Presentation is loading. Please wait.

Presentation is loading. Please wait.

Saudi Aramco Industrial Security Operation’s C2 Roadmap

Published byGeorge Barton Modified over 9 years ago

Similar presentations

Presentation on theme: "Saudi Aramco Industrial Security Operation’s C2 Roadmap"— Presentation transcript:

1 Saudi Aramco Industrial Security Operation’s C2 Roadmap
Yazeed Alsenani

2 Framework of Operations – Mission – HCIS
To maintain protection of the Saudi Aramco’s employees and assets, and the security of operation facilities, in a highly efficient, transparent, and cost effective manner, using the most appropriate workforce and technology, in compliance with Government Directives. High Commission of Industrial Security (HCIS) A branch of MoI established as the government body responsible for implementing and governing Industrial Security strategies, policies and standards for national Industrial facilities in Saudi Arabia. The ISO has more than 6000 employees with broad range of disciplines including security men in uniforms, employees with criminal justice backgrounds, technicians, system analysis, software developers, more than 60 engineers and so on and so forth. Our operations extends to all company facilities kingdom wide. I will outline the framework for our operations in light of our mission statement, and the government Directives that regulates our operations. So our mission statement is to maintain protection of the Saudi Aramco’s employees and assets, and the security of operation facilities, in a highly efficient, transparent, and cost effective manner, using the most appropriate workforce and technology, in compliance with Government Directives. These government directives are mandated by the High Commission of Industrial Security (HCIS) which is a branch of MoI established as the government body responsible for implementing and overseeing Industrial Security strategies, policies and standards for national Industrial facilities in Saudi Arabia. Among the HCIS Directives, HCIS has issued new standards and requirements back in covering 12 secuirty domains including a domain for integrated security systems and Command and Control. Next

3 Framework – Security Protection Concept
4 D 's DEPLOY DETER DETECT DELAY The methodology for achieving Industrial Security Operations mission is symbolized by the simple and effective protection in-depth strategy, The 4 D’s . The 4D’s elements are: Detect, Delay, Deploy Resources In Order to Deter any illicit act intending to undermine security of the company’s assets. This 4Ds are continually projected as an overarching measure for existing and considered endeavor within the security programs. It also forms a frame of reference familiar to all management levels in the company. Capabilities and measures along each of the 4D elements, have been and are still being profoundly enriched with multiple long range horizons.

4 Background History – Saudi Aramco Industrial Security
Characterization Characterization Passive Security Basic Monitoring and Dispatching Rooms Characterization Characterization Active Security Alarm Management System Dispatching Proactive Security 20 Control Rooms Incident Management System Dispatching Knowledge Based Security Integrated Systems 5 Regional Control Centers Regional Security Control Centers Long Range Radars & Cameras Licensed Shooting Range Command & Control Capability Command & Control Capability Command & Control Capability Command & Control Capability New Training Center 2008 Smart Cards & Biometrics Quick Response Team Industrial Security Service Automation Arming Security Personnel Now please allow me to walk you through a quick journey of Saudi Aramco’s Industrial Security Operations History. In this History timeline you can see that Industrial Security Operations (ISO) was established in 1973. Next Since then industrial security went through many milestones and transformations to cope with evolving level of global threats, advancement of security technology, and the expansion of the company operations. These milestones include the introduction of the access control systems in 1981, arming security personnel in 1997, automation of Industrial security services back in 2003, Introduction of quick response team in 2005. This evolution gained a lot of momentum for the last 10 years including introducing smart cards and biometrics in 2008, and a new training center in 2009 which was granted a license from the ministry of interior to operate the first and only Private Live Shooting Range in the kingdom. And finally, the inauguration of 5 new Regional Security Control Centers. So from the timeline, you can see the Industrial security Operations was not technology intensive. Global industrial security back then in general was characterized to be more human resources intensive. Security men relayed more on their god given senses and primitive security equipment and simple training requirements. As for command & Control capabilities, ISO had few basic dispatching and monitoring rooms. In late nineties, ISO become more reactive and automated with the introduction of new technologies and security men started to be armed for the first time. Control Rooms back then had alarm management systems and enhanced communications for dispatching. Early 2000nds, ISO had more than 20 Control Rooms equipped with alarm and incident management systems operating on fragmented systems platform, each with different capabilities and operating schemes. Communications were also enhanced to include alerting and conferencing systems. As early as 2004, ISO has established development plans to standardized its control center operations and transform its C2 capabilities to Command, Control, Computers, communications and Intelligence C4I capabilities, however, the plans faced many challenges due to the lack of some the enabling infrastructure, such as the wireless communications required for forward patrol vehicles which required the plan to be delayed and for reassessment. In 2011, ISO developed a comprehensive Development Roadmap which I will talk about in more details in later slides. In 2013, ISO has borne first fruits of transformation plans with the inauguration of Five regional inauguration of 5 Regional Control Centers to run in place of the 20 control rooms and transformed our operations to knowledge-based security. Saudi Aramco Identification Automated System (SAIDS) Automated Fingerprint Identification System (AFIS) Security Access Control System Establishment Of The Industrial Security Operations 1973 1981 1990 1994 1997 2003 2005 2008 2009 2013 2013 2013

