Volume 3, Issue 3 (Autumn 2019)                   ijcoe 2019, 3(3): 17-31 | Back to browse issues page

XML Print

Download citation:
BibTeX | RIS | EndNote | Medlars | ProCite | Reference Manager | RefWorks
Send citation to:

Yasseri S. A Systems Engineering Approach to Physical Security of Oil & Gas Installations. ijcoe. 2019; 3 (3) :17-31
URL: http://ijcoe.org/article-1-172-en.html
Brunel university UK
Abstract:   (1065 Views)
A fundamental challenge facing security professionals is preventing loss; be that asset, production, or third-party losses. This is not dissimilar to what safety professionals have to face. Techniques and methodologies used by the safety professionals could potentially benefit the security experts. Physical security is about taking physical measures to protect personnel and prevent unauthorized access to installations, material, and documents, which also include protection against sabotage, willful damage, and theft. The characteristics of physical security controls include measures for deterrence, detection, delay, and responses aimed at risk mitigation and enhanced operational effectiveness.
This paper outlines a systems engineering framework for implementing security goals, which are suitable for meeting the challenge of providing physical security for complex systems, which includes oil and gas facilities.  The proposed framework builds security requirements into system requirements and moves it in parallel with the system development for the entire system’s life cycle; particularly during the concept and design phases. This is a top-down process for use by a multidisciplinary team of security, operations, and industry experts to identify and prevent the system from entering into vulnerable states which could lead to losses. This framework shifts the focus of the security analysis away from threats, being the immediate cause of losses, and focuses instead on the barriers, i.e. safeguards that prevent systems from entering into vulnerable states, which would allow an unfolding event to disrupt the system leading to loses.
The need for such a method comes from the recent experience of the securing complex systems that combine a large amount of hardware, software hazardous materials, and control elements. The method takes advantage of systems engineering and encourages the use of goal-based security requirements instead of using a strict prescriptive approach that is common among security professionals.  Using this framework helps both to identify threats associated with the system, as well as weak points within the system. This framework also encourages communication between the security professional, safety engineers, and system designers. This paper draws from the existing literature as listed in the references. 
Full-Text [PDF 1103 kb]   (492 Downloads)    
Type of Study: Research | Subject: Offshore Engineering
Received: 2020/03/25 | Accepted: 2020/05/6 | ePublished: 2020/06/25

