Part 1: Security Update
Are You Prepared to be Prepared?
David A. Moore
A New Awareness of Deliberate Release Potential
Prior to September 11th, chemical process safety activities focused on accidental release risks, and excluded most considerations of intentional releases. This was most likely due to a perception that these risks were managed adequately, and that the threat of a terrorist attack, particularly on U.S. chemical manufacturing facilities or transportation system, was remote.
The pendulum has dramatically swung the other direction, and now there is a real concern for this threat, as well as a sense of shock over the potential for damages. This has created a sense of urgency to analyze this threat and to make any changes that are necessary to reduce the risk. Hopefully we won’t be forced to make sacrifices in our accidental risk efforts in light of the urgency for security improvements.
At this juncture, most companies handling hazardous materials would admit that considerations of terrorist attack were not given much thought, but they are struggling to understand the risk and do the right thing right away. Many companies have already done some form of threat assessment and security hazard assessment, and have upgraded physical security measures.
Depending on the degree of exposure potential of the company or the public from an intentional release, the attractiveness of a target, and the ease of attack, companies may face entirely different risks than the facilities were designed to manage. It could require a very different mode of operation and security than is currently being employed.
The bigger problem is facing the new risk – what do we do about it and how do we know we have reduced the risk to an acceptable level? Public fear of this risk is extraordinary, and so risk acceptance could likely be altogether different. The risk decisions we have made over the years that seemed adequate for accidental risk may not be adequate for intentional risk.
Worse than this, the sky seems to be the limit for what may go wrong and what industry may have to do to prevent or protect against these threats. Sorting out the real risks from the possible hazards is going to be a major undertaking, and there is much uncertainty at this point on how to accomplish such a risk assessment and how to cope with this threat. Two key approaches are emerging – the Sandia Labs Vulnerability Assessment Model (VAM) and the Security Guidelines and approach developed by the American Chemistry Council, Synthetic Organic Chemical Manufacturer’s Association, and the Chlorine Institute. (AcuSafe will report on both of these methods in next month’s continuation of this article.)
The AcuTech Consulting Group has given thought to the possible threats and attempted to organize the many combinations and permutations into a threat matrix. Key to this matrix is the first variable – what is the target? Is the company a direct target or is it affected by a terrorist attack. From a pure risk management standpoint, companies need to be prepared for both contingencies, not only for the possibility of physical attack to their facilities. This shows the multi-faceted aspects of the problem, and the need for industry, community and government cooperation to address the problem.
This is a new area of process risk management, and much has to be done to further understand the potential, determine analysis methods, develop supporting guidance, and educate managers and engineers on how to manage the issue, to name a few activities required. Also, we have to come to grips with the determination of risk, and to decide on which threats are worthy of further analysis and change to our processes and the way we manage them.
While industry is facing this learning curve, the pressure to quickly reduce the risk continues. Already AcuTech is aware of efforts at the Federal and State level to regulate the issue. For example, we previously reported on the proposed Chemical Security Act of 2001, which is presently on a fast-track on the Hill. But State and Local regulators have also called into action. The State of New Jersey Department of Environmental Protection, the agency that administers the New Jersey Toxic Catastrophe Prevention Act (TCPA) regulations, has
written to registered companies
(http://www.acusafe.com/Security/NJDEP Site Security letter December 2001.tif)
to require that they update their reports of hazard review under N.J.A.C. 7:31-3 and process hazard analysis with risk assessment under N.J.A.C. 7:31-4. NJDEP references the newly published chemical security guidance from the American Chemistry Council
(http://www.americanchemistry.com), which is developed on facility security and transportation security.
They recommend the following resources:
The expectation is that industry will confront the issue head-on, and quickly, and take all necessary measures to reduce risk appropriately.
AcuSafe is a presentation of AcuTech Consulting, ©2002, All Rights Reserved