Schneier on Security
A blog covering security and security technology.
« Too Many Security Warnings Results in Complacency |
| Security vs. Usability »
August 4, 2009
Regulating Chemical Plant Security
The New York Times has an editorial on regulating chemical plants:
Since Sept. 11, 2001, experts have warned that an attack on a chemical plant could produce hundreds of thousands of deaths and injuries. Public safety and environmental advocates have fought for strong safety rules, but the chemical industry used its clout in Congress in 2006 to ensure that only a weak law was enacted.
That law sunsets this fall, and the moment is right to move forward. For the first time in years, there is a real advocate for chemical plant security in the White House. As a senator, President Obama co-sponsored a strong bill, and he raised the issue repeatedly in last year's campaign. Both chambers of Congress are controlled by Democrats who have been far more supportive than Republicans of tough safety rules.
A good bill is moving through the House. It would require the highest-risk chemical plants to switch to less dangerous chemicals only in limited circumstances, but Republicans have still been fighting it. In the House Homeland Security Committee, the Republicans recently succeeded in adding several weakening amendments, including one that could block implementation of safer-chemical rules if they cost jobs. Saving jobs is important, but not if it means putting large numbers of Americans at risk of a deadly attack.
The Obama administration needs to come out forcefully for a clean bill that contains strong safety rules without the Republican loopholes. Janet Napolitano, the secretary of homeland security, said last week that she considers chemical plants a major vulnerability and promised that the administration will be speaking out on the subject in the days ahead.
It is looking increasingly likely that Congress will extend the current inadequate law for another year to take more time to come up with an alternative. That would be regrettable. There is no excuse for continuing to expose the nation to attacks that could lead to mass casualties.
The problem is a classic security externality, which I wrote about in 2007:
Any rational chemical plant owner will only secure the plant up to its value to him. That is, if the plant is worth $100 million, then it makes no sense to spend $200 million on securing it. If the odds of it being attacked are less than 1 percent, it doesn't even make sense to spend $1 million on securing it. The math is more complicated than this, because you have to factor in such things as the reputational cost of having your name splashed all over the media after an incident, but that's the basic idea.
But to society, the cost of an actual attack can be much, much greater. If a terrorist blows up a particularly toxic plant in the middle of a densely populated area, deaths could be in the tens of thousands and damage could be in the hundreds of millions. Indirect economic damage could be in the billions. The owner of the chlorine plant would pay none of these potential costs.
Sure, the owner could be sued. But he's not at risk for more than the value of his company, and -- in any case -- he'd probably be smarter to take the chance. Expensive lawyers can work wonders, courts can be fickle, and the government could step in and bail him out (as it did with airlines after Sept. 11). And a smart company can often protect itself by spinning off the risky asset in a subsidiary company, or selling it off completely. The overall result is that our nation's chemical plants are secured to a much smaller degree than the risk warrants.
Posted on August 4, 2009 at 12:52 PM
• 49 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
The math is even more complicated than that, Bruce. That's because "security" is not the same as "dollars". Spending a little money on the right things can have a huge impact on security.
Likewise, there is an near infinite number of ways to spend a million dollars without any increase in security.
How about teams hired by the government to do actual penetration testing? Then the results of those test being compiled into a "best practices" package that must be followed (or you'll be heavily fined).
"Any rational chemical plant owner will only secure the plant up to its value to him".
I think "any rational psychopath who owns a chemical plant" would be more exact.
Rationality should not be incompatible with decency, ethical behaviour, or even kindness.
I think the risks of accidents is significantly larger than the risks of deliberate attacks. Unless security measures protect against both, I'd concentrate on the former. "Think of the terrorists!" is only very rarely a rational argument.
Regardless, it is a good idea to keep such industry away from densely populated areas. And also, to not have trains carrying their products through densely populated areas, since that seems to be where most actual risk is.
Funny how this needs to be framed as a security problem before something happens.
In reality, I would assume that the risk that a chemical plant will leak something nasty due to mechanical faults, unforeseen combinations of failure modes, other bad engineering, lack of maintenance, negligent/incompetent operators, earthquake or other acts of God, is at least as large as the risk of a malicious attack being carried out and succeeding.
However, reasonable measures to protect against one risk will also work against the other.
(Of course it is easy to image UNreasonable measures against terrorist attacks that wil do nothing against random failures. Those will probably be the ones implemented most enthusicastically).
Actually, I see two externalities going on here.
The first is the one Bruce mentioned. That of a rational chemical plant owner.
The second is the one that Congress seems to be advocating. If they mandate tighter security, then who is going to pay the costs of this increased security?
I thought you would speak to the Bryan, Texas ammonium nitrate fire last week. They evacuated, or attempted to evacuate, about 80,000 people.
Texas A&M, in adjacent College Station was closed, through, get this, a "code maroon" notice. I'm still fighting my way through the DHS nomenclature and now we have " code maroon". I'd guess there are about three people in College Station who know what a "code maroon" means.
Regardless, the decision was made to let the fire burn out because water would exacerbate the problem. Of course, it was threatening rain so I'm not sure how they assessed that issue.
The authorities had no control over which direction the wind was blowing and had little idea of how long it would take to burn out. When I called my hotel, which was out of harms way, the woman confidently told me cars were driving outside so they must not be in the effected area.
The $100 million example doesn't consider the economic impact imparted on others.
It's much like the cascading critical infrastructure problem. The local utility may quantify the risk at $100 million, but the broader problem is significantly more expensive.
So, who shoulders, the risk?
I think Tom's going a little over the top. There is no point in operating a business if it isn't profitable. That's the "rational" part Bruce is talking about and that Tom fails to see.
However, if the government actually enforced the security requirement equally so that one business does not bear a burden that another does not then the result should be only higher prices for customers. In other words, if the cost of operating the business increases due to security regulations then increasing the value of the business is the only rational solution. I would much rather pay more for chlorine then have to pay more taxes for the government to subsidize the security regulations.
@Nathan: Not to mention it's more economically efficient. It's best if the cost of chlorine includes all costs, not just those the chemical plant owner can't palm off on somebody else. That way, people who really need the chlorine can pay the extra money, and those who can use less or no chlorine don't.
If the chlorine is a real danger, and we pay by having areas devastated, or having the government subsidize security, or something like that, then we're going to be using more chlorine than is optimal for the economy.
In short : 9/11 cost the US more than some bricks, three airplanes and a few funerals.
Nobody remember Bhopal ?
This bring up a good point: how much should be paid to secure the plaint? It would be kind callused but you could require that something like "spend ($1M * chance-of-attack * lives-at-risk) in an effective manner"
Another option is to leverage that math. Rather than mandate security measures, make it more criminally risky to have a plant that is open to attack. For example, place the owners of the plant at risk for some kind of "homicide by inaction" charge if a successful attack on the plant is ruled to have bean reasonably preventable.
