Technology Today

2015 Issue 1

Critical Infrastructure Protection


Security and protection of national infrastructure has long been on the agenda of many government organizations. In the past the emphasis was on nuclear plants and military bases, with appropriate security measures implemented. As the rapidly increasing world population demands more energy and resources, however, the threatened critical infrastructure includes oil and gas plants, pipelines, desalinization plants, power distrbution, busy ports and key airports (see Figure 1).

Figure 1. Critical infrastructure are assets that, if damaged, cause significant impact to the

These new infrastructure targets pose a number of security and protection issues to the governments and commercial organizations that own and operate them. Often originally built without considering security, these infrastructure elements are more vulnerable to physical and cyberthreats than military bases and nuclear plants. The destruction or even disabling of a small proportion of these national sensitive sites can cause exponential economic and social consequences, not only for that nation but also for the global market that depends on that resource.

In addition to the rising number of infrastructure targets within the modern world, there has also been a steady increase in the breadth of threats. The threat of conventional war and one nation’s forces attacking another nation’s facilities has been augmented by an increase in terrorist and guerrilla groups who use ingenious low-cost tactics to achieve maximum impact and disruption.

Industries are responding to these threats. For example, the energy industry is working with a combination of large defense organizations and small high-tech businesses to develop security measures and products that protect their assets. Small, commercial, high-tech businesses are being supported through oil and gas contracts, and investments in their technology are being made by national oil companies. One of the largest oil and gas projects currently under way and valued at over AUS $12 billion is being undertaken by a consortium led by Shell. The project involves a floating liquid natural gas vessel that will operate off the northwest coast of Australia. At over 500 meters long and displacing some 600,000 tons, this behemoth will be monitored using only two 360 degree cameras in the current design, providing some awareness but few protection measures.

In contrast, the increase in piracy around the Horn of Africa presents a different set of challenges and requires different solutions. These customers need a total security solution that rapidly adapts to a changing world and protects against the full range of criminal and terrorist activities, and filling this need requires integration of multiple different levels of protection. These customers require an experienced integrator having proven protection systems and a product base knowledge that can be used to provide a proven, layered protection solution. In addition to security experience, the lead integrator also needs an extensive background in communications and network capabilities, the ability to offer multiple levels of actionable response and command and control (C2) capabilities to generate and integrate situational awareness information and seamlessly execute an appropriate response to the threat.

Key Technologies

The technologies used in a layered protection system range from commercial capabilities from vendors and Raytheon products to extensive defense systems from key companies across the globe. For example, point-access solutions for providing secure personnel access and intrusion detection are well-known commercial capabilities with thousands of players across the globe. A full layered protection solution must however include additional capabilities including proven C2 and reliable communications to provide a shared situational awareness and the ability to provide an integrated response to threats. Although the types of threats may be different depending on the specific asset to be protected and its location, the goal is still the same: detect early, assess effectively and respond effectively.

Figure 2. Elements of a protection system. The technology components of a layered solution are diverse and must work together to provide seamless asset protection.

As depicted in Figure 2, the best protection solution requires a broad reach across different companies and products, driven by the risk analysis and integration expertise of a major contractor such as Raytheon. Commercial point-access solutions, for example, might use fiber-optic fence sensors and buried radio frequency induction sensors to provide improved capabilities over the older mechanical fence sensors. Camera technologies continue to evolve as higher resolution and uncooled operation increase their capabilities (e.g., resolution and range) and ease of use. Radar systems complement the passive camera systems by providing longer-range detection of potential threats with ability to spin for full coverage around the protected site. Newer active electronic scanned arrays provide more sophisticated capabilities for detection and tracking. The integrated operation of both camera and radar systems can increase the probability of early threat detection and improve false alarm rate versus using just one type of system alone.

C2 is the key to managing the awareness of these complex environments and executing appropriate protection measures. For example, an aquatic environment contains swimmers, rafts, small boats, airborne traffic and other platforms that for the most part have no hostile intent. The C2 solution, typically hosted in an operational center, is designed to enable rapid assessment of these platforms by identifying those that potentially intend to harm the protected facilities and then to provide alerts to the impacted teams. The security force needs awareness, clear communications and decision-making capabilities that avoid the wrong response to commercial operations and accelerate response when indications show hostile activity.

The total protection solution, including the use of nonlethal and potentially lethal effectors for deterrence to the threat, leverages integrated technologies from all the multiple domains shown in Figure 2 to enable the country’s existing security forces to protect their important assets.

Solving the Customer’s Problem

Development of a protection capability starts with understanding what type and level of security is needed and then developing a concept of operations (CONOPS) for how the capability will be established, used, and maintained. The CONOPS describes the system solution in terms of the customer needs it will fulfill, its relationship to existing systems or procedures, and the ways it will be used. It is tailored for unique requirements and customer user communities and describes how the technological, physical and human components are combined into an overall solution. It is tailored to the specific threats and balanced against the available resources and the operational environment. The CONOPS helps drive a full solution that includes products and technologies, and also encompasses recommended changes in operations, personnel, processes and infrastructure.

Figure 3. The type and level of protection drives the choice of and mix of technologies used in each protective layer.

An organizational evaluation is performed early in the critical infrastructure protection (CIP) development process, working directly with the customer’s planners and leadership to develop a detailed understanding of the asset to be protected, the regional threats as well as the needed level of protection (see Figure 3). The planning process takes into account the fact that there are baseline, or foundational, requirements that must always be met at the onset of the planning effort to ensure the success of the mission. Also to support CONOPS development, modeling and simulation is used to analyze the performance of a variety of possible protection capabilities integrated in different ways and compared against one another in different operational concepts and constructs against varying types and levels of threat. These performance assessments help the integrator and customer identify which changes would bring the best value for protecting the customer’s resources.

The specific protection needs are driven by the desired level of threat deterrence, the severity of the threat environment and the vulnerability of the customer’s critical infrastructure to the threats. Using the conceptual framework of Figure 3, the customer’s protection needs are assessed and a layered, affordable CIP solution is developed that provides the appropriate level of protection ranging from passive protection measures only to a full area defense of multiple assets using both non-lethal and lethal methods.

The complete CIP solution, including results of the organizational assessment, M&S analyses, and CONOPS development, provides the customer a recommended architecture of processes, sensors, software, information technology and tactical infrastructure with a staged implementation approach at a pace that can be absorbed by the security forces and at which funds are available. This solution is then iterated based on customer feedback, until a baseline solution is selected and follow-on development phases begin.

Due to the complexities and variety of today’s threats, fully integrated, multilayered CIP solutions are more often required versus simpler single technology solutions to protect a nation’s critical infrastructure. These solutions often employ a variety of products and capabilities under one operating system, enabling a small number of security personnel to counter a variety of threats from a number of different sources. Examples of this type of capability are evident around the world where small onshore control centers cover the protection, security and situational awareness of entire oilfields operating multiple offshore assets.

J. Bryan Lail,
Joel Holyoak, Ph.D.,
and James Norwood

Share This Story

Top of Page