1
Introduction
Since the attacks of September 11, 2001, federal, state, local, and tribal governments, aided by the private sector, have undertaken an unprecedented review of the nation’s infrastructure to determine potential targets for future terrorist attacks. At the national level, the Department of Homeland Security (DHS) has divided the nation into 17 categories of critical infrastructures and key assets, one of which is the chemical industry and hazardous materials sector.1 This study is intended to assist DHS in mitigating the vulnerabilities faced by the nation from this sector of the critical infrastructure.
Numerous studies have been and are being completed to understand the vulnerabilities posed by the sites, processes, and transportation meth-
1 |
The other infrastructure categories are agriculture and food, water, public health and healthcare, emergency services, defense industrial base, telecommunication, energy, transportation, banking and finance, postal and shipping, national monuments and icons, dams, government facilities, commercial facilities, and nuclear reactors, materials, and waste. See the following for more information: (a) Office of Science and Technology Policy and U.S. Department of Homeland Security. 2004. The National Plan for Research and Development in Support of Critical Infrastructure Protection. Available at http://www.dhs.gov/interweb/assetlibrary/ST_2004_NCIP_RD_PlanFINALApr05.pdf; (b) U.S. Department of Homeland Security. 2005. The Interim National Infrastructure Protection Plan. Available at http://www.deq.state.mi.us/documents/deq-wb-wws-interim-nipp.pdf. |
ods that make up the nation’s chemical infrastructure.2 These include DHS’s Risk Analysis and Management for Critical Assets Protection (RAMCAP) exercise. RAMCAP describes an overall methodology and common framework for risk management that can be used to identify and prioritize critical infrastructure across all sectors. RAMCAP allows for comparable analysis and results within and between sectors. For the nation’s chemical infrastructure, DHS is using RAMCAP to analyze specific chemical sites. The Environmental Protection Agency’s (EPAs) Risk Management Plan (RMP) data represent a compilation of site-specific data submitted by the chemical industry in compliance with the Clean Air Act.3
2 |
Of the many efforts under way or recently completed on chemical infrastructure protection, some most relevant to the present study include the following: (a) American Chemistry Council. 2002. Protecting a Nation: Homeland Defense and the Business of Chemistry. Arlington, VA; (b) O’Hanlon, M., P.R. Orszag, I.H. Daadler, I.M. Destler, D. Gunter, R.E. Litan, and J. Steinberg. 2002. Protecting the American Homeland: A Preliminary Analysis. Washington, DC: Brookings Institution Press; (c) Tucker, J.B. 2002. “Chemical Terrorism: Assessing Threats and Responses.” High Impact Terrorism: Proceedings of a Russian-American Workshop. Washington, DC: National Academy Press. 117; (d) Kleindorfer, P.R., J.C. Belke, M.R. Elliott, K. Lee, R.A. Lowe, and H.I. Feldman. 2003. “Accident epidemiology and the U.S. chemical industry: Accident history and worst-case data from RMP*Info” Risk Analysis. 23(5):865-881; (e) U.S. Department of Justice. 2000. Assessment of the Increased Risk of Terrorist or Other Criminal Activity Associated with Posting Off-Site Consequence Analysis Information on the Internet. Washington, DC: p. 13; (f) Congressional Research Service. 2003. Chemical Plant Security. RL31520. Washington, DC; (g) U.S. Department of Homeland Security. 2003. The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets. Washington, DC; (h) U.S. Department of Homeland Security. 2005. The Interim National Infrastructure Protection Plan. Washington, DC; (i) U.S. Department of Homeland Security, Office for Domestic Preparedness. 2003. Vulnerability Assessment Methodologies Report: Phase I Final Report. Washington, DC; (j) American Petroleum Institute and the National Petrochemical and Refiners Association. 2004. Security Vulnerability Assessment Methodology for the Petroleum and Petrochemical Industries. Washington, DC; (k) National Institute of Justice. 2002. A Method to Assess the Vulnerability of U.S. Chemical Facilities. Washington, DC; (l) Center for Chemical Process Safety of the American Institute of Chemical Engineers. 2002. Guidelines for Analyzing and Managing the Security Vulnerabilities of Fixed Chemical Sites. New York, NY; (m) U.S. Department of Homeland Security. 2004. Capabilities Based Planning Overview. Available at http://www.ojp.usdoj.gov/odp/docs/Capabilities_Based_Planning_Overview.pdf. |
3 |
Because of lack of access to detailed information, the committee reviewed neither the accuracy nor the appropriateness of RMP data nor the merits of the RAMCAP methodology. |
FOCUS OF THE STUDY
In discussions during the early portions of the study process that resulted in this report, DHS representatives made clear that they commissioned the report to complement their own RAMCAP exercise. Where RAMCAP is focused on a site-by-site analysis, this study attempts to take a systems-level view of the chemical infrastructure and the supply chain of which it is a part. Where RAMCAP is heavily focused on analyzing security measures within the chemical industry, this study is meant primarily to guide science and technology (S&T) investments by DHS that would reduce vulnerabilities associated with the chemical infrastructure. The full statement of task for this study is provided in Appendix B. How the statement of task was interpreted in light of discussions with DHS and based on available data is explained in the discussion that follows.
