KR102239376B1 - System of security level assessment for chemcial facility - Google Patents

Abstract

Methods for assessing the level of security for chemical facilities are provided. The security level evaluation method includes evaluating the security level of the chemical facility by surveying a security level evaluation questionnaire by a user of the chemical facility.

Description

How to assess the security level of chemical facilities {SYSTEM OF SECURITY LEVEL ASSESSMENT FOR CHEMCIAL FACILITY}

The present invention relates to a method for evaluating the security level for a chemical facility.

There have already been cases of terrorist attacks on chemical facilities abroad, and a number of studies are underway to analyze the risks to chemical facilities in accordance with this. In Korea, in accordance with the enforcement of the 「Anti-Terrorism Act for the Protection of the People and Public Safety」 in June 2016, the need to prepare countermeasures for terrorism prevention for facilities subject to terrorism and safety management measures for the means of terrorism was raised.

Recently, chemical accidents in Korea are threatening the safety of national operations and public health, and public interest in chemical accidents is increasing. Terrorism that uses chemical substances as a means, such as the Oklahoma Federal Building Terror (1995) and Kim Jong-nam VX Murder (2017), can have a great effect even with a small amount. In particular, chemical facilities are exposed to terrorist attacks because they store, hold, and handle chemical substances in large quantities.

In order to solve the above problems, the present invention provides a method for evaluating the security level of a chemical facility.

Other objects of the present invention will become apparent from the following detailed description and accompanying drawings.

The security level evaluation method for a chemical facility according to embodiments of the present invention includes the step of evaluating the security level of the chemical facility by surveying a security level evaluation questionnaire by a user of the chemical facility.

The security level evaluation questionnaire may be prepared based on risk-based performance standards.

The security level evaluation method may further include evaluating a risk of terrorism against the chemical facility, and determining a security level of the chemical facility using the risk of terrorism.

The security level evaluation questionnaire may request different security levels according to the security level of the chemical facility.

The security level evaluation questionnaire may include items of detection measures, delay measures, response measures, cyber security measures, and security management measures.

The security vulnerability of the chemical facility may be evaluated based on the security level evaluation result.

The security level evaluation questionnaire may be provided to the user online.

According to embodiments of the present invention, it is possible to effectively evaluate the risk of terrorism against the chemical facility, the security level and the security vulnerability of the chemical facility. By quantitatively analyzing the risk of terrorism, the risk of terrorism against chemical facilities can be objectively evaluated. A practical security level can be effectively provided by determining a security level of a chemical facility according to the terrorism risk level and evaluating a security level suitable for the security level. Security vulnerability assessments can be conducted online, allowing users to conveniently and easily assess security vulnerabilities.

1 shows a method of calculating a terrorist target preference score according to an embodiment of the present invention.
2 shows a Google trend analysis result according to an embodiment of the present invention.
3 to 6 are graphs showing the damage impact distance for each region according to the storage capacity of chemical substances for evaluating the impact when calculating the security level.
7 shows a procedure of a security vulnerability assessment method according to an embodiment of the present invention.
8 shows a security vulnerability evaluation network using a security vulnerability evaluation system.
9 shows a security vulnerability evaluation system according to an embodiment of the present invention.
10 shows the configuration of the security vulnerability evaluation unit of FIG. 9.
11 shows the configuration of the user client of FIG. 8.

Hereinafter, the present invention will be described in detail through examples. Objects, features, and advantages of the present invention will be easily understood through the following embodiments. The present invention is not limited to the embodiments described herein, and may be embodied in other forms. The embodiments introduced herein are provided so that the disclosed contents may be thorough and complete, and the spirit of the present invention may be sufficiently transmitted to those of ordinary skill in the art to which the present invention pertains. Therefore, the present invention should not be limited by the following examples.

The term "user" as used herein is a person who uses the security vulnerability evaluation system and security vulnerability evaluation method according to embodiments of the present invention, and includes "operator" and "administrator", and "operator" refers to chemical facilities. A person who is involved in the use and management of chemical facilities, such as owned or leased, refers to individuals, corporations, etc., and "manager" is a person who regulates, inspects, and supervises the chemical facilities legally and administratively. It means a supervisory authority, etc. In addition, "workplace" means a certain place, including a chemical facility, where business activities related to the chemical facility take place.

[Security Vulnerability Assessment Method]

The security vulnerability assessment method for a chemical facility according to embodiments of the present invention includes a terrorist risk assessment step for the chemical facility, a security level determination step for the chemical facility, a security level assessment step for the chemical facility, and the chemical facility. Includes security vulnerability assessment steps. Hereinafter, a method for evaluating security vulnerabilities for chemical facilities will be described in detail for each step.

1. Terrorism Risk Assessment

The terrorism risk assessment method according to embodiments of the present invention is a method of evaluating the terrorism risk of a chemical facility, the step of selecting a chemical substance for terrorism, whether the chemical facility holds the terrorist chemical substance And determining a terrorist risk of terrorism occurring in the chemical facility.

Selection of chemical substances intended for terrorism

Candidate chemical substances for targeting terrorism may be derived, and chemical substances for targeting terrorism may be selected from the candidate chemical substances for targeting terrorism.

Based on the characteristics and considerations according to the type classification of human and material objects in Table 1 below, and the characteristics and considerations according to the classification of terrorism type in Table 2 below, multi-use considering the toxicity index, fire explosion index, and other indices. Candidate chemicals for terrorist targets by type of terrorism such as facilities, industrial facilities and food and water treatment facilities can be derived.