But would you pay more for chlorine if it were also available for less as an import? I absolutely believe companies are responsible for the harm inflicted on their neighbors, but this is the economic competition they face. And additional import tariffs have a ripple effect on treaties, trade agreements, etc. There's a lot to change.
The problem with "keeping these industries away from population" is that many of them where build in the middle of nothing but now the population has moved to them. Same goes with the rail lines. As the cities expand they expand into the industrial areas exposing more people to potential issues.
I think that security is a good thing at all chemical plants - most have it and most have a decent level of it. It will not keep anyone out that truly wants to get in, but what will?
If the plant owners have to pay more because of laws then we (read in everyone) will have to pay more. Unfortunatly our society has become chemically dependant.
You will have to forgive T A&M, everything important to them is maroon (school colors). If you spend even a short time in the area will begin to understand. We have two colors down here (in Texas) - maroon for the Aggies and Orange for the Longhorns.
First problem how do you measure risk?
Which has the attendant problem of how do you quantify risk?
Which gives rise to how do you know that you are measuring the right thing?
With natural events that are reasonably common on a global basis you can make various types of "average" in a framework but this does not apply to Non Acts of God by human agent.
Terrorism is (assumed) so rare for these types of event that there are not even any good examples and the only ones that I'm aware of in recent times in the UK have been companies seeking to hide poor or deficient maintenance long enough to stop bad news effecting the share price to hard.
I would be happy to see any legislation that used physical separation etc. from populations or the basic resources populations use (water tables etc). Or actually hardened the dangerous process or limited quantities or used less dangerous raw materials and catalysts etc.
However if it is security focused all it will really do is encourage organisations to put up big fences have armed patrols and more secrecy. All of which will aid in covering up the basic issue of poor maintenance which is realy the main risk we face from these types of organisation (as their lobbying has actually shown).
Oh and make sure the legislation does not have "directing mind" clauses. Directors should do serious time or in the states that still have them go to the chair for deaths resulting from negligence just like any premeditated murder. Also the personal assets of all senior execs as well should be up for grabs, then the share holders with out any limitation, it is their desire to profit that generally gives rise to poor maintenance which kills people. Finally to stop organisations off shoring risk make the law apply to any company that does business in whatever form in the US and all it's subsidiaries.
When it's your life and freedom on the line it tends to focus your attention quite significantly.
@ Tom Welsh,
'I think "any rational psychopath who owns a chemical plant" would be more exact.'
Most of them are actually run by people that rate very highly on the scale as psychopaths when tested...
"Rationality should not be incompatible with decency, ethical behaviour, or even kindness."
Not in the free market economy, there is no measure for those considerations that figure in the economic equations...
It is a simple case of "if it's not prohibited then do it". Which is why society actually needs strong legislation to protect it's self from such "business executives" because most will "do what is prohibited" if they see the reward as high enough.
You only have to scratch a little bit under the surface of certain large oil and chemical companies to see what sort of tricks they get up to including full on perjury blackmail and suicideing people.
And a lot of governments are happy to go along (UK / Shell / Nigeria Ken Saro-Wiwa http://en.wikipedia.org/wiki/Ken_Saro-Wiwa ) for various reasons.
@ Dom de vitto,
"Nobody remember Bhopal ?
I not only remember it but also Flixborough (England, UK), Seveso (Italy), Three Mile Island (US) , Chernobyl (USSR), Aberfan (Wales, UK) and a whole host of others on shore.
Then there have been so many off shore that I have looked at they are to many to list here but all the UK/European ones on the following list,
Good luck getting them to secure the bloody things. One needs to ride herd enough on irresponsible corporations to keep them from contaminating air, soil and groundwater as it is. It gets to the point where we get more out of the Sierra Club than we do out of the Department of Hopeless Insecurity, not that that's saying much.
And don't even get me started about the places that get abandoned after bankruptcy, permanent "outsourcing" or an "accident" that's being thoroughly covered up. Whose problem is it when a contaminated plant in Long Island is bought out by another corporation in California that doesn't give a crap about detoxifying the place? The government's? The people who live around it? It's certainly not the California company's problem. They're 3000 miles away and no government agency is holding them accountable.
If the DHS was an agency truly concerned with the safety and security if the American people then they wouldn't be paying weenies to stand around in the woods around the abandoned chem plant looking for trespassers. They would be going to whoever owned this monstrosity, serving them with papers and fining them daily until they cleaned up this hazard to the community.
But since the DHS is STILL only a cash cow for political cronies, more interested in exploiting security problems than providing actual solutions, what we get for our tax dollars are weenies standing around in the woods around a slowly rotting toxic wasteland. And you best believe those DHS weenies are careful to bring their bottled water. For some reason they'd not be caught dead drinking from the tap.
Again I have to ask... who's protecting who from who?
Out here in California we're busy complaining about the Texas and East Coast companies who don't care what they do here. My sympathies.
As someone who has guarded chemical facilities, I am alarmed at the idea that a government bureaucrat thinks he knows how to do it better -- and will therefore produce thousands of pages of detailed studies, all publicly accessible on the Internet, which lovingly detail each and every way to kill thousands of people with a rusty pocket knife and a hatful of luck.
This is the status quo in the nuclear power industry, not incidentally -- everything one needs to know to take apart an NRC facility is publicly available on the NRC's own Web site. Anything they reluctantly take down is on the "whistleblower" Web sites.
We don't need a "CRC" doing the same number on the chemical plants.
I agree that some regulatory action is needed to get chemical plants to put in some decent security. One gets really tired of documenting the same tiny dime store skeleton key padlocks, rusted gaping holes in chain-link fences, burned out perimeter lights and massive deficiencies in OSHA required safety equipment. Did I mention that the guards are usually NOT armed (for liability reasons!!!) and NOT trained in the use of respirators and other protective equipment?!?
There are decent chemical plant operators who care about their workers. They can be recognized by their laser-like focus on safety.
I am not sure that any amount of regulation will get a bucket shop operator to do more than the bare minimum.
The only law I'd like to see passed is a requirement that the general manager of a chemical plant live within the primary evacuation radius, with the management offices co-located with the high hazard facilities. That would get some action.
The issue is founded, like so many others, in the fact that corporations currently enjoy legislative protection that offers them the rights of an individual, but there's not much legislation with teeth that mandates the same level of responsibility that an individual citizen would need to maintain. And multinational corporations simply avoid having to follow the rules by moving to a country where the rules are different or not yet in place (as in Bohpal).
Until the proclivity of chemical plants, DoD contractors and other corporations to behave irresponsibly is treated - as it SHOULD be - as a form of dangerous behavior and a threat to the citizenry bordering on terrorism, this problem will not go away.
But guarding a toxic corporate site is a lot easier than going after the corporation and forcing them to end the dangerous situation - when the ONLY security you're interested in is JOB SECURITY.
