Risk Based Facility Vulnerability Analyses

Abstract of Meeting Paper

Society for Risk Analysis 2002 Annual Meeting

Risk Based Facility Vulnerability Analyses. P. Baybutt, Primatech, Inc.

Threats from terrorist and criminal acts against chemical plants, oil refineries and other plants in the process industries have generally not been considered when assessing risks prior to September 11, 2002. The events of that day have mobilized many organizations to address what is now considered the real risk of the deliberate release, diversion or theft of hazardous chemicals with the intention of causing harm. Such acts could result in large numbers of public fatalities, economic and environmental damage, and loss of public confidence.

The risk of such threats must be assessed to determine if existing security measures and safeguards are adequate or need improvement. Risk analysis approaches are rapidly being developed by both industry and government and efforts are underway to apply and refine them. Risk assessment is the heart of a process security program. It involves:

Performing a threat analysis to identify what could happen (type of event and source), its likelihood and an initial risk estimate
Conducting a vulnerability analysis to determine how it might happen and refine the risk estimate
Considering what can be done to lower the risk in the form of security measures and safeguards.

Assessments can range from simple qualitative studies to quantitative analyses. Threat analysis considers the motivations and capabilities of adversaries and facility security factors are rated to develop a threat profile. Once specific threats have been identified, vulnerability analysis is used to identify threat scenarios, i.e. how threats could be realized. Plants and processes can be divided into sectors and each credible threat within each sector considered. Vulnerabilities are identified by considering the ways barriers can be penetrated and process containment breached. Checklists are used as guides and scenario consequences are recorded. Existing security measures and safeguards are listed and any recommendations for improvements to reduce the likelihood and severity of terrorist and criminal acts are made for consideration by management based on the nature of the threat, process vulnerabilities, possible consequences, and existing security measures and safeguards. Risk estimates are used to guide decisions.

This paper describes the nature of the threat, how risks of deliberate acts can be assessed by plants in the process industries, and what can be done about them. Examples are provided.

Go to . . .

2002 SRA Annual Meeting Table of Contents
2002 SRA Annual Meeting Author Index
Main Abstracts Menu Page
RiskWorld Home Page