Sunday, June 18, 2017

Threats, Designs and Delphic predictions: Designing-in Security for Major Sporting Infrastructure and Other High-Occupancy Spaces (Part 1)

Looking into the future

In the summer of 480 BC, the Athenian celebration of their Olympic games was disrupted by fears of a second invasion by the Persians, the first having been defeated at the Battle of Marathon, ten years earlier.  The Athenians consulted the Oracle of Delphi for guidance about how to defend themselves and were advised to place their trust in a “wall of wood”.  Taking this to be a reference to ships, the Athenians prepared their fleet and subsequently used it to evacuate Athens and later defeat the Persians at sea.
The organisers of today’s major international sporting events do not need to rely on Delphic predictions for security advice; there are highly sophisticated systems available to assess and respond to immediate threats and great levels of information sharing and international cooperation to support the host country.  However, the infrastructure for the sporting event may have been designed many years earlier when it would have been impossible to know with accuracy what kind of threats it would need to withstand.  This article looks at some of the challenges facing architects, designers and engineers to ensure that sporting events can take place safely and securely in a variety of threat environments.

Strategic approach

Infrastructure of any type, sporting or other, takes a long time to plan and build and will last even longer.  A recent Experts’ Summit organised by the International Centre for Sport Security (ICSS) concluded that it took an average of eight years from a decision to build a new piece of sporting infrastructure before it was in operation[1].  The prevailing threat that might bear upon that infrastructure when it is used will be impossible to predict accurately that far in the future.  Furthermore, the threat can change much more quickly than any defensive posture arranged to protect it.  An unexpected terrorist attack, for example, is likely to cause an abrupt re-assessment of the threat.  New cyber threats and avenues of attack can appear very rapidly, a situation that is unlikely to diminish in the short term and may get significantly worse.  Where protective measures need to be added retrospectively, it is invariably at great expense in terms of time, money and disruption.
How do those designing infrastructure and sports venues build-in protection against threats that they cannot accurately predict?  The answer is that by following a few strategic guidelines, it is straightforward to produce designs that not only satisfy the sporting requirements, but do so in a safe and secure manner, are aesthetically pleasing and are capable of withstanding changes to the risk environment in a flexible and cost effective way throughout any legacy use.
Wider context
The first guideline is that the design needs to take place against a wider context, for example a national security strategy or plan that is set by a higher authority (normally the national government).  The security planning for most international sporting events will take place within the context of the host country’s strategic planning framework.  This is likely to consider a range of risks to people, events, and physical and logical infrastructure.  Underpinning this should be a comprehensive set of relationships between the event organisers and the relevant Law Enforcement and other government agencies that are responsible for assessing security threats and disseminating advice about how to mitigate them.  The organisers of a major sporting event must work with these agencies to address any issues relating to threats that might bear upon the event; they cannot reduce the threat by themselves.  It is therefore important for them to understand the broader risk environment and how the national (and local) response machinery is organised.  The way to achieve this is to establish long term working relationships with the relevant organisations, which then can be utilised to respond to a particular event, from a one-off match to a sporting fiesta like the Football World Cup or Olympics.
Impact driven
The second guideline is that the focus of the design should be on minimising the impact of a hostile event (e.g. terrorist bomb, cyber attack).  Designers and architects are very familiar with the need to ensure that sports stadia and other infrastructures are built to ensure the highest levels of safety at times of an emergency such as a fire.  There is no reason why security should not figure as prominently in their considerations.  There is a considerable body of knowledge about how to protect against the effects of blast from a terrorist bomb (whether vehicle or person borne) or against shots from a weapon.  There is a similar wealth of knowledge about how to defend against cyber attacks.  It is essential, therefore, that designers and architects engage early with security practitioners to understand the impact that a catastrophic event might have on the sporting venue and its occupants.  However, all too often designers focus on the likelihood of an attack, rather than on what impact it would have.  A mindset that considered impact ahead of likelihood is much more likely to produce a design that is capable of withstanding a variety of threat scenarios including new ones and those that may change in nature over the lifetime of the infrastructure.
To achieve this, the designer should have a clear understanding of what is critical to the functioning of the infrastructure, venue, etc.  Some of this may emerge naturally from consideration of the safety aspects (e.g. having multiple entrances and exits that can be used in the case of a fire), but others may not be so evident.  Sometimes, good design and good security design may not be the same thing.  For example, placing the back-up to a critical system alongside its master may be elegant in design terms and cheap to implement, but a bomb designed to damage one may take out the back-up as well.  The designer needs also to place critical systems as far away as possible from the public domain to minimise the chances that intruders can quickly penetrate a protective perimeter and cause damage.
Good physical security need not detract from the aesthetic impact of the venue.  Planned in advance, it can be built into the fabric of the venue and its surroundings in such a way as to be pleasing on the eye, discreet and highly effective.  The challenge for the designer is to use the natural lie of the land, and existing geographical features to avoid the need to construct defences that might present a more stark appearance.  A stream or ditch might easily be adapted to control the flow of vehicles or block potentially hostile ones.  Earth banks planted with attractive foliage can protect buildings from the effects of blast.  Where defensive structures need to be built, they should be merged into the surrounding ‘streetscape’ as much as possible.  Raised flower planters, bicycle racks and street lighting fixtures might all be adapted to act as hostile vehicle mitigation of some form.  A major north London football club has some of its hostile vehicle mitigation measures constructed in the form of giant letters of the club’s name.  Other barriers might be hidden behind stone balustrades or constructed from materials that blend in with the surrounding architecture and heritage of the site.  All that is required is for the designer to have early engagement with the security professionals so that the artistry of the former might blend with the requirements of the latter in as attractive a way as possible.

