Security Risk: The Missing Ingredient in Pipeline Integrity Management

“When it comes to pipelines, security is today where corrosion was 20 years ago.”

This candid assessment, from Phillip Nidd, Vice President of Operations at Dynamic Risk USA, really distilled our impressions and understanding of security’s role at the 29 September – 3 October 2014 International Pipeline Conference in Calgary, Alberta, Canada. The remark came in response to our question about the use of pipeline ILI (Inline Inspection) tools to detect and assess security threats. Indeed, the dialogue at this conference included all of the familiar semantics of risk: threat, vulnerability, asset impact evaluation, and mitigation measures and tools. The analysis of risk by the industry is very sophisticated. There are rigorous methodologies focused on qualitative analysis, not just quantitative methods. In many of the tutorials at this heavily attended forum, one could close their eyes and think that security was the topic under discussion.

But it was not. Conspicuous by its absence was any discussion of terrorism or terrorist threat actors, of state-sponsored third party attacks on pipelines, such as those recently witnessed in the Ukraine, of the exponential growth of illegal “hot taps” by Mexican criminal cartels, or even of sophisticated illicit gathering pipelines put in by the Zetas in Mexico to steal and sell product. The concept of threat, at least in this conference, remains captive largely to the category of “hazard” and less to what we really wanted to hear.  There was no mention of the “intentional” threat vectors inhabited by criminal cartels or terrorists. The ASME 31.8S does allude to vandalism in its 21 “threats” to pipelines, but vandalism just doesn’t cut it if we’re weighing the analysis of security risk. Vandalism implies random attack; this does not define the deliberateness and planning of a terrorist attack or sophisticated criminal cartel activity. In terms of threat, understanding those threat actors, their existence, and methods, is critical to mitigating their actions. More specific, focused terms are needed. As if to underscore the absence of any real discussion of security threat and risk, was the absence of any other security professionals at the event. We looked high and low, but none were to be found.

It is a short step to add security assessment, planning, and mitigation measures to existing pipeline tools. Pipeline integrity is a full-cycle process from acquisition or construction, right through to operation, inspection, and risk management. With tools that match each of these phases of the cycle (Risk Assessment, Analysis, Planning, Implementation), security can easily be matched to existing tools and processes in use in the pipeline industry. Security and security master planning is slated to become part of the regulatory regime for those routes and transmission lines in Canada and North America. For those lines outside of regulatory environments, the need for security assessment and planning is more acute and urgent – in our view. Fortunately, the tools are there to address and mitigate the risks.  It is time to put them in action.