The hazards which operators of critical infrastructure face can be categorised as (1) hazards related to natural events, (2) hazards from human error or technical failures and (3) hazards related to terrorism and criminal activity.
Some events can also draw in neighbouring or linked installations and property. A domino effect resulting for example from fire spreading from neighbouring establishments, or from flying debris following an explosion or even from the failure of utilities after disasters, can mean the surrounding area may be damaged or destroyed too.Multiple events which take place in a short time frame such as a second, delayed separate explosion or several almost simultaneous breakdowns at different places can under certain circumstances cause an exponential effect in which rescue or recovery measures are prevented or resources are assembled in the wrong place (diversionary measures).
The following risk factors can cause disruption of critical infrastructure
Risk factor: human
- lack of security awareness
- insufficient qualified staff
- human error
- criminal behaviour (sabotage, terror attacks)
Risk factor: organisation
- concentration of vital resources
- outsourcing of infrastructures critical to the enterprise
Risk factor: nature/environment
- Natural disasters (extreme weather, earthquakes, wild fires, mass social movements)
The assumptions applied within a particular hazard type are based on empirical knowledge of criminality, but may not apply absolutely in every case.The question of who are the likely culprits and their modus operandi cannot of course be answered with certainty.Based on experience of securing operations though it is possible to produce a rough classification with perpetrators or groups whose typical motives and possible behaviour patterns can be categorised according to level of danger.Negligent actions are not considered here, these are registered under hazards from events resulting from human error and technical failures.
How far potential culprits can actually generate serious damage and at what point it is possible and likely has to be the subject of a risk assessment in which the hazards in the locality of the company are identified (risk management). The types of hazard contain a series of assumptions which it should be possible to assign to the investigated hazard situation. Essentially these assumptions include:
- possible circumstances of the act,
- possible motives and typical behaviour/procedure,
- probable resources used and
- criminal force to be expected.
Deliberate incorrect operation
This refers to all deliberate acts in which a disturbance can be generated using one’s hands and without any further resources.This kind of act could for example include the switching on and off of facilities, the opening or closing of pipe controls (sliders), the turning of hand wheels and the operation of levers as part of a process sequence.Deliberate incorrect operation can be carried out both by an organisation’s own employees and by third parties.
Manipulation means the deliberate changing or moving of system parts with the aim of precipitating a critical situation.
Examples of this are:programming controls wrongly, tampering with measuring systems, suppressing process, error or alarm reporting systems or even switching off of protection systems.
Here it is primarily insiders with precise knowledge of the installation who come into question as culprits.
Threats from actions with criminal intent
For security professionals the following types of attack on structures are special risks as they can result in extensive damage.
Arson with oxidising substances: here it’s about arson which is carried out with the aid of substances which burn quickly and intensely. Examples of these attacks could be:the release and lighting of burnable liquids (for example petrol), the throwing of so-called ‘Molotov cocktails’ (for example through a window) or even the introduction of professional incendiary agents with a time- or remote-controlled ignition device.The attacks can also be carried out from outside (throwing distance) and presume a distinct criminal tendency.
Use of explosives: Here home laboratory, commercial or military explosives may be used.Potential attacks are, for example the positioning of a home-made ‘fire extinguisher bomb’ in a sensitive area of the site, or more probably against the outside of the building, the blowing up of containers and pipe-work, the blowing out of weight-bearing elements so that the tank collapses, the destruction of parts of an installation.Usually outsiders with radical political views lie behind attacks of this kind.
Bombardment: This could be shooting with air rifles or ball-bearings but ranges to the use of heavy weapons – for example anti-aircraft rockets – by terrorists.Examples of the potential impact includes:the generation of leaks from free-standing tanks or pipes, precipitating an explosion.Bombardment is more likely from outside the perimeter of the business site or industrial park meaning that installations nearer the fence are at greater risk.
Chemical threat in the industry
Plane crash: Here both the kinetic energy of the falling plane and the explosive power of its fuel or other explosive on board can have an effect.In addition a plane can be used as the transport medium for spreading ABCR substances.Offensives which lead to a crash can be brought about by external means, for example using a rocket, remote detonation of explosives, remote manipulation of the on-board electronics, malfunction or sabotage in the air traffic control centre or from the inside by taking over or disrupting the management or by detonating explosive (suicide bomber).
Use of ABCR weapons: Apart from the availability of suitable resources there is a wide spectrum of possible applications which need special consideration.The applications range from deliberate release of diseases (e.g. the posting of anthrax spores) or epidemics (putting highly infectious pathogens in supply systems or in the atmosphere) via so-called ‘dirty bombs’ with the aim of engendering long-term insecurity in the population, up to the use of poison gas for example at transport hubs.
Combination effects: Here too a wide spectrum is conceivable:from the previously mention dirty bombs combining explosive effect and radioactive contamination, via the destruction of a production plant plus the spread of noxious substances, to the media attention-catching single action with far-reaching consequences for company activities or the care of the population.
Threatened areas in the company
Critical infrastructure as well as particular production or service areas within a site are affected to different degrees by threats from natural events, human error or technical failure, as well as terrorism or criminal action.From the company’s point of view additional risk can result from staff reductions, centralization and automation of control and supervisory processes, the relocation of responsibilities resulting from outsourcing or lack of enforcement as a result of cost pressure.
Terrorism and criminality
The various grades of hazard with their suggested main conceivable threats affect the whole company.But within the company, individual company complexes consist of areas, units or installations which differ according to potential dangers faced, construction type, use, technical organization and above all their susceptibility to break-downs and disruption.
Even within departments of a facility there are usually places which are especially vulnerable.These need to be identified through a separate systematic investigation.As for the report required by Paragraph 9 Major Accidents Ordnance, in regard to building security what’s important are the real threat potential and the facilities for supplying and controlling the plant and equipment as well as the materials handling systems etc.
Classification of security zones
Because of this, as a rule it is sensible to divide the operating area into a number of zones of different kinds which are subject to different threats.A complete analysis of all potential weak points, combined with the different conceivable potential effects would give an un-manageable number of variants.So a more generalized grouping of areas or zones would appear sensible. Hence it can make sense for example to regard a coherent complex as a whole, without closer examination of what individual components and elements are susceptible and what exact effect a potential attack on one or other part of the site would be.The site complex in question is graded as security relevant and secured as such with all its individual parts included.
With supply systems which are used in the whole of the operations area, whenever possible zones should be formed according to the threatened building and the investigation, not widened out unnecessarily to wide-ranging networks.It is similarly important to see beyond one’s own operating boundary, both in respect of particular threats in the areas of the supply chain both upstream and downstream as well as in relation to the effects of geographical change with neighbouring hazard sites.
Threats from human error and technical failure
Human error and technical failures cause the majority of cases of damage. Fires can arise from humans and technology, including arson, lightning, from the release of hazardous substances or as a consequence of explosions. The avoidance of large fires is crucial for the protection of critical infrastructure.
The release of hazardous substances (all substances of atomic, biological, chemical and radiological nature ABCR[CBRN]), which have damaging effects on the environment or humans, or those which lead to explosions and fires, is another field.The properties of hazardous substances are highly variable and range from irritating, and flammable to explosive, dangerous to the environment, chronically damaging and toxic.With the aid of an individual hazardous substance cadastre those used in the company can be identified.
An explosion consists of a sudden expansion of gases caused by the release of energy which generates a pressure wave and may lead to the development of heat.Explosions can be caused by human error or technical faults and may be intentional, by lightning or through the release of hazardous substances.
Other physical impact from within or without
Physical impact from within or without can be precipitated through accidents such as traffic or occupa- tional accidents as well as plane crashes.Besides destruction of the property, accidents can lead to fires and explosions, to the release of hazardous substances and to other types of damage.
Threats from terrorism and criminal activity
As a result of the analysis on the general risk situation in a company, threats from terrorism or criminal activities can be assigned to particular graded types of hazard.The different grades give an overview of the possible potential culprits their potential or typical way of operating, aims and motives as well as about the level of criminal force.With their help it is possible to produce an overview of what kinds of risks are to be taken into consideration.
Prevent domino effects and seal off IT systems
It is no longer just computer viruses which threaten to disable the office computer.Malware deployed at critical point can disrupt basic functions in today’s society.In order to avoid a domino effect and prevent a failure in downstream stages avoidance strategies have to be implemented.
Nowadays hackers can influence traffic monitoring, telecommunication and energy supply chains as well as traditional product production via the internet from anywhere in the world.In the view of the ZVEI (the Germany Central Association for Electrical Systems and Electronic and Electrical Industries) security has a central role in the network-related future topics like Smart Grid, telemedicine, industrial automation or electro-mobility.
The association sees ‘critical infrastructures’ as changing to ‘interdependent critical structures’.Thereby having more levels.Therefore as the most important association of producers of electronic intelligence such as detectors, system evaluation and control, devices, the ZVEI wants to immunize them as far as possible.In regard to traditional security systems such as for example fire and intruder alarms, access control and video monitoring systems, the association points to internationally standardised plat- forms such as the Open Network Video Interface Forum (ONVIF) which forms a basis for network and also needs to be protected from sabotage. [Source: ZVEI, BMI] by Maria Lehmen
What are Critical Infrastructures (CI)? Overview Download here