[Table 1]

[Table 2]

In the case of terrorism against multi-use facilities, Arsine, Phosgene, Chlorine, and Trichloronitromethane scored higher in the order of the 20th place in the order of the highest score by type. Arsine, dichlorosilane, trichlorosilane, ethyl nitrite in the case of physical terrorism in terrorism, Arsine, nickel carbonyl in the case of physical/human terrorism (Nickel Carbonyl), hydrogen selenide, trichloronitromethane, etc.In the case of food-treatment, hydrocyanic acid, sarin, tetraethyl pyrophosphate, etc. pyrophosphate) and sodium cyanide were among the high-scoring substances. Among the four types, the substances selected in the terror type of multi-use facilities and industrial facilities were highly similar to each other, but the chemicals selected in the terror type of food and drinking water were similar to other types and substances in the top 20 were hydrocyanic acid. ) And nitrogen mustard-2. In the case of terrorism in multi-use facilities and industrial facilities, substances were selected in consideration of toxicity (inhalation and transdermal), fire explosiveness (flammability, explosiveness and reactivity index) and leakage diffusion index (molecular weight, boiling point, and vapor pressure). This is because toxicity (oral and transdermal), solubility, and persistence index were used in the method of screening terrorist preparations.

Table 3 shows the results of listing the substances scored by type (multi-use facility terrorism, food/drinking facility terrorism, industrial facility terrorism) in the order of highest score through scoring for 492 chemical substances. .

[Table 3]

In the case of multi-use facility terrorism, as a result of listing substances with high scores from the 29th place to the 29th place and the 20th place of the remaining types, a total of 70 species were selected as candidate chemicals for terrorism. Materials such as arsine, phosgene, chlorine, hydrocyanic acid, and sarin were listed above. Of these, when listing two or more substances in the top 10 and all types of scores in each type, the substances at the top were selected as group 1 substances, and the seven substances indicated in green in Table 3 are Table 4 Arsine (7784-42-1), phosgene (75-44-5), chlorin (7782-50-5), hydrocyanic acid (74- 90-8)), sarin (107-44-8)), trichloronitromethane (76-06-2), and carbonyl fluoride (353-50-4) Yes. As a result of analyzing these 7 chemical substances, substances ranked 1st, 2nd, 4th and 6th in multi-use facility terrorism, 1st and 2nd place in food and drinking water terrorism, and 1st, 4th and 5th place in industrial facilities terrorism were selected as group 1. . In the case of Group 2 substances, 22 substances indicated in pink in Table 3 are listed in Table 5, excluding substances from Group 1 among substances contained in two or more of the 20 ranks for each type, and those included in the top ranks for each type. In the case of these two groups, most of the substances with high scores for multi-use terrorism and industrial facilities terrorism are selected, and selenium hexafluoride (7783-79-1) in the case of terror substances in food and drinking water, which are included in the top 30. ), hydrogen selenide (7783-07-5), and HN2 (nitrogen mustard-2, 51-75-2) were listed. Of the 70 terrorist candidate chemicals, 41 substances, excluding those from Group 1 and Group 2, were classified into 3 groups (substances indicated in blue in Table 3). In Group 3, oxygen difluoride, PFIB, sulfur tetrafluoride, and bromine pentafluoride were listed.

The total number of terrorist chemicals that must be applied in Korea are 29 (Group 1: 7, Group 2: 22), and the list of Group 1, Standard Threshold Quantities (STQ), and application scenarios. Are listed in Table 4 below, and the list of Group 2, Standard Threshold Quantity (STQ), and application scenarios are listed in Table 5.

[Table 4]

[Table 5]

Checking the possession of terrorist chemicals

Terrorism vulnerability can be assessed using the severity of the accident, the intentions and capabilities of hostile groups, and the level of contrast of the workplace. Among these, the main influence on the severity of the accident or the intentions of the hostile group is the amount of terrorist chemicals (terror-concerned substances) possessed by the workplace. Since preparation for intentional human disasters is not yet mandatory in Korea, most workplaces are not yet prepared for accidents such as terrorism.

In order to grasp the current status of terrorist chemicals possessed by the workplace, data disclosed in the comprehensive chemical substance information system operated by the Institute of Chemical Safety can be used. This chemical substance information system discloses the results of statistical investigations in accordance with Article 12 of the Chemical Substances Management Act and Article 3 of the Regulations on the Operation of Chemical Substance Investigation Results and Information Disclosure System. The main purpose of the Integrated Chemicals Information System is to prevent risks to public health and the environment caused by chemicals, manage chemicals appropriately, and respond promptly to accidents caused by chemicals. It was established with the purpose of guaranteeing the people's right to know in accordance with the purpose of Article 1 of the Chemical Substances Management Act, which protects life, property, or the environment.

Using the substance search function supported by the Chemical Substances Information System, the holdings of a total of 29 chemical substances targeted for terrorism (Group 1: 7 types, Group 2: 22 types) were identified. Published information is based on 2016, and category values based on annual usage rather than total holdings of the workplace (Category 1: 0.1 ton or less, Category 2: 0.1 to 0.5 ton, Category 3: 0.5 to 1 ton, Category 4 : 1 to 2.5 tons, Category 5: 2.5 to 5 tons, Category 6: 5 to 20 tons, Category 7: 20 to 200 tons, Category 8: 200 to 1000 tons, Category 9: 1000 to 5000 tons, Category 10: 5000 Tonnes or more). The total amount of computational usage was held at the workplace, and the distribution of the amount of possession within each category was assumed to be uniformly distributed, and the amount was calculated using the average value of the minimum and maximum values.

