Safeguarding water utilities infrastructure

Posted: December 16th, 2014

Mike McColl, managing director of Securiclad, on the physical security risks facing the water industry – and what can be done to counter them.

To date, there haven’t been any publicised serious breaches of security in critical areas of the UK’s water industry. However, the water sector is vulnerable to a number of physical threats associated with theft, contamination, terrorism and disruption to service/supply that could occur as a result of unauthorised access to critical operational areas.

Indeed, there have been incidents overseas which reinforce the need for enhanced physical security and demonstrate the potentially catastrophic repercussions of a compromised water infrastructure.

In the USA last year for instance, a break-in occurred at the Carters Lake Water Treatment Plant in Ramhurst, Georgia and settings that control the amount of chlorine and fluoride that is added to the water were tampered with – as a consequence, approximately 400 residents were advised not to drink the water. And in 2011, a spate of security breaches at water treatment plants in New Jersey resulted in the disruption and contamination of supplies for local people.

Emphasis within the water sector is often placed on electronic monitoring or surveillance hardware, such as CCTV, to protect critical areas of a site. Whilst this is useful and adequate in certain instances, it does not address the immediate physical threat of a perimeter security breach within critical areas. And given the remote location of some facilities, security staff or emergency services may only be able to respond on-site long after a breach has been detected (and the damage already done).

Physically safeguarding water supply and associated equipment is therefore of paramount importance. The areas which are at the most immediate risk are control rooms and water treatment plants, which have been identified in recent years as potential targets for acts of terrorism. We should not, however, underestimate other areas of risk such as storage facilities and offices used to house high value assets, dangerous chemicals (such as chlorine gas), or confidential information. Theft or damage has the potential to cause huge disruption to supply and services.

Physical security, therefore, should play a significant part in the ‘layered’ security strategy of any operator in the water industry. But often, if the threat to physical security is addressed within these critical areas of infrastructure, then the more traditional building methods that are adopted cause operational delays and disruption without the benefit of offering a certified solution.

Standard composite panels, which form walls, ceilings, floors and partitions, for instance, will not provide adequate protection against serious attack from instruments such as sledgehammers, disc grinders, jig saws and high powered cutting too… something which is crucial in protecting control equipment, or any area which is used to house high-value assets. With steel skins of 0.5 mm thick and cores which offer little or no resistance, these kinds of panels can be easily breached by determined criminals.

Standard brick or block walls are also vulnerable, as their joints will act as points of weakness – they can be easily breached by a sledgehammer, for instance.

Any physical security measures – such as wall panels, ceiling panels, and locks – used to protect critical areas such as control rooms, should therefore be certified by the Loss Prevention Certification Board (the standard is LPS1175) and/or approved by the Centre for the Protection of National Infrastructure (CPNI) to guarantee both their quality and suitability.

Thankfully, advances in technology are now leading to refinements in facility design, which identify ‘mission critical’ areas. This helps in an operator’s decision making process by determining the correct and most viable building methods to be utilised in a particular environment.

And it seems that, at a basic level at least, operators are starting to enhance their physical security infrastructure: during AMP5, we have noticed significantly increased investment in physical security measures and current projections appear to show there will be another steep rise in this moving into AMP6. This is indeed a welcome development, especially as the sector still needs to wrestle with cyber-security risks – and allocate budgets for this.

To conclude, it’s clear that investment in the right physical security measures – in the right places – is vital. Certified, appropriate security solutions can provide both peace of mind to operators and the general public, something which in the current climate, is invaluable.

This article was originally published in Water Active magazine, visit here.

< back