5 C2 Deployment Roadmap Goal C2 Strategy
Establish knowledge-based C2 centers that achieve decision and execution superiority leveraging on seamless communications to maintain effective security protection of Saudi Aramco’s assets and employees. C2 Strategy To provide a progressive improvement for the C2 capabilities factoring and streamlining three (3) areas of improvement (HR, Procedures, and Technologies) and incorporating three (3) timelines (short-term, mid-term, and long-term) with specific goals and agendas for each timeline. As demonstrated in the history timeline, the company expansion and the rapidity with which systems and sensors are deployed have driven the need to improve Command and Control Capabilities. The ability to monitor a wide range of events over a vast amount of areas, while accurately identifying potential threats and reacting efficiently is a complicated scenario. The solution calls for knowledgeable personnel and sophisticated technology coupled with solid Standard Operating Procedures.  In light of these facts, the C2 deployment roadmap strategy was established with a goal to provide knowledge-based C2 centers that achieve decision and execution superiority leveraging on seamless communications to maintain effective security protection of Saudi Aramco’s assets and employees. The strategy to implement this is to provide a progressive improvement for the C2 capabilities factoring and streamlining three (3) areas of improvement (HR, Procedures, and Technologies) and incorporating three (3) timelines (short-term, mid-term, and long-term) with specific goals and agendas for each timeline. _________________________________________________________________________________________________________________________________________________________ Critical Facilities have a continued need for efficient security, especially pertaining to protecting perimeters. Facilities must actively monitor and respond to unauthorized intrusions, emergency events and potential terrorist activities.

6 C2 Improvement Roadmap Short-Term Mid-Term Long-Term HR
Integrated Security C2I System Integrated Security C4I System Integrated Enterprise C4I System Procedures First is Short-Term which aims at achieving what is referred to as Command and Control Intelligence (C2I) which features enhanced security situational awareness by integrating all Cameras and Sensors on the field, in addition to providing standalone Response management systems. Next Second is Midterm timeline which calls for Integrating all security systems into a unified Command, control, Communications, computers, Intelligence (C4I) platform, to achieve a Common Operating Picture (COP) providing a global presentation layer of operations which also offers a compressive and systematic workflow of Security incident handling from incident initiation, to incident close-out and logging of an incident. Third time line, the long-term timeline is to bring on board more corporate entities to be housed in the Control centers to achieve an Integrated Enterprise C4I system. Next, I will start with HR development and talk about HR development best practices and some of the activities undertaken as part of the C2 Development Roadmap towards the short term and mid-term plans. Click HR Link, As for Procedures and before investing into technology, it is first important to set the foundation of appropriate and elaborate procedures that will drive the technology and without which, technology for such a complex endeavor will not function as intended. Click Procedure Link, Finally is the technological improvement, Click Technology Link, With this I have shared with you the activities undertaken to fulfil the short-term plan. We are currently progressing at the detailed design of the project, which provides the building block for the long term plan. Technology

7 HR Development – Best Practices
Job Analysis Competency Gap Analysis (Training Needs Analysis - TNA) EXISTING Skills Knowledge Attitudes Competencies REQUIRED Use the TNA to “bridge” the gap As best practices, and as for any job a command and control operator job shall be analyzed to determine in details the particular job duties and requirements and the relative importance of these duties for a given job, as well as to determine employment procedures such as training, selection, compensations, and performance appraisals. Another key element in competency improvement is to perform Training Needs Analysis (TNA) to bridge the gap between existing competencies and required set of competencies.