1. 1. American Petroleum Institute, (2005). Security Guidelines for the Petroleum Industry, pp58.
2. American Petroleum Institute and National Petrochemical & Refiners Association, (2018), Security Vulnerability Assessment Methodology for the Petroleum and Petrochemical Industries, pp 168.
3. Idaho National Engineering and Environmental Laboratory, (2004), A Comparison of Oil and Gas Segment Cyber Security Standards, Prepared for the U.S. Department of Homeland Security Under DOE Idaho Operations Office Contract DE-AC07-99ID13727.
4. Anderson, R.J. (2008), Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd Ed, New York, NY, USA: John Wiley & Sons.
5. Asllani, A., Lari, A. and Lari., N (2018), Strengthening information technology security through the failure modes and effects analysis approach, International Journal of Quality Innovation (2018) 4:5, pp 14. [DOI:10.1186/s40887-018-0025-1]
6. Baldwin, D.A., 1997, The concept of security, Journal Review of International Studies, 23, 5-26, British International Studies Association [DOI:10.1017/S0260210597000053]
7. Baldwin, K., J. Miller, P. Popick, and J. Goodnight (2012). The United States Department of Defence Revitalization of system security engineering through Program Protection. Proceedings of the 2012 IEEE Systems Conference, pp19-22, Vancouver, BC, Canada. [DOI:10.1109/SysCon.2012.6189463]
8. Centre for chemical process safety, 2002, Guidelines for Managing and Analysing the Security Vulnerabilities of Fixed Chemical Sites, published by American Institute of Chemical Engineers (AIChE) Centre for Chemical Process Safety (CCPS)
9. Coole, M., Corkill, J. & Woodward, A. (2012). Defence in depth, protection in depth and security in depth: a comparative analysis towards a common usage language, The Proceedings of the 5th Australian Security and Intelligence Conference, 27‐35, Perth, Western Australia.
10. Cordner, L., 2013 Offshore Oil, and Gas Safety and Security in the Asia Pacific- The Need for Regional Approaches to Managing Risks RSIS Monograph, No. 26, S. Rajaratnam School of International Studies, pp 104.
11. DAU. 2012. "Defence Acquisition Guidebook (DAG): Chapter 13 -- Program Protection" Ft. Belvoir, VA, USA: Defence Acquisition University (DAU)/U.S. Department of Defence (DoD). November 8, 2012.
12. DODI5200.44, United States Department of Defence, Protection of Mission Critical Functions to Achieve Trusted Systems and Networks, Department of Defence Instruction Number 5200.44, November 2012.
13. DHS. 2010. Build Security In. Washington, DC, USA: US Department of Homeland Security (DHS).
14. Dzida W, Freitag R (1998) Making Use of Scenarios for Validating Analysis and Design. IEEE Transactions on Software Engineering 24(12):1182-1196. [DOI:10.1109/32.738346]
15. Garcia, M. L., 2008. The Design and Evaluation of Physical Protection Systems, Second Edition, Boston: Butterworth-Heinemann. [DOI:10.1016/B978-0-08-055428-0.50009-9]
16. Federal Aviation Administration. Requirements Engineering Management Handbook DOT/FAA/AR-08/32, 2008, last accessed 23/12/2017.
17. Hauge, S. and Øien, K., 2016, Guidance for barrier management in the petroleum industry, SINTEF report A27623, SINTEF Technology and Society
18. Hollnagel, E., (2004), Barriers and Accident Prevention, Ashgate
19. International standard 2006, IEC 60812, Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA) pp95
20. IAEA, 1999. "The Physical Protection of Nuclear Materials and Nuclear Facilities" IAEAINFCIRC/225/Rev. 4 (Corrected), International Atomic Energy Agency, Vienna.
21. IAEA, 2005, Assessment of Defence in Depth for Nuclear Power Plants, Safety report series N. 46. INTERNATIONAL ATOMIC ENERGY AGENCY VIENNA, pp 130.
22. INCOSE 2015. Systems Engineering Handbook - A Guide for System Life Cycle Processes and Activities, version 4.0. Hoboken, NJ, USA: John Wiley and Sons, Inc., ISBN: 978-1-118-99940-0.
23. ISO/IEC 21827, ISO and IEC (International Organisation for Standardisation and International Electrotechnical Commission, (2008) Information technology-systems security engineering-capability maturity model.
24. ISO/IEC 15288: Systems and software engineering - System life cycle processes.
25. Königs, S.F., Beier, G., Figge, A., and Stark, R. (2012). "Traceability in Systems Engineering - Review of industrial practices, state-of-the-art technologies and new research solutions," Elsevier Advanced Engineering Informatics, 26(4), pp 924-94 [DOI:10.1016/j.aei.2012.08.002]
26. ISO/IEC 27001, (2005). Information security management, BSI Group. Retrieved 02 March 2020.
