Preparing to respond to potential security threats requires utilities to demonstrate a serious, comprehensive, proactive commitment to be ready for a wide range of threats. Seattle Public Utilities (SPU) has demonstrated that commitment by developing and implementing a comprehensive master plan for security improvements that incorporates the physical, technological, and organizational features that are integrated to achieve results. SPU is a major public utility that has the tools in place to distinguish – in real time – false threats from actual threats and to take appropriate action immediately. While SPU has made major improvements to protect against threats, the job is not – perhaps never will be – complete, as SPU assesses the performance of its investments and adapts to new needs in the future. This presentation will explore Seattle’s approach to developing a security plan that is focused on achieving results across all lines of business: water, wastewater, drainage, and solid waste. SPU’s Security Master Plan incorporates the utility’s needs to protect against cyber and human threats by assessing physical and organizational capabilities of its communications system, security control center, security systems at facilities and offices, contract security services, security intelligence analysis, and how employees use the security improvements and respond to real and potential threats. While key technology improvements make detection possible, the important part of the security program is making an assessment of this detection activity and acting on it quickly. There are many critical people issues that SPU has addressed in its plan and in the organization that make the difference in short- and long-term success. If a fence is cut, for example, staff viewing video surveillance can determine where and when the act occurred and assess threat credibility. Sensors set off alarms when a door is opened or someone enters a critical zone. These alarms can be activated or deactivated, depending on who needs access to facilities and under what circumstances access is required. Control of this access can be centrally managed in real time if threat levels change. The security system can also be used to assess false alarms or non-events based on comments by citizens that they “saw” something suspicious or staff observed a compromised lock or fence. The system and staff are can immediately determine the credibility of this alleged event and take appropriate action. This presentation includes a discussion of how SPU structured the Security Master Plan, established operating and capital budgets and programs for security, solicited and received grant funding, achieved elected official and community participation, and implemented the improvements with new security systems, policies, procedures and training. Key aspects of the plan ensured successful integration with a city-wide emergency preparedness and response framework, providing a long-term strategy for both. Seattle’s use of effective, efficient solutions maximizes the value of the utility’s investment in security and helps SPU to resist potential political pressure for the kind of dramatic and costly response that creates a permanent bureaucracy. Utilities must be secure, but in prudent and reasonable ways that focus on the use of technology to deter and detect, assess and if necessary, to react and respond.
展开▼
