Assessing Vulnerabilities, Risks, and Consequences of Damage to Critical Infrastructure
Since the publication of 'Critical Foundations: Protecting America's Infrastructure,' there has been a keen understanding of the complexity, interdependencies, and shared responsibility required to protect the nation's most critical assets that are essential to our way of life. The original 5 sectors defined in 1997 have grown to 18 Critical Infrastructures and Key Resources (CIKR), which are discussed in the 2009 National Infrastructure Protection Plan (NIPP) and its supporting sector-specific plans. The NIPP provides the structure for a national program dedicated to enhanced protection and resiliency of the nation's infrastructure. Lawrence Livermore National Laboratory (LLNL) provides in-depth, multi-disciplinary assessments of threat, vulnerability, and consequence across all 18 sectors at scales ranging from specific facilities to infrastructures spanning multi-state regions, such as the Oil and Natural Gas (ONG) sector. Like many of the CIKR sectors, the ONG sector is comprised of production, processing, distribution, and storage of highly valuable and potentially dangerous commodities. Furthermore, there are significant interdependencies with other sectors, including transportation, communication, finance, and government. Understanding the potentially devastating consequences and collateral damage resulting from a terrorist attack or natural event is an important element of LLNL's infrastructure security programs. Our work began in the energy sector in the late 1990s and quickly expanded other critical infrastructure sectors. We have performed over 600 physical assessments with a particular emphasis on those sectors that utilize, store, or ship potentially hazardous materials and for whom cyber security is important. The success of our approach is based on building awareness of vulnerabilities and risks and working directly with industry partners to collectively advance infrastructure protection. This approach consists of three phases: The Pre-Assessment Phase brings together infrastructure owners and operators to identify critical assets and help the team create a structured information request. During this phase, we gain information about the critical assets from those who are most familiar with operations and interdependencies, making the time we spend on the ground conducting the assessment much more productive and enabling the team to make actionable recommendations. The Assessment Phase analyzes 10 areas: Threat environment, cyber architecture, cyber penetration, physical security, physical penetration, operations security, policies and procedures, interdependencies, consequence analysis, and risk characterization. Each of these individual tasks uses direct and indirect data collection, site inspections, and structured and facilitated workshops to gather data. Because of the importance of understanding the cyber threat, LLNL has built both fixed and mobile cyber penetration, wireless penetration and supporting tools that can be tailored to fit customer needs. The Post-Assessment Phase brings vulnerability and risk assessments to the customer in a format that facilitates implementation of mitigation options. Often the assessment findings and recommendations are briefed and discussed with several levels of management and, if appropriate, across jurisdictional boundaries. The end result is enhanced awareness and informed protective measures. Over the last 15 years, we have continued to refine our methodology and capture lessons learned and best practices. The resulting risk and decision framework thus takes into consideration real-world constraints, including regulatory, operational, and economic realities. In addition to 'on the ground' assessments focused on mitigating vulnerabilities, we have integrated our computational and atmospheric dispersion capability with easy-to-use geo-referenced visualization tools to support emergency planning and response operations. LLNL is home to the National Atmospheric Release Advisory Center (NARAC) and the Interagency Modeling and Atmospheric Assessment Center (IMAAC). NARAC/IMAAC has capabilities to respond to toxic industrial chemical spills, nuclear-power plant accidents, fires, chemical/biological agents, radiological/nuclear devices (RDDs, INDs), and other airborne hazards. Our web-based systems provide hazards assessments of critical infrastructure for defensive planning and can provide infrastructure operators and emergency responders with a baseline for planning and exercises. LLNL's infrastructure security web mapping services facilitate dissemination of technical information for all phases of disaster management. Examples of some of these products are shown in the Figure 1.
- Research Organization:
- Lawrence Livermore National Lab. (LLNL), Livermore, CA (United States)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- W-7405-ENG-48
- OSTI ID:
- 1030214
- Report Number(s):
- LLNL-TR-470575; TRN: US1200055
- Country of Publication:
- United States
- Language:
- English
Similar Records
Dragonstone Strategy – State of Cybersecurity in the Oil & Natural Gas Sector
Constructing a resilience index for the Enhanced Critical Infrastructure Protection Program
Related Subjects
21 SPECIFIC NUCLEAR REACTORS AND ASSOCIATED PLANTS
54 ENVIRONMENTAL SCIENCES
ACCIDENTS
ARCHITECTURE
CHEMICAL SPILLS
DISTRIBUTION
ECONOMICS
HAZARDOUS MATERIALS
IMPLEMENTATION
LAWRENCE LIVERMORE NATIONAL LABORATORY
MANAGEMENT
MITIGATION
NATURAL GAS
NUCLEAR POWER PLANTS
PLANNING
RISK ASSESSMENT
SECURITY
STORAGE
VULNERABILITY