Domestically, oil companies grapple with many of the same security issues as any business, such as preemployment screening and theft and fraud prevention, but we’ll focus here on a few significant concerns unique to the industry. They involve an innovation called floating production, storage, and offloading (FPSO) operations, especially in the Gulf of Mexico; the North American oil and gas pipeline infrastructure; and the newer , and highly scrutinized arena of liquid natural gas (LNG) terminals.
FPSO. FPSO operations are relatively standard field development systems in most of the oil-bearing parts of the world. One exception is the U.S. Outer Continental Shelf (OCS) including the Gulf of Mexico (GoM), where regulatory and security issues have to be addressed before FPSOs can be installed.
“There are a number of FPSOs in the world operating with approved International Ship and Port Security (ISPS) Code plans,” says Brad A. Robinson, president and CEO of Atropos International Corporation, a Texas-licensed security consulting and training organization, and a member of the ASIS Houston chapter.
But these plans “do not account for the security of mooring systems (turret and permanent), subsea systems, process equipment, pipelines, adjacent and connected facilities, or interaction with shuttle tankers and supply vessels,” he explains. Moreover, “the on-location operations are not accounted for with these plans, and there is currently no requirement in the ISPS code for compliance at this level,” Robinson adds.
Without international regulations defining baseline security standards for FPSOs, the United States has become the de facto regulatory pioneer for the security of these facilities. The Maritime Transportation Security Act of 2002 (MTSA) is the current U.S. security standard for vessels, facilities, and OCS facilities.
The problem is that “FPSOs do not fit well into MTSA, and after numerous discussions with potential FPSO operators, a need has been identified for specific guidance for the GoM,” says Robinson.
This guidance would need to include the total tank capacity, he notes. Overall, it would likely be a blend of the current vessel and OCS facility security practices.
Vessel security would presumably be implemented during transit, says Robinson, while OCS security would be employed on location. A security vulnerability assessment (SVA) should be conducted for each FPSO so that a security plan could be developed based on its operational modes and the supporting infrastructure. Plan implementation could be combined with a comprehensive training and exercise program to deter or mitigate security incidents.
Gulf of Mexico platforms. Another challenge for oil operations is securing offshore oil platforms. Various issues that must be addressed include securing the facilities that service the platforms, including landside and platform heliports, as well as securing support, preservation, and maintenance facilities; platform training facilities; and platform operations centers, explains Thomas Norman, CPP, PSP, CSC (Certified Security Consultant), principal of Protection Partners International and an ASIS International Oil, Gas and Chemical Industry Security Council member who serves as the 2007 ASIS Houston Chapter Treasurer.
Typical threats during calm seas include terrorism by sea and air, pirates, uninvited guests (such as fishermen), internal theft, and sabotage from contractors and employees. These threats are amplified following storm evacuation until the platform is repaired and reoccupied.
Good access controls are an essential security component. Access must be restricted to employees, authorized contractors and vendors, and other authorized personnel who need to be on site to support the mission. The specifics of access control vary for manned and unmanned platforms.
Manned platforms. A key element of manned platform security involves securing access to the platform at the boat docks. Helideck security is less of an issue as the landing of a helicopter on a platform is not an event easily missed by platform occupants, and there is, as of the date of this article, no record of attacks mounted from helicopters in U.S. waters. It is not unforeseeable that threats of this nature could emerge in the GoM as global tensions increase, however.
Electronic security components play a key role in securing manned platforms. Electronic security system elements include: Short range radar to identify vessels approaching the platform; vectored pan-tilt-zoom (PTZ) video cameras (best if integrated with short-range radar); situational awareness software (SAS), to provide a complete picture of where vessels are vis-à-vis the platform and other vessels, remote annunciation methods, including two-way marine radios and hailing systems, stand-off access-denial systems, including water monitors and long-range acoustic devices; close-in access-denial systems, including hardened-landing-dock gates and weapons (in waters where lethal options are warranted).
“Short-range radar systems are the key to early warning. Short-range radar can provide warning for vessels approaching from as much as 8 to 20 miles,” says Norman. These systems can be programmed and interfaced with SAS such that any vessel that vectors towards the platform will cause an audible alert. That, coupled with strategically located weather-resistant, high-resolution PTZ cameras, will ensure that security gets early notice of and a useful view of any approaching vessel, explains Norman.
