The possibility of inducing severe security-related events with damage to people, property, and the environment by deliberate malicious attacks to chemical and process plants handling large quantities of hazardous materials received an increasing attention in recent years. The identification of the credible security scenarios is required by Security Vulnerability/Risk Assessment (SVA/SRA) methodologies. However, the current availability of supporting tools is limited. This may hinder a proper management of the risks, especially in the European context where security threats are only marginally recognized under the Seveso legislation. The present study aims at supporting a harmonized identification of the scenarios triggered by deliberate malicious physical attacks to chemical and process plants. An approach based on Bow-Tie formalism is proposed to identify reference security scenarios. The Bow-Tie diagram is used to link the attack modes (Attack Tree) to the relevant release scenarios (Security Events) and to the physical damage scenarios (Event Tree). Reference Bow-Tie diagrams were defined considering substances commonly present in process plants (e.g. flammable substances and oxidizing solids). The validation of the reference scenarios (both attack scenarios and physical damage scenarios) was provided by the analysis of more than 20 security-related incidents that occurred in chemical and process facilities worldwide in the last 50 years. Application to a case-study proved the effectiveness of the results achieved in supporting SVA/SRA studies and in promoting integration among safety and security management.(c) 2022 Institution of Chemical Engineers. Published by Elsevier Ltd. All rights reserved.
Matteo Iaiani, Alessandro Tugnoli, Valerio Cozzani (2022). Identification of reference scenarios for security attacks to the process industry. PROCESS SAFETY AND ENVIRONMENTAL PROTECTION, 161, 334-356 [10.1016/j.psep.2022.03.034].
Identification of reference scenarios for security attacks to the process industry
Matteo Iaiani;Alessandro Tugnoli
;Valerio Cozzani
2022
Abstract
The possibility of inducing severe security-related events with damage to people, property, and the environment by deliberate malicious attacks to chemical and process plants handling large quantities of hazardous materials received an increasing attention in recent years. The identification of the credible security scenarios is required by Security Vulnerability/Risk Assessment (SVA/SRA) methodologies. However, the current availability of supporting tools is limited. This may hinder a proper management of the risks, especially in the European context where security threats are only marginally recognized under the Seveso legislation. The present study aims at supporting a harmonized identification of the scenarios triggered by deliberate malicious physical attacks to chemical and process plants. An approach based on Bow-Tie formalism is proposed to identify reference security scenarios. The Bow-Tie diagram is used to link the attack modes (Attack Tree) to the relevant release scenarios (Security Events) and to the physical damage scenarios (Event Tree). Reference Bow-Tie diagrams were defined considering substances commonly present in process plants (e.g. flammable substances and oxidizing solids). The validation of the reference scenarios (both attack scenarios and physical damage scenarios) was provided by the analysis of more than 20 security-related incidents that occurred in chemical and process facilities worldwide in the last 50 years. Application to a case-study proved the effectiveness of the results achieved in supporting SVA/SRA studies and in promoting integration among safety and security management.(c) 2022 Institution of Chemical Engineers. Published by Elsevier Ltd. All rights reserved.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
