Peter Guy, Operational Security & Continuity Planning Manager, Network Rail


Published on

Published in: Automotive
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Peter Guy, Operational Security & Continuity Planning Manager, Network Rail

  1. 1. Protecting Rail Critical Infrastructure Peter Guy Operational Security & Continuity Planning Manager Network Rail
  2. 2. Presentation Title: View > Header & Footer Protecting Rail Critical National Infrastructure Peter Guy Operational Security & Continuity Planning Manager Network Rail Thursday 6th March 2014 7-Mar-14 / 2
  3. 3. Presentation Title: View > Header & Footer Network Rail – who and what? Network Rail owns and operates Britain’s railway infrastructure: • Divided into nine Routes – Scotland, London North East, London North West, Anglia, Kent, Sussex, Wessex, Western and Wales. ►There is a four-party relationship managing the rail sub-sector nationally. This relationship is between: • The Department for Transport (DfT), • The Office of the Rail Regulator (ORR - the independent safety and economic regulator for Britain’s railway), • Network Rail, and • The Train / Freight Operating Companies (30 in total). ►Not for profit Ltd company – public purse: • Funding determined by ORR under five-year Control Period system: - CP 5 starts on 1st April 2014. ► 7-Mar-14 / 3
  4. 4. Presentation Title: View > Header & Footer Operational assets / processes / systems Any facility whose business interruption (temporary or total loss) would impact on the operation of the rail network. This includes: • The new Regional Operations Centres. • Signalling Control Centres. • Route Control Centres. • Electrical Control Rooms. • Managed Stations. • Locations where key functions / processes occur that allow the rail network to operate, for example: - Operational planning. - Safety procedures. - Financial Shared Services. • Other vital infrastructure exists, for example, the Severn Tunnel, key bridges and viaducts etc. ►Systems include IM, telecoms (e.g. signalling, power, communications). ► 7-Mar-14 / 4
  5. 5. Presentation Title: View > Header & Footer Definition of operational security Operational security is a holistic regime that incorporates physical, technical, human, procedural and logical security assets to provide a level of protection from identified risks and threats. 7-Mar-14 / 5
  6. 6. Presentation Title: View > Header & Footer Network Rail CNI assets The breakdown of Network Rail CNI locations by category is as follows: • Category 5 Nil. • Category 4 Nil. • Category 3 38 • Category 2 27. • Category 1 4. • TOTAL 69. ►Currently, this list does not include Managed Stations as CNI. ►Key processes outside CNI locations being assessed and reviewed. ►Potential for Critical Rail Infrastructure (CRI) list to be developed – clearer sub-sector impact understanding. ►Development of and move to Regional Operating Centres (600+ reducing to 14) – potential for Cat 4? ► 7-Mar-14 / 6
  7. 7. Presentation Title: View > Header & Footer Challenges and practice Clarity of roles of who provides what, when, to whom and with what authority (guidance / instruction etc): • Rail industry heavily regulated (economically and safety): - DfT. - ORR. - Rail Safety Standards Board (RSSB). • Other agencies who have interest and input: - Centre for the Protection of the National Infrastructure (CPNI). - Civil Contingencies Secretariat (and Local Resilience Forums under CCA obligations – Network Rail is a Cat 2 Responder). - Police – British Transport Police. ►Knowing who brings what to the party - what agencies can do for us. ►Vital that all bodies understand the operational/business priorities/procedures and environment. ► 7-Mar-14 / 7
  8. 8. Presentation Title: View > Header & Footer Challenges and practice Little direct liaison with other CNI sector owners/operators: • Sharing information/best practice – centrally coordinated covering all CNI sectors: - Resilience Direct. - Cabinet Office - Infrastructure Security & Resilience Industry Forum – future role? • However, excellent joint work with BT, TfL and Highways Agency on metal theft issues and wider consultation via ACPO Metal Theft WG. ►Information Sharing Agreements (ISAs)– is there a need for formal ISAs? • National operator - multiple LRFs etc. Network Rail policy – no individual ISAs, but full cooperation with bodies. ►Definitions - use of common set of terminology to describe activities: • Network Rail using Cabinet Office Lexicon as reference. ►Restrictions in receiving ‘classified’ communications outside .pnn / .gsi network: • Wider / comprehensive use of Resilience Direct ►Knowing what guidance, best practice etc is available and where to get it. ► 7-Mar-14 / 8
  9. 9. Presentation Title: View > Header & Footer How do we protect our CNI? Recognition that no one panacea exists. Network Rail adopts a holistic approach to security that includes: • Physical (part of the design of facilities): - Hostile Vehicle Mitigation (PAS 68 tested and passed). - Perimeter fencing. - Glazing resilience. - Building design and materials used. • Technical: - CCTV, Electronic Access Control Systems, Intruder Detection Systems. • Procedural: - Plans, procedures, exercises, assurance & competency regime etc. • Cultural / behavioural: - Attitude and ownership, education, empowering, liaison, engagement. • Logical. 7-Mar-14 / ► 9
  10. 10. Presentation Title: View > Header & Footer Summary Definition of how important the rail industry is to UK economy: • Allow for improved CNI and key processes’ assessments. ►More involvement with lead Government department, yet no regulatory activity for CNI at DfT. ►Development of briefing process to inform bodies of changes to business/operational environment: • E.g. Introduction of European Rail Traffic Management System (ERTMS): - Significant shift in focus for rail industry resilience. - Identify what bodies/agencies should be involved and to what level. ► 7-Mar-14 / 10