“The vessel can then be hailed by marine radio from the platform. If the vessel does not respond, the crew will ready defensive measures,” he notes. These might begin with long-range audio hailing. Using LRAD™, a long-range acoustic device, an approaching vessel can be hailed from as much as 1,000 meters (nearly two-thirds of a mile). If the vessel does not respond, the same system can be used to send high-intensity acoustic waves at the vessel, creating a sound likely to make them want to retreat.
In waters where piracy or terrorism is a concern, ballistic weapons may be warranted as a last resort in the hands of properly trained personnel.
Unmanned platforms. Unmanned platforms present special challenges. Without staff on the platform, the arrival of helicopters and vessels could easily go unnoticed. However, regulations require that certain selected offshore platforms be secured against boarding and monitored on a regular basis.
Leading security methods include warning signage, access control methods, remote monitoring of platform alarms and video by satellite, helideck monitoring, vessel-landing-platform monitoring, and deck-occupancy monitoring.
The U.S. Coast Guard (USCG) stipulates specific warning signage to help ensure that offenders are warned away (this provision also applies to manned platforms). Thus trespassers cannot claim that they did not know what they were doing.
Access control measures may include pushbutton lock-lever-handle locks on robust vessel platform stair gates. Gates should be installed such that only special-forces trained personnel could climb around them.
Those gates should also be equipped with waterproof high-reliability door-position switches such that if the gate lock is forced, the opening of the gate will trigger an alarm. For power efficiency, the alarm system may be operated as an element of the SCADA system, using its inputs and outputs and communications path back to the platform operations center.
“Similarly, helideck access will be monitored by any of a variety of detection methods,” says Norman. “One method is to monitor activity on the helideck stairwell. This is one of the few locations that seagulls do not tend to occupy due to the obstruction of the handrails to bird flight. Marine-tested microwave alarms work well here if detuned to monitor only the width of the stairwell, halfway down,” he notes.
For unmanned platforms, Norman explains that fixed-cameras suffice as satellite latency may run as long as two seconds, while PTZ cameras require a five-second roundtrip.
Another consideration is the size of files being uploaded, because of the high satellite bandwidth costs. Cameras that can be programmed to issue one frame whenever bandwidth opens, using a jpeg image format are the optimal choice. “This minimizes data retransmission requests and makes best use of costly satellite bandwidth,” explains Norman.
Unmanned platform cameras also require supplementary infrared illumination as there are few lights at sea to illuminate the platform on a moonless night. Infrared illumination requires less power than visible lights and power is always at a premium on unmanned platforms.
These cameras should be aimed at the vessel platform in the area of the stairs and toward the helideck. Ideally, camera installation will provide additional monitoring of the platform itself.
Landside heliports. Heliport support facilities should be designed to standards specified by the Transportation Security Administration (TSA), with the same types of passenger and baggage screening for weapons, explosives, and drugs, and with similar holding areas and debriefing rooms as found in more traditional aviation environments. Baggage is typically separated from passengers at the security checkpoint. Conventional access control is used to secure the flight line and controlled areas of the heliport.
With regard to drug screening, it is best to have a pull-away area for random selection of passengers, with a discrete exit so that if an individual fails, he or she is not passed back into the normal passenger queue but rather sent out through the returning passenger exit queue.
An additional measure necessary for platform heliports is a secured smoking area, outdoors, but away from any area where items could be passed to individuals already cleared.
Ancillary facilities. Storage, preservation, and maintenance facilities are among the support facilities that need to be protected because their role in maintaining platform operations is critical.
Offshore platforms comprise hundreds of one-off design elements, the loss of any one of which could bring operations to a sudden and costly halt. Backups for virtually everything are stored and preserved at these support locations.
The security systems for these facilities are inordinately sophisticated compared to security at other types of warehouses due to the cost associated with the loss or damage of the items stored there. Typical security measures include thorough video coverage with video motion detection, alarm/access control, and remote alarm monitoring.
Staff training facilities, which may include everything from classrooms and simulation areas to associated residence halls, also need to be secured. The protection procedures and systems they require have much in common with any school security. Alarms, access controls, and video surveillance are all appropriate.
