Security System Design

Convergence and Integration

Risk Management
Disaster Recovery
Business Continuity

Welcome! ‫!أهالوسهال‬
 INTRODUTION - Objectives
‫ ا ألهداف‬- ‫مقدمة‬

During this presentation we will be considering

various aspects of security system design within
the oil and gas industry, with a notable
approach towards adopting a cohesive and
holistic approach toward integration and
convergence.
 Important Points for Reflection
• There is no such thing as zero risk
• There is no such thing as 100% security
• Always expect the unexpected
• For every rule there is an exception
• Knowledge is the key to success
• Training is the key to performance
• Complacency is the enemy of situational awareness (SA)
• Security and safety concerns everyone
• Security design must respect security policy
 Who are the Principle Actors?
• The state
• The Military
• The police
• Industry
• Security
• How are these different actors related. How
can they coordinate?
What is Security Design?
• Security design is the logical end product of security
management.
• Blends system organization with policy decisions and
facilitates implementation
• It is the HOW & the WHO in the equation “What do we
need to do, WHO needs to do it & HOW can it best be
accomplished?
• Proper security design relies upon good risk
management and threat analysis procedures
• What are your views?
 Risk Management
• Risk management is balancing standing and
possible threats against standing and possible
security assets
• Risk management is an integral part of
security design
• The Risk Management cycle: Identify,
Evaluate, Treat & Monitor
• The risk management cycle (see handouts)
 Old challenges – New Threats
• The task of oil and gas exploration has always
faced challenges.
• Challenges of the past were largely
environmental or technical
• Today, new threats have compounded the old
challenges
• Terrorism, piracy, employee, industrial &
competitor sabotage and theft are among a few
of the newest threats
 Intelligence
• HUMINT, OSINT, SIGINT, MASINT, IMINT
GEOINT...
• Remaining one step ahead of the threat
• Obtaining actionable intelligence
• Community relations
• Monitoring social media
• Personnel surveillance and background checks
• Returning jihadists
 Intelligence: sources
• There are many sources of intelligence available
today, many of them readily available (OSINT) open
source intelligence
• Community relations
• Industrial contacts
• Social Media
• Diplomatic contacts
• Official government sources
• Detainee questioning
The IT Security Management Cycle

Source: http://www.intetics.com/wp-content/uploads/securityman.png
 Differences between IT
and automated systems
Without getting too much into technical details
it is important to know the differences between
IT and automation.
• Automated systems are real-time IT are not
• Industrial Control Systems (ICS) are hybrid
systems: partially standardized, partially
developed privately.
• Anti-virus software does not function in an
automated system
 IT and ICS Protection
• This is a vast and complex field and deserves a course
of its own. We shall touch the basics here.
• Theft of data and proprietary information using
personal devices such as CDs, SD cards & thumb
drives.
• Theft or damage can be intentional or come from
system breaches. In relation to the internet and IT
breaches can also result from irresponsible user
behavior such as social media practices, clicking on
links, visiting unauthorized sites.
 IT and ICS Protection : 2
• “Prevention is the Holy Grail of cybersecurity, but in
many ways it is unreachable. So instead we try to
deter employees from making bad decisions by first
letting them know we're watching them and that
they're likely to be caught. That's the detection part.
We then let them know their employer cares if
they're having a rough time and has programs in
place to assist them. That's the mitigation part.”
(Stick and carrot politics).
• Deanna Caputo US MITRE program
Source:
http://www.mitre.org/publications/project-stories/the-human-factor-u
sing-behavioral-science-to-counter-insider-threats
 IT and ICS Protection: 3
• The part of security design dealing with IT, Internet
and ICS systems and their interface will most often
be the domain of the ITO or CTO Information/Chief
Technology Officer.
• Technology security is one half of the security
equation, with physical security making up the
other half.
• “A carefully constructed and strategically designed
‘Defense in Depth’ model is the only viable answer.”
Source: Eric Byres, Chief Technology Officer, Belden’s Tofino Security
http://www.pipelineandgasjournal.com/defense-depth-
reliable-security-thwart-cyber-attacks
 IT and ICS Protection: 4
• “Information-security experts indicate they've
been warning their companies for years that
the greatest threat to organizational databases
isn't an attack from outside hackers. Rather,
it's often disgruntled or simply dishonest
employees...Providing employees with a third-
party reporting mechanism that's confidential
and impartial is one approach being used by
companies to head off internal sabotage.”
Source: Laabs, Jennifer. 1999. "Employee Sabotage: Don't Be a Target!
(Cover story)." Workforce (10928332) 78, no. 7: 32. Academic Search
Premier, EBSCOhost (accessed December 18, 2014).
 SCADA – A Beast Apart
“ SCADA (Supervisory Control and Data Acquisition)
refers to industrial control systems at the core of many
systems deployed by industries ...  SCADA systems are
used to gather, monitor, and analyze critical data which is
usually managed by a centralized control center. These
systems are complex because they include a myriad of
hardware and software components using
differing communication protocols and require a number
of outside vendors and specialists to integrate the
technologies and are thus very expensive to deploy and
maintain.”

