Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presented at the 2007 CUPA Conference by SRM Associates, Inc. PO Box 891993 Temecula, CA 92589-1993 (951) 764-3626 Chemical Site Security and Chemical.

Similar presentations


Presentation on theme: "Presented at the 2007 CUPA Conference by SRM Associates, Inc. PO Box 891993 Temecula, CA 92589-1993 (951) 764-3626 Chemical Site Security and Chemical."— Presentation transcript:

1 Presented at the 2007 CUPA Conference by SRM Associates, Inc. PO Box Temecula, CA (951) Chemical Site Security and Chemical Facility Vulnerability Assessments

2 Introduction  Bios  New DHS Regulations  Who has to Comply?  What do they have to do?  Vulnerability Assessment  Updates/Reviews  Penalties  Information Protection  RAMCAP Methodology  Site Security Plans

3 Bios  Who are we?  What have we done?  What are we trying to do?

4 New DHS regulations  Federal only  No State Counterpart  Watch for it  Interim Final Regulations  DHS intends to modify later or clarify using guidance

5 Who has to comply?  We don't know but DHS will tell us  Top Screen Process  Multiple tiers  Facilities will be required by DHS to submit information  DHS will determine based on information whether the facility is required to complete VA and Security Plan  Voo Doo?

6 Who has to comply? (cont)  DHS is considering “grouping” facilities into like categories for determining requirements for compliance  e.g. NH3 Refrigeration, Petroleum Refineries  Pro:  Only facilities told by DHS they are required to comply will have to submit  Cons:  Manpower Intensive for DHS  No timeframe provided

7 What will facilities have to do?  First, perform a Vulnerability Assessment  Second, develop a Site Security Plan

8 Vulnerability Assessment  RAMCAP Methodology called out, but others may be approved  Presumptive deadline will be 60 days from DHS telling facility they need to complete VA (120 days for Site Security Plan)

9 Updates/Reviews  Update schedule is not stipulated yet  Reviews done by DHS, but no deadline provided

10 Penalties  Up to $25k/day/violation  Cease Operations  Appeals are allowed

11 Information Protection  Penalties are provided for release to unauthorized individuals  Facility can release if they wish

12 RAMCAP Methodology  Asset Based or Scenario Based  Leans heavily toward Asset Based  Likelihood of attack assumed to be 1  Risk Matrix provided but not in line with most safety assessments  e.g deaths is “low” on the severity scale (1 of 10)  Recommended Team personnel includes:  Person familiar with RAMCAP  Operations  Engineering  Security

13 RAMCAP Methodology (cont)  1. Asset Characterization (note bias)  Figure out which assets are critical to: operation, could be used to impact public, or could be stolen  Includes physical assets, critical personnel, information, chemicals, support processes, etc.  2. Threat Assessment  DHS will provide list of threats  Doesn't matter because DHS recommends assuming: “...international terrorism is possible at every facility.”

14 RAMCAP Methodology (cont)  3. Vulnerability Analysis  States “...define scenarios...” but then states “...each asset must be reviewed...”  Scenario based Similar to PHA:  What can go wrong? (cause)  How bad is it? (consequence/severity)  What is in place to prevent it? (safeguards)  What is likelihood of event being completed? (likelihood) – does not include probability of attack  Note: Worksheets are written to use Assets AND scenarios (i.e. it is assumed that your scenario will be based around an asset)

15 RAMCAP Methodology (cont)  4. Risk Analysis/Ranking  Risk Matrix provided  Not like Safety Matrices in either likelihood or severity  5. Identify Countermeasures  PHA would call “recommendations”  Deter  Detect  Delay  Respond  (Note: Mitigate is not included)

16 Site Security Plan  Risk Based Standards  Standards appear to be: complete a VA and Site Security Plan  Regs state that you need to protect perimeter, but don't state what you need to protect against.  Regs state that you need to protect critical assets, but don't state what you need to protect against.

17 20 Items in Site Security Plan  Secure/Monitor Perimeter  Secure/Monitor Restricted Areas  Control access to facility/Restricted Areas  Deter vehicles from penetrating perimeter  Secure/Monitor shipping/receipt of HAZMATs  Deter theft of HAZMATs  Deter sabotage  Deter cyber sabotage  Develop/exercise Emergency Plan to respond to security events

18 20 Items in Site Security Plan (cont)  Ensure proper security training, exercises and drills  Background checks (does not call out contractors)  Increase measures as threat goes up  Address specific threats provided by DHS  Report security issues to DHS  Maintain records of security issues  Establish person/group responsible for compliance  Maintain appropriate records

19 20 Items in Site Security Plan (cont)  Address specific threats provided by DHS (again)  Address additional performance standards provided by DHS in future

20 DHS Involvement  DHS will provide assistance  When?  How?  DHS can audit facilities or authorize 3 rd party audits

21 Questions? ?

22 Contact Information Stephen R. Melvin, PE CSP Jeffrey M. Lane SRM Associates, Inc. PO Box Temecula, CA (951)

23 RAMCAP: Figure 1

24 RAMCAP: Figure 2a

25 RAMCAP: Figure 2b

26 RAMCAP: Figures 3 & 4

27 RAMCAP: Figure 5

28 RAMCAP: Figure 6

29 RAMCAP: Figure 7

30 RAMCAP: Figure 8

31 RAMCAP: Figure 9

32 RAMCAP: Figure 10

33 RAMCAP: Figure 11

34 RAMCAP: Figure 12

35 RAMCAP: Figure 12B

36 RAMCAP: Figure 13

37 RAMCAP: Figure 14

38 RAMCAP: Figure 15

39 RAMCAP: Figure 16

40 RAMCAP: Figure 17

41 RAMCAP: Figure 18

42 RAMCAP: Figure 19

43 RAMCAP: Figure 20

44 RAMCAP: Figure 20B


Download ppt "Presented at the 2007 CUPA Conference by SRM Associates, Inc. PO Box 891993 Temecula, CA 92589-1993 (951) 764-3626 Chemical Site Security and Chemical."

Similar presentations


Ads by Google