nmiotc lng-david incertis
Post on 24-Feb-2018
215 Views
Preview:
TRANSCRIPT
-
7/25/2019 NMIOTC LNG-David Incertis
1/30
6thNMIOTCAnnual Conference 2015
4thJune 2015
Risks and
Interdependencies
in the LNG Supply
ChainA methodology for Risk Assessment
-
7/25/2019 NMIOTC LNG-David Incertis
2/30
LNG compresses 1/600 of its volume
-
7/25/2019 NMIOTC LNG-David Incertis
3/30
-
7/25/2019 NMIOTC LNG-David Incertis
4/30
NATURAL GAS FIELD
CHONGQING(CHINA), 23 DECEMBER2003, 234KILLED, 500 INJURED
PIPELINE
GHISLENGHIEN (BELGIUM), 30 JULY2004, 24KILLED, 150 INJURED
PROCESSING PLANT
VARANUSISLAND(AUSTRALIA), 0 KILLED, 0 INJURED, AUSTRALIANGASCRISIS
STORAGE TANK
EAST
OHIO
GAS
COMPANY
(USA), 20 OCTOBER
1944, 128KILLED
, 400INJURED
LOADING PORT
SKIKDALNG PLANT(ALGERIA), 19 JANUARY2004 , 30KILLED, 72 INJURED
-
7/25/2019 NMIOTC LNG-David Incertis
5/30
STORAGE TANK
-
7/25/2019 NMIOTC LNG-David Incertis
6/30
STORAGE TANK
-
7/25/2019 NMIOTC LNG-David Incertis
7/30
STORAGE TANK
-
7/25/2019 NMIOTC LNG-David Incertis
8/30
LIQUEFCTION PLANT (LOADING PORT)
-
7/25/2019 NMIOTC LNG-David Incertis
9/30
LIQUEFCTION PLANT (LOADING PORT)
-
7/25/2019 NMIOTC LNG-David Incertis
10/30
PROCESSING PLANT
-
7/25/2019 NMIOTC LNG-David Incertis
11/30
PIPELINE
-
7/25/2019 NMIOTC LNG-David Incertis
12/30
GAS FIELD
-
7/25/2019 NMIOTC LNG-David Incertis
13/30
NEVERWHY?
LNG TANKER
-
7/25/2019 NMIOTC LNG-David Incertis
14/30
NO BLEVE
NO FLOATING BOMB
LNG DOES NOT EXPLODE OR BURNLNG CARRIERS ARE ROBUST
LNG TANKER
-
7/25/2019 NMIOTC LNG-David Incertis
15/30
-
7/25/2019 NMIOTC LNG-David Incertis
16/30
Collision
-
7/25/2019 NMIOTC LNG-David Incertis
17/30
Terrorist attack
-
7/25/2019 NMIOTC LNG-David Incertis
18/30
Link/actor
Flow ModelLiquefaction plant Physical
Seller/carrier/shipper Cyber
Local Agent Cyber
Ship agent Cyber
Insurance company Cyber
Loading port
Physical
Shipowner/ ship agent Cyber
Sea Transportation Physical
Port Services Cyber
Unloading port Physical
Customs
CyberPort Authority Cyber
Buyer/importer Cyber
Regasification Physical
Storage Physical
Distribution Physical
Bank
Cyber
Supply chainactors / nodes
-
7/25/2019 NMIOTC LNG-David Incertis
19/30
Design criteria
HOLISTICVIEWOFTHESUPPLYCHAIN
COLLABORATIVEMETHODOLOGY
COMPLIANCEWITHSTANDARDS
-
7/25/2019 NMIOTC LNG-David Incertis
20/30
Methodology Steps
STEP 0 Scope of the SC Risk Assessment
STEP 1Analysis of the Supply Chain Service (SCS)
STEP 2 Supply Chain Threat Scenario Identification
STEP 3Assess the expected likelihood for all Threat Scenarios
STEP 4Assess the consequence of each Threat Scenario for each node
STEP 5Assess the risk for each examined Threat Scenario
STEP 6Assess the risk of cascading threats for all Threat Scenarios
STEP 7 Selection of appropriate security controls
-
7/25/2019 NMIOTC LNG-David Incertis
21/30
Threat Scenarios for LNG suply chain
SCENARIO1: Berth unavailability and stop of operationsdue to coordinated bombing of docks, bridges andother important infrastructure at the loading port while
loading a LNG tanker.
-
7/25/2019 NMIOTC LNG-David Incertis
22/30
Threat Scenarios for LNG suply chain
SCENARIO2: LNG tanker is hijacked by pirates during itsvoyage producing a long delay in the supply,compromising the LNG stock at the destination in themiddle of several cold waves which have increased
the demand.
-
7/25/2019 NMIOTC LNG-David Incertis
23/30
Threat Scenarios for LNG suply chain
SCENARIO3: A delay occurs during the vaporizationprocess phase at the unloading port due to damageto critical infrastructure in vaporization/storage
terminal area (sabotage?).
https://youtu.be/h-EY82cVKuA
-
7/25/2019 NMIOTC LNG-David Incertis
24/30
Threat Scenarios for LNG suply chain
SCENARIO4: A hacker enters in the PCS in order tosteal bank accounting information and other sensitiveinformation from the importer.