27. Kissel, R., K. Stine, M. Scholl, H. Rossman, J. Fahlsing, J. Gulick. 2008. "Security Considerations in the System Development Life Cycle," Revision 2. Gaithersburg, MD. National Institute of Standard and Technology (NIST), NIST 800-64 Revision 2:2008. [DOI:10.6028/NIST.SP.800-64r2]
28. Kiszelewska, A., and Coole, M, (2013), Physical Security Barrier Selection: A Decision Support Analysis, Proceedings of the 6th Australian Security and Intelligence Conference, Edith Cowan University, Perth, Western Australia, 2nd-4th December 2013, pp 13.
29. Merge-Safety & Security 2016, Project no.10011, Recommendations for security and safety co-engineering, release No. 3, pp 166
30. MITRE. 2012. "Systems Engineering for Mission Assurance." In Systems Engineering Guide.
31. NASA, (2007). Systems Engineering Handbook. NASA Technical Report NASA/SP-2007-6105 Rev1, ISBN 978-0-16-079747-7, Washington, DC, USA.
32. National Defence Industrial Association (NDIA) System Assurance Committee. 2008. Engineering for system assurance. Arlington, VA: NDIA.
33. NATO. 2010. Engineering for System Assurance in NATO programs. Washington, DC, USA: NATO Standardization Agency. DoD 5220.22M-NISPOM-NATO-AEP-67.
34. NIST SP 800-160. Systems Security Engineering - An Integrated Approach to Building Trustworthy Resilient Systems. National Institute of Standards and Technology, U.S. Department of Commerce, Special Publication 800-160.
35. Nityanand, K., 2015, Standards for physical security management in industry: A research paper on behalf of National police academy, Hyderabad pp240.
36. Norwegian Petroleum Safety Authority-PSA, (2013), Principles for barrier management in the petroleum industry, pp 34
37. OGP 2016, report 544 Standardization of barrier definitions, Supplement to Report 415, International Association of Oil &gas Producer
38. Plant R, Gamble R (2003) Methodologies for the Development of Knowledge-based Systems.
39. Ross, R., J.C. Oren, M. McEvilley. 2014. "Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems." Gaithersburg, MD.
40. RON Ross, R., McEvilley, M., Carrier, J., (2014), Systems Security Engineering Considerations for Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems, NIST Special Publication 800-160, Vol. 1
41. Royal Canadian Mounted Police (2004) Protection, detection and response, Physical security guide, Technical Security Branch, 1‐20
42. Schmittner C., Gruber T., Puschner P., Schoitsch E. (2014) Security Application of Failure Mode and Effect Analysis (FMEA). In: Bondavalli Snell, M.K., Jaeger, C.D., Jordan, S. E., Scharmer, C., Tanuma, K., Ochiai, K., and Iida, T. 2013. [DOI:10.1007/978-3-319-10506-2_21]
43. SANDIA Security-by-Design Handbook, REPORT SAND2013-0038, Prepared by Sandia National lab Laboratories, Albuquerque, New Mexico, USA, pp 141.
44. Sklet, S., (2006)Safety barriers: Definition, classification, and performance. Journal of Loss Prevention in the Process Industries, 2006. 19(5): p. 494-506. The [DOI:10.1016/j.jlp.2005.12.004]
45. US Department of energy, 1996 hazard and barrier analysis guidance EH-33 office of operating
46. Transportation Security Administration of the united states, 2018, Pipeline Security Guidelines, March, pp 30.
47. The US homeland security, 2003, The national strategy for The Physical Protection of Critical Infrastructures and Key Assets, pp 96.
48. Unites Nations' office of counter-terrorism and united nation security council, 2008, the protection of critical infrastructures against terrorist attacks: a compendium of good practices, pp 170.
49. Vanderhaegen, F. (2018) Human-error-based design of barriers and analysis of their uses. Cogn Tech Work 12, 133-142 (2010). [DOI:10.1007/s10111-010-0146-3]
50. Yasseri S., (2014). Physical Security for Petroleum Facilities, Journal of petroleum safety, PP 4.
51. Yasseri S. Bahai, H. and Yasseri, R., (2018). A Systems Engineering Framework for Delivering Reliable Subsea Equipment, 2018-TPC-.
52. Yasseri, S. Bahai, H, Yasseri, R, 2018, Reliability Assurance of Subsea Production Systems: A Systems Engineering Framework, International Journal of Coastal & Offshore Engineering, Vol.2, No. 1, pp 1-19. [DOI:10.29252/ijcoe.2.1.1]
53. Young, W. and Leveson, N., (2013) Systems thinking for safety and security, In Proceeding ACSAC '13 Proceedings of the 29th Annual Computer Security Applications Conference Pages 1-8 New Orleans, Louisiana, USA - December 09 - 13, 2013 ACM New York, NY, USA . [DOI:10.1145/2523649.2530277]

Add your comments about this article : Your username or Email:

Send email to the article author

© 2021 All Rights Reserved | International Journal of Coastal and Offshore Engineering