Transcript Slide 1
Updated: April 25, 2007 Use or reproduction of this material without the permission of the ASME ITI, LLC is prohibited. RAMCAP • Provides • Common terminology • Common metrics Enables comparison of risks across all CI/KR • Common basis reporting • Incorporates results from prior risk assessment methodologies • Informs decision-makers about consequences and vulnerabilities in critical infrastructure • Reduces risk, increases resilience Use or reproduction of this material without the permission of the ASME ITI, LLC is prohibited. RAMCAP 7-Step Process 1) Asset Characterization What assets do I have and what is critical? What threats should I consider? 2) Threat Characterization 3) Consequence Analysis 4) Vulnerability Analysis What happens to my assets if a terrorist attacks? How much money, how many lives, how many injuries? What are my vulnerabilities that would allow a terrorist to succeed? 5) Threat Assessment What is the likelihood that a terrorist will strike my facility? 6) Risk Assessment What is my total risk? Risk = Consequences x Vulnerability x Threat 7) Risk Management What should I do to fix the problems? How much will it cost and is there a financial benefit to my actions? Use or reproduction of this material without the permission of the ASME ITI, LLC is prohibited. Accomplishments • Completed Sector-Specific Guidance documents for : • Chemical manufacturing plants (formed the basis for newly released chemical security regulations) • Petroleum refineries • Liquefied natural gas terminals • Nuclear power plants (2/3 of all nuclear power plants have completed RAMCAP assessments) • Nuclear spent fuel storage and transportation • Recognized by the National Infrastructure Protection Plan (NIPP) and the DOD’s Defense Science Board as the preferred framework for risk assessment for critical infrastructure. Use or reproduction of this material without the permission of the ASME ITI, LLC is prohibited. Selected RAMCAP Assessments LEGEND Petroleum Refinery Chemical Plant LNG Terminal Nuclear Power Plant Adopted RAMCAP as the risk analysis methodology for chemical facilities Use or reproduction of this material without the permission of the ASME ITI, LLC is prohibited. Future Plans • Continuing to work with ANSI’s Homeland Security Standards Panel (HSSP) and NFPA on synergies between NFPA 1600 and RAMCAP • Developing guidance for Dams, Locks, and Levees and for Water/Wastewater Utilities (end: Sept 2007). • Exploring potential next sectors: Power Distribution/Transmission and Passenger Rail. • Pursuing SAFETY Act Designation and Certification • Creating a RAMCAP voluntary consensus standard for accreditation by ANSI (expected: June 2007). Use or reproduction of this material without the permission of the ASME ITI, LLC is prohibited. RAMCAP History • September 2002: White House/Industry workshop on homeland security recommends risk management methods consistent and comparable across sectors • September 2003: DHS/ODP issue a grant to ASME to write “Introduction to Risk Analysis and Management for Critical Asset Protection” • February 2004: ASME holds a workshop on risk analysis and communication with key academic experts creating a solid theoretical foundation • April 2004: ASME holds workshops for Professional Engineering Societies, Industry Trade Associations, National Labs, DHS & other Federal Agencies to review RAMCAP • August 2004: ASME issues the RAMCAP Framework© which incorporates results from all meetings and distributes it for peer review; The Framework is continuously updated based on stakeholder comments; Current at Version 2.0 • January 2006: First five Sector-Specific Guidance documents are completed. • June 2006: DHS issues NIPP, designates RAMCAP as the key IP tool • September 2006: Work commences on Dams, Locks & Levees and Water & Wastewater Sectors; additional sectors under discussion • January 2005 – Present: ASME extends RAMCAP concept to all hazards, “soft targets” and regional resilience Use or reproduction of this material without the permission of the ASME ITI, LLC is prohibited. Testimonials • National Infrastructure Protection Plan (NIPP) - RAMCAP is a “framework that satisfies the baseline criteria for risk assessment and can be used for national cross-sector risk assessment. This tool set enables owners and operators to calculate potential consequences and vulnerability to an attack using a consistent system of measurements. It will also provide the means to convert and compare the results obtained from assessments performed with other suitable methodologies that are consistent with the NIPP baseline criteria.” • Robert Stephan, Assistant Secretary for Infrastructure Protection, DHS - “RAMCAP data will help DHS to prioritize all chemical facilities of concern in the United States according to relative consequence, vulnerability, and level of threat. Results from RAMCAP assessments will allow comparison of assets from across sectors, allowing for better prioritization of national critical infrastructure protective efforts and resources. The overarching RAMCAP program will substantially improve information included in the National Asset Database, asset prioritization, comparative risk analysis, and owner/operator awareness of the vulnerabilities and consequences at their sites.” • Dr. Regis A. Matzie, Senior V.P. and Chief Technology Officer, Westinghouse Electric Company "[Without] RAMCAP, the industry we serve will lose an opportunity to help the U.S. Department of Homeland Security (DHS) and the nation. Potential lost opportunities include internal asset management, the DHS strategic plan to build a Common Operating Picture, and Decision Support System across sectors since there will be no method to compare and prioritize actions during an emergency with consistent understanding of which hard choices to make across sector interdependencies.“ Use or reproduction of this material without the permission of the ASME ITI, LLC is prohibited. Testimonials (cont’d) • Michael Wallace, President, Constellation Generation Group and Chair Nuclear Sector Coordinating Council - “RAMCAP adds significant value to the Comprehensive Review of Critical Infrastructure process. It includes a realistic look at potential threats to infrastructure which can provide good insights into improving protection. The results of RAMCAP reviews will allow quantitative comparison of the terrorist threats to all different types of infrastructure. This will doubtless prove very valuable in making funding decisions on where to best spend federal security dollars to reduce our vulnerability as a nation to terrorist attack." • Report of the Defense Science Board Task Force from the Office of the Undersecretary of Defense - “OASD (HD)/DCIP [Office of the Assistant Secretary of Defense for Homeland Defense/Defense Critical Infrastructure Program], in consolidating risk assessment tools, should coordinate with the DHS effort with ASME RAMCAP to ensure a standardized approach for such assessments [of DoD critical assets].” • Robert Goodchild, EU Energy Risk Official - “RAMCAP is the best (only) existing methodology that could be applied or adapted to the European-level.” Use or reproduction of this material without the permission of the ASME ITI, LLC is prohibited.