Analysis of events involving the intentional release of hazardous substances from industrial facilities. (August 2021)
- Record Type:
- Journal Article
- Title:
- Analysis of events involving the intentional release of hazardous substances from industrial facilities. (August 2021)
- Main Title:
- Analysis of events involving the intentional release of hazardous substances from industrial facilities
- Authors:
- Iaiani, Matteo
Casson Moreno, Valeria
Reniers, Genserik
Tugnoli, Alessandro
Cozzani, Valerio - Abstract:
- Highlights: A data set of 373 past industrial security-related events was analyzed. Sectors, threats and scenarios were investigated with correspondence analysis. A focus on attack modes and final outcomes in process facilities was carried out. The results point out the relevance of security events involving process facilities. Application of results to security vulnerability and risk assessment is discussed. Abstract: Industrial infrastructures, in particular those where hazardous substances are stored or handled, may be the target of malicious acts aiming at the disruption of normal operations. In the present study a toolbox of complementary and synergic techniques (Correspondence Analysis (CA), Fishbone Diagrams, Cause-Consequence Chains, Adversary Sequence Diagram, Root Cause Analysis) was applied to the in-depth analysis of physical security- and cybersecurity-related events that affected the process industry. The unprecedented original set of information obtained provides novel insights concerning these events. Clear correlations among security threats, including cyber-threats, and specific industrial sectors, as well as among the final scenarios and the different security threats from which they originate were identified by CA. In particular, vandalism resulted strongly correlated with the transportation of hazardous substances, and theft of materials with oil and gas pipelines. When considering chemical and petrochemical sites, cyber-attacks and the use of improvisedHighlights: A data set of 373 past industrial security-related events was analyzed. Sectors, threats and scenarios were investigated with correspondence analysis. A focus on attack modes and final outcomes in process facilities was carried out. The results point out the relevance of security events involving process facilities. Application of results to security vulnerability and risk assessment is discussed. Abstract: Industrial infrastructures, in particular those where hazardous substances are stored or handled, may be the target of malicious acts aiming at the disruption of normal operations. In the present study a toolbox of complementary and synergic techniques (Correspondence Analysis (CA), Fishbone Diagrams, Cause-Consequence Chains, Adversary Sequence Diagram, Root Cause Analysis) was applied to the in-depth analysis of physical security- and cybersecurity-related events that affected the process industry. The unprecedented original set of information obtained provides novel insights concerning these events. Clear correlations among security threats, including cyber-threats, and specific industrial sectors, as well as among the final scenarios and the different security threats from which they originate were identified by CA. In particular, vandalism resulted strongly correlated with the transportation of hazardous substances, and theft of materials with oil and gas pipelines. When considering chemical and petrochemical sites, cyber-attacks and the use of improvised explosives resulted to be the most common attack modes performed by the threat actors. Personnel and vehicle gateways resulted key elements when designing the Physical Protection System (PPS) of a facility. Insiders having the permission to enter the site bypass such controls, and were responsible of several successful attacks. Overall, the results confirm the concreteness of security-related events in the process industry and provide an original structured and detailed insight on the attack patterns experienced to date. Moreover, the results and the data obtained provide a novel set of baseline information for the application of SVA (Security Vulnerability Assessment) or SRA (Security Risk Assessment) methodologies in facilities where hazardous substances are stored or processed. … (more)
- Is Part Of:
- Reliability engineering & system safety. Volume 212(2021)
- Journal:
- Reliability engineering & system safety
- Issue:
- Volume 212(2021)
- Issue Display:
- Volume 212, Issue 2021 (2021)
- Year:
- 2021
- Volume:
- 212
- Issue:
- 2021
- Issue Sort Value:
- 2021-0212-2021-0000
- Page Start:
- Page End:
- Publication Date:
- 2021-08
- Subjects:
- Past incident analysis -- Chemical and process industry -- Security -- Correspondence analysis -- Intentional act -- Attack patterns
Reliability (Engineering) -- Periodicals
System safety -- Periodicals
Industrial safety -- Periodicals
Fiabilité -- Périodiques
Sécurité des systèmes -- Périodiques
Sécurité du travail -- Périodiques
620.00452 - Journal URLs:
- http://www.sciencedirect.com/science/journal/09518320 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.ress.2021.107593 ↗
- Languages:
- English
- ISSNs:
- 0951-8320
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 7356.422700
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 23008.xml