Source: http://petrocloud.com/oilfield-monitoring/
oil-and-gas-scada-system/
 SCADA – A Beast Apart: 2
• Remote sites require special hazard rated equipment
• Prohibitive costs
• Only largest oil & gas companies own these
• Expensive hardware/software contracts & seat
licenses
• A 3 part framework:
-SCADA application and server(s);
-DMS applications and server(s);
-Trouble management applications and server(s)
 How to Cope with Insider Threats
• Background checks and discreet surveillance can help
control this threat.
• Surveillance of social media activity can reveal valuable
insights
• Site access control
• Surveillance recording
• Training & employee awareness
• Access based on need to know authorizations
• Reporting mechanisms combined with recognizing
employee fidelity
 Insider Threats –Behavior Analysis
• Behavioral analysis and surveillance can also assist
in reducing the risk of internal threats. Some
unusual behavior patterns to be aware of are:
• personnel frequently visiting in areas they are not
assigned to
• unnatural interest in unrelated areas or information
• remaining longer then the end of working shift
• attempting to gain access to plant schematics,
blueprints or layouts
 Insider Threats – Behavior analysis :2
• A marked increase in personal telephone
communication, particularly if in restricted,
sensitive or unassigned areas. (colored or coded
passes can eliminate this or make it more obvious)
• entry and exit points left open and or access keys
missing (tighter control of keys and codes a must)
• using cellphones or cameras to photograph
sectors of installation.
• handmade drawings, map or sketched plans.
 Insider Threats – Behavior analysis: 3