-
7/25/2019 NMIOTC LNG-David Incertis
25/30
Categorization of threats
Liquefaction plant TC-1: Infrastructure Threats
TC-2: Information & ICT Threats
TC-3: Personnel Security & Safety
Threats
TS4-1: Intrude and/or take control
of an asset
TS4-3: Cargo Integrity
TS4-4: Unauthorized use
Loading in LNG tankers
TC-1: Infrastructure ThreatsTC-2: Information & ICT Threats
TC-3: Personnel Security & Safety
Threats
TC-4: Goods and Conveyance
Security Threats
Unloading
TC-1: Infrastructure Threats
TC-3: Personnel Security &
Safety Threats
TC-4: Goods and Conveyance
Security Threats
Regasification (vaporization)
TC-1: Infrastructure Threats
TC-2: Information & ICT
Threats
TC-3: Personnel Security &Safety Threats
TS4-1: Intrude and/or take
control of an asset
TS4-3: Cargo Integrity
TS4-4: Unauthorized use
Storage TC-1: Infrastructure Threats
TC-2: Information & ICT Threats
TC-3: Personnel Security &
Safety Threats
TS4-1: Intrude and/or take
control of an asset
TS4-3: Cargo Integrity
TS4-4: Unauthorized use
Distribution TC-1: Infrastructure Threats
TC-2: Information & ICT Threats
TC-3: Personnel Security &
Safety Threats
TS4-1: Intrude and/or take
control of an assetTS4-3: Cargo Integrity
TS4-4: Unauthorized use
TS4-5: Goods and Conveyance
misuse
Seller/Carrier/Shipper TS1-1: Destroy critical SC
Infrastructure
TS1-2: Unauthorized access to
SC Infrastructures
TC-3: Personnel Security &
Safety Threats
TS4-4: Unauthorized use
Exportation formalities
through local agent
TS3-1: People under attack
TC-2: Information & ICT Threats
TC-4: Goods and Conveyance
Security Threats
Bill of lading and cargo manifest
to ship agent
TC-2: Information & ICT Threats
TC-4: Goods and Conveyance
Security Threats
-
7/25/2019 NMIOTC LNG-David Incertis
26/30
Modeling Interdependencies
A B C D E F G H I J
A
1
1
2
2
2
2
2
2
B 1 22 3
42
2 3
42 3 2
C 2 1 2 3 2 2 1 2 2 2
D
2
1 2
2
1
2
E
1 23 4 1 23 4 2 34 2
3 1 2
F 2 2 1 2 2 2 2
G1 23 4
2 1 22 34
2 3 2
H
2
2
2
2
2
2
2
2
I 2 2 2 2
J
2
2
2
2
A = Gas trading Company/ shipper/ importerB = Gas producer/ liquefaction plantC = Ship agent/ ownerD = Public AdministrationsE = Port Authority / port servicesF = Customs AuthorityG = Regasification /Distr. CompanyH = Local AgentI = Insurance Company
J = Banks
1 - Access to cyber-systems2 - Interaction with cyber-systems3 - Access to physical facilities4 - Usage of physical facilities
Nodei.
Directed edgei j.
Dependency: D(i, j) = 1, 2, 3 or 4
Order: order(i,
j) = min( {|path(
i,
j)|} )
-
7/25/2019 NMIOTC LNG-David Incertis
27/30
Applying the methodology
0= LIQUEFACTIONPLANT
1= SHIPAGENT/ OWNER
2= PORTAUTHORITY/ PORTSERVICES
3= TRADINGCOMPANY/ IMPORTER
4= LOCALAGENT
5= CUSTOMS
6= PUBLICADMINISTRATIONS
J=
0 = 11 = 12 = 13 = 0,54 = 0,255 = 0,56 = 0,25j =
D(0, 1) = 1D(1, 2) = 1, 2, 3, 4D(2, 3) = D(3, 4) = 2D(1, 0) = 2, 3, 4D(2, 1) = 2D(2, 0) = 2, 3, 4
Applying standardsISO 28000
ISO 27001
ISPS CODE
-
7/25/2019 NMIOTC LNG-David Incertis
28/30
Applying the methodology
Threatsecenarios
Likelihood of
threats
Consequences
Risk values foreach scenario
Risk ofcascading
threats
Selection of
securitycontrols
1
2
3
4
5
6
-
7/25/2019 NMIOTC LNG-David Incertis
29/30
LNG supply chain hazards focused on terrorist attacks, systemshacking, etc
LNG carriers are not prone to ignite or explode accidentally
LNG supply chain model proposed
SC RA Methodology addressed to assess risks in supply chains
SC RA Methodology considers cascading effects
Graph analysis and establishment of interdependencies
Availability of a computer tool for assessing supply chain risks:
Identifies the critical path of interdependencies
Visualizes critical risk levels and probabilities
Proposes security controls
-
7/25/2019 NMIOTC LNG-David Incertis
30/30
David Incertis JarilloProject Manager: Port /Maritime Security and Safety Issues
FEPORTSPort Institute for Studies and Cooperation
dincertis@feports-cv.org
Rafael Company PerisProject Manager: Research, Development & Innovation
Valenciaport Foundation
rcompany@fundacion.valenciaport.com
top related