These systems are generally monitored locally but there is an established trend in the energy sector toward remote command centers where event-driven alarms from sites across a region or continent are reviewed; response decisions are then made remotely and personnel are dispatched as deemed appropriate.
Platform operation center. Platform operation centers (typically located on shore) are often combined with distribution operation centers and typically include both primary and business-continuity (emergency) backup centers. (Secondary backup would be at another location.) Key elements for security monitoring include integration of platform alarm systems with SCADA systems and independent video satellite communications systems.
Typically each platform is equipped with its own uplink and the downlink site (the operation center) is equipped with software that can select which site and cameras to view. Video software is best integrated with the SCADA alarm software such that the video from the platform where the alarm originates is automatically queued detection of an alarm.
At the most sophisticated level, the operation center personnel can respond by marine intercom via satellite to warn offenders away from the unmanned platform. Offenders who disregard the warning will be met by USCG personnel who will be more than happy to explain the law to the offender in a more comfortable setting (their brig).
Pipeline infrastructure. “Pipeline security managers grapple with three significant challenges, each of which is a resource issue at heart,” says ASIS International Houston Chapter member Chris Clark, an energy security consultant with Houston-based Secure Solutions International (SSI). They are justifying security budgets, allocating limited resources, and the very real management phenomena of corporate security managers shouldering multiple areas of responsibility in addition to the administration of the security program.
Security budgets. Security is often placed within a pipeline company’s environmental, health, and safety programs. The latter three programs are governed by a regimen of federal rules, but no such regulations apply to pipeline security, though detailed guidelines exist. In addition, the list of serious pipeline security incidents in the United States is exceptionally short. Both of these factors often make it difficult for pipeline security managers to justify their budgets to senior management.
Two issues help define and justify security budget requirements: regulators’ expectations and steps taken by peer companies. The TSA is actively addressing both of these issues for the pipeline industry through its program of Corporate Security Reviews (CSR).
TSA recently gave industry professionals a presentation titled “Pipeline Security Smart Practices,” which outlines the agency’s observations from the CSRs of more than 50 pipeline operators, notes Clark. “This information can be used by security managers to provide sound justifications for programmatic and site-specific security budgets.”
Resource allocation. A pipeline security manager is often responsible for securing hundreds of above-ground facilities whose operational importance, risk profiles, and physical sizes vary widely. For example, facilities along a crude oil pipeline system range from small-diameter pipes near remote production areas to high-volume pump stations to tank farms storing millions of barrels of oil.
“The number and variety of facilities along pipeline systems presents a significant challenge to security managers,” says Clark.
“Given the number of facilities along a pipeline system, installing basic countermeasures such as perimeter fencing and security lighting at all facilities can strain the budget of even a well-funded program. Electronic monitoring systems and access control systems are typically limited to high-risk pipeline facilities that are operationally critical,” Clark notes.
Job scope. In the pipeline world, rare is the security manager whose scope of responsibilities is limited to the security program. Security managers often wear two or even three additional hats—most commonly these include safety, pipeline integrity, or operations.
“Their inboxes are full and their best intentions to focus on security are often overtaken by the operational crisis-of-the-day,” says Clark. Therefore, pipeline security managers are often asked to develop and maintain security programs with a limited budget, with limited time, and with other responsibilities competing for attention.
LNG terminals. The industry expects a 750 percent increase in demand for LNG over the next 23 years. Clearly, meeting that demand requires a substantial investment in U.S.-based LNG terminal capacity. But energy companies must run a gantlet of regulations regarding security and safety before they can build a new terminal. Security managers have to help their companies meet these rules.
Further complicating the process is the additional concern over security that arises from the threat of terrorist attacks in a post-9-11 world. Design of an LNG terminal’s infrastructure must take this new threat into account, which increases capital outlays and operational costs over the life of the facility.
Primary jurisdiction for licensing shore-side LNG-terminal sites rests with the Federal Energy Regulatory Commission (FERC), while licensing for deep water facilities falls under the jurisdiction of the Department of Transportation (DOT) Marine Administration (MARAD) and the USCG.
