CHEMICAL INDUSTRY

– SECURITY THREAT
ASSESSMENT AND
WAYS TO DEAL
S.K. Hazra
Chairman – SHE Expert Committee
Indian Chemical Council
1
Catastrophic Events Shapes
Future

 Dec 3, 1984 Bhopal: New dimensions to

Chemical Plant Process Safety
(PSM)
 Sept 11, 2001 WTC, NY: New dimension to
Chemical Plant Site Security (RC –
Security Code in US)
 Nov 26, 2008 Mumbai: RC Security Code adopted
in India

2
Critical Industrial Sites under
Security Threat
 Large Chemical Plants
 Refineries
 Oil & Gas Production/Processing facilities (On-
Shore and Off-Shore)
 Power Plants
 Industrial establishment in Core Sector
 Nuclear facilities

3
Attackers’ Aim

 Large scale human casualties

 Major property destruction
 Damage to national landmark
 Very high visibility
 Impact national economy and security
 Damage public confidence
 Negotiate unlawful demand

4
Chemical Facilities Security
Management (CFSM)
Internal External
 Disgruntled employee  Terrorists
 Mentally unsound  Extremists
employee  Criminals
 Employee with addiction
 Disgruntled Contractors
 External elements are likely to be well trained, professional and
dedicated for a misguided cause after ready to sacrifice their own
lives
 External elements bring new dimension to Plant Security

5
CFSM : Assessment
 Identify Safety related Security scenario
 Rank scenario priority-wise
 Use risk based factors
 Estimate qualitatively the likely occurrence of each
scenario
 Estimate consequence of each scenario
 Select high priority scenarios
 Subject these to further assessment
 Consider critical cases for QRA
 Consider mitigation measurers
 LOPA and ROPA
6
CFSM : Elements

 Screening
 Threat Identification Assessment

 Target Classification & Risk Analysis

 Mitigation

 Protection Analysis

7
CFSM Diagram

Chemical hazard
Scenario Workout evaluation • Security
Worst case • Dow Index Vulnerability
• Facility Screening
scenario • Mond Index Survey
• Hazard source
determination • Other Qualitative • Security what if
identification case
Method

Risk Assessment
Data Collection • LOPA
• Demographic Data
• ROPA
• Local Area Planning
Maps

Additional
Mitigation
Measures

8
Threat
Assessment o n t ro
l ▪L ▪
ow En
C ost
g ▪H
to tire
Matrix e
P l
t's c
an tion
a
r nt ie s c ra s r e e
n
ni ▪ igh
m L ig
b ▪
m ly
ed wi
ou D ium hin
t
d e lic k r s g
un lem Po hec cto pro ▪ Mhting ndarouble cos Plan
ly p n C ra n ot y F t f t’s
tire im gn i ge ont atio (
y
t u io
wa e or C
n w
E Lo S Ba & er i d c v a r n a ▪ n
S ▪ ll
▪
nc
e
im on
▪ ▪ ▪ ▪ ee bs al rd ) t uth xt en V Tr Lin plem trol
P E T
l oy i o r
o
ern y 3 ee o p or ern sor Ca en e en
p v n t b oy la ize al Sy me che ta
I e l nt d
em eha ▪ tag mp s e
st ra s
e s
tio
n
w B o
b or e ite nt m
Ne ▪ a ) r y
▪ M ( (
s
▪M ▪
▪ O ▪ f uniti Ext

▪ R red nt l Se orit ing e) red

ea d
l
eq der pe Au P out eli l

ca
▪M

hr te
d a
ui co cia th olic sid ve
▪ Nostly ▪ In bsc▪ RRed rom ons erna

se om ns rn

f t en

t
Lo
ea fr itio xte
ay

is n o em
is on rol cu ies by
e u d
be ot wit sta ure loc ced out eli l

un ▪ E

an rce e e
ys io pl
fit pe n b rc
hi alw hin ll sh vis ated In side ver

al pt im
ne h ca Fo
gh ay P ie ib S ve ) ed

be ig t ty
co s p lan ldi ility tor nto
(M

k h bu ri
d
st ra t’s ng o ag ry
▪ Rctic sph of b f sto e
isk abl ere ern rag
r
nc

