Current status of Seveso: Operator Risk/hazard assessment: Internal sources: –Technical: construction & operation of installations –Technological: storage & use of DSs (chemical) processes commissioning, shut down, maintenance –Human factor: Including own personnel & subcontractors Organization & management (incl m of change) Instruction & training
Current status of Seveso II / 2 External sources: –Other (Seveso) establishments –Transport –Infrastructure –Natural hazards Earthquakes Flooding Avalanches Landslides storms
Current status of Seveso II / 3 –Human factor Visitors Clients Other unauthorized persons adversaries: –Thieves, intruders, protesters, terrorists (???)
Current status of Seveso II / 3 MAPP safety policy SR, SMS, (IEP) Documentation and demonstration of safety performance (incl internal planning for emergencies)
Current status of Seveso II / 4 Seveso & related Authorities Assessment of safety documentation External emergency planning Land use planning Inspection Prohibition of use / operation
Current status of Seveso II / 5 The tasks both of the operator and the Seveso & related Authorities is to aim at industrial safety under the regime of the current Seveso II Directive. Safety is considered in relation to (properties of) dangerous substances. The human factor mainly is taken into account in relation to non intentional (= accidental) actions (human failure). So far, security issues have not been part of these tasks. Do we have to go beyond?
Security issues Elements to be considered in addition to classical Industrial safety assessment vulnerability assessment : how vulnerable are onsite assets, such as people, information and properties (installations & buildings) to potential threats? Potential threats other than considered in a r/h assessment under the Seveso regime can be:
Security issues /2 Sabotage Cyber attack Workplace violence Theft (different motivations) Fraud Product contamination Infiltration by adversaries Attack on a chemical plant as part of chemical and biological terrorism assault Trespassers committing vandalism or setting fire for fun Protesters intruding into the plant Bomb threats Workplace drug crime Theft of confidential information computer hacking
Security issues /3 Product tampering hands off threats such as cutting electricity, telephone etc Disruption of cooling systems Creation of destructive or hazardous conditions through modification of fail-safe mechanisms, etc. Other......
Security issues /4 Measures and Consequences Prevention strategies: See sample..
Security issues /5 Management issues, such as – security policy, –internal and external collaboration, –incident reporting and analysis, – employee and contractor training and security awareness, –investigations of suspicious incidents and security breaches, –Emergency response and crisis management –Periodic reassessment
Security issues /6 Physical security –Access control –Perimeter protection (keeping intruders offsite) –Security officers –Backup systems –Other measures, such as entering post control etc
Security issues /7 Employee and Contractor Security Issues: –Hiring and employment termination practices –Workplace violence prevention and response
Security issues /8 Information, Computer and network security: –Operations security –Spoken information security –Computer and network security –Audits and investigation
Security issues /9 The tasks of the operator concerning Security issues aim mainly at assessing the vulnerability of his assets and to take preventative measures against intentional actions performed by adversaries both onsite, such as own personnel & contractors and offsite, such as thieves, demonstrators & other intruders, lunatics, terrorists etc. The human factor mainly is taken into account in relation to intentional adversary actions. Collaboration with Security Authorities on local, regional and national level will be necessary (police forces, home-affairs authorities, intelligence services etc)
Security issues / 10 Taking Security issues into account may be already good management practice to a certain extent. There are many open questions, especially with respect to terrorism (e.g. can we develop a typology of terrorists or a typology of terroristic acts related to chemical substances?) These tasks go far beyond the current Seveso regime.
Current status in Austria... Beyond Seveso II.... RTD: 2005: high-level study on Austrian status and needs for security research (Austrian Academy of Sciences, Austrian Research Centers ARC, eds): Industrial Safety & Security (Seveso- type) is no priority There may be a special need for this research type in Austria
Current status in Austria /2... Beyond Seveso II... Operators: Awareness of operators: many operators have security control measures in place, such as access control, fences, video-control of the premises, etc –Protection against adversaries –Protection against terrorist attacks in most cases is not considered –mostly international companies enhancing awareness??
Current status in Austria /3... Beyond Seveso II... Authorities: Security Authorities have special requirements in place to protect certain vulnerable properties (including industrial establishments & infrastructures) In Styria: cooperation between Regional Security Authority (= Police) and Regional Seveso-Authority agreed upon recently joint workshop with operators intended
Literature & other sources Dir 96/82/EC – Seveso II Directive Amendment Directive 2003/105/EC Wettig J. and S. Porter, The Seveso II Directive, Feb 1999 Seveso and Security, EC-DG Env, 12th CCA Amsterdam EC Communication 12 Dec 03, A Secure Europe in a Better World EC Doc EUR 21110, Research for a Secure Europe
Literature & other sources 2 American Chemistry Council, Chlorine Institute Inc., Synthetic Organic Chemical Manufacturers Ass. (eds) Site Security Guidelines for the US Chemical Industry, 2001 Chemical Security Preparedness Seminar, Atlanta, 2001: –Richards Stephen, Security Issues & Stratgies, BP Chemicals –Rosera Richard S. Small Chemical Plant Site Security Case Study –Tonetti Rob, Chemical Securtiy Seminar, Ashland
Literature & other sources 3 EU Workshop onSimulation Exercises on Chemical Terrorism Events, Luxembourg, 7-8 Feb 2005 –Coleman Gary, The Development of Generic Scenarios and Chemical Lists for Terrorist Chemical Attack (GSCT, EU Proj. No ):The development of Generic Scenarios –Leeuw, M.W., Assessment of the vulnerabilities of societies to terrorist acts employing RBC agents to assist in developing crisis management studies (EU Project IMPACT) –Russel D., A matrix for prioritizing chemicals and public health actionsa for the prevention, preparedness, response and recovery related to terrorist events
Literature & other sources 4 Österreichische Akademie der Wissenschaften – Austrian Research Centers (ARC) (eds): Sicherheitsforschung: Begriffsfassung und Vorgangsweise für Österreich, Wien, 2005 (Austrian Academy for Sciences – Austrian Research Centers (ARC) (eds): Security Research: Definition and procedures in Austria, Vienna, 2005)
The End: Thank you for your attention. Questions and Answers??