This chapter characterizes the configuration of the site, its operations, and other environmental elements by examining conditions, circumstances, and situations relative to safeguarding public health and safety and to reduce the potential for disruption of services.
The critical assessment data-collection process focuses on what assets need protection to minimize the impact of undesirable consequences. It takes into account the impacts that could substantially disrupt the enter- prise’s ability to provide safe services and to reduce risks associated with the consequences of significant terrorist events, other criminal activity, and natural disasters.
109
110 STRATEGIES FOR PROTECTING CRITICAL INFRASTRUCTURE ASSETS
The process of critical assessment and asset identification describe the work and threat environments. This chapter outlines a five-step process and its respective task interrelations. For maximum efficiency, the steps should be performed in the presented sequence:
Subtask 2A-Enterprise characterization Subtask 2B-Data analysis
Subtask 2C-Security characterization
.
Subtask 2D-Capital-improvement characterization Subtask 2E-Engineering dataThe following worksheets are suggested to assist in collecting and ana- lyzing data:
Worksheet 6- Facility characterization
Worksheet 7-Defining critical operational criteria and business val- Worksheet &-Facility ranking based on enterprise operational crite- Worksheet 9-Time criteria
Worksheet 10-Rank ordering assets
Worksheet 1 1-Asset identification and physical security character- Worksheet 12-Security characteristics-strengths and weaknesses ues
ria
istics
DATA GATHERING
The security-assessment process involves the gathering of information about facilities, assets, operations, and resources across the entire spectrum of the enterprise. During this phase of the assessment the enterprise’s staff is heavily involved, or should be involved, in sharing essential information with the security-assessment team. This provides the team with the benefit of the “corporate knowledge” of those employees who work at the site or various sites and are most familiar with the facilities, operations, programs, and protocols. Performing the security assessment without stakeholder par- ticipation loses critical insight from those people who best understand the enterprise’s mission objectives and operations. Unlike some existing secu- rity-assessment models, this approach looks at the total security pro- file of an enterprise. How else does an enterprise decide what security enhancements are necessarily cost-effective? A comprehensive security
TASK 2 4 R I T I C A L ASSESSMENT: THE SERVICE ENVIRONMENT 11 1
assessment provides management with information to make informed deci- sions regarding which security initiatives to implement based not solely on the current threat exposure of the enterprise but also on projected opera- tional needs, emerging threats, and cost.
Before real problems can be solved, they must be characterized in terms that are recognizable and accepted by the stakeholders. The key to char- acterization is the ability to identify and define enterprise normal services, identify the level of service interruption the enterprise can sustain before its survival is threatened, identify the assets important to the enterprise, and identify what “response” and “recovery” should look like under the various threat scenarios developed. Enterprise buy-in of this characterization is indispensable to the successful out- come of the security assessment.
Under this task, the security-assessment team describes and captures information, conditions, and circumstances important to the uninterrupted operations of the enterprise. This step of the data-collection process does not include passing judgment or analyzing the information with respect to vulnerability and threat assessment. The only judgments are of the rele- vance of the information with respect to the goals and objectives of the security assessment. Accurate and comprehensive documentation of observations, findings, and conclusions is critical to performing the vary- ing analyses under Task 3 [threat assessment], Task 4 [evaluating program effectiveness], and Task 5 [program analyses].
PROTECTING AMERICA’S CRITICAL INFRASTRUCTURES Homeland security is an enormous challenge-the infrastructures are a highly complex, heterogeneous, and interdependent mix of facilities, sys- tems, and functions that are vulnerable to a wide variety of threats. Their sheer numbers, pervasiveness, and interconnected nature create an almost infinite array of high-payoff targets for terrorist exploitation. Given the immense size and scope of the potential target set, we cannot assume that we can completely protect all things at all times against all conceivable threats. As protective measures are developed for one particular type of target, terrorists no doubt will shift their destructive focus to targets they consider less protected and more likely to yield desired shock effects. To be effective, the characterization of a particular site or facility must be based on a thorough understanding of these complexities as the security team works with the enterprise to build a focused plan for action.