Substances corresponding to Group 1 are'arsine, carbonyl fluoride, chlorine, cyanide, phosgene, sarin, and nitrotrichloromethane'. The substances that are considered to be distributed/used in Korea in 2016 are'arsine, chlorine, cyanide, and phosgene', and Table 6 shows the results of statistical surveys for the above four substances.

[Table 6]

Substances corresponding to group 2 are'boron tribromide, boron trifluoride, bromine, chlorine pentafluoride, fluorine, hexafluoroacetone, hexyltrichlorosilane, mechlorethamine, hydrogen fluoride, hydrogen selenide, methyl chlorosilane, Methyl dichlorosilane, methyl trichlorosilane, nickel carbonyl, 2-pentene phosphine, selenium hexafluoride, tetraethyl pyrophosphate, trifluoroacetyl chloride, 2, 4, 6-trinitrophenol, tungsten hexafluoride, germanium There are 22 types in total. Among them, materials distributed/used in Korea in 2016 are'boron tribromide, bromine, fluorine, hydrogen fluoride, methyl dichlorosilane, methyl trichlorosilane, phosphine, trifluoroacetyl chloride 2, 4, 6 -There are 11 kinds of'trinitrophenol, tungsten hexafluoride, germanium'. Table 7 shows the results of statistical investigations for the 11 substances.

[Table 7]

Terrorism risk assessment

The risk of terrorism can be assessed using the intensity of the terrorist attack and the preferences of the terrorist target.

The intensity score of a terrorist attack can be classified based on the results of analyzing the substances possessed by each business site through an over-the-counter impact assessment and risk management plan creation support program (KORA). If the same terrorist chemicals exist within 50m, it is assumed that they are concentrated in the center, and the simulation should be carried out in consideration of the domino effect of the vehicle explosion, and the weather conditions are the worst weather conditions according to the technical guidelines for calculating accident scenarios. It is desirable to follow the wind speed of 15m/s and the atmospheric stability F, and to reflect the terrain conditions in the same way as the actual terrain. The mitigation rate used in the OTC impact assessment can be used to apply the passive mitigation effect by the location of important assets such as chemical facilities handling terrorist chemicals. Table 8 shows the passive mitigation rates used in the OTC impact assessment.

[Table 8]

Table 9 is a criterion for classifying the intensity of terrorist attacks based on the number of victims when the mitigation rate and ERPG-2 (Emergency Response Planning Guideline) are applied. In Korea, it is desirable to classify the intensity of terrorist attacks in consideration of the fact that the country's area is smaller and the population density is higher than that of foreign countries.

[Table 9]

The preference score of terrorist targets can be classified based on Internet trend analysis and the number of Internet search results. The Internet trend may include a Google trend, and the Internet search may include a Google search. The greater the awareness and interest of the terrorist target, the greater its impact upon successful terrorism. Therefore, the higher the probability of obtaining information about the terrorist target, the more likely it is to be exposed to terrorism. Therefore, it is possible to classify the preference score for the target of terrorism (chemical facility) by quantitatively analyzing the awareness of the target of terrorism and the possibility of obtaining information.

Various methods can be used to obtain information on the target of terrorism, and it is desirable to use the Internet with excellent information accessibility. In addition, since the terrorist group is not limited to Korea, it is desirable to use a Google search engine, which is used internationally, rather than a domestic search engine.

In Google Trend Analysis, it is a number that shows the public's interest in the subject, and the time when the number of searches was the most during the target period is set to 100, and the value expressed by converting the relative number by period can be obtained. In addition, since it is difficult to compare multiple objects only by the change in interest level over time, it is possible to classify the score by performing an absolute comparison through the average value of interest level for the last year. If the interest in business operators such as corporations is below a certain level, analysis of Google trends is impossible, so in this case, the average trend value can be applied as zero.

Because Google Trend Analysis analyzes the world, differences occur depending on the language used when searching. Therefore, the trend values of the official Korean name and English name of the terrorist target are analyzed, respectively. At this time, if the result of trend analysis in English name is high, it can be judged that it is receiving international attention. If the names of some targets of terrorism are proper nouns or companies with the same name exist, the difference in trend analysis results of Korean and English names may be large.In this case, when selecting the final preference score, it is corrected based on the number of employees and the amount of chemicals held. can do.

The Google trend analysis result indicates the public's interest in the terrorist target, and the number of Google search results indicates the accessibility to the information of the terrorist target. The search condition of the number of Google search results can be based on one year, and to reduce the error of the results, only search results that completely contain the official name of the terrorist target can be used for analysis. However, the number of Google search results may cause an error of about 10% depending on the search time required due to the nature of the Google search engine.

In order to compare the preferences by applying both the degree of interest in the terror target and the accessibility to information, the average value of trend analysis and the number of search results are multiplied by the number of search results, respectively, to calculate the value of interest by searching for Korean names and the value of interest by searching for English names. Since the number of terrorist targets for English name search and Korean name search is different, score calculation criteria can be set differently to classify preference scores. After that, the score of the terrorist's preference is calculated through the sum of the scores of the Korean name search and the English name search. If the score difference between Korean and English name searches is large because some targets have proper names or companies with the same name exist, among the targets of terrorism with a total score of 2 points, targets with fewer than 50 employees and less than 1,000 tons of chemicals will score Can be corrected to 1 point.

