Securing the UK’s water infrastructure
Working collaboratively with the water industry to harness a joined-up safety and security strategy is vital, to both protect against and mitigate disruption to supply. Chris Edwards, Account Development Manager at Siemens Building Technologies explains.
A clean, reliable and safe water supply is critical to health and well-being. Each day the UK water industry collects, treats and then supplies many billions of litres of high quality water to domestic and commercial customers and then collects and treats billions of litres of the resulting wastewaters, returning it safely to the environment.
Risk management strategies
The adoption of protective measures that encompass physical, personnel and cyber security is key to safeguarding water authorities against security threats. These should support the wider objectives of SEMD and in doing so, mitigate the likely or actual disruption to the water supply arising from any civil emergency or national security event. A full risk assessment must be undertaken across individual locations to uncover potential vulnerabilities, understand the impact of intrusion or attack, and identify the optimum security response.
The first stage of the planning process requires a detailed risk analysis to determine the potential security threats to the site periphery. There are multiple possibilities including targeted criminal acts, sabotage, attack, hostage taking, espionage, intrusion and burglary. The level of expected damage and the likelihood of occurrence determine the risk potential, which can then be used to establish security objectives and vulnerability. Importantly, before considering the final security concept, the area to be protected needs to be precisely defined.
It is vital that the procedures, measures and investments put in place are appropriate and proportionate for that specific situation. Even within the same water authority, the needs of different locations will vary considerably; therefore priority must be given to ensuring the security measures taken are relevant to the threat, rather than a universal approach.
The key drivers for an electronic security system are to deter, detect and deny unauthorised intrusion, and to communicate these events and provide effective control of any security or hazardous incident:
- Deter unauthorised intrusion by showing visible and effective security measures
- Detect activity across multiple site locations through advanced technology
- Deny intruder attempts to defeat or bypass security measures
Appropriate protection for water authorities operating in harsh and often remote environments involves implementing layers of security. Creating intelligence at the perimeter plays a major role in enabling proper control and situational awareness of the entire site. When this intelligence is integrated with other security technologies such as CCTV for instant visual verification of perimeter breaches and access control to restrict entry at gates, barriers and turnstiles, organisations are able to accelerate their response to critical events and manage risk before it escalates to a more serious incident.
It can be difficult and expensive to secure full protection of an extensive perimeter; furthermore the requirement for duct networks, power supplies and cabling can make the prospect cost-prohibitive. To mitigate this challenge, perimeter security concepts are being developed for the UK and these include systems that operate on a light source, an important consideration for organisations with carbon-reduction programmes. Solar-powered technologies remove the need to install expensive duct infrastructures, communication cabling and associated civil engineering works.
The integration of multiple security technologies provides centralised situational awareness, improved information and intelligence, effective response to critical events and the proper co-ordination of resources. To achieve a fully protected infrastructure necessitates the installation of robust command and control platforms that improve protection across multiple sites, manage critical situations and enhance procedures. Centralised command and control platforms improve efficiency and enhance security and safety operations, whilst reducing risks. Operators are immediately prompted to take the correct action and the software will automatically set in motion a sequence of pre-agreed activities to ensure the right procedures are adhered to, as well as distributing essential information across multiple agencies.
Incidents can emanate from multiple sources such as system analytics or intruder devices, and an automated workflow or rules engine will prioritise the importance of these and alert operators in a number of ways. Alarm rules will also assist operatives in managing response times, actions and feedback. Exported video can be combined from multiple cameras into one cohesive flow of evidence for analysis and importantly, a full audit of all activity is automatically generated to provide a comprehensive incident report.
New developments in technology
Mobile technology means that incidents can be viewed and played back on smartphones and tablets so authorised users can access video from any location at any time of the day, enabling security personnel to create and watch video exports on-the-go and take immediate action. An add-on feature is ‘video push’ which allows users to upload live video from a mobile device directly back to the command and control platform; GPS positioning will automatically locate the ‘pushed’ video, all using secure and encrypted communication protocols.
Modern IP cameras and IP network systems improve the way surveillance video is captured, processed and stored. These devices provide significantly improved image quality and picture resolution, resulting in much greater accuracy and detailed identification. Moreover, they present a wider field of view, providing greater coverage, and offer digital zoom to further enhance the picture. IP cameras offer greater intelligence as they can deliver multiple analytics rules such as people loitering, object removed, idle object, heat mapping and filters for speed, size, direction and colour.
Minimising risk in the area of cyber security comprises both comprehensive security mechanisms and integrating security activities into the whole lifecycle. This means taking security considerations into account during development and engineering as well as service and operations activities. Comprehensive security mechanisms should combine physical and network security, and system and software integrity. Cyber security issues have been the subject of standardisation for some time, and Siemens plays an active role in all major organisations, including supporting the work of ISA-99, IEC 62443, DHS, BSI, WIB NAMUR and CLSI AUTO11-A2 to make sure that common cyber security standards are developed.
Creating a secure and sustainable environment includes the management of an extensive infrastructure, the continued protection of critical assets and the need to act in compliance with OFWAT regulatory controls. It is vital for water authorities to drive a risk management strategy, which should be supported by governance and implemented by the Board and senior management. All employees, contractors and suppliers should have a clear understanding of the risk management regime and be familiar with all related policies, practices and risk boundaries.
- 3i Infrastructure sells stake in Anglian Water The sale to a joint venture of council pension funds is expected to generate £395 million
- Scottish Government increases energy budget But Holyrood also freezes warm homes funding at the same time
- Energy bosses to be grilled over price cap Senior figures from Eon, Centric and SSE to appear before parliamentary committee