This understanding acknowledges that assets, systems, and functions that comprise an enterprise are not uniformly “critical” in nature. The first
112 STRATEGIES FOR PROTECTING CRITICAL INFRASTRUCTURE ASSETS
security assessment objective then is to identify and ensure the protection of those assets, systems, and functions deemed most “critical” in terms of production, governance, economic and national security, health and safety, and public confidence. This calls for a comprehensive prioritized assess- ment of facilities, systems, and functions. The second major objective is to assure the protection of those facilities, systems, and functions that face a specific, imminent threat. Finally, as the assessment team continues its analysis, it must remain cognizant that criticality varies as a function of time, risk, and market change. Assessing asset criticality is not a static analysis. It is continuous and evolving in nature.
The site characterization process describes a specific facility’s contri- bution to overall business goals and impact against business loss. As a minimum, areas to be examined include:
Primary and secondary mission and services Facility characteristics
Asset and resource identification and criticality Physical geography
Environmental attributes
PRIMARY AND SECONDARY MISSIONS AND SERVICES
Describing the particular mission and services of the site channels the assessment process to focus on what products and services are offered, including identification of the general and critical customer base. Where appropriate, distinguishing between primary and secondary services iden- tifies internal and external dependencies that significantly impact the pro- duction of service capabilities of the enterprise that might require critical assessment consideration.
FACILITY CHARACTERISTICS
In performing the critical assessment the physical environment needs to be identified. The security-assessment team characterizes the facility in terms of its function and its construction as indicated.
Function
The facility population, throughput rates, hours of operation, and types of activities identify the facility’s contribution to business goals and objectives. Such data as the site plan and facility schematic layout that
TASK 2 4 R I T I C A L ASSESSMENT: THE SERVICE ENVIRONMENT 113
identifies the physical configuration of activities and/or processes are crucial to the analysis.
Construction Category and Construction Q p e
Reviewing construction codes and construction design criteria helps the security-assessment team determine the facility’s structural integrity against explosive effects, contamination, penetration delay times, and deterrence. Whether the facility is a permanent, semipermanent, tempo- rary, shared with other facilities, or a new, altered, annexed, or converted structure helps to determine vulnerability. This analysis is particularly important in retrofit applications. The effectiveness of alternative solu- tions and cost-benefit analysis are of critical importance to enterprise executive management. More costly construction and installation options are often rejected in favor of enhanced procedural controls or increased security staffing. Alternatively, the continuing cost of manpower can be offset through a balanced mix of protective measures that include physical and electronic measures, protocols, and security awareness.
ASSET AND RESOURCE IDENTIFICATION AND CRITICALITY The criticality of an asset is four-dimensional:
The first dimension is the importance of the asset to the enterprise, its customer base, and the community.
F What is its mission?
b Is its production capacity indispensable to the enterprise?
b What is the ease or difficulty surrounding its return to service or replacement if damaged or destroyed?
The second dimension is the asset’s vulnerability:
b Is it a primary or secondary asset?
b Does it have a redundant or backup capability?
b Is it centrally located, dispersed, or remote and isolated?
The third dimension is adversary attractiveness:
b What is the adversary’s perception of asset value?
b How does damaging or destroying the asset fit into the overall Is it a soft or hardened target?
scheme of terrorism’s objectives?
114 STRATEGIES FOR PROTECTING CRITICAL INFRASTRUCTURE ASSETS
The fourth dimension is public reaction to endangering public safety and affecting community services:
F Will public confidence in the enterprise be tainted, seriously dam-
F How will the stock market and financial sectors respond to the aged, or lost altogether?
asset’s loss and the enterprise’s liability and reliability?
