Geoscience Reference
In-Depth Information
−
What is the history of the reported malfunctions of the various compo-
nents of the physical security system?
−
What is the correlation of the effectiveness of the various components of
the physical security system to security incident reports that may indicate
that the system was defeated?
− Have liaisons and working relationships been established with the local
government and its departments, such as police, fire, emergency medical
services, and public works?
Energy Facility and Critical Asset Protection (Infrastructure Interdependencies)
−
Which infrastructures (both internal and external) are essential for a spe-
cific critical asset to be able to carry out its critical functions?
−
What external utility or internal department and equipment is the nor-
mal provider of each essential infrastructure for each critical asset, and
how is each infrastructure connected to each asset (e.g., the types and
pathways of power lines, pipelines, and cables)?
−
What alternatives (e.g., redundant systems, alternative suppliers, backup
systems established work-around plans) are available if the regular pro-
viders of the essential infrastructures are disrupted, and how long can the
alternatives support the critical functions of the assets?
− What is the potential for interdependency effects on external infrastruc-
tures (i.e., effects on the energy, telecommunications, transportation,
water and wastewater, banking and finance, emergency services, and gov-
ernment services infrastructures)?
Energy Facility and Critical Asset Protection (Sensitive Information)
−
What types of information about the energy facility, its assets, and its
operations should be considered critical or sensitive information?
−
What are the methods and means by which sensitive information might
fall in the wrong hands, such as via disgruntled employees; access to the
facility by the public; outside construction, repair, and maintenance con-
tractors; press contacts; briefings and presentations; public testimony;
Internet information; paper and material waste; telecommunications sys-
tem taps; and cyber (computer) intrusions?
− What are the existing policies and procedures used to protect sensitive
information, such as employee background checks, disciplinary proce-
dures, security training, trash handling procedures, paper waste handling
procedures, salvage material handling procedures, dumpster control, tele-
phone policies, and IT (computer) security?
Once energy facilities have identified their existing physical protective mea-
sures, they should coordinate with their respective local governments and law
enforcement agencies to ensure that the level of protection and response that they
