Deliberate attacks (security attacks) pose a significant threat to offshore Oil&Gas critical infrastructures as they
have the potential of triggering major event scenarios with severe consequences on people, property, and the
surrounding environment. The standards API RP 70 and API RP 70I address security issues in the offshore
Oil&Gas sector, providing a semi-quantitative approach to evaluate the actual level of security risk. However,
as the credibility of security attacks grows, security risk assessments should be approached in a more
systematic and quantitative way to measure vulnerabilities and determine the level of protection available in the
site. In this context, the present study introduces a systematic quantitative procedure using Bayesian Network
(BN) to calculate the probability of success of physical attacks and the role of preventive and mitigative response
strategies. The procedure is applied to a case study allowing to show its potential for improving security in the
offshore Oil&Gas industry
