Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dow Security Vulnerability Assessment Overview

Published byMitchell Harris Modified over 6 years ago

Similar presentations

Presentation on theme: "Dow Security Vulnerability Assessment Overview"— Presentation transcript:

1 Dow Security Vulnerability Assessment Overview
April, 2005 This document and any technical information contained herein was prepared for use by Dow employees at Dow facilities. Dow has provided for the compilation of the information in this document as a part of an effort by its employees and contractors to collect and share their experience and expertise in the areas of security. The contributors to this document believe the information provided is accurate, and they have provided this information in good faith. However, no warranty, express or implied, is given by Dow. When used by other than Dow employees, or other than in Dow facilities, those who use this document should use their independent judgment in evaluating information contained herein, and assume the risk for using the information provided in this document. Dow assumes no responsibility for damages resulting from the use of the information herein including the accuracy or reasonableness of the factual or statistical assumptions, studies or conclusions, ownership or copyright or other intellectual property rights, or personal rights of others. The user is solely responsible for compliance with applicable governmental requirements. References to "Dow" mean The Dow Chemical Company and its consolidated subsidiaries unless otherwise expressly noted. GMK - 3/4/ Pg. 1

2 Dow General Background of the SVA process
Outline Dow Background of the SVA process Overview of Dow SVA process steps Review the type of recommendations that are generated by Dow SVAs. Expectations about Dow site vulnerability Key issues identified during Implementation General General items, Public and Private Responsibilities of companies WBP- 4/25/ Pg. 2

3 After the 9/11/2001 attack on the WTC:
SVA Background After the 9/11/2001 attack on the WTC: Focus of US authorities on Process Industry Draft legislation (elimination of highly toxic materials, additional layers of protection) ACC proposal: Assessment first Mandatory in US Additional requirements will depend upon outcome WBP- 4/25/ Pg. 3

4 Dow decided to use the Sandia SVA methodology
SVA Background (continued) Dow decided to use the Sandia SVA methodology Sandia National Labs under contract by the Department of Justice developed a Vulnerability Assessment Methodology for Chemical Facilities (VAM-CF) Purpose to identify vulnerabilities to attacks and recommend upgrades to reduce risk (Scenario Based) Other assessment tools - CCPS, others Dow supplements the Sandia methodology with our Emergency Services & Security audit. (Site Based) Combination of scenario and site based assessments provides Dow with a comprehensive SVA process. WBP- 4/25/ Pg. 4

5 Screening of all manufacturing sites into 4 tiers
SVA Process Steps Screening of all manufacturing sites into 4 tiers based upon perceived consequences of an attack Used to prioritize the assessment work Established standard scope for SVAs undesired release of a hazardous (flammable or toxic) chemical with significant off-site consequences caused by either a potential outside (Terrorist or extremist) or an inside (disgruntled employee) adversary. Planning Gather data from site process plants, local law enforcement and site leadership Preliminary scenario consequence severity & threat level used to identify high priority attack scenarios WBP- 4/25/ Pg. 5

6 Analysis of Findings & Recommendations
SVA Process Steps Perform Site Visit ES&S audit – evaluates existing perimeter security and meets Security portion of EH&S Audits SVA using Sandia Methodology confirms high priority scenarios (~ 2 hours per process plant) Interviews of site employees from process plants & ES&S Provide implementation support to site personnel Analysis of Findings & Recommendations Consensus development of recommendations by SVA team Includes consideration for removal or reduction of the hazardous material as well as mitigation to deter, detect or delay an adversary. Impact of the recommendations is documented WBP- 4/25/ Pg. 6

7 Final Report & Communications
SVA Process Steps Final Report & Communications SVA report written and agreed upon by site & business Legal review of the SVA report document General communication to site employees that SVA was conducted Security awareness training for site personnel A plan is immediately developed to implement action items from the report Third party verification of action items being completed in the US. WBP- 4/25/ Pg. 7

8 Sensitivity & Confidentiality of the SVA documentation
SVA Process Steps Sensitivity & Confidentiality of the SVA documentation Information in the SVA is security sensitive because it provides details on the scenarios and potential consequences. (Roadmap for a terrorist) Internal SVA related document are Dow confidential and not shared externally except as necessary to advance security or as required by law. Documents required by US federal, state or local law are protected by law from public disclosure and safeguarded as sensitive information. Dow internal SVA related documents are only shared within Dow on an as needed basis. Secure server used for storage WBP- 4/25/ Pg. 8

9 SVA and ES&S Audits – Typical Recommendations
Frequently Less Frequently Process Modifications: Inventory Reductions: Fewer, Smaller storage vessels Fewer filled railcars on site Protection of easily accessible nozzles & valves When practical, Inherently Safer Materials (e.g., replacement of Cl2 refrigerant) Acceleration of implementation of Safety Instrumented System installations which will also address Security Vulnerabilities. Automation of protective functions Installation of SIS with protected code to prevent “insider” overrides. Personnel Training security awareness training Perimeter security: additional patrols upgrade pipeline & utilities main junctions reduce gates Priority Areas: plant perimeter security fencing upgrades access control Control room & key area security access control to control rooms & computer rooms (ID cards, video, alarms) target hardening (barricades, etc.) WBP- 4/25/ Pg. 9