Assets include resources, facilities, equipment, material, and information of particular value to warrant some degree of protec- tion. Resources are people. Assets may be either tangible or intangi- ble. Examples of tangible assets include buildings, structures, land, equipment, material, and vehicles. Intangible assets include policies, protocols, and information in any form.
Asset value is based on many factors, including their relative impor- tance to the enterprise’s mission and fbnction and the ease or difficulty with which they may be replaced. More direct means of measuring value include determining monetary costs, such as the potential publicity asso- ciated with the assets if compromised. Physical and cyber assets requiring characterization and documentation should include:
Critical above-ground infrastructure, configuration, and boundaries Critical below-ground infrastructure, configuration and boundaries Supervisory control and data-acquisition [SCADA] systems Security networks and other management-information systems Assets, operations, processes, and protocols of importance to the Magnitude and duration of service disruption
Chronic problems arising from any man-made and natural events Value of loss consequence including economic impact
Impact on public and customer confidence to deliver services Other indications of impact consequences
enterprise
Assets requiring protection should be identified as specifically as pos- sible. Isolating assets within a facility or area will reduce the scope of pro- tection required. If an entire facility or area requires protection, however, the scope of protection and its associated cost will be higher than that for an asset contained within a defined location. To the extent possible, assets should also be identified as primary or secondary.
TASK 2-CRITICAL ASSESSMENT: THE SERVICE ENVIRONMENT 115
Primary assets are potentially attractive targets for adversaries. They have a unique value to both the enterprise and an adversary because of
Visibility and prestige to the enterprise and the public
Public perception of importance to the community and the enterprise Effect of compromise or loss on public safety
Public confidence in the enterprise to provide a safe and secure work Business impact on enterprise’s capability to sustain loss and con- Effects of publicity and media attention
Impact of monetary loss to the enterprise, local community, and stock Direct applicability of the asset to past, present, and future adversary environment
tinue operations
market goals
Secondary assets are those upon which the primary asset depends but which may not be directly related to it. For example, if a computer center is identified as a primary asset, the electrical-distribution system could qualify as a secondary asset. Destroying the electrical system could compromise the operation of the computer center as well as other assets relying on the same electrical system. Either the electrical system should be protected, or the computer system’s protective features should compen- sate for the potential loss of the primary electrical system. A protective measure for a computer system could be a combination of any or all meas- ures such as an uninterruptible power supply, emergency generator, or redundant computer-system operations.
Where a primary asset is supported by one or more secondary assets, the compromise of these secondary assets may significantly impact the compromise of the primary asset. The security-assessment team recog- nizes any primary-secondary asset relationships and ensures that the secondary assets are provided the necessary degree of protection. The value of a secondary asset is established by examining its importance to the mission of the primary asset. A secondary asset should not be con- sidered more valuable or call for greater security than the primary asset it supports. When mission objectives, circumstances, and conditions warrant, providing secondary assets equal protection to the primary asset is generally justifiable.
116 STRATEGIES FOR PROTECTING CRITICAL INFRASTRUCTURE ASSETS
Primary-Asset Considerations
In considering primary assets the security-assessment team takes into account the mission of the facility and the overall enterprise mission, tangi- ble and intangible value, regulatory requirements, and enterprise directives.
Secondary-Asset Considerations
In considering secondary assets the security-assessment team looks at the operation of a primary asset that may require a secondary asset, such as utilities for continuous operations and other related support functions.
Criticality of Assets
Assets can be critical or noncritical. Noncritical assets are those whose loss, damage, or destruction has no significant effect on the enterprise, whose risk exposure is acceptable, and whose support requires only mini- mal protective measures. In this category are consumable products, office equipment, and furniture. Critical assets, on the other hand, have a signif- icant effect on the enterprise if damaged or destroyed or if a particular process is significantly disrupted. In this category are assets that directly contribute to the production capability of delivered products and services.
