Integrated Management of Safety and Security Synergies in Seveso Plants (SAF€RA 4STER)


The problem addressed

This project originates from the following problems highlighted in SAF€RA's 2018 call: the security threats deriving from terrorism, internal malevolence, leading more industry sectors to grapple with the challenge of managing security and safety concerns in a coordinated manner. Furthermore, digitalization creates new safety and security challenges, such as the TRITON virus, which recently attacked industrial Safety Instrumented Systems. Indeed, the security of industrial sites, and in particular the security of the chemical and process industry (Seveso plants), has become a matter of increasing concern in recent years. Besides, the convergence of safety and security issues is a potential cause for major accidents. The objective of the study is to find solutions to the challenge of managing safety and security concerns in a coordinated manner, as well as to examine how impacts of digitalisation for safety and security of the plants are understood and identified.

Keywords: seveso cybersecurity

Research questions

The following three Research hypotheses are defined:
  • Despite tensions, significant synergies between safety and security management exist;
  • Security-related scenarios concerning intentional acts are not adequately considered in documentation following up the Seveso Directive;
  • Many companies in European process industry lack adequate control measures as regards cyber security and cyber-attacks.
Research questions are as follows:
  • What are the differences and similarities in safety and security management and cultures in Seveso plants? How can safety and security management be linked?
  • How could threats caused by intentional cyber-physical interferences be better taken into account in Seveso plants?
  • How are cyber threats caused by digitalisation identified and taken into account when assessing and ensuring safety of a process plant? How is cyber-situational awareness of Seveso plants in European countries?
  • How could safety and security threats concerning major hazards be handled in an integrated manner? What are the benefits and drawbacks?

Scientific disciplines: chemistry/chemical engineering, computing/information science

Expected outputs

The expected results of this multidisciplinary research are an improved integrated safety and security management framework and guidelines for the Seveso plants, better insight into attitudes and preparedness of European process industries as regards cyber-physical security threats, guidelines and a set of specific tools for the identification of accident scenarios with intentional causes. The results will serve the needs of improving safety and security in 12.000 Seveso III industrial establishments in the European Union (http://ec.europa.eu/environment/seveso/). Moreover, regulators, senior managers, safety/ security experts, shop-floor workers in companies, and policy makers benefits from the results, which will be disseminated via seminars, blogs and events by SAFERA platform.

Workplan

WP 1 Integrated management of safety and security (VTT). The main objectives of WP1 are as follows:
  • Examine the existing relevant studies on integrated safety and security management
  • Identify the main differences and similarities in safety and security requirements, management and cultures
  • Develop a framework for management of safety and security of Seveso sites in an integrated and coordinated manner.
Scope. The study of integrated management of safety and security is conducted via document analysis and case studies. These activities include:
  • Collecting and reviewing studies on integrated safety and security management
  • Reviewing and synthetizing the documents on requirements for and management of safety and security
  • Case studies including interviews carried out in Finland, Italy and Netherlands
  • Benchmarking, and developing an integrated framework for safety and security management
WP 2 Attitudes and awareness of cyber-physical security threats in organizations (UCBM). The main objectives of WP2 are as follows:
  • Provide an overview of attitudes and awareness of employees in European industries (with a specific focus on Seveso plants) regarding vulnerabilities concerning their physical safety as a result of cyber physical security threats.
  • Supplement the qualitative results from WP1 with quantitative data to provide input for WP3
Scope. The study is conducted primarily through a survey based on existing knowledge within the consortium supplemented with an exploration of the literature and information gathered in WP1, with the aim to:
  • Collect information on attitudes and awareness of European industries as regards to vulnerabilities and threats concerning cyber physical security in relation to workplace safety.
  • Investigate the most common technical and organizational measures adopted to manage these vulnerabilities and threats;
  • Statistically analyse the collected data to emphasize common and critical aspects within and between European organisations.
The survey will primarily focus on Finnish, Italian and Dutch organisations.

WP 3 Security-related scenarios concerning intentional interferences (UniBO). The main objectives of the WP are as follows:
  • Derive lessons learnt from physical and cyber-physical security-related events reported for industrial facilities
  • Identify major accident scenarios related to physical and cyber-physical threats in Seveso sites
  • Develop a guideline for the framework for management of safety and security of Seveso sites in an integrated and coordinated manner.
Scope. The study of security-related scenarios in Seveso sites is carried out both by document analysis and by the use of specific methodologies for hazard identification, in part to be developed within the project. These activities include:
  • Analyzing security-related past events reported in open databases or in the literature
  • Assessing the awareness with respect to the potential hazard posed by physical and cyber-physical intrusions in Seveso plant
  • Applying specific technical methods and tools to the identification of physical and cyber-physical security-related major accident scenarios

