Integrated Management of Safety and Security Synergies in Seveso plants (SAF€RA 4STER): Final Report

Marja Ylönen, Minna Nissilä, Jouko Heikkilä, Nadezhda Gotcheva, Alessandro Tugnoli, Matteo Iaiani, Valerio Cozzani, Gabriele Oliva, Roberto Setola, Giacomo Assenza, Dolf van der Beek, Wouter Steijn, Heather Young, Maaike Roelofs

    Research output: Book/ReportReport

    Abstract

    This is the final report summarises the main results of the research project on Integrated Management of Safety and Security Synergies in Seveso plants (SAF€RA 4STER). The objectives of the research project were the following: 1) To gain insights into synergies and tensions related to the management of safety and security in Seveso plants. 2) To find a solution to the challenge of managing safety and security in a coordinated manner. 3) To provide guidelines for managing safety and security in an integrated way in Seveso plants. 4) To provide tools for the identification of security scenarios triggered by malicious human intentions.

    The research data included literature reviews on concepts and management of safety, security, cybersecurity; interviews with regulators and safety and security experts on Seveso sites; analysis of past accidents induced by malicious human intent both in the form of physical security violence and cybersecurity interference, and survey on cybersecurity awareness and physical security awareness in companies.

    Past incident analysis showed that terrorism and cyberattacks were the most important threat categories for Seveso plants. Even though, past incident analysis showed that no major events occurred in chemical or petrochemical facilities due to cyber-attacks, they remain a relevant threat category, and worth paying attention to. This is because of the current trend towards growing digitalisation, automation and blurring boundaries between IT and operational technology (OT) systems in high-risk industries, makes OT systems vulnerable to cybersecurity attacks.

    Cybersecurity awareness in Seveso plants was reported to be at a good level. However, survey respondents had seen ignorance and negligence in their companies regarding cybersecurity. It is possible to create technological barriers, e.g., firewalls, anti-virus software, and to design IT systems so that they direct people to act securely without the need for people to make their own choices. Furthermore, human and organizational barriers, such as integrated management and safety and security culture, are needed. Institutional support to integrated management is weak. The Seveso directive does not require integration. Often cybersecurity is dealt with by IT department, and processsafety and cybersecurity risks are handled separately. These do not contribute to integration. The Responsible Care programme and Environment, Health and Safety and Security (EHS&S) management system adopted by many Seveso plants, do combine different standards into the same management system and thus they represent structural integration. However, they are not sufficient to tackle systemic risks, deriving from interconnectedness of technological and organisational systems and related risks. Integrated management would benefit from risk assessments, in which process-safety risks, physical security risks and cybersecurity risks and their significance would be examined together, e.g. in the same Hazop study. The integrated management would require deep understanding of systemic risks, and new safety and security thinking, and close collaboration between different safety and security experts. Both single plants and industrial parks would benefit from Integrated management.
    Original languageEnglish
    PublisherVTT Technical Research Centre of Finland
    Number of pages152
    ISBN (Electronic)978-951-38-8746-9
    DOIs
    Publication statusPublished - 2021
    MoE publication typeD4 Published development or research report or study

    Publication series

    SeriesVTT Technology
    Number386
    ISSN2242-1211

    Keywords

    • digitalisation
    • cybersecurity
    • physical security
    • safety
    • risks
    • security scenarios
    • integrated management
    • Seveso plant

    Fingerprint Dive into the research topics of 'Integrated Management of Safety and Security Synergies in Seveso plants (SAF€RA 4STER): Final Report'. Together they form a unique fingerprint.

    Cite this