Sunday, September 17, 2017

Why People Are Wrong to Think That
CCTV is a Detection Tool

When we talk detection we are talking about observing behavior – all behavior both wanted and unwanted.  It is very common within the security field, and even outside of the security field, for people to think that detection means detecting the bad guy doing a bad thing.  Well, not really.  What we are trying to do is determine if the behavior we are watching is authorized or not.  If we assess it to be allowed, then we take no action.  If it’s not allowed, the security force responds.  Again, we can use electronic and non-electronics to assist us.  The thing to remember is technology is a tool to assist and it has to be treated that way.  It is not the “cure all”. 
Just putting a CCTV camera to watch a store shelf or a gas pump will not prevent crime.  The reality is, by putting a camera we are allowing someone who is monitoring what the camera sees to assess the behavior that is being seen.  Therefore, CCTV is actually an assessment tool.  Those installing cameras must remember how the system is going to be used for assessment and not how it will capture what happened.  An article in the Chicago Tribune a couple years ago mentioned that less than three percent of crime is solved by the use of a camera system.  Recent articles about the enormous number of cameras watching the public spaces in London puts that number somewhere around 22 percent.  I think it would be fair to say the numbers somewhere in between.  Just placing the camera is not enough it has to be monitored too, and in real time.  Otherwise, the bad guy will get away.

Other facts about CCTV discussed during Free webinar 12 December

The Security Industry Association (SIA) is sponsoring a webinar at 1pm (ET) on 12 December 2017, when I'll talk about the Five Pillars of Physical Security: Misconceptions, Myths and Truths at .  I will post a direct link once we get closer to that date.  We hope you'll join us.

Friday, August 25, 2017

"Don't Make Me Come Over There."

How many times did we hear that phrase when we were growing up?  Or, "You just wait 'til your father gets home!"  I know I did.  I was scared to death, at least, until I was twelve or so and my Grandma whacked me with a wooden yard stick and it broke.  Then I knew I was too big to get a spanking any more.  Besides, by then I figured out I could blame my younger brothers and they'd "take it for me".  Love those guys!
Well, the same holds true in corporate America.  Sure, the boss isn't going to paddle anyone.  At least, I hope not.  But "unwanted behaviors" in the work place must be dealt with and it doesn't always have to be the boss or the security folks to deal with it. 
When "unwanted behaviors" occurred someone needs to step in.  That can be a co-worker or colleague.  Not that they need to "tattle" but behaviors outside of what's acceptable puts everyone at risk - from both a safety and a security perspective.
Non Security Personnel Can Play a Part
Non-security members of the organization can play a major role in identifying behavior that is unwanted.  But, they must be trained on when to interact on their own and when to keep their distance and report.  Smart leaders will develop scenario based training that includes all the members of their organization and promotes the interactions of the groups.  This can go a long way in instilling confidence in each other and creating a culture of unity and capability.  Which in turn, creates a feeling of safety and security within the organization.
But sometimes, even the best trained staff member is not capable of responding or diffusing the situation.  In this case, security force personnel should be called in.
Security Forces Compliment Non-security Forces 
Security response forces actually compliment other staff members and not the other way around.  That said, security personnel must receive additional training and have ability to accurately assess and engage the threat.  The operative word is “accurately” assess.  If they misunderstand the actions of the threat or assume aggressive behavior when there isn’t any the situation will quickly spiral out of control and actually escalate.  How many time have we heard, “I thought he had a gun”?
With that in mind, training is fundamental and paramount.  Training must be physically and mentally challenging.   Virtual, “situation based awareness” scenarios can be developed so that they stress the participants.  Role playing is always a benefit. Unless stressful conditions are trained for, guard forces won’t react properly when confronted by them.
The mindset that the responding officer must always be in control is correct.  That doesn’t mean they are superior it means they have the skills to neutralize the threat, sometime that requires force and sometimes not.  The use of de-escalating tactics is a learned behavior.  As such, highly aggressive and chaotic training scenarios serve the response forces well in learning how to deal with these types of behaviors. 
Cultural norms also play a big part is calming the confrontation between response forces and perpetrators.  What works in Los Angeles doesn’t necessarily work in Amsterdam or New Delhi. 
Responding forces must remember, the continuum of use of force is scalable and that deadly force is only used as a last resort.

