External corrosion threat

Definition of hazard

• A characteristic or group Of characteristics that provides the potential for a loss.

• Examples: Internal and external corrosion, stress corrosion crack, material defects, third-party damage and environment including toxicity, flammability, exposed pipes, lack of signage, etc. Pipeline Corrosion Control

• Coating is the main corrosion control technique.

• But dependence on one source for protection is not a very wise approach - No coating is perfect.

 • To protect coating flaws, cathodic protection (CP) is applied.

• Coatings and CP are successful combination for corrosion control. External corrosion on a pipeline could be microbiologically induced corrosion (MIC), or from galvanic action or elec- trochemical reaction, where the steel pipe becomes an anode in an electrochemical cell. This is a tinl&dependent hazard,and occurs after some time iri service.

To address these threats, collection of data is carried out, and based on the analysis of those data, a risk assessment plan is prepared. This is an important step. The data collection process is a painstaking and detailed activity. In the beginning, the collected data may be  verwhelming and intimidating, but a good risk assessment program is data dependent. In fact, most of these data are already in the computers of the pipeline op erators but they keep sitting as dead data. In the world ofcomputers, it is easy to share, download, and transfer most of these valuable data and put them to better use. "Better use" IS the availability of the data for analysis that helps manage the risk. Periodically this collection ofdata can be refreshed and updated. There is no limit to the available data and its possible use. However, the basic data that needs to be collected in this context is listed below:

a. Pipeline year of installation

b. Pipe grade (ASTM A 106 Grade B, API 5L Grade B, X42, X65, X70, etc.)

c. Pipe diameter and wall thickness

d. Maximum operating pressure (MAOP) (or design pressure) and temperature e.

seamless, double submerged arc welding (DSAW)

f. Pipe seam type, e.g., electric resistance welding (ERW), Coating type, e.g., coaltar enamel, fusion bonded epoxy (FBE), three-layer polyethylene (3LPE)

g. Coating condition at the time of lxst inspection (updated periodically)

Active Scanner Deployment: Physical

The first step in implementing a strategy for deploying physical scanners is to select a central location to which all scanners will report in the future. In the case where there may be multiple central reporting servers, select a location with the most hosts on the local network, and preferably one that has unfettered network access to other major locations. Verify that there is sufficient bandwidth available to support a schedule structured using the method previously discussed. Then, follow this iterative process:

1. Perform test scanning and remediation reporting on the local network where the reporting server is installed or is on another less critical network. A 24-bit classless inter-domain routing (CIDR) block would be sufficient.
2. Review the report results and any unexpected impact on the environment.
3. Adjust the system and scan parameters to compensate. Be sure that any adjustments you make are scalable to hundreds or even thousands of networks once the deployment proceeds.
4. Add as many similar network ranges in the local office as possible, one at a time.
5. Repeat the previous steps to validate the reports and impact on the environment. Adjust accordingly.

While waiting for a few cycles of this activity to complete in the local area, plan and coordinate the next phase of scanning over the WAN to other offices in the scope of your scanning strategy. These are offices that will not receive equipment but have the capacity to be scanned through their WAN connection without impact to operations. Again, repeat the evaluation and refinement process and update the scanning standards documentation accordingly.

As the expansion of scanning begins outside of the local office, begin generating and refining the management reports. At this stage, management will become quite curious about the results of the new system. Be sure that the reports are reconcilable and that questions about their content can be addressed. If the pre-acquisition testing has been done properly, this should be easily done with possibly minor assistance from the vendor. Having an executive sponsor who is willing to preview these reports before they go to a wider audience can help identify discrepancies and questions earlier.

At this point, as much as 75 percent of the initial zone of scanning should be deployed and processes beginning to take firm, repeatable shape. The next zone of deployment should then be planned by selecting another major office with as many good connections to other target offices. Then, repeat the gradual expansion process discussed in the previous steps.

Deployment Methods | Vulnerability Management

There are many ways to deploy a system, and what is needed for the operating environment will possibly affect the solution chosen. In some ways, this is related to architecture, as discussed earlier in this chapter. But, there are other considerations to be made related to how you will deploy a system. In this section, we will discuss the major issues affecting deployment.

The goal in the approach to deployment is to achieve maximum effectiveness in the shortest period of time with the least investment. Following is the basic deployment strategy to achieve this:

1. Establish a foothold with maximum access to target systems.
2. Test processes on a small scale and refine.
3. Expand deployment by adding targets until the foothold is 75 percent deployed.
4. Simultaneous to item 3, create and refine management reports at all levels.
5. Take additional steps in other locations.

We will review each of these steps for active physical scanners, active virtual scanners, passive analyzers, and agents.