Seattle Maximizes Its Security InvestmentWith a Prudent, Yet Reasonable, Master Plan

摘要

Preparing to respond to potential security threats requires utilities to demonstrate a serious,rncomprehensive, proactive commitment to be ready for a wide range of threats. Seattle Public Utilitiesrn(SPU) has demonstrated that commitment by developing and implementing a comprehensive masterrnplan for security improvements that incorporates the physical, technological, and organizational featuresrnthat are integrated to achieve results. SPU is a major public utility that has the tools in place torndistinguish – in real time – false threats from actual threats and to take appropriate action immediately.rnWhile SPU has made major improvements to protect against threats, the job is not – perhaps never willrnbe – complete, as SPU assesses the performance of its investments and adapts to new needs in the future.rnThis presentation will explore Seattle’s approach to developing a security plan that is focused onrnachieving results across all lines of business: water, wastewater, drainage, and solid waste. SPU’srnSecurity Master Plan incorporates the utility’s needs to protect against cyber and human threats byrnassessing physical and organizational capabilities of its communications system, security control center,rnsecurity systems at facilities and offices, contract security services, security intelligence analysis, andrnhow employees use the security improvements and respond to real and potential threats.rnWhile key technology improvements make detection possible, the important part of the security programrnis making an assessment of this detection activity and acting on it quickly. There are many criticalrnpeople issues that SPU has addressed in its plan and in the organization that make the difference inrnshort- and long-term success. If a fence is cut, for example, staff viewing video surveillance canrndetermine where and when the act occurred and assess threat credibility. Sensors set off alarms when arndoor is opened or someone enters a critical zone. These alarms can be activated or deactivated,rndepending on who needs access to facilities and under what circumstances access is required. Control ofrnthis access can be centrally managed in real time if threat levels change. The security system can also bernused to assess false alarms or non-events based on comments by citizens that they “saw” somethingrnsuspicious or staff observed a compromised lock or fence. The system and staff are can immediatelyrndetermine the credibility of this alleged event and take appropriate action.rnThis presentation includes a discussion of how SPU structured the Security Master Plan, establishedrnoperating and capital budgets and programs for security, solicited and received grant funding, achievedrnelected official and community participation, and implemented the improvements with new securityrnsystems, policies, procedures and training. Key aspects of the plan ensured successful integration with arncity-wide emergency preparedness and response framework, providing a long-term strategy for both.rnSeattle’s use of effective, efficient solutions maximizes the value of the utility’s investment in securityrnand helps SPU to resist potential political pressure for the kind of dramatic and costly response thatrncreates a permanent bureaucracy. Utilities must be secure, but in prudent and reasonable ways that focusrnon the use of technology to deter and detect, assess and if necessary, to react and respond.