Sunday, July 16, 2017

Threats, Designs and Delphic predictions: Designing-in Security for Major Sporting Infrastructure and Other High-Occupancy Spaces (Part 2)

Building on the strategy

The first part of this article (published in our Blog 18 June) on this topic proposed four strategic guidelines that should influence the design, build and operation of a sporting venue:
·         Consider the security aspects at the beginning of the design process, not as something to be added at the end;
·         Place these security considerations in a wider context – e.g., as part of a national government’s overarching security strategy or policy;
·         Take an impact driven approach to the design – focus on the impact of a hostile event (e.g., terrorist attack) taking place, not its likelihood;
·         Consider security from a holistic perspective.  All security is a combination of people, procedures and technology, but an holistic approach goes further     – balancing the physical and cyber considerations and developing a positive culture amongst the staff so that their everyday actions work effortlessly     towards a safe, secure and enjoyable celebration of sport.
Early engagement between security professionals, designers and architects was stressed as being essential.  This can save money in the long term and produce a design that enhances the spectator experience by inducing a greater feeling of safety and security for both them and the competitors.  We will now consider the importance of continuing this process of engagement throughout the construction phase as the real venues start to emerge and the number of people involved in the project rises.  This throws up a seemingly different set of challenges, but most, if not all of the same guiding principles apply, combined with the need for good communication between those with the vision and those responsible for making it happen. 