• According to a study undertaken by the US

Secret Service and Carnegie Mellon’s Software
Engineering Institute Computer Emergency
Response (CERT), those employees who pose
the greatest risk should be rather easy to place
in a risk pool and thus detect.
• They collected a number of typical signals as
well as some of the security flaws which are
listed as follows:
 Insider Threats – Behavior analysis: 4
• Often turned up for work late
• Were highly argumentative with co-workers
• Poor performance standards
• 86% had technical posts
• 90% had administrator rights or privileged system
access
• 41% were still on the job when committing sabotage
• Most committed by insiders following termination
• Most crimes> VPNs and non terminated passwords
To learn more: www.cert.org/archive/pdf/merit.pdf.
 Personnel Protection
• Skilled and trained personnel are a valuable asset
and their safety must not be underestimated
• They can find themselves the direct or indirect
targets of a sabotage attack and appropriate safety
and protective measures must be undertaken to
enhance their security, both at home and at work.
• Corporate officials, foreign advisors and technicians
and key personal may find themselves the object of
kidnapping attempts
• Personnel may be blackmailed into surreptitious
sabotage.
 Personnel Protection: 2
• Brainstorming exercise!
• What are some possibilities you can think of for
enhanced security and personnel safety?
• Consider: transport to and from work, site and
information access, hotels and taxis, danger to
families, alarms, signals (code words), prioritization
(position vs risk), bullet proofing, safe rooms.
• Consider the possible dangers and the possible
countermeasures
 Structural Defense Options
• We need to consider four fixed components
involved in upstream to downstream production.
• Each has different individual requirements
• These include: The refinery, Offshore platforms &
artificial islands, pipelines, and storage facilities.
• Protection of personnel, assets and products
• Reduced access = enhanced security & reduced
threat!
 Infrastructure Protection
Passive Measures
• Onshore/offshore
• surveillance and perimeter protection
• Parking
• Pipeline protection
• Acoustic (DAS) & Visual surveillance
• Incident recording
• Intrusion detection: alarms
• Structural defense: small arms, gases, fire and
explosion
 Infrastructure Protection
Onshore
• Access Control: single access control?
• Roving patrols : changing routines
• Stationary guards: approach and question
loiterers
• Active surveillance
• Stand off counter measures and acoustic warning
• Military level training
 Security Design – Hard Structures
• Given the rise of insecurity in global industry and
politics in the face of new deadly threats such as
terrorism and piracy it behooves companies to face
this threat and implement adequate security
measures to protect their assets, production and their
personnel.
• This entails caution in site selection & construction,
structural design, security & perimeter design, as well
as retrofitting existing structures, testing, updating
and retrofitting enhancements where necessary.
 Offshore –Special Considerations
• Distance from security centers is the most
obvious concern here.
• It is therefore imperative that onsite security
and response be enhanced as much as possible.
This applies to all aspects, safety, IT security and
physical security.
• These safety concerns apply equally to offshore
facilities and transport tankers both which cam
become the targets of international piracy
 Offshore – Special Considerations: 2
• Many companies have been loathe to arm their
crews or even create a protective section. This is both
shortsighted and dangerous and needs to change.
• This can in part be explained by political pressures,
shareholder enforced company policies and the risk
of insider threats due to frequent crew turnover.
• Barring arming personnel & enhancing defenses then
a greater maritime protective force would have to
close the breech. However a well trained armed and
effective security force would be a boon to offshore
security
 Offshore – Special Considerations: 3
Brad Barker of Halo consultancy poses the logical
question:
“Why do you have to get punched in the face a few
times before you learn how to block?”
As Chris Lo significantly reminds us:
“the tragic outcome of the recent hostage situation at
an onshore oil and gas facility in Algeria highlights the
strategic priority that militants assign to vital energy
infrastructure such as oil rigs, platforms and tankers.”
Source: Lo, C. (2013). Offshore security training: shaking up the status quo.
Offshore technology.com, np. Retrieved from
http://www.offshore-technology.com/features/featureoffshore-security-training-
halo-military-techniques/
 Offshore – Special Considerations: 3

• One possibility? U.S. Naval Base - Bahrain Pier

LRAD-RX is being used by the U.S. Navy for
perimeter security and enforcement of
exclusion zones. It has also been used for
maritime hailing and long range
communications, ward off birds on both
manned and unmanned sites.

Source: http://www.lradx.com/site/content/view/294/110
 Offshore – Special Considerations: 3

• The Convention of the Law of the Sea (LOSC) and the

International Maritime Organization (IMO) Are more
concerned with effective navigation and environmental
safety that industrial concerns and threats to security
• In light of these restrictive policies it behooves oil and
gas producers and responsible states to increase
vigilance and enact appropriate security measures
particularly in regards to their off shore facilities (SPMs,
FPOSs, FOSs, offshore loading facilities, terminals and
artificial islands
Offshore – Special Considerations:4
• Consider for a moment the restrictions preventing
routing of shipping and the establishment of zones
of exclusion over 500m.
• What possible alternatives can you think of to
compensate for such shortsighted policy security
decisions? Bullet proof shields, safe rooms...
• Ingress/egress and perimeter defense?
• What about underwater? Torpedoes, scuba etc...
Offshore – Special Considerations:5
• Compensating from within:
• Increased and more effective protective measures to the
individual structures
• Enhanced communications
• Better coordinated and reduced response time
• Protective enclosures for personnel
• Reinforced ingress egress
• Enhanced employee surveillance
• Warning buoys and signs
• Military training for security personnel
 Onshore versus Offshore
• Two different environments with both similar
and distinctly different requirements
• Space constraints and possibilities for effective
intervention are primary concerns
• Offshore security is complicated due to the
factor of relative isolation.
 Transportation
• Ever important yet often overlooked
• Security and control of loading & transport
data
 Public & Media Relations

• Establishing solid contacts and relations

• Showing the positive face of the police
• Ensuring the rule of law an good governance
• The media can serve as an instrument to warn off
would be attackers and enhance the image and
professionalism of the security systems in place.
 Looking to the future

• New technological advances will greatly aid

and assist the security management and
design process in the future.
• Robotics and both lethal & non lethal
technologies will represent a significant
contribution in surveillance and security

