Assessing risks from threats to process plants: Threat and vulnerability analysis

Process security management addresses threats from terrorist and criminal acts against plants that may result in the release of hazardous materials. The risk of such threats must be assessed to determine if existing security measures and safeguards are adequate or need improvement. Risk assessment is the heart of a process security program. Process plants need straight forward and easily applied methods to assess security risks using techniques that can be employed in a variety of situations and at varying levels of detail. This paper describes an approach that accomplishes these objectives. Threat analysis is the first step. It is used to identify the sources and types of threats and their likelihood. The approach described in this paper involves the consideration of motivations and capabilities of adversaries and the rating of facility security factors to develop a threat profile. Once specific threats have been identified, process vulnerability analysis is used to identify threat scenarios, i.e., how threats could be realized. Plants and processes are divided into sectors, and each credible threat within each sector is considered. Vulnerabilities are identified by brainstorming the ways barriers can be penetrated and process containment breached. Checklists are used to guide the brainstorming, and scenario consequences are recorded. Existing security measures and safeguards are listed, and any recommendations for improvements to reduce the likelihood and severity of terrorist and criminal acts are made for consideration by management based on the nature of the threat, process vulnerabilities, possible consequences, and existing security measures and safeguards. Risk rankings are performed as part of the analyses.