Getting the security requirement right

The architects and designers of the sporting infrastructure should be seeking to build security features in to the very fabric of the structures themselves.  The best security is usually the most discreet, but there will be occasions when obvious measures will provide deterrence to those with malicious intent, as well as reassurance and comfort to competitors and spectators.   However, there will also be times when features separate from a main building will be necessary.  The most obvious example of this is a perimeter fence. 
All stadium systems should be designed and installed in a way which will maximise through-life flexibility to support both changing operational needs and emerging technology.  In order to achieve this it is important that a structured mechanism for the capture of the numerous requirements for the functioning of system components is agreed by all relevant stakeholders.  The temptation at this stage is to think in terms of solutions, rather than requirements, but this is a false economy.  Take the simple example of a perimeter fence.  The designer may ask for a fence of a certain height, but on what is that decision making based?  Is it just because a similar stadium had a fence of a certain height surrounding it?  Or, was that fence the most prominent in some catalogue?  It is important that rigour is applied to the specification of security components based on what they are seeking to achieve in the environment in which they will operate. 
The generally agreed best approach to this issue is through the drafting of an Operational Requirement (OR) for a security component.  This is a statement of need based upon a thorough and systematic assessment of the problem to be solved and the hoped for solutions.  A structured process for the development and agreement of ORs has been successfully used to deliver the security systems for numerous parts of the UK’s infrastructures and many permanent and temporary sporting venues.  Among the questions to be answered during the preparation of an OR are:
·         What is the output desired of the system / component?  For example, in general terms ‘a fence’ is a solution rather than a requirement.  What is seeking to be achieved?  Demarcating one area from another, giving one area more protection than another, channelling people in a certain direction?  All of these requirements could be solved in a number of differing ways.  It is also worth remembering that it is a mistaken belief that fences will keep people out of a certain area.  Whilst this is true for most law abiding people, the same does not apply for those determined to enter a restricted area.  In this case, the fence will only delay their entry (as it is climbed, burrowed under or cut through), although sensors will be able to detect this activity and alarms raised.  If the requirement was instead for surveillance, was this to provide continuous coverage of a particular area, or only at certain times?
·         What are the options by which the output could be achieved?  For example, fences come in all shapes and sizes.  Some are harder to climb; others more difficult to cut through.  Sensors to detect this activity can be discreet and sound silent alarms or noisy triggering claxons and spotlights.  In the case of surveillance, this can be achieved through the deployment of people, technology, or a mix of the two.
·         What are the key environmental and technical requirements for system components?  Harsh environmental conditions will affect the materials that a security component is made from, especially if it is part of a permanent structure.  CCTV cameras are particularly sensitive to the prevailing weather – those designed to function well in wet or damp conditions may not perform so well in hot and sandy conditions and vice-versa.  
·         What are the residual risks and weaknesses in the proposed solutions?  A fence might have sensors to detect when someone has cut it or is scaling it, but what happens then?  How are resources mobilised to respond to the intrusion and how quickly will they arrive?  In the case of surveillance, the effectiveness of this could be reduced during heavy rain, fog, sand storms, etc.
·         What are the interdependencies between various system elements?  This is a simple question, but the answers might be highly complex and take a long time to answer.  This article is not long enough to tackle this part of the process in anything other than a superficial level of detail.  For example, the level of security of a fence needs to be matched to the response time of the manned guarding. The shorter the delay the fence can provide, the faster the manned guarding needs to respond.  This may require more guards at shorter distances from the perimeter.
It is important that rigour is applied to the specification of ORs and the focus is not allowed to drift back to thinking in terms of solutions.  It is unlikely that the fundamental requirement for a security feature will change much (if at all) over the life-time of the infrastructure whereas the technologies that might be employed to achieve a particular outcome may change a lot.  It is important that the replacement technologies do not weaken the overall security stance or remove features that were present in the original build.  Focusing on the requirement rather than the solution is the best way to achieve this.
Designing for the future 
Once the ORs and interdependencies of security system components are understood and agreed, the system can be designed and installed.  However, remembering that any form of permanent sporting infrastructure will last a considerable number of years, it is necessary to adopt a strategy that seeks to maximise the capabilities of new technologies as they emerge and minimise the disruption and change necessary to embrace them.  Such a strategy is likely to include the following principles:
  • Modular.  Systems will be specified and delivered in a way which makes it easy to upgrade one element without changing numerous other components.Internet Protocol (IP) based. The historical separation between the physical and logical worlds is no longer applicable as so many of the physical entities in a stadium (entry gates, CCTV monitors, Public Address, display screens, etc.), will all be controlled across communications networks based on IP.  Modern stadia can all be flood-wired with IP networks to achieve this.  Such networks will be flexible and able to adapt to changing requirements of the terminating equipment.  However, care needs to be applied in the way in which such networks are configured and protected to prevent them becoming a weakness that can be exploited via cyber attack, rather than a strength that delivers flexibility and adaptability. 
  • Based on open protocols.  Wherever possible, system components will be specified to use open, rather than manufacturer-proprietary, protocols for interfaces and data transfer.  This will be particularly important for the control of numerous physical entities as discussed above.  It is inevitable that the degree to which a cyber environment is used to control physical entities will only increase over time and the number of manufacturers offering products in this area will increase.
