WORKSHOP ON DEVELOPING NATIONAL CRITICAL INFRASTRUCTURE PROTECTION IN SERBIA – ROLE OF PRIVATE SECURITY COMPANIES CoESS and developing critical infrastructure security systems, services and standards Presentation by Alex Carmichael President of the CoESS Critical Infrastructure Committee Belgrade, Serbia, April 2013 TAIEX – CoESS – NCPSC – Workshop on Developing NCIP in Serbia – Role of PSC

Contents of Presentation  Critical Infrastructure Overview  CoESS view on Critical Infrastructure  Trusted Partner  Standards  CoESS Check List  Public Private Partnerships  Conclusion Belgrade, Serbia, April 2013 TAIEX – CoESS – NCPSC – Workshop on Developing NCIP in Serbia – Role of PSC

CRITICAL INFRASTRUCTURE Overview  Secure and Protected Critical Infrastructure sites are vital to the security and stability of each European state and to Europe as a whole.  Each individual European country determines its sites of critical infrastruture. These may include energy plants, transport hubs/network, water supplies, telecommunications (IT) hubs, etc.  Information about Critical Infrastructure is confidential and should stay confidential.  Council Directive 2008/114/EC – on the identification and designation of European Critical Infrastructure (ECI) and the assessment of the need to improve their protection. Belgrade, Serbia, April 2013 TAIEX – CoESS – NCPSC – Workshop on Developing NCIP in Serbia – Role of PSC

CRITICAL INFRASTRUCTURE Overview  Most Critical Infrastructure (CI) is privately owned or privately run.  State provides security guidance to CI owner, but owner buys (in the main) the security package.  Security package – risk analysis based on the threats, vulnerabilities and potential impacts - leads to identification, selection and prioritisation of counter measures. Belgrade, Serbia, April 2013 TAIEX – CoESS – NCPSC – Workshop on Developing NCIP in Serbia – Role of PSC

CRITICAL INFRASTRUCTURE Overview  Graduate Security Measures – based on risk and threat.  Three pillars  Prevention (detection)  Preparedness  Response/recovery & (resiliance)  CI protection (prevention)  Asset protection – Ditchs, walls,fences, bollards, lighting etc  Technical – CCTV, intruder, access control, cyber security, etc  Private Security Services – Guards, dogs, mobile patrols  Public Security Services – Military, police, etc. Belgrade, Serbia, April 2013 TAIEX – CoESS – NCPSC – Workshop on Developing NCIP in Serbia – Role of PSC

CRITICAL INFRASTRUCTURE Overview  Preparedness  Contingency planning  Training  Exercises  Testing  Response/Recovery  Actions on  Containment  Damage assessment  Recovery phase Belgrade, Serbia, April 2013 TAIEX – CoESS – NCPSC – Workshop on Developing NCIP in Serbia – Role of PSC

CRITICAL INFRASTRUCTURE CoESS view  Private Security Services have a main role in protecting critical infrastructure – (Protection, Preparedness and Response)  Based on Public-Private Partnership  Based on high levels of quality and service  Private Security Service Provider - Trusted Partner with Public Authority and CI site owner Belgrade, Serbia, April 2013 TAIEX – CoESS – NCPSC – Workshop on Developing NCIP in Serbia – Role of PSC

CRITICAL INFRASTRUCTURE Trusted Partner  Comisario Esteban Gandara Tureba – Head of Private Security Unit – Spanish National Police - 4th European Security Summit – Madrid in March 2013  do ut des = Respect between public and private  Trust  Culture of cooperation (360 o )  Legal restriction  Industry – (Trust)  Individuals – security cleared/screened – trained and competent.  Company – security cleared – transparent corporate governance – works to high standards and can fulfil the customer and public authority requirements. Belgrade, Serbia, April 2013 TAIEX – CoESS – NCPSC – Workshop on Developing NCIP in Serbia – Role of PSC

