Risk Assessment for Gas Reception Facility
The UK’s gas supplies are largely gathered from offshore fields. The subsea pipelines are received at coastal Gas Reception Facilities where the gas is conditioned and compressed for transmission to the national gas supply network.
Since gas supplies are essential to the UK for business and homes, these facilities represent critical national infrastructure (CNI). As such they need to be protected from a range of potential threats including accidental and malicious. Malicious threats include the actions of persons and these may be external aggressors or employees/visitors, known as insiders.
MMI was appointed by the operator of one such facility to carry out a personnel risk assessment, to identify the key risks from the actions of insiders or external aggressors. The MMI scope of work specifically excluded consideration of explosive threats as this had been dealt with separately.
Our Approach
MMI agreed with the client to subdivide the large process plant and occupied buildings into several distinct plant areas. For each area the key processes and critical equipment were identified so that the relative importance of each was established.
MMI then set out the range of threats which could be deployed by external aggressors and insiders with plant knowledge and access. These included unauthorised entry, physical damage to plant (sabotage), use of on-site vehicles to inflict damage, IT-based attacks to cause plant malfunction, and so on. For each plant area each threat was considered and a qualitative rating applied to describe its likelihood and consequence. The likelihood was based on the perpetrator type and the difficulty of the carrying out the identified acts while the consequence was a measure of the resulting plant down-time.
Typical Risk Matrix
To assist in confirming the possible threats, vulnerabilities and ease of carrying out damaging acts, MMI undertook plant walkdowns to inspect the physical construction, condition and security and also to understand the plant’s IT system and access controls. Security measures included perimeter fences and gates, function of the gatehouse, CCTV and IDS both around the perimeter and to areas within the site.
Results
This process resulted in a large number of risks, whose scores were individually obtained by combining the threat likelihood and consequence. These risks were plotted on a risk matrix so that the highest risks could be identified. These were presented to and discussed with the operator and recommendations for improvement were put forward. This process included liaison with the local police service whose actions back up the site security.
For more information surrounding our bomb blast engineering capabilities and work within the Security Sector, please contact us on 01925 230 655 (Warrington) or email us.