[Table 10]

In order to determine whether the preference score classification method is appropriate, the preference scores were classified for 96 terrorist businesses using goats using the preference score classification method. As a result, the subjects with 4 points of preference were classified into 10, 3 points 10, 2 points 40, and 1 point 36. At this time, in order to correct the score of the subject with an error due to the above-mentioned name, among subjects with a preference of 2, the score was corrected to 1 point for subjects with less than 50 employees and less than 1,000 tons of chemicals. As a result, 12 subjects with 2 points were corrected to 1 point, and the subjects with 4 points were classified into 10, 3 points 10, 2 points 28, and 1 point 47.

2. Security level determination

The intensity score and preference score of the attack against the terrorist workplace can be calculated through the intensity of the terrorist attack and the criteria for classifying the preference of the target of terrorism, and as shown in Table 11, the security level is selected as the sum of the two scores. It can be classified into those three levels.

[Table 11]

If both the strength and preference of the attack have a rating of 1, the security level is not determined, and thus the obligation to receive the security level assessment of the workplace through a security level assessment questionnaire can be avoided. This is because the risk of security incidents is low in the case of workplaces that are not well-recognized at home and abroad, and the severity of damage is not significant even if an accident occurs.

Businesses with a total score of 3 or more and 4 or less are evaluated as low security level (lower level), and business sites with a total of 5 or more and 7 or less are evaluated as medium security level, and business sites with a total score of 8 points. The security level is judged as high level (higher level).

The damage impact distance according to the storage capacity of the five substances that can be applied to the leakage scenario among seven substances for terrorist chemical substances can be obtained by using KORA (General Purpose Program for Supporting the Creation of Over-the-Counter Impact Assessment and Risk Management Plan). For all materials, the worst weather conditions were applied equally, and the temperature was 25℃, the relative humidity was 50%, the wind speed was 15m/s, and the atmospheric stability was F, and the trend graphs of the rural and urban areas were obtained, respectively.

In the case of chlorine, the storage condition is liquid, and the equipment conditions are set to 10m in diameter, -15℃ for operation temperature, 12bar for operation pressure, and 1 inch for binding pipe. The damage impact model was set to toxic and the ERPG-2 damage impact distance was calculated. When the ERPG-2 distance by storage capacity is expressed as a graph, it is as shown in FIG. 3, and Equations 1 and 2 are equations showing a graph of a rural/urban area of chlorine.

[Equation 1]

[Equation 2]

In the case of Arsine, the storage condition was set to vapor phase, and the storage capacity was set by the facility diameter, that is, volume. The facility conditions were operating temperature -15℃, operating pressure 5bar, and 1 inch of connected piping. The damage impact model was set to Toxic, and the ERPG-2 damage impact distance was calculated. If the ERPG-2 distance for each storage capacity is expressed as a graph, it is as shown in FIG. 4, and Equations 3 and 4 are equations showing a graph of a rural area/urban area of Arsine.

[Equation 3]

[Equation 4]

In the case of phosgene, the storage state was set to wake up and the storage capacity was set by the diameter of the facility. The facility conditions were 15℃ operating temperature, 12bar operating pressure, and 1 inch of connected piping. The damage impact model was set to Toxic, and the ERPG-2 damage impact distance was calculated. If the ERPG-2 distance for each storage capacity is expressed as a graph, it is as shown in FIG. 5, and Equations 5 and 6 are equations showing a graph of a rural/urban area of phosgene.

[Equation 5]

[Equation 6]

In the case of hydrogen cyanide, the storage condition was liquid, and the equipment conditions were set to 10m in diameter, 15℃ operating temperature, 12bar operating pressure, and 1 inch of binding pipe. The damage impact model was set to toxic and the ERPG-2 damage impact distance was calculated. If the ERPG-2 distance for each storage capacity is expressed as a graph, it is as shown in FIG. 6, and Equations 7 and 8 are equations showing a graph of a rural/urban area of hydrogen cyanide.

Depending on the storage condition (liquid/weather) and facility structure (indoor/underground/closed/containment), the damage impact distance can be reduced by applying the reduction factor used in the OTC impact assessment mutatis mutandis. In this way, when the reduction factor used in the over-the-counter impact assessment is applied mutatis mutandis, the number of residents who can receive damage within the affected range decreases as the damage impact distance decreases, so it can be reflected in the security level calculation.

3. Security level assessment

The required security level for each security level can be evaluated through a security level evaluation questionnaire. The security level assessment questionnaire can be composed of a total of 5 sections: detection, delay, response, cybersecurity, and management. This can be evaluated by separating each step of the security incident response, and by analyzing the created security level evaluation questionnaire, the security level of the workplace can be divided into facility aspects and management aspects and quantified.

The security level evaluation questionnaire can be prepared based on the risk-based performance standard (RBPS), and the risk-based performance standard consists of a total of 18 types.

RBPS 1. Business perimeter security

The performance standard of workplace perimeter security relates to the perimeter security method of the workplace and the method of monitoring it, and includes items such as the physical protection system of the workplace site, intruder detection system or other monitoring systems, lighting, and security personnel.

