Acts of interference against industrial process facilities (IPF), such as power or process plants, might result in severe consequences in case of successful attack. Moreover, deliberate attacks against IPF have to be regarded as a credible threat, as confirmed by the attacks to two chemical facilities located in France in 2015. However, no specific regulation applies towards the integration of security aspects in the overall safety-based assessment of IPF, especially considering the optimization of protection systems to avoid the escalation of major accidents.
In the common industrial practice, IPF are provided with protection systems or “safety barriers” aimed at reducing the risk associated with the propagation of critical events (fires, explosions, contamination). Safety barriers need to face the uncertainty related to process upsets, malfunctions, operational errors, leading towards the propagation of unintentional events. At the same time, security protections are also installed in IPF, mainly focusing on intrusion avoidance and monitoring (i.e., physical security). These barriers cope with the unpredictable nature of external acts of interference, which may lead to relevant uncertainties in the optimization of the protections.
The present work is aimed at the systematic analysis of safety and security barriers to provide a methodology for i) the integration among safety and security aspects and related disciplines in the risk evaluation of IPF, ii) the optimal IPF protection configuration.
The methodology is based on the preliminary distinct identification of security and safety relevant events. Then, the eventual interaction among them through potential knock-on effects is discussed to derive the most relevant cascading events chains. The impact and credibility of the so identified cascading events are then evaluated. At the same time, safety barriers level-of-confidence is determined and verified with respect to the prevention and/or mitigation of the evaluated cascading events. This allows deriving integrated performance requirements for IPF protection.
The present approach is exemplified through the analysis of case studies, in particular focusing on the incidents occurred in France in 2015. Hence, the methodology is tested in real case-histories to highlight the complex interactions among safety and security aspects in the design of IPF protection systems.