I have absolutely no problem calling the entire DHS organization out as liars, frauds and parasites, and this example is only one of the reasons why. What a sickening waste of our money when a corporation can threaten the integrity of our drinking water or the safety of our citizens and they send their goons out to PROTECT it instead of holding it accountable! This twisted Bush-era boondoggle needs to be entirely dissolved and their actual WORKING assets (to include people, they can't ALL possibly suck) parcelled out to the three other pre-existing intelligence agencies.
BCS: "Rather than mandate security measures, make it more criminally risky to have a plant that is open to attack. For example, place the owners of the plant at risk for some kind of "homicide by inaction" charge if a successful attack on the plant is ruled to have bean reasonably preventable."
It won't work well if you only prosecute after actual deaths. Extreme example: I run an infectious disease laboratory. For a cost of $1M, I can insure against a catastrophic failure. The failure has one chance in a million of occurring, but if it does, it will release a disease which will kill a billion people.
From my point of view: I can spend $1M to avoid a one-in-a-million chance of being sentenced to prison for eternity (assuming I survive the disease) and being the most hated person on earth. I'll keep the $1M.
From an external point of view: One in a million chance of killing a billion people is an expected toll of a thousand. A million dollars to save an expected 1000 people is $1000 per life saved, which is very worthwhile.
"The problem is a classic security externality, which I wrote about in 2007:
Any rational chemical plant owner will only secure the plant up to its value to him. That is, if the plant is worth $100 million, then it makes no sense to spend $200 million on securing it."
Well, Bruce, you really should stick to cryptography. This is a truly inane statement, as obvious to anybody who did any business.
The reason why it is wrong can be summarized in one word: "liability".
@Brandioch Conner: "How about teams hired by the government to do actual penetration testing? Then the results of those test being compiled into a "best practices" package that must be followed (or you'll be heavily fined)."
I do not consider this an option, If the security team is warned before the penetration testing the results are not realistic, if it is not warned deaths could occur to both sides. Also, some terrorist could disguise as the goverment team.
I think that the security must be more passive, getting the plants in less crowded areas, concrete walls instead of fences, an empty non accesible security area, protection against improper use and the most important methods to contain or minimize leaks. Also, I think it is important to protect this kind of facilities against insider attacks, if the method to enter a chemical plant is just to being employed, a false outstanding CV with "verificable" false references could do the work of entering the plant.
@ Chlorosilane USA
"dissolved and their actual WORKING assets (to include people, they can't ALL possibly suck)"
I'm very sure that they don't.
But in a "might is right" style organisation you have a strong ethos of what would politely be called bullying.
You need to remember that most of the people at the bottom (the ones you see most of) have a lot to lose.
When the DHS was formed the low paid unskilled workers who where from the US suddenly became Federal employees and their wages where in a lot of cases doubled over night (others of course found themselves without jobs).
And this is the point you have people at the top driven by the Press etc, pushing training on to these people in a lot of cases at a rate faster than you would expect in Grad School. You have trainers who's only real task (to keep their job) is to meet the numbers not of being trained but of those passing (which is why you had comments about "you have to recognise this gun not any gun this gun" from whistle blowers).
Then there are more rules than a competent lawyer could remember, constantly changing, most of them "confidential" or higher (mustn't let the "enemy" know) engendering a "them or us" attitude. Which further gives an air of "only talk to your co-workers" but "be careful what you say, you don't know who's listening" that you might refer to as "faux secrecy".
In this BS rich fertile soil the seeds of bullying, (ie favouritism, cronyism, nepotism, hypocrisy,
institutional incompetence, usurpation of "executive" power through to full on corruption and fraud) grow rampant amongst the nascent seedlings of conscientious workers who do or want to do their job with decency, practice ethical behaviour, and even kindness to others they see as "people" not "the enemy". But they dare not put their heads above the ramparts instead they subsume their natural tendencies towards the apparent herd mentality the bullying encourages.
@ Dom de vitto
Point of fact, yes I do. I was taking Chemistry classes at the time.
I was reminded of that just today, when an article on adult stem cell research was brought to my attention; specifically the use of adult stem cells to cure certain specific corneal problems. It sounded like it might be an answer to those blinded by the methyl isocyanate.
THAT event was a combination of poor management, lax safety processes, broken equipment, and (possibly) employee sabotage. No terrorists, per se, but a lot of terror resulted.
Thanks for reminding me of the dioxin episode (Seveso). I couldn't remember the name. Chernobyl, as well.
We have enough problems with people just doing something stupid, thoughtless or inconsiderate, never mind someone purposefully trying to do ill.
The bigger problem is keeping the 'accidental' stuff from happening. From the Organic Chem lab: placing waste organic material in the waste sulfuric/nitric acid bottle (we were doing nitration of bromobenzene that day). All that happened was the cap was blown off the bottle, but the results could have been MUCH worse.
And all because someone dumped their waste material into the wrong bottle. If I have been so inclined, I could have made sure ... well, I digress.
I expect that you could even set up a terrorist event of the above sort, but on a larger scale, and it could be put down as merely an accident. Economic Value = High / Human value = high / Terrorist value = 0
"Also, I think it is important to protect this kind of facilities against insider attacks, if the method to enter a chemical plant is just to being employed, a false outstanding CV with "verificable" false references could do the work of entering the plant."
The problem with this is two words,
In either case the persons background will check out at the time of employment .
The possible reason it has not happened is that most of those who can do real damage (engineers not operators or management) have gone through an extended period of training. They are very very aware of what could go wrong and what the consequences are in very real terms, from studying what went wrong and why in their education.
By and large most engineers I know see the "management" as the enemy specifically the cost accountants. Because they know from either direct or just second hand experience that they will be blamed when the "penny pinching" on design and maintenance comes home and bodies are strewn across the plant and surrounding areas.
That is not to say they cannot be radicalised anybody can with the right controlled environment and appropriate drivers. It's just that engineers especially design engineers have a way above average number of "high functioning autism" sufferers amongst their ranks and this means they have very different motivators and social concepts and thus require a very different approach to be radicalised.
'Well, Bruce, you really should stick to cryptography. This is a truly inane statement, as obvious to anybody who did any business.
The reason why it is wrong can be summarized in one word: "liability".'
Hmm I don't know what you do as a job but it does not look like you work in senior management in oil / chemical / heavy / construction industries or banking for that matter.
There is no liability in these industries for senior execs or the share holders they know it they have lobbyists, skilled lawyers and accountants making sure that there is no real liability for them and there are always "scape goats" where these accidents happen (remember the old adage "if the pilot dies in the crash it's pilot error").
Bruce's statement is far from "truly inane" it highlights the problem of real cost -v- limited liability cost.
In the last century (ie pre 2000) a business was very rarely asked to do an "environmental impact" assessment 99.999% of businesses did not even consider it as they had "insurance" their only concern was what legal liability they had "on site" and how to minimise it's costs.
In many cases where a company was well aware of the risks they simply "off shored" it to some country that would be expected to be "pitifully gratefully" for the opportunity of having a toxic bomb or waste dump on their door step.