  •  Flexible at the Security Management System – this is the point at which the inputs from the various systems are combined and then presented to the system operators. 
Ongoing operator training is an important element which is often forgotten or minimised after system commissioning has been completed.  Ongoing refresher training programmes need to be planned and executed to ensure that operators remain conversant with the latest aspects of the system.  These programmes will also be the best route to introduce new capabilities.
Designers of security systems need to devote time to keeping themselves up to date with developments in the technology market through a mixture of:
       ·         Attendance at trade shows, exhibitions and conferences.
      ·         Ongoing dialogue with suppliers and manufacturers to understand both new uses / improvements to existing products and new products / capabilities in development.
·         Regular engagement with relevant Government or national bodies responsible for research and applied science and technology.  Each national government will have slightly different structures and processes to cover this[1]. 
This engagement will allow the designers of sports infrastructure to understand the strengths and weaknesses of products as assessed by independent experts, as well as to aid the implementation of current best practice.  This will enable a judgement to be made as to whether an emerging capability offers a significant improvement (both technically and financially) over those currently proposed.  This kind of activity could be swept up in the design integration meetings that often take place in major projects when each engineering discipline determines how it is affected by security requirements and vice versa.
Information security aspects
It is during the design and construction phases that the layers of security for the venues will be specified and installed.  Once this phase starts and the number of people involved in the project starts to rise significantly, it is important that a structured approach to the handling of information is introduced.  The importance of this was highlighted in part 1 of this article.  Information in many forms will be vital to the successful design, construction and operation of all major sporting venues for the many years of their legacy use.  The protection of information will normally be achieved by the definition and implementation of an Information Security Policy (ISP) that needs to be written in collaboration with all relevant stakeholders.  This should be designed to ensure that sufficient information relating to security systems is incorporated into master designs, but that sensitive information (e.g., camera fields of view) is only released on a need to know basis.
To facilitate this process, a single authority should be established with the responsibility for writing the ISP and also deciding the relative sensitivity of information to be disseminated.  This authority should specify how sensitive information will be marked, stored, transmitted and handled by users.  Different countries will have their own established processes for this, such as some form of national protective marking scheme for sensitive documents (Restricted, Confidential, etc). 
The ISP needs to cover appropriate elements of the supply chain.  The challenge here is to ensure that information is appropriately cascaded down the chain to facilitate the purchase of the right goods and services, but without exposing the overall security posture of the venue.  This will be particularly tricky when dealing with overseas suppliers or organisations with an unknown or weak cyber security posture.  This is a new area which may require the venue designers and builders to seek specialist advice to ensure that they can balance the advantage of going to the market for goods and services against the exposure of potentially sensitive information through the same route.
It is important that the ISP covers the protection of the numerous industrial control systems that are necessary for the operation of physical systems at the venues, or that a separate policy is written to address these risks.  A modern venue will have innumerable systems such as those for crowd access, lighting, air-conditioning, display screens, etc., as well as many aspects of security (command and control rooms, CCTV networks), all of which will be controlled via data networks and electronic infrastructures.  Complete or partial loss of control of any of these types of systems would result in serious consequences for the safe and secure operation of the venue.  The challenges of securing these from cyber threats are brought into sharp focus when considering the projected life of the control units that turn cyber commands into real action on the ground.  On average, an item of corporate IT equipment (desk computer, etc.) will have a refresh or replacement rate of about 4 to 5 years.  A typical industrial control unit may have a refresh rate of 20 to 25 years.  The cost of replacing the remote control units and the disruption to essential services while this happens are among the reasons for this sharp difference in refresh rates.  Over that period of time it is impossible to predict what cyber threats may emerge.  This is why it is important to adopt an impact driven approach to security as described in part one.  Focusing on a threat that cannot be judged so far in advance may ultimately lead to an inaccurate assessment of the risks resulting in either inadequate or over specified security features. 
It is certain that those who wish to compromise information assets belonging to a sporting venue will be imaginative in their approach.  In response to this, it is necessary to understand the threat to assets and build solid defences against incidents that could ultimately impact the security of venues and/or supporting infrastructures.  In particular the ISP needs to have a flexible response that adapts to changing technologies and attack methodologies.  The pace of change in information systems is such that it will be necessary to keep the designs flexible and able to adopt appropriate new technologies as they emerge.  But new threats also emerge at a significant rate.  The ISP should ensure that venue owners can be confident that they are able to manage their risks effectively throughout the lifetime of the venues.   This reinforces the need to adopt an impact focused, risk based approach that will build the appropriate information security controls (for cyber and other mediums) into the fabric of the venue.  This will ensure that it is capable of deterring, detecting and defending against the inevitable attempts to compromise its operations.  It is impossible to prevent all compromises from internal and external threats, but an effective ISP will support a security architecture necessary to create a resilient operation; respond to incidents effectively; learn from security breaches; and most importantly, manage risk within proportionate tolerance levels. 
There are numerous internationally recognized Information Security standards and frameworks that could be adopted[2].  Most national governments also provide protective security advice through specialist organisations.
Building begins
