Security Vulnerability Assessments

If your operation deals with any kind of hazardous materials, you should thoroughly examine your set-up and plan against criminal threats.

FOLLOWING Sept. 11, 2001 the question "How safe are we?" has entered our minds repeatedly. Previously, the idea of a potential terrorist attack included the use of weapons used in warfare or homemade bombs, such as in the first WTC attack. On 9/11, we learned that even something as typical as a jet airplane could be used as a weapon of mass destruction.

Traditionally, the focus of security in the workplace has been on the prevention of criminal activities such as theft of valuables, equipment, or product formulas. Because of our changing political environment, that focus must be changed to address the prevention of terrorist activities using materials that may not have been part of our existing security plan. Hazardous materials are desirable commodities, sought by individuals and organizations that wish to disrupt a company's business, harm the environment, or create deadly products. Any criminal element (whether a foreign-based terrorist group or an internal threat) will look for weaknesses in an organization's operation that allow them access to these materials or create a release into the environment.

Every company that manufactures, ships, or transports an industrial material with the potential to be used in a criminal activity now needs to thoroughly access its security measures and plan against these threats.

Security Vulnerability Assessments/Analysis
A Security Vulnerability Analysis (SVA) is a tool used to look at an operation from the outside in. At a minimum, an SVA looks for ways that an intrusion can be detected, deterred, or delayed.

The use of physical barriers, detection systems, personnel identification systems, and means of detecting the presence of unauthorized personnel are ways to secure vulnerable areas. For an industry that uses hazardous materials, the areas of vulnerability are more complex. Hazardous materials by definition, if mishandled, can create a disruption to business, the community, or to the environment with catastrophic results. An SVA for operations using hazardous materials must go beyond traditional security measures.

Guidelines for Conducting an SVA
Congress has addressed this issue and is reviewing proposed legislation to make it mandatory for certain industry groups to perform vulnerability assessments. The U.S. Coast Guard has issued rules that will require any facility near a body of water to address potential vulnerabilities. The Department of Transportation has issued a regulation requiring those involved in the transportation of hazardous materials to determine vulnerabilities during transportation and put countermeasures into place.

The regulations and legislation are summarized as follows:

Agency/Organization

Regulation/Legislation

Status

Who is Affected

Department of Transportation (DOT)

HN-232 (Security plan, training)

Regulation passed; compliance deadline 9/25/03

Shippers and transporters of hazardous materials

U.S. Coast Guard

Maritime Security Act

(Security plan, training, field training exercise)

Interim rule published 7/1/2003; final rule published 1125/2003

Bridges, stadiums, tourist attractions, marinas, airports, nuclear facilities, power plants, oil & gas pipelines, uninspected commercial vessels, tank farms, and other facilities or operations on or adjacent to navigable waters

Department of Homeland Security (DHS)

Chemical Facilities Act, S. 994 (Inhofe bill)

Pending legislation to the Homeland Security Act of 2002

Chemical manufacturing facilities, utilities, refineries

American Chemistry Council (ACC), Synthetic Organic Chemical Manufacturers Association (SOCMA)

Responsible Care Security Code

Developed 1/02; ACC adopted 6/02; SOCMA adopted 12/02; SVA must be completed by 12/31/03; Full implementation by 6/30/05

ACC and SOCMA member companies (chemical manufacturing)

Several industry organizations have taken the initiative to set guidelines for their members to use for assessing the vulnerabilities of their facilities. The industry groups include the American Chemistry Council (ACC), the Synthetic Organic Chemical Manufacturers Association (SOCMA), the American Petroleum Institute (API), and the Chlorine Institute.

For any business, it makes good sense to look closely within an operation and determine whether potential targets may be present. Familiar and comfortable practices that are used every day could present areas of vulnerability and provide a way for an individual or group to disrupt business or create an incident with damaging consequences. To properly assess these vulnerabilities, we must be able to:
a) Know the difference between an innocuous chemical and one that can create extensive damage.
b) Be able to predict potential disastrous outcomes if our process is tampered with by a change in temperature, pressure, or the introduction of an initiator.
c) Know the potential impact of the release of a hazardous material on the surrounding community and the environment.
d) Know the incompatibilities of the materials we have in inventory and understand the consequences of the reactions.

A Multi-Disciplinary Approach to SVA
The term "security vulnerability" has traditionally suggested looking at a facility from the viewpoint of a law enforcement officer or security firm focusing on facility access and hiring practices. An SVA needs to take place from the fence line inward and requires viewing your business and processes in a different light.

There is more to security than alarm systems and guard dogs. To properly address the complexities of hazardous materials, a multi-disciplinary team approach will be the most effective. High areas of vulnerability are found in the processes of many businesses, such as shipping, manufacturing, storage, and waste handling. The traditional security firm may be ill-equipped to truly understand and be able to address these potential issues. A team comprised of security, environmental, safety, and emergency response personnel will provide the multi-level viewpoints and experience necessary to assess all areas of potential weaknesses.

A multi-disciplined team will look at your facility's defenses from both the physical and the process safety standpoints. The methods to deter, detect, and delay must be utilized in all aspects of business operations. Identifying the vulnerabilities and the countermeasures requires a thorough understanding of the processes.

Steps in the SVA Process
If your operation deals in any way with hazardous materials, there are steps you should take to enhance the security of your facilities and increase the awareness of your personnel.
1. Develop a team to conduct a Security Vulnerability Analysis. The team should include individuals familiar with process safety; hazardous materials; environmental, health and safety impacts; and site security.
2. Conduct a Security Vulnerability Analysis. There are several methods available to use for guidance, including those from the Center for Chemical Process Safety (CCPS) and Sandia Laboratories. The process has been broken down into the following steps:
a) Project Planning
b) Facility Characterization
c) Threat Identification
d) Vulnerability Analysis
e) Countermeasures
3. Develop a security plan. The plan should address countermeasures, employee and contractor training, emergency response, and community relations.
4. Verify the analysis and countermeasures using a third party.
5. Train employees and contractors.
6. Review your security plan after an incident or at least once per year, and revise accordingly.

Sept. 11, 2001, changed the feeling of safety Americans had in their own country. We realized we are vulnerable to attack and that the weapons used against us may be things that are easily accessible and available. Regulatory agencies and trade organizations have recognized the need for heightened awareness and enhanced security for operations using hazardous materials. Addressing potential vulnerabilities is one of the best deterrents against future problems.

This article originally appeared in the February 2004 issue of Occupational Health & Safety.

Featured

Artificial Intelligence