Best Practices

Terrorism & Safety

By James J. Thatcher

The safety profession has been profoundly affected by the events of Sept. 11, 2001. For thousands of years, terrorism has been employed by governments and those committed to destroying them. The agents of Osama bin Ladin's al Qaeda network merely combined the most effective tactics of the past 3 decades. All evidence suggests that these tactics will be used again if the opportunity presents itself.

Sept. 11 has changed our lives forever and in ways we are just now realizing. We do not feel as secure as we once did, and we now may actually feel threatened physically as well as emotionally, even though it has been more than 10 years since the twin towers fell, and planes crashed in a Pennsylvania field and into the Pentagon. We still feel uneasy.

Personal freedoms have certainly suffered since Sept. 11, and the increased cost of doing business, the cost of living, and the cost of new and future regulations have taken their toll. All of this has and will continue to affect daily life.

We must now ensure that those who deliver our packages, materials and equipment are who they say they are. Background checks have become an important tool. But, what kind of checks should we conduct? None of the Sept. 11 hijackers had a criminal record, yet there is a feeling that somehow criminal checks on people will do the trick.

Verifying a person's identification can be accomplished by requiring three forms of ID:

1. a driver's license;
2. a company ID card with a photo;
3. a credit card.

With these three levels of ID, one can be reasonably certain that an individual is who s/he says s/he is. If there is a doubt, call the company s/he represents to verify employment.

Safety professionals must help minimize the threat that such tactics employ. As a discipline, the safety function has been steadily assimilating the security aspects of what it means to be safe within the work environment.

With the increase of workplace violence, acts of aggression by employees, family members, customers, clients, visitors and even neighbors, safety professionals have had to increase their knowledge of security and incorporate that knowledge as an integral part of their safety responsibilities. Gone are the days of security being guards at the gate with a wave through to enter a facility.

With the increased risk of terrorism, the physical protection of a facility has become the focal point of achieving an acceptable level of safety within the confines of a facility, as well as keeping the employees safe while performing their daily tasks. Safety professionals have had to expand their outlook to consider engineering safeguards, procedural methodologies and structural barriers, as well as ways to minimize the threat of biohazards, chemical hazards, software hazards and even weapons of mass destruction.

Facility security is needed to guard against external threats, such as terrorism and sabotage. Additionally, facility security should protect against internal threats such as workplace violence. A well-planned security program will encompass numerous efforts, with special attention to these steps:

• Screen personnel and perform background checks.
• Train security professionals and in-house staff.
• Prevent unauthorized entry and controlling access.
• Actively and effectively safeguard sensitive materials.
• Inspect security controls and audits.
• Establish levels of accountability.
• Enforce and authorize.
• Control chemical disposal efforts.
• Develop access restrictions, and control movement within a facility.
• Continuously evaluate and monitor personnel and sensitive areas.
• Develop education programs in information security.
• Apply security techniques, devices, procedures and policies.

Terrorism Defined

How is terrorism defined, and by whom? The following examples should help determine whether an act of terrorism has been committed rather than an act of workplace violence or sabotage.

The Federal Bureau of Investigation (FBI) defines terrorism as violent or criminal acts against a civilian population for the purpose of coercion and promoting a political cause or agenda. The U.S. Department of Defense says it is the calculated use of unlawful violence or threat of unlawful violence to inculcate fear; intended to coerce or intimidate governments or societies in the pursuit of goals that are generally political, religious or ideological.

Security Management System

The following list suggests some elements that might be incorporated into a company's security management system. Some companies might need more elements than these, depending on the type of industry and the product produced, but the oil and gas industry should do well with those listed here.

• threat assessment and vulnerability surveys and checklists;
• written security policy;
• collaboration with corporate or division departments and with local law enforcement agencies, local emergency planning committees and the FBI;
• security incident reporting system;
• employee training in security awareness;
• emergency response and crisis management;
• periodic assessment of the security plan for physical security (e.g., access control, perimeter protection, intrusion detection, security officers, ongoing testing and maintenance, backup systems, camera systems, GPS systems real-time monitoring where applicable);
• workplace violence prevention and response;
• information, computer and network security.

Initial Planning

The first step in constructing a solid security program is to conduct a threat/vulnerability assessment. One common and recommended assessment tool for hazardous processes is a process security assessment (PSA). This is different from a process hazard assessment (PHA), although it is recommended to conduct a PHA when hazardous chemicals are involved.

A PSA uses the same methodology as a PHA, but its purpose is to prevent and mitigate a hazard caused by intentional or criminal acts. These activities can include acts of terrorism, vandalism, sabotage or workplace violence.