[Table 12]

RBPS 2 Facility Site Asset Protection

The performance standards for facility site asset protection are related to security measures for facility assets, including the contents of alerts and monitoring for restricted areas within the facility or facilities that seem to be insignificant on the surface but play an important role in the security of the business site. do.

[Table 13]

RBPS 3 access audit and control

The performance standards for access screening and control include details on how to control access to restricted areas within the facility through screening or inspection of specific outsiders or vehicles entering the workplace. The performance standards for access screening and control are 1) measures to prevent unauthorized entry of dangerous substances or devices that may cause serious security accidents to the facility and surrounding residents, and 2) employees at the workplace. When attempting to enter the workplace, it includes information on how to implement a personal identification system that can verify the identity of the relevant personnel and regularly update the identification procedure.

[Table 14]

RBPS 4 defense, detection and delay

The performance standard of defense, detection, and delay maximizes the time interval from monitoring the occurrence of a security incident to the occurrence of a security incident by maximizing the time between the attack attempt and initiation by detecting and stopping an attack. It's a way to do it. Performance standards for defense, detection and delay include items such as physical barriers or surveillance/identification systems outside the workplace, security lighting, and safety personnel.

[Table 15]

RBPS 5 transport, receipt and storage

The performance standards for transport, receipt and storage relate to transport, receipt and storage, and aims to prevent security incidents that may occur when transporting, receiving and storing dangerous goods at the workplace.

[Table 16]

RBPS 6 Theft/Dedicated

Theft/dedicated performance standards are intended to prevent theft and illegal acquisition of potentially dangerous chemicals, and include items such as making physical movement of the chemicals difficult or making the process more difficult, inventory management, etc.

[Table 17]

RBPS 7 Sabotage

Sabotage performance standards are about how to deter internal sabotage, including background checks of employees or contractors, restricting access to certain chemicals, sensitive areas, physical security measures, cyber security measures, etc.

[Table 18]

RBPS 8 cyber attack

The performance standards for cyber attacks are aimed at deterring cyber sabotage by preventing unauthorized on-site or remote access to critical process controls such as SCADA, DCS, PCS, ICS and critical business systems and other sensitive computer systems, Includes security policy, access control, human security, awareness and training, monitoring and incident response, disaster recovery and business continuity, system development and acquisition, configuration management, and audit.

[Table 19]

RBPS 9 compatible

Response performance standards relate to how to create and implement an emergency plan to respond to security incidents, either internally or with the help of local law enforcement and first aid personnel, including emergency plans and procedures, education, training, and practice. , Emergency response equipment, etc.

[Table 20]

RBPS 10 monitoring

The performance standards of monitoring are to maintain an effective monitoring, communication, and warning system: 1) measures to ensure that the security system and equipment operate normally, inspect, test, adjust, and maintain, and 2) regularly test the security system. It includes information on measures to immediately identify and respond to security system and equipment failures and malfunctions by the facility, recording defects, correcting found defects, and recording results for inspection by the department. .

[Table 21]

RBPS 11 training

The performance standards of education relate to the appropriate security education, practice, and training of facility personnel, and include items such as education, practice, training, testing, and co-initiation.

[Table 22]

[Table 23]

RBPS 12 Identity Guarantee

The performance standards of identity assurance are about how to conduct appropriate background checks and ensure the appropriate qualifications for unaccompanied visitors to facility personnel, restricted areas or critical property, 1) measures to verify and verify identity; 2) measures to ascertain important history, 3) measures to confirm and prove legal work permits, and 4) measures to identify people attempting terrorism.

[Table 24]

RBPS 13 increased threat

The increased threat performance standard aims to increase the level of protection measures during periods of heightened threat.

[Table 25]

RBPS 14 Clear Threat, Vulnerability, or Harm

The performance standards for a specific threat, vulnerability, or risk include items on how to deal with the threat, vulnerability, or risk identified by the Vice Minister as a problem with a particular facility.

[Table 26]

RBPS 15 Record of important security incident

The performance standard for recording critical security incidents relates to the methodology for recording critical security incidents to departments and local police officers in charge, 1) identifying security incidents, 2) facility security records, 3) whether the incident is a “critical security incident”. Determination of whether or not, 4) Involves the four basic steps of recording security incidents to the responsible department and local police officers.

[Table 27]

RBPS 16 Critical Security Incidents and Suspicious Behavior

The Performance Standard for Critical Security Incidents and Suspicious Behavior relates to how to identify, investigate, report, and maintain records of critical security incidents and suspicious activity in or around a facility. Includes.

[Table 28]

RBPS 17 staff and organization

Employee and organizational performance standards are aimed at establishing employees and organizations that comply with the standards and are responsible for security. Security measures follow FSO (Facility Security Officers).

[Table 29]

RBPS 18 record

Records performance standards include items on how to address the creation, maintenance, protection, storage, and disposal of appropriate security-related records and the activities necessary to provide these records to the responsible department as needed.

[Table 30]

The manager provides a security level evaluation questionnaire based on the risk-based performance standard to the operator and asks them to answer the questionnaire. Managers can conduct on-site surveys of the workplace to ensure that the security level assessment questionnaire has been properly conducted by the operator. The security level evaluation questionnaire may be supplemented or revised by reflecting the situation of domestic business sites. The reflection of the actual situation of the domestic workplace can exclude conflicts with other laws, determine whether the requirements of the security level evaluation questionnaire can be satisfied in general workplaces, and check whether a management measure that meets the weak security level is required. It is desirable to have.