These include raw materials, manufacturing equipment, spare parts, energy and transportation systems, banking institutions, telecommunica- tion and public-health services, and time-sensitive and time-dependent functions and processes. The criticality of an asset therefore refers to its importance to the enterprise mission. If facility or asset A has a greater value than facility or asset B, it stands to reason that protective measures for A should be greater than those for B. Criticality is a factor in establish- ing the level of protection the asset warrants to support critical business operations. It is important to identify critical assets for protection, but it is equally important to eliminate noncritical assets from consideration.
Protective measures are expensive. Providing special protective measures for noncritical assets wastes funds that are already scarce. To stress a pre- vious point made, in determining asset criticality, the security-assessment team must consider the asset’s mission and whether or not its function is redundant; the enterprise’s and adversary’s perception of value; and the ease or difficulty with which an asset can be replaced or returned to serv- ice. An asset may be replaced by new construction, the modification of existing assets, or by an available alternative asset. Costs and the logistics of reconstruction or relocation and loss of revenues if the asset is lost are major factors of consideration.
TASK S A R I T I C A L ASSESSMENT: THE SERVICE ENVIRONMENT 117
PHYSICAL GEOGRAPHY AND ENVIRONMENTAL ATTRIBUTES
In a comprehensive security assessment the environment is viewed in a larger context than that surrounding a facility and asset. For instance geographic and environmental conditions influence facility siting and selection for new construction, and security equipment and technology are sensitive to weather and soil conditions, and geographic conditions indicate direction and modes of attack and which natural features can be used to the advantage of the security organization. Landscaping and site features influence location layout, equipment selection, and lines of pro- tection. Landscaping features also impede or delay access and obscure or provide cover for aggressors or bombs.
Physical Geography
Identifying the physical geography not only complements the description of the facility’s physical environment; it surfaces potential limitations and constraints that may impact on the results of the security assessment.
These considerations include but are not limited to the following:
Environmental boundaries such as terrain and major natural features Proximity of adjoining boundaries and land usage
Facility legal boundaries, jurisdictional issues, and access routes Proximity of adjoining facilities, easements, and urban areas
Nearby highways and commercial transportation routes [air, sea, Political boundaries subject to federal, state, and local jurisdiction truck, and rail]
that provide law-enforcement and emergency-response services Environmental Attributes and Physical Configuration
The presence of environmental attributes such as seismic activity [man- made, mechanical, or natural], radio-frequency and electromagnetic inter- ference, and weather conditions contributes to subsequent potential con- siderations for the selection and siting of electronic security equipment.
The physical configurations of barriers; lighting; heating, ventilating, and air-conditioning equipment; and other internal stimuli are also factors.
Failure to identify and evaluate these and related factors may negate the validity of technology recommendations.
118 STRATEGIES FOR PROTECTMG CRITICAL INFRASTRUCTURE ASSETS
DOCUMENTING THE SITE CHARACTERIZATION PROCESS Documenting the site-characterization process is critical to the data-collec- tion effort: Because each site is unique in its security needs and vulnerabil- ities, documenting observations and findings is indispensable to establish- ing insight into the security needs specific to a particular location as well as into how those needs relate to the overall security plans of the enterprise.
Capturing site conditions and circumstances can be accomplished using a series of scenario worksheets designed to systematically describe the busi- ness environment. By default, the security-assessment team is also able to define the threat environment during the data collection effort.
Documenting Facility Characterization
Worksheet 6 offers a comprehensive approach to documenting site charac- teristics and service capabilities in a user-friendly format. A completed sample of this worksheet is provided for illustrative purposes.
The information captured is usefbl to the security-assessment team in determining the vulnerabilities and target attractiveness of the facilities, their assets, and resources.
Documenting Critical Operational Criteria and Business Values Worksheet 7 is an effective management tool for documenting the rank order of critical business values. It helps the security-assessment team determine which business considerations are most important to business- competitive advantages. For illustrative purposes Worksheet 7 identifies six business-performance measurement factors: capacity, geographical extent, physical layout, critical customers, and quality. Each criterion is defined in the illustration. Enterprises are encouraged to develop criteria of importance to their own business culture or accept the proposed values.