Associated deliverables

The digitalisation trend in the process-industries bring with new safety and security challenges. Modern plants are constantly investing in automation, allowing plant to operate autonomously, to different degrees. For a long time, chemical plants were not connected to networks, and thus they were not designed with cybersecurity in mind. However, now the connections to information networks outside the plant are more and more common. As a result, cyberattacks launched against the safetycritical chemical industries can cause severe safety threats, in the worst case, trigger an explosion. The probability that computer networks and information systems belonging to such sectors is attacked - and successfully so - is now higher than ever. This document provides guidance on what to consider when designing and implementing integrated safety and security management in Seveso plants. The guidance cover different aspects of management including a) recognition of the context of organisation, b) leadership, c) planning, d) support, e) operation, f) performance evaluation and g) improvement. Integrated management refers to connecting, coordinating and combining safety and security management activities in order to exploit synergies and to resolve conflicts between them. Understanding and recognising their similarities and differences, and their intertwined nature is essential for carrying out integration. Integration may be implemented in structures and functions, and it promotes the creation of a new integrated culture, which also needs to be managed. The integration of activities requires motivation. The need is based on increasing cybersecurity threats concerning the plants involving major chemical hazards. The benefits of integration include convenience, improved safety and security performance, resource optimisation, and increased resilience. The potential activities, in which safety and security management could be combined include, for example, risk assessment, incident reporting, emergency management, change management and informing the public. Safety and security are intertwined domains, comprising both common and different aspects. Both specific safety and security knowledge and integrated management are needed. Simply combining and communicating between safety and security domains is not sufficient due to the intertwined and complex nature of present safety and security issues. A new integrative mind-set is required in the future.

Download deliverable

This is the final report summarises the main results of the research project on Integrated Management of Safety and Security Synergies in Seveso plants (SAF€RA 4STER). The objectives of the research project were the following: 1) To gain insights into synergies and tensions related to the management of safety and security in Seveso plants. 2) To find a solution to the challenge of managing safety and security in a coordinated manner. 3) To provide guidelines for managing safety and security in an integrated way in Seveso plants. 4) To provide tools for the identification of security scenarios triggered by malicious human intentions. The research data included literature reviews on concepts and management of safety, security, cybersecurity; interviews with regulators and safety and security experts on Seveso sites; analysis of past accidents induced by malicious human intent both in the form of physical security violence and cybersecurity interference, and survey on cybersecurity awareness and physical security awareness in companies. Past incident analysis showed that terrorism and cyberattacks were the most important threat categories for Seveso plants. Even though, past incident analysis showed that no major events occurred in chemical or petrochemical facilities due to cyber-attacks, they remain a relevant threat category, and worth paying attention to. This is because of the current trend towards growing digitalisation, automation and blurring boundaries between IT and operational technology (OT) systems in high-risk industries, makes OT systems vulnerable to cybersecurity attacks. Cybersecurity awareness in Seveso plants was reported to be at a good level. However, survey respondents had seen ignorance and negligence in their companies regarding cybersecurity. It is possible to create technological barriers, e.g., firewalls, anti-virus software, and to design IT systems so that they direct people to act securely without the need for people to make their own choices. Furthermore, human and organizational barriers, such as integrated management and safety and security culture, are needed. Institutional support to integrated management is weak. The Seveso directive does not require integration. Often cybersecurity is dealt with by IT department, and processsafety and cybersecurity risks are handled separately. These do not contribute to integration. The Responsible Care programme and Environment, Health and Safety and Security (EHS&S) management system adopted by many Seveso plants, do combine different standards into the same management system and thus they represent structural integration. However, they are not sufficient to tackle systemic risks, deriving from interconnectedness of technological and organisational systems and related risks. Integrated management would benefit from risk assessments, in which process-safety risks, physical security risks and cybersecurity risks and their significance would be examined together, e.g. in the same Hazop study. The integrated management would require deep understanding of systemic risks, and new safety and security thinking, and close collaboration between different safety and security experts. Both single plants and industrial parks would benefit from Integrated management.

Download deliverable

Participating researchers

Marja Ylönen (VTT, Finland) — project coordinator

Nadezhda Gotcheva (VTT, Finland)

Jouko Heikkilä (VTT, Finland)

Minna Nissilä (VTT, Finland)

Valerio Cozzani (School of Engineering, Bologna University, Italy)

Ernesto Salzano (School of Engineering, Bologna University, Italy)

Alessandro Tugnoli (School of Engineering, Bologna University, Italy)

Roberto Setola (Complex systems and security lab, University Campus Bio-Medico of Rome, Italy)

Gabriele Oliva (Complex systems and security lab, University Campus Bio-Medico of Rome, Italy)

Dolf Van der Beek (TNO, The Netherlands)

Steijn Wouter (TNO, The Netherlands)

Anne Jansen (TNO, The Netherlands)

Ingrid Raben (TNO, The Netherlands)

Funding organizations

Tukes (Finland)

FWEF (Finland)

INAIL (Italy)

More details

Duration 2018-11 to 2020-11
Contact email marja.ylonon@vtt.fr
More information http://www.vtt.fi/safera4ster

Information last updated on 2021-04-26.

Return to the list of projects.