There may be many security measures for specific matters, and different security measures may be effective depending on the circumstances of the workplace. It is desirable to fill out the security level evaluation questionnaire with different types of security measures for the same item in the security level.

Security in terms of facilities is generally implemented outside the workplace or in the vicinity of critical assets (chemical facilities) that handle terrorist chemicals. It is advisable to differentiate the management measures for each security level of the business site by determining which of the security resources should be put into an external or important asset of the business site according to the security level of the business site.

If the security level is high, the security level evaluation questionnaire is preferably written to require that all available security measures be used, and the security category is also applied to both outside the workplace and to important assets. In the case of mid-level workplaces, the security category is applied in the same way as the high-grade workplace, but security measures can be prepared to meet more than one, and low-level workplaces have at least one security measure, and the security category is also external to the workplace. It can be prepared to install at least one of the important assets. In addition, items essential to chemical terrorism security, such as identity assurance, are preferably included in the questionnaire regardless of their grade. In addition, in the case of specific security measures, the necessity may vary for each scenario, so it may be written to require conditionally necessary security measures to be applicable, and in matters where safety measures and security measures may conflict, it is qualitatively judged. It is desirable to be written so that it can be done. A series of processes for completing and evaluating a security level assessment questionnaire can be done online through the security vulnerability assessment system.

(1) Security Level Assessment Survey, Section 1: Detection Measures

Section 1 is a questionnaire that evaluates the level of detection of security incidents. Section 1.1. is related to intrusion detection system, Section 1.2. is related to CCTV, and Section 1.3. is related to security patrol. In the evaluation of sections 1.1., 1.2., and 1.3., as shown in Table 31, it is applied differentially by security level, but in the case of sections 1.4. (lighting) and 1.5. (research), it is essential for security, so regardless of the security level. All have to be satisfied.

[Table 31]

Table 32 below shows the detection measures in Section 1 of the security level evaluation questionnaire.

[Table 32]

(2) Security Level Assessment Survey, Section 2: Delayed Actions

Section 2 is a questionnaire evaluating the level of delay in the event of a security incident. Delay in security incidents increases the time it takes from the initiation of the incident to the occurrence of damage, thereby securing time for countermeasures such as suppressing terrorists. Therefore, it can be said that Section 2 is an essential element in the effective and efficient implementation of Section 3.

For Section 2, it is necessary to carefully evaluate the level of security at the perimeter of the business and the level of security at the property according to the level of the business. Section 2.1. is for evaluating delayed action at the boundary of the business, and Section 2.2. is for evaluating delayed action at critical assets. In the security level, 2.1. and 2.2 for medium and high level workplaces. You can ask for answers from everyone, and 2.1. and 2.2 for lower-level workplaces. You can only ask for either. Section 2.3. is related to access control, and other items are related to 2.4. Evaluate in the section. For businesses that receive or sell terrorist chemicals, surveys are conducted selectively in Sections 2.5. and 2.6 to determine whether or not they are satisfied with the security level.

Table 33 below shows the delayed measures in Section 2 of the security level assessment questionnaire.

[Table 33]

(3) Security Level Assessment Survey, Section 3: Response Actions

The countermeasures in Section 3 are surveys evaluating actions at the location of a security incident and routine training. In addition, since it is not related to the boundary conditions of the workplace, the level of satisfaction required for each grade can be determined by the number of questions that can be satisfied out of a total of eight questions in Section 3. However, even if the emergency response plan for security incidents is thoroughly established, if training is not supported, it is difficult to take effect in the event of an actual accident.Therefore, it is prepared to conduct evaluation by dividing the response plan part and the response training part. . In the case of high grade, 100% satisfaction is required in all items, and in the case of medium grade, 80% or more in both planning and training, and 50% or more in the case of low grade can be set as the satisfaction criterion.

Table 34 below shows the countermeasures in Section 3 of the security level assessment questionnaire.

[Table 34]

(4) Security Vulnerability Assessment Questionnaire, Section 4: Cyber Security Measures

The cyber security measures in Section 4 are prepared to prevent intentional human disasters such as hacking or theft/exclusive accidents by illegally acquiring information such as the route and time of movement of terrorist chemicals. It is a questionnaire to confirm the level. There are existing surveys related to cybersecurity used in Korea, but this includes evaluation of general security such as patents and trade secrets, but the security of chemicals and the general purpose of security are different in values to be protected. Cybersecurity does not have the concept of boundaries or perimeters of business sites, but there are conditions that must be preceded in order to implement specific cybersecurity procedures. Therefore, the evaluation in Section 4 can be conducted by dividing the detailed questions of the survey into required items and additional items. Regardless of the security level, each business site must satisfy the required items (indicated by E in the others), and the additional items must satisfy 100% for the high level, 80% for the medium level, and 50% for the low level for each security level.

[Table 35]

(5) Security Level Assessment Survey, Section 5: Security Management Measures

While the surveys in Sections 1 through 4 are based on the viewpoint of security vulnerability assessment, Section 5 can judge the workplace from the viewpoint of Security Vulnerability Management. It is not related to the boundary conditions of the workplace, and security vulnerability management is implemented in various ways depending on the operating method of the workplace. Although not all measures may be retained, there may be exceptions that satisfy the intent of all measures, so a qualitative method is required for the determination of Section 5. Section 5.1. evaluates management, section 5.2. evaluates training, section 5.3. evaluates identity assurance, section 5.4. evaluates incident reporting, section 5.5. evaluates security entities, and section 5.6. .Evaluate accident record management. Of these, the identity assurance in Section 5.3. is a fundamental element of all security management, and therefore must be satisfied regardless of the level. The remaining sections may require 100% satisfaction for high-grade businesses, 80% for medium-grade businesses, and 50% for low-grade businesses.

