1
Introduction

Since the attacks of September 11, 2001, federal, state, local, and tribal governments, aided by the private sector, have undertaken an unprecedented review of the nation’s infrastructure to determine potential targets for future terrorist attacks. At the national level, the Department of Homeland Security (DHS) has divided the nation into 17 categories of critical infrastructures and key assets, one of which is the chemical industry and hazardous materials sector.1 This study is intended to assist DHS in mitigating the vulnerabilities faced by the nation from this sector of the critical infrastructure.

Numerous studies have been and are being completed to understand the vulnerabilities posed by the sites, processes, and transportation meth-

1  

The other infrastructure categories are agriculture and food, water, public health and healthcare, emergency services, defense industrial base, telecommunication, energy, transportation, banking and finance, postal and shipping, national monuments and icons, dams, government facilities, commercial facilities, and nuclear reactors, materials, and waste. See the following for more information: (a) Office of Science and Technology Policy and U.S. Department of Homeland Security. 2004. The National Plan for Research and Development in Support of Critical Infrastructure Protection. Available at http://www.dhs.gov/interweb/assetlibrary/ST_2004_NCIP_RD_PlanFINALApr05.pdf; (b) U.S. Department of Homeland Security. 2005. The Interim National Infrastructure Protection Plan. Available at http://www.deq.state.mi.us/documents/deq-wb-wws-interim-nipp.pdf.



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 12
Terrorism and the Chemical Infrastructure: Protecting People and Reducing Vulnerabilities 1 Introduction Since the attacks of September 11, 2001, federal, state, local, and tribal governments, aided by the private sector, have undertaken an unprecedented review of the nation’s infrastructure to determine potential targets for future terrorist attacks. At the national level, the Department of Homeland Security (DHS) has divided the nation into 17 categories of critical infrastructures and key assets, one of which is the chemical industry and hazardous materials sector.1 This study is intended to assist DHS in mitigating the vulnerabilities faced by the nation from this sector of the critical infrastructure. Numerous studies have been and are being completed to understand the vulnerabilities posed by the sites, processes, and transportation meth- 1   The other infrastructure categories are agriculture and food, water, public health and healthcare, emergency services, defense industrial base, telecommunication, energy, transportation, banking and finance, postal and shipping, national monuments and icons, dams, government facilities, commercial facilities, and nuclear reactors, materials, and waste. See the following for more information: (a) Office of Science and Technology Policy and U.S. Department of Homeland Security. 2004. The National Plan for Research and Development in Support of Critical Infrastructure Protection. Available at http://www.dhs.gov/interweb/assetlibrary/ST_2004_NCIP_RD_PlanFINALApr05.pdf; (b) U.S. Department of Homeland Security. 2005. The Interim National Infrastructure Protection Plan. Available at http://www.deq.state.mi.us/documents/deq-wb-wws-interim-nipp.pdf.

