2024 WRC Hyundai World Rally Team’s i20 N Rally1 Hybrid
Peter Guy, Operational Security & Continuity Planning Manager, Network Rail
1. Protecting Rail Critical Infrastructure
Peter Guy
Operational Security & Continuity Planning Manager
Network Rail
2. Presentation Title: View > Header & Footer
Protecting Rail Critical National Infrastructure
Peter Guy
Operational Security & Continuity Planning Manager
Network Rail
Thursday 6th March 2014
7-Mar-14 / 2
3. Presentation Title: View > Header & Footer
Network Rail – who and what?
Network Rail owns and operates Britain’s railway infrastructure:
• Divided into nine Routes – Scotland, London North East, London North
West, Anglia, Kent, Sussex, Wessex, Western and Wales.
►There is a four-party relationship managing the rail sub-sector nationally.
This relationship is between:
• The Department for Transport (DfT),
• The Office of the Rail Regulator (ORR - the independent safety and
economic regulator for Britain’s railway),
• Network Rail, and
• The Train / Freight Operating Companies (30 in total).
►Not for profit Ltd company – public purse:
• Funding determined by ORR under five-year Control Period system:
- CP 5 starts on 1st April 2014.
►
7-Mar-14 / 3
4. Presentation Title: View > Header & Footer
Operational assets / processes / systems
Any facility whose business interruption (temporary or total loss) would impact
on the operation of the rail network. This includes:
• The new Regional Operations Centres.
• Signalling Control Centres.
• Route Control Centres.
• Electrical Control Rooms.
• Managed Stations.
• Locations where key functions / processes occur that allow the rail
network to operate, for example:
- Operational planning.
- Safety procedures.
- Financial Shared Services.
• Other vital infrastructure exists, for example, the Severn Tunnel, key
bridges and viaducts etc.
►Systems include IM, telecoms (e.g. signalling, power, communications).
►
7-Mar-14 / 4
5. Presentation Title: View > Header & Footer
Definition of operational security
Operational security is a holistic regime that incorporates
physical, technical, human, procedural and logical security
assets to provide a level of protection from identified risks
and threats.
7-Mar-14 / 5
6. Presentation Title: View > Header & Footer
Network Rail CNI assets
The breakdown of Network Rail CNI locations by category is as follows:
• Category 5
Nil.
• Category 4
Nil.
• Category 3
38
• Category 2
27.
• Category 1
4.
• TOTAL 69.
►Currently, this list does not include Managed Stations as CNI.
►Key processes outside CNI locations being assessed and reviewed.
►Potential for Critical Rail Infrastructure (CRI) list to be developed – clearer
sub-sector impact understanding.
►Development of and move to Regional Operating Centres (600+ reducing to
14) – potential for Cat 4?
►
7-Mar-14 / 6
7. Presentation Title: View > Header & Footer
Challenges and practice
Clarity of roles of who provides what, when, to whom and with what authority
(guidance / instruction etc):
• Rail industry heavily regulated (economically and safety):
- DfT.
- ORR.
- Rail Safety Standards Board (RSSB).
• Other agencies who have interest and input:
- Centre for the Protection of the National Infrastructure (CPNI).
- Civil Contingencies Secretariat (and Local Resilience Forums under
CCA obligations – Network Rail is a Cat 2 Responder).
- Police – British Transport Police.
►Knowing who brings what to the party - what agencies can do for us.
►Vital that all bodies understand the operational/business priorities/procedures
and environment.
►
7-Mar-14 / 7
8. Presentation Title: View > Header & Footer
Challenges and practice
Little direct liaison with other CNI sector owners/operators:
• Sharing information/best practice – centrally coordinated covering all CNI
sectors:
- Resilience Direct.
- Cabinet Office - Infrastructure Security & Resilience Industry Forum –
future role?
• However, excellent joint work with BT, TfL and Highways Agency on metal
theft issues and wider consultation via ACPO Metal Theft WG.
►Information Sharing Agreements (ISAs)– is there a need for formal ISAs?
• National operator - multiple LRFs etc. Network Rail policy – no individual
ISAs, but full cooperation with bodies.
►Definitions - use of common set of terminology to describe activities:
• Network Rail using Cabinet Office Lexicon as reference.
►Restrictions in receiving ‘classified’ communications outside .pnn / .gsi network:
• Wider / comprehensive use of Resilience Direct
►Knowing what guidance, best practice etc is available and where to get it.
►
7-Mar-14 / 8
9. Presentation Title: View > Header & Footer
How do we protect our CNI?
Recognition that no one panacea exists. Network Rail adopts a holistic
approach to security that includes:
• Physical (part of the design of facilities):
- Hostile Vehicle Mitigation (PAS 68 tested and passed).
- Perimeter fencing.
- Glazing resilience.
- Building design and materials used.
• Technical:
- CCTV, Electronic Access Control Systems, Intruder Detection
Systems.
• Procedural:
- Plans, procedures, exercises, assurance & competency regime
etc.
• Cultural / behavioural:
- Attitude and ownership, education, empowering, liaison,
engagement.
• Logical.
7-Mar-14 /
►
9
10. Presentation Title: View > Header & Footer
Summary
Definition of how important the rail industry is to UK economy:
• Allow for improved CNI and key processes’ assessments.
►More involvement with lead Government department, yet no regulatory
activity for CNI at DfT.
►Development of briefing process to inform bodies of changes to
business/operational environment:
• E.g. Introduction of European Rail Traffic Management System
(ERTMS):
- Significant shift in focus for rail industry resilience.
- Identify what bodies/agencies should be involved and to what
level.
►
7-Mar-14 / 10