It is better to be safe than sorry

Are Britain's water companies being too complacent about security? David Taylor Smith, chief executive of G4S Security Services, says the water industry has to up its game to ensure vital resources remain safe

Global security threats continue to grow in today’s society and the protection of Britain’s critical national infrastructure, of which the water sector is key, has become an important area.

Unlike in many industries, the government has already laid down legislation: the Security & Emergency Direction 1998 (SEMD) aims to protect water supply and sewerage services from disruption by civil emergencies or security events. But there remains a complacency across industry that these events will not affect them.

Although terrorist attacks are the issue that dominate the headlines, there is a huge risk to the industry if its efforts and expenditure decisions are dominated by terrorism alone. Water companies need to consider all risks they may face, looking beyond just those of terrorism, to natural disasters, such as the floods of 2007 and 2008.

The water industry also needs to realise that government will not always have the ability and the willingness to respond to protect industry from these threats. Government alone cannot protect the water industry’s assets as its resources are already stretched too thin.

Assess threats

So where can water companies go to find additional resources, which can not only protect assets, but also help them assess the threats to which they are exposed?

There is no credible choice but to involve the private sector – which already funds, builds and operates this infrastructure – more fully in its protection.

Water companies need to start deploying security experts earlier in their planning processes and complete proactive threat assessments, even in the initial designs for new facilities. By assessing physical security, at locations such as reservoirs or clean-water treatment sites, gaps in protection can be identified, restricting opportunities for attack or collapse.

Once these threats have been identified, companies should conduct detailed risk analysis, and ensure they have contingency plans in place, including those with key stakeholders, to ensure operations can continue in the face of an incident, as a minimum requirement.

Unfortunately, employees often unwittingly prove the weakest link in any security solution. Complacency breeds problems, and those employed in the water industry need to be constantly vigilant.

A protective vest and hard-hat do not constitute appropriate accreditation. Checks need to be extensive and thorough, with employees prepared to challenge anyone they regard as suspicious. Companies should ensure effective incident-response training, and scenario testing are carried out regularly to ensure staff are prepared.

Equally, water companies should ensure perimeter fencing and CCTV coverage at facilities is fit for purpose. Other effective measures include changing security patrol timings and beat patterns to make it less easy to pinpoint vulnerable points around facility perimeters where they can gain entry.

Penetration testing, which employs personnel licensed by the Security Industry Authority, to simulate the role of activists, is an effective mechanism to identify any flaws in a security solution in a real environment. It is also important to note that simple signage alone, which highlights that security infrastructure is in place, can have a powerful deterrent effect.

How else can water companies cost-effectively protect their infrastructure, including the thousands of miles of pipelines that stretch across the country? Regular security patrols are a deterrent, but it is technology solutions that are starting to bring real benefits to the security of these more complex networks.

Hatch tampering

These solutions range from the installation of monitoring equipment, such as CCTV, which can be installed cost-effectively across multiple sites, to G4S’s CNIGuard alarm, an alarm system that uses wireless communications to feed back data on liquid levels, hatch tampering and seismic attacks such as drilling.

Risk management and contingency planning for all risks should be a cornerstone of any water company’s strategy. Companies need to consider all risks they may face, beyond those of terrorism, to ensure that this most critical part of the UK’s national infrastructure continue to operate effectively.

Action inspires action. Stay ahead of the curve with sustainability and energy newsletters from edie