A Systems Engineering Approach to Physical Security of Oil & Gas Installations

A fundamental challenge facing security professionals is preventing loss; be that asset, production, or third-party losses. This is not dissimilar to what safety professionals have to face. Techniques and methodologies used by the safety professionals could potentially benefit the security experts. Physical security is about taking physical measures to protect personnel and prevent unauthorized access to installations, material, and documents, which also include protection against sabotage, willful damage, and theft. The characteristics of physical security controls include measures for deterrence, detection, delay, and responses aimed at risk mitigation and enhanced operational effectiveness. This paper outlines a systems engineering framework for implementing security goals, which are suitable for meeting the challenge of providing physical security for complex systems, which includes oil and gas facilities. The proposed framework builds security requirements into system requirements and moves it in parallel with the system development for the entire system’s life cycle; particularly during the concept and design phases. This is a top-down process for use by a multidisciplinary team of security, operations, and industry experts to identify and prevent the system from entering into vulnerable states which could lead to losses. This framework shifts the focus of the security analysis away from threats, being the immediate cause of losses, and focuses instead on the barriers, i.e. safeguards that prevent systems from entering into vulnerable states, which would allow an unfolding event to disrupt the system leading to loses. The need for such a method comes from the recent experience of the securing complex systems that combine a large amount of hardware, software hazardous materials, and control elements. The method takes advantage of systems engineering and encourages the use of goalbased security requirements instead of using a strict prescriptive approach that is common among security professionals. Using this framework helps both to identify threats associated with the system, as well as weak points within the system. This framework also encourages communication between the security professional, safety engineers, and system designers. This paper draws from the existing literature as listed in the references.