The engagement of security specialists as part of the multi-disciplinary design team will ensure that all the physical infrastructures are inherently secure and resilient, and relatively easy to search for suspect devices prior to the public being admitted.  Once construction of the stadium is underway, it is important that there is a controlled process to review proposed design changes from a security perspective.  This process needs to encompasses both substantive changes to building layouts, (e.g. redesign of a layout), and changes to elements such as the cladding to be applied to a wall.  Such cladding could easily be seen as ‘cosmetic’, but might have been selected for the way it resists explosive blast.  However, this is unlikely to be known to the supply chain, who might propose a similar looking material that was less resistant to blast. 
During the construction phase it is important that: the site is physically segregated from the wider world; the workforce has been vetted prior to being allowed on site; goods and materials are screened prior to site admission;  and frequent verification visits are undertaken.  There are a number of models that could be adopted that could achieve this, for example:
·         An appropriate perimeter barrier, with supporting technology, will be specified to separate the construction site from the surrounding areas.  A typical set-up for a major sporting venue or site would consist of a perimeter fence, supported by CCTV, lighting, perimeter intrusion and an operational guard force around the whole of the construction site.  Individual areas within that, e.g., a Main Stadium, would have their construction site boundaries.  A central ‘Construction Command and Control’ location should be specified to be responsible for monitoring installed systems (e.g., CCTV and intrusion detection) and managing the guard force.  If deemed necessary by a threat assessment, measures to guard against vehicle attack will be installed to protect the construction site.  However, such measures need to be considered carefully to ensure that the barriers are suitable for that environment and their installation will not impede the required flow of constructions vehicles.
·         Deliveries of construction plant and materials should be controlled through the use of a Delivery Management System to record details of loads, delivery vehicles and their drivers.  To minimise risk to the construction site, one or more offsite centres should be used to process and check vehicles, drivers and their loads before they are sealed for final delivery to the site.
·         Checks on vehicles should then be undertaken at the boundary to the construction site. For vehicles entering the site, the checks should confirm that the vehicle and occupant details are as expected and that the load has not been tampered with since the offsite checks. For vehicles leaving the site the checks should confirm that no unauthorised goods are being removed.
·         Throughout construction, verification and assurance visits should be undertaken to confirm that potential issues are identified early and addressed. This will include a process for certifying that voids are empty before they are sealed.
Thinking of the staff
It should now be obvious that the number of people working on the project either in offices or on site has risen dramatically from the levels involved at the pure design stage.  This means more people with access to information (some of which may be sensitive) and more people with access to sites and systems that may be vulnerable to malicious activity.  It is therefore necessary to consider carefully the personnel aspects of the overarching security strategy.  This is so often overlooked with attention instead focused on the physical and cyber elements and the people who operate both forgotten about.  It is wrong at this stage to suggest that all staff need to go through comprehensive vetting in order to establish their bona fides and levels of integrity.  That is unnecessary and too time consuming and expensive.  However, care should be devoted to ensuring that, as a very minimum, the true identities of all staff and contractors are fully established and that they all have the appropriate right to work from the host country.  Some staff and contractors will require extra clearance to have access to more sensitive data. 
This is an area where the importance of taking an holistic approach and not operating in silos cannot be overstated.  The security professionals for the venue should take an active interest in this area and not simply leave the matter to the Human Resources or Personnel department.  High quality leadership from the top management layers of the organisation will be necessary to articulate a vision of how the everyday actions of all staff involved in the infrastructure and delivery contribute seemingly effortlessly to the overall security of the event.  If the leadership are clear about the type of event they want to achieve, then it is so much easier for staff to be clear about what they need to do.  So often, weak or absent leadership will be filled by staff doing what they feel is right.  Quite often they will get the tone wrong and this could adversely impact on the overall security stance or inhibit the spectator experience.
Let the games begin
Security does not end when the building phase is over.  Towards the end of this and prior to the venues being used, there needs to be a final process of assurance to test whether the various security infrastructures and systems are fit for purpose.  This is when their actual operation is tested against the original Operational Requirement.  The quality of finish should also be examined.  If the processes described here were followed, then the need for remedial action or reconstruction should be minimal, but as the case studies illustrate, this is not always the case. 
If security has been integrated into the very fabric of the building then it will also support the handling of incidents or emergencies.  An integrated design will enable the event organisers, Police, emergency services and others to respond to incidents, disrupt threats, etc.  The way that security is designed into the structure should aid this and produce an integrated response to a wide range of circumstances, e.g., through the location and functioning of control rooms.  This is the point at which people, processes and technology should all come together in perfect harmony.
So often, security is considered as an afterthought; something to be applied after the design is over.  Not only can this be expensive, but frequently it will not produce the desired levels of protection.  By considering security at the very beginning of the design process, taking an holistic approach, thinking in terms of impact and involving relevant experts throughout that and the building phase, it is possible to produce discreet yet effective measures at reasonable cost that can deliver high levels of assurance to event organisers and others that competitors, spectators and the venue itself will all be protected against malicious activity.  This takes dynamic leadership from general management, supported by appropriate security professionals.  Working together from the very beginning of a project they can make security enhance a sporting event rather than being seen as a tax upon it which is often the (wrong) perception.   

