CNI: The Security Factor

Posted On 15 May 2017
Comment: Off

The likelihood and potential impact of a range of different civil emergency risks would directly affect those facilities, systems, sites and communication networks necessary for the functioning of the country. In view of the challenging risks now facing the UK, it’s vital for Government and businesses to work collaboratively on harnessing a joined-up safety and security strategy. Here, Chris Edwards examines key security challenges facing the nation’s infrastructure and outlines several potential solutions.

Today’s organisations must drive a risk management strategy that’s supported by governance and implemented by the Board and senior management. All employees, contractors and suppliers should have a clear understanding of the risk management regime and be familiar with related policies, practices and risk boundaries.

The best methodology for organisations to safeguard themselves against security threats is to use a fusion of protection measures encompassing physical, personnel and cyber security. A multi-layered approach will deliver the optimum combination of deterrence and detection and assist in the delay of any attack.

It’s imperative that procedures, measures and investments put in place are appropriate and proportionate for that specific situation. Even within the same organisation, the needs of different locations will vary considerably. Therefore, priority must be given to ensuring that the security measures taken are relevant to the threat rather than a ‘blanket approach’. A full risk assessment should be undertaken across individual locations to uncover potential vulnerabilities, fully understand the impact of any intrusion or attack and identify the optimum security response.

The current threat level for international terrorism in the UK is classed as ‘Severe’. Damage or destruction to essential services by extremist groups has the potential to threaten public health, disrupt services and, in the worse case scenario, even cause loss of life.

Organisations are often located on large and remote sites, creating vulnerabilities and making safety and security key issues of concern. Critical National Infrastructure (CNI) faces many operational challenges, but these can be alleviated through the adoption of an integrated technology-based approach, harnessing the experience and knowledge of solution providers who understand the specific requirements of these complex industries and public sector agencies.

The key purpose of every security system should be to deter, detect, delay and deny unauthorised intrusion and to communicate and control any security or hazardous incident. The aim is to deter unauthorised intrusion by showing visible and effective security measures, detect activity across multiple sites, delay intruder attempts to defeat access control measures, deny access to restricted areas and communicate incidents to designated personnel while providing the technical means for controlling critical incidents.

High-level security

A typical CNI project scope might encompass Command and Control solutions, wide area surveillance, perimeter and site intrusion protection, access control for people, contractors and vehicles, alarm management, fire detection and extinguishing provision, phased evacuation systems, lone worker monitoring and asset tracking.

To achieve fully-protected CNI necessitates the installation of robust Command and Control platforms that improve protection across multiple sites, manage critical situations and enhance procedures.

Centralised Command and Control platforms improve efficiency and enhance security and safety operations while also reducing risks. Operators are immediately prompted to take the correct action and the software will automatically set in motion a sequence of pre-agreed activities to ensure the right procedures are adhered to, as well as distributing essential information across multiple agencies.

This integration of many disciplines provides centralised situational awareness, improved information and intelligence, effective response to critical events and the proper co-ordination of resources.

Incidents can emanate from multiple sources such as system analytics or intruder devices. An automated workflow or rules engine will prioritise the importance of these and alert operators in a number of ways. Alarm rules will also assist operatives in managing response times, actions and feedback.

Exported video can be combined from multiple cameras into one cohesive flow of evidence for analysis and, importantly, a complete and comprehensive audit of all activity is automatically generated to provide a full incident report.

Minimising risk in the area of cyber security comprises both comprehensive security mechanisms and integrating security activities into the whole lifecycle. This means taking security considerations into account during development and engineering as well as service and operations activities. Comprehensive security mechanisms should combine physical and network security, as well as system and software integrity.

Cyber security issues have been the subject of standardisation for some time now. As a business, Siemens actively supports the work of (among others) ISA-99, IEC 62443, DHS, the BSI, WIB NAMUR and CLSI AUTO11-A2 with a view to making sure that common cyber security standards are developed.

Integrating legacy systems

As many organisations have evolved over a number of years, there’s often a mix of existing systems and technologies that need to be integrated into a new, state-of-the-art control system. This will necessitate the creation of ‘soft’ interfaces, making it easier to integrate and reconfigure to adapt to change in the future and operate from one single platform.

We’re working with a number of organisations responsible for CNI in order to address their operational, protection, safety, future planning and compliance issues by collaborating in close partnership to develop technology migration strategies that enable upgrades and improvements, while at the same time sustaining original system elements.

A high knowledge base is required to address the technical complexities of CNI, as well as the necessary capabilities to operate effectively in a hazardous environment with full compliance in relation to rigorous processes and procedures. Fundamental to this environment are robust Health and Safety policies and practices. These should focus on critical areas of the business where safe behaviours by managers, employees, contractors and agency staff alike are essential for safeguarding all.

Advanced fire safety

For high-level fire protection, fire safety systems should eliminate the potential for unwanted alarms and offer 100% reliability, particularly in critical locations where immediate and accurate fire detection is vital.

For sensitive and particularly demanding environments requiring an extremely high level of protection, and where immediate and accurate fire detection is vital for life safety, the adoption of Aspirating Smoke Detection (ASD) will provide greater alarm certainty and false alarm immunity.

Unlike conventional smoke detection, ASD actively draws smoke to the detector through boreholes within a piping system that runs throughout the protected area. This offers a significantly higher level of protection as standard systems only respond if smoke can actually reach the detection element, which may be too late in critical environments.

Working in tandem with high-level security and fire safety solutions are voice alarm systems that enable both automatic and live messaging to alert all personnel to critical incidents. These assist in the phased, orderly and safe evacuation to safe muster points, even from multi-level, multi-occupancy buildings. Research has proven that, in an emergency, people will react without confusion or panic if they receive a clear and intelligible message informing them of the nature of the incident.

Interpreting specifications

It’s absolutely vital that life-critical systems are fully supported by engineering teams trained to identify and interpret customer specifications, CDM requirements, relevant legislation and British Standards, not to mention the impact on Health and Safety and the environment.

High-level security and fire safety solutions save lives and protect both organisations and their reputations. They also ensure business continuity across the UK’s vital services.

Command and Control assists by adopting a systematic approach: one that includes the development of a clear technological roadmap configured to drive a coherent, joined-up and long-term investment strategy that includes both safety and security at its core.

Ultimately, adopting a wider view of how people and businesses can better prepare for threats to the nation’s critical infrastructure will be essential to avoid disruption, damage, loss of assets and severe economic losses.

Chris Edwards is Account Development Manager for Siemens Building Technologies UK

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.