A Security Risk Assessment Methodology for Gas Infrastructure Operators

By Thierry Deschuyteneer, Executive Secretary, Gas Infrastructure Europe (GIE)
Autumn 2014

The European gas infrastructure is a network of assets without national boundaries: a failure of one portion of the network could spread to other areas, potentially involving several countries. Thus the European Commission has identified gas Infrastructure as a critical infrastructure.

GIE fully acknowledges the strategic importance of the gas infrastructure system for Europe and the necessity to create standards to ensure a level playing field. A sound security risk identification and mitigation methodology maintains the value of energy infrastructure.

The GIE Security Risk Assessment Methodology is a common and integrated approach amongst European energy infrastructure operators. With this methodology a next major and important step to increase security and resilience of the gas infrastructure network in Europe has been achieved. This is an example of the active contribution of gas infrastructure operators to the European Program for Critical Infrastructure Protection (EPCIP).

The GIE Security Risk Assessment Methodology has been elaborated by security experts from all over Europe with many years of practical experience, using different national best practices, together with one of the world's leading strategic consultancy.

Other important inputs come from the risk assessment methodology standards ISO 31000:2009 and ISO/IEC 31010:2009, as well as the "Reference Security Management Plan for Energy Infrastructure" prepared for the European Commission in 2010.

The GIE Methodology is robust yet easily adaptable and flexible and can be used by different energy companies. It covers all areas of security within a company, irrespective of size and scale. It is already in use by several gas infrastructure operators in different countries.

The GIE Methodology is tailored to gas transmission: valve stations; pressure and metering stations; compression and blending stations; import/export stations; process control stations; data communication systems; emergency and call centres; and gas flow control centres.

It also deals with the gas distribution sector: emergency and call centres and blending stations. Finally, underground storage, peak-shaving and LNG terminal installations are covered as well.

The first part of the methodology concerns risk identification. Each asset is characterised according to its criticality and potential threats.

Then risks are analysed: the likelihood of risk scenarios is evaluated as well as the impact and consequences of these risk scenarios. Results are summarised in a risk matrix. A semi-quantitative methodology is applied, with 5 likelihood classes: "very low probability", "low probability", "medium robability", "high probability" or "very high probability". There are also 5 risk classes: "very low risk", "low risk", "medium risk", "high risk" and "very high risk". For each category, an order of magnitude of the likelihood or risk is provided.

The next step deals with the evaluation of risks: by comparing the risk findings with the risk criteria (without or with the existing security measures), the need for mitigation measures is identified. Decisions have to be made whether a risk needs treatment, what the priorities for treatment are, and whether an activity should be undertaken.

The last part of the methodology involves risk treatment. This covers: selection of the strategy for managing risk; evaluation of the effectiveness of the "asis" security measures and the analysis of the gap with the desired outcome; identification of mitigation measures; evaluation of the residual risk; vulnerability analysis; and supplementary measures.

It is not possible to identify a fixed set of detailed security measures that have to be applied to all assets of gas infrastructure operators; the security measures have to be defined by every operator considering the national mandatory regulations and the specific environmental aspects.

This methodology supports operators in identifying the security measures and, in particular, the definition of its own security guidelines that can be adopted for all assets belonging to a specific type and/or risk level.

The GIE Security Risk Assessment Methodology is complemented by a Risk Assessment Tool which covers the specific assessment phases as described in the methodology: asset classification (including criticality and environment); threat analysis; evaluation of likelihood and impact; and object classification.

The GIE Security Risk Assessment Methodology has been presented to representatives of the European Commission and introduced to the European Network of Transmission System Operators for Electricity (ENTSO-E). The official launch of the GIE Security Risk Assessment Methodology took place on 29 July 2014.

The GIE Methodology has been developed using best practices from GIE members and is already in use by some operators. GIE expects that its members will progressively apply it. Experience from implementation could also lead to improvements in the coming years.

The Methodology is accessible to all stakeholders interested in this field. It is published on the GIE website (http://www.gie.eu/index.php/publications/gie). The documentation consists of a detailed description; a Risk Assessment Tool and a summary of the Methodology in the form of a presentation.