*US Navy Laser gun

 Looking to the future: 2

• Threats, both internal and external will also

continue to develop and adapt to such new
advances
• Security system design needs to not only take
into account new advances and developments
in technology and policy but be able to retrofit,
adapt and convert preexisting infrastructure to
meet these new challenges.
 Take Away – Security System Design
• System security design must take into account
multiple systematic factors among these are:
• Employee protection
• The insider threat
• ICS – IT and internet infrastructure protection: In
depth defense!!
• Structural security: Terminals FSPOs, FSOs, SPMs,
pipelines, refineries, production, storage and
transport assets...etc.
Proposed LNG offshore super tanker
 Take Away – Security System Design: 2
• Implementation and respect of the security policy
• Assuring regular assessments and adaptation
• Evaluation of the threat assessment formula and
prioritization of asset attribution
• Interagency coordination
• Incorporation of security best practices and
technology
• Cross training and education is essential: for
example interaction between IT & Physical security
 Take Away – Security System Design: 3

• Cost effective security is also possible. It I not

imperative to resort merely to expensive and
sometimes superfluous gadgetry and software
when effective alternatives can be provided.
• A security system is only as effective as those
operating it. Clearly defining the security
requirements and effective operation and
compliance are the heart of any system design.
 Take Away – Security System Design: 4
• Some cost effective measures to be
considered in security design:
• Interagency intelligence
• Altering guard and patrol schedules
• Use of dummy cameras and alarms in non vital
areas.
• Use of UAV surveillance
• Community relations programs
• Strategic lighting and Acoustic
warnings/alarms/defense
 Take Away – Security System Design: 5
• Clearly posted signs and warnings
• Strictly controlled access and authorizations both
physical and cyber.
• Employee background checks & monitoring social
media
• If you see it report it - combined with employee
incentives
• Company security news letter
• Events aimed at enhancing employee fidelity
• In depth IT defense – encryption,
• firewalls, monitoring...
 Additional References
• Arthur Hulnick. (2008). OSINT: Is It Really Intelligence. Boston:
Boston University.
• Attack on Oslo & Utoya Island, Norway, July 2011. (2012, June
3). Retrieved January 16, 2014
• Byres, E. J. (2009, February). Cyber security and the pipeline
control system. Pipeline and Gas Journal, 236(2).
• Champion, B. (2008). Spies (Look) Like Us: The Early Use of
Business and Civilian Covers in Covert Operations.
International Journal of Intelligence and Counterintelligence,
21, 530-564. doi:10.1080/08850600701651268
• Darjany, M. (2013). Robots That Kill: the United Nations and
the Rules for Autonomous Warriors. Libery Voice. Retrieved
from http://guardianlv.com/2013/12/robots-that-kill-the-
united-nations-and-the-rules-for-autonomous-warriors/
#Ek19m5d7kIugsS4s.99
 Additional References: 2
• Dupont, A. (2003). Intelligence for the Twenty-First
Century. Intelligence and National Security, 18(4), 15-
39. doi:10.1080/02684520310001688862
• Fielding, A. (2012). Pipeline Security: New technology
for today's demanding environment. Pipeline and
Gas journal, 239(5).
• Richelson, J. T. (2012). The US Intelligence
Community. Boulder: Westview Press.
• Laabs, Jennifer. 1999. "Employee Sabotage: Don't Be
a Target! (Cover story)." Workforce (10928332) 78,
no. 7: 32. Academic Search Premier,
• EBSCOhost (accessed December 18, 2014).
 Additional References: 3
• Mabro, Robert. 2008. "On the security of oil
supplies, oil weapons, oil nationalism and all
that." OPEC Energy Review 32, no. 1: 1-12.
Academic Search Premier, EBSCOhost (accessed
December 18, 2014).
• Dawn Cappelli, A. G. (2008). Management and
Education of the Risk of Insider Threat (MERIT):
System Dynamics Modeling of Computer System.
Pittsburgh: Software Engineering Institute.
 Key Terms and Definitions
• SA – Situational Awareness
• SCADA – Supervisory Control and Data Acquisition
• DMS – Distribution management system
• FSO - Floating storage and offloading unit
• FSPO – Floating storage, production and offloading unit
• SPM- Single point mooring facilities
• SBM – Single buoy mooring (loading & offloading)
• IMO – International Maritime Organization
• LOSC – Convention on the Law of the Sea (1982)
• Sandboxing – testing software out of the
• central system in a controlled environment
• VPN – Virtual Private Networks