Since February, 2004, FERC, the USCG, and the DOT have had an interagency agreement to provide for the comprehensive and coordinated review of land and marine safety and security issues at the nation’s LNG import terminals. Companies that wish to build new LNG terminals must, for example, work with the USCG on an exhaustive process for vetting all security-related risks and navigational hazards.
Before a company can proceed with the permitting process, it must obtain a letter of recommendation from the cognizant Captain of the Port for the proposed site of the new LNG terminal. Specific requirements for design and construction, equipment, operations, maintenance, personnel training, firefighting, and security are listed in the applicable regulation.
Another important issue that the applicants must address is how the LNG will be transported. The USCG has provided a Risk Management Quick Reference Tool (Enclosure 3 to NVIC 05-05), which gives specific guidance to security professionals to help them develop systems and procedures that will reduce the vulnerability of LNG tankers to damage, whether accidental or from an intentional attack.
Enclosure 3 is restricted in its distribution to parties that the USCG determines have a “need to know,” and disclosure of the Enclosure is controlled under 49 CFR Part 1520 as Sensitive Security Information (SSI). All parties with access to the document are compelled to sign a nondisclosure agreement with the USCG and are prohibited from disclosing the details of the document.
Risk assessments. Any company applying to build a new LNG terminal is required to complete a comprehensive risk assessment using a professionally recognized methodology supporting generally accepted risk-based decision-making standards. I have found the American Petroleum Institute and National Petroleum Refiners Association (API-NPRA) Security Vulnerability Assessment (SVA) Methodology for the Petroleum and Petrochemical Industries, Second Edition, published in October of 2004, to be a robust tool for this purpose.
The USCG permits latitude in an applicant’s selection of an SVA methodology. Security professionals involved in the application must document their professional credentials in the area of contribution. Applicants often use in-house security management professionals and outsourced security consultants as well as subject-matter experts to successfully complete the regulatory process.
LNG terminals in operation are also subject to other federal and state regulatory authorities, such as the Pipeline and Hazardous Materials Safety Administration (PHMSA).
Following a security breach at a Lynn, Massachusetts, Keyspan LNG storage facility, the PHMSA published a notice in the Federal Register (December 28, 2006), enumerating the lessons learned and prescribing steps that could be taken by other LNG terminal operators to avoid a similar incident.
That incident involved intruders who slipped through the fence undetected and took pictures of themselves with a banner standing on the storage tank stairwell. Fortunately, they demonstrated no terrorist intent, according to state authorities.
CCTV equipment at the facility recorded the incident, however, Keyspan Corp waited five days to report the incident to the relevant Massachusetts state authorities.
That delay led to a rebuke from U.S. Rep. Edward Markey, (D-MA) who was quoted in the Associated Press as commenting “This incident raises serious questions about the adequacy of the perimeter security and surveillance monitoring in place at this facility.”
Markey, a senior member of the House Homeland Security Committee and the House Energy and Commerce Committee, was further quoted as saying that “the stakes are too high to simply warn people to do better next time,” raising the specter of additional legislation governing security policies and procedures in this field.
What were the lessons learned from the incident? PHMSA recommends that LNG facility operators establish and follow these suggested practices and procedures to ensure that their security measures function as intended by the regulations and that security at their LNG plants is rigorous:
* Test systems thoroughly to verify that alarms work and that monitoring devices function as intended.
* Ensure that remotely stationed personnel are properly trained on the security procedures of each facility that they monitor.
* Determine whether personnel monitoring security for an LNG plant can realistically respond to security breaches in a timely manner.
* Update security procedures as needed to provide effective security at the LNG plant and to incorporate the most relevant threat information.
* Confirm that remote monitoring station personnel properly coordinate activities with those parties responsible for LNG plant facility security.
* Independently conduct audits of LNG plant security or carry out unannounced tests of security systems, procedures, and personnel.
LNG thus far has the finest safety record for transportation of any petroleum product. Despite this excellent safety record, area commercial interests and residents often oppose terminals because of security concerns related to terrorism. These concerns, whether founded or unfounded, may influence the disposition of a permit application. In fact, public opposition has been a factor in the termination of several proposed LNG terminal license applications.
Maintaining security from the pipeline to the pump has always been essential. Now that the energy sector has been named among the industries considered “critical infrastructure” in the war on terrorism, it is more important than ever for security professionals to try to achieve that objective.