Welcome to the new Energy Central — same great community, now with a smoother experience. To login, use your Energy Central email and reset your password.

Home
Christopher Ott
Christopher Ott
 · Posted in Home

How to create a Design Basis Threat for physical security

Securing every Power station as if it was for Knox is not financially feasible for most utilities.

Physical security upgrades are very similar to insurance. Expecting a return on your investment is hard to quantify, but these can help insure you are reducing your risk profile.

Creating a risk matrix can help establish which locations need a serious look at the protections and defense in place or planned.
Once your risk matrix identifies the most critical locations in a tier level approach, running each through a DBT process is the start of your physical security plan. This is a very simple templated format on how to create a DBT and should be looked at by a team of people in your company before sign off.

Facility Name: 

Date of Assessment: 

Assessment Team: 

1. Executive Summary

Provide a brief overview of the DBT, its purpose, and the key findings of the threat assessment.

2. Threat Assessment

2.1 Threat Categories

Identify and describe the categories of threats that the facility may face. Common categories include, but not limited to: 

  • Terrorism: Describe the potential for terrorist activities and groups that may target the facility. This may include domestic or foreign actors.
  • Sabotage: Assess the likelihood of intentional damage or disruption by external or internal actors.
  • Espionage: Evaluate the risk of espionage or information theft.
  • Criminal Activity: Analyze the risk of criminal activities, such as theft, vandalism, or cyberattacks.
  • Insider Threat: Assess the potential for threats from within the organization.

 

 

2.2 Threat Actors

Identify potential threat actors and their capabilities. Include information about known terrorist groups, criminal organizations, and any insider threats.

2.3 Threat Scenarios

Describe specific threat scenarios, including the methods, tactics, and objectives that threat actors might employ

2.2 Threat Actors

Identify potential threat actors and their capabilities. Include information about known terrorist groups, criminal organizations, and any insider threats.

2.3 Threat Scenarios

Describe specific threat scenarios, including the methods, tactics, and objectives that threat actors might employ.

 

3. Vulnerability Assessment

Consider fence type, material and age

Lighting considerations: Fence line, assets, surrounding area

Ease of access of surrounding area to property

Rate of vehicle approach possibility

3.1 Physical Security

Evaluate the facility's physical security measures, including access control, perimeter security, and security infrastructure. Identify vulnerabilities and weaknesses.

3.2 Cybersecurity

Assess the facility's cybersecurity posture, including network security, data protection, and the resilience of critical systems to cyberattacks.

3.3 Personnel Security

Evaluate the effectiveness of personnel security measures, including background checks, training, and awareness programs.

3.4 Operational Security

Analyze operational procedures and protocols to identify potential vulnerabilities and gaps in security.

4. Consequence Assessment

Assess the potential consequences of a successful attack or security breach, including human casualties, environmental damage, economic impact, and damage to the facility's reputation.

5. Risk Assessment

5.1 Risk Matrix

Create a risk matrix that combines the assessed threat likelihood and consequence severity to determine the overall risk levels for different threat scenarios.

5.2 Risk Mitigation Measures

Recommend risk mitigation measures to reduce the identified risks. Include both immediate and long-term strategies for enhancing security.

6. Emergency Response and Recovery

Outline emergency response and recovery plans and procedures for each threat scenario. Include communication protocols, evacuation plans, and resource allocation.

7. Document Revision

Specify a schedule for reviewing and updating the DBT to ensure it remains relevant and effective in addressing evolving threats.

8. Approval

Provide spaces for signatures and approval by relevant stakeholders, including facility management, security personnel, operations/maintenance, and external agencies if applicable.