Noah Price, head of the G4S Academy, provides an overview of the security threats faced by critical national infrastructure, what makes good security and the work G4S is doing to secure Hinkley Point C.
Critical national infrastructure (CNI) is, by its very nature, fundamental to the running of any country. Without the contribution from sectors such as energy, society would be severely impacted. It should therefore be no surprise that CNI is a perfect target for those who may wish to cause major disruption or harm.
Threats against CNI may be external or come from the inside and are constantly evolving. The principal threats include theft or damage to property, assets and materials, unauthorised entry (including terrorist, activist and urban exploration) and cyber-attacks.
The infrastructure which supports and underpins these sectors therefore needs to be protected against threat and harm, using modern methods and the latest technology, to ensure that critical operations are not disrupted should an attack occur. Such arrangements need a holistic approach to protect the entire infrastructure, including both physical and cyber security, and ensuring that culture, awareness and behaviour among staff, contractors and others, is ultimately driven from the top.
Risk management
Threats and risks faced by CNI need to be continually assessed and updated, and this is difficult because of ever-changing circumstances. In the nuclear industry, the UK is currently in a state of transition with half of our 15 nuclear power reactors (which supply approximately twenty percent of Britain’s electricity), set to be retired in the next four years. G4S provides security services to nuclear plants that are under construction or being decommissioned, with each site at very different stages of operation, displaying different risks and requiring different levels of security.
Nuclear construction sites tend to be demanding and dynamic with risks changing as the build proceeds
Nuclear construction sites tend to be demanding and dynamic with risks changing as the build proceeds. The number of people on site at any one time and the speed of the build, makes it more challenging to plan for. In contrast, decommissioning sites have a higher risk at the beginning of the process when reactors are shut down and fuel is taken away, meaning that security is generally easier to plan for. The tempo of operations is also much slower for decommissioning sites compared to the hive of activity of a construction site. As a result of the high number of people, machinery and activities, far more safety, security and medical incidents are faced on a construction site on a daily basis than would be seen at a decommissioning site.
Revisions of the UK threat levels relating to potential terrorist attacks also have an impact, with an expectation that security services have the ability to react to these changes instantly. This means having the resources to upscale security to the appropriate level, depending on the individual CNI environment. Having access to a pool of Suitably Qualified and Experienced Personnel (SQEP), plus a broad range of supporting services (such as canine, which can screen for explosives and firearms etc.), as well as being able to rapidly deploy surveillance technology (such as CCTV Towers), allows organisations such as G4S to effectively react to such demands and build an integrated security solution suitable to mitigate the threat.
Managing ingress and egress
The faster pace of operations is observed at nuclear construction sites by the large number of people on site at any one time. At Hinkley Point C (HPC), security staff can search and screen up to 150,000 people a month, 8,000 in a 24-hour period, 5,000 of whom may need to arrive and leave the site in a one-hour period. It is vital to ensure that no inappropriate substances or dangerous materials enter the site, and likewise that no expensive tools and materials, or sensitive data is removed from the site. As such, this takes planning, scheduling and coordination with people logistics, both on and off site to ensure staff arrive for work on time to prevent knock-on delays to construction.
…[T]here is a big emphasis within some CNI sectors on security clearance, not only for employees, but also contractors, and visitors, some of which may be high-profile
As such, there is a big emphasis within some CNI sectors on security clearance, not only for employees, but also contractors, and visitors, some of which may be high-profile. At HPC, G4S supports the client, EDF in the induction and security screening of the entire workforce and has developed a package specifically for inducting people on that site.
All CNI sites take a layered protection approach to security, with security checks kicking in before the perimeter for people, equipment and goods. However, this is frequently not as simple as securing one area, because many sites have multiple entry points, especially larger plants that may have connections via road, rail and ports. It is important that only authorised personnel are admitted to site and that they are adequately screened, without causing any unnecessary delays. At HPC around 200 buses are used daily to shuttle people to park and ride sites, therefore, it is important to deploy suitable access control systems that can both process workers and visitors securely and efficiently.
