PC-OCT23-PG22-23.1_Layout 1 03/10/2023 10:09 Page 22
HAZARDOUS AREAS & SAFETY
MANAGING RISK: why it is an investment, not a cost
Nelson Duran, Director of Operations for the Protected Design Group within ABS Group, says that while cybersecurity measures are vital, they should also be accompanied by robust physical security strategies
Whether operating within the bounds of
the plant incidentally or with malicious intent, even the most unsophisticated UAVs can easily penetrate traditional physical security measures (e.g., fences, gates, perimeter cameras, etc.). Most enterprises did not have to consider this when their plant was originally built, thus potentially leaving them exposed to such modern-day threats. Even on greenfield projects today, the
in safeguarding their OT and IT infrastructure from digital threat vectors, the importance of facility physical security can sometimes be overlooked. However, it remains an essential component of enterprise risk mitigation. A comprehensive security strategy should
I
prioritise and address both cyber and physical vulnerabilities. After all, a malicious actor in either area can cause significant undesirable outcomes (e.g., compromised employee health and safety, damage to equipment, lost production, etc.). Despite advancements in technology,
some hazards will continue to exist. Insider threats, for example, always pose a significant risk to organisations. Typically, these types of attacks are orchestrated by individuals (e.g., employees, contractors, trusted partners, etc.) who have authorised access to systems, data, or facilities but misuse that access for malicious purposes. The threat they present can range from accidental breaches due to negligence or lack of awareness, to deliberate acts of sabotage, espionage, or data theft. Insider threats can be particularly
challenging to detect and mitigate because the individuals often have legitimate access and can exploit their privileges without raising suspicion. Some of the best prevention methods for this type of risk are implementing robust access controls,
22 OCTOBER 2023 | PROCESS & CONTROL
n today's technology-driven world, where cyber threats dominate headlines and organisations invest significant resources
regular monitoring, and employee awareness programs. Promoting a culture of security and vigilance can minimise the potential impact of insider threats, and valuable assets, such as sensitive information, can be better safeguarded. Vandalism, theft, and release of toxic or
flammable substances are also an ever- present risk to facilities. In recent years, many organisations have upgraded their assets to include the latest digital monitoring equipment, promoting the rapid uptake of industrial cybersecurity measures. However, this doesn’t eliminate the risk of physical attempts at vandalism, theft, or purposeful releases, nor does it negate the need to defend against such attempts. Organisations should remain vigilant of these threats, even in a cyber-focused world. Cyberattacks are typically the first thing
that come to mind when discussing the impact of increased digitalisation on industrial plant security. However, physical attack vectors have also evolved with technology. One prominent physical attack vector
example is unmanned aerial vehicles (UAVs) or drones. Several high-profile drone attacks on critical infrastructure outside the U.S. have raised questions about how facilities can protect against aerial attacks. While most of these incidents originate from nation-states or designated terrorist groups with military- grade UAVs, access to recreational drones is now ubiquitous.
implications of a drone attack are not always incorporated into facility risk assessments. Part of this is attributable to the perception that nothing can proactively be done to prevent such an occurrence. However, this is only true in some cases, as certain critical areas of the facility can be hardened. By incorporating the threat into a facility
risk assessment, personnel will be forced to think about reactive measures if an event does occur, which is important to help minimise its impact and better preserve safety after the fact. Embracing the concept of “Security-By-
Design”, which prioritises integrating security features into the facility during its development, is also important. By addressing physical threats as early as possible with the same rigor and focus as those in the digital space, organisations can enhance their overall security posture, mitigate threats, and help ensure business continuity. Countries like Singapore are leading
physical security regulations in up-front building design through their Infrastructure Protection Act (IPA). In the future, as threats to mission-critical facilities continue to evolve, it is expected that other countries will implement similar regulations. To help ensure that all physical security
risks are addressed, it is beneficial for enterprises to perform either Security Vulnerability Assessments (SVAs), Threat and Vulnerability Risk Assessments (TVRAs), or both. Each constitutes a comprehensive approach to risk mitigation and can help facilities develop an effective physical security strategy by:
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50