10 SVA and ES&S Audits SVA Expectations
The SVA Recommended Action items alone WILL NOT: assure that we will or can stop a group of determined armed terrorists by these actions alone. To reduce the vulnerability and improve our site security and ability to stop or respond to an adversary before they accomplish a successful attack will require a combination of implementing the SVA action items with: advanced intelligence combined with escalation of site security (as per our site security contingency plan) and/or an armed response team provided by local law enforcement Working with local law enforcement and government security agencies is an essential element of our strategy WBP- 4/25/ Pg. 10

11 SVA and ES&S Audits - OTHER KEY ISSUES
Dow Goals for Security Vulnerability reduction Provide increase level of perimeter security Implement action items to reduce all Category 1 & Category 2 (highest risk) scenarios to Category 3. Unmitigated Category 1 or 2 scenarios must be reviewed & approved by EH&S Management Board. Responding to government regulations may require sites to review SVAs and Action Items with government agencies. Control of sensitive information is critical Some SVAs may be required to be redone using agency methodology Likelihood of Adversary Success L S Risk 1 2 3 4 AS Likelihood & Severity WBP- 4/25/ Pg. 11

12 General items, public and private
From UNICE * position paper on Security Cooperation between Public authorities (authority and information) and Business (owners of the risk) cooperation is essential. Integrated EU strategy against terrorism and reduction of impact. Priority to reinforcing existing structures. Cooperation with the US. Mutual recognition of each other’s implementing measures. (*) Union of Industrial and Employers’ Confederations of Europe WBP- 4/25/ Pg. 12

13 General items, public and private (continued)
Initiatives to fight terrorism should be followed by relevant information to the companies. They need to be able to reduce vulnerability. Joint work should lead to effective and cost-efficient security initiatives. Common implementation in the EU member states. The list of accepted standards and methodologies across the EU should include the US methodologies that are already implemented. WBP- 4/25/ Pg. 13

14 Responsibilities of Companies
Risk Management System Identification Evaluation Measures Emergency Preparedness (within the existing framework of cooperation with the Authorities) Measures need to be proportional to the (semi) quantified risks Training and Emergency Drills for Terrorist and Sabotage scenarios WBP- 4/25/ Pg. 14

15 General items, public and private (continued)
Initiatives to fight terrorism should be followed by relevant information to the companies. They need to be able to reduce vulnerability. Joint work should lead to effective and cost-efficient security initiatives. Common implementation in the EU member states. The list of accepted standards and methodologies across the EU should include the US methodologies that are already implemented. WBP- 4/25/ Pg. 15

16 QUESTIONS? WBP- 4/25/ Pg. 16

Download ppt "Dow Security Vulnerability Assessment Overview"

Similar presentations

GMK - 3/4/05 Pg. 1 Dow Security Vulnerability Assessment Overview April, 2005 This document and any technical information contained herein was prepared.

GMK - 3/4/05 Pg. 1 Dow Security Vulnerability Assessment Overview April, 2005 This document and any technical information contained herein was prepared.
A Joint Code of Practice Objectives and Summary Presentation

A Joint Code of Practice Objectives and Summary Presentation
Department of Homeland Security Site Assistance Visit (SAV)

Department of Homeland Security Site Assistance Visit (SAV)
Course Material Overview of Process Safety Compliance with Standards

Course Material Overview of Process Safety Compliance with Standards
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Pakistan Nuclear Regulatory Authority

Pakistan Nuclear Regulatory Authority
Global Marketing Overview of Supply Chain Security Assurance Certification/membership in supply chain security programs –Different programs focus on particular.

Global Marketing Overview of Supply Chain Security Assurance Certification/membership in supply chain security programs –Different programs focus on particular.
FACILITY SAFETY: Creating a Safe and Secure Environment in the Community Health Center Presented by Steve Wilder, BA, CHSP, STS Sorensen, Wilder & Associates.

FACILITY SAFETY: Creating a Safe and Secure Environment in the Community Health Center Presented by Steve Wilder, BA, CHSP, STS Sorensen, Wilder & Associates.
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
Securing the Chemical Sector: An Outline of the Chemical Facility Anti-Terrorism Standards (CFATS) Program May 2008.

Securing the Chemical Sector: An Outline of the Chemical Facility Anti-Terrorism Standards (CFATS) Program May 2008.
Presented at the 2007 CUPA Conference by SRM Associates, Inc. PO Box 891993 Temecula, CA 92589-1993 (951) 764-3626 Chemical Site Security and Chemical.

Presented at the 2007 CUPA Conference by SRM Associates, Inc. PO Box Temecula, CA (951) Chemical Site Security and Chemical.
Producer Risk Assessment in Plant Biosecurity Management.

Producer Risk Assessment in Plant Biosecurity Management.
PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.

PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.
IS Audit Function Knowledge

IS Audit Function Knowledge
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Purpose of the Standards

Purpose of the Standards
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
IAEA International Atomic Energy Agency International Cooperation in Nuclear Security David Ek Office of Nuclear Security.

IAEA International Atomic Energy Agency International Cooperation in Nuclear Security David Ek Office of Nuclear Security.

Similar presentations

Ads by Google