Making Water Security Work

Posted On 20 Mar 2018
Comment: Off

Proposed changes in the 2019 Price Review formula for the water industry devised by regulator Ofwat could be pointing the way towards the sector having to elevate perimeter protection for key-critical sites such that it becomes a major issue of focus for a given company’s Board of Directors, as Jason Hunter discovers.

More commonly known as Ofwat, the Water Services Regulation Authority is the body responsible for economic regulation of the privatised water and sewerage industry in England and Wales. Ofwat is primarily responsible for setting limits on the prices charged for water and sewerage services, taking into account proposed capital investment schemes – such as building new wastewater treatment works – and expected operational efficiency gains.

Every five years, Ofwat sets limits on the prices which water companies in England and Wales can charge to their customers. The process is known as a Price Review. There have been five Price Reviews so far, taking place in 1994, 1999, 2004 and 2009 with the most recent in 2014. The 2009 Price Review, for instance, set the price limits for 2010-2015. These limits are set on a so-called ‘K Factor’ which determines the average value of price rises above the current rate of inflation for the next five-year asset management plan period.

Recently, Ofwat published the final methodology for its forthcoming 2019 Price Review – PR19 – which sets out the organisation’s expectations and requirements for water companies currently in the throes of preparing their 2020-2025 business plans. In essence, Ofwat’s assessments challenge the water companies to ‘step up’ on four key themes: customer service, affordability, innovation and long-term resilience.

Further, Ofwat expects those same water companies to provide value for money bills and ‘challenge themselves to push the efficiency frontier’ with a view towards providing scope for price reductions.

On publication of its latest methodology, Ofwat stated: “The only way in which water companies will achieve all of this is to find new and better ways of delivering their services. Our 2019 Price Review enables, incentivises and encourages water companies to achieve exactly that such that customers will receive more of what really matters to them.”

Assessing vulnerability

Tellingly for those operating in the perimeter protection and security field, vulnerability will be an explicit part of the Price Review for the very first time. Business plans will be assessed on how well companies use good quality data, how effectively they engage with other utilities companies and organisations to support the vulnerable and how targeted and efficient their measures really are when it comes to addressing vulnerabilities.

In my view, when looking back on days past, all-too-often organisations have seen perimeter protection purely as a measure for protecting their facilities. In the case of water, other utilities and Government or military installations, we’ve referred to this as protecting sites of Critical National Infrastructure. The emphasis has always been on premises, equipment, machinery, ordinance and resources, and more recently on data and software, but very rarely on people.

Historically, the overriding aim of perimeter protection has been to secure premises in order to prevent losses, while at the same time not hindering day-to-day business. This has often been achieved within budgets that, according to the ‘bean counters’ and those who hold the purse strings, should always be as low as is reasonably possible.

The basic premise is that perimeter protection doesn’t contribute to the business and the bottom line, either by increasing revenue or by reducing cost. Indeed, so the argument goes, it simply adds to costs and, therefore, cuts profit. Interestingly, the methodology now adopted by Ofwat and which underpins the 2019 Price Review will directly challenge this approach and force water companies to regard reducing their vulnerability as a crucial investment.

Perimeter protection isn’t simply about securing infrastructure or data. Enacted properly, it should be about appropriate risk management against both cyber and terrorist attack as well as more traditional forms of threat and, in turn, actually realise an opportunity for the host business to improve customer service, increase business efficiency and reduce overall costs.

First and foremost, people should be at the heart of the process in terms of safety and security of premises and resources and also when it comes to planning and decision-making around appropriate protection measures. The water sector encapsulates this philosophy, and especially so in this age of increased fear around deliberate and shockingly life-disregarding terrorist attacks wherein the sanctity of the water supply is so critical.

For instance, the Thames Water desalination plant at Beckton – which cost £250 million to construct and started delivering clean drinking water back in March 2010 – can produce anything from 140 to 150 million litres of water per day, which is enough for one million people in north east London. The impact of any infection of a supply such as this could make the final death toll in America on 9/11 appear somewhat minuscule in number by comparison.

Integrated solutions

We’ve found that perimeter protection is best planned as part of an integrated solution which includes physical, electronic and human measures, while also incorporating access control and other elements of facilities management in one holistic whole. Of course, this will require the usual security risk assessment to be conducted. Personally, I favour what’s often referred to as the ‘ABC’ model here. This considers the ‘Area’, ‘Boundary’ and ‘Contents’.

We would recommend an increasing level of security the closer an intruder is to the most critical and sensitive assets. The perimeter serves as the first ‘cordon of security’ in these successive levels of protection, though some now argue that, given the increasing power and definition of radar and CCTV, you could even establish security layers external to the physical perimeter itself.

This principle was perfectly, but sadly tragically illustrated only three months ago by the story of former England one-day international cricket captain Adam Hollioake, who remained in the Alokozay International Cricket Ground in Kabul, where he was working as a coach at the time, while a bomb blast killed at least three people.

Hollioake explained: “The protocol is that we have three stages of security here. Attackers have to breach the first stage, which was probably 100 metres from the ground. Then there’s the second stage, which is around 50 metres from the stadium, and the final stage is about 15 to 20 metres away. In this particular episode, the man involved was caught at the first checkpoint and, on being apprehended, detonated his device. Unfortunately, several of our security team and some members of the general public were killed.”

Layers of security

Our approach is to design from the perimeter inwards towards the centre, taking each successive boundary as an opportunity to harden security, thwart intruders and enable security personnel to respond to any attempted security breach. Security and risk managers should consider electronics for the outer layers and at doorways to gather intelligence about attackers and relay that intelligence direct to security officers’ mobile phones.

Monitored pulse fencing can be of assistance when it comes to hardening either more vulnerable areas of the perimeter or assets that require additional levels of security. This consists of a grid of energised, high tensile wires that can be constructed inside a new or existing perimeter fence.

The monitored wires detect unauthorised entry or exit into defined areas and trigger instant alerts. Attempts to breach the perimeter are deterred by an energised pulse sent around the perimeter fencing line. Zoned fences allow voltage levels to be adjusted to meet varying needs: high for maximum deterrent and low for periods of low risk.

A networked perimeter security solution incorporates sensors that continuously measure and report on wire tension and monitor fence structure vibration or movement. Sensors can be used with or without an energised pulse to detect intrusion without the intruder being aware.

Monitored pulse fencing systems intelligently differentiate between serious breaches and disturbances by wildlife, birds or harsh weather conditions. False alarms are prevented, and intruders are unable to use the cover of adverse weather in a determined attempt to breach the fence undetected.

Jason Hunter is Business Development Manager (Perimeters) for Gallagher Security (Europe)

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.