If you want examples just look at how old ships are broken up for scrap. In some places you have six or seven year old children pulling blue asbestos lagging of metals so they can be smelted down.
And this has been known for years, the collapse of the Lloyds Insurance due to the LMX Spiral is a case in point. Lloyds had a problem it ran on old money and it had industrial liability hoving onto the horizon with asbestos. the LMX Spiral was a closed "re-insurance" scam designed to drag in new "unlimited liability" money the asbestos and other significant risk was then transfered from the "old money names" to the "new money names" very quietly.
When it all blew up those in charge at Lloyds new that due to the "Lloyds Act" they had sweet talked past Maggie Thatcher they had a very valuable weapon on their side the names where constrained by law to "Pay before you sue" and with "unlimited liability" they new that the new names would be bankrupt before they could litigate against the Lloyds council. Just to help them along who did they put in charge of the Lloyds "hardship panel" no other than the (less than) "fragrant Lady Archer" who's lifetime peer author husband was later jailed for amongst other things perjury.
Of one member of the Lloyds Security Council a very senior and eminent judge compared their morals as being less creditable than an ally cat.
"From the Organic Chem lab: placing waste organic material in the waste sulfuric/nitric acid bottle (we were doing nitration of bromobenzene that day)."
Ye-ouch, just be thankful it was a small amount of organics in the acid, it might have been the other way around that really could have been nasty.
For those that do not know very careful nitration of benzene and other organic fuels such as cellulose, glycerine and toluene are how you make molecules that contain both the fuel and the necessary oxidizer for a very efficient and high energy burn at rates well above the speed of sound (rocket fuels amongst other things).
For obvious reasons I'm not going to detail how you do it, but just highlight some of the dangers.
One problem is heat if the temperature gets above near freezing then the molecules start to burn rather rapidly, And if this happens in the organic fuel then it will quite happily carry on as long as oxygen in one form or another is available...
During WWII Germany had a rocket plane (me 163 Komet) that run on C-Stoff and T-Stoff basicaly an organic fuel and hydrogen peroxide (see http://www.noahshachtman.com/archives/003002.html ). 80% of these blew up in use but this fuel mix was considered safer than using an organic fuel and fuming nitric acid which was used as another propellant...
All of the oxidizers are extremely corrosive to organic materials like human flesh... One experiment that was commonly shown to student to demonstrate the dangers was a small amount of sugar onto which conc sulfuric acid was poured. the result it went black heated up expanded rapidly in volume and let of a foul caramel smell (human flesh tends to smell more like burning pork when conc sulfuric gets at it).
Sulfuric acid is used during the nitration process as an equivalent of a "drying agent" thus allowing further nitration of the molecule to add yet more oxidizer for a more efficient burn that is glycerine to Tri-Nitro-glycerine which is highly unstable blasting oil, used in amongst other things Nobel's Dynamite.
The history of death by the manufacture containment and shipping of blasting oil should be compulsory reading for all chemists and engineers.
I work at a chemical plant. I'd like to make a couple of points that seem to be widely misapprehended.
1. As Brett pointed out, most plants were built in the middle of nowhere, and then people moved in around them. Many of those neighbours in fact work at the plant. Including the chemical engineers and safety inspectors. At the plant where I work, there are a few people who commute in from neighbouring towns but most live within a 5 km radius of the plant, and both the second most senior chemical engineer and the former site general manager (retired a few months ago, still lives here) live within 300 metres of the perimeter fence. By the way, at a chemical plant the site general manager is not an MBA whipper-snapper, but a greybeard engineer (or grey hair, if female!) The day to day safety and security decisions at these plants are made not by an untrained and remote board of directors, but by the people most likely to be affected by an accident!
This isn't to say that these people can't make mistakes, but these issues have already been discussed for years by highly motivated people who actually know what they are talking about.
2. It is extremely unlikely that additional regulation has any positive role to play. Chemical plants are already stringently regulated. If you haven't ever worked at a chemical plant, you have no clue just what new parallel universes of bureaucracy can be involved in genuinely "stringent" regulation. One of the paperwork processes we have is the method for signing off a permit to temporarily modify a process. It's fair enough that care should be taken with this, but someone recently determined that the cost of processing the paperwork for these temporary permits is just a shade under $40,000 each. That might seem reasonable if you are modifying one of the reactants in a potentially dangerous process, however they are required for *everything*:we recently had to do this to make a training film which used inert simulants (i.e, tap water.) Since the process normally used strong acids, use of plain water required a permit, and thus added $40,000 and two weeks to a 2 hour exercise. Here's another example: I suppose when you wash the dishes at home, you just let the detergent-contaminated dishwater run into the public drains, don't you, you dirty stinking polluter!?! At the plant, if we did that, we would be immediately subject to massive fines (and yes there are permanent monitors installed in the storm drains and random sampling elsewhere.)
[I think "any rational psychopath who owns a chemical plant" would be more exact.]
Sociopath... which is the definition, to me, of a Corporation... and the bean-counters who weigh such matters.
@David Shaw and "code maroon"...
How did Bugs Bunny pronounce "moron"?
"What a maroon!"
If you are easily terrified, yeah, I could see this as a snarky response from folks who have some sense of perspective.
Perhaps places like A&M might suddenly decide to create a curriculum in "industrial sanity and sensibility in safety design" since this kind of situation would rub their noses in it.
Liability is a legal issue, and there are legal ways of getting around it. If I'm running a major chemical corporation, and want to cut back on security, I can simply incorporate all my plants separately. I don't lose control. For a relatively small expense and some inconvenience, I've gotten protection.
When my Omaha plant goes kablooie and wipes out half of Omaha with hundreds of billions of dollars of loss, what happens is that Omaha Deadly Chemicals, Inc. goes bankrupt. I've just lost a plant and gotten a PR black eye, but my company isn't liable and I don't have to pay to decontaminate Omaha.
This sort of thing has been done in other places quite successfully. Montana has quite a few poison pits where a company responsible for a mine, using what might charitably be considered ecologically disastrous techniques, has limited the liability to a subsidiary, which can be allowed to go bankrupt.
The limited liability feature of corporations has played a very large part in economic growth, but it has some serious downsides.
There are no externalities here, just an attempt to balance the desires of "society," a fictional, non-existent economic actor, against those of a commercial enterprise. We are all taught to hate business and this kind of biased analysis is a perfect example.
There are two parties with decisions to make here, absent government's decision to insert itself via the threat of violence to one or both parties.
One is the plant owners, who as Schneier correctly points out will only spend an appropriate amount, by their calculation.
The other party who must make a decision are the other property owners in the area. Whether they are businesses or homeowners, they need to decide if the plant represents an unacceptable risk and what, if anything, they are willing to spend to mitigate that risk. The list of things they can do to mitigate risks is long and limited only by human ingenuity.
