANKER


14/30

NO BLEVE

NO FLOATING BOMB

LNG DOES NOT EXPLODE OR BURNLNG CARRIERS ARE ROBUST

LNG TANKER


15/30


16/30

Collision


17/30

Terrorist attack


18/30

Link/actor

Flow ModelLiquefaction plant Physical

Seller/carrier/shipper Cyber

Local Agent Cyber

Ship agent Cyber

Insurance company Cyber

Loading port

Physical

Shipowner/ ship agent Cyber

Sea Transportation Physical

Port Services Cyber

Unloading port Physical

Customs

CyberPort Authority Cyber

Buyer/importer Cyber

Regasification Physical

Storage Physical

Distribution Physical

Bank

Cyber

Supply chainactors / nodes


19/30

Design criteria

HOLISTICVIEWOFTHESUPPLYCHAIN

COLLABORATIVEMETHODOLOGY

COMPLIANCEWITHSTANDARDS


20/30

Methodology Steps

STEP 0 Scope of the SC Risk Assessment

STEP 1Analysis of the Supply Chain Service (SCS)

STEP 2 Supply Chain Threat Scenario Identification

STEP 3Assess the expected likelihood for all Threat Scenarios

STEP 4Assess the consequence of each Threat Scenario for each node

STEP 5Assess the risk for each examined Threat Scenario

STEP 6Assess the risk of cascading threats for all Threat Scenarios

STEP 7 Selection of appropriate security controls


21/30

Threat Scenarios for LNG suply chain

SCENARIO1: Berth unavailability and stop of operationsdue to coordinated bombing of docks, bridges andother important infrastructure at the loading port while

loading a LNG tanker.


22/30


SCENARIO2: LNG tanker is hijacked by pirates during itsvoyage producing a long delay in the supply,compromising the LNG stock at the destination in themiddle of several cold waves which have increased

the demand.


23/30


SCENARIO3: A delay occurs during the vaporizationprocess phase at the unloading port due to damageto critical infrastructure in vaporization/storage

terminal area (sabotage?).

https://youtu.be/h-EY82cVKuA


24/30


SCENARIO4: A hacker enters in the PCS in order tosteal bank accounting information and other sensitiveinformation from the importer.


25/30

Categorization of threats

Liquefaction plant TC-1: Infrastructure Threats

TC-2: Information & ICT Threats

TC-3: Personnel Security & Safety

Threats

TS4-1: Intrude and/or take control

of an asset

TS4-3: Cargo Integrity

TS4-4: Unauthorized use

Loading in LNG tankers

TC-1: Infrastructure ThreatsTC-2: Information & ICT Threats

TC-3: Personnel Security & Safety

Threats

TC-4: Goods and Conveyance

Security Threats

Unloading

TC-1: Infrastructure Threats

TC-3: Personnel Security &

Safety Threats


Security Threats

Regasification (vaporization)

TC-1: Infrastructure Threats

TC-2: Information & ICT

Threats

TC-3: Personnel Security &Safety Threats

TS4-1: Intrude and/or take

control of an asset



Storage TC-1: Infrastructure Threats



Safety Threats


control of an asset



Distribution TC-1: Infrastructure Threats



Safety Threats


control of an assetTS4-3: Cargo Integrity


TS4-5: Goods and Conveyance

misuse

Seller/Carrier/Shipper TS1-1: Destroy critical SC

Infrastructure

TS1-2: Unauthorized access to

SC Infrastructures


Safety Threats


Exportation formalities

through local agent

TS3-1: People under attack



Security Threats

Bill of lading and cargo manifest

to ship agent



Security Threats


26/30

Modeling Interdependencies

A B C D E F G H I J

A

1

1

2

2

2

2

2

2

B 1 22 3

42

2 3

42 3 2

C 2 1 2 3 2 2 1 2 2 2

D

2

1 2

2

1

2

E

1 23 4 1 23 4 2 34 2

3 1 2

F 2 2 1 2 2 2 2

G1 23 4

2 1 22 34

2 3 2

H

2

2

2

2

2

2

2

2

I 2 2 2 2

J

2

2

2

2

A = Gas trading Company/ shipper/ importerB = Gas producer/ liquefaction plantC = Ship agent/ ownerD = Public AdministrationsE = Port Authority / port servicesF = Customs AuthorityG = Regasification /Distr. CompanyH = Local AgentI = Insurance Company

J = Banks

1 - Access to cyber-systems2 - Interaction with cyber-systems3 - Access to physical facilities4 - Usage of physical facilities

Nodei.

Directed edgei j.

Dependency: D(i, j) = 1, 2, 3 or 4

Order: order(i,

j) = min( {|path(

i,

j)|} )


27/30

Applying the methodology

0= LIQUEFACTIONPLANT

1= SHIPAGENT/ OWNER

2= PORTAUTHORITY/ PORTSERVICES

3= TRADINGCOMPANY/ IMPORTER

4= LOCALAGENT

5= CUSTOMS

6= PUBLICADMINISTRATIONS

J=

0 = 11 = 12 = 13 = 0,54 = 0,255 = 0,56 = 0,25j =

D(0, 1) = 1D(1, 2) = 1, 2, 3, 4D(2, 3) = D(3, 4) = 2D(1, 0) = 2, 3, 4D(2, 1) = 2D(2, 0) = 2, 3, 4

Applying standardsISO 28000

ISO 27001

ISPS CODE


28/30

Applying the methodology

Threatsecenarios

Likelihood of

threats

Consequences

Risk values foreach scenario

Risk ofcascading

threats

Selection of

securitycontrols

1

2

3

4

5

6


29/30

LNG supply chain hazards focused on terrorist attacks, systemshacking, etc

LNG carriers are not prone to ignite or explode accidentally

LNG supply chain model proposed

SC RA Methodology addressed to assess risks in supply chains

SC RA Methodology considers cascading effects

Graph analysis and establishment of interdependencies

Availability of a computer tool for assessing supply chain risks:

Identifies the critical path of interdependencies

Visualizes critical risk levels and probabilities

Proposes security controls


30/30

David Incertis JarilloProject Manager: Port /Maritime Security and Safety Issues

FEPORTSPort Institute for Studies and Cooperation

[email protected]

Rafael Company PerisProject Manager: Research, Development & Innovation

Valenciaport Foundation

[email protected]

Documents

NMIOTC LNG-David Incertis