Contacts

Date Download Description

Daniel Rees

Daniel Rees
T: (206) 248-1818 x233
Email: drees@curtisswright.com

VSAT

Plant security and methodology analysis software

The VSAT™ Methodology and Software bring fresh, new insights to senior executives who face difficult questions about whether and how much to invest in security for their enterprises. By simplifying sophisticated risk analytic processes, VSAT™ enables users to evaluate exactly where they may be vulnerable to a wide range of threats to their physical infrastructure, IT platform, employees, customers, and knowledgebase. Armed with such insights, VSAT™ plans and optimizes changes in procedures, organizations, equipment, hardware, and software to reduce risks consistent with budget, manpower, and other limitations. VSAT™ was originally developed for the Water and Wastewater sector, but has been adapted for many other applications including other utilities, airports, manufacturing, and office buildings.

Background

The events of September 11th focused renewed attention on protection of our nation's critical infrastructure. Organizations across the nation have an increased awareness of risks and are recognizing the potential vulnerability of their physical assets, and also the assets embodied in their employees, their knowledge base, their information technology and their customers. Organizations must now grapple with the possibility that their infrastructure assets may be targets of direct physical threats x or serve as conduits for indirect physical threats. Standard industry-wide protocols are just now being developed for addressing security risks. Managers also face a balancing act between demands for security and the resources needed to enact and finance those actions.

VSAT™ Approach

The Vulnerability Self Assessment (VSAT™) methodology and software provides a structured, cost-effective approach for organizations to assess their vulnerabilities and to establish a risk-based methodology for making necessary changes. The VSAT™ methodology groups an organization’s assets into the classes of People (Staff), Physical Plant, Knowledge Base, Information Technology Platform, and Customers. VSAT™ is based on qualitative risk assessment techniques and supports baseline vulnerability analysis as well as security improvement analysis that helps managers choose new countermeasures to reduce vulnerability. Perhaps most importantly, VSAT™ assists in the management decision process by enabling managers to trade-off cost for risk.

The methodology and software are flexible, customizable, and user friendly. VSAT™ software is equally applicable to deliberately caused or natural disasters. In addition to a library of prototypical assets, included in the software application are threat and countermeasure libraries. As users proceed through self-assessments, VSAT™ automatically documents the analysis process during each step. VSAT™ helps users identify critical asset(s) and potential single points of failure.

The VSAT™ process culminates in a series of risk-reduction-cost reports that presents findings in clear and concise ways. This is important, because the goal is business continuity and, at the end of the day, VSAT™ provides solutions that enable utilities to mitigate risks of business interruptions at least cost.

VSAT™ Advantages

VSAT™ software offers several distinct advantages over traditional paper and pencil approaches:

  • By comparing risk conditions in the baseline vulnerability assessment and security improvement analyses, VSAT™ computes “Risk Reduction Units” for various countermeasures. The cost of these countermeasures is also compiled so that the "cost per risk reduction unit" can be computed. Thus, at the end of the analysis, VSAT™ is used to directly support decisions on the most cost-effective way to invest in security improvements;
  • VSAT™ is easily updated as assets, threats, or countermeasures change; and
  • VSAT™ compiles cost and risk profiles for “Scenarios” that describe various combinations of countermeasures.
  • VSAT™ documents all decisions and assumptions, enabling managers to re-create their thought processes leading to decisions.

Summary

While VSAT™ was originally developed for the water and wastewater industry, it has been adapted for use in public buildings, airports, electric utilities, and gas utilities. VSAT's approach to risk assessment and its functionality is widely applicable to any enterprise with substantial physical, IT, and/or employee assets, About 5,000 copies of VSAT™ software are in use today.

Acknowledgements

VSAT™ was developed by PA Consulting Group and Scientech, under contract to the Association of Metropolitan Sewerage Agencies (AMSA), with funding in part from the U.S. Environmental Protection Agency.