In fact nearly all plants of this type are sited far from population centers precisely because they represent a hazard. Over time, homeowners and others move nearby and want to have their cake and eat it too: they buy cheap property because it is close to the plant, then demand that others (the taxpayer or the plant owner) make investments that they were unwilling to make.
This behavior is cynical and dishonest. It threatens property rights and leads to endless, non-resolvable debates about non-existent externalities.
Chemical plants don't appear suddenly out of thin air. If neighbors don't like the plant, they can take steps to protect themselves or move. It really is that simple, but our bias against business prohibits discussion of this basic truth.
I was going to add a comment about the fact that growth means something you do in a remote area becomes unsafe not through your own actions, but due to actions of others, yet you are somehow liable for other's actions, which seems unfair. I see it's been mentioned, but only in this one context, and it's happening in many.
What is galling, is that those others KNOW they are moving to an area that already has this unsafe/annoying then, then often successfully lobby to have it removed or made unprofitable.
I perceive this as highly unfair, it's not like the guy starting the unsafe/annoying enterprise is moving in on an established neighborhood -- he went where he was to avoid those problems in the first place, and it's the new guys causing the safety issue by voluntarily moving there. And our entrepeneur probably paid extra cost to go to a remote place -- has to pay more salaries to get workers and so forth.
I have experienced this myself in a couple of contexts. I moved to the far boonies (Floyd county, VA) in the '80s to enjoy nature, and more freedom. At the time, I had perhaps 5 neighbors within a mile radius. I now have maybe 50 in that same radius, and some of them complain about things like my shooting range, which of course was here before they moved here - Many of them also came here to enjoy nature, but it seems after a few years they want paved roads, streelights, and perhaps some fast food closer than the 20 miles the closest one is, and get that happening, thus destroying the very thing they moved here for in the first place. When I moved here, my 30 some acres was a "small place", and now it's one of the larger places around...
There is a flaw in your argument, in that you are assuming that the land the plant owner has acquired is all that the plant effects.
If I buy a plot of land next to yours and start a toxic waste treatment plant and effect a water course that crosses your property then you would rightly feel that you had some rights to complain.
Now if I argue as you have done that's all right because your plot of land is "vacant" and therefore of no consequence to any plans you might or might not have for it as I got my toxic plant in first, you would feel somewhat aggrieved.
The simple fact is that what you do with land should stay on it and not effect other land around it. You should not change or alter the water table, you should not dump pollutants into the air or water or land and a whole host of other "good neighbourly practice that corporations tend to have no time for as it interferes with their perceived right to make profit with minimum expenditure.
The fact that you then chose to build a house on your land after I have built my plant in no way gives me the right to put you your loved ones or your property at risk due to my lack of caution or expenditure and a facile argument that I was their first.
If we where neighbours in town and I decided that as I was their first I had the right to flytip my garbage into your garden, how long before a judge would tell me that no it was not acceptable and take punitive action against me.
Exactly the same should apply to companies.
To make a profit at somebody else's expense simply because you think it OK is not a "right" plain and simple it is not something you should do, as it says in the bible amongst other places "Do unto others..."
You demolish a straw man of your own making. I never claimed that "the land the plant owner has acquired is all that the plant effects." My argument was precisely opposite, that the hazards can be best determined by private parties, and that respect for private property rights and voluntary transactions makes this and other issues crystal clear and straightforward (not the same as easy) to resolve.
Nor did I suggest that pollution or tipping garbage into a neighbor's garden is acceptable behavior. Again, respect for property rights provides clear guidance and just resolution of these conflicts. It is precisely because the government refused to enforce legitimate private complaints against polluters, and instead arrogated to itself the ability to regulate and arbitrate pollution, that we have the legal and regulator morass that we all live in today, and waste time and money on unresolvable (within the bounds of this fundamentally flawed system) questions like these.
I find it interesting that people will seldom address the basic argument, and instead attempt to divert the debate with entirely irrelevant straw man tactics. Nice try, clean miss.
@ Doug Coulter,
"... some of them complain about things like my shooting range, which of course was here before they moved here - Many of them also came here to enjoy nature, but it seems after a few years they want paved roads, street lights, and perhaps some fast food closer than the 20 miles the closest one is, and get that happening"
Err Doug, you have a shooting range on your property and expect the neighbours not to complain, yet when they want to do something you don't want on land you don't own you think they are in the wrong.
Take a step back from what you are saying and have a little think about what is different between you and your neighbours as far as others can see...
@ Clive Robinson
"Err Doug, you have a shooting range on your property and expect the neighbours not to complain, yet when they want to do something you don't want on land you don't own you think they are in the wrong."
Err Clive, I didn't see anything in Doug's post where he said they were in the wrong. I do see an observation that the new people are taking actions that destroy the very thing that was the reason they moved. And Doug's observation is quite apt. I know I've seen stories of people who were highly allergic to pollen being told that they should move to Arizona due to the low pollen count. And then upon moving there, proceed to plant lawns, flowers, and such, doing a lot of water consumption to keep their little green plots green. And in the process raising the pollen count. Another example of people destroying the very thing that was the reason for them moving in the first place.
"You demolish a straw man of your own making. I never claimed that "the land the plant owner has acquired is all that the plant effects." My argument was precisely opposite, that the hazards can be best determined by private parties, and that respect for private property rights and voluntary transactions makes this and other issues crystal clear and straightforward (not the same as easy) to resolve."
Sorry yours is the straw man argument.
1, You claim "hazards can be best determined by private parties".
Err no they cannot for an individual to make a valid judgement they have to have,
A, all the facts.
B, The ability to interpret what they mean.
If I go and knock on your plant door and say "I need to know everything you are doing and exactly how, as I'm thinking of buying the land next door"
If I'm lucky I will get politely told to go away, if I go to a judge with the same argument to force disclosure he will tell me to go away. So your argument from that point is a fantasy.
Even in the very very unlikley event they do give me all the information, they might well decide to change what they do the day after I purchase so again your argument falls into fantasy.
You also say,
2, I never claimed that "the land the plant owner has acquired is all that the plant effects."
3, "that respect for private property rights"
Are in direct conflict with each other, the plant owner has no rights to effect property they do not own plain and simple. The EPA amongst others are there to prevent them, however the EPA has no teeth due to the lobbying of plant owners. In fact an argument could be made that the EPA by allowing some level of pollutants to fall outside of a plant are in breach of the constitution.
You also say,
4, voluntary transactions
Again no, If you own a property next to mine and decide to sell it to a proxy of a chemical company, there is absolutely nothing I can do to stop the sale.
Therefore from my point of view there is absolutely nothing voluntary in the transactions as I had no ability to stop it (except get into a biding war if I even know in advance a sale is planed and that is not voluntary either that's playing high card draw with a gun against your head).
Likewise if you decide to change what the plant does after I have bought the land there is nothing voluntary about it, I have no choice.
And further you say,
5, makes this and other issues crystal clear and straightforward (not the same as easy) to resolve.