8 HR Development – Towards Operational Excellence
Internationally Accredited Training Control Center Line Specific Training on C2i (Pearson – Edexcel Accredited) Internationally Recognized Certifications APCO International Public Safety Telecommunicator Disaster Operations & Communications Crisis Negotiations for Telecommunicators Communications Training Officer Communications Center Supervisor As for the activities undertaken as part of the C2 Development Roadmap to elevate the competencies of the Control Center operators. The Saudi Aramco Industrial Security Training Center which itself is an internationally accredited center by Pearson and Edexcel has developed accredited line specific training paths for C2I operators. Saudi Aramco also offers its Control Center operators to be certified by wide range of internationally recognized certifications such as the following certification by APCO International. ____________________________________________________________________________________________________________________________________________________________________________________ The Association of Public-Safety Communications Officials (APCO) is an international leader committed to providing complete public safety communications expertise, professional development, technical assistance, advocacy and outreach to benefit our members and the public.

9 C2 HR Development – Towards Operational Excellence
Abroad educational and Internship programs for CC personnel: Portland College – Emergency Communications Program (semester) Microsoft Corporation Global Security Operations Center Washington State Criminal Justice Commission Training Center (9-1-1 Center Call/Dispatch Management) 9-1-1 Center experience in Boston and Seattle. Short Term Technical Assignment Supporting Teams Saudi Aramco also offers Control Center operators abroad educational programs including a semester in Portland collage, microsoft corporate Global Security Operation Center, Washington State Criminal Justice Commission Training Center. And can also have a an internship program for a real 911 center experience in Boston and Seattle so they can return and trasfer “Best Practice” knowledge and skills to their working environment.

10 C2 Procedural Development
Standard Operating Procedures (SOP) Established detailed procedures to handle an incident. Concept of Operations (CONOPS) To integrate SOP’s into a systematic workflow that provide the design basis for the C2 system. First sets of procedures is the Standard Operating Procedures (SOP) which is a written document that provides the operators with pre-defined action plans and procedures depending on the type of incident to guide operations activities during the incident. The activities required to develop an SOP is first to… Define detailed lists for possible scenario of incidents Process map these incidents with their stakeholders Develop Structured response for each all identified variables Validate the process The second step is integrating the SOP’s into a systematic workflow that provides comprehensive management scheme that ensures a coordinated and organized response and recovery to any incidents. These CONOPS provides the design basis for the C2 system’s conceptual design. Third, it is important to have a structured change management plan to assess and address impacts of changes. The assessment shall consider analyzing these impacts, developing implementation plans, rollback plans, risk assessment, lessons learned…and so on so forth. Change Management All changes are administered by a structured Change Management Plan to assess and address impacts of all changes from different prosepectives.

11 C2I C4I Technological Development – Knowledge-Based CC C2I Features
Incident Management System Standalone Communications Standalone Response Management System C2I Incident Management System Standalone Communication System Standalone Response Management System C4I Common Operating Picture (COP) Resource Management System Response Management System Integrated Communications C4I Features Common Operating Picture Integrated Communications Resource management system Response Management System As for technological Development, to distinguish technically between a C2I system and C4I system, a C2I has an incident management system which lists and prioritize all alarm feeds from different physical security systems. It also has a standalone communication systems, and standalone Response Management system based on developed SOP’s. However, a C4I system integrates all security systems into a unified platform, to achieve a Common Operating Picture (COP) providing a global presentation layer of an operating environment that renders maps, video feeds, geospatial data, resources, sensors, and incident/alarm location and response procedures. In addition, the C4I system provisions an integrated voice communications represented in the Common operating picture extensible to all field patrols to be able to manage the resources on the field. Finally, the system is embedded with a response management system based on developed CONOPS to offer a compressive and automated workflow for all events which provides a comprehensive management scheme that ensures a coordinated and organized response and recovery to any incidents.

12 Technological Development – C4I Building Blocks
Discrete Modules Incident Management System, Video Management System, Communication Systems , GIS System Enabling Technology Communication Infrastructure – Cyber protection – Fast Computing Integration Foundation Open Standards-based platform – SOA Architecture The technical building blocks for a C4I system, is first the discrete modules which in in our domain of securing industrial facilities, is composed of the following discrete systems: Physical Security system Communication Systems (Wireless & Wired) Resource management system Response Management System GIS System Other sensors These discrete systems altogether provide a component in the building block of the C4I system. Other buildings blocks Enabling technologies such as Communication infrastructure, Wireless 3G/4G coverage, Cyber protection measures, Fast computing. Third is the integration foundation, availability of the SDK’s and the open standards-based platform implementing communication between mutually interacting applications CONOPS Workflow Automation – SOP Check lists C4I Knowledge-Based Control Center GIS Visualization – Reporting – Event Management

13 Saudi Aramco – ISO’s C2 Improvement Roadmap

14 Thank You

15 C2I Features Incident Management System Standalone Communications
Standalone Response Management System C2 Capability Enabling Tech. Sensors & Discrete Systems C4I Wired Comm. Infra. Fast Copurting Wireless Comm. IMS Resource Management System Response Management System Integrated Comm. System (ICS) C2I Wired Comm. Infra. Fast Commenting VMS IMS Cameras Video analytics Access Control Radio Telephony Sensors Integration Foundation Open Standards-based platform – SOA Architecture CONOPS Workflow Automation – SOP’s ISO supports the concept for interoperability as defined in the Global Information Grid 2.0 (GIG 2.0) Initial Capabilities Document (ICD): “Standards provide effective enterprise direction for data standards, information service standards, acquisition, certification, and enforcement to ensure seamless flow of information between all DOD and mission partner users and systems.” Because cloud computing, as a generic concept, requires data communications for remote data access, ISO cannot accept the risk of depending upon cloud computing concepts for forward deployed personnel.

Download ppt "Saudi Aramco Industrial Security Operation’s C2 Roadmap"

Similar presentations

DoD Logistics Human Capital Strategy (HCS) Executive Overview 1 October 2008.

DoD Logistics Human Capital Strategy (HCS) Executive Overview 1 October 2008.
Life Science Services and Solutions

Life Science Services and Solutions
NEXT GEN QUALITY ASSURANCE FOR PSAP John WyniaMay 7, 2014.

NEXT GEN QUALITY ASSURANCE FOR PSAP John WyniaMay 7, 2014.
BENEFITS OF SUCCESSFUL IT MODERNIZATION

BENEFITS OF SUCCESSFUL IT MODERNIZATION
Applying the SOA RA --------------------- Utah Public Safety ESB Project Utah Department of Technology Services April 10, 2008 Prepared by Robert Woolley.

Applying the SOA RA Utah Public Safety ESB Project Utah Department of Technology Services April 10, 2008 Prepared by Robert Woolley.
Building an Operational Enterprise Architecture and Service Oriented Architecture Best Practices Presented by: Ajay Budhraja Copyright 2006 Ajay Budhraja,

Building an Operational Enterprise Architecture and Service Oriented Architecture Best Practices Presented by: Ajay Budhraja Copyright 2006 Ajay Budhraja,
Security and Personnel

Security and Personnel
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Norfolk and Suffolk Police – the story so far Assistant Chief Constable Charlie Hall Norfolk Constabulary (Collaboration) & Anne Campbell Head of Corporate.

Norfolk and Suffolk Police – the story so far Assistant Chief Constable Charlie Hall Norfolk Constabulary (Collaboration) & Anne Campbell Head of Corporate.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Winning. Monitored. Complete. Solutions Implementation Knowledge.

Winning. Monitored. Complete. Solutions Implementation Knowledge.
Federal Protective Service National Protection and Programs Directorate U.S. Department of Homeland Security 2010 Gary W. Schenkel Director.

Federal Protective Service National Protection and Programs Directorate U.S. Department of Homeland Security 2010 Gary W. Schenkel Director.
Implementing SMS in Civil Aviation: the Canadian Perspective.

Implementing SMS in Civil Aviation: the Canadian Perspective.
© BT PLC 2005 ‘Risk-based’ Approach to Managing Infrastructure a ‘Commercial Prospective’ Malcolm Page BT UK AFCEA Lisbon 2005.

© BT PLC 2005 ‘Risk-based’ Approach to Managing Infrastructure a ‘Commercial Prospective’ Malcolm Page BT UK AFCEA Lisbon 2005.
ISS IT Assessment Framework

ISS IT Assessment Framework
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Human Resource Management and Strategic Human Resource Management

Human Resource Management and Strategic Human Resource Management

Similar presentations

Ads by Google