Getting to Grips with... site security
The current threat level for international terrorism in the UK is classed as ‘severe', and damage or destruction to essential water services by extremist groups has the potential to threaten public health, disrupt services and even cause loss of life. What can be done to mitigate the risk?
by Chris Edwards, Account Development Manager, Siemens Building Technologies
Q: Which protection strategies should be considered?
A: It is vital for water authorities to drive a risk management strategy, which should be supported by governance and implemented by the board and senior management. All employees, contractors and suppliers should have a clear understanding of the risk management regime and be familiar with all related policies, practices and risk boundaries.
The best methodology for water authorities to safeguard themselves against security threats is to use a fusion of protective measures encompassing physical, personnel and cyber security. A multi-layered approach will deliver the optimum combination of deterrence and detection, and assist in the delay of any attack. It is imperative that procedures, measures and investments put in place are appropriate and proportionate for that specific situation. Even within the same authority, the needs of different locations will vary considerably; therefore priority must be given to ensure the security measures taken are relevant to the threat, rather than a ‘blanket approach’. A full risk assessment should be undertaken across individual locations to uncover potential vulnerabilities, understand the impact of intrusion or attack, and identify the optimum security response.
Q: What role can technology play?
A: Water authorities are often located on large and remote sites, creating vulnerabilities and making safety and security a key issue of concern. Therefore the key purpose of electronic security systems for this industry should be to deter, detect, delay and deny unauthorised intrusion and to communicate and control any security or hazardous incident.
A typical project scope might encompass: command and control solutions; wide area surveillance; perimeter and site intrusion protection; access control for people, contractors and vehicles; alarm management; fire detection and extinguishing; phased evacuation systems; and lone worker monitoring and asset tracking.
Q: What level of technology integration is needed?
A: The integration of multiple security technologies provides centralised situational awareness, improved information and intelligence, effective response to critical events and the proper co-ordination of resources. To achieve a fully protected infrastructure necessitates the installation of robust command and control platforms that improve protection across multiple sites, manage critical situations and enhance procedures. Centralised command and control platforms improve efficiency and enhance security and safety operations, whilst reducing risks. Operators are immediately prompted to take the correct action and the software will automatically set in motion a sequence of pre-agreed activities to ensure the right procedures are adhered to, as well as distributing essential information across multiple agencies.
Incidents can emanate from multiple sources such as system analytics or intruder devices, and an automated workflow or rules engine will prioritise the importance of these and alert operators in a number of ways. Alarm rules will also assist operatives in managing response times, actions and feedback. Exported video can be combined from multiple cameras into one cohesive flow of evidence for analysis and importantly, a full audit of all activity is automatically generated to provide a full incident report.
Q: How can remote locations be protected?
A: Appropriate protection for organisations operating in harsh and often remote environments involves implementing layers of security. Creating intelligence at the perimeter plays a major role in enabling proper control and situational awareness of the entire site. When this intelligence is integrated with other security technologies such as access control to restrict entry at gates, barriers and turnstiles, organisations are able to accelerate their response to critical events and manage risk before it escalates to a more serious incident.
Solar-powered solutions, such as infra-red beam systems and fence mounted protection, increase the viability of safeguarding perimeters that have previously been too difficult or cost-prohibitive to consider. They have a significant impact on situational awareness and the securing of assets and services. A recent example of the application of solar-powered perimeter protection is that of a major UK water authority which was able to save valuable construction time and money on the protection of reservoirs. A key challenge was the safeguarding of their widespread perimeters and numerous assets that would normally include the requirement for costly duct networks, together with the associated power supplies and cabling infrastructure. This innovative technology not only offers high level protection by creating a virtual detection wall that is both invisible and impenetrable, but also means that water authorities are able to accelerate their delivery programmes and forgo both the cost and time needed to install civils, power and communications.
Q: What about the cyber threat?
A: Minimising risk in the area of cyber security comprises both comprehensive security mechanisms and integrating security activities into the whole lifecycle. This means taking security considerations into account during development and engineering as well as service and operations activities. Comprehensive security mechanisms should combine physical and network security, and system and software integrity. Cyber security issues have been the subject of standardisation for some time, and Siemens plays an active role in all major organisations, including supporting the work of ISA-99, IEC 62443, DHS, BSI, WIB NAMUR and CLSI AUTO11-A2 to make sure that common cyber security standards are developed.
Q: How do I integrate legacy systems?
A: As many organisations have evolved over a number of years, there is often a mix of existing systems and technologies that needs to be integrated into a new, state-of-the-art control system. This will necessitate the creation of ‘soft’ interfaces, making it easier to integrate and reconfigure to adapt to change in the future, and operate from one single platform. A high knowledge base is required to address the technical complexities of this critical environment, as well as the necessary capabilities to operate effectively in a hazardous environment with full compliance to rigorous processes and procedures, and fundamentally robust Health & Safety policies and practices.
Q: How can Siemens help?
A: It is vital that life critical systems are fully supported by engineering teams who are trained to identify and interpret customer specifications, CDM requirements, relevant legislation and British Standards, and the impact on health, safety and the environment. Siemens is focused on the protection of people, communities and assets by delivering technologies that provide an effective response to emergency incidents, complete situational awareness, instant mobilisation and deployment of resources of procedures and personnel. We believe that better intelligence and information will save lives, protect water authorities and ensure business continuity across the UK’s vital services. We work with our customers using a systematic approach; one that includes the development of a clear technological roadmap to drive a coherent, joined-up and long-term safety strategy.
- Teamwork pays off in Dorset A major inlet works in Dorset has been replaced by on schedule and under budget by Trant Construction. James Hendersonfrom... Read More >
- Water is key to tackling poverty The UK water industry's role in the creation of WaterAid is one of its crowning achievements. It was humbling to be... Read More >
- Good cheer on boom and bust The Treasury's report on investment cycles in the water industry is good news, says Sam Ibbott of the Environmental... Read More >
- Moving towards maintenance 4.0 Water utilities need to embrace smart asset management technologies but that is only part of the solution, writes Chris... Read More >
- Round table: Taking stock of totex Has total expenditure become enshrined in utilities' practices? A special pan-utility round table held at Utility Week... Read More >
- Round Table: Smart Asset Management for Water Companies Smart asset management is expected to drive significant improvements in water companies' operations, but is the industry... Read More >
- Into the Deep using advanced camera techniques Underwater drones, also known as remotely-operated vehicles (ROVs) have proved key to the inspection of... Read More >
- Opinion: Protecting our water assets against cyber threats It's vital that engineers start to lead the conversation on cyber security for operational technology in the water... Read More >