Figure 2. Schematic of the proposed approach to value-driven assessment of security risks in chemical clusters
To develop the methodology, a num- ber of steps need to be taken in accordance with the interdisciplinary nature of security risk in chemical plants.
Technical Aspects of Security Risk
To develop an integrated methodology, the influential parameters such as threats, vul- nerabilities, attractiveness, attack scenarios, and the extent and severity of consequenc- es should be investigated. A particular em- phasis should be given to the interdepen- dencies that can ramp up the likelihood of successful attacks or can exacerbate the severity of consequences via, for example, domino effects.
In order to account for uncertainties and interdependencies, and also to facili- tate the incorporation of precursor data in risk assessment and updating, applicability of probabilistic techniques such as Bayes- ian network (BN) can be examined. Owing to their flexible graphical structure and the robust probabilistic engine, BN has widely been applied to safety assessment of chemi- cal facilities, but its application to security risk assessment has been very limited.
Considering the interdependencies among chemical plants within a chemi- cal cluster, a BN can be developed for the entire cluster (Figure 3) where the nodes with identical color belong to the same chemical plant. Solid arcs and dashed arcs denote, respectively, the dependencies within individual chemical plants and the chemical cluster.
The BN can be used for an integrated security assessment and management, tak- ing into account both security and safety precursors so as to assess and update the security risks in a dynamic fashion.
Figure 3. Schematic of a super BN for security risk assessment of chemical clusters
Ethical Aspects of Security Risk
In addition to objective probabilities and consequences of security events, moral analysis should play a key role in the calcu- lation of security risks. Traditional risk as- sessment mainly serves the purpose of hav- ing a rational (technical) idea of the risks. However, in order to gain a more realistic measure of risks, not only the technical aspects but also the moral aspects of risk should be taken into account. The moral aspects will be used to modify the concept of conventional risk toward a “value-driv- en” risk, with three envisaged advantages:
First, the inclusion of moral aspects in the security assessment will probably result in fewer debated outcomes, ensuring the company’s policy is driven neither by pure rationale nor by pure emotion, but by a combination of both, and thus being more responsible to all stakeholders.
Second, the application of “value-driv- en” security risk can benefit the vulner- ability analysis. Conventional risk analysis provides a basis for the identification of technical vulnerabilities. However, the mindset of the public (and also terrorists) toward vulnerabilities can be quite differ- ent, leading to the concept of emotional vulnerability. The fact that an adversary who aims to intentionally cause damage to chemical plants may be a layperson and thus bases his decision and course of action onlaypersons’perceptionofvulnerability necessitates the inclusion of moral aspects in the security risk assessment.
Third, a company’s policy focused on security only is bound to clash with other moral values, such as safety, leading to moral overload or moral conflicts in such policy. For instance, for improving safety, the European Council Directive (Seveso III) on the prevention of major accidents mandates that chemical plants provide in- formation on the type, the inventory, and the location of the hazardous materials in the plant, the preventive measures in place,
and possible accident scenarios. A secu- rity policy may now want to again conceal such information so it does not fall into the hands of adversaries. Security measures should not conflict, however, with earlier demands by society on the chemical in- dustry to become more transparant about safety risks, calling for the development of company policies that realize both security and safety.
Economic Aspects of Security Risk
To make security risks tangible, the conse- quences should be interpreted in economic terms. Prevention costs and avoided ac- cident costs are used in an economic as- sessment to translate rational risks into economic terms. Direct costs (human ca- sualties, property damage, etc.), as well as indirect costs (loss of business continuity, damage to company reputation and ensu- ing drop in stock market, etc.), should be considered. Having the risks in monetary unit along with the cost and effectiveness of relevant countermeasures, a cost-benefit analysis can be performed to determine the optimal allocation of collective resources (chemical cluster wise) in order to reduce the risks as low as reasonably practicable. To this end, the super BN depicted in Fig- ure 4 can be extended to an influence dia- gram by adding decision and utility nodes (Figure 4). The developed influence dia- gram can be employed for a wide variety of decision analyses.
Figure 4. Extension of BN to an influence diagram for performing cost-benefit analysis
Nima Khakzad, Ph.D., P.Eng., is an Assis- tant Professor with the Safety and Security Science Section at Delft University of Tech- nology, The Netherlands. Pieter Vermaas is Associate Professor with the Department of Philosophy at Delft University of Technol- ogy. Genserik Reniers is a Full Professor on the Chair ‘Safety of Hazardous Materi- als’ at Delft University of Technology in the Netherlands and at the University of Ant- werp in Belgium.
www.ohsonline.com
109