Strength in unity: pipeline security
Pipeline security should not just look at physical infrastructure
The question of ‘what next’ when considering upstream pipeline security is actually one that should not just focus on physical infrastructure.
By looking at security holistically, rather than a consideration vectored onto a particular site, the question changes from ‘what should I do next’ to ‘what could I being doing better now’?
Of course the pipeline remains a worthy focal point when considering lost revenue and other second and third order effects both upstream and downstream in the event of a breach.
However, viewing it in isolation as a key vulnerability is in many respects allowing some of the first layers of your security to be compromised – purely because they have not been fully considered. It is actually these early breaches that make the application of technological measures less effective when denying an incident at the actual focal point.
In essence, you need to look at all aspects of the human and physical landscape that your pipeline sits within.
Within the human landscape, this includes an understanding of the local population, engaging with the local power brokers and leadership, understanding what is the main source of income in the area, identifying what percentage of the population is working within your industry or area, and what history there has been of issues (both positive and negative).
Understanding and staying attuned to some of these issues and not repeating past mistakes, can become just as effective as any piece of equipment or incident response team (IRT).
At the very least, they are a key enabler to the success of physical security measures.
Through involvement in some of the security architecture, or even demonstrating the benefits of the pipeline’s enduring success to the community and region, a sense of ownership and thus corresponding protection by those that know the physical terrain is created.
It is when merging this local knowledge and sense of protection and pride with physical security measures on site, that a truly integrated and widely cast security net takes shape. What it also does, is allows you to undertake, with greater clarity, a security risk assessment (SRA).
By understanding the physical and human environment as nested considerations, you may find that the resources initially thought to be required are not needed in such quantity or can be weighted only in the most vulnerable areas. Essentially it is helping define the type and placement of your physical measures.
So what now of these physical security measures? Well, once again it is an approach that sees further layering and integration. In today’s operating environment, there is a wide spectrum of technological systems and devices on offer to aid in pipeline and other key infrastructure security.
Article continues on next page ...
Unattended ground sensors (UGS), unmanned aerial systems (UAS), closed circuit television (CCTV), infra-red (IR) and thermal imaging (TI) camera technologies all provide a standoff capability that reduces the physical footprint on sites, and in many respects provides a more passive feel to security operations.
Of course this all requires a warm body to capture it, interrogate it and make the appropriate decision when distilling what is acceptable and what requires further investigation.
This investigation can only really be achieved by ‘boots on the ground’, so you have to maintain one or several IRT capabilities. There is an emerging market in these devices however and technology is becoming more advanced.
One man’s pipeline, is another’s airport fence line, another’s shipping channel or even for farmers in rural Australia, another’s herd of cattle. All require monitoring from afar.
The recommended additional consideration when applying technological solutions is knowing the devices vulnerabilities, for example; weather, detection clutter, maintenance requirements and frequency of down time.
As has been at the core of this discussion, layering or super imposition of alternate methods means that the coverage is there. This can’t be factored in as an afterthought though, it must be built into the overall plan.
In summary, what needs to be clearly understood, is that within many of today’s operating environments, any advancement in technology or application of physical security mass purely at the point of concern, is more often than not met with adaptation by the threat elements in their own techniques and measures.
By applying a layered approach as far back as you can imagine, you create barriers that if not providing an obstacle too great for a threat to overcome, at least disrupts them long enough that other more effective measures can take over.
Therefore reverse engineering your pipeline security is the best way to look at it. Don’t think straight away of the incident on the actual installation, go all the way back to understanding who might be involved, what their motivations are, how they would get to your location and what you can do along the way to identify, categorise and if required stop them.
Essentially simply ask yourself ‘what could I be doing better now’.