Geoscience Reference
In-Depth Information
locks, safes, vents, intrusion sensors, motion sensors), is subject to physical vulnerabili-
ties. Electronic equipment, such as acoustic equipment, secure telephones, computers
and computer networks, and radio-frequency equipment, are subject to technical or
cyber vulnerabilities. The guard force, personnel procedures, and operational proce-
dures are subject to operational vulnerabilities.
Various characteristics of assets, including any existing protection identified in
Step 2, may affect their susceptibility to attacks and must be considered when iden-
tifying susceptibilities. Such asset characteristics include building design; equip-
ment properties; personal behavior; locations of people, equipment, and buildings;
and operational and personnel practices.
Both energy facilities and local governments should be concerned with iden-
tifying and analyzing vulnerabilities. Energy facilities should analyze the vulner-
abilities of their physical and cyber systems. Local governments should coordinate
management of the vulnerabilities of the energy infrastructure, including indi-
vidual energy facilities, that support government and community operations and
assets.
This fourth set of questions is to be used to evaluate the vulnerability of the
critical energy infrastructure assets to the potential threats and to establish qualita-
tive or quantitative vulnerability ratings for each asset.
Energy Facility and Critical Asset Vulnerabilities
−
How susceptible is each critical asset to physical attack if readily avail-
able weapons (guns, normal ammunition, vehicle, simple explosives) were
used?
−
How susceptible is each critical asset to physical attack if difficult-to-
acquire weapons (assault rifles, explosive ammunition, rocket launch-
ers, biological or chemical agents, aircraft, sophisticated explosives) were
used?
−
How susceptible is each critical asset to physical attack from insiders?
−
Are any of the critical assets unprotected? If so, describe them.
−
Are any of the critical assets minimally protected? If so, describe them.
− How susceptible is each critical asset to cyber attack?
Step 5: Assess Risk and Determine Priorities for Asset Protection
Scales for the rating criteria identified in the first four steps (asset criticality in terms
of the impact of loss or disruption, threat characteristics, and asset vulnerability)
must be developed. The concept of criteria development is presented below in the
form of a generic example. Those who conduct an actual assessment should define
rating scales that are appropriate to the specific assessment.
Using the individual rating values assigned to each combination of asset criti-
cality, threat, and vulnerability, a relative degree of risk or a risk rating can be
established for each asset for one or more postulated adverse events or consequences
