Beyond Guns, Guards and Gates: A Holistic Approach to Critical Infrastructure Protection

Transcription

1 Beyond Guns, Guards and Gates: A Holistic Approach to Critical Infrastructure Protection Susan Mitchell M. Sam Mannan Mary Kay O Connor Process Safety Center Texas A&M University, Department of Chemical Engineering

2 Outline Critical Infrastructure introduction Related Legislation Security System Design Facility Protection Holistic Approach Conclusion

3 Critical Infrastructure Critical infrastructure is physical and cyber-based systems essential to the minimum operations of the economy and government. * Examples: Energy Financial Transportation Telecommunications Emergency services Characteristics: Diverse capabilities Complex structure Resistant to random failures Vulnerable to unanticipated failures *The White House. Presidential Decision Directive/NSC-63. Washington DC, May 22, Accessed

4 System Interdependencies Petroleum and electric power Emergency services and transportation Banking and telecommunications Transportation and energy

5 Examples of Failures East coast power failure Melissa computer virus Spinach e-coli outbreak BP explosion 09/16/shoppers_adapt_to_spinach_recall/

6 Legislation Department of Homeland Security Mission Objectives Chemical Security Bills Corzine bills Summer 06 bills 14-x-14-Homeland-Security.jpg

7 Security System Design Facility Characterization Physical conditions Facility procedures, policies, & objectives Threat Assessment Sabotage fault trees Layer of protection analysis (LOPA) System Evaluation Risk Assessment

8 Facility Protection Access Control Passwords and PINs Badges Biometrics Sensors Other measures Alarms Spacing Isolation valves Feed contamination /content/sensor.jpg

9 Physical Protection Limitations No system impenetrate Defeat easier than design What happens if physical protection systems fail? Designers must consider holistic approaches to augment protection and prevent vulnerability development.

10 Holistic Approach Consider the external events and resources in determining target value Multiple events Hysteria value Weapon potential Consider working backwards or taking a devil s advocate position. Integrated security and safety protection.

11 Holistic Approach Focus on inherent security as inspired by inherent safety Inspired by inherent safety principles Intensification Substitution Attenuation Simplification Possible inherent security principles Perception and Layout Information and Computer Systems Safeguards and Design

12 Holistic Approach Ask critical security questions early Pay attention to common points Interdependencies Steam, electricity, fuel gas or other utilities Information or emergency systems Focus on multiple or decentralized protection layers Focus on common protection schemes

13 Holistic Approach Utilize efficient information management Manage risk holistically Consider successful attack consequences Be proactive about security legislation measures American Chemistry Council code Risk prioritization Vulnerability assessment Security enhancement Independent verification

14 Holistic Approach Aggressively pursue security research opportunities Dual-use technology Multiple initiating cause Vulnerability assessments Resilient research Safety system failures

15 Conclusion New challenges Current limitations Varied influences Different perspective Greater integration Stronger protection

16 Acknowledgements Dr. M. Sam Mannan Students and Staff of MKOPSC Department of Homeland Security Acknowledgement statement This research was performed while on appointment as a U.S. Department of Homeland Security (DHS) Fellow under the DHS Scholarship and Fellowship Program, a program administered by the Oak Ridge Institute for Science and Education (ORISE) for DHS through an interagency agreement with the U.S Department of Energy (DOE). ORISE is managed by Oak Ridge Associated Universities under DOE contract number DE-AC05-00OR All opinions expressed in this paper are the author's and do not necessarily reflect the policies and views of DHS, DOE, or ORISE.

17 Questions? Mary Kay O Connor Process Safety Center Texas A&M University, Department of Chemical Engineering