Preparedness a priority
Operators and licensees on the NCS must have systems and security measures in place to protect against terrorist attacks. "Although Norway remains a secure country, there is no reason to be naive", says Finn Carlsen, one of the PSA’s directors of supervision.
Security can be defined as protection against undesirable but deliberate actions and incidents.
Section 9-3 of the Petroleum Activities Act on emergency preparedness against deliberate attacks reads:
“The licensee shall initiate and maintain security measures to contribute to avoiding deliberate attacks against facilities and shall at all times have contingency plans to deal with such attacks.”
The petroleum industry has always had to prepare for and protect against deliberate assaults. But incidents such as the outrages in Norway on 22 July 2011 and the In Amenas hostage drama this year have greatly increased Norwegian concern with the issue.
Responsibility was delegated to the PSA in early 2013 for enforcing section 9-3 of the Petroleum Act on emergency preparedness against deliberate attacks. Operators and licensees on the NCS must have systems and security measures in place to protect against terrorist attacks.
Pursuant to this provision, licensees must “initiate and maintain security measures to contribute to avoiding deliberate attacks against facilities and shall at all times have contingency plans to deal with such attacks”.
“Delegating enforcement of this section to us represents a clarification of our authority,” explains Finn Carlsen, one of the PSA’s directors of supervision.
“It covers following up work by the players on health, safety, environmental protection and emergency preparedness – including their readiness to deal with deliberate assaults.”
Prevention and improvement of both safety and security levels are the top priority. This involves avoiding harm to people, the environment and material assets, managing risk and having systems and barriers in place to ensure acceptable operation.
In addition, prevention deals with protection against conscious, deliberate threats and actions.
“Norway is still a secure society to both live and conduct business in,” emphasises Carlsen. “But we have no reason to be blue-eyed. “The threats we face are constantly changing. Recent incidents both at home and abroad provide terrible reminders of how important it is that the companies are aware of the threats, have the necessary systems in place and are well prepared.”
The companies are responsible
The companies themselves are responsible for complying with the regulations, both in preventing accidents and undesirable incidents and in protecting against deliberate attacks.
“Our job as the regulator is to supervise that the companies fulfil this responsibility,” observes Carlsen. “We also check that cooperation in the industry and between the players and government resources is effective.
“We monitor that the companies have adequate management systems, have plans and procedures in place, are prepared to respond appropriately and have adequate barriers.”
The PSA conducts specific audits focused on the industry’s preparedness to deal with deliberate attacks, Carlsen adds.
“Our impression so far is that the companies have good systems and barriers. But it’s important that they ensure continuous improvement and actively learn from relevant incidents.”
It is up to the companies to decide which specific security measures are necessary, and how their emergency preparedness plans are to be configured.
“Detailed knowledge of the facilities rests with the operators,” Carlsen points out. “They must analyse the threats, and know what must be protected and against what.
“We supervise that the overall level of security meets the requirements, but responsibility rests clearly with the companies. And that requires them to have sufficient knowledge, expertise and resources to exercise it.”