To clearly define the purview of this report requires the precise definitions of some words that might be used more loosely in common conversation:
-
Vulnerability is the manifestation of the inherent states of the system (e.g., physical, technical, organizational, social, cultural) that can be exploited by an adversary to adversely affect (cause harm or damage to) that system.
-
Intent is the desire or motivation of an adversary to attack a target and cause adverse effects.
-
Capability is the ability and capacity to attack a target and cause adverse effects.
-
Threat is the intent and capability to adversely affect (cause harm or damage to) the system by adversely changing its states.
-
Risk is the result of a threat with adverse effects to a vulnerable system.4
This report is concerned with the vulnerabilities that the nation faces from its chemical infrastructure. Vulnerabilities are determined by the inherent states of a system. These vulnerabilities arise not only from character-
istics of the chemical infrastructure itself, but also from characteristics of the system within which that infrastructure operates—for example, the local environment (e.g., communities, population size, natural resources) surrounding a plant, pipeline, or transportation channel; the economic dependencies between the chemical facility and other producers and users both upstream and downstream in the supply chain; and the organization and structure of local, state, and national regulatory and response capabilities.
This study was not intended to address the intent and capabilities of any potential adversary, nor was information on the intent and capability of any potential adversary available for the study. Therefore, this report does not discuss threat or risk as defined above.
Another way to understand the purview of this report is to consider risk assessment as an attempt to answer the following three questions:
-
What can go wrong?
-
What is the likelihood that it will go wrong?
-
What are the consequences?5
This report considers questions 1 and 3, which can be discussed at least qualitatively and sometimes quantitatively based on a wide range of open-source information. Consistent with the statement of task, which refers to “terrorist attack and other catastrophic loss,” this report concerns itself with consequences that reach catastrophic levels of casualties or catastrophic damage to the national economy.6 The report does not consider question
2, which would require intelligence information that was not available and analysis of terrorist networks and their capabilities, which was not considered part of this task.
Once the three questions above have been addressed, one asks what can be done to prevent the undesired event and to mitigate, respond to, and recover from its consequences. In the language of risk modelers, the risk assessment is followed by risk management. Risk management seeks to answer a second set of questions:
-
What can be done and what options are available?
-
What are the trade-offs in terms of all costs, benefits, and risks?
-
What are the impacts of current management decisions on future options?7
This report was chartered to provide DHS with guidance in making science and technology investments, especially research investments, aimed at protecting the nation from risk or hazard due to its chemical infrastructure. Because of this, the report focuses on answering the first of these three questions and provides limited comments on the other two.
When discussing “science and technology investments,” this report refers to investment in research in the physical, medical, social, and engineering sciences to develop the fundamental knowledge needed to better secure the nation from vulnerabilities resulting from its chemical infrastructure; in development efforts to take basic research results and move them toward applicability; or in development efforts designed to take an application currently in use in one sector and adapt it to the needs arising from the chemical infrastructure. This report does not concern itself with technology evaluation or procurement.
COMMITTEE APPROACH
To address the statement of task as discussed above, an analysis of the chemical infrastructure was used to identify its potential vulnerabilities. First, categorization of all the chemicals encompassed by the chemical infrastructure and a description of the chemical supply chain were devel-
oped. An examination of the general categories of chemicals and the chemical supply chain characteristics (Chapter 2) led to the identification of vulnerabilities (Chapter 3). A red teaming type exercise was then completed to determine ways in which the identified vulnerabilities could be exploited. All possibilities envisioned in this exercise were variations or combinations of a limited number of cases that required further examination. To demonstrate the adequacy, application, and plausibility of these cases and their potential consequences, general, illustrative scenarios were developed (Chapter 4). These scenarios utilized historical examples to illustrate the plausibility of the cases identified and their vulnerabilities, and to provide an existence proof of the possible consequences of not mitigating these vulnerabilities. Consideration of the scenarios and their consequences, and a detailed discussion of emergency management and risk mitigation (Chapter 5), led to the development of both general and specific science and technology recommendations created to guide DHS S&T initiatives (Chapter 6).