This case involved a major semiconductor manufacturing plant whose security consisted of standard locks and a limited electronic access control system, which were not well maintained. There was also a guard sitting in the front lobby checking the photo identification of entering employees.
Wishing to improve security, the company retained a vendor/consultant that recommended the installation of hundreds of CCTV cameras. The company was also considering a perimeter fence system with motion detectors attached.
Sandia was introduced to the manufacturer’s plight serendipitously, having been working with a proposed consortium of chip manufacturers of which that specific manufacturer was a member. That company happened to be in the middle of a security review at the time, and a representative asked Sandia to help the company.
When the Sandia team helped the plant perform consequence analysis as a component of a security evaluation, it noted that neither the company nor the vendor had analyzed the risks before determining what should be done. The company simply said it wanted to beef up access controls and intrusion detection. The design was not goals driven; it was not focused on what would need to be protected.
Sandia, therefore, examined the company’s assets and threat profile, assessing probabilities and consequences of loss for each type of threat or asset. It also looked at existing security and considered the proposed camera and intrusion systems and how those would address the threat exposures.
Assessment. One of the biggest (highest consequence) threats facing the company was theft of proprietary information. For example, because of the highly competitive nature of the semiconductor industry, the loss of formulas and other proprietary information could be devastating. This was clearly a high-consequence threat, though one viewed as low-probability. Another significant threat was workplace violence, an increasing possibility given the company’s imminent layoffs at the time of the assessment.
Sabotage of production equipment was also placed in the high-consequence category. Specifically, sabotage of production equipment by employees and contractors, especially activity that would take down the facility for more than 48 hours, was determined to be of high consequence and medium probability.
The team identified and assessed this risk by looking through several years of incident reports for the facility, noting a recurring problem with ex-employees and contractors trying to sabotage equipment. Before the consequence analysis, this risk had been largely ignored.
In addition, the consequence analysis identified several potential targets of sabotage that had not previously been considered. For example, a water processing facility located outside of the main plant proved to be a vulnerable target, as did a critical-component storage area, the manufacturing control room, and the fiber-optic communication system.
Political demonstration by environmental activists was deemed a low-consequence, low-probability threat. Although concerns about the plant’s use of water in a water-scarce environment raised the prospect of environmental protests outside the gates of the facility, the plant had a generally good relationship in the city in which it was located,. Protests, if they did occur, might slow employee movement in and out of the building, and possibly inhibit delivery of goods to the receiving area, but they were unlikely to be serious enough that they could threaten operations or profits.
Theft of personal property and of company tools and equipment was common, but with little overall loss to corporate profitability, so it was assessed as low consequence, high probability. In both of these low-consequence threat cases, it was determined, the company’s limited security resources could be better applied elsewhere.
Exposure. The protection elements of the facility were input into a computer modeling program and an analysis of the ten most vulnerable paths was conducted. The analysis found that the manufacturer had only a 19 percent chance of interrupting a sabotage attack along the most vulnerable path.
Recommendation. To address the company’s specific high-consequence threats, Sandia made a series of recommendations. They included such basic access control measures as locking exterior doors, getting staff to stop propping open doors, limiting who could enter the control center, and adding PIN numbers to the limited card reader system at the facility, none of which entailed big budget expenses. Sandia also recommended better maintenance and testing of systems already in place. For example, tamper switches were present at junction boxes but were never tested. (It should be noted that at least part of the solution for any company is to implement good policies and to enforce good employee behavior, without which the expensive equipment won’t work.)
With regard to equipment, Sandia recommended upgrading the alarm system, because the current setup was inefficient. It was solely text-based, and it mixed security and safety events, making it hard for operators to quickly differentiate between a security alarm and accidents. In conjunction with upgrading the alarm system, Sandia also recommended having the life safety and security systems operate independently, so an operator could more easily spot important security events.
With regard to cameras, Sandia recommended fewer cameras that would be more strategically placed and tied to sensors, so that activity would trigger an alarm. (The original plan had not called for the cameras to be tied to sensors.) Sandia further recommended that the company not have the perimeter fence built, because the facility already had adequate detection capability.
By not investing in the perimeter fencing and extra CCTV cameras, sensors, and lighting, the facility saved about $600,000. A reanalysis using the computer model and incorporating recommended changes showed that the same sabotage path now had a 92 percent chance of being interrupted. Thus, consequence analysis yielded a solution that was both more effective and less expensive.