PowerPoint-Präsentation
advertisement
Joint Security Workshop Budapest, 28 – 29 April 05 Industrial Safety & Security Issues: Are we going beyond Seveso? Maria.stangl@stmk.gv.at Safety & Security Industrial Safety R/H-Assessment -Internal sources -Human -Technical -Technological -External sources -Other establ. -Transport -Infrastructure -human MAPP SR + SMS + IEP ________________ EEP LUP, Inspection Security Vulnerability assessment - threats ...... Human factor: -Employees -Subcontractors -Unauthorized personnel -Visitors -Clients -„intruders“ -Terrorists ______________ ? Current status of Seveso: Operator Risk/hazard assessment: • Internal sources: – Technical: • construction & operation of installations – Technological: • storage & use of DSs • (chemical) processes • commissioning, shut down, maintenance – Human factor: • Including own personnel & subcontractors • Organization & management (incl m of change) • Instruction & training Current status of Seveso II / 2 • External sources: – Other (Seveso) establishments – Transport – Infrastructure – Natural hazards • Earthquakes • Flooding • Avalanches • Landslides • storms Current status of Seveso II / 3 – Human factor • Visitors • Clients • Other unauthorized persons • „adversaries“: – Thieves, „intruders“, protesters, terrorists (???) Current status of Seveso II / 3 MAPP • „safety policy“ SR, SMS, (IEP) • Documentation and demonstration of „safety performance“ (incl internal planning for emergencies) Current status of Seveso II / 4 • • • • • „Seveso & related Authorities“ Assessment of safety documentation External emergency planning Land use planning Inspection Prohibition of use / operation Current status of Seveso II / 5 The tasks both of the operator and the „Seveso“ & related Authorities is to aim at industrial safety under the regime of the current „Seveso II“ Directive. Safety is considered in relation to (properties of) dangerous substances. The „human factor“ mainly is taken into account in relation to non intentional (= accidental) actions („human failure“). So far, „security issues“ have not been part of these tasks. Do we have to go beyond? „Security issues“ Elements to be considered in addition to „classical Industrial safety assessment“ • „vulnerability assessment“ : how vulnerable are onsite assets, such as people, information and properties (installations & buildings) to potential threats? • Potential threats other than considered in a r/h assessment under the „Seveso regime“ can be: „Security issues“ /2 • • • • • • • • • Sabotage Cyber attack Workplace violence Theft (different motivations) Fraud Product contamination Infiltration by adversaries Attack on a chemical plant as part of chemical and biological terrorism assault • Trespassers committing vandalism or setting fire for fun • Protesters intruding into the plant • Bomb threats • Workplace drug crime • Theft of confidential information • „computer hacking“ „Security issues“ /3 • Product tampering • „hands off“ threats such as cutting electricity, telephone etc • Disruption of cooling systems • Creation of destructive or hazardous conditions through modification of fail-safe mechanisms, etc. • Other...... „Security issues“ /4 Measures and Consequences • Prevention strategies: See „sample..“ „Security issues“ /5 • Management issues, such as – – – – „security policy“, internal and external collaboration, incident reporting and analysis, employee and contractor training and security awareness, – investigations of suspicious incidents and security breaches, – Emergency response and crisis management – Periodic reassessment „Security issues“ /6 • Physical security – Access control – Perimeter protection („keeping intruders offsite“) – Security officers – Backup systems – Other measures, such as entering post control etc „Security issues“ /7 • Employee and Contractor Security Issues: – Hiring and employment termination practices – Workplace violence prevention and response „Security issues“ /8 • Information, Computer and network security: – Operations security – Spoken information security – Computer and network security – Audits and investigation „Security issues“ /9 The tasks of the operator concerning „Security issues“ aim mainly at assessing the vulnerability of his assets and to take preventative measures against intentional actions performed by „adversaries“ both onsite, such as own personnel & contractors and offsite, such as thieves, demonstrators & other intruders, lunatics, terrorists etc. The „human factor“ mainly is taken into account in relation to intentional adversary actions. Collaboration with Security Authorities on local, regional and national level will be necessary (police forces, home-affairs authorities, intelligence services etc) Security issues / 10 Taking Security issues into account may be already „good management practice“ to a certain extent. There are many open questions, especially with respect to „terrorism“ (e.g. can we develop a „typology of terrorists“ or a „typology of terroristic acts“ related to chemical substances?) These tasks go far beyond the current „Seveso regime“. Current status in Austria ... Beyond Seveso II.... RTD: • 2005: high-level study on Austrian status and needs for security research (Austrian Academy of Sciences, Austrian Research Centers ARC, eds): Industrial Safety & Security („Sevesotype“) is no priority There may be a special need for this research type in Austria Current status in Austria /2 ... Beyond Seveso II... Operators: • Awareness of operators: many operators have security control measures in place, such as access control, fences, video-control of the premises, etc – Protection against „adversaries“ – Protection against „terrorist attacks“ in most cases is not considered – mostly international companies enhancing awareness?? Current status in Austria /3 ... Beyond Seveso II... Authorities: • Security Authorities have special requirements in place to protect certain „vulnerable“ properties (including industrial establishments & infrastructures) • In Styria: cooperation between Regional „Security Authority“ (= Police) and Regional „Seveso-Authority“ agreed upon recently joint workshop with operators intended Literature & other sources • Dir 96/82/EC – Seveso II Directive • Amendment Directive 2003/105/EC • Wettig J. and S. Porter, The Seveso II Directive, Feb 1999 • „Seveso and Security“, EC-DG Env, 12th CCA Amsterdam • EC Communication 12 Dec 03, A Secure Europe in a Better World • EC Doc EUR 21110, Research for a Secure Europe Literature & other sources 2 • American Chemistry Council, Chlorine Institute Inc., Synthetic Organic Chemical Manufacturers Ass. (eds) Site Security Guidelines for the US Chemical Industry, 2001 • Chemical Security Preparedness Seminar, Atlanta, 2001: – Richards Stephen, Security Issues & Stratgies, BP Chemicals – Rosera Richard S. Small Chemical Plant Site Security Case Study – Tonetti Rob, Chemical Securtiy Seminar, Ashland Literature & other sources 3 • EU Workshop onSimulation Exercises on Chemical Terrorism Events, Luxembourg, 7-8 Feb 2005 – Coleman Gary, The Development of Generic Scenarios and Chemical Lists for Terrorist Chemical Attack (GSCT, EU Proj. No 2003217):The development of Generic Scenarios – Leeuw, M.W., Assessment of the vulnerabilities of societies to terrorist acts employing RBC agents to assist in developing crisis management studies (EU Project IMPACT) – Russel D., A matrix for prioritizing chemicals and public health actionsa for the prevention, preparedness, response and recovery related to terrorist events Literature & other sources 4 • Österreichische Akademie der Wissenschaften – Austrian Research Centers (ARC) (eds): Sicherheitsforschung: Begriffsfassung und Vorgangsweise für Österreich, Wien, 2005 (Austrian Academy for Sciences – Austrian Research Centers (ARC) (eds): Security Research: Definition and procedures in Austria, Vienna, 2005) The End: • Thank you for your attention. • Questions and Answers??