OCR for page 12
Terrorism and the Chemical Infrastructure: Protecting People and Reducing Vulnerabilities ods that make up the nation’s chemical infrastructure.2 These include DHS’s Risk Analysis and Management for Critical Assets Protection (RAMCAP) exercise. RAMCAP describes an overall methodology and common framework for risk management that can be used to identify and prioritize critical infrastructure across all sectors. RAMCAP allows for comparable analysis and results within and between sectors. For the nation’s chemical infrastructure, DHS is using RAMCAP to analyze specific chemical sites. The Environmental Protection Agency’s (EPAs) Risk Management Plan (RMP) data represent a compilation of site-specific data submitted by the chemical industry in compliance with the Clean Air Act.3 2   Of the many efforts under way or recently completed on chemical infrastructure protection, some most relevant to the present study include the following: (a) American Chemistry Council. 2002. Protecting a Nation: Homeland Defense and the Business of Chemistry. Arlington, VA; (b) O’Hanlon, M., P.R. Orszag, I.H. Daadler, I.M. Destler, D. Gunter, R.E. Litan, and J. Steinberg. 2002. Protecting the American Homeland: A Preliminary Analysis. Washington, DC: Brookings Institution Press; (c) Tucker, J.B. 2002. “Chemical Terrorism: Assessing Threats and Responses.” High Impact Terrorism: Proceedings of a Russian-American Workshop. Washington, DC: National Academy Press. 117; (d) Kleindorfer, P.R., J.C. Belke, M.R. Elliott, K. Lee, R.A. Lowe, and H.I. Feldman. 2003. “Accident epidemiology and the U.S. chemical industry: Accident history and worst-case data from RMP*Info” Risk Analysis. 23(5):865-881; (e) U.S. Department of Justice. 2000. Assessment of the Increased Risk of Terrorist or Other Criminal Activity Associated with Posting Off-Site Consequence Analysis Information on the Internet. Washington, DC: p. 13; (f) Congressional Research Service. 2003. Chemical Plant Security. RL31520. Washington, DC; (g) U.S. Department of Homeland Security. 2003. The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets. Washington, DC; (h) U.S. Department of Homeland Security. 2005. The Interim National Infrastructure Protection Plan. Washington, DC; (i) U.S. Department of Homeland Security, Office for Domestic Preparedness. 2003. Vulnerability Assessment Methodologies Report: Phase I Final Report. Washington, DC; (j) American Petroleum Institute and the National Petrochemical and Refiners Association. 2004. Security Vulnerability Assessment Methodology for the Petroleum and Petrochemical Industries. Washington, DC; (k) National Institute of Justice. 2002. A Method to Assess the Vulnerability of U.S. Chemical Facilities. Washington, DC; (l) Center for Chemical Process Safety of the American Institute of Chemical Engineers. 2002. Guidelines for Analyzing and Managing the Security Vulnerabilities of Fixed Chemical Sites. New York, NY; (m) U.S. Department of Homeland Security. 2004. Capabilities Based Planning Overview. Available at http://www.ojp.usdoj.gov/odp/docs/Capabilities_Based_Planning_Overview.pdf. 3   Because of lack of access to detailed information, the committee reviewed neither the accuracy nor the appropriateness of RMP data nor the merits of the RAMCAP methodology.

OCR for page 12
Terrorism and the Chemical Infrastructure: Protecting People and Reducing Vulnerabilities FOCUS OF THE STUDY In discussions during the early portions of the study process that resulted in this report, DHS representatives made clear that they commissioned the report to complement their own RAMCAP exercise. Where RAMCAP is focused on a site-by-site analysis, this study attempts to take a systems-level view of the chemical infrastructure and the supply chain of which it is a part. Where RAMCAP is heavily focused on analyzing security measures within the chemical industry, this study is meant primarily to guide science and technology (S&T) investments by DHS that would reduce vulnerabilities associated with the chemical infrastructure. The full statement of task for this study is provided in Appendix B. How the statement of task was interpreted in light of discussions with DHS and based on available data is explained in the discussion that follows. To clearly define the purview of this report requires the precise definitions of some words that might be used more loosely in common conversation: Vulnerability is the manifestation of the inherent states of the system (e.g., physical, technical, organizational, social, cultural) that can be exploited by an adversary to adversely affect (cause harm or damage to) that system. Intent is the desire or motivation of an adversary to attack a target and cause adverse effects. Capability is the ability and capacity to attack a target and cause adverse effects. Threat is the intent and capability to adversely affect (cause harm or damage to) the system by adversely changing its states. Risk is the result of a threat with adverse effects to a vulnerable system.4 This report is concerned with the vulnerabilities that the nation faces from its chemical infrastructure. Vulnerabilities are determined by the inherent states of a system. These vulnerabilities arise not only from character- 4   Haimes, Y.Y. 2004 Risk Modeling, Assessment, and Management, 2nd Edition. New York: John Wiley & Sons. p. 699. Definitions presented here may differ from those used in the U.S. Department of Homeland Security National Infrastructure Protection Plan.

