Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presented at the 2007 CUPA Conference by SRM Associates, Inc. PO Box 891993 Temecula, CA 92589-1993 (951) 764-3626 Chemical Site Security and Chemical.

Published byMitchell Hancock Modified over 9 years ago

Similar presentations

Presentation on theme: "Presented at the 2007 CUPA Conference by SRM Associates, Inc. PO Box 891993 Temecula, CA 92589-1993 (951) 764-3626 Chemical Site Security and Chemical."— Presentation transcript:

1 Presented at the 2007 CUPA Conference by SRM Associates, Inc. PO Box 891993 Temecula, CA 92589-1993 (951) 764-3626 Chemical Site Security and Chemical Facility Vulnerability Assessments

2 Introduction  Bios  New DHS Regulations  Who has to Comply?  What do they have to do?  Vulnerability Assessment  Updates/Reviews  Penalties  Information Protection  RAMCAP Methodology  Site Security Plans

3 Bios  Who are we?  What have we done?  What are we trying to do?

4 New DHS regulations  Federal only  No State Counterpart  Watch for it  Interim Final Regulations  DHS intends to modify later or clarify using guidance

5 Who has to comply?  We don't know but DHS will tell us  Top Screen Process  Multiple tiers  Facilities will be required by DHS to submit information  DHS will determine based on information whether the facility is required to complete VA and Security Plan  Voo Doo?

6 Who has to comply? (cont)  DHS is considering “grouping” facilities into like categories for determining requirements for compliance  e.g. NH3 Refrigeration, Petroleum Refineries  Pro:  Only facilities told by DHS they are required to comply will have to submit  Cons:  Manpower Intensive for DHS  No timeframe provided

7 What will facilities have to do?  First, perform a Vulnerability Assessment  Second, develop a Site Security Plan

8 Vulnerability Assessment  RAMCAP Methodology called out, but others may be approved  Presumptive deadline will be 60 days from DHS telling facility they need to complete VA (120 days for Site Security Plan)

9 Updates/Reviews  Update schedule is not stipulated yet  Reviews done by DHS, but no deadline provided

10 Penalties  Up to $25k/day/violation  Cease Operations  Appeals are allowed

11 Information Protection  Penalties are provided for release to unauthorized individuals  Facility can release if they wish

12 RAMCAP Methodology  Asset Based or Scenario Based  Leans heavily toward Asset Based  Likelihood of attack assumed to be 1  Risk Matrix provided but not in line with most safety assessments  e.g. 0-100 deaths is “low” on the severity scale (1 of 10)  Recommended Team personnel includes:  Person familiar with RAMCAP  Operations  Engineering  Security

13 RAMCAP Methodology (cont)  1. Asset Characterization (note bias)  Figure out which assets are critical to: operation, could be used to impact public, or could be stolen  Includes physical assets, critical personnel, information, chemicals, support processes, etc.  2. Threat Assessment  DHS will provide list of threats  Doesn't matter because DHS recommends assuming: “...international terrorism is possible at every facility.”

14 RAMCAP Methodology (cont)  3. Vulnerability Analysis  States “...define scenarios...” but then states “...each asset must be reviewed...”  Scenario based Similar to PHA:  What can go wrong? (cause)  How bad is it? (consequence/severity)  What is in place to prevent it? (safeguards)  What is likelihood of event being completed? (likelihood) – does not include probability of attack  Note: Worksheets are written to use Assets AND scenarios (i.e. it is assumed that your scenario will be based around an asset)

15 RAMCAP Methodology (cont)  4. Risk Analysis/Ranking  Risk Matrix provided  Not like Safety Matrices in either likelihood or severity  5. Identify Countermeasures  PHA would call “recommendations”  Deter  Detect  Delay  Respond  (Note: Mitigate is not included)

16 Site Security Plan  Risk Based Standards  Standards appear to be: complete a VA and Site Security Plan  Regs state that you need to protect perimeter, but don't state what you need to protect against.  Regs state that you need to protect critical assets, but don't state what you need to protect against.

17 20 Items in Site Security Plan  Secure/Monitor Perimeter  Secure/Monitor Restricted Areas  Control access to facility/Restricted Areas  Deter vehicles from penetrating perimeter  Secure/Monitor shipping/receipt of HAZMATs  Deter theft of HAZMATs  Deter sabotage  Deter cyber sabotage  Develop/exercise Emergency Plan to respond to security events

18 20 Items in Site Security Plan (cont)  Ensure proper security training, exercises and drills  Background checks (does not call out contractors)  Increase measures as threat goes up  Address specific threats provided by DHS  Report security issues to DHS  Maintain records of security issues  Establish person/group responsible for compliance  Maintain appropriate records

19 20 Items in Site Security Plan (cont)  Address specific threats provided by DHS (again)  Address additional performance standards provided by DHS in future

