I’ve really been enjoying PJ Coyle’s Chemical Facility Security News blog the last few months. An entry this week on the Chemical Security Board’s Inherently Safer Technology tied into one of my entries earlier this week on MTTR. Here are the key paragraphs to the analogy:
First off, inherently safer technology (IST) has always been a safety technique. That fact is explicit in the name as well as in how the concept was developed by the chemical safety community. Even the people that insist that the concept has application to security for high-risk chemical facilities acknowledge that this is a safety issue. They argue that, if chemical processes at a high-risk facility were made inherently safer, then the facility would not be a potential terrorist target. Or, at least, it would be at a lower risk for being targeted.
Actually, the most vocal proponents mandating IST provisions in the renewal of CFATS authority are not as concerned about a terrorist attack causing a toxic release, as they are concerned about the potential for a toxic release from any cause. They certainly have a point since, extrapolating from recent history, an accidental release is more likely than a terrorist caused release. The cause of the release is not really important to most of the IST proponents.
There have been a number of efforts trying to come up with approaches and metrics in security that mirror the way things are done in safety. Most have focused on putting up technical and administrative controls to try to come up with a Safety Assurance Level, similar to SIL’s in safety. However maybe the better approach is to mimic IST and try to find ways to limit the impact of a successful cyber attack. Would that make the control system less of a target?
Reducing the mean time to recovery [MTTR] would be one way of achieving this. It would reduce the impact of an attack. Some critical infrastructure sectors can live with a short outage of the control system, others cannot.
Another way would be to focus on detection, not just of attacks but of anything that is causing a degradation in the control systems ability to operate properly. Much like there is a concern of toxic release from any cause, many of the active voices in our community insist that a cyber attack is less of a risk than just poor cyber practices by those not trying to attack the system.