This page contains a Flash digital edition of a book.
A bigger picture view of


critical national infrastructure


F


rom energy to telecommunications, banking to transport, the UK’s reliance


on its critical national infrastructure is indisputable. Securing our country’s valuable network of crucial supplies – including those which originate abroad – is essential, particularly in the face of the continued threats of terrorism and natural disaster.


There is a growing awareness across Europe of the need to ramp up protection of our critical national infrastructure sites and associated resilience planning against the threat of terrorism, criminal activity – like metal theft – and environmental threats. This is not just on a state-by-state basis but also, crucially, at a wider – big picture – trans-national level. In today's 'global village' there are a wide array of critical infrastructure elements, so-called ‘choke points’, whose footprints stretch well beyond the neat confines of a single country’s border, whether we are talking about telecoms, energy plants, banking, water or transport hubs/connections. You could have a power station in France that also supplies Belgium. Or, in the case of the UK, gas pipelines coming in from as far afield as Norway. So although the gas pipeline could be defined as part of the UK's critical national infrastructure, it is not fully under UK jurisdiction.


Crossing Borders


This reality on the ground means that there is a pressing case for stronger international cooperation and the sharing of best practice. A concrete illustration of this imperative is the European Council Directive 2008/114/EC, which relates to the identification and designation of European Critical Infrastructure (ECI), and is currently going through a wide ranging revision process. While Europe now recognises that there is a great deal of interdependency between countries in terms of critical national infrastructure, ultimately, how this is looked after still relies very much on the right things happening at the national level. As a starting point, a country’s government has to identify and make arrangements to protect infrastructure within its borders. In the UK we have the CPNI (Centre for the Protection of National Infrastructure), established in 2007, to take the lead on this. Other countries have equivalent bodies, although the format may, necessarily, differ from territory to territory to reflect local conditions.


28 © CI TY S ECURI TY MAGAZ INE – S P RING 2014 Risk Management


When a site or infrastructure is singled out as 'critical', it is for each country to decide what to do about it. The same basic principles will apply whether we are talking about Spain, Germany, Serbia or the UK. Typically, most critical infrastructure is now privately owned or privately operated, so public and private co-operation and co-ordination is definitely the way forward. In practice, the relevant body like the UK's CPNI will provide confidential advice to a site's owner on what needs to be done. It is then up to the operator to buy in the appropriate security package. This security package should have, at its foundation, a risk- based analysis of the threats that the site is likely to face, any specific vulnerabilities that require extra attention and, crucially, the potential impacts. By fully appreciating the risks, it is then possible to make informed decisions to identify, select and prioritise the appropriate counter measures for a graduated response. You may have something like a nuclear power station where there are, necessarily, strict safety and security rules as a minimum, with layers of protection built on top of that to reflect the current threat level, which can change significantly over time. Ultimately, it is the remit of each country to determine its own critical national infrastructure and, of course, information about this is necessarily confidential.


Specifying Security


For critical national infrastructure protection, I would suggest that a good starting point is to step back and think about it as being built on three interrelated pillars. A weakness in any one of these pillars will, potentially, bring the others tumbling down. These are, in turn, prevention, preparedness and response/ recovery (resilience). Protecting the electricity grid and power stations and other critical elements is, of course, no easy task, in light of the geographically extensive nature of this infrastructure. Given this, it is perhaps not surprising that we are seeing a diverse array of ever more sophisticated security techniques being employed in the field. The most visible are physical asset protection measures, like ditches, perimeter fencing, bollards and lighting.


On the electronic security front, techniques like video analytics, high definition CCTV, rapidly deployable CCTV towers – (which can be moved to key hotspots for added security), thermal imaging, fence-line sensors and biometrics-based access control, are all coming to the fore. Given the imperative to keep the lights on, now more than ever, security solutions in this area need to actively detect and deter attacks. Cyber security is also high on the agenda thanks to the rise in virtual targeting of national critical infrastructure by state and individual operators. In addition, throughout Europe, there is a strong recognition that private security services have a pivotal role to play in detecting and preventing attacks through the use of manned guarding and mobile patrols. This is alongside public security services like the military and the police.


Trusted Partners


Considering the specific role of private security services here, it is important that where manned guarding is undertaken for critical national infrastructure this is placed, firmly within the context of a public-private partnership, based around high levels of quality and service. Experience suggests that the optimum solution is one where the private security service provider is working as a 'trusted partner' with the public authority and, crucially, the critical infrastructure site owner. The Spanish National Police have a good term – ‘do ut des’ – which encapsulates the need for respect between public and private. For the Spanish it is all about having the right level of trust, a culture of co-operation and working within the right legal framework.


Of course, a wider question in the context of critical infrastructure is, how effective are public and private security partnerships? An example of best practice is Project Griffin. Elsewhere, on mainland Europe, there has been a series of extremely successful security


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40