October 2013

The author (Roger Cumming) is the Technical Director of Atkins’ security business. Atkins, an international design, engineering and project management consultancy, was heavily involved in the design of the infrastructure for the Olympic Park and temporary venues for London 2012.

[1] In the UK the Home Office Centre for Applied Science and Technology is responsible for the testing and assessment of security equipment.  The Centre for the Protection of National Infrastructure (CPNI) provides advice to the companies that run the UK’s infrastructure on how to protect themselves from national security threats.
[2] For example: ISO: 27001 and ISO: 27002, Information Security Management Standards; the 800 series from the USA’s National Institute of Standards and Technology (NIST), in particular NIST 800-53 and 800-82 for Industrial control systems.  There may also be applicable standards from the International Society of Automation (ISA) and others such as IEC62443 which covers the protection of plant networks.

Sunday, June 18, 2017

Threats, Designs and Delphic predictions: Designing-in Security for Major Sporting Infrastructure and Other High-Occupancy Spaces (Part 1)

Looking into the future

In the summer of 480 BC, the Athenian celebration of their Olympic games was disrupted by fears of a second invasion by the Persians, the first having been defeated at the Battle of Marathon, ten years earlier.  The Athenians consulted the Oracle of Delphi for guidance about how to defend themselves and were advised to place their trust in a “wall of wood”.  Taking this to be a reference to ships, the Athenians prepared their fleet and subsequently used it to evacuate Athens and later defeat the Persians at sea.
The organisers of today’s major international sporting events do not need to rely on Delphic predictions for security advice; there are highly sophisticated systems available to assess and respond to immediate threats and great levels of information sharing and international cooperation to support the host country.  However, the infrastructure for the sporting event may have been designed many years earlier when it would have been impossible to know with accuracy what kind of threats it would need to withstand.  This article looks at some of the challenges facing architects, designers and engineers to ensure that sporting events can take place safely and securely in a variety of threat environments.