20 DHS Involvement  DHS will provide assistance  When?  How?  DHS can audit facilities or authorize 3 rd party audits

21 Questions? ?

22 Contact Information Stephen R. Melvin, PE CSP Jeffrey M. Lane SRM Associates, Inc. PO Box 891993 Temecula, CA 92589-1993 (951) 764-3626

23 RAMCAP: Figure 1

24 RAMCAP: Figure 2a

25 RAMCAP: Figure 2b

26 RAMCAP: Figures 3 & 4

27 RAMCAP: Figure 5

28 RAMCAP: Figure 6

29 RAMCAP: Figure 7

30 RAMCAP: Figure 8

31 RAMCAP: Figure 9

32 RAMCAP: Figure 10

33 RAMCAP: Figure 11

34 RAMCAP: Figure 12

35 RAMCAP: Figure 12B

36 RAMCAP: Figure 13

37 RAMCAP: Figure 14

38 RAMCAP: Figure 15

39 RAMCAP: Figure 16

40 RAMCAP: Figure 17

41 RAMCAP: Figure 18

42 RAMCAP: Figure 19

43 RAMCAP: Figure 20

44 RAMCAP: Figure 20B

Download ppt "Presented at the 2007 CUPA Conference by SRM Associates, Inc. PO Box 891993 Temecula, CA 92589-1993 (951) 764-3626 Chemical Site Security and Chemical."

Similar presentations

EMS Checklist (ISO model)

EMS Checklist (ISO model)
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
IAEA International Atomic Energy Agency. IAEA Outline Learning objectives Introduction Functions of Regulatory Body (RB) on EPR Appraisal guidance: Part.

IAEA International Atomic Energy Agency. IAEA Outline Learning objectives Introduction Functions of Regulatory Body (RB) on EPR Appraisal guidance: Part.
Securing the Chemical Sector: An Outline of the Chemical Facility Anti-Terrorism Standards (CFATS) Program May 2008.

Securing the Chemical Sector: An Outline of the Chemical Facility Anti-Terrorism Standards (CFATS) Program May 2008.
Chemical Facility Anti-terrorism Standards (CFATS) Compliance Plan Overview prepared by The Office of Environmental Health & Safety 1.

Chemical Facility Anti-terrorism Standards (CFATS) Compliance Plan Overview prepared by The Office of Environmental Health & Safety 1.
1 Continuity Planning for transportation agencies.

1 Continuity Planning for transportation agencies.
Conversation on the Chemical Facility Anti-Terrorism Standards (CFATS) and Critical Infrastructure Protection Chemical-Terrorism Vulnerability Information.

Conversation on the Chemical Facility Anti-Terrorism Standards (CFATS) and Critical Infrastructure Protection Chemical-Terrorism Vulnerability Information.
1 Disclaimer The following information was presented by Andrew Levy of the Office of General Counsel of DHS on June 12, 2007 at the 2007 Chemical Sector.

1 Disclaimer The following information was presented by Andrew Levy of the Office of General Counsel of DHS on June 12, 2007 at the 2007 Chemical Sector.
Office of Inspector General (OIG) Internal Audit

Office of Inspector General (OIG) Internal Audit
NIST framework vs TENACE Protect Function (Sestriere, 21-23 Gennaio 2015)

NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Introduction to Network Defense

Introduction to Network Defense
IAEA International Atomic Energy Agency International Cooperation in Nuclear Security David Ek Office of Nuclear Security.

IAEA International Atomic Energy Agency International Cooperation in Nuclear Security David Ek Office of Nuclear Security.
K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss

K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss
Securing the Chemical Sector: An Overview of the Chemical Facility Anti-Terrorism Standards August 29, 2007 Ronald E. Miller Inspector.

Securing the Chemical Sector: An Overview of the Chemical Facility Anti-Terrorism Standards August 29, 2007 Ronald E. Miller Inspector.
Project Risk Management. The Importance of Project Risk Management Project risk management is the art and science of identifying, analyzing, and responding.

Project Risk Management. The Importance of Project Risk Management Project risk management is the art and science of identifying, analyzing, and responding.
Lisa Wood, CISA, CBRM, CBRA Compliance Auditor, Cyber Security

Lisa Wood, CISA, CBRM, CBRA Compliance Auditor, Cyber Security
Process Safety Management

Process Safety Management
Basics of OHSAS Occupational Health & Safety Management System

Basics of OHSAS Occupational Health & Safety Management System
Commissioning of Fire Protection and Life Safety Systems Presented by: Charles Kilfoil Bechtel National Waste Treatment Plant Richland WA.

Commissioning of Fire Protection and Life Safety Systems Presented by: Charles Kilfoil Bechtel National Waste Treatment Plant Richland WA.

Similar presentations

Ads by Google