Analysis of physical and cyber security-related events in the chemical and process industry

Abstract

Security threats are becoming an increasing concern for chemical sites and related infrastructures where relevant quantities of hazardous materials are processed, stored or transported. In the present study, security related events that affected chemical and process sites, and related infrastructures, were investigated. The aim of the study is to frame a clear picture of the threats affecting the chemical and process industry, and to issue lessons learnt from past events. A database of 300 security-related accidents was developed and populated, starting from European and American sources. Threat categories that caused such events were identified and analyzed. The attack modes were investigated. Important differences were found with respect to geographical areas and industrial sectors affected. The use of explosives (both military and improvised explosive devices) is by far the more frequent attack mode, although armed attacks and arson are also frequent events and may result in an in-depth penetration of the attackers. In recent years, cyber-attacks are also posing important threats. Lessons learnt call for the implementation of a specific security management system in the chemical and process industry, aiming at the physical and cyber protection of industrial sites.