Strategic approach

Infrastructure of any type, sporting or other, takes a long time to plan and build and will last even longer.  A recent Experts’ Summit organised by the International Centre for Sport Security (ICSS) concluded that it took an average of eight years from a decision to build a new piece of sporting infrastructure before it was in operation[1].  The prevailing threat that might bear upon that infrastructure when it is used will be impossible to predict accurately that far in the future.  Furthermore, the threat can change much more quickly than any defensive posture arranged to protect it.  An unexpected terrorist attack, for example, is likely to cause an abrupt re-assessment of the threat.  New cyber threats and avenues of attack can appear very rapidly, a situation that is unlikely to diminish in the short term and may get significantly worse.  Where protective measures need to be added retrospectively, it is invariably at great expense in terms of time, money and disruption.
How do those designing infrastructure and sports venues build-in protection against threats that they cannot accurately predict?  The answer is that by following a few strategic guidelines, it is straightforward to produce designs that not only satisfy the sporting requirements, but do so in a safe and secure manner, are aesthetically pleasing and are capable of withstanding changes to the risk environment in a flexible and cost effective way throughout any legacy use.
Wider context
The first guideline is that the design needs to take place against a wider context, for example a national security strategy or plan that is set by a higher authority (normally the national government).  The security planning for most international sporting events will take place within the context of the host country’s strategic planning framework.  This is likely to consider a range of risks to people, events, and physical and logical infrastructure.  Underpinning this should be a comprehensive set of relationships between the event organisers and the relevant Law Enforcement and other government agencies that are responsible for assessing security threats and disseminating advice about how to mitigate them.  The organisers of a major sporting event must work with these agencies to address any issues relating to threats that might bear upon the event; they cannot reduce the threat by themselves.  It is therefore important for them to understand the broader risk environment and how the national (and local) response machinery is organised.  The way to achieve this is to establish long term working relationships with the relevant organisations, which then can be utilised to respond to a particular event, from a one-off match to a sporting fiesta like the Football World Cup or Olympics.
Impact driven
The second guideline is that the focus of the design should be on minimising the impact of a hostile event (e.g. terrorist bomb, cyber attack).  Designers and architects are very familiar with the need to ensure that sports stadia and other infrastructures are built to ensure the highest levels of safety at times of an emergency such as a fire.  There is no reason why security should not figure as prominently in their considerations.  There is a considerable body of knowledge about how to protect against the effects of blast from a terrorist bomb (whether vehicle or person borne) or against shots from a weapon.  There is a similar wealth of knowledge about how to defend against cyber attacks.  It is essential, therefore, that designers and architects engage early with security practitioners to understand the impact that a catastrophic event might have on the sporting venue and its occupants.  However, all too often designers focus on the likelihood of an attack, rather than on what impact it would have.  A mindset that considered impact ahead of likelihood is much more likely to produce a design that is capable of withstanding a variety of threat scenarios including new ones and those that may change in nature over the lifetime of the infrastructure.
To achieve this, the designer should have a clear understanding of what is critical to the functioning of the infrastructure, venue, etc.  Some of this may emerge naturally from consideration of the safety aspects (e.g. having multiple entrances and exits that can be used in the case of a fire), but others may not be so evident.  Sometimes, good design and good security design may not be the same thing.  For example, placing the back-up to a critical system alongside its master may be elegant in design terms and cheap to implement, but a bomb designed to damage one may take out the back-up as well.  The designer needs also to place critical systems as far away as possible from the public domain to minimise the chances that intruders can quickly penetrate a protective perimeter and cause damage.
Good physical security need not detract from the aesthetic impact of the venue.  Planned in advance, it can be built into the fabric of the venue and its surroundings in such a way as to be pleasing on the eye, discreet and highly effective.  The challenge for the designer is to use the natural lie of the land, and existing geographical features to avoid the need to construct defences that might present a more stark appearance.  A stream or ditch might easily be adapted to control the flow of vehicles or block potentially hostile ones.  Earth banks planted with attractive foliage can protect buildings from the effects of blast.  Where defensive structures need to be built, they should be merged into the surrounding ‘streetscape’ as much as possible.  Raised flower planters, bicycle racks and street lighting fixtures might all be adapted to act as hostile vehicle mitigation of some form.  A major north London football club has some of its hostile vehicle mitigation measures constructed in the form of giant letters of the club’s name.  Other barriers might be hidden behind stone balustrades or constructed from materials that blend in with the surrounding architecture and heritage of the site.  All that is required is for the designer to have early engagement with the security professionals so that the artistry of the former might blend with the requirements of the latter in as attractive a way as possible.