Table 36 below shows the security management measures in Section 5 of the security level assessment questionnaire.

[Table 36]

4. Security vulnerability assessment

The security level evaluation survey results are used to evaluate security vulnerabilities by evaluating whether the workplace has a security level suitable for the security level. If it is evaluated that the security is weak, the administrator can request or instruct the operator to supplement the security level. In addition, the manager may conduct on-site surveys on workplaces and chemical facilities to determine the appropriateness and validity of the questionnaire survey for security level evaluation and to supplement the security level evaluated as vulnerable.

7 shows a procedure of a security vulnerability assessment method according to an embodiment of the present invention.

Referring to FIG. 7, it is examined whether a chemical substance possessed by a workplace corresponds to a chemical substance intended for terrorism. If the chemical substance held by the workplace is a chemical substance intended for terrorism, it is determined whether or not the chemical substance held by the workplace exceeds the threshold amount. If the threshold amount is not exceeded, the risk of terrorism on the workplace is evaluated if the threshold amount is exceeded, and if the threshold amount is exceeded, the risk of terrorism is evaluated.

The risk of terrorism can be assessed using the intensity of the terrorist attack and the preferences of the terrorist target. The intensity score of a terrorist attack can be classified based on the results of analyzing the substances possessed by each business site through an over-the-counter impact assessment and risk management plan creation support program (KORA). The preference score of terrorist targets can be classified based on Internet trend analysis and the number of Internet search results. The Internet trend may include a Google trend, and the Internet search may include a Google search.

The security level of the workplace is determined according to the terrorism risk assessment. The security level can be classified into three levels: high, medium, and low by adding the intensity score of the terrorist attack and the preference score of the terrorist target. If the workplace does not fall under the high/medium/low security level, it is carried out again from the beginning for other chemicals, and if it falls under the high/medium/low security level, the security level of the workplace is evaluated.

The security level may be evaluated by a questionnaire using a security level evaluation questionnaire. The security level assessment questionnaire can be prepared based on risk-based performance standards, and can be composed of a total of 5 sections: detection, delay, response, cybersecurity, and management. This can be evaluated by separating each step of the security incident response, and by analyzing the created security level evaluation questionnaire, the security level of the workplace can be divided into facility aspects and management aspects and quantified.

The manager analyzes the contents of the survey to determine whether the workplace's security level is satisfied. If the security level according to the security level of the workplace is not satisfied, the security level evaluation survey is conducted again by supplementing the security level. If the security level is met, conduct a site investigation.

When security-related changes occur, such as changes in business contents such as chemical facilities, chemical substances, and processes, or after a certain period of time, the security vulnerability assessment is re-evaluated from the beginning.

[Security Vulnerability Assessment System]

8 shows a security vulnerability evaluation network using a security vulnerability evaluation system, FIG. 9 shows a security vulnerability evaluation system according to an embodiment of the present invention, and FIG. 10 shows the configuration of a security vulnerability evaluation unit of FIG. 9, and FIG. 11 8 shows the configuration of a user client. The description of the security vulnerability evaluation method may also be applied to the security vulnerability evaluation system, and descriptions overlapping with the security vulnerability evaluation method may be omitted.

8 to 11, the security vulnerability evaluation system 10 is connected to the user client 20 through the web server 30. The user client 20 is connected to the web server 30 through a wired or wireless communication network or an Internet network. The user client 20 includes an operator client 21 and an administrator client 22. The user client 20 may include various industrial and personal computer devices such as a personal computer, a smart phone, and a tablet PC. The operator client 21 and the manager client 22 may be disposed to be spaced apart from each other, for example, the operator client 21 may be disposed at a workplace, and the manager client 22 may be a government agency or a supervisory authority. Can be placed on the back. In addition, the chemical substance comprehensive information system 40 may be connected to the web server 30, and the security vulnerability evaluation system 10 and the user client 20 are provided with a business operator, business site, and chemical facility from the chemical substance comprehensive information system 40. , You can receive information on chemical substances, etc.

The security vulnerability evaluation system 10 includes a security vulnerability evaluation unit 100 and an information storage unit 200.

The security vulnerability evaluation unit 100 receives information from the user client 20 through the web server 30 and processes it to evaluate the security vulnerability of the chemical facility.

The information storage unit 200 is connected to the web server 30 and the security vulnerability evaluation unit 100, and information (input information) input by the user client 20 and information processed by the security vulnerability evaluation unit 100 (Processing information) can be saved.

The input information may include information on a workplace, a chemical facility, a chemical substance possessed by a workplace, a chemical substance intended for terrorism, a security level evaluation questionnaire, and the like. The processing information may include information about a result of terrorism risk evaluation, a security level evaluation result, a security level evaluation result, a security vulnerability evaluation result, and the like. The input information and the processing information may be output to the user client 20.

The security vulnerability evaluation unit 100 may include a terrorism risk evaluation unit 110, a security level determination unit 120, a security level evaluation unit 130, and a security vulnerability evaluation unit 140.

