Magazine article Security Management
New Help for Critical Infrastructures. (News and Trends)
If four words could sum up U.S. homeland defense, it might be "It's the infrastructure, stupid." Recognizing how vulnerable power plants, computer networks, oil facilities, and other such entities are to the nation, officials have been clamoring to better guard and gird this infrastructure.
In December of last year, for instance, the chairman of the Texas homeland security task force expressed concern about security of water treatment plants and dams in that state. As if on cue, a consortium of agencies, laboratories, power administrations, and others have released two detailed manuals and accompanying CD-ROMs that help owners and operators of dams, hydroelectric facilities, and power transmission systems conduct exhaustive risk assessments.
RAM-D--Risk Assessment Methodology for Dams--and PAM-T--Risk Assessment Methodology for Transmissions--take these facilities through the same risk equations that Sandia National Laboratories uses for nuclear system protection, explains Sandia's Rudy Matalucci, project director for both RAM-T and RAM-D. The first step in both is a threat assessment that intended to help the facility answer the questions: What does a potential adversary look like, and what resources does he have?
Next is a consequence assessment that addresses another critical question: "If an attack causes failure, what will happen downstream?" Possibilities range from minor service interruptions to deaths. For example, an interruption in power to a hospital could result in loss of patient life.
In the third step, explains Matalucci, vulnerabilities are identified, including possible exposures in navigation locks, spillways, and power-generation turbines. The vulnerability analysis is performed through a "fault tree," which is a diagram that shows how components of the dam, for example, interrelate, and how the failure of one component can affect others down the line. …