A string of international incidents of late have served to highlight the considerable importance of national security for the UK. Whether they be in the form of terrorist alerts, severe weather or power outages, developing threats are affecting businesses more than ever before. That being so, Eddie Hirst and David Cookman review a sector-based approach to tackling Critical Security Environments.
The Centre for the Protection of National Infrastructure (CPNI) is at the heart of providing mitigating solutions for businesses. The organisation affords a focal point for defining, regulating and sharing Best Practice on how to protect the UK’s Critical National Infrastructure (CNI). Leading on from this, Mitie’s Total Security Management (TSM) business has created a specialist sector for certain clients called Critical Security Environments (CSE). This is a client-focused twist, if you like, on the standard UK Government definition of CNI.
The service allows organisations to be supported by a specialist team even if they would not necessarily consider themselves as managing the type of national infrastructure likely to encounter critical situations.
The Government defines the UK’s national infrastructure as: “Those facilities, systems, sites and networks necessary for the functioning of the country and the delivery of the essential services upon which daily life in the UK depends.”* However, there’s an additional layer of national infrastructure to this definition. Based on the business sector and its criticality to the nation, the definition continues to state that within sectors there are certain ‘critical’ elements of infrastructure. Already, a seemingly straightforward idea now becomes increasingly complex.
Today’s varying threat profiles
Threats posed to an organisation can depend on a number of factors, among them the sector in which that organisation operates, the sector it supplies or supports or even its geographic location(s).
Arguably most important of all is the varying threat profile each sector presents based on current and future world events.
The recent terrorist attacks in Paris demonstrated how a dynamic threat can change a business’ position on the criticality scale. Overnight, Paris altered the risk profile of media organisations worldwide.
Similarly, the recent cyber attacks on the Sony Corporation and subsequent threats by North Korea showed how an organisation that would not consider itself to be ‘CNI’ was suddenly the focus of national security debate. Even though the Sony Corporation was not necessarily considered a number one target for an aggressive nation state, the situation changed in a very short space of time.
A specialist approach should be available for any organisation. CSE was created by Mitie TSM to challenge our clients’ view of their own risk and give them a more focused approach to risk management. That way, if a media company, for example, felt threatened they’re then able to call on a team of specialists with the knowledge and resources to help mitigate against the threat.
Knowledgeable and experienced specialists
Key to developing a successful CSE sector-based approach has been creating a team of knowledgeable and experienced specialists predominantly promoted from within. Each CSE team member has an expert understanding of the priorities and specific regulations harboured by every client.
Close working partnerships are important for us. Armed with a general understanding, the client has more knowledge of their own assets and risk profile, but at the same time remain open to advice and a challenging thought process.
CSE purposely avoids the broad brush approach to account management. By selecting a small group of high risk clients supported by a suitably skilled team, an easier cross-sharing of Best Practice between clients is created.
Eddie Hirst is Director of Risk and David Cookman Director of CSE at Mitie Total Security Management