Again corporations tend to be extremely secretive about what they do to prevent prices etc escalating. So absolutely nothing "crystal clear" about that until they are in a position whereby you have little choice but to accept what they decide.
With regards to,
6, "I find it interesting that people will seldom address the basic argument, and instead attempt to divert the debate with entirely irrelevant straw man tactics. Nice try, clean miss.
The basic argument is one of property rights going back through some thousand years of legal history. Which you have in now way addressed in your fantasy argument so not even a nice try.
Irrespective of if it is garbage or pollution your neighbour puts over the fence onto your property you cannot stop it, only take action after the event.
Which is not a lot of use after you or your family or property are irrevocably damaged or dead or you cannot afford to take legal action...
Instead of garbage it's a heavy metal like lead in the water course or worse toxin is that OK?
Well how about if the lead is in a bullet is that OK?
After all it's still lead and it still ends up in your body and chances are either way it's going to kill you.
Plain and simple if it stays on your property and does no harm to others at any time then all well and good, if not then you are in the wrong especially if you are aware before hand that there is risk and fail to address it correctly (or at all).
I must assume that those who support property rights would agree that the company siting the plant adjacent to other owner's property is taking value from them as the presence of the hazard limits the resale value/use of their property, no?
Some here have claimed that the nearby property should never be used for residential purposes because the company decided to build a hazardous facility in the area and the current owners of that property were not using it when the plant was built. This is clearly a taking of value from those folks as their ue of the land that they owned before the plant was built has been curtailed. Perhaps the equitable solution would be to require the company that is building the plant to pay all property owners within any hazard zone for the value that they lose...
"I do see an observation that the new people are taking actions that destroy the very thing that was the reason they moved"
You see two observations/assumptions. The first you acknowledge is Doug's, which is,
"Many of them also came here to enjoy nature, but it seems after a few years they want paved roads, streelights..."
The second you don't which is mine.
I'm observing that as Doug has said it immediately after,
"and some of them complain about things like my shooting range"
That it was in essence it came across a complaint in return otherwise why make the statements in that order without putting in seperate paragraphs etc?
It was certainly the way it came across to me which is why I invited Doug to,
"Take a step back from what you are saying and have a little think about what is different between you and your neighbours as far as others can see..."
Thus if Doug meant it another way he could set the record straight.
"Perhaps the equitable solution would be to require the company that is building the plant to pay all property owners within any hazard zone for the value that they lose..."
It sounds like a good idea but, in practice how do you value what a property is worth to another person and do you make in a one off payment or a payment over time or something that is payed every year for as long as the land is owned etc...
Perhaps a more sensible option would be for the government to purchase the land at it's usual knock down rates and then lease the land to the companies.
The money raised should then be used to either provide further compensation to the previous land owners on a prorata basis or invested in environmental protection and clean up.
The underlying issues are as you noted the property rights of those owning land in the "fall out zone" and minimizing cost to industry so that it remains comercialy viable.
There are of course many ways to achieve the latter objective but it flys in the face of free market economics (which I don't actually believe in for various good reasons).
I think at this point I should reveal that I am English of Scottish ancestors and conservative with a small C and socialist with a small S.
Yes I know it sounds like I'm stuck on the fence and cannot make my mind up but stick with it,
I believe (rightly or wrongly) that things for the common good should be funded by the public purse (ie infrastructure such as roads, dams, levies, education, medical care, pensions, etc) as this raises the tide for everybody more or less equitably.
However I also believe in open markets which are genuinely open to all where genuine consumer choice can be expressed.
The problem with this outlook is it does not sit well with certain aspects of industry where it makes little sense to have a market that is open to all as not all can participate due to resource limitations. In markets such as these there should be legislation/regulation to prevent cartels or monopolies exploiting their position.
The problem is that we do not live in a true democracy but "representational democracy" which means under the current system our chosen representatives are only answerable to us infrequently and can chose to do what they please the rest of the time. And if that means they listen to corporations in preference to us (as they appear to do) then they are not our representative's and thus there is something wrong with the system (but you knew that any way ;)
funeral parlors have a requirement in this state and probably others that someone live on the premises.
for chemical plants, it should be required that security manager and the general manager live inside the site. this would have a great effect on securing the place and cleaning up the air.
If you can require it from funeral parlors for some reason? you can do it for toxin manufacturers.
Clive R. you da man...yes, a clear rational well informed discussion from Clive is always educational. the others in this particular debate all have obvious shortcomings of narrow knowlege and vested interests in ecopiratism and social regression.
Dude, do you have a substantive point to make about chemical plant security? "Rah-rah" messages in which you simply root for your favorite commenter while disparaging all the others are not very illuminating.
Regarding your other comments of this morning, please stick closer to the topic. This is a security blog, not a platform for general political rants.
@Roger who works at a chemical plant
Here in California, long commutes are common and very hazardous facilities are now surrounded by bedroom communities. However the senior engineers and management tend to live considerable distances from their own facilities. This factors not only into general plant safety but also into emergency response times. Even some of the line workers (you know, the ones who actually wear bunny suits and close valves) are commuting from up to an hour away.
As for decision-making authority, it is clear that the local managers do not have the authority to spend what are frankly trivial amounts of money. Good industrial padlocks are $50 each. I would think that a @#*!&$ _exterior gate_ bordering a _public road_ should be protected by a decent lock.
A chemical or software engineer may be a great engineer and a valuable professional, but their expertise does not extend to security issues! Witness the recent debacle at HP where Greenpeace demonstrators painted "Hazardous Products" on the roof of their headquarters building in Palo Alto. Like a pie in the face, it's not what happened -- but what _could_ have happened.
The regulations that exist actually get in the way of improving security. I think one of the reasons why managers are afraid to improve security is because they are afraid of the paperwork costs of doing so. More regulations do not and will not equal better physical security.
Your politics aside, you make an excellent point about individual versus organizational responsibility.
However the lifestyle we choose to lead as a culture requires that we process and handle large quantities of hazardous chemicals. Whether one is disposing of industrial solvents, calibrating medical equipment, manufacturing circuit boards or cracking "sweet crude" to gasoline, the plain fact is that someone's got to do it, and right now they do it for the money.
Security is perceived as a cost of doing business, to be minimized whenever possible. That this is incompatible with public safety should be fairly obvious. That additional regulation is the way to solve the problem, is less so.
"Security is perceived as a cost of doing business, to be minimized whenever possible. That this is incompatible with public safety should be fairly obvious. That additional regulation is the way to solve the problem, is less so.
Yes and no (on the ideas).
As you note the cost of doing business is (seen as being) in conflict with public safety.
This is the rub, passing the cost off onto society or other externalities might be the quick-n-dirty way of doing things "but is it socialy acceptable?"
The next question is "if we protect our society via increased regulation etc, what is the end result?"
Unfortunatly as we have seen the problem does not get resolved it gets put somewhere else in the world. Usually where the society there is even less able to defend it's self, and desperate for any economic activity to improve the wealth in the nation (all be it straight back out to a dictators Swiss bank accounts).