Keep in mind the difference between the phrases intentional or criminal acts versus accidental release scenario. In an accidental release scenario, the key factor is why it occurred. In the intentional or criminal act scenario, the reason for the assessment is to identify who could cause it and how to protect against its occurrence.

Facility security, just like design, operations and maintenance functions, is a necessary part of the management system to safely conduct operations.

Homeland Security National Response Plan

In December 2004, Homeland Security published the National Response Plan (NRP). It is an all-discipline, all-hazards plan that establishes a single, comprehensive framework for the management of domestic incidents. It provides the structure and mechanisms for the coordination of federal support to state, local and tribal incident managers, and for exercising direct federal authorities and responsibilities.

The NRP assists in the important homeland security mission to prevent terrorist attacks within the U.S.; reduce the vulnerability to all natural and man-made hazards; and minimize the damage and assist in the recovery from any incident that occurs. Under the concept of command and control, the FBI is the lead agency for criminal investigations of terrorist acts, threats and intelligence collection activities within the U.S.

Joint Operations Center

Joint operations center (JOC) is an interagency command-and-control center for managing multiagency preparation for, and the law enforcement and investigative response to, a credible threat or incident.

National Incident Management System

National Incident Management System provides the framework within which the incident command system (ICS) and JOC structures operate for a unified approach to domestic incident management. In cases of terrorism, expect to be overwhelmed with help from the federal government, and sometimes, even local law enforcement.

In these events, it becomes the employer's role to provide support service that is requested by federal agents. These situations are not typical to what an employer usually does (e.g., takes charge of the situation, establishes one's own command-and-control center, asks for help from the local fire or law enforcement as required).

In a terrorist attack or threat, federal agents are the command and control. But, an employer can still be prepared and take an extensive look at the existing emergency response and evacuation plans. If a terrorist incident occurs within or outside a work site, an effective evacuation plan increases the likelihood that employees, on-site contractors and visitors will reach shelter safely.

Most companies already have an emergency action plan developed in compliance with 29 CFR 1910.38(a), or a hazardous substance emergency response plan developed in compliance with 29 CFR 1910.120(q). The plan probably includes evacuation information for several types of anticipated emergencies, such as fires or explosions. By incorporating terrorist releases, a plan will be strengthened and workplace readiness for terrorist incidents, such as the release of a chemical warfare agent or an ionizing radiation source in or around the facility, will be increased.

Terrorist release is as a release of an agent or material commonly identified as a weapon of mass destruction or of another hazardous substance, performed as a violent act dangerous to human life and intended to further political, social or religious objectives. An employer may want to contact the local and/or a state emergency planning committee to determine what terrorist releases are considered a risk within the community or region.

Planning Considerations Checklist

For a practical approach to common aspects of an industrial security checklist, the following will serve as an example for incorporating terrorist events into an existing plan. The checklist (Figure 1, p. 64) is a working tool or guide to develop a more comprehensive program. The information should be considered a basic overview of industrial security planning and not an exhaustive analysis for site security preparedness.

The checklist includes input from many sources and industries, and is the basis for OSHA's guidelines for terrorist releases. The checklist contains broad questions that one can use to evaluate a current evacuation plan(s). To modify an existing plan, research additional online resources, such as OSHA's Emergency Response web page at www.osha.slc.gov/SLTC/emergencyresponse/index.html.

The checklist covers the following categories:

• notification;
• shut-down and isolation;
• evacuating, sheltering and accounting for employees;
• training.

Conclusion

With safeguards in place, and SH&E and security professionals focused on maintaining a safe and secure workplace for employees, contractors and visitors, terrorism can and will be controlled.

Can anything we do really stop a dedicated terrorist, who is willing to give up his/her life for the sole purpose of destroying property and killing people? History has shown we cannot prevent such acts. However, we can minimize the destruction and loss of life by instituting the recommendations offered in this article.

James J. Thatcher, Ph.D., has 25 years' experience in the oil and gas, metals/minerals and chemical industries, with management positions in engineering, operations, human resources, SH&E, training and security. He is president of Global Safety Solutions LLC and an advisor for SH&E, training and security programs for EnCana Oil and Gas Co. He is an expert witness for operational, SH&E, training and security issues in the oil and gas industry as well as the mining, minerals and chemical industries. Thatcher is retired from the U.S. Marine Corps with the rank of Colonel. He is the past president of the National Safety Management Society and is on its board of directors. He holds an M.S. in Mechanical Engineering and a Ph.D. in Psychology/Organizational Development.