The terrorist risk assessment means 110 receives information on a business site including a chemical facility, a chemical substance possessed by the business site, and a chemical substance intended for terrorism, and evaluates the terrorism risk of the chemical facility. The terrorist risk evaluation means 110 may evaluate the terrorism risk using the intensity of the terrorist attack and the preference of the terrorist target.

The intensity score of a terrorist attack can be classified based on the results of analyzing the substances possessed by each business site through an over-the-counter impact assessment and risk management plan creation support program (KORA). If the same terrorist chemicals exist within 50m, it is assumed that they are concentrated in the center, and the simulation should be carried out in consideration of the domino effect of the vehicle explosion, and the weather conditions are the worst weather conditions according to the technical guidelines for calculating accident scenarios. It is desirable to follow the wind speed of 15m/s and the atmospheric stability F, and to reflect the terrain conditions in the same way as the actual terrain. The mitigation rate used in the OTC impact assessment can be used to apply the passive mitigation effect by the location of important assets such as chemical facilities handling terrorist chemicals.

The preference score of terrorist targets can be classified based on Internet trend analysis and the number of Internet search results. The Internet trend may include a Google trend, and the Internet search may include a Google search. The greater the awareness and interest of the terrorist target, the greater its impact upon successful terrorism. Therefore, the higher the probability of obtaining information about the terrorist target, the more likely it is to be exposed to terrorism. Therefore, it is possible to classify the preference score for the target of terrorism (chemical facility) by quantitatively analyzing the awareness of the target of terrorism and the possibility of obtaining information.

The terrorism risk assessment means 110 may be linked with the Internet. For example, the terrorism risk assessment means 110 may be connected to a Google search engine, and when a keyword is input from the user client 20, the terrorism risk assessment means 110 may run the Google search engine to perform analysis. In addition, unlike this, the terrorism risk evaluation means 110 may evaluate the terrorism risk by receiving only the result after the user directly performs a search using the Google search engine.

The security level determination means 120 determines the security level of the chemical facility by using the terrorism risk evaluated by the terrorism risk assessment means 110. For example, the security level determination means 120 may evaluate the security level of the chemical facility by adding the intensity score of the terrorist attack and the preference score of the terrorist target by dividing it into three stages: high, medium, and low.

The security level evaluation means 130 evaluates the security level of the chemical facility using a security level evaluation questionnaire. The security level assessment questionnaire can be prepared based on risk-based performance standards, and can be composed of a total of 5 sections: detection, delay, response, cybersecurity, and management. This can be evaluated by separating each step of the security incident response, and by analyzing the created security level evaluation questionnaire, the security level of the workplace can be divided into facility aspects and management aspects and quantified. The security level evaluation means 130 may request different security levels to be satisfied according to the security level of the chemical facility in the security level evaluation questionnaire.

The security vulnerability evaluation means 140 evaluates the security vulnerability of the chemical facility by using the security level evaluation result. The security vulnerability evaluation means 140 determines whether the security level of the chemical facility is satisfied by analyzing the result of the security level evaluation questionnaire. The security vulnerability evaluation means 140 outputs the security vulnerability evaluation result to the user client 20, and the operator and the administrator can check the evaluation result.

If the security level according to the security level of the workplace is not satisfied, the administrator can request or instruct the operator to supplement the security level, and after the supplementation, the security level is re-evaluated by a security level evaluation questionnaire. In addition, the manager may conduct on-site surveys on workplaces and chemical facilities to determine the appropriateness and validity of the questionnaire survey for security level evaluation and to supplement the security level evaluated as vulnerable.

So far, specific examples of the present invention have been looked at. Those of ordinary skill in the art to which the present invention pertains will be able to understand that the present invention may be implemented in a modified form without departing from the essential characteristics of the present invention. Therefore, the disclosed embodiments should be considered from an illustrative point of view rather than a limiting point of view. The scope of the present invention is shown in the claims rather than the above description, and all differences within the scope equivalent thereto should be construed as being included in the present invention.

10: Security Vulnerability Assessment System 20: User Client
30: web server 40: comprehensive chemical information system
100: Security Vulnerability Assessment Department 110: Terrorism Risk Assessment Means
120: security level evaluation means 130: security level evaluation means
140: security vulnerability evaluation means 200: information storage unit

Claims (7)

Evaluating the security level of the chemical facility by surveying a security level evaluation questionnaire by a user of the chemical facility;
Evaluating the risk of terrorism against the chemical facility; And
Including the step of determining the security level of the chemical facility using the risk of terrorism,
The terrorist risk is evaluated using the intensity of the terrorist attack and the preference of the terrorist target,
The preference of the terrorist target is calculated using the Internet trend analysis and the number of Internet search results,
In the Internet trend analysis, the trend values of Korean names and English names of the terror targets are analyzed, respectively. The method of claim 1,
The security level assessment questionnaire is a security level assessment method for a chemical facility, characterized in that it is written based on a risk-based performance standard. The method of claim 1,
The strength of the terrorist attack is calculated based on the number of the population affected by the terrorist attack. The method of claim 1,
The security level evaluation questionnaire requires different security levels according to the security level of the chemical facility. The method of claim 1,
The security level evaluation questionnaire includes items of detection measures, delay measures, response measures, cyber security measures, and security management measures. The method of claim 1,
Security level evaluation method for a chemical facility, characterized in that the security vulnerability of the chemical facility is evaluated based on the security level evaluation result. The method of claim 1,
The security level assessment questionnaire is provided to the user online.

Images