The security-assessment team should work with the enterprise to refine these criteria as necessary.
In the above scenario, a peer-wise standard is used to measure the operational performance criteria based on the established definition of such criteria. A numeric rating is then applied to determine the value sum. The challenge in determining the importance of operational per- formance is making the clear and distinct definition of their purpose and value to business operations. In the above scenario, the physical layout of the plant and its ability to serve critical customers are more important criteria than the others. The establishment of these priorities is helpful to
TASK 2-CRITICAL ASSESSMENT: THE SERVICE ENVIRONMENT 119
Site Description:
Facility encompasses 15 acres, located in a commercial/residential area. It supports 85 operational loca- tions. The surrounding terrain is very flat, sloping gently to the southwest. Adjacent land uses include industrial trucking and storage complexes and a salvage yard.
Population: 175 employees; 10 to 15 daily deliveries; 20 visitors
Population Throughputs M T W T F S S
2nd Shift 275 275 275 275 275 59 59
3rd Shift 159 159 159 159 159 24 24
1 st Shift 12 12 12 12 12 12 12
Key Services:
General Customer Base: [Self-explanatory]
Critical Customer Base: [Self-explanatory]
Facility Perimeter Boundary Configuration and Construction Type:
The facility is encircled by a 10-foot concrete wall topped with rolled razor concertina wire. Four entry points are secured by vehicle gates, including a Main Entrance, which is manned by a security officer 24/7.
Key Buildings:
Administration Building: The Administration Building is a two-story masonry structure that houses offices, a conference room, and a large auditorium. Major functions include a procurement division, quality assur- ance inspection office, and an auditing function. Several tenant organizations also occupy this facility. No formal access controls are employed to enter the building.
Warehouse: The Warehouse is a three-story steel-frame structure with metal siding. It is used for the storage and inspection of incoming materials and houses offices and training classrooms. Several tenant organizations also occupy this facility. During disasters or terrorist attacks, a designated area of this facil- ity is used as a corporate crisis management center. No formal access controls are employed to enter the Warehouse complex.
Equipment lay-down Area: Equipment is stored in an open area for rapid deployment as required.
Except for area lighting no other security is provided in this area.
Fuel Station: The Fuel Station has diesel and unleaded gasoline pumps to support 75 vehicles assigned to the facility and to support fueling operations for company transit vehicles. Pump access is granted by an assigned gas card. No other security is provided.
Vehicle Maintenance Area: The Vehicle Maintenance Area performs necessary inspections and repairs of assigned vehicles, including company transit vehicles allocated use of this facility. The maintenance supervisor maintains a duplicate set of vehicle keys.
Vehicle Fleet Parking Area: 75 company light and heavy duty vehicles are parked in this area. Except for area lighting, no other security is provided in this area. Vehicle keys are controlled and issued by various supervisors.
EmployeeNisitor Parking Areas: An adjacent area is used for employee and visitor parking. Except for area lighting no other security is provided in this area.
Site Emergency Generator: One generator is used to support all facility operations. Generator is tested on a quarterly basis.
HAZMAT Storage Areas: Two HAZMAT Storage Areas exist on the property. One is located in a secure area within the Vehicle Maintenance Area. The second storage area is located in an open area adjacent to the site emergency generator. Key to the HAZMAT storage containers are controlled by various supervisors.
Site Safety Characteristics and Facility Safety Features: Each HAZMAT container has a sump provid- ing containment. Administration, Warehouse, and Vehicle Maintenance Areas have fire sprinkler systems, fire hoses, and fire extinguishers as appropriate to industry standards. The Fuel Station tanks are under- ground, double-walled, and have leak detection devices. There is a drum of absorbent at the Fuel Station that can be used to control spills.
Exhibit 6.1 Example of Worksheet 6-Facility Characterization