There are only three imediatly obvious solutions to this,
1, Use a less hazardus process.
2, Closed markets and strong home regulations.
3, 100% international aggrement on "non dumping" of hazadous processess.
The problem with (1) is that a safer process will usually involve a substantial investment in new plant and may also have lower yeilds or higher raw material costs. The state could chose to subsidise some or all of these costs in return for the social benifit.
Likewise (2) "closed markets" such as Japan's "rice market" are seen as anti competative and effectivly the equivalent of "state subsady" (the Japanese citizen pays higher rice prices instead of tax but the effect is the same, however I'm aware that is only one part of the story).
There are currantly laws in various parts of the world to stop organisations in other countries "dumping goods" onto markets. In principle there is no reason why there should not be laws to stop other countries "dumping hazadous manufacture" onto a poorer or less regulated economy etc. But it will never be seen as a benifit by governments of those countries in fact most likley the oposit.
The upshot is from this it can be seen that the "free market" is in conflict with the needs of "society".
Which comes around to a question of ethics.
We know that business is amoral that is morals do not apear in any economic equations used on the day to day business. However from things like "Fair Trade" we know there is a market for "ethicaly sourced" items, even in the current recession it appears to still be a growing market.
So the question then becomes how do you put ethics into business?
SabOx was a regulatory method that has significantly failed to achive enforcing ethics, banks etc just invented new financial instruments etc and did an end run around the auditors. Even in the two main banks (May/Mac) that specificaly had over 100 Fed employes in auditing oversight.
I feel (personaly) that limited liability for large organisations their directors and share holders and the short term reward culture for unrealistic growth are in many ways responsable for this lack of ethics (others may disagree but I would need to see a reasonably well presented case for the opinion).
Another form of state subsidy which I mentioned further up the blog might resolve the issue but it would be a form of state control.
The Gov buys up land via compulsory purchase and then re-zones it and leases out blocks of it to industry. It enforces safe buffer zones and proper environmental controls as parts of the lease. In essence this would be no more expensive to either business or the tax payer than having DHS personell intermably guarding toxic holes in the ground left by organisations that have cut and run leaving the mess.
As part of the deal the Government also provides suitably environmently friendly infrestructure to prevent the need for home building etc around the factory fence.
However as seductive as this might sound it is going to be fraught with issues that would probably make it unworkable for all but a few very high risk industries.
> If I go and knock on your plant door and say "I need to know everything you are doing and exactly how, as I'm thinking of buying the land next door"
> If I'm lucky I will get politely told to go away, if I go to a judge with the same argument to force disclosure he will tell me to go away. So your argument from that point is a fantasy.
Actually, in most developed countries this is not really true and has not been for many years. The business must placard the potential presence of hazardous substances at an easily observed location on the perimeter, and keep registers which at a minimum can be inspected by local government officials; in many jurisdictions they can also be inspected by members of the public, and in a few they have to be posted on the internet. Note that this applies only to businesses; private householders can do as they please.
At our plant, by the way, if you knocked on the door and made this enquiry we would politely invite you on the guided tour.
> Are in direct conflict with each other, the plant owner has no rights to effect property they do not own plain and simple.
This is not true. It is impossible to even exist without "effecting" the rest of the world. Instead of such an impossible requirement, there are specific restrictions on reasonable and unreasonable effects. For example, it is not required that a plant's operations be totally silent, but rather that by day the sound level at the perimeter fence is quiet enough not to disturb a normal conversation (and much quieter at night.) Of course this restriction is much more stringent than those for private households, you may see a pattern emerging there.
> The EPA amongst others are there to prevent them, however the EPA has no teeth due to the lobbying of plant owners.
Sorry Clive, that's a popular myth but it's not true. The EPA has massive powers against companies, what they are toothless about is private persons. To take a random example, we use some alcohol at our site, as a solvent. Any area that uses it has to be strictly filtered because alcohol vapour is classed as a VOC and is heavily regulated -- so long as it comes from a business other than a bakery, winery or brewery. The maximum concentration of alcohol vapour that we can emit is much lower than what a private householder emits by holding a house party. At this point most people will jump in and say that a plant has the potential to release far more than a person opening a bottle of wine, but in fact there are only a few dozen plants of our type, there are hundreds of millions of private householders. Alcohol is just one example, there are many, many others where private householders are totally unregulated major polluters and yet the culture is such that the same people continue to bitch vigorously at trace emissions from plant.
Here's another, now I think of it: selenium. If a private householder washes his air with anti-dandruff shampoo, it's considered perfectly ok to just flush the selenium contaminated waste-water down the drain. Ye gods.
> In fact an argument could be made that the EPA by allowing some level of pollutants to fall outside of a plant are in breach of the constitution.
Maybe you could make such an argument, and the lawyers would have a field day, but it is obviously nonsense. If such an argument were sound, then the EPA breaches the constitution by merely allowing people to breathe, since that causes a pollutant to fall outside their own land. In practice you are limited to reasonable restrictions that cause no hazard greater than some level set by law. Those restrictions are far tighter for the commercial operator than they are for you as a home-owner.
Frankly, I think this has to stop. It's not just a case of beating the public with the same stick they have used for years, as amusing as that might be. It really is a serious issue; most industries have been really tightly locked down and the next target if we are going to make significant further gains has got to be home-owners. And there can't be any talk of redirecting costs back onto industry through indirect taxation. If these sorts of controls are to really work, you have to feel it in your hip pocket.
> Again no, If you own a property next to mine and decide to sell it to a proxy of a chemical company, there is absolutely nothing I can do to stop the sale.
This is not true also, because of zoning regulations. If you have a residential (or agricultural, or commercial, or whatever) property and someone sells a neighbouring property to a chemical company, they just plain won't be able to use it unless and until the land gets re-zoned. Rezoning from residential to industrial is basically impossible, and for any other rezoning you have plenty of opportunity to let you irritation be known to your local councillors.
The only type of rezoning that is a sure fire winner and you will be unable to stop is -> residential. Doesn't matter if you're a farmer worried about agricultural land being ruined because of people complaining about noise from the dairy at 4 a.m. (which is in fact a big issue with our local farmers at the moment!), or a chemical plant worried about housing moving too close; the estate developers are always the ones who will win out. There are two main reasons for this. Firstly, unlike farms and plants, estate developments turn their profits very fast, so there is a lot of cash flying around with which to corrupt underpaid (in fact usually voluntary) rural councillors.
However there is a more subtle reason which enables the developers to exert undue influence completely legally: building a new estate is the only legal and practicable way to make wholesale changes to the actual electorate itself. They don't even have to meet their marks and drop subtle hints; all they do is a little background research on platforms and preferences, then announce in the local papers that "when this application is approved, we will be building a 2,000 apartment retirement village and geriatric care clinic" or whatever bait it is that will get the mark to pay up.