 No European Generic Guarding Standards for Critical Infrastructure  Sector Specific Guarding Standards  EN 16502: Security Service Providers – Terminology  EN 16082: Airport and Aviation Security Services  PD ISO/PAS 28007:2012 – Ships and Maritime – Guideline for security companies providing armed security personnel on board ships  Draft CEN (TC/417) – EN for Maritime and Port Security Services  ISO 9001 – Quality Management Systems  Industry can produce a framework for quality and services of private security – flexible to cover Europe, but high quality level for CI.  CoESS Check List - CI Operators and National Authorities. CRITICAL INFRASTRUCTURE Standards Belgrade, Serbia, April 2013 TAIEX – CoESS – NCPSC – Workshop on Developing NCIP in Serbia – Role of PSC

Trusted Partner Private Guarding Company CoESS CI Check list  Basic Tender Requirements  Industry Lead – CoESS Check List (overview)  Personnel security vetting  Standards for operation  Corporate governance  Financial stability  Insurance requirements applicable to task  Meet national employee requlations and have comprehensive staff policy and training policy  Ability to carry out site risk and threat assessment  Have sufficient resources to carry out contract  Robust communications  Escalation plans and inbuilt resiliance  Check list, not a standard Belgrade, Serbia, April 2013 TAIEX – CoESS – NCPSC – Workshop on Developing NCIP in Serbia – Role of PSC

Public - Private Security CI Partnerships  Private Security Industry  Minimum requirements – (CoESS check list?)  Quality of service  Critical Intrastructure Operator  Set requirements  Quality security service costs money  Public Authorities  Inform industry of the minimum requirements  Partnership built on trust and cooperation  European Commission  Include the Private Security Industry in discussions  Industry can advise on sector capability  Set EU criteria for CI Belgrade, Serbia, April 2013 TAIEX – CoESS – NCPSC – Workshop on Developing NCIP in Serbia – Role of PSC

Public - Private Security Partnerships Do they work?  London – Project Griffin (2004) – set up to aid the security of the London’s financial district (partnership between police, private security industry and security professionals) (  4 activities  Awareness days for private security officers.  Online refresher days to maintain skills.  Regular communications between police and private security officers – conference calls, SMS messages or to ensure current intelligence and incident reports are disseminated in a timely manner.  Emergency deployment – private security officers who have undergone Griffin training may be used by police to support them in responding to incidents, e.g help in establishing cordons. (Recognised as Natioanl best practice and is being looked at by Canada, Austrialia and the United States.) Belgrade, Serbia, April 2013 TAIEX – CoESS – NCPSC – Workshop on Developing NCIP in Serbia – Role of PSC

Public - Private Security Partnerships Do they work?  Germany - Security Partnership Programmes – police ask private security companies operating mobile patrols in certain locations (CI) to pass on information on suspect persons or vehicles or unlawful activities to company operations who then pass on to local police.  Germany Dusseldorf – 500 reports of suspect activities reported. Belgrade, Serbia, April 2013 TAIEX – CoESS – NCPSC – Workshop on Developing NCIP in Serbia – Role of PSC

CoESS View on Critical Infrastructure  Public – Private Partnerships in CI work - many examples of good practice across Europe.  Private Security Services needs to establish agreed level of quality and service for CI acceptable to all National Authorities, but at a European standard level.  Only Private Security Services of the highest quality should be able to offer guarding services for critical infrastructure.  do ut des = Respect between public and private Belgrade, Serbia, April 2013TAIEX – CoESS – NCPSC – Workshop on Developing NCIP in Serbia – Role of PSC

Q&A Belgrade, Serbia, April 2013 TAIEX – CoESS – NCPSC – Workshop on Developing NCIP in Serbia – Role of PSC Q&A

Thank you! Belgrade, Serbia, April 2013 TAIEX – CoESS – NCPSC – Workshop on Developing NCIP in Serbia – Role of PSC Thank You!