Holistic approach

Acquiring a comprehensive understanding of what is critical to the functioning of a venue leads to the third of the strategic guidelines – taking an holistic approach.  The complex nature of modern communications and control systems throws up highly complex interdependencies between the physical and logical elements in a modern stadium.  Entry gates, CCTV monitors, Public Address, display screens, etc., will all be controlled across communications networks which themselves are based on Internet Protocols (IP).  Such networks will be flexible and able to adapt to changing requirements, but unless they are properly protected, they will be vulnerable to a cyber attack.  This could result in sound physical protection measures being compromised in some way.  Any holistic approach must also include the people who operate the physical and cyber measures at a venue.
However, an holistic approach means much more than just considering physical, cyber and personnel risks together in some way.  Security functions that are organised in silos are inefficient and obstruct the identification and mitigation of risk.  It is important that the governance of the various security functions is structured in such a way as to support an holistic approach.  Having different reporting or line management chains for these functions will stretch channels of communication and introduce potential gaps from which greater risk is likely to emerge.  In our follow-up article in the next edition of this journal, it will also become clear as to why it is important to embed this holistic approach throughout the supply chain for both the build and operation of an event.
Effective security starts at the top of the organisation and should be embedded throughout it by a culture in which the everyday attitudes of staff contribute effortlessly towards an organisation’s protective security regime.   It is vital that event organisers work to achieve such a positive culture and one that takes an holistic, not silo-ed, approach to security – designed to minimise physical, information and personnel risks and protect spectators and staff.
The cyber threat to a venue will manifest itself in many ways, not just those relating to the operation of physical elements.  Information in many forms will be vital to the successful design, construction and operation of any sporting venue, not only for its immediate use, but possibly for many years of legacy beyond that.  The protection of information needs to be considered in a number of circumstances such as:
·         The documents relating to the design and construction of the venues.  Inappropriate disclosure of these could allow the identification of weak points or vulnerabilities in the construction that could be exploited.
·         The operation of the venues, especially during sporting events when the risks are greatest.  Again, inappropriate disclosure of this could allow security regimes to be subverted or compromised.
·         In either electronic or paper form.  Whilst the majority of information will be carried via electronic systems and networks, the use of paper will still be necessary in certain cases.  It is important that the information protection plan encompasses both mediums and enables venues to be confident that hard copy (paper, electronic media, CDs, etc.) is protected as effectively as that carried on the numerous (cyber) networks that will be necessary to support events.
·         The identification of new threats as they emerge.  The rapid development of cyber threats is unlikely to diminish in the short term and may get significantly worse.  It will be particularly important for sporting venues to have confidence that appropriate protection is in place to counter the most sophisticated of these.
The last point, underlines why it is so important to adopt an impact driven approach to the security of cyber infrastructures.  Focusing on a threat that can change so rapidly and far more quickly than defences can be reconfigured will not lead to a secure cyber infrastructure that will remain resilient in the face of uncertainty.  However, by understanding what is critical to its operations, a venue can start to build a cyber system that can deter, detect and defend against the inevitable attempts to compromise its operations.
An effective and holistic security risk management regime will therefore have a number of components including: senior management support; capable people; efficient processes; and the selection of appropriate physical and technical controls.  Each component should interact with and support others in an holistic manner.  It is important to seek a balance between these components as the model is compromised if any one component is deficient or fails.  Organisers should understand that technology is just one piece of a complex jigsaw that will eventually deliver a safe and secure celebration of sport.  A multidisciplinary team is needed to ensure that physical assets and information are safeguarded appropriately and a positive security culture is fostered amongst staff.
At this stage it will also be necessary to consider any legal and compliance issues set by a higher authority (e.g., regional or national government).  There are numerous relevant national and international industry standards that might be adopted.  However, it will be important for the leadership of the venue to ensure that the focus remains on effective and proportionate risk management and not just the slavish obedience of a particular standard.  The danger of adopting standards is that the focus of management effort switches to achieving compliance with the standard rather than holistic management of the risk.

Getting there

The three guiding principles of considering a wider context; being impact driven; and taking an holistic approach may be easy to say yet much more difficult to achieve.   It is vital to get things right from the start and have security considered at the beginning of the design stage, not as a post-build ‘add-on’.  As we have already seen, early engagement between security professionals, designers and architects is essential.  This can save money in the long term and produce a design that enhances the spectator experience by inducing a greater feeling of safety and security.
Achieving this requires nothing more than good communication skills and the ability to keep that going throughout the design and build of a project and its subsequent operation.  But that is easier to say than do as personal relationships, group dynamics and overarching governance structures can all interfere in the process and allow differing elements to drift off in their own directions.  So often, security is considered well after the start of the design process when changing plans becomes expensive and time consuming.  Whilst getting it right at the start is vital, so is the ability to keep that level of engagement going.  This requires continuing commitment and leadership from the management and an engaged and supportive workforce that understand their roles and work seamlessly to embed the security objectives into their everyday actions.  As we will consider in part two of this article, it becomes even more important to achieve this once the design phase is over and construction begins.  During this phase, as the real venues start to emerge and the number of people involved in the project rises, a different set of challenges emerge.  However, by following a simple set of guidelines it is possible to achieve a safe, secure and highly enjoyable celebration of sport that can provide a lasting legacy for generations to come, whatever the prevailing threats of the time and despite our continuing inability to see into the future.
The author (Roger Cumming) is the Technical Director of Atkins’ security business. Atkins, an international design, engineering and project management consultancy, was heavily involved in the design of the infrastructure for the Olympic Park and temporary venues for London 2012.

Part 2 coming 16 July at 4pm (PST).

[1] Insert reference to the Experts’ Summit in Vienna in May 2013.