In Depth Hazards and Security Analysis for an Industrial Test Enclave for Methods Testing and Validation

One of the challenges facing safety and security assessments is that when incident and accident investigations are made and the incident scenario described in detail, the scenario seldom matches those identified in risk analyses. There are several reasons for this. The main ones are that the hazards identified by risk analysis are usually prevented; and that the methods used for hazard identification do not sufficiently cover the range of problems which can arise in complex systems.

The OECD Halden Reactor Project has developed and constructed an industrial automation enclave [1] intended for detailed investigation of safety and security analysis methods. The installations is described as an enclave because it is isolated from possible outside influences, and more importantly, cannot affect/infect external systems when investigating security attacks.

The part of the project described here covers in depth risk analyses using methods intended for in depth safety analysis at the level where system weaknesses can exist. The methods so far tested are in deep FMEA, deep HAZID, HAZOP with lessons learned support, sneak path analysis, action error analysis of start-up and maintenance procedures, and system simulation with fault insertion for emergent hazards.

Several techniques for security assessment have also been applied, including security sneak path analysis.The studies show the extent to which completeness depends on the use of combinations of methods, and the degree of coverage which can be achieved.