Holistic approach

Acquiring a comprehensive understanding of what is critical to the functioning of a venue leads to the third of the strategic guidelines – taking an holistic approach.  The complex nature of modern communications and control systems throws up highly complex interdependencies between the physical and logical elements in a modern stadium.  Entry gates, CCTV monitors, Public Address, display screens, etc., will all be controlled across communications networks which themselves are based on Internet Protocols (IP).  Such networks will be flexible and able to adapt to changing requirements, but unless they are properly protected, they will be vulnerable to a cyber attack.  This could result in sound physical protection measures being compromised in some way.  Any holistic approach must also include the people who operate the physical and cyber measures at a venue.
However, an holistic approach means much more than just considering physical, cyber and personnel risks together in some way.  Security functions that are organised in silos are inefficient and obstruct the identification and mitigation of risk.  It is important that the governance of the various security functions is structured in such a way as to support an holistic approach.  Having different reporting or line management chains for these functions will stretch channels of communication and introduce potential gaps from which greater risk is likely to emerge.  In our follow-up article in the next edition of this journal, it will also become clear as to why it is important to embed this holistic approach throughout the supply chain for both the build and operation of an event.
Effective security starts at the top of the organisation and should be embedded throughout it by a culture in which the everyday attitudes of staff contribute effortlessly towards an organisation’s protective security regime.   It is vital that event organisers work to achieve such a positive culture and one that takes an holistic, not silo-ed, approach to security – designed to minimise physical, information and personnel risks and protect spectators and staff.
The cyber threat to a venue will manifest itself in many ways, not just those relating to the operation of physical elements.  Information in many forms will be vital to the successful design, construction and operation of any sporting venue, not only for its immediate use, but possibly for many years of legacy beyond that.  The protection of information needs to be considered in a number of circumstances such as:
·         The documents relating to the design and construction of the venues.  Inappropriate disclosure of these could allow the identification of weak points or vulnerabilities in the construction that could be exploited.
·         The operation of the venues, especially during sporting events when the risks are greatest.  Again, inappropriate disclosure of this could allow security regimes to be subverted or compromised.
·         In either electronic or paper form.  Whilst the majority of information will be carried via electronic systems and networks, the use of paper will still be necessary in certain cases.  It is important that the information protection plan encompasses both mediums and enables venues to be confident that hard copy (paper, electronic media, CDs, etc.) is protected as effectively as that carried on the numerous (cyber) networks that will be necessary to support events.
·         The identification of new threats as they emerge.  The rapid development of cyber threats is unlikely to diminish in the short term and may get significantly worse.  It will be particularly important for sporting venues to have confidence that appropriate protection is in place to counter the most sophisticated of these.
The last point, underlines why it is so important to adopt an impact driven approach to the security of cyber infrastructures.  Focusing on a threat that can change so rapidly and far more quickly than defences can be reconfigured will not lead to a secure cyber infrastructure that will remain resilient in the face of uncertainty.  However, by understanding what is critical to its operations, a venue can start to build a cyber system that can deter, detect and defend against the inevitable attempts to compromise its operations.
An effective and holistic security risk management regime will therefore have a number of components including: senior management support; capable people; efficient processes; and the selection of appropriate physical and technical controls.  Each component should interact with and support others in an holistic manner.  It is important to seek a balance between these components as the model is compromised if any one component is deficient or fails.  Organisers should understand that technology is just one piece of a complex jigsaw that will eventually deliver a safe and secure celebration of sport.  A multidisciplinary team is needed to ensure that physical assets and information are safeguarded appropriately and a positive security culture is fostered amongst staff.
At this stage it will also be necessary to consider any legal and compliance issues set by a higher authority (e.g., regional or national government).  There are numerous relevant national and international industry standards that might be adopted.  However, it will be important for the leadership of the venue to ensure that the focus remains on effective and proportionate risk management and not just the slavish obedience of a particular standard.  The danger of adopting standards is that the focus of management effort switches to achieving compliance with the standard rather than holistic management of the risk.

Getting there

The three guiding principles of considering a wider context; being impact driven; and taking an holistic approach may be easy to say yet much more difficult to achieve.   It is vital to get things right from the start and have security considered at the beginning of the design stage, not as a post-build ‘add-on’.  As we have already seen, early engagement between security professionals, designers and architects is essential.  This can save money in the long term and produce a design that enhances the spectator experience by inducing a greater feeling of safety and security.
Achieving this requires nothing more than good communication skills and the ability to keep that going throughout the design and build of a project and its subsequent operation.  But that is easier to say than do as personal relationships, group dynamics and overarching governance structures can all interfere in the process and allow differing elements to drift off in their own directions.  So often, security is considered well after the start of the design process when changing plans becomes expensive and time consuming.  Whilst getting it right at the start is vital, so is the ability to keep that level of engagement going.  This requires continuing commitment and leadership from the management and an engaged and supportive workforce that understand their roles and work seamlessly to embed the security objectives into their everyday actions.  As we will consider in part two of this article, it becomes even more important to achieve this once the design phase is over and construction begins.  During this phase, as the real venues start to emerge and the number of people involved in the project rises, a different set of challenges emerge.  However, by following a simple set of guidelines it is possible to achieve a safe, secure and highly enjoyable celebration of sport that can provide a lasting legacy for generations to come, whatever the prevailing threats of the time and despite our continuing inability to see into the future.
The author (Roger Cumming) is the Technical Director of Atkins’ security business. Atkins, an international design, engineering and project management consultancy, was heavily involved in the design of the infrastructure for the Olympic Park and temporary venues for London 2012.

Part 2 coming 16 July at 4pm (PST).

[1] Insert reference to the Experts’ Summit in Vienna in May 2013.