> Instead of garbage it's a heavy metal like lead in the water course or worse toxin is that OK?
Of course. Massively regulated, heavily monitored, huge fines or even criminal penalties apply. Unless you are a private householder, in which case there are weak regulations, no monitoring, and slap-on-wrist fines (if any.)
> Well how about if the lead is in a bullet is that OK?
Much better, in that form it is practically non-toxic, thank you. Although I'll take it without any additional kinetic energy, if you please.
> After all it's still lead and it still ends up in your body and chances are either way it's going to kill you.
Small quibble but you are extremely unlikely to be killed by lead contamination of water, it is just not that toxic. The lethal dose is on the order of a heaping tablespoon of a fairly soluble salt. The main issue at realistic doses is impairment of neurological development, not death.
> However the senior engineers and management tend to live considerable distances from their own facilities. This factors not only into general plant safety but also into emergency response times.
This is somewhat unlikely to be the case if they are on an emergency response team. Triggers for these teams are very much set at low false negative / high false negative levels and typically get raised several times per week. If it was a one hour commute each way they would soon get sick of it....
Having said that, it doesn't really matter. The people with the really time critical response requirements are not relied upon to drive into work, they will already be on site (and do not leave until relieved) as there is no other way to guarantee arrival times (e.g. flat battery, traffic accident etc.)
> Even some of the line workers (you know, the ones who actually wear bunny suits and close valves) are commuting from up to an hour away.
None of those guys need to come in. (In fact, if they are already in and a serious accident occurs, most of them get evacuated out.) The emergency response team is already on site, and there is always at least one on site, in a location where they are unlikely to be overwhelmed by an initial event.
As a minor point, I might add that around here, commuting up to an hour is *not* considered to be considerable distance! I count that as living in a neighbouring town, as I mentioned a few of our guys do that too! However, *most* live in this town, and commute by push-bike if the weather is fine.
> As for decision-making authority, it is clear that the local managers do not have the authority to spend what are frankly trivial amounts of money.
I can't speak for some other facility like that, of course, but it would be quite unusual if that is the case. Usually the site general manager has an overall budget, and strategic goals are set, and almost complete autonomy as to how he achieves the strategic goals. You sure as heck don't get head office dictating whether you can spend money on a padlock.
> Good industrial padlocks are $50 each. I would think that a @#*!&$ _exterior gate_ bordering a _public road_ should be protected by a decent lock.
Well, this may be an example of what Bruce was just discussing about risk intuition! It is entirely likely that buying more expensive padlocks has little role to play in plant security.
Bear in mind, most chemical plants have an outer perimeter fence that is really, really long, so as to enforce very generous buffer zones. It is not practicable to constantly patrol or monitor such a large perimeter, and expensive locks are pointless if someone could just climb over the fence, or cut through it, or such like. But equally, constant monitoring is unnecessary because the fence is not meant to be impenetrable. It serves two purposes: firstly, it keeps the public out of the buffer zone, and thereby contributes to public safety. Secondly, like a picket fence, it acts as a "tripwire": crossing it is not enormously difficult, but hard enough that anyone who does so can definitely be regarded as a bad guy. By thus filtering out most false positives, we can be much more aggressive with the rest of the security posture.
Oh, actually it also serves a third purpose: it stops roaming dogs from attacking our sheep. (We have a *lot* of parkland in the buffer zone, and sheep are more practical than slashing.)
> A chemical or software engineer may be a great engineer and a valuable professional, but their expertise does not extend to security issues!
Absolutely. Which is why all decisions on such matters are outsourced to our security contractors.
I'd love to work at your plant. Here are some highlights of what I've seen and read in the local papers:
-- ERTs and hazmat teams do not have participants who are managerial personnel; cancel drills for cost reasons; and even during normal working hours sometimes have less than the X number needed to carry out a personnel rescue.
-- There are times (typically "3 AM" or "$HOLIDAY") where the facility is operating but no emergency resources (either public or community) are available in less than 1 hour. Yes, that means operating personnel who go down are doomed; corollary is that they are less able to risk themselves for the safety of the larger community.
As for padlocks, a dollar-store padlock is much like a seal, except that it does not have a unique identifier. It can be casually broken by an aggressor, and even more annoying, tracelessly replaced by an imitation for which the aggressor has a key but the security force does not. This can be used for example to break contact from pursuers.
A rekeyable padlock pays for itself every time you rekey, assuming you have a competent locksmith available and that you actually do rekey occasionally. This is important when you allow people to take keys home.
-- Buffer zones are small to non-existent, as in houses within a few hundred feet and apartment complexes and suburban developments within 1/2 mile or less.
-- Long stretches of fence can be inexpensively monitored through a variety of electronic techniques.
-- Refineries in Richmond, Martinez and Long Beach are a good example of these problems.
-- Bad guys can always jump or cut fences. What they can't do is bring vehicles through without severe (and noticeable) fence damage and marks on the ground, unless they defeat a lock. Also one is more likely to point cameras etc. at the gates. I agree that a lock tougher than the chain it is attached to is a waste. However gates are important because of the increased ability to bring stuff in and out.
>> But equally, constant monitoring is unnecessary because the fence is not meant to be impenetrable.
Where the fence is your primary element of physical security and there is no secondary fence or buffer, the fence acquires a new importance.
>> Secondly, like a picket fence, it acts as a "tripwire": crossing it is not enormously difficult, but hard enough that anyone who does so can definitely be regarded as a bad guy.
>> A chemical or software engineer may be a great engineer and a valuable professional, but their expertise does not extend to security issues!
> Absolutely. Which is why all decisions on such matters are outsourced to our security contractors.
Security is a primary responsibility of the management and while carrying it out can be outsourced, verifying that it is present remains a responsibility of the (in this case) chemical plant owners.
When it comes to public safety, I think perhaps there may have been a little too much outsourcing (or neglect in the name of outsourcing) already.
You make some good arguments, but in reference to your response to Clive's comment:
I think Clive's response to Steve's post was presupposing that the world worked the way Steve is proposing it work, to illustrate the point.
> My argument was precisely opposite, that the hazards
> can be best determined by private parties
Please cite some research to support this assertion. There is a large body of studies (referenced here and there on this blog) that supports the absolute contrary view: it is very difficult for the average person to correctly assess risk, it is very difficult for two parties to establish trust, and therefore it is very, very, very difficult for two parties to trust each other's assessment of risk.
This means that not only is risk usually not best determined by private parties, but it is extremely difficult to negotiate a reasonable level of risk between two private parties.
> and that respect for private property rights and voluntary
> transactions makes this and other issues crystal clear
> and straightforward (not the same as easy) to resolve.
Again, to paraphrase our wikipedia overlords, "citation needed".
Even assuming this were the case, it presupposes that there is no audit cost; that everyone respects property rights as a general principle, and that everyone has the same idea of what property rights are as a general principle, and thus there is no need to ensure that these two things are true.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.