Long before Sept. 11, Sandia was helping US government and industry shore up their defenses against terrorism, developing systematic ways to identify the security weaknesses of buildings, dams, drinking water supplies, and other possible targets.
Now experts in Security Systems and Technology Center 5800 are helping assess the security vulnerabilities of industrial facilities that manufacture, store, or transport hazardous chemicals.
As part of a project funded by the National Institute of Justice (NIJ), Labs physical security experts are developing a scientific vulnerability assessment methodology (VAM) that could be used to improve security at more than 10,000 US chemical facilities.
The project includes visiting several facilities, reviewing current security practices, and developing a set of recommendations about how security might be improved at US chemical plants to prevent terrorist attacks or blunt their effects.
Increasingly credible threat
The US Attorney General is to present Sandia’s preliminary observations and recommendations in a report delivered to Congress by Dec. 21.
Project leader Cal Jaeger (5845) says most chemical plants currently employ security practices typical of those employed by other sectors of US industry.
Stephen Melvin of the Orange County (Calif.) Fire Authority’s Hazardous Materials Services Section, who is helping Sandia on the VAM, says some chemical plants’ risk management plans already focus on accident and sabotage scenarios, and these facilities are generally well prepared and equipped with safety controls to prevent or mitigate catastrophic releases to the environment. Others that may not have focused on sabotage scenarios might be less prepared.
"We already know what could go wrong," says Melvin. "But now we have to look more carefully at the likelihood of a terrorist causing it. Today these facilities are considered a credible target."
The project began in January, long before the recent wave of terrorist attacks, adds Cal. But since Sept. 11, there has been increased awareness of vulnerabilities not only of the physical security of the plants themselves but also of the transport of chemicals and of the cyber systems that control the plants, he says.
The Chemical Facility VAM will take a look at all of these threats, he says.
Since January Labs experts have visited six US chemical plants, discussing each plant’s operations with top executives and security managers and touring the plant sites with a terrorist’s eye. They review security plans, study plant layouts and access controls, evaluate the use of security technologies, and gauge safety controls.
"We ask, if I am a bad guy, how would I do that," says Cal. "Then we evaluate the consequences and likelihood of each threat scenario."
They also have discussed the project with regulators, local law enforcement and emergency response authorities, and community groups. A key issue is how much information about a plant’s security should be shared with local authorities.
The visits, along with the expertise of industry insiders such as Melvin, will form the basis of the finished VAM. More recent plant visits are providing chances to test the methodology.
In simplest terms, the VAM includes a characterization of the facility; an evaluation of the consequences if the plant is targeted; a determination of the attributes of the most likely threats; an evaluation of the effectiveness of the current security measures against the threat spectrum; a quantification of the risk as a function of likelihood, security effectiveness, and consequences; and a cost-benefit analysis of possible security upgrades.
"It will tell you how much you can improve your risk score given several options and their costs," says Cal.
The Chemical Facility VAM builds on methodologies developed to evaluate other infrastructure assets, such as dams, buildings, and water systems, says Gordon Smith, Manager of Public Safety Technologies Dept. 5861.
"We have a good foundation on which to create a prototype methodology," he says. "The long-term goal will be to create a methodology and documentation that is useful to plant owners and security managers after some training."
Having an advisor like Melvin on the team "gives us great ideas and provides a reality check so we can make this methodology as usable as possible by the people who will have to use it," he adds.