Analysis of events involving the intentional release of hazardous substances from industrial facilities

Industrial infrastructures, in particular those where hazardous substances are stored or handled, may be the target of malicious acts aiming at the disruption of normal operations. In the present study a toolbox of complementary and synergic techniques (Correspondence Analysis (CA), Fishbone Diagrams, Cause-Consequence Chains, Adversary Sequence Diagram, Root Cause Analysis) was applied to the in-depth analysis of physical security- and cybersecurity-related events that affected the process industry. The unprecedented original set of information obtained provides novel insights concerning these events. Clear correlations among security threats, including cyber-threats, and specific industrial sectors, as well as among the final scenarios and the different security threats from which they originate were identified by CA. In particular, vandalism resulted strongly correlated with the transportation of hazardous substances, and theft of materials with oil and gas pipelines. When considering chemical and petrochemical sites, cyber-attacks and the use of improvised explosives resulted to be the most common attack modes performed by the threat actors. Personnel and vehicle gateways resulted key elements when designing the Physical Protection System (PPS) of a facility. Insiders having the permission to enter the site bypass such controls, and were responsible of several successful attacks. Overall, the results confirm the concreteness of security-related events in the process industry and provide an original structured and detailed insight on the attack patterns experienced to date. Moreover, the results and the data obtained provide a novel set of baseline information for the application of SVA (Security Vulnerability Assessment) or SRA (Security Risk Assessment) methodologies in facilities where hazardous substances are stored or processed.