From CPNI to NPSA
The United Kingdom prioritises the protection of Critical Infrastructure (CI) through the National Security and Investment Act (2016). Previously, the Centre for the Protection of National Infrastructure (CPNI) shouldered this responsibility.
However, in 2023, the National Protective Security Authority (NPSA) was established as part of the Integrated Review Refresh, marking a shift in focus towards a broader range of security threats. This thought piece explores how this change impacts perimeter security for CI, particularly airports and ports, while examining the challenges posed by modern security threats in the United Kingdom in an evolving threat landscape. NPSA is a part of the Security Service, MI5.
Evolution of CI Protection in UK
CPNI played a vital role for more than 15 years since its formation in 2007, offering protective security advice to CI owners and operators. Their primary focus was on terrorism and espionage, reflecting the security landscape of the time. However, the ever-evolving landscape necessitated a more comprehensive approach.
The NPSA builds upon the CPNI’s foundation, retaining core protective security advice functions. However, it expands its remit to encompass a wider range of threats, including:
◾ Cyber Threats: Cyber attacks targeting IT systems and networks of CI.
◾ Insider Threats: Threats posed by individuals with authorized access to CI.
◾ State Actors and Organized Crime: Threats originating from foreign governments and criminal organizations.
Five-Fold Holistic Security Approach
This shift reflects the growing complexity of security challenges faced in the CI space today. Notably, the NPSA emphasizes a holistic security approach, advocating for a layered defence strategy:
◾ Physical Security: Robust perimeter fencing remains a crucial first line of defence.
◾ Technical Security: Implementing access control systems, CCTV and intrusion detection systems.
◾ Cyber Security: Securing IT systems and networks to prevent cyber attacks.
◾ Information Security: Protecting sensitive information from unauthorized access.
◾ People Security: Vetting personnel, raising security awareness and managing insider threats.
Impact on Perimeter Fencing for UK CI
While the core principles of perimeter security remain relevant, the NPSA emphasis necessitates a more nuanced approach to fencing solutions in the UK. Here’s how:
◾ Threat Assessment: The NPSA encourages a thorough threat assessment to identify the specific vulnerabilities of a CI site in accordance with UK security standards. This assessment determines the type and level of fencing required.
◾ UK Security Standards: The NPSA emphasizes compliance with relevant UK security standards for perimeter fencing. These standards may be set by specific government bodies or industry associations.
◾ Integrated Security: Perimeter fencing should be integrated with other security measures such as access control systems, CCTV and intrusion detection. This creates a layered defence that deters and delays potential attackers.
◾ Adaptability: The NPSA encourages adaptable security solutions. With evolving threats, fencing solutions may need to be upgraded or modified to address new challenges.
◾ Emerging Technologies: The NPSA encourages the adoption of emerging technologies like drone detection systems and advanced surveillance cameras to enhance perimeter security in the UK context.
Wars Without Gun Smoke
However, what does this mean for the industry? Let us first look at the changing threat landscape. One of the biggest threats to physical perimeter security in the UK currently is the threat to the supply chain.
In the Fall edition of International Security, Ling S Chen and Miles M Evans stated in “Wars Without Gun Smoke: Global Supply Chains, Power Transitions, and Economic Statecraft” that ‘the spread of global supply chains has provided new economic weapons for great powers waging these conflicts’.
Where there is a want and need for physical perimeter security, it is now becoming more reliant on overseas suppliers to fill this need, with the decline in British manufacturing. As stands currently, there is only one British owned in-house manufacturer of welded mesh fencing systems remaining. Others are now solely reliant on imported finished or semi-finished products from Turkey, China and mainland Europe.
A supply risk exists to these from the sanctions applied to Russia due to its continued conflict in Ukraine, which has seen UK and EU trade sanctions against Russia. The UK and the EU have introduced a ban on the import or purchase of iron and steel products containing iron or steel inputs originating in Russia and processed in other ʻthirdʼ countries.
If projects cannot source finished products due to the impact on the supply chain, then the ability to upgrade and defend against the latest threats in the physical landscape increases. In effect, if you can’t buy the product, you can’t deploy it.
Protecting Against the Future
Looking towards the future, we are seeing the advice that physical security must be upgraded to defend against the latest threats. High profile people and assets, including airports and ports, are now recognized as legitimate targets. Existing systems must be adapted to prevent against the latest threats and surveillance. Projects should be assessed against the following:
◾ Supply chain vulnerability: Global supply chains are crucial battle lines in modern power transitions. Ask yourself, can they support the future needs and wants of CI?
◾ Energy as a weapon: What are the manufacturers doing to remove the threat of energy as a weapon from their manufacturing processes?
◾ Product development: Are manufacturers adapting systems or developing new solutions to defend against the latest threats?
◾ Internet of Things: Are automated physical security systems protected against attacks? Can a cyber attack threaten the overall physical security?