Achieving the standards
To achieve the required standards in CNI environments it is important to adopt intelligent security, using a risk-based approach, backed by specialist people and approved products. Personnel in design, installation and operations need to be suitably and highly qualified to carry out their roles. Many of these sites are visited by high-profile individuals, making them a target for terrorist activity and regularly selected by protesters. They are also a popular choice for urban exploration. For these reasons G4S uses enhanced security officers (ESOs) on its high-risk sites, who can undertake a skilled and informed approach to appease any hostile situations. ESOs are highly experienced (often with ex-military backgrounds) in the de-escalation of hostile situations such as protests.
Likewise, only the highest standard of equipment and technology can be employed because external and insider threats are a real risk given the sensitive nature of the work undertaken at some locations. The Centre for the Protection of National Infrastructure (CPNI) is the government authority focussed on providing advice and assistance to those who have responsibility for protecting these most crucial elements of the UK’s national infrastructure, and to reduce their vulnerability to terrorism and other security threats.
CPNI evaluates security products for use in CNI and Government, against specific CPNI security standards to assist organisations to identify the most appropriate physical security equipment. A product may be given a ‘Class’ level grading, meaning it has characteristics that will defend against surreptitious attacks, or a ‘Protection’ level, meaning it shows resistance to forced attacks. Occasionally, a product will be awarded both grades. The CPNI evaluations are set well above the standard expected of a ‘normal’ security product, even the ‘lowest’ grading is an indication of a very capable product.
Improving the security culture together
It is important to have a good security culture in organisations to mitigate against physical, cyber and internal threats. It also ensures that employees are more engaged with security issues and act in a more compliant way. It helps to raise awareness of security issues across all employees, not just security officers, which reduces the risks of security incidents and breaches. It also improves overall security without the additional need for large expenditure. The CPNI provides crucial guidance and support for those in CNI organisations. This includes marketing materials for use in awareness-raising campaigns and also tools to assess and benchmark security culture, such as a number of survey-based Security Culture Assessment Tools (SeCuRE), which are widely used within the nuclear industry.
At HPC, G4S, as part of its larger safety campaign, works with other partners to raise awareness of security to the various groups working on site, with targeted training and engagement activities. Campaign materials include a variety of resources, from screensavers and posters to banners and videos. G4S also brings in specialists and guest speakers to talk to personnel. It works closely with a number of the Avon and Somerset police force, who have been assigned to the project and with the HPC Beat Team to ensure that the project does not negatively impact on local residents.
One of the most important contributions to establishing a robust security culture is to invest in training and development, something that G4S knows is critical to do upfront in a contract, moving the agenda from having security, to having effective security. One of the issues with training, even more observed in CNI environments and especially nuclear settings, is the need to continuously train for events that might (hopefully) never happen. However, if an incident does happen, it is likely to take place at very short notice and personnel need to quickly apply their expert skills and training.
CNI organisations in particular are vulnerable to both supply chain failures and non-delivery from partner organisations
Working together to achieve the best in a responsible way
The requirement to establish good relationships with clients, partners and stakeholders cannot be overstated. This should include a shared understanding of culture, processes, and information to work towards common goals. These partnerships also include those with the local police and other parties to understand risk and situational awareness for activities such as moving an abnormal load. A planning workshop may be carried out to consider every eventuality and ensure all stakeholders will deliver their part of the process.
CNI organisations in particular are vulnerable to both supply chain failures and non-delivery from partner organisations, with any delays having a knock-on effect on overall service delivery. G4S works very closely with its partners at all its CNI sites ensuring they support each other with any challenges faced to get a speedy resolution. Every single day of missed work can be extraordinarily costly – keeping security present, fully compliant and operational is a requirement for critical infrastructure.
Corporate Social Responsibility (CSR) plays an increasingly important part in shaping how G4S delivers its services, ensuring a positive impact on society and taking account of environmental, economic and social issues. G4S believes in embedding good practices to support sustainability and add social value, encouraging other service providers and their suppliers to do the same. At HPC, G4S has sourced all of its workforce from the local area, 50% are veterans and many employees have been offered apprenticeships. As well as off-setting carbon emissions and recycling, G4S contributes to the site commitment of returning green sites back to greenbelt when the build is complete. One positive environmental initiative undertaken recently was the planting of 100 elm trees designed to offset the CO2 emissions from the G4S vehicle fleet.