OCR for page 12
Terrorism and the Chemical Infrastructure: Protecting People and Reducing Vulnerabilities istics of the chemical infrastructure itself, but also from characteristics of the system within which that infrastructure operates—for example, the local environment (e.g., communities, population size, natural resources) surrounding a plant, pipeline, or transportation channel; the economic dependencies between the chemical facility and other producers and users both upstream and downstream in the supply chain; and the organization and structure of local, state, and national regulatory and response capabilities. This study was not intended to address the intent and capabilities of any potential adversary, nor was information on the intent and capability of any potential adversary available for the study. Therefore, this report does not discuss threat or risk as defined above. Another way to understand the purview of this report is to consider risk assessment as an attempt to answer the following three questions: What can go wrong? What is the likelihood that it will go wrong? What are the consequences?5 This report considers questions 1 and 3, which can be discussed at least qualitatively and sometimes quantitatively based on a wide range of open-source information. Consistent with the statement of task, which refers to “terrorist attack and other catastrophic loss,” this report concerns itself with consequences that reach catastrophic levels of casualties or catastrophic damage to the national economy.6 The report does not consider question 5   (a) Kaplan, S., and J.B. Garrick. 1981. On the quantitative definition of risk. Risk Analysis 1(1):11-27; (b) National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. pp. 306-308. 6   “Catastrophic Incident—Any natural or manmade incident, including terrorism, that results in extraordinary levels of mass casualties, damage, or disruption severely affecting the population, infrastructure, environment, economy, national morale, and/or government functions. A catastrophic event could result in sustained national impacts over a prolonged period of time; almost immediately exceed private-sector authorities in the impacted area; and significantly interrupt governmental operations and emergency services to such an extent that national security could be threatened. All catastrophic incidents are Incidents of National Significance.” The Department of Homeland Security uses the following planning assumption in terms of catastrophic casualties: “A catastrophic incident results in large numbers of casualties and/or displaced persons, possibly in the tens of thousands.” Department of Homeland Security National Response Plan, December 2004.

OCR for page 12
Terrorism and the Chemical Infrastructure: Protecting People and Reducing Vulnerabilities 2, which would require intelligence information that was not available and analysis of terrorist networks and their capabilities, which was not considered part of this task. Once the three questions above have been addressed, one asks what can be done to prevent the undesired event and to mitigate, respond to, and recover from its consequences. In the language of risk modelers, the risk assessment is followed by risk management. Risk management seeks to answer a second set of questions: What can be done and what options are available? What are the trade-offs in terms of all costs, benefits, and risks? What are the impacts of current management decisions on future options?7 This report was chartered to provide DHS with guidance in making science and technology investments, especially research investments, aimed at protecting the nation from risk or hazard due to its chemical infrastructure. Because of this, the report focuses on answering the first of these three questions and provides limited comments on the other two. When discussing “science and technology investments,” this report refers to investment in research in the physical, medical, social, and engineering sciences to develop the fundamental knowledge needed to better secure the nation from vulnerabilities resulting from its chemical infrastructure; in development efforts to take basic research results and move them toward applicability; or in development efforts designed to take an application currently in use in one sector and adapt it to the needs arising from the chemical infrastructure. This report does not concern itself with technology evaluation or procurement. COMMITTEE APPROACH To address the statement of task as discussed above, an analysis of the chemical infrastructure was used to identify its potential vulnerabilities. First, categorization of all the chemicals encompassed by the chemical infrastructure and a description of the chemical supply chain were devel- 7   Kaplan, S., and J.B. Garrick. 1981, On the quantitative definition of risk. Risk Analysis 1(1):11-27.

OCR for page 12
Terrorism and the Chemical Infrastructure: Protecting People and Reducing Vulnerabilities oped. An examination of the general categories of chemicals and the chemical supply chain characteristics (Chapter 2) led to the identification of vulnerabilities (Chapter 3). A red teaming type exercise was then completed to determine ways in which the identified vulnerabilities could be exploited. All possibilities envisioned in this exercise were variations or combinations of a limited number of cases that required further examination. To demonstrate the adequacy, application, and plausibility of these cases and their potential consequences, general, illustrative scenarios were developed (Chapter 4). These scenarios utilized historical examples to illustrate the plausibility of the cases identified and their vulnerabilities, and to provide an existence proof of the possible consequences of not mitigating these vulnerabilities. Consideration of the scenarios and their consequences, and a detailed discussion of emergency management and risk mitigation (Chapter 5), led to the development of both general and specific science and technology recommendations created to guide DHS S&T initiatives (Chapter 6).