Integrated Management of Safety and Security Synergies in Seveso Plants (SAF€RA 4STER)


The problem addressed

This project originates from the following problems highlighted in SAF€RA's 2018 call: the security threats deriving from terrorism, internal malevolence, leading more industry sectors to grapple with the challenge of managing security and safety concerns in a coordinated manner. Furthermore, digitalization creates new safety and security challenges, such as the TRITON virus, which recently attacked industrial Safety Instrumented Systems. Indeed, the security of industrial sites, and in particular the security of the chemical and process industry (Seveso plants), has become a matter of increasing concern in recent years. Besides, the convergence of safety and security issues is a potential cause for major accidents.

The objective of the study is to find solutions to the challenge of managing safety and security concerns in a coordinated manner, as well as to examine how impacts of digitalisation for safety and security of the plants are understood and identified.


Keywords: cybersecurity seveso

Research questions

The following three Research hypotheses are defined:

  • Despite tensions, significant synergies between safety and security management exist;
  • Security-related scenarios concerning intentional acts are not adequately considered in documentation following up the Seveso Directive;
  • Many companies in European process industry lack adequate control measures as regards cyber security and cyber-attacks.
Research questions are as follows:
  • What are the differences and similarities in safety and security management and cultures in Seveso plants? How can safety and security management be linked?
  • How could threats caused by intentional cyber-physical interferences be better taken into account in Seveso plants?
  • How are cyber threats caused by digitalisation identified and taken into account when assessing and ensuring safety of a process plant? How is cyber-situational awareness of Seveso plants in European countries?
  • How could safety and security threats concerning major hazards be handled in an integrated manner? What are the benefits and drawbacks?

Scientific disciplines: chemistry/chemical engineering, computing/information science

Expected outputs

The expected results of this multidisciplinary research are an improved integrated safety and security management framework and guidelines for the Seveso plants, better insight into attitudes and preparedness of European process industries as regards cyber-physical security threats, guidelines and a set of specific tools for the identification of accident scenarios with intentional causes.

The results will serve the needs of improving safety and security in 12.000 Seveso III industrial establishments in the European Union (http://ec.europa.eu/environment/seveso/). Moreover, regulators, senior managers, safety/ security experts, shop-floor workers in companies, and policy makers benefits from the results, which will be disseminated via seminars, blogs and events by SAFERA platform.


Workplan

WP 1 Integrated management of safety and security (VTT).

The main objectives of WP1 are as follows:

  • Examine the existing relevant studies on integrated safety and security management

  • Identify the main differences and similarities in safety and security requirements, management and cultures

  • Develop a framework for management of safety and security of Seveso sites in an integrated and coordinated manner.

Scope. The study of integrated management of safety and security is conducted via document analysis and case studies. These activities include:

  • Collecting and reviewing studies on integrated safety and security management

  • Reviewing and synthetizing the documents on requirements for and management of safety and security

  • Case studies including interviews carried out in Finland, Italy and Netherlands

  • Benchmarking, and developing an integrated framework for safety and security management

WP 2 Attitudes and awareness of cyber-physical security threats in organizations (UCBM).

The main objectives of WP2 are as follows:

  • Provide an overview of attitudes and awareness of employees in European industries (with a specific focus on Seveso plants) regarding vulnerabilities concerning their physical safety as a result of cyber physical security threats.

  • Supplement the qualitative results from WP1 with quantitative data to provide input for WP3

Scope. The study is conducted primarily through a survey based on existing knowledge within the consortium supplemented with an exploration of the literature and information gathered in WP1, with the aim to:

  • Collect information on attitudes and awareness of European industries as regards to vulnerabilities and threats concerning cyber physical security in relation to workplace safety.

  • Investigate the most common technical and organizational measures adopted to manage these vulnerabilities and threats;

  • Statistically analyse the collected data to emphasize common and critical aspects within and between European organisations.

The survey will primarily focus on Finnish, Italian and Dutch organisations.


WP 3 Security-related scenarios concerning intentional interferences (UniBO).

The main objectives of the WP are as follows:

  • Derive lessons learnt from physical and cyber-physical security-related events reported for industrial facilities

  • Identify major accident scenarios related to physical and cyber-physical threats in Seveso sites

  • Develop a guideline for the framework for management of safety and security of Seveso sites in an integrated and coordinated manner.

Scope. The study of security-related scenarios in Seveso sites is carried out both by document analysis and by the use of specific methodologies for hazard identification, in part to be developed within the project. These activities include:

  • Analyzing security-related past events reported in open databases or in the literature

  • Assessing the awareness with respect to the potential hazard posed by physical and cyber-physical intrusions in Seveso plant

  • Applying specific technical methods and tools to the identification of physical and cyber-physical security-related major accident scenarios


Participating researchers

Marja Ylönen (VTT, Finland) — project coordinator

Nadezhda Gotcheva (VTT, Finland)

Jouko Heikkilä (VTT, Finland)

Minna Nissilä (VTT, Finland)

Valerio Cozzani (School of Engineering, Bologna University, Italy)

Ernesto Salzano (School of Engineering, Bologna University, Italy)

Alessandro Tugnoli (School of Engineering, Bologna University, Italy)

Roberto Setola (Complex systems and security lab, University Campus Bio-Medico of Rome, Italy)

Gabriele Oliva (Complex systems and security lab, University Campus Bio-Medico of Rome, Italy)

Dolf Van der Beek (TNO, The Netherlands)

Steijn Wouter (TNO, The Netherlands)

Anne Jansen (TNO, The Netherlands)

Ingrid Raben (TNO, The Netherlands)

Funding organizations

Tukes (Finland)

FWEF (Finland)

INAIL (Italy)

More details

Duration 2018-11 to 2020-11
Contact email marja.ylonon@vtt.fr
More information

Information last updated on 2019-04-02.

Return to the list of projects.