/b e/fe o s e
▪I

▪ R un ▪ S
en a f c
ef sib on
it l e t r
an ol
al
ot

ys
▪N

is

9
Responsible Care (RC) – A
Chemical Industry Initiative
 RC – Voluntary movement to achieve excellence in field
of Environment, Safety, Health and now Security
 ICC adopts Security Code (Dec 2008)
 Process Safety
 Pollution Prevention
 Employee Health & Safety
 Community Awareness and Emergency Response
 Distribution
 Product Stewardship
 Security *

* Pioneered by “American Chemistry Council (ACC)” post November 9, 2001 terrorist

attack in US
10
Security Code
 Leadership Commitment
 Analysis of threats, vulnerabilities and
consequences
 Implementation of Security measures
 Information and Cyber Security
 Security Program Documentation
 Security Training, Drills and Guidance
 Communications, Dialogue and Information
Exchange
11
Security Code (Contd…)

 Response to Security Threats

 Response to Security Incidents
 Security Audits
 Third Party Verification
 Management of Change
 Continuous Improvement Process

12
CFSM Guidelines

 Center of Chemical Process Safety (CCPS) –

Security Vulnerability Analysis Guidelines (SVA)
 American Chemistry Council (ACC) – Site
Security Guidelines (SSG)
 National Institute of Justice (NIT) – Chemical
facility Vulnerability Assessment, Methodology
(VAM) – developed by Sandia

13
SVA – A “Hazard Assessment
Tool”
 A SVA is the process of determining the likelihood
of an adversary successfully exploiting vulnerability
and the resulting degree of damage or impact on
an asset
 SVAs are not quantitative risk analyses but instead
are performed qualitatively using the best judgment
of security, safety and other appropriate
professionals.
 SVAs are similar the qualitative risk analysis
process that is routinely applied in assessing
accidental risk at the same facilities
14
 CCPS SVA Process

1.1 Form SVA Team

Step 1. Project
Planning 1.2 Objectives

1.3 Scope

2.1 Critical Assets Identification

2.2 Hazards Identification

2.3 Consequence Analysis

Step 2. Facility
Characterization 2.4 Attractiveness Analysis

2.5 Layers of Protection Review

2.6 Potential Target List

Step 3. Threat 3.1 Adversary Identification

Assessment 3.2 Adversary Characterization

4.1 Asset/Threat Matrix/Pairing

4.2b Scenario-Based Approach

4.2a Asset-Based Approach
(Site Security Review,
Step 4. Vulnerability (Target Classification)
Scenario Development)
Analysis
4.3 Risk Analysis/Ranking

5.1a Asset-Based Gap Analysis

5.1b Scenario-Based Gap Analysis
(Assign Performance Standard
(Identify Deficiencies and
Based on Risk Ranking,
Recommendations,
Identify Recommendations,
Reassess Risk)
Site Security Review)
Step 5. Identify
Countermeasures 5.2 Prioritize Recommendations/
Report/Implementation Plan 15
Risk Ranking Matrix for Assets

SEVERITY
1 2 3 4 5
L 1 R1 R2 R3 R4 R5
I
K
2 R2 R4 R6 R7 R8
E
L
I 3 R3 R6 R7 R8 R9
H
O 4 R4 R7 R8 R9 R10
O
D 5 R5 R8 R9 R10 R10

16
Comparison of PHA vis-à-vis SVA
PHA
 No deliberate act of hazard
 Possibility of Process/
Operational deficiency/ failure
initiator
 Initiation with core equipment,
then individual units and
expanding to entire plant limit
and off site
 Initiation due to operational
failure
 Analysis calls for continuous
up-gradation all throughout the
plant life
SVA
 Deliberate act of hazard is
prime
 Possibility of success of
sabotage or attack
 Initiation from off site, then
approach to specific unit
 Initiation due to security failure
 Analysis to establish that
requisite safeguard is in place
and is operational
17
Data on Off-site effect of
Chemical Accidents
 US Chemical Board Database 2001
 Major accidents involving toxic or flammable
Chemical release : 167
 Off-site or Public Impact : 40 *
 No occurrence of Catastrophic Accidents
 Targeting Chemical may not achieve desire goal
of the Associations

18
Thank you…….

19