TY - JOUR
T1 - Analysis of events involving the intentional release of hazardous substances from industrial facilities
AU - Iaiani, Matteo
AU - Casson Moreno, Valeria
AU - Reniers, Genserik
AU - Tugnoli, Alessandro
AU - Cozzani, Valerio
PY - 2021
Y1 - 2021
N2 - Industrial infrastructures, in particular those where hazardous substances are stored or handled, may be the target of malicious acts aiming at the disruption of normal operations. In the present study a toolbox of complementary and synergic techniques (Correspondence Analysis (CA), Fishbone Diagrams, Cause-Consequence Chains, Adversary Sequence Diagram, Root Cause Analysis) was applied to the in-depth analysis of physical security- and cybersecurity-related events that affected the process industry. The unprecedented original set of information obtained provides novel insights concerning these events. Clear correlations among security threats, including cyber-threats, and specific industrial sectors, as well as among the final scenarios and the different security threats from which they originate were identified by CA. In particular, vandalism resulted strongly correlated with the transportation of hazardous substances, and theft of materials with oil and gas pipelines. When considering chemical and petrochemical sites, cyber-attacks and the use of improvised explosives resulted to be the most common attack modes performed by the threat actors. Personnel and vehicle gateways resulted key elements when designing the Physical Protection System (PPS) of a facility. Insiders having the permission to enter the site bypass such controls, and were responsible of several successful attacks. Overall, the results confirm the concreteness of security-related events in the process industry and provide an original structured and detailed insight on the attack patterns experienced to date. Moreover, the results and the data obtained provide a novel set of baseline information for the application of SVA (Security Vulnerability Assessment) or SRA (Security Risk Assessment) methodologies in facilities where hazardous substances are stored or processed.
AB - Industrial infrastructures, in particular those where hazardous substances are stored or handled, may be the target of malicious acts aiming at the disruption of normal operations. In the present study a toolbox of complementary and synergic techniques (Correspondence Analysis (CA), Fishbone Diagrams, Cause-Consequence Chains, Adversary Sequence Diagram, Root Cause Analysis) was applied to the in-depth analysis of physical security- and cybersecurity-related events that affected the process industry. The unprecedented original set of information obtained provides novel insights concerning these events. Clear correlations among security threats, including cyber-threats, and specific industrial sectors, as well as among the final scenarios and the different security threats from which they originate were identified by CA. In particular, vandalism resulted strongly correlated with the transportation of hazardous substances, and theft of materials with oil and gas pipelines. When considering chemical and petrochemical sites, cyber-attacks and the use of improvised explosives resulted to be the most common attack modes performed by the threat actors. Personnel and vehicle gateways resulted key elements when designing the Physical Protection System (PPS) of a facility. Insiders having the permission to enter the site bypass such controls, and were responsible of several successful attacks. Overall, the results confirm the concreteness of security-related events in the process industry and provide an original structured and detailed insight on the attack patterns experienced to date. Moreover, the results and the data obtained provide a novel set of baseline information for the application of SVA (Security Vulnerability Assessment) or SRA (Security Risk Assessment) methodologies in facilities where hazardous substances are stored or processed.
KW - Attack patterns
KW - Chemical and process industry
KW - Correspondence analysis
KW - Intentional act
KW - Past incident analysis
KW - Security
UR - http://www.scopus.com/inward/record.url?scp=85104471625&partnerID=8YFLogxK
U2 - 10.1016/j.ress.2021.107593
DO - 10.1016/j.ress.2021.107593
M3 - Article
AN - SCOPUS:85104471625
SN - 0951-8320
VL - 212
JO - Reliability Engineering and System Safety
JF - Reliability Engineering and System Safety
M1 - 107593
ER -