Writing exclusively for Infologue.com, David Evans, the BSIA’s Director responsible for the Olympics continues his Countdown to the Olympics series with his third article;
“In my first article for Infologue I described how the security planning for the 2012 Games sat within the UK’s Counter Terrorist Strategy, CONTEST, and how industry was recognised as an essential partner in that strategy. In my second article I explained how implementation of CONTEST was being undertaken by Government and encouraged in the private sector, and also explained how this translated into the Olympic arena.
“The International Olympic Committee (IOC) in evaluating bids from potential host countries look at many factors, of which safety and security are of paramount importance. They are not prepared to allow responsibility for this element of the Games to lie solely with the national organising committee for the Games. They demand that the state is the guarantor of safety and security and in London’s case this was determined to be the Home Secretary, on behalf of the Government.
“Safety & Security for the Games can normally be divided into 3 parts:
1. The build;
2. The Organising Committee’s responsibility at venues;
3. The State’s responsibility in the lead-up to and during Games time.
“This has traditionally been further complicated by organising the Olympic and Paralympic Games as entirely separate events. It is easy to view the Paralympic Games as a side-show; a follow-up to the main event. The Paralympic Games is anything but this. Whilst being approximately 40% of the size of the Olympic Games, it is nonetheless second only to the Olympic Games in size in the world as a major event. One of the winning factors in our bid to host the Games was that, for the first time, there would be one organising committee to cover both Games. This has meant that planning for both events is seamless and more effective. It has also given the Paralympic Games a higher status in relation to the Olympic Games. With that increased status comes a higher profile in terms of risk and the planning to mitigate those risks. The Olympic Security Directorate (OSD)strategy for the safety and security of the London Games has recognised this in its Olympic& Paralympic Safety & Security Strategic Risk Assessment (OSSSRA) and the Olympic & Paralympic Safety & Security Strategy (OPSSS). In keeping with the Office for Security and Counter Terrorism’s open and transparent way of working with the country through CONTEST, so has the OSD been open and transparent by publishing summaries of its OSSSRA and OPSSS.
“The Olympic Security Directorate in fashioning its strategy has demonstrated its overall responsibility for safety and security at Games time. This is important in terms of its effect and comparison with planning at previous Games. From an early stage the Olympic Security Directorate has embraced all 3 parts of Olympic Safety & Security – Build (Olympic Delivery Authority), Venues (LOCOG) and State (OSCT, MPS, ACPO and other agencies). Auditing visits by the IOC have commented favourably on how closely integrated all these elements of planning are. Prior to the OSD taking overall responsibility for planning the MPS had already demonstrated their renown professionalism bygetting underway with planning immediately the Gameswere awarded.
“The Olympic and Paralympic Safety and Security Strategic Risk Assessment utilises the same methodology as that used in the National Risk Register and the scope of the OSSSRA is aligned to the OPSSS to ensure that:
It assesses risks that may occur both during the design and build stage and during Games time, acknowledging that the emphasis will be on impacts on safety and security during the period of the Games themselves;
It assesses risks to all Games locations, whether that be the sporting venues or the physical or electronic infrastructure that supports them;
It assesses risks for the purposes of all five objectives in the Strategy: Protect; Prepare; Identify and Disrupt; Command, Control, Plan and Resource; and Engage, and
It only assesses those risks that have a safety and security element to them, not those risks that solely have an impact on the smooth running or continuity of the Games themselves; and
It does not replace existing contingency and safety plans for Games venues or day to day emergency service activity.
The OSSSRA considers threats from five distinct areas, namely:
Serious and organised crime;
Public disorder; and
It breaks each of these down into:
- Attacks on crowded places – Games venues and other organised events e.g. Live Screens;
- Attacks on transport systems – e.g Underground system; and
- Non-conventional attacks – this is attack by non-conventional material: chemical, biological, radiological and nuclear (CBRN).
- Serious and Organised Crime
- Crime – previous experience shows that low-level crime falls at or in the vicinity of Games venues and focus needs to turn to high value assets and athletes at the Olympic Park and Olympic village;
- Organised crime – of particular interest is the likelihood of fraud within the ticketing system;and
- Cyber attack – internet technology will be fundamental to the administration of the Games and attacks are likely against the Olympic website, the electronic infrastructure of the Games and sponsors, cyber enabled ticketing, and attacks on IT, communication and transport.
- Public disorder – the Games provide a global stage on which protestors seek to publicise diverse causes in lawful and unlawful ways and also provides an opportunity for domestic extremists to seek to disrupt preparation and delivery phases.
- Natural events
- Severe weather; and
- Human diseases.
In addition to these threats the OSSSRA considers the impact of risk, malicious and non-malicious, on the Games critical infrastructure.
“The OSSSRA then moves into a risk identification and mitigation process using existing but tailored processes in three phases:
- Phase 1 Identifying the risks:
- Identification – utilising current intelligence assessments. A comprehensive picture of the risks is built and each risk exposed to expert opinion, from government and other agencies and a reasonable ‘worst case scenario’ agreed for subsequent scoring in the next stages.
- Assessment – the agreed reasonable worst case scenarios are assessed for impact and likelihood by relevant experts. A number of assessment criteria are used, dependent on the risk ranging from scientific and statistical data to assessment of capacity and vulnerability of the target. Impact assessments are also undertaken to assess for each scenario, the likely number of fatalities and casualties, damage to property and assets, disruption to services and financial loss. Risk to reputation is also considered.
- Comparison of the risks – once assessed the risks are plotted onto a risk matrix. As all potential threats and hazards are plotted against the same criteria, it is possible to make a comparative assessment as to which pose the greatest risk. Mapping the risks on an ‘Impact/likelihood’ table allows for an ‘at a glance’ comparison with other risks and also enables a pre and post mitigation comparison to be made.
The OSSSRA does not cover all possible risks only those deemed significant enough for inclusion, but all risks are reviewed on a regular basis and their status assessed.
- Phase 2 Mitigating the risks
“Strategic Design Requirements (SDRs) – these are high level statements of requirement needed to mitigate a particular risk. It does this by either reducing the likelihood of it occurring or reducing the impact should it occur. SDRs are similar to Planning Assumptions made in the National Risk Register but add prevention of a risk to preparing and dealing with the consequences. The OSD uses SDRs to create commissions with partner agencies such as the police or UKBA. There are currently 27 such projects under commission. The principles of the OSSSRA and associated SDRs are being used by OSD’s partners and stakeholders in their support of the security and safety strategy.
- Phase 3 Understanding residual risk
- To ensure that commissions deliver and when combined are proportionate the OSD conducts a risk reduction assessment (RRAt).This assessment is designed to ensure that duplication of effort and resource is avoided and that any gaps are identified.
- Following the assessment the OSD is then able to determine the residual risk and this informs Ministers, senior officials and operational commanders so that a decision can be made as to whether or not the level of residual risk is acceptable and if not what more work is needed to be done on mitigation.
The OSSSRA process is managed by the Design Authority Team (DAT) who sit within the OSD and who work closely with the Civil Contingencies Secretariat. Many agencies and subject experts across Government are involved in the input into the OSSSRA keeping it current and having the ability to comment on assessment and vulnerabilities. It is refreshed on a regular basis.
“I hope that this article on risk assessment shows the depth and joined-up nature of the work being undertaken by the OSD. I have certainly found it to be impressive in its scale, content and scope. This work will have, I think, a profound impact on the future co-ordination of security plans and inevitably there will be a beneficial impact on the private sector. In my next article I will